From patchwork Tue Dec 11 22:42:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724957 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2587918A7 for ; Tue, 11 Dec 2018 22:43:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 174742B341 for ; Tue, 11 Dec 2018 22:43:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0ADDC2B35E; Tue, 11 Dec 2018 22:43:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A6C0B2B50F for ; Tue, 11 Dec 2018 22:43:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726183AbeLKWn1 (ORCPT ); Tue, 11 Dec 2018 17:43:27 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:39397 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726208AbeLKWn0 (ORCPT ); Tue, 11 Dec 2018 17:43:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568205; bh=WT5A35EHIXDk4c6XxSfr7BOxdAICWJo3sRrzhtAFt40=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=WCL6SN0ed/rykvI+CC53zp6lYNEw7acT6UsZ8wv/Ai6R3qB8719/I8rlvAfNtOjTSBz10UGkFVDOjNbPg33brC+4E1PDXTyRf2tGvXSGARbXlwGUKy85KmejGDy0SlrpOUaQChg011yxoDjEr+OFY8jouqOUyS0WIXrBrwV8C8moCA9+9CNM9HsV54z46B0e4E5FCBntc9gXru+il8TRi1XvAxpyhntjej/4pNsmm6OvuKgGb8MW3k8b81moA6bujNtPKLKg1YZOq5u2wRt+eeHbgJOtiPtdi3v5R9PGAwrMUnGtJcPWpUee1Vi73cfUlca4WDc1MNXMmJO5iazFNQ== X-YMail-OSG: 6zt4hPoVM1ljIDxM4Z0xkdmtw0fRx4cgUSfmtnnCOBvLBqd8tXdlRE0nNzMYQFY NwMz_kR5Wxb4PHnepdXiplWkXPJEVld_Bwl3.2D0Dhpwj2WjRQPrmspCvdsnVzlfyCte94wSTXsY 61jlgF9Hi6UACMxQNgafHgrzWYqKNSnqTUw8Ke2Itj6jGEtMbnRmC7yiHAjmcvfs8fgW3a2Jpef8 E1VPusijMjbWa.tm3FOLLAr.xURE6D_rgMcwEBHRedrfV8RGKzfTlRBbjouWNr9lQWCwQAkA9Uwh rdZBB5VeFDVfIh2zkH37VCyobWsn_ke3JwvWyUq_T9JKfSTEIxFa2AlgUI4hUPYnAVP.Xc_Q9dEu 0JpQVV82eI8FA93IGsnkoX9Zzn_7FfuK6S8nXHy9VxM525vjxBQUqqepmNTgE2di7AMNWyGvbRVL 8eBOhhM0937U2DWIFUMNNThNPVI4Vi0W4PrWrfIsYSThGWEeLaAd7NfZXdmqirFyOFjrcArAvjJg SlA48QaC2qQIh4cff9tqd6jsxnUhBFai0vf1BiN8zlEk8zlQq1voyow79xgA5wjUm02POl.NasVV 9aHtRJgIaLTkLGRbGQWUIFRqb2luywe5YrCqmalqeetBl1k674chB.RcTaDH53xWNy1kC5q958JB fiEOsLLORvqO.5ztFCE5fQ2mbJ7ckjhbMOadxISAXQmjv76tCdqXrbdRO6Voqy3KOwjHWv2jDsHZ HKkpQPJJwveqUq63n.FfHtn1qSFZNLLaMSl.UIG0WMGC73T.BrLYtr3oUR9op0EdC1fnxZmGZtt9 1wUFjhZSM01s0L8wNTI9238bmOLKUpBStovPqQ4.xLqMI5qrZoT3SnHJ7qe9mvdT5ybnRbIoJkt_ 3NFjeFx1mjBcsoPlbUn4hwrtUNPax7jhJr2CpWioiF3WuygaypjNyjlt8ssclnnU9fJEiTuRhHXj 9PvrMG3Yg3i31PjmtU2xXQJYnF41MljDMsjlNqWU0JcE1uewYjxvEeHXYEmCUf.z1S3J5Nd57rsT cY4YZa..Bop_aZH6SRb7nOFXmW1rTTkcQS9DfVd..SaKrr_DObc3JRCT17Vb4P6f953mBcwPEpW8 RyISazgIf5OTkpg6pTbh7O9ChWofSfOpnNlr3YvID Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:25 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:25 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Date: Tue, 11 Dec 2018 14:42:37 -0800 Message-Id: <20181211224314.22412-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This adds a flag for the current "major" LSMs to distinguish them when we have a universal method for ordering all LSMs. It's called "legacy" since the distinction of "major" will go away in the blob-sharing world. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 3 +++ security/apparmor/lsm.c | 1 + security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + 5 files changed, 7 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index aaeb7fa24dc4..63c0e102de20 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2039,8 +2039,11 @@ extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); +#define LSM_FLAG_LEGACY_MAJOR BIT(0) + struct lsm_info { const char *name; /* Required. */ + unsigned long flags; /* Optional: flags describing LSM */ int (*init)(void); /* Required. */ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 42446a216f3b..2edd35ca5044 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1728,5 +1728,6 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = apparmor_init, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7ce683259357..56c6f1849c80 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7209,6 +7209,7 @@ void selinux_complete_init(void) all processes and objects when they are created. */ DEFINE_LSM(selinux) = { .name = "selinux", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = selinux_init, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 81fb4c1631e9..3639e55b1f4b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4891,5 +4891,6 @@ static __init int smack_init(void) */ DEFINE_LSM(smack) = { .name = "smack", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = smack_init, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 1b5b5097efd7..09f7af130d3a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -552,5 +552,6 @@ static int __init tomoyo_init(void) DEFINE_LSM(tomoyo) = { .name = "tomoyo", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = tomoyo_init, }; From patchwork Tue Dec 11 22:42:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725191 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B680691E for ; Tue, 11 Dec 2018 22:48:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A912629FE9 for ; Tue, 11 Dec 2018 22:48:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9D9FF2B6AE; Tue, 11 Dec 2018 22:48:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 469E629FE9 for ; Tue, 11 Dec 2018 22:48:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726226AbeLKWsV (ORCPT ); Tue, 11 Dec 2018 17:48:21 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:35310 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726275AbeLKWn1 (ORCPT ); Tue, 11 Dec 2018 17:43:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568206; bh=ieQHIxYO98CPw1EUXfmqp0bOZIm9J19Fh09JZ7LQgB8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=eRQFQuGcyZghqdupBpXYiPgrqB+y2vGEcArRJGqskEbjVg24wOGTR6fW6P2yYuV0oPpjbtmWm+oMPErb+pcVkNWpWwvvf+VcOUTWyuNRvbpdXMzDVLeGWSZZZOU+9+E0rvVp9ma4ZLQZusgE5KmZ3A7cb5MDyQf4kLtE+1uAz1paX/gbO9De7VzD1Cs4zRAcjZgJQ/pdBWH6mDb8IBl2/zsdLejKH7MI91IGEpvTYmYbvWidCP5qnTaFL21mUKGTzkGtJbOspE3KXDOQHQWG2/jDkxt6eLHb64iCto/Tj3Xpb5z6J0nXls6tqZsqJWVHTJ3ssqAwsHviienEQhnC4Q== X-YMail-OSG: ENYqozwVM1lH_QwafVp2OrogqWa4lElzn3.grfBT4mdAEvBn32aHIuTdGOLrBv2 hFSsYX7F6zsb.Qly35jADevDun.jtC17NDkcjO8qFIJlInKgpBY4RwAfpYfoFbYWzSLENuLMIZLO ONxz7dgKik3Iag1A5K_i0aqCvvQvYY_vsW2RcSPWraKT_11Y2VAAq5Sv8SLVK2tqo.o6WVRPwGAe enm5IupFBDLq4j.EQ25udNUN0tt0JRlTXutuY_0Ob8yRBLuVSx9TfbgqaNF9Mc_5cQV5TZscA_dn gCyPF8JgFKM9EN6PDZXykIr5gIyiUpFtqqzIpRFzEDtVhDAy5mIoHJTCx2WmYS4kWtV3sOf0ALqq 0JzVAJKaBEyFixeHbU8aWLeNvEU8QLzAgW3UwbaFJ.50iZL42HL0kNZJbWYgEIkvqwGeBt6KGtB5 JChfxxa21_LXV7AQPHAg_VXzCWdL4iqWpZDZQg7kqkqd3lsMzYlp9yKaXtQzov_RwUiy.F_ewe2v gNKyhGXO6WHrHH0phNT1hJew07LP1_e3R5UueOvEe3c.5tyoWkb3bcIpIt6XYKTTNg8VTK8dXh6Z 9qf7VuFnOUAazDBdSzWakEf10Y5haJuZMXOnGnvgPXWw7QTKAWn1qUEwlFctswdM3rZdNxY8P1G1 ZXRiF3JawYlIhJgB9CNhBVrJJuCdXP3udMkUtCayYYo.wXLaZo5b4xIHdWzhDH_ldIMcrXR3AVGL ikQ4kolJM_H2q2EfzeWO9UO3TF0HT1qxlh7llbf0O862TpVTbz42KnNxiww6Bk8Na6iOXGsgKPuZ Giy9zuyrSkkCk_IArLcEFOqN.QriTCyJ2GE6YFvXXfCkvKCu9vWjUPEUeugDoUYdSgaaozqwiT5e YQLjk_Eto6QO6vn_PQtib.BS.qF4Uyg7q0MdLPHXXR2..APMrvypqhV240wJyIuO38mlH7Kmk_rn nQCu02uUGZrDW897z_E3W5YkpKGOsa6lysDXzriPv9osDd1.6s8OOEeNQbg32STkDuYRQoiwXE1L zGIOL0EKrWbxhs.TNFvSbTTXqBXqXdfiBd8pZ8w5euDSDpzL6vw4d_T6QJb7auJvK.1ZJzhOmZ6X XCqLWkb8Xc6ZKyD12qYcPpV8OOt6.qcWJxF9APdE1I1lOew-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:26 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:26 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 02/38] LSM: Provide separate ordered initialization Date: Tue, 11 Dec 2018 14:42:38 -0800 Message-Id: <20181211224314.22412-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/security/security.c b/security/security.c index 04d173eb93f6..0688dfd57e95 100644 --- a/security/security.c +++ b/security/security.c @@ -52,12 +52,30 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static void __init ordered_lsm_init(void) +{ + struct lsm_info *lsm; + int ret; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) + continue; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + continue; + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); @@ -87,6 +105,9 @@ int __init security_init(void) yama_add_hooks(); loadpin_add_hooks(); + /* Load LSMs in specified order. */ + ordered_lsm_init(); + /* * Load all the remaining security modules. */ From patchwork Tue Dec 11 22:42:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725189 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 771D891E for ; Tue, 11 Dec 2018 22:48:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 687FF29FE9 for ; Tue, 11 Dec 2018 22:48:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5CED12B6AA; Tue, 11 Dec 2018 22:48:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06A9629FE9 for ; Tue, 11 Dec 2018 22:48:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726214AbeLKWsG (ORCPT ); Tue, 11 Dec 2018 17:48:06 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:43862 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726336AbeLKWnb (ORCPT ); Tue, 11 Dec 2018 17:43:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568210; bh=JvRH+2Ag1ZV3gWKymKYx9zUOfLPMULIq3qNH78/+H6A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Nd3+0tmLcQUq8I/hJ3B4D69oTyIuAJc1frE2Z5Fkg0WkGdpOqHn2ydwge0wfNl1wXb2UkPg99QIrVY4MQmopyl2F6rmAUuZNoevb9i7Z9fK1mOQ58NfidHxppsSL1zEohbmLzd1zvsN6jDfOpipsUzuYtmDjRjFBt1GGVoZt3Ylr852fNXw+4rEGGwgWtRRBNbSVqUHJfqtyqinjnw1K+f3nF2LF8O1PXLHAMP75LcEACeRWHmbWk+74l8TJTgD1tZ+C6gDDqmFdzYlJ5sqz1dKMi6W/jXeRScZSkBg1zyBWEnTYGMaAymZCVLNdJqyhAXzm7ja+ndeq/WToqRGXsw== X-YMail-OSG: Ws_x4WEVM1md3a3ZVahzQ.cZKQbFH3vUYvf9a1Es9hPfCmiPSVpISgEtgnxNG9P UzuIn31bU4I8ocS0AyEfm5QECsBfFq_YsTmfd5F34OzJqMMOzHrYD.Ga7GxrHWQgVXTApzJMUaJR xY9eV7I72qkEV9YodXm_j7wiQNvUYbXKrXkaezzCCUMrUtVJYzTBVCq10Cf05K0YtpQhVLIoAaAi JasRTq_GwhE_m4sgZpSaQIOdu5DJYkRhx8QChmOx3laN409eKtofnhR9QFEkEGv0PpDn3Kns0PCE oOYH_eEXahbEXyVj0Xm9Bp7VYN6tB_RA105MZCPHU5Z_hNDr5JoYt6dwG0Ppan0JS7N1VWQIX2yi Rrlinm1nNYZzhOFyg1jIV8AQtCcGsMAGkAVRHM9SBTT0io5Q3wGEFSUm0_mde5KOWAIlvzTKjR.z pc29eQ5.J6Xv7lhGJV9Z9LPMb446tByFHHliDQPC2qbmsd1JzfdRi.3ynkKngJNejgsyYNicKf86 smomV0c0mANqnA6B09Bhcx_Z5YNop9HUKvwDC992iSOVWLgkI_dCPPsx9XZlZajhq8WvV_XjwugH Ppw.HtKd.Wpq3yPjPzem8n0FdaCWITNa7rcarYhTv9WwE2p7W8bubQbzy_4hTsp8Pr8gh95MDg.v dT.I7KSZsT_NKNHgv9ZKMdZVdQ9zRZpqzbJUBOgc0bCFqlKpxa51EcfUoN7Ddc_MbDtwykzh8_Mo 9.g5UpfXsiQKs5TEAg_S5nI_JGBHnyJURIQpo54KmqWxQHjxJ8ggauua55vHc5GjJYk6Ssk6AiIN SIjGjx48YgrrNiJO12ubPcieNUcYhWlCbEEfnzVQHcJnzChYd.EqjnyyXnRVwNnRlQkBymJ50jnA IpQVKLflseeubdSJDdz.FWkFgkQHDsvnHqjBEBY_cGLlYpXxkDKi2DW0dfOSqs0n1z7CvWr2oB32 ULMLoaCjmKi35hkxavT_uAIUcjYFQbn_suTsps7tlgCJhLs0KZqpYThbUHmrzUT.PB5QhTHxkJhs jxJxukexkfqxfN13FBEpYXtBlNBvkbdimNCAOBuSvylZCjBiisHCDuWF_PylD1zpklPVmvaBjF6U Xzz9K68hL03fB6eXJ_bOf0SDyZ1IkWVqI_opaTQdp Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:30 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:26 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 03/38] LSM: Plumb visibility into optional "enabled" state Date: Tue, 11 Dec 2018 14:42:39 -0800 Message-Id: <20181211224314.22412-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook In preparation for lifting the "is this LSM enabled?" logic out of the individual LSMs, pass in any special enabled state tracking (as needed for SELinux, AppArmor, and LoadPin). This should be an "int" to include handling any future cases where "enabled" is exposed via sysctl which has no "bool" type. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 5 +++-- security/selinux/hooks.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 63c0e102de20..4e2e9cdf78c6 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,6 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Required. */ unsigned long flags; /* Optional: flags describing LSM */ + int *enabled; /* Optional: NULL means enabled. */ int (*init)(void); /* Required. */ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 2edd35ca5044..127a540ef63a 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1332,8 +1332,8 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) { @@ -1729,5 +1729,6 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &apparmor_enabled, .init = apparmor_init, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 56c6f1849c80..efc0ac1b5019 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7210,6 +7210,7 @@ void selinux_complete_init(void) DEFINE_LSM(selinux) = { .name = "selinux", .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &selinux_enabled, .init = selinux_init, }; From patchwork Tue Dec 11 22:42:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725175 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3A1CF91E for ; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C5B52B6AE for ; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1D67A2B77F; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7169D2B6AA for ; Tue, 11 Dec 2018 22:47:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726355AbeLKWrx (ORCPT ); Tue, 11 Dec 2018 17:47:53 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:36076 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726343AbeLKWnc (ORCPT ); Tue, 11 Dec 2018 17:43:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568210; bh=bInYQOh6cBsw3E5L/f2WPwm7yV5jdN8/7KmSgERt3k0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=kak8/ksnUUTaJZnNvmHkdRdYVEO2k+7zrcF5ukNIS3p6aWanTudSGtiY6ZKkLQc6yxCd5Z07bZp2VdAOZ7tJrHsbc/+sZrNx/anskMyuffw0mDb7fPwcBwwPD7eFUW3oYBzXWrIWqRNdpiem0tJemUxoxWKleEg04nJNGbgNTObWs1X79uXTWNNnNlXaZrnWL45C4z6Scj0fdA6KaLoBPcGDRIOCdo5LGuQVWKZKPiwX4P0jDQ0oKC/WVw4TpDDmUT7N6WONvm+PG8li3Ff+1N1ZT6GB7fzKNuOx3xwo21ES9rAUDNgenBKKyV8qyiIezx+srr0vIzjnDM10vCLkig== X-YMail-OSG: xyeZGBIVM1kFu99u_7Dmt6tu1KMy09I2rWrhhL2TRFdj_okx5nca.JI2OpKSQGE QZJN_slpZWdZitfVbWxLvw9YCMvCKY8YFteQtDC7dlPZ0xKG70iBjGt56aAfoNdmWpmpDJJe8v1H RW2h.JbfCHj.GhupnrOxx0Yz9svIjsCueVsoT_QJdvZ.16FSI1LIWhZTUnOKlSC6snh.XBoGGBnH _kZzHfcleYr5iCS.ces9juXneMrIIk2tott1IIa_ClNYfLZ3r4MVKs.Pom6Wstp1oT6e3Ey1ad2_ pZyBcAszD1W5.rdk2IIMiG_brTQNF7LFXxpFyofp0Nyp47pVUrUW8DK6MNcZ84XFjcj6k7jJESr2 hsHuDS4RiKjKm8Z20VnGzVgXFCq1GVcdEQe5iFaicIX4w.u7jgtALLAYxG593ebAARnShmz1XgbG smtAlRs99aAVN2Hdhh_z6vAZNVQP.RxWND2onCYajsvgLvggPkRkGbgJak_ZY0pJ5_nlHsN06JwS MtSFijh6fqmvoBwLooBykkKcjty0OEZuxd1.3SY9pRtgKQFdnxVchn9cAz9GxpPq2J5srUUUro8l 5h7UWHWordtM_1PMNn9QtF9AT704EkDORybAHMuMjMNmsfRtnYR5dj_Lt40U0qU_VieUfHMMz6Ml KVUg6Ivccmf69n7q0DOOEm1G.dQjlOZsf_VFk2Im3.VjnGRoCrKU_xAGERI2avGlaS2WuUs0ei1G FI3e5xuSqHkb16ynrTe4Q2kTXkevmN_gxVRW8CvQ7YsUu9uAz73RSd01kzACbR1hjWis4pyRblGA e_o5emFLX7ZR9Yyzf9Biof7j2D4.Gk34AK7vw7XmUge5qLH6qcqVf7A5Py1607E8zc8eaVue_8IK WtidyKU046BCDXsyvDbtvRRPCFy6kGZX.O7c6wdCqMjD8Chg5abQDqwkFOW__BhhMjPWIsV7ugHB P1hIdRXaRhBDq8bmem2c0D4diMlL1UjyPFhtQWVelyJLn67vLiUUB.n3k.kFkZfrxGkadjETQb9u FiX2ytyN0gsvJt.FS8I0histKVCW7fasp3RzB75Xlx43wmlf.bod5FQfquBi2_q3KPeAwBLnT23p FvwGH4nI0nwioFfh0vY_mV7R7Cw_fJscchBnAixRU Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:30 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:27 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 04/38] LSM: Lift LSM selection out of individual LSMs Date: Tue, 11 Dec 2018 14:42:40 -0800 Message-Id: <20181211224314.22412-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook As a prerequisite to adjusting LSM selection logic in the future, this moves the selection logic up out of the individual major LSMs, making their init functions only run when actually enabled. This considers all LSMs enabled by default unless they specified an external "enable" variable. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 1 - security/apparmor/lsm.c | 6 --- security/security.c | 102 +++++++++++++++++++++++++++++++-------------- security/selinux/hooks.c | 10 ----- security/smack/smack_lsm.c | 3 -- security/tomoyo/tomoyo.c | 2 - 6 files changed, 71 insertions(+), 53 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 4e2e9cdf78c6..dabd2761acfc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2085,7 +2085,6 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); #ifdef CONFIG_SECURITY_YAMA extern void __init yama_add_hooks(void); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 127a540ef63a..d840c1ef3e4d 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1662,12 +1662,6 @@ static int __init apparmor_init(void) { int error; - if (!apparmor_enabled || !security_module_enable("apparmor")) { - aa_info_message("AppArmor disabled by boot time parameter"); - apparmor_enabled = false; - return 0; - } - aa_secids_init(); error = aa_setup_dfa_engine(); diff --git a/security/security.c b/security/security.c index 0688dfd57e95..7562da854b62 100644 --- a/security/security.c +++ b/security/security.c @@ -52,33 +52,96 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static bool __init is_enabled(struct lsm_info *lsm) +{ + if (!lsm->enabled || *lsm->enabled) + return true; + + return false; +} + +/* Mark an LSM's enabled flag. */ +static int lsm_enabled_true __initdata = 1; +static int lsm_enabled_false __initdata = 0; +static void __init set_enabled(struct lsm_info *lsm, bool enabled) +{ + /* + * When an LSM hasn't configured an enable variable, we can use + * a hard-coded location for storing the default enabled state. + */ + if (!lsm->enabled) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + else + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_true) { + if (!enabled) + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_false) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + } else { + *lsm->enabled = enabled; + } +} + +/* Is an LSM allowed to be initialized? */ +static bool __init lsm_allowed(struct lsm_info *lsm) +{ + /* Skip if the LSM is disabled. */ + if (!is_enabled(lsm)) + return false; + + /* Skip major-specific checks if not a major LSM. */ + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + return true; + + /* Disabled if this LSM isn't the chosen one. */ + if (strcmp(lsm->name, chosen_lsm) != 0) + return false; + + return true; +} + +/* Check if LSM should be initialized. */ +static void __init maybe_initialize_lsm(struct lsm_info *lsm) +{ + int enabled = lsm_allowed(lsm); + + /* Record enablement (to handle any following exclusive LSMs). */ + set_enabled(lsm, enabled); + + /* If selected, initialize the LSM. */ + if (enabled) { + int ret; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init ordered_lsm_init(void) { struct lsm_info *lsm; - int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) continue; - init_debug("initializing %s\n", lsm->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + maybe_initialize_lsm(lsm); } } static void __init major_lsm_init(void) { struct lsm_info *lsm; - int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) continue; - init_debug("initializing %s\n", lsm->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + maybe_initialize_lsm(lsm); } } @@ -168,29 +231,6 @@ static int lsm_append(char *new, char **result) return 0; } -/** - * security_module_enable - Load given security module on boot ? - * @module: the name of the module - * - * Each LSM must pass this method before registering its own operations - * to avoid security registration races. This method may also be used - * to check if your LSM is currently loaded during kernel initialization. - * - * Returns: - * - * true if: - * - * - The passed LSM is the one chosen by user at boot time, - * - or the passed LSM is configured as the default and the user did not - * choose an alternate LSM at boot time. - * - * Otherwise, return false. - */ -int __init security_module_enable(const char *module) -{ - return !strcmp(module, chosen_lsm); -} - /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index efc0ac1b5019..b81239a09dbb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7138,16 +7138,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { static __init int selinux_init(void) { - if (!security_module_enable("selinux")) { - selinux_enabled = 0; - return 0; - } - - if (!selinux_enabled) { - pr_info("SELinux: Disabled at boot.\n"); - return 0; - } - pr_info("SELinux: Initializing.\n"); memset(&selinux_state, 0, sizeof(selinux_state)); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3639e55b1f4b..56a114c1d750 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4841,9 +4841,6 @@ static __init int smack_init(void) struct cred *cred; struct task_smack *tsp; - if (!security_module_enable("smack")) - return 0; - smack_inode_cache = KMEM_CACHE(inode_smack, 0); if (!smack_inode_cache) return -ENOMEM; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 09f7af130d3a..a46f6bc1e97c 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -540,8 +540,6 @@ static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); - if (!security_module_enable("tomoyo")) - return 0; /* register ourselves with the security framework */ security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); printk(KERN_INFO "TOMOYO Linux initialized\n"); From patchwork Tue Dec 11 22:42:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725163 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B80AD18A7 for ; Tue, 11 Dec 2018 22:47:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A92B729FE9 for ; Tue, 11 Dec 2018 22:47:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9D8532B6AA; Tue, 11 Dec 2018 22:47:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 381592B5FB for ; Tue, 11 Dec 2018 22:47:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726208AbeLKWru (ORCPT ); Tue, 11 Dec 2018 17:47:50 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:34707 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726347AbeLKWnc (ORCPT ); Tue, 11 Dec 2018 17:43:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568211; bh=3G/0Iu5/iSQ8/k2ikHUQ1H+/0emXlDEGaLq/9ZDn1eo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=l7UlgiZ6KPYII1fymTwmFTGgGMC7kFZxWMMUViZ60ztHO83H/nONs41FtmL+IxMUKJDgeODwKyOPGsmwVYITDm4U7xf5qX02V19EJi4jaCxK1rGqQBXVplq9dZ8C+Q8IFRd87Z8daEbuaw4Q2DAOGLcw3uqdZgyzylEzaa9vRb1akPLCILCoyGHP9aXvGC9v6gco090Lo/SgaUsK0dWgLsGEjledQV4kEt8ue0YeYPyVfuvRzKZtIoz3TX0L2xU4hwKmC+trnv9ebolRbpIabMa1Ju6rLuX2cwX6XDHfjR4C2ZJLtzVey1/UEJYcPQG/eulm9Q1R8hBSj7LFQvauWA== X-YMail-OSG: u1EvFLUVM1kG4N4MjNjMNDe6y8fVT7w022tnlnsrQUGUhLtEqM3mWu7RK44tc8N JI86Mh2FxH.NcCi9hjxXuIOyZ6iCFfj1yJVnbBwTl0K7VKyYc1GArWu9eOhGwsDo.VXVoV3P.dEn riSr2qrU2Zxu6ZGg.RrsBq_IgljxIEdpMHAqNWUr9xPT3_36YxjrW7KT1CmNjn6mYt3yIJ2XJxtO KFmrdF3vzPbiZztwwK1ah8axjpOMa_XBFPokwnVJD5fse.hc9BfoXQi6DFwc8wX1GJYNgO1iCMjH XHvFwp8rfZ4kovmEP6rJlgiXCcRbCoN.nE2Df4dXYj0F1Qgo5CghNU_XdcHlEqVhBHpUWhQXWz36 04KSRIYQiMdgD7fTSuzUbupirQtiLz_SGjGoQvTmq2uzMxVW1gIZKTjPGJF_8KmuQBSsO22SteKy uvyonlQhdrR.QCeYWksi36DLQSzPzRE.6DJdp_VjYDmdJPC7FCTU40dwc.nz21tYbdT4s87kt9fB 9m1khgLs0EDO5T6XURx2sNwa5lsKHgRIDMgiIr4CWv_jvqiD_VOpqI9G0AxW96U52b7VCoIIvp9k KpsFrmd9wZs171rD4YksiP7rvr6bONrD4zPCa3qbnk6daMfZZWMsWBKKw0ACQDzkA2XRflPByyAE k68UsblOvo1hSXEu41.9ywOV.3__b2on0MrCOa58A_w0hT4BN.Mqc_7Z9Ym8o1YdZqn1KpXa6k7V GjzuMgIEgFm1lshybZ5I3Dqa9QNMhSUyO8mPcja6EVtJfQyEOQ2TPqp5helIULaLoTXCgckC4h9x pB5_BBkuCv.qXlhwA9eDrYpekAIhuKHrEFS3H8dIt70E6LtMMqId4B9LAXzTFchudomIZF1vVwrq Wb6qLtqiFOACoi.mDYEOcC5CFEoWFMaUgfTY2QR2M3fsub6T015O3Qmu4YFtXGE4q1aEse9iG_xH R57XSelvxVA7gXExStoLxTBcr2Jc..iSWQfTiVeHHLOXCt7k_RVkTmNpClkEgdNskQjU.7aFDj9L GbUwK20YuyKx7GgwjbPy_QKgdzJ5dZPneN5cRvY5k_zv7LCVtxNtKhi3ry8k5RvJcEXlWDLCylgg g_z4CnUoH6b1FQgxtjPv9IH8fkWO2KWqF Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:31 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:28 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 05/38] LSM: Build ordered list of LSMs to initialize Date: Tue, 11 Dec 2018 14:42:41 -0800 Message-Id: <20181211224314.22412-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This constructs an ordered list of LSMs to initialize, using a hard-coded list of only "integrity": minor LSMs continue to have direct hook calls, and major LSMs continue to initialize separately. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/security/security.c b/security/security.c index 7562da854b62..4c193aba4531 100644 --- a/security/security.c +++ b/security/security.c @@ -37,6 +37,9 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 +/* How many LSMs were built into the kernel? */ +#define LSM_COUNT (__end_lsm_info - __start_lsm_info) + struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); @@ -45,6 +48,9 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +/* Ordered list of LSMs to initialize. */ +static __initdata struct lsm_info **ordered_lsms; + static __initdata bool debug; #define init_debug(...) \ do { \ @@ -85,6 +91,34 @@ static void __init set_enabled(struct lsm_info *lsm, bool enabled) } } +/* Is an LSM already listed in the ordered LSMs list? */ +static bool __init exists_ordered_lsm(struct lsm_info *lsm) +{ + struct lsm_info **check; + + for (check = ordered_lsms; *check; check++) + if (*check == lsm) + return true; + + return false; +} + +/* Append an LSM to the list of ordered LSMs to initialize. */ +static int last_lsm __initdata; +static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) +{ + /* Ignore duplicate selections. */ + if (exists_ordered_lsm(lsm)) + return; + + if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) + return; + + ordered_lsms[last_lsm++] = lsm; + init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, + is_enabled(lsm) ? "en" : "dis"); +} + /* Is an LSM allowed to be initialized? */ static bool __init lsm_allowed(struct lsm_info *lsm) { @@ -121,18 +155,32 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) } } -static void __init ordered_lsm_init(void) +/* Populate ordered LSMs list from single LSM name. */ +static void __init ordered_lsm_parse(const char *order, const char *origin) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) - continue; - - maybe_initialize_lsm(lsm); + if (strcmp(lsm->name, order) == 0) + append_ordered_lsm(lsm, origin); } } +static void __init ordered_lsm_init(void) +{ + struct lsm_info **lsm; + + ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), + GFP_KERNEL); + + ordered_lsm_parse("integrity", "builtin"); + + for (lsm = ordered_lsms; *lsm; lsm++) + maybe_initialize_lsm(*lsm); + + kfree(ordered_lsms); +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; From patchwork Tue Dec 11 22:42:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725177 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4122018A7 for ; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 351B72B771 for ; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1F20A2B6AA; Tue, 11 Dec 2018 22:48:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A684B2B6AE for ; Tue, 11 Dec 2018 22:47:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726337AbeLKWrx (ORCPT ); Tue, 11 Dec 2018 17:47:53 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:39730 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726355AbeLKWnc (ORCPT ); Tue, 11 Dec 2018 17:43:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568211; bh=ZlWCjSOSrH+yq5U3bHRSbrGC5WLOGr1E5Vzq7vDN9ik=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=M866abYQIiko6ni5d+dQ/xnG0V97dR9JzJYmRq3FeP4vbfjrTg4ywdz7cnaKEeX15b/qs+sE1+QI/wloKObj1Uhw9VoFIZBS4f8n65UNjSmBGAHhruivU7FVCj8Dj7hbwpqmsNYAflvjYPntQVkPvlFD6g5Y7qjFXGgW76rLPBuMbTq3OWeRgUxUA5kORTst2IQpcQtZr2j1B7knIUJkILJyN/YV9XT+I20WWNtIyh4H+SDVabIE90UE6e93znT17V/YmKCexPZUpXKoByKsPFMtW31d0PFBCfmgRGwOAwGMtrJGjjCUcPXmRXC+BQyTwG1TPoxPsPA9t4Kf0t/qiw== X-YMail-OSG: 7c.3x0AVM1nte80y3kWjrFYohqGJGvE6xCAcyyJ44Dxr4zLxR6jCeblaWeEF0my 5pF77c6hZ2YcZFQqOOlP3E3GiXDqwoVEo5x6GEcDMMgOtWvB6ZpeV7NAzlt5jCr7hjzrpxE.nJxJ 7QIzizwVKnYKZBc1n9tjJnSEo7ikhoX5cNNSvfi5EujmGR5tBYKusJTdNAYMPpx7d5wxkveCY5wv BZaE2TovjYLyeSdZJyjsAnL4aM0Xed7w6qLfj.FgZsEN0MxylLKkZXldZ.7n2ai6qb.4RG2BE3vB XUmxaI3O2uAiTJnx_umEIalwUJzZqLYEarHS3C1HiRSokhCfvqauIZILYNIiW02.P0LSUuj_qY1T Z6IsHchiy.RA_zE.JlSANOpReET7.sUZRqFXJxIfutvsjcohvRgoiPTHKe72U33D22.O.0UBr.vG sq.Qa4MxKgg9ILiSAs5qxleXlzD_xUZ2lJvFH4ntrewPKJkhmBhSHFv2yPjm4sXKI3MuA1UssZPh zrrh_Fws4xeQCciCYta1FqWIKUs2OfYSMlv.nrAQTBXCWzGGkiRNaPiSovzLQ6uGgEf4uWbQMbhk nRor3wn7BWj6GGnjDIAPxhcYmSAg47JIbtgOEFZXhrwqBfKsGs5ivEqxUOXp7Mz9yjKFU1Q_VgZ7 vll5tnsVTY.rx0NBZZ__xzt17UZjXQniA76dFpDR9NW3QmDMEEkSnSshgWZj5mq4sowH4wRALlki .vEOLVZC_.jqpWYxgy6rJ2JEoWoGyAK.VJDgETTfXLo.IPpuJeNYI1TEUyWuCs9tfEp4yQaJ4qF2 jP9VtT.TM3hlw.eqbW8AwI941yAZXWeP6hSlDqgyRtIPcffPW9NLnVX4zbkhVkIHWSPCB6dj9SM6 .bVpJARULSSRbHs5kwtV4gTNNh6T29U_tAOFu4AIWCFm8QbsEj37Ol64EwjzWZrXdL23xB1jspeZ 02amgqgByK7.KkG61GZbO8EVFsw_XEgtkYw._2YYv76Bpmv9clbV8FXjrvxcDxaE.jb6Gp7mmL84 .VcFMADwZOmwvCxmBuqWeIUpyYf3RUcNZMTUMwqw79rcYLsqBEOwiQywxiP0DBUExvkyR27oLwnD TNNi.1.utYm.vBajU6838FahR5Wgbh3RStb_lLg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:31 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:29 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 06/38] LSM: Introduce CONFIG_LSM Date: Tue, 11 Dec 2018 14:42:42 -0800 Message-Id: <20181211224314.22412-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This provides a way to declare LSM initialization order via the new CONFIG_LSM. Currently only non-major LSMs are recognized. This will be expanded in future patches. Signed-off-by: Kees Cook --- security/Kconfig | 9 +++++++++ security/security.c | 27 ++++++++++++++++++++++----- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index d9aa521b5206..7de42bbacc28 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -276,5 +276,14 @@ config DEFAULT_SECURITY default "apparmor" if DEFAULT_SECURITY_APPARMOR default "" if DEFAULT_SECURITY_DAC +config LSM + string "Ordered list of enabled LSMs" + default "integrity" + help + A comma-separated list of LSMs, in initialization order. + Any LSMs left off this list will be ignored. + + If unsure, leave this as the default. + endmenu diff --git a/security/security.c b/security/security.c index 4c193aba4531..96e0b7d057b0 100644 --- a/security/security.c +++ b/security/security.c @@ -48,6 +48,8 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initconst const char * const builtin_lsm_order = CONFIG_LSM; + /* Ordered list of LSMs to initialize. */ static __initdata struct lsm_info **ordered_lsms; @@ -155,15 +157,30 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) } } -/* Populate ordered LSMs list from single LSM name. */ +/* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { struct lsm_info *lsm; + char *sep, *name, *next; + + sep = kstrdup(order, GFP_KERNEL); + next = sep; + /* Walk the list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + bool found = false; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && + strcmp(lsm->name, name) == 0) { + append_ordered_lsm(lsm, origin); + found = true; + } + } - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, order) == 0) - append_ordered_lsm(lsm, origin); + if (!found) + init_debug("%s ignored: %s\n", origin, name); } + kfree(sep); } static void __init ordered_lsm_init(void) @@ -173,7 +190,7 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - ordered_lsm_parse("integrity", "builtin"); + ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) maybe_initialize_lsm(*lsm); From patchwork Tue Dec 11 22:42:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725169 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 90A6A91E for ; Tue, 11 Dec 2018 22:47:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 819B329FE9 for ; Tue, 11 Dec 2018 22:47:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 761AD2B5FB; Tue, 11 Dec 2018 22:47:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 172042B756 for ; Tue, 11 Dec 2018 22:47:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726278AbeLKWnc (ORCPT ); Tue, 11 Dec 2018 17:43:32 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:40846 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726346AbeLKWnb (ORCPT ); Tue, 11 Dec 2018 17:43:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568210; bh=wFIQYZ3HEnVEK848nF65xZO1MyZAz7Uo0oMwuViToQY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=qUnb0x5LDFV/elBxUF6Mijy9MyaAmQayyJSU1/gtwU9U8TVnIJynCvp3buk89bfEwbFQRiAHQG8I2Bs2GJPdrvoFDy7gdmSePpL/9q8Nm6YF089u8dzYV7KW555ZYsfpzvOZmUKqQYNTooNEHMSwBXcsT1iYACUH43z7ZVZDmiz5SU3MtBjwEDlY4joqEOKso9Wlat2tIsRElcFQYwsE2RQSH3dtjLdlw7bzI9OLATJlW8CVZd9Joo459GzL8c3QZ8MbEm3mxP1bmAfwPXn75YFMZq2k5YFW3eXc+M8ec9kA2Txm75Xdm4fLyLPTVhkPLBZbqhKy1e2CQEV9lNpapg== X-YMail-OSG: 9MVgeJkVM1nOQgjXi9JM_WPV.FbgXAwgESQR65NWGUdaEUUz.uuKvvmyRbzKE6A 5AssK2h7XnynZy2hCQFL8GJjfuZkL2_YAUQ.j6qrP6SiN.n2I7TRH3JZCvAPeAiezMwxFn2br1d2 WvxmWLjRwNecFe2aJAwmk89D7zXakgqxYwpwEch5M9dDXPRl627hvS0weQGW5Anr.2SiV_yAu6fQ yjQ1KQ.THxDOqhEqQGFxPWz1aATinwdZOKaUq5CKBBghAILTewPTd8U2ypCmOCX7zMySoY.vIHPY TA5SxYHP_oBPFTKPTongpDhZrnGf4592i6XQ6BaTSHcYKu2BcBE.Ezpyl2X94Qp..b5vcvzVWIIK I2AFz6CU__eQNaeXUA4yRxSadGTwbnea1rBcLev._NZvNlmUqDgJGvNj8i6se37ttEugnvrnsdCG 0N8UJhs7irFqrjuXD.M8IOSGFDjD1qlmDSLZM7DtjT2oMfE1n3Nx97zbNfKGnOgIc75FsPpXSeVr B3Vcgi8H.MvOMREj._alDgOJy8yOPfyxJAabZY8SukKx5vUODEuL4Hlxq.TY3hkNR8WJ0vTQAYGE SbMVWhRnCkc1xWjeYJ3e1CdXw6Cw128isdJQU9vZAuYZ7_C7TQEo3VKzip23ISRFke3g9gj.YkIN 9mopSzGYjnA1MqUAUsXw16OP1OjvZeJrFmgwdT1ZALtibfVh4SJLNtxNaN9OQCGZLqpvEp7gr08T 8iQKkm.cWyU.LYVEUBHFOuPLtm21QSF8ablNbI4sMtUVM_Pb6sOKCCsq5yxXqoduuQCBD09M74Tq hNYYH44F5tXF6evNtw6O2b9CMuvxYBKGosjKro7PqRWNk3TztbPrXeLhe0qHqRDjvWNb3DhUoK2Y 4JeF5STMuFON3ituO11Hqceq2VKcB6tb3U43N6h3ULdkDwX.In_sMl_z4bBeC4JmxmJyX_4qFq.L YZcu0HN5oIjv8_AUBo9B_ZVmhBXcx7Wwn5D2WaGHs5eIhIdzQuKSr4Au.84ZnyJpnLO2CQYOy5I6 hA2GrwUybnaAP_jv40Pbq4IJsZRqvqzMwm4q8jkgwE60MnRzvLfrVt4OwiCSgH8lX95hsSo11kbc n5U7TST5efqOlNrqgu22OZgTiPAawuzeoB.8- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:30 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:30 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 07/38] LSM: Introduce "lsm=" for boottime LSM selection Date: Tue, 11 Dec 2018 14:42:43 -0800 Message-Id: <20181211224314.22412-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs. Signed-off-by: Kees Cook --- Documentation/admin-guide/kernel-parameters.txt | 4 ++++ security/Kconfig | 3 ++- security/security.c | 14 +++++++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 81d1d5a74728..ea33bcbaecb2 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2302,6 +2302,10 @@ lsm.debug [SECURITY] Enable LSM initialization debugging output. + lsm=lsm1,...,lsmN + [SECURITY] Choose order of LSM initialization. This + overrides CONFIG_LSM. + machvec= [IA-64] Force the use of a particular machine-vector (machvec) in a generic kernel. Example: machvec=hpzx1_swiotlb diff --git a/security/Kconfig b/security/Kconfig index 7de42bbacc28..41aa0be6142f 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -281,7 +281,8 @@ config LSM default "integrity" help A comma-separated list of LSMs, in initialization order. - Any LSMs left off this list will be ignored. + Any LSMs left off this list will be ignored. This can be + controlled at boot with the "lsm=" parameter. If unsure, leave this as the default. diff --git a/security/security.c b/security/security.c index 96e0b7d057b0..38fc436e8b4b 100644 --- a/security/security.c +++ b/security/security.c @@ -47,6 +47,7 @@ char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initdata const char *chosen_lsm_order; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; @@ -190,7 +191,10 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - ordered_lsm_parse(builtin_lsm_order, "builtin"); + if (chosen_lsm_order) + ordered_lsm_parse(chosen_lsm_order, "cmdline"); + else + ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) maybe_initialize_lsm(*lsm); @@ -252,6 +256,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Explicitly choose LSM initialization order. */ +static int __init choose_lsm_order(char *str) +{ + chosen_lsm_order = str; + return 1; +} +__setup("lsm=", choose_lsm_order); + /* Enable LSM order debugging. */ static int __init enable_debug(char *str) { From patchwork Tue Dec 11 22:42:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725145 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4E20591E for ; Tue, 11 Dec 2018 22:47:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3FF6F29FE9 for ; Tue, 11 Dec 2018 22:47:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 344AE2B6AA; Tue, 11 Dec 2018 22:47:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A4E92B341 for ; Tue, 11 Dec 2018 22:47:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726409AbeLKWnh (ORCPT ); Tue, 11 Dec 2018 17:43:37 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:42818 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726395AbeLKWnh (ORCPT ); Tue, 11 Dec 2018 17:43:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568216; bh=FyXN+RPGRSY7iHAtehf0GPLHsDlIKRVAkJnwc7UagKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=FW7/aqREgtWpRcAbu0X9r+55vVRIFULAq79X77ufaUFDD98yW4voTjYz14Cjff8uwt2vUpcvuaum6EwiE9DKz/4gK/WvjnX+iuc2O6eukC9zqrtGHjOilzKKHDFpZ++fJw5XYe5MfHuTHkOORt5/BJwG6U7fcR2ZyHV4X7w/UVFG+6/MqF1XkCLW1IjBalEb0FeRm1LiXH33gLQBJF7lvdXX+QDWuUHKgYgxtyhKr41LoyuDM8/Z+ZPiHQKlw0mdk+OFUA5VygG9N5+u5ms/zuXtvB1uqtmyVL0DqiglL2GOAuOHk8lRfYBxs3bZGyUhDy0AIlNmStCUg+Vcsba3Ww== X-YMail-OSG: kKLgvY8VM1mjA16c0p7x7S2r51ZNEuM8.Tdp8FUIqH70NPy8AQ4ZHpD4Qf56I3e ZFgdJMZ1HBFj7RpEzDa.SdVbgdCX..iVbtzmbsq5qrm71MDvirzcuuv1LPSpjFK5HMcvF9nCLo69 Jqj1LJdnaWj69vG67xIqFuvsDb7qOH84p0TwG_KhDZldUou1PY4TZCbQlR1Zm6pyPQrfVTBbxdUT V0BFbyIoGPNqh3U3QliDpc2YJPJn6UVtO4JUL_DY2IXHtiK9goUkVDyCdJ00kOhZbbFykovfjm1x KgSLQIeYTYBDPelHlNp1ntBKcCoRjPPbez79XEtdjz9hDlaPetQx5xeIz701BGGeOd3uCbKKtbY7 HuIlQIFqhXYPXIlPQP9hXgmXxvGGS_2sy7O_KQf19nGZp9GRE2FgTbhk.lPOUx72IElMF8PeIuwV bmbf2N43O1qKLm9YGLSpSTfsIFiuJ_WG4obgNnfe.3e.9nzdnyTkm0zHQuCEB69sEYIUfOIOu5sp GYp2dcxbzHfiYETOdgT.Ekt.d4xQVjyc8k15W50Uf3p3k.4Dq6NoQXzdnuahFJL2pYzd14NCCf7z O5uQwotTYlSmX_Ynkp7CctaHjaXnizea9hGuSeIhq6DME_bV0Xb3QTBvGVAxvxqrTZEs6dnEer6t pipoT8bD4dZAVkTeWNX0DglTlxsKKfRgrcP.rOjd4LDChce82YEzYA1YZkRAgF5QdE1GiYP9D4fc .Zdjxc7AWzhYaBAdFBAFIDGzpY.Duq6YWpjcCBbscKXWHA15723RkPZpFz7qAzFRS0NOK8aQHKlG 8Io3WGtzzKzAILStDZaL2Ont9GqV8gWHBwqdormaW224YFdvJDLcRmyWNB8dOuziJ2N5r9j3a.Iv buIPUzGYnhLdQnfedqFVhYcyQhghadMm9kw_h1fZMBPlzFqN_pF438MGwjC5SP3.BIcckXkr62c5 wCD3tNhC7oBs8WahjI1JvfrZ4OEp2WTvXwpmysiEDGiH9JqfmFcUUPKmlVhIxyk5f7NMPwSm8ow8 AVkO6brwww5ynsJDuUITCK6rUx5W44VgKiY3pLXHkKVXnwsrdiQYeHgVTZcyyHkxT8Y34SZJPZjP _CJJZGNZWNwSnfUi8D8kRHkYsQdJ90bVsERHMGg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:36 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:31 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 08/38] LSM: Tie enabling logic to presence in ordered list Date: Tue, 11 Dec 2018 14:42:44 -0800 Message-Id: <20181211224314.22412-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook Until now, any LSM without an enable storage variable was considered enabled. This inverts the logic and sets defaults to true only if the LSM gets added to the ordered initialization list. (And an exception continues for the major LSMs until they are integrated into the ordered initialization in a later patch.) Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 2 +- security/security.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index dabd2761acfc..272791fdd26e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,7 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Required. */ unsigned long flags; /* Optional: flags describing LSM */ - int *enabled; /* Optional: NULL means enabled. */ + int *enabled; /* Optional: controlled by CONFIG_LSM */ int (*init)(void); /* Required. */ }; diff --git a/security/security.c b/security/security.c index 38fc436e8b4b..ea760d625af6 100644 --- a/security/security.c +++ b/security/security.c @@ -63,10 +63,10 @@ static __initdata bool debug; static bool __init is_enabled(struct lsm_info *lsm) { - if (!lsm->enabled || *lsm->enabled) - return true; + if (!lsm->enabled) + return false; - return false; + return *lsm->enabled; } /* Mark an LSM's enabled flag. */ @@ -117,7 +117,11 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) return; + /* Enable this LSM, if it is not already set. */ + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; ordered_lsms[last_lsm++] = lsm; + init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, is_enabled(lsm) ? "en" : "dis"); } @@ -210,6 +214,10 @@ static void __init major_lsm_init(void) if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) continue; + /* Enable this LSM, if it is not already set. */ + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; + maybe_initialize_lsm(lsm); } } From patchwork Tue Dec 11 22:42:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725151 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C53CD1869 for ; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B4AD92B6AA for ; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A8C1D2B5FB; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 192622B6AE for ; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726426AbeLKWrl (ORCPT ); Tue, 11 Dec 2018 17:47:41 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:37035 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726382AbeLKWng (ORCPT ); Tue, 11 Dec 2018 17:43:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568215; bh=s3bZKV11sZggNmL9RhvMLR7DbZb+NtVw3kVGbBewWPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=XCOxahJb9WcE7eeyaQetdB9FrvZOlI6zuesGUDsIRbGK8fYewE/PrCYO5zlKkxxs48DVHMsKyjyDFZaxAlaA5DRJ+LQhXPfaqKyArgOCn9o/1KzoEoFBDkyWDzCHHNwpt8B93RZ2QS9/svD1iAv5LXwhJiCif7lHYP6ahlCT+YMqY+OGfviECH48LJ9+C+oq2I3+OH1X4g1yOtrNwG9RR/5pPXb/QWW2PT5CGGE5Iy914gtkWjujlvO8v1TwM3+zzxaYVBuf4MqE7WYho581QAhc/nxkpmNcWpvcC38LMYBoqlVObKTPEdcw6lmgmBqHWujnskA+A7kj61ulP1DfoQ== X-YMail-OSG: Z5DXUWIVM1mQvgEES8C0a6yzaFqkbtdD_81wagclgPtfwrD.Dc9WHrn6a_.wu56 aMgeCCyalDnYH4jQrkZrFsEhm5AD.Lgns7GY7LoqXThp_ZPUGZoETK3zQuQSvg2tDlWUHowhaGcU 85Gafpn7MHeWRyh6SLI3X1z3ox1WknPJBY6r1UsFE92Rp2J0RvnMmEKK1R7vwTck8CbH_AgMj0rm dHLjCfL3heRBMALdRV61jwMSSyiaMTvhi69sttvxsoo5sk1nOytrjrNyRhCz508cOq8OEjiQDao3 PcCjMSSSD7Dwrz4Ybo5tu0C6hXPjvhUt2OcAgckEmDFMZvh3Dl8Omj7l_VtjL0mefe68jRKOjd1H 9wd8b1DZNG02xEU2gDm0dGXjABk72dr.wAYRwtV_GUE1VkKG29W4GZ.hil59N8hQx8_nUJC4WaxI CucVitDt1Q8LHOi02gZaAaGEhwGr3HlTuO9t0Q9NeBWfP_g7OSErq3Rp0ygdTyhBf5zCwRk._.CV ZeeBvhp.S45EI2llmsyfXNiHYIxjSJI9ci7eKPPXU3sok8harW9EbRmIOUITwysUVT_WfkS82Hu_ 7c407MqllaMGxAjvxZCi7N7NaAoT1ffUEInQfamX7zkbNJ6pjFWkoeZecoMfP_It5lYDPxwWOgaN _TCfEKCJ9Sj.hkQP6OvSqqldWeU_SFueS8k_yOTXsIOx6GCKyvE.uTgc.1_eO1lbcxDa0EpeWFW8 bmXQSJm1ZLHnplATWFrzcVWSteptnZvXzsbFpBF5GpSdX8L6of_9QJXwgNMFsTXP0a6extml3AmW 23usUolHMGrMOyzB9608P.cRPWM7AewEhJ1yM_8ndiQ_SBmJOAiBuGq7p9TpNPDUjl5TFYh9iZ21 Bw9_JZlX79x49JFfWXhbw8Feojt5NM7SOdMW55MtMDvaINequEnMy3IGVPo2hM54B6LVovIgJUFc T6U4H.QOroveteblcKT4xSu9nlLFniLKto7A2X8im.az7AlXH9zTNSUe49d2s5pi3YzECIz9xl6E JjXttIEXHyZXX6doSYQSu_6aaOcBzQ5D1aLiBL.hN3.evKY2qccCT_JBAipWUid20Pwubw9hMzEw 1UCKBssHoCpoVP14GphtuOkBfU.yiDwY6PgAgCg229Si6uRJnwaA- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:35 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID db48327a3d58729724c38eee90dbab73; Tue, 11 Dec 2018 22:43:32 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 09/38] LSM: Prepare for reorganizing "security=" logic Date: Tue, 11 Dec 2018 14:42:45 -0800 Message-Id: <20181211224314.22412-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This moves the string handling for "security=" boot parameter into a stored pointer instead of a string duplicate. This will allow easier handling of the string when switching logic to use the coming enable/disable infrastructure. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/security/security.c b/security/security.c index ea760d625af6..f4a7b7d52d71 100644 --- a/security/security.c +++ b/security/security.c @@ -34,9 +34,6 @@ #define MAX_LSM_EVM_XATTR 2 -/* Maximum number of letters for an LSM name string */ -#define SECURITY_NAME_MAX 10 - /* How many LSMs were built into the kernel? */ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) @@ -45,9 +42,8 @@ static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); char *lsm_names; /* Boot-time LSM user choice */ -static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = - CONFIG_DEFAULT_SECURITY; static __initdata const char *chosen_lsm_order; +static __initdata const char *chosen_major_lsm; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; @@ -138,7 +134,7 @@ static bool __init lsm_allowed(struct lsm_info *lsm) return true; /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_lsm) != 0) + if (strcmp(lsm->name, chosen_major_lsm) != 0) return false; return true; @@ -168,6 +164,9 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) struct lsm_info *lsm; char *sep, *name, *next; + if (!chosen_major_lsm) + chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + sep = kstrdup(order, GFP_KERNEL); next = sep; /* Walk the list, looking for matching LSMs. */ @@ -257,12 +256,12 @@ int __init security_init(void) } /* Save user chosen LSM */ -static int __init choose_lsm(char *str) +static int __init choose_major_lsm(char *str) { - strncpy(chosen_lsm, str, SECURITY_NAME_MAX); + chosen_major_lsm = str; return 1; } -__setup("security=", choose_lsm); +__setup("security=", choose_major_lsm); /* Explicitly choose LSM initialization order. */ static int __init choose_lsm_order(char *str) From patchwork Tue Dec 11 22:42:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1E57F1869 for ; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FE0F29FE9 for ; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03E4F2B6AA; Tue, 11 Dec 2018 22:47:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA54D29FE9 for ; Tue, 11 Dec 2018 22:47:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726394AbeLKWrl (ORCPT ); Tue, 11 Dec 2018 17:47:41 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:44840 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726390AbeLKWng (ORCPT ); Tue, 11 Dec 2018 17:43:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568215; bh=Ee+OIrtC52fs0hnnYhQRoVR6eH14n59kkCRb0pJ9B+w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=czdQvtVFBndqUoQavuhhLfwMSFH2McPQ9lS7r4lVmOE4+MCzJJSp526HYhSwYYdc6UNIacWc90cxdn0IkALAnwgZIvPtxA2UkH78m/RG+gdtz0lzTxxZ2+VzyWj9nT+BRqdGihv/vtLbJBEZ9KWjkVqskDuprg2uyRBpl/KKGTxc5N5v55WeQ7JMsYrX6bMDVmJWXqM4k/ww97tpsPj16CBeLUGr8QgBdr/GI3s27PuUE/FQS8BrkDAzpnXyKMQp564TI8YBbNOaoTyKUFc8znFlUeN1usHXaKJoteSqHEo2hamaUT9APjzmwfWySiROE2PkZx7lwM9+j8gQLpZ3Xg== X-YMail-OSG: Z5.381wVM1l9z1GANV51bbD.jpR3mAIBgfGfJdFlP_3NnxNuF1Z6MDNn2UfS8Ta 50Ryu2SFVJ4F4ScwXLlUGZ8JkJ_vw263AuW4uprnRjdrAFp5tnjk4huT_gHq_ThPe32.x6D10qBl 5Bq4fYvFyDKfAvMPcpdPOz6Y7HZqAFoT7qW35T8tJI_CcbV8h.sP2uSY4SzJwRo5MjIYcANy5b1Y mxaYjSBcTVGDXJESDfxCkxmG01CRuJD_Dq8jEET2asS6uzHZGvZ037RIok0XVm9Kt_Pp43LfDqI0 7t7f6LZkVwUPaajPuRKDGPRI_yFPqq50luAr4rNTubesjCVovVJxbZKML0YmkdEGS3BLHuJTm1uc eJtL05pjSAf6v1SVPUc0RhTpmfUNErnFWx4hWv_EGOJGspL12Hw71F92qmsR94eSYs62hkNVnMFN oQsTa5_ZQCyFzLuGxVOojZc.rnjEt9yySWDIpdWEVLWzvEeSlaZxJKxEm6mVkTnnaEn1gmfqMLT6 xs5uMH7TXO8bZOiDD_xHiAcJP.RBAAhAiG6IdCCYSJCMCJV7QA4ja_XubPc2uvabCOOqkfx70314 SF5OHFL6BcqRpmvBow89xM7FugPIIRTTs4p4h0wtmL0Y6M6NjAWgyQ5hhu84SfLk8HVV5cBAq_g_ _jjjVyqPJyTzGOS1ubdU3zc0Qm.dwRI5YJMO5BsXFUzZ16TYNdgYfomdf3BxNX0LzSzhffeUpkNI 7l3hwMAW3GnEhWALx28kBDxBn25ZR_KwpFOFglrEgHA1of7mJr3guh5IExWa4mnsQaOIhFY.AsO9 fBVMxi5TPr_4jB0MoxNoZMn1bLNys19fXoH.zb0PoaTYFWwgoRq4FmP.XIPwjyAOXCmXSzpK8OMa PiPak3RvNjfIH6nxI._juoZ5pUCSc339tSajYisQUICvi4MP8NXsAbS3k.RwBbg_Wr2L3BBCWL1B 9MBXnqkVlNmrUiCwajpSidt1ME69krxheoYAV8wBpIWP5VI6NbG2O8KatilQzgO5wO6u_Ie6DZBR YtYsAs_u0Ty94XhzwGCtcBLeo1hqVbi1oHlBoTCUA6PCpwa8.MYvu9APzHMW1aIxy8jj66ztDwr7 bo3FjQKzcTW6uLGaTGEH.wIZY0Vx0nEUbg.Y3YXk2.Xk- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:35 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:34 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 10/38] LSM: Refactor "security=" in terms of enable/disable Date: Tue, 11 Dec 2018 14:42:46 -0800 Message-Id: <20181211224314.22412-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index f4a7b7d52d71..a7889885585e 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -164,8 +156,28 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) struct lsm_info *lsm; char *sep, *name, *next; + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } sep = kstrdup(order, GFP_KERNEL); next = sep; From patchwork Tue Dec 11 22:42:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725123 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 80FEB18A7 for ; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73CC029FE9 for ; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 661DB2B77F; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC76C2B341 for ; Tue, 11 Dec 2018 22:47:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726427AbeLKWnm (ORCPT ); Tue, 11 Dec 2018 17:43:42 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:38759 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726432AbeLKWnl (ORCPT ); Tue, 11 Dec 2018 17:43:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568220; bh=a++z2bUg74Xtmo8a+aMA0NUOSVK7svmlbVVJIsC9OCg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=DwEGluDT77Omo+R6s/jjW4wD/FSRBNAWD9giQ4ZkVsURZdaqjOQYWwex/oxohw61ZnVd67m8/qTQHz5QdwLVdVUiy8UeaaOJyd1xQ69Tga9gCxF2cypWwFeUrHAnaFTXS4/IJfvxAcBUkoRqApaP4exSS0bPt9Lp2qYnFmj+XByPR1YVbOV9WnvabvMK2uepdK3lAF/17wDwYbu/HwC26SCiMBcwDWDpJsj556P5JvwI/sX2xHvOu+le3eelw6lrEoAZWw7DOt7mcZjQf9fR5JrV7VCsfyL5Wk4LMbB3w6Jbm6CgnhlLqNa8oaI3YOSMFA00oaF1wii7LPYF7CrFBQ== X-YMail-OSG: .cfjY9QVM1kdj7XDqF8gYjCvTdRL_BB4SG3ip0BrPkZDlwL3F3dwvGoMySs8_0c fNNG7VkW_DIMO6_xmaNkOwwDJsDgXgiL5IIxH5WUd9SRGaXBTwEtG2W7yEWZcvbr7dkAV_WFQ1jH m7VhR.htBkM8eoBHGOi8nrRt1hJvztqEnRTmlfrv0avr_zgSddf0_yKiIFhPyTcnSnEcGdF3b2BC Ojwo_X4Q45Pl5IjIqtAYYXttiI52ad.GIDAiRuQT2VlZLkYKNcKfYPGP1w3sdbpBODx2S0lkTbTa NqjiEe_wsaEfVQYIcDEGJ5WxisYsO_O5D90vXFZBWspAGsSSYaxdluBX20pG1cDPIMHxQvQipd6C TQ.T_bp5NldHqgCWOe2su29fbe2SVWUqOBFOqcbAIlCkl2JrNqSzBsVj2oi5MdVnLQbTMSiIrqsg jWjPDHRmPEEJHlDZjxXYcxv3dcNv4oV4jKMkTY5JRUvRaQeM6Ldw2Nd7r7CTi4BVSqc8efsbA24. qpheWWbDiimM7pXtMUhaUleHfSdYDwp99dyczi6ZllYOqkyVfqKStP6F8oyLPgdGF.pua5dEmG2r IU71rpRNeWpJ00WZvutsJ85b5roq8nYjSbYjxcI0eLgs2zx487_148VP4NQ9wkRJ56r158WfnQ31 i4axlw8ehykQKh3kz4Uc8rkjJXX0l1.jk.vzr95NUyqFGAkFUgFcmOretXdvF8UXzWuDDu_7IKqP 6Cz3JzJ2k_jHGI.brIG5ti4WG5iVGzn.2WXfTAA67gwlOFx7XS0ucE_McWedllAIMvP953LHUdB3 baRnwVShF0HlyvibazAUFWTBsGjgyhD5h4vAsmX7leyklWLBgaV8U__rtIRbtFb7se7sKStCF73g OugWk7FLQjKKmBHL9EMWD8GI.8lj8gtJbzJQUtXqRLFYr5jh55jOkJQIISOyi4Y9Xyg8vNO8NAhg nh6TR7chlpvPmluaMgFnXsGx5XnPDuMUJHpHU3ezMKawUVBpI5_L3MCaw3XRfgI87FtC_3Ubpcjn MzJC4j4BvGTqKqJ5nfI4RHuypBMxeK6VfJy9Gv46BmFycBtOnZkJ.tTI4nV8CMOxZ9u7xjNxnkMf J7lDduow9n4ahlyktamvrEKilpLCMFd2rf1LQpynRBUU- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:40 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:35 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 11/38] LSM: Separate idea of "major" LSM from "exclusive" LSM Date: Tue, 11 Dec 2018 14:42:47 -0800 Message-Id: <20181211224314.22412-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 2 +- security/security.c | 12 ++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 6 files changed, 17 insertions(+), 4 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 272791fdd26e..7d04a0c32011 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2040,6 +2040,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); #define LSM_FLAG_LEGACY_MAJOR BIT(0) +#define LSM_FLAG_EXCLUSIVE BIT(1) struct lsm_info { const char *name; /* Required. */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index d840c1ef3e4d..37dafab649b1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1722,7 +1722,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &apparmor_enabled, .init = apparmor_init, }; diff --git a/security/security.c b/security/security.c index a7889885585e..0009ef6c83fa 100644 --- a/security/security.c +++ b/security/security.c @@ -49,6 +49,7 @@ static __initconst const char * const builtin_lsm_order = CONFIG_LSM; /* Ordered list of LSMs to initialize. */ static __initdata struct lsm_info **ordered_lsms; +static __initdata struct lsm_info *exclusive; static __initdata bool debug; #define init_debug(...) \ @@ -129,6 +130,12 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; + /* Not allowed if another exclusive LSM already initialized. */ + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { + init_debug("exclusive disabled: %s\n", lsm->name); + return false; + } + return true; } @@ -144,6 +151,11 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) if (enabled) { int ret; + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { + exclusive = lsm; + init_debug("exclusive chosen: %s\n", lsm->name); + } + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b81239a09dbb..3687599d9d16 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7199,7 +7199,7 @@ void selinux_complete_init(void) all processes and objects when they are created. */ DEFINE_LSM(selinux) = { .name = "selinux", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &selinux_enabled, .init = selinux_init, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 56a114c1d750..849426ac6a6c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4888,6 +4888,6 @@ static __init int smack_init(void) */ DEFINE_LSM(smack) = { .name = "smack", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .init = smack_init, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index a46f6bc1e97c..daff7d7897ad 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -550,6 +550,6 @@ static int __init tomoyo_init(void) DEFINE_LSM(tomoyo) = { .name = "tomoyo", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .init = tomoyo_init, }; From patchwork Tue Dec 11 22:42:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725125 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A8A6E91E for ; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 944EA29FE9 for ; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 883CA2B341; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19BE22B6AA for ; Tue, 11 Dec 2018 22:47:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726455AbeLKWnm (ORCPT ); Tue, 11 Dec 2018 17:43:42 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:43583 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726427AbeLKWnl (ORCPT ); Tue, 11 Dec 2018 17:43:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568220; bh=4hwChtAwttRCpgqq8AqfChSxmv0QZcRu2QJKKXrAwIA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=glhjHjo976eP0Oexs/4TJVl02MqDYbeDweS4LVwn1YOF8UHetfazBcD5vQROhnoK0Y5yx7cWbxNvYKCTbJ+YlCCLw+ISzX0sVcQKwe0Jtdny44d0uIVPDkCnSHK11GZoVFzQEaQtDwQt9XQ+RHo/Ul2r0oADd9+naq3KoZofXfbL/MR6aGXpYl1FpImsOUitlqdZv2sXdeyc66dwQzKV+4k2Ecv64KxZqhrXhQCjXXZ5z07r/89r+s+gsl5ksb4Z2WOkIw4p8QjCioRd0jwbzGAU+CMCB931X7AqlIsoU2W4M6p2tSrLC4uBEwzNgPsp4rVB1Q2LnSXFUiPv9pbMyg== X-YMail-OSG: 8M.vqnsVM1mwZqd3mYAwTrAjXYNin4XtXIKd3C_vJ0lAYkLY1sqcRB.fb_G3hS6 o530P5Dxuwb9DE2n4510CKvwF5Si_PDK2tl5S1B5inC95pNgLn3KJ7kXqUq.uc8AIohUDfcDiO7y yePVKY4mAI_C20uBdcwy5OYFntzRMG2Rj10gXBQ1NFhsKMKodluB7jDyM5u5Ao4668B6K4hVr0FS ygQe41N3XNImftxLYBCxB5faIbWqH6UFtgQTvMe4e26w9F9X0uNLRpXBn4OXXbPHLI4tEkJt.ZV6 _B5n.umm8rcxfUIicxO.Ru56oZdgdYT1b5KMAJ230ZA5Qj0pAX4uMLZSwzAO..hHmqPtfgovAB9p wyL2FEOXxP0HDeFDFo8VvAak2orqrGlaHJ9p6ZuVJBUINf1BHQVCY_Dpe81qY52zKIou98nvub6s .fxIxsNB4BEnSE4A7tkCo.sSkt_YitYW7v3rsOc3PYGqSGeOOCJ2kt4pxGJKD_eIV4Ft70yRZLpY VjjnjttC.F3yOduRggI4qEMbFOTkiTxsj1oGDzLhx1rnzB.BfkY3SO1OGkbVi8cYxeUTy1Lk1Pp2 _3_vSfZRXYXs6oSMasDQSdvKK8Gm4BSoKWiAT1OOjvgGRCU3kbpwAuvNIYPJbJ8oyV78q1TZSkvn Iz7iaSh5sxXwTub8n_MBOQll_KV21uqRw9RscJU5h9gimLcW1IP_A4MaD5CNUaUdaBejROXMH9XX uWY2S8iQcCIewwRE92ceCqS.FOG1_UukQYXfoD.digiZXJ1e3yOXbS1Br4DrQBOKzzJi6JfBrEAs LPcrCNnQpgrheI61_yM24z6tTuGGCCym.XaPw_3pMie36Kl.DRC8J3xMPKtf8ru4po5_bV5pooFo iV15UDNOcIVzGt8mzhDybnA2ue7Cpink_qYWPlILh3gL9pGoHEYQi.m7kMpZxUmprr9lJWg6wlET ceJg_V1SOzcl4wLypcWEM1bLDJY.0Nv5IOFOfCTN0_WDqnQNOdfoUQai5ChaZwGlQlTxe_do2AgW n1_6aKybczalc4XIPGP0dEnFngmuzIJHiYT4f6TCWGYnZKtrBFmePOp5KvsG0L1UnPU0s4t7FyFl z9BU2UEsmIZFRErdMiR1UWNhRIyYtZ.6Ch4SuNA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:40 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:36 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 12/38] apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE Date: Tue, 11 Dec 2018 14:42:48 -0800 Message-Id: <20181211224314.22412-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the soon-to-be redundant SECURITY_APPARMOR_BOOTPARAM_VALUE. Since explicit ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or not, this CONFIG will become effectively ignored, so remove it. However, in order to stay backward-compatible with "security=apparmor", the enable variable defaults to true. Signed-off-by: Kees Cook --- security/apparmor/Kconfig | 16 ---------------- security/apparmor/lsm.c | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index b6b68a7750ce..3de21f46c82a 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -14,22 +14,6 @@ config SECURITY_APPARMOR If you are unsure how to answer this question, answer N. -config SECURITY_APPARMOR_BOOTPARAM_VALUE - int "AppArmor boot parameter default value" - depends on SECURITY_APPARMOR - range 0 1 - default 1 - help - This option sets the default value for the kernel parameter - 'apparmor', which allows AppArmor to be enabled or disabled - at boot. If this option is set to 0 (zero), the AppArmor - kernel parameter will default to 0, disabling AppArmor at - boot. If this option is set to 1 (one), the AppArmor - kernel parameter will default to 1, enabling AppArmor at - boot. - - If you are unsure how to answer this question, answer 1. - config SECURITY_APPARMOR_HASH bool "Enable introspection of sha1 hashes for loaded profiles" depends on SECURITY_APPARMOR diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 37dafab649b1..e8b40008d58c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1332,7 +1332,7 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +static int apparmor_enabled __lsm_ro_after_init = 1; module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) From patchwork Tue Dec 11 22:42:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725117 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AD1F11869 for ; Tue, 11 Dec 2018 22:47:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9CE7129FE9 for ; Tue, 11 Dec 2018 22:47:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 910292B6AA; Tue, 11 Dec 2018 22:47:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 366B429FE9 for ; Tue, 11 Dec 2018 22:47:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726459AbeLKWnm (ORCPT ); Tue, 11 Dec 2018 17:43:42 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:40507 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726438AbeLKWnm (ORCPT ); Tue, 11 Dec 2018 17:43:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568221; bh=nX5WCNeB8OL6sK73++PHBplL0xdzgmOCeH2n6KH/tEc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=talstdGDTIzNpdb/6kj6dvbvBT0bG7yEUVMolB6O4CCsrysysN/ZzZsEb3jjPi2SZQ+kqzwD9p3GHtPA3CjeNaNcyYld8HLa6OT78MOkxXsgOUnQ2YqMKVfzd3jYNB7CWVitYre51QBzptQhL2JYbYBDdw+6OykmZT1gIRIiI/LlOtM73Yw76G27AACkT88wbybGOEdPL2kZy3NsRrfxeEajiattGQ3l4OiAGt+cwHfgHl++MSNDP8yGMXu3Wr+MsJBzMw/DLq8EFvDL8X2KtBDvbb5I0UGkwUUYF3E0j3G+9/XxB0Yb/4CVylz5ryU3qWQ2wlyIEFS+1sjf9y01tw== X-YMail-OSG: X34MAtYVM1mw0hTnuj1CSbNj3v1TQk54TZVx2uZeIF8zUAhPREgzLiqfTIjkFKh qq4AxUjhBdJCs24G3za8pbm6aTQMPYuI6rW3_NpeHyA9vdZbwUP81sQgPjgZyl.ln_jBwNVc6WLZ 3Ehh85vVYqsBF27WBw6LBtZlB8yerjmbFHx0r7b4q7_ORX2HZpcyb.kn0LN3uZ0fKu8UmpnTOWN6 gtazAmI_lA.sMOTprwzUVpLf5sKFZD0lBVH5IcDFKDF4PgNzOV1BNa_kXV4uQvpQELpr_9viCgSz d9SZsZSftCJ1IzCAyxs8MtsWKX8bfpHvbnwcdj_pe_4LUzNwdzcl7QqdpgO2tyznBpmBKo85niSr gwlA2mFKEHjdpo8BAX3XtKIL8U91LRe.cFc1bW7U8O7za6no9Svr1CwJ0myStp4K97tmYVtIGHrl nPYWxLDg.F8b2jlK.UHn9.DlIfh3g4w3T0gKmcXSh610IrB2YizCJSRvT1D6FwOyyLPCoDU2E4kG PfXYgXMnVOa_9i27dMA_HeZk8qcWdtGZpLGs1yiyAkkAC5Z4cPrtpK0oErBmYiACupBUq_GQi8eI Wstu6klGItMvc2NQWmveXGwCUU_iWyzUbk3cP30hU7EH5wXUIErb.GCC4eUcIE0_KWfdJQlmRs_n M4UNW3ujiZvlzlPePd8jvKDMtn1U2hoH7AVCDQVXijyRQfVs8VusvyllWd4z3jFzw09DZxXCm.1K nON8j559audz6c7.gpnCL00ZKsMhAl8ezfEQipkwd2SydhdXcYDh.K5M9NMYWBGvJ7R0HyPbBPB5 fIiYM9N5IOVGgmK8YUibS5LD0eicPCQJA2XJERbrgJBkwBouq5MZD1Yu1whSWaMd2hdduWcxirZR 5N72rqa8er8PDtOk59_bAOJiub2UIZNcr5WRyD2Aw58YgnZxzdi8b0E8YIGMeF78mBHePlhFjjkZ rFLfJeiYNZu9IdEyzHeiz9oYgy2YNkwsyy9t5vVoZ_Bd.KzqWjh_MotpHKC2PH0jvfxS.bW95z1K .mYMnQZVWVWFHqKeESsoYffPLSV_EU6DlY_xhhl2g.RMCTLz7VeDPQhlmEdXmmIq_S.roAZyUJ9z bnCpayFcksTJ9d7LIEV0NBYEH5SxWuUBpewBwTsP26rM- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:41 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:37 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 13/38] selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE Date: Tue, 11 Dec 2018 14:42:49 -0800 Message-Id: <20181211224314.22412-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the soon-to-be redundant SECURITY_SELINUX_BOOTPARAM_VALUE. Since explicit ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or not, this CONFIG will become effectively ignored, so remove it. However, in order to stay backward-compatible with "security=selinux", the enable variable defaults to true. Signed-off-by: Kees Cook --- security/selinux/Kconfig | 15 --------------- security/selinux/hooks.c | 5 +---- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 8af7a690eb40..55f032f1fc2d 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -22,21 +22,6 @@ config SECURITY_SELINUX_BOOTPARAM If you are unsure how to answer this question, answer N. -config SECURITY_SELINUX_BOOTPARAM_VALUE - int "NSA SELinux boot parameter default value" - depends on SECURITY_SELINUX_BOOTPARAM - range 0 1 - default 1 - help - This option sets the default value for the kernel parameter - 'selinux', which allows SELinux to be disabled at boot. If this - option is set to 0 (zero), the SELinux kernel parameter will - default to 0, disabling SELinux at bootup. If this option is - set to 1 (one), the SELinux kernel parameter will default to 1, - enabling SELinux at bootup. - - If you are unsure how to answer this question, answer 1. - config SECURITY_SELINUX_DISABLE bool "NSA SELinux runtime disable" depends on SECURITY_SELINUX diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3687599d9d16..edd5b8dd3e56 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -120,9 +120,8 @@ __setup("enforcing=", enforcing_setup); #define selinux_enforcing_boot 1 #endif +int selinux_enabled __lsm_ro_after_init = 1; #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM -int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; - static int __init selinux_enabled_setup(char *str) { unsigned long enabled; @@ -131,8 +130,6 @@ static int __init selinux_enabled_setup(char *str) return 1; } __setup("selinux=", selinux_enabled_setup); -#else -int selinux_enabled = 1; #endif static unsigned int selinux_checkreqprot_boot = From patchwork Tue Dec 11 22:42:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725115 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 249321869 for ; Tue, 11 Dec 2018 22:47:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1635429FE9 for ; Tue, 11 Dec 2018 22:47:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0A2242B6AA; Tue, 11 Dec 2018 22:47:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A907C29FE9 for ; Tue, 11 Dec 2018 22:47:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726471AbeLKWnn (ORCPT ); Tue, 11 Dec 2018 17:43:43 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:39343 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726442AbeLKWnn (ORCPT ); Tue, 11 Dec 2018 17:43:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568221; bh=aA9ToBwx7EdAqaJKoH0MpMTFJSSXKnw022+5umTtX5A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=NUplNcUt0iSDUQJ+zLEcBS2pij4wOKa5CT/OcVcpXOQYrANDY4cICSenmAYYJeXUuqzHVWu2lfCKTNCyevCm/CEp2ipPCAdYCVZfir/Sh/w8oyu86KdYXqXz1qmcVvGh0Bh2IpcW4aLjnl40ocgfAS1TrJ5wEw/w44r+N8VADtHgWkUsPriJS4MZVMs66LAL6v9FyMie/a4RwthINZS2zWEM5alrwVQq763CyraB5RNYcXEvROlyMUQ3Lyfj1NQLZn39/LDcLt2T1U2dltPxI+tiErqDYBP3g1TD72BvBcxXTT1ElHPpkR3ld3ggmDtctGjrLx9vOzjBrL7clBRhrQ== X-YMail-OSG: X3ciU5kVM1mNKklmhmnKECfTg1deBrlrXd.Wk8h2mnXCVK5_0F_mvmiI5wDIRMQ 5XtC72LqWVYM8h39ZVpyxa7XYSmDn0whh5iXBxL.CFZPXTz9O0KSsKiESsH87HoAmoNpeizW.3px J_YnmVGRHidOf2Iknt8SqxjxsgdBVoVCYySvwXGHnlKekFutkBE3AAL7ecyHx1pwVfE1P4EcVfFX qvs.WhKG14ej3pTB0F0gija_WoLL_b_T66GFv1XwZ3GTH6SkdpCtmo9QRZG_kmAgl1HO9UA4v6as fh6efRu6pUt0RsqLroYT8ft7E7OFVXWZULakq3E8lC0fbOEtm2__xmhdhwvLyedHf5ylhXcdWuYx 1_dQLz0sH_UV4Iw4h8S9yoxE8I1M6a2uc6eZ5_mTwntctVa8yra80mu3ivDr7g5TKySdKwGDtdKv Ko4SMOT2mpKM8TqXwRsERj4MPmHftg45v9l2r1RKFBjhAM3eQxvUYI.p.sz4Wa0tou2PKbmNOlsF m0hdbb4Cshw6buCHaYQB1ESvmv81hYX3po.H0LbjjJmbFpneil7YB07xELL3mWmrJORLo8VHH0tB WtYPUXtDaLVCuiNNptwtjqjFA2nsaylfVbv_CmZkSTfK9y1Mz4812_IdjYS_iKic0mwNTyQXBP7r uC4sdPlwIfM1Mvzlr6bOcUPLzfxKn2vflGKQ7Ffhar3bote7qvArQU_gOsz4CWudqXBeAWWeeEE1 gMJlCekWIlkd1leY9mlK6mzYYzUNTNrQM.idOKsKyXrW2Wpwk8Ndu6t5ZfZIWaLJlAXydQhDUq4n QocCpbzw_5BZ4hD8wiyWuo8GidcNhOUzxYAMzPpXpRFkEPSdUmXtnyWl0l5PLhHqs9fLUjQQMwpx bitgHrqZWH21OulpgkP8lOzeCGUfmZJSY3NTQb_nAkO3A2xN7jb8EWhA437G3o6xsrmfeHp3e3YV m6oVDodAztKTqdLLGOVAOe.nVrp9GX1T6NF9.LU2Ekh.sGyIW9m6AyrRTdwhhlyQ85YfvkFK.BW_ OjMidZCEYG9.VHlt.NrgBSM42Y3Fzadpk3QuNWs6D.P27jiB9DiP4WvKoJeWb4_7Ic0yMWh6aSkc u.ghBEvYTq7Mzmtpb3gHmEjFw6DKIfIcKYmogA.zVcoU- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:41 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:38 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 14/38] LSM: Add all exclusive LSMs to ordered initialization Date: Tue, 11 Dec 2018 14:42:50 -0800 Message-Id: <20181211224314.22412-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This removes CONFIG_DEFAULT_SECURITY in favor of the explicit ordering offered by CONFIG_LSM and adds all the exclusive LSMs to the ordered LSM initialization. The old meaning of CONFIG_DEFAULT_SECURITY is now captured by which exclusive LSM is listed first in the LSM order. All LSMs not added to the ordered list are explicitly disabled. Signed-off-by: Kees Cook Signed-off-by: Casey Schaufler --- security/security.c | 45 ++++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/security/security.c b/security/security.c index 0009ef6c83fa..df71b54c1ba4 100644 --- a/security/security.c +++ b/security/security.c @@ -169,8 +169,6 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) char *sep, *name, *next; /* Process "security=", if given. */ - if (!chosen_major_lsm) - chosen_major_lsm = CONFIG_DEFAULT_SECURITY; if (chosen_major_lsm) { struct lsm_info *major; @@ -198,8 +196,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) bool found = false; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && - strcmp(lsm->name, name) == 0) { + if (strcmp(lsm->name, name) == 0) { append_ordered_lsm(lsm, origin); found = true; } @@ -208,6 +205,25 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) if (!found) init_debug("%s ignored: %s\n", origin, name); } + + /* Process "security=", if given. */ + if (chosen_major_lsm) { + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (exists_ordered_lsm(lsm)) + continue; + if (strcmp(lsm->name, chosen_major_lsm) == 0) + append_ordered_lsm(lsm, "security="); + } + } + + /* Disable all LSMs not in the ordered list. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (exists_ordered_lsm(lsm)) + continue; + set_enabled(lsm, false); + init_debug("%s disabled: %s\n", origin, lsm->name); + } + kfree(sep); } @@ -229,22 +245,6 @@ static void __init ordered_lsm_init(void) kfree(ordered_lsms); } -static void __init major_lsm_init(void) -{ - struct lsm_info *lsm; - - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - continue; - - /* Enable this LSM, if it is not already set. */ - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; - - maybe_initialize_lsm(lsm); - } -} - /** * security_init - initializes the security framework * @@ -271,11 +271,6 @@ int __init security_init(void) /* Load LSMs in specified order. */ ordered_lsm_init(); - /* - * Load all the remaining security modules. - */ - major_lsm_init(); - return 0; } From patchwork Tue Dec 11 22:42:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725127 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 71D231869 for ; Tue, 11 Dec 2018 22:47:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 641E729FE9 for ; Tue, 11 Dec 2018 22:47:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 587832B6AA; Tue, 11 Dec 2018 22:47:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07EF729FE9 for ; Tue, 11 Dec 2018 22:47:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726445AbeLKWrT (ORCPT ); Tue, 11 Dec 2018 17:47:19 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:34942 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726450AbeLKWnm (ORCPT ); Tue, 11 Dec 2018 17:43:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568221; bh=/Zci3rWg5UF8hGpyuPO01UM8s4zhurIZ4pddwS3UViI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=nhvf5EmYIL3UlXtPuDhR1+E1BSXAQXf1B2WxxNSXxu+GN40c3TSSZ27vwD+DW7HEc9cidax5TzFJ7lWZFq6r2qzvQ4D1DGOa7cb/OG7xPK7NCUh+YGIR5UUkBQWriujFHhxuCbU5863HQZUtJ/u8ksDtjKHg1lp1WL2RgEGB5sgratKE9aCNQoctxQilpJHtTbqLbKiRgbI4QfyHfpYh5YxBWVGP66UgZ5mu4gS10JYi/UBnjVHQxKKc4fYEKGcXkP9+kctpQFyxa4EUEiAxRLBFx+v8Hd1JCTdSpMzWHbG9tCcjoJt6BDRF0keyU4oVCNHmaEYs7Fe4dmdRHBhEDg== X-YMail-OSG: rmA4qi8VM1lSiBJWHF0PN_ageUgbCmh5AKJfd9aGVlPOJDa0Xia_0gu2vmXg..d pgj.qxOe8U3oOk0aOa3JcFxUJxy5tbcmZmtZ8WPijn6f2eRt1OhK6TymKxRPWhu3uklmOO5VE1A3 YPxuGmekb3bQtvWj9WvRSp8l.rf.ADECeTMBUPswPN18G1CPDNGotaCPYoEwJ9NH_9LCflNmRP8z EIQJU0F5mwtUPWXZyxKZOZuX_M3XWVirA.G.NDbvAx1R7tE9KqrvYaOWF2ezLiDE2H6s7JYCEYVB A52Yy.QxV9Ihc1RB3tUO7TM3q1dTHjzC4ldKLa46pcLCUjCDjSv7K8a0iMAmzUymkAffp9asyLY0 aQUiqWhQVBAhxhrDY8ReXI6DpkPe7QRcyshyL.2Pd6SrnIuDMsZ6pGHklggfoSGbWBTONJc6KHEe vC0mJnDNbx20PaClXxEPQv9CxDCQ8h.MCflJV0c.2TvB0veu3PMX8HyHzpLu6G0Z.coCvnLuNtAP fJYEFoyBpFpgBYhYJVXIQCqnyF_yCmmWgisNGlUjnmm9bh.mWT0wE1SlJOigsmiRCHhywhQUVq4a WDrHiABuQDtixnn.zA9I6KOGSevpkhokubQ.vT7uuKTT2yAe0hIS9cMyghjmUqZ2LIwIsuFSbSML II6kNJcuUGFUOiHBXFoWXMko28_Uk8FyPHbVXzl8mobxQhAhaDJ1IMT2ge4pGPjyiQjyGyU0o8OD i8nZnH8BujqCWCWJWno7D6dRT8qen5JZ6k62w0Cot5FgvholovB1y_u6skPI4_0FGKK7sIHF05nf bt6.A1FyVmw.XFgpL2fmTtXbvFsIGFPijjWkG7yYWuliFLTvhx5eX40JlxhxJdPrHO5M6f0ADWN0 ye4NgMzPk8DnFSFPA87kYEZj09vPDxqR2uVR0bzkdqquR6B1gv0SaFMA6onhqmcrBOngrr6R15tv Q3ApSXp2lVjDwVikTXN6Qpo_pRwzMiVpUrybe98EAJtUVIhIRtT7WV5S7T6AWq9qUVz_hlkE.w_Q 2EE_YfdEWEau1Rgw9sdluWwgQ8sobsEujdUwa_x7jsJ6mPWhyXI_D0NE0hZdyIA1bq1OU3owqg5d s0S_yQSFbQ7LksXq5APHrz6qeOdSJZ8YhRI4TRwmit.E- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:41 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:39 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 15/38] LSM: Split LSM preparation from initialization Date: Tue, 11 Dec 2018 14:42:51 -0800 Message-Id: <20181211224314.22412-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook Since we already have to do a pass through the LSMs to figure out if exclusive LSMs should be disabled after the first one is seen as enabled, this splits the logic up a bit more cleanly. Now we do a full "prepare" pass through the LSMs (which also allows for later use by the blob-sharing code), before starting the LSM initialization pass. Signed-off-by: Kees Cook --- security/security.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/security/security.c b/security/security.c index df71b54c1ba4..3fac0ff39944 100644 --- a/security/security.c +++ b/security/security.c @@ -139,22 +139,28 @@ static bool __init lsm_allowed(struct lsm_info *lsm) return true; } -/* Check if LSM should be initialized. */ -static void __init maybe_initialize_lsm(struct lsm_info *lsm) +/* Prepare LSM for initialization. */ +static void __init prepare_lsm(struct lsm_info *lsm) { int enabled = lsm_allowed(lsm); /* Record enablement (to handle any following exclusive LSMs). */ set_enabled(lsm, enabled); - /* If selected, initialize the LSM. */ + /* If enabled, do pre-initialization work. */ if (enabled) { - int ret; - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { exclusive = lsm; init_debug("exclusive chosen: %s\n", lsm->name); } + } +} + +/* Initialize a given LSM, if it is enabled. */ +static void __init initialize_lsm(struct lsm_info *lsm) +{ + if (is_enabled(lsm)) { + int ret; init_debug("initializing %s\n", lsm->name); ret = lsm->init(); @@ -240,7 +246,10 @@ static void __init ordered_lsm_init(void) ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) - maybe_initialize_lsm(*lsm); + prepare_lsm(*lsm); + + for (lsm = ordered_lsms; *lsm; lsm++) + initialize_lsm(*lsm); kfree(ordered_lsms); } From patchwork Tue Dec 11 22:42:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725097 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2D37D91E for ; Tue, 11 Dec 2018 22:46:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F3C729FE9 for ; Tue, 11 Dec 2018 22:46:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 130BF2B6AA; Tue, 11 Dec 2018 22:46:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A41129FE9 for ; Tue, 11 Dec 2018 22:46:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726324AbeLKWqm (ORCPT ); Tue, 11 Dec 2018 17:46:42 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:37918 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726488AbeLKWnr (ORCPT ); Tue, 11 Dec 2018 17:43:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568226; bh=7Xaws2W0yIQV8FjcW558fLYKeVIf6r+5nGjJUAMugHA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=aeL+4OhSWYlAUrOFeHGFo8K4h6Tp1gpcLynecbQY2x06kMRjsofmO3n7KIxUAPqncHuJg8eOXX6hHt/VTRPSskbyCK+anoAk+Bcvo3rwDwtPCjR1gI8Q0Aluf/5k1pLDzPO1+w4HrON7W9gDbL73T11uIkpYTIxfDhSQ8PcJSm1Ij6z2NUxsGCZaGZbHMqhPwQ/vWSM9vdPe4PlnN4aWiIyYw8y+kYrDRJg5wiea4yxw4M5Uiysh7lu+0VxStaHZsly8pCLCndQiQsVLYwCREq6ae0EQKem4Ul2dVvT8Im8wV0I0cIjxWOSL7+s+7IeI3Wxi1mS9Bifna9kE709hFA== X-YMail-OSG: j.KV8C8VM1nKyDRJymu5Ts81qxBtU83lSf0k6UZV1utFT0W7Hi8c6PpkxoCRUoq VEMgfpW5mm0nWCcVV_p7gYk4m_v7LtfbOV6fy14peAGWdlA45gLc30jYiHoqloyMGmJzKN6RxAho P791hHkhvuIoilH5sgDmT9Dp.j8t5FVil4I1E2s4vxMFBbaYYBX1Q8OCGedLjlR1xdHbf.sCBWvP DSo01g2u7eJZuv.OnNcmHBvJ9eVqp409ADIW4Bmv3pL1Y5uk5edWCx1TW85sd6GTQw4tFKn4XNr6 8_TIq_4CMpswA687cULJxsE38CdXvnVGxqaSaRr.Lr5RMnFEunNk2T5KL27KsZqHOp9d9k88ydBl Rd8vc0d_zA7dAftrv78xEAnxenn15oct531jA7B4vfjVEWbric0d6elDfJqJsmZ.89mK66A9bpie o2uljL7W2q8MYVFu_Pj9g3sJgoYrAtarv7ELUOArNw0VIjZ2lYUNNHjleEljafFlgNwFw8dnL1jU N9y.479BhMxqyRqy7x.D0bRlWd2cnK5vMdw83vigDIKCL2sA89120PbawdokjlHq3_.Lw05mTDTq X5Hqwnc8ffAVXt2SxFCIZkzW3YFL2mNa3CeWz0Q.VyNJsB6E7oC3V4DfzLt6Lg_RPx5it5F64kv. 5hD_uThNNsZFGOxi2wLADS3hG3867xD1vn2k.vkDi83V.tHjc3BJWLifcvszjQZqxN2LR0b64eQ0 7N7DBu9NtEZ8SaA3CNvGu7mBDfesnE88lOkusULvrAn.9fNCkeCkfdZXmZzeiTM9dY8om.Jm.lLj aaRb95nvWAuxDrMCok5nDhZ4NKqxeu0NiyQqEmREQTETpRn8XiXLQhOg1l2HP9xZk6GAkQGjtfue QIWJ.xULe7xlUzynLkJW3OkO18RFBMNIBbf2cHGjDIUudG.KFEk2ib4WMJ.2sQDAQ7vIxzgZSVYp _pmL62uI7Tnfps3T1f7nKa6FVMSrwOR.W1w2IdTCgahb2vr5wmwYG7Xafa0Fbeomaph6it.GVJR1 IlaOFrTJH11Ee_wp70JcrqNEScxqDvikDJMebHe_Ilxjkd4e1JJE06c.VLwJHdXs6MRprkMm9r9D kfdwSAr9_n2LtE85np.4dG7sCzlosp1QhyoAxcA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:46 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:41 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 16/38] LoadPin: Initialize as ordered LSM Date: Tue, 11 Dec 2018 14:42:52 -0800 Message-Id: <20181211224314.22412-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This converts LoadPin from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 ----- security/Kconfig | 39 +-------------------------------------- security/loadpin/loadpin.c | 8 +++++++- security/security.c | 1 - 4 files changed, 8 insertions(+), 45 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 7d04a0c32011..b565c0c10269 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2092,10 +2092,5 @@ extern void __init yama_add_hooks(void); #else static inline void __init yama_add_hooks(void) { } #endif -#ifdef CONFIG_SECURITY_LOADPIN -void __init loadpin_add_hooks(void); -#else -static inline void loadpin_add_hooks(void) { }; -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/Kconfig b/security/Kconfig index 41aa0be6142f..566d54215cbe 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -239,46 +239,9 @@ source security/yama/Kconfig source security/integrity/Kconfig -choice - prompt "Default security module" - default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX - default DEFAULT_SECURITY_SMACK if SECURITY_SMACK - default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO - default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR - default DEFAULT_SECURITY_DAC - - help - Select the security module that will be used by default if the - kernel parameter security= is not specified. - - config DEFAULT_SECURITY_SELINUX - bool "SELinux" if SECURITY_SELINUX=y - - config DEFAULT_SECURITY_SMACK - bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y - - config DEFAULT_SECURITY_TOMOYO - bool "TOMOYO" if SECURITY_TOMOYO=y - - config DEFAULT_SECURITY_APPARMOR - bool "AppArmor" if SECURITY_APPARMOR=y - - config DEFAULT_SECURITY_DAC - bool "Unix Discretionary Access Controls" - -endchoice - -config DEFAULT_SECURITY - string - default "selinux" if DEFAULT_SECURITY_SELINUX - default "smack" if DEFAULT_SECURITY_SMACK - default "tomoyo" if DEFAULT_SECURITY_TOMOYO - default "apparmor" if DEFAULT_SECURITY_APPARMOR - default "" if DEFAULT_SECURITY_DAC - config LSM string "Ordered list of enabled LSMs" - default "integrity" + default "loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 48f39631b370..055fb0a64169 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -187,13 +187,19 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(kernel_load_data, loadpin_load_data), }; -void __init loadpin_add_hooks(void) +static int __init loadpin_init(void) { pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + return 0; } +DEFINE_LSM(loadpin) = { + .name = "loadpin", + .init = loadpin_init, +}; + /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); diff --git a/security/security.c b/security/security.c index 3fac0ff39944..0c092d62cc47 100644 --- a/security/security.c +++ b/security/security.c @@ -275,7 +275,6 @@ int __init security_init(void) */ capability_add_hooks(); yama_add_hooks(); - loadpin_add_hooks(); /* Load LSMs in specified order. */ ordered_lsm_init(); From patchwork Tue Dec 11 22:42:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725113 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B8E5991E for ; Tue, 11 Dec 2018 22:47:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8F4D29FE9 for ; Tue, 11 Dec 2018 22:47:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9D0AA2B6AA; Tue, 11 Dec 2018 22:47:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A8B129FE9 for ; Tue, 11 Dec 2018 22:47:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726484AbeLKWrH (ORCPT ); Tue, 11 Dec 2018 17:47:07 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:41724 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726480AbeLKWnq (ORCPT ); Tue, 11 Dec 2018 17:43:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568226; bh=q22d4rrFaTt8aTp3VyIyxlI3Zk8optLiXa/YsJkyyVs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=UdCnmtloPcX8tXBg5edoWRewlFJuiF6cXekf+tqYVoHlcf9JlnKoIO2wgbNDzCLPNnL/2Dz/PGbSWo9p9WGbQTQpA7wqeKiS4zfMnSKbp1CgHbJaAEGwv8PLItBKAEwccfiy8KEO48s/45HyzTWkZ5AEPMVh04ygtSmBmcMfnWowxxmopR3758MwAlfbdlTw6q+MrZV26wfyimB9GGyr67MOvRw5Q2b4Ar36SLqnFR+Cd6v6FUiF8+/+sx77FGXqCIK30DE3iempl8V/4YOm5a3QPoZfR7Kch5+zlbMsqya6hV0jFoJUwbmsTcvA4h2pdc9dRm+HWc0mTynsIpAlag== X-YMail-OSG: gCVeihAVM1n78BNwXMoioU3.Kr.V6KBEh5DaRdY3AAX.RaXMznKplXYRzTsP11U tjcmCrfy2N99z97UNc3vJp7wwRSHD1QTXw.zO5HhxVzNBfUTcaJGgwq96YImf_vfkWlzr3z1TnwW Hq2JST.RbPOlCOV17bCXxCREZOe1GJ3lrtp5F9mjKJnaST7tiICUzo8hudomEmCotbMivf4Qpj_S S0gILHDqG.PL2R7HZKoj9J6w7Z1RIFpLyLWiUgrlnWdZuet8Cd5DqrKrSgDu8Z60ryUIVs_fTAiF Eimwn6853SOMxIZ7mC6qHCm_NzBfxuR99SMvPfZcyKDQTgS8Tj0fttLse4M722cqT8sN61KTPWHP 5NcmlpNK4T5YWzP0vB.vU7eAT3u0kdRfGEoP4mBMr3vbSY1gfEWDXad418bJIcxLFnPKYcrJjp0X 3k5..u3oQDunOeSFqbT6SHernSzxMXRdq8mHE7lC4.c6ftKPJg2az1Qy979_weNdjubwnhew4P2w loq4ej5mZPTDRfwblGogAOo.jixSXYHVR4EYaqiNFwFX3mR31F0CWw02ul3FwD3b_0PwYFwGDOGC 40KlCDXJTSFudb7EVABIborII2.eaq2PXlttpq7hfKb0Akp6.KvfjnA7jJetCp9wR2CUiFV3iwv6 YRIZCRcjz2FxGXjEAgFyzZ0sCEsxOcIn_FNOvygXn4o7uVVYcwYC5O9XJHuI9jcNfDke7hZefvKI io69ozetEdmAJA2t3U.pDAwtP6fW7SYD_YjGUblz.PNZ..YDkqdnbJ2c.y9TaPvVa5XGxVp4QR5I 6y8oEn2ilZ6SfBvQjE2sD0GI5evFELn9vHpHzqYwuXB.mmJFCB3B4J.BE8MgC.X.RuBiuKvqi44J ixZgpe5ko.FuDcQUekBo4C.tES3Uo.stX0ngC9znB.yNNWq6VAQfT9vhDNnm..kod7HxrKwBDhuR L8BIzz6IGaKVBe2PgUQDVs0dg.3mFU_.RTF9emXqPoQjd8AM0RxKsdqeFOwh1o9vlJp_LE9PAXpY Y1YesLJgcmXyu186i3NiOpHvacWc_3k8OQYX.Mhu4qB2YuprbAC75z76NJs8uWd11QtCkEyUR8gu 5MsefPYkZmB9uH9_KS9tlMXyvAPC2uE8yKw8aWsLRAm0- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:46 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:42 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 17/38] Yama: Initialize as ordered LSM Date: Tue, 11 Dec 2018 14:42:53 -0800 Message-Id: <20181211224314.22412-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This converts Yama from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 ----- security/Kconfig | 2 +- security/security.c | 1 - security/yama/yama_lsm.c | 8 +++++++- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b565c0c10269..6cfbd7d78a89 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2087,10 +2087,5 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern void __init capability_add_hooks(void); -#ifdef CONFIG_SECURITY_YAMA -extern void __init yama_add_hooks(void); -#else -static inline void __init yama_add_hooks(void) { } -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/Kconfig b/security/Kconfig index 566d54215cbe..94a71e022b79 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -241,7 +241,7 @@ source security/integrity/Kconfig config LSM string "Ordered list of enabled LSMs" - default "loadpin,integrity,selinux,smack,tomoyo,apparmor" + default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/security.c b/security/security.c index 0c092d62cc47..0c3c66dbf51c 100644 --- a/security/security.c +++ b/security/security.c @@ -274,7 +274,6 @@ int __init security_init(void) * Load minor LSMs, with the capability module always first. */ capability_add_hooks(); - yama_add_hooks(); /* Load LSMs in specified order. */ ordered_lsm_init(); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index ffda91a4a1aa..eb1da1303d2e 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -477,9 +477,15 @@ static void __init yama_init_sysctl(void) static inline void yama_init_sysctl(void) { } #endif /* CONFIG_SYSCTL */ -void __init yama_add_hooks(void) +static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); yama_init_sysctl(); + return 0; } + +DEFINE_LSM(yama) = { + .name = "yama", + .init = yama_init, +}; From patchwork Tue Dec 11 22:42:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725101 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A6D2F91E for ; Tue, 11 Dec 2018 22:47:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94A1629FE9 for ; Tue, 11 Dec 2018 22:47:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8334E2B6AE; Tue, 11 Dec 2018 22:47:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 25EB429FE9 for ; Tue, 11 Dec 2018 22:47:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726397AbeLKWqn (ORCPT ); Tue, 11 Dec 2018 17:46:43 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:36661 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726483AbeLKWnr (ORCPT ); Tue, 11 Dec 2018 17:43:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568226; bh=lZbzrpRCsPhiLDi7Sk9eC9O4yptogW1Y1bVM3UqJEJs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ca81np26tvddk0Krp08PBRF1GH2C5LXC/OSOGPw19g6jbppfrfNds4EG/jUKidbVEAv4IQEKH/6uNulHWZf9HCzgt5T6+S0xAr/dwaUYwmO4pyapelezzdgGhgeLlofXTUJVX9AZvgTtzwYCX3p6rOZzAB5BJFe+/nW0RreZqJJDYbn6i8qoAfhWLHqnigtCy7PHWeLDf7DAeOshtvtMuYiMKzMkHFBMsRRdO1F1PFPYs+e5RES9kq3oZU20xNemxp4iiab5NWcPfcwPBI9/PHYLzzKgezPwDRhIPzgB+4LOUgnAvhjenPF8qiW42hd2N2xJDZbIRdKG3YDJq3mKZw== X-YMail-OSG: hCAtuysVM1k.EwwbBKA5aGH6hLMq9xoQkIt7RprT9pxazKn_QUQEjb7HZidLeJR 7BRVQ3ErvE502e0rbiZgdVRQW0b0lD9aWf_c.zggRgMbAuKmyqw9FAJm8_rpkkNEPZ6Nqi9NbeFq Pk9iUJjQJIbT3wXwjDLMscZ1K4LegFFUetOwUiO4qDSnm2_rZPhLda4cxPTx_IB3nw4D_2T0vwgL egM6rNdxGFxfY.uahUnteXe7s7.vssYrT5vc8eaVHDK2HY4BuKxmvYOXaS7pMNPgPe6HkcrZuS4y caieuvWw83waNTV6WtZTxiy9o35kfEKexMSpGh_k1uSeFjwtKkv_3NKiQ8wo9QLX4OjlXwISOsQ8 u9UtmBZ7Kjmw.VZhE_qOUKu79hOhzY1mohUkXbxTYxQy6Xt6dG4IlcfbY_vecHnQOlyEHa9.xyKp Yakx3ppDWjbRJmIVTAKbDZB3dDoJXN07zA70CzlEZ4xozcSdcc4m.BpFe33FMSn4r8gDs.S14KvP xv0mVr5r96Qv1rSNrvdW9DkU_XN6k4wVC8KbWUtyHP2XAhI0Gln3cuwEwdHjZJNeBrVjyKKqQWiT VDZFNdqHjy_BAjYaODehqsjfWfmJx0.tC6Gf_fpgQ33z7FfBcW4SH710.IY8ih91ZfhkKlhKxOd_ z9tpFZaHahRHiUkqZ78MCSRVTAVBTyJ6IsG5x9NshF_rIbWT__bk5SVi81mCCmfMM__yxuRwT0UY oT0m0pcXi5r_JXW2fCFN8LItnCtj.3jwJ6vYsWkGBOGHwoVp75RpkzBoIJL.70PZ_EFRN9CeEPq8 jRcrjPfsAZ5__FUmCJN6rvYOkgjwYa_RFNcVXh2jC.aHmWjoL778alC49gvOfYkCev8Im..QgyUD .1pQRAA_EAK4Vh8Kpum1JrorkI0dkFeBLVikULJNEUSc.k3jmLQnQxWogRDv9YCKtzjqrl4tNq07 u7lsP6ldH_VQrzfOlxRdSyUmjpT6Q.3lt7uaJtwG7tLwZWi1bDeLxpQpuHKRpjG6kjjVEwcsWQtk n_sFGxJRxG66sUFGWqiV.hN73VEUz9lPM8nvE8_h1vd2Q_wt4CsU5IELBYSQYiTgbHVINP_W1BC1 aR1VqS_gOvI3uatPnY_kFNS4r_3Edu.L1p7zddQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:46 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:43 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 18/38] LSM: Introduce enum lsm_order Date: Tue, 11 Dec 2018 14:42:54 -0800 Message-Id: <20181211224314.22412-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook In preparation for distinguishing the "capability" LSM from other LSMs, it must be ordered first. This introduces LSM_ORDER_MUTABLE for the general LSMs and LSM_ORDER_FIRST for capability. In the future LSM_ORDER_LAST for could be added for anything that must run last (e.g. Landlock may use this). Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 6 ++++++ security/security.c | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6cfbd7d78a89..83858e3df9e5 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2042,8 +2042,14 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) +enum lsm_order { + LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ + LSM_ORDER_MUTABLE = 0, +}; + struct lsm_info { const char *name; /* Required. */ + enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ unsigned long flags; /* Optional: flags describing LSM */ int *enabled; /* Optional: controlled by CONFIG_LSM */ int (*init)(void); /* Required. */ diff --git a/security/security.c b/security/security.c index 0c3c66dbf51c..701507174f40 100644 --- a/security/security.c +++ b/security/security.c @@ -174,6 +174,12 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) struct lsm_info *lsm; char *sep, *name, *next; + /* LSM_ORDER_FIRST is always first. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_FIRST) + append_ordered_lsm(lsm, "first"); + } + /* Process "security=", if given. */ if (chosen_major_lsm) { struct lsm_info *major; @@ -202,7 +208,8 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) bool found = false; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, name) == 0) { + if (lsm->order == LSM_ORDER_MUTABLE && + strcmp(lsm->name, name) == 0) { append_ordered_lsm(lsm, origin); found = true; } From patchwork Tue Dec 11 22:42:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725089 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 82A9D91E for ; Tue, 11 Dec 2018 22:46:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6ED7D29FE9 for ; Tue, 11 Dec 2018 22:46:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 61F062B6AA; Tue, 11 Dec 2018 22:46:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07D4229FE9 for ; Tue, 11 Dec 2018 22:46:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726239AbeLKWqh (ORCPT ); Tue, 11 Dec 2018 17:46:37 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:43117 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726183AbeLKWns (ORCPT ); Tue, 11 Dec 2018 17:43:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568226; bh=kZnkfo4eewmWJdduR5L3e/EPe8qWMgQMq8d/TZ6MGio=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ejipxJyDBgrLLjgBaUCabHWnAjP0H35MLh89FPQNwptwGO5GQhOYdBo3gzckkuDRJycMBTatG/SV4XysnSstt9XwyfH3v6QxE2Qtg+7Gf6xbFjttyzYFi98mIWVuDmQFuirTgtv4FpcoYqPTPCPI+ONCVWmViDBxX1qvII61aAKpgW3TdfLUzgSuTjh3tCo0yI56aGge7NVqmAnqFRrMgZT4s8+KSg2TWzBWVB9RPDpV8WaEa0dPP+mPfjtwonWluPzaMBavjqsl6cWlNPa7p161TRVKqFVg+ozpOKPrs76Ugdwd+pV0x/pnEjXtOGBrbQoB74xmsq78JZVrzuWB1g== X-YMail-OSG: kA1OslEVM1nX8SlcemXJSivjnL_Yvva6XedrvXcUpUu39XaTP9GHVLlYOEmBkgX dzeuYwRCB_JRtF.JPIdsVtIchHrn7eduSsjpEnUzZHzQk4kimhSvrt68dS8C91QyVXNX.2wpLITw pNTssLY2jNgXQNPxdGMJ_J80MxZNSgld6OVpUxDztKn2YcVmLiVFfEP5WkUXm8WBxl6NoKndfR8T LEvcPdbzIaTKcdle83j64UcPheeseoja3y6bF2YQhQ2k5cUyzcspLfmUeH5W9usdXR3ULeEfEpaV zZMOyFfgnDdUUcHgjTgp73mixih7O3guMwUiHwNPh7d8uQZV6AJHhs9wdeVu6BAOgmt5MTFeJ9BT fNLL5bPVrBVL_mNETp7xpgYKW9Dljiwam.hb4Zl5GKPJnnaXKkex5SwmGRne2fPQWSU1.ruKwjxi uhPfhnYGRQM0hcKhAsK4JqcdQIHeNjRB9frsATmkU_mqJ8MzXDIr8mp.G2xAkK6EHfY_5dWeKxND cYOIHUvNdK._hg1UDYyC2C7Em4dFaytRzyAY4RtAgxdeGKizPPZkb5bOgZjBjPee6zAqR14ZvgT2 SyWntyEn99wQmbMicIgJZWGGGnQsKesTKgZ.QmrsoYuQaMxV8LI9aYSGizn1_Y4Ngtz5EWA8uU8k ZKjB.6h1ug72cNfgWva1Zvbn6dtQ8Gs1snEMdmxu_Arhg8kZiiOe9Wg.i6GoneShdVKEnNrhI32e mywV.p8JWDSWqr7UkV__4HVSgZ.smZShavgJB2KGxOZdOZNQO_oguv3H97nITHC6qDt10O5U2Xfk 687dVX6oRIvla2drwGbswjIvOqwqmch8pwRLBwIZt9wGk1nyOjJQM4bnWzpWxg8NiHbM0phB_wd1 NRnHxf3DF3kGfDM8TxYe7qd1IyeGjc6sXkFHhgZoZUoBYOpVGrR0ZsvWugflQX6X0mR7yA6qSjDX LeoTdGfMRt0ZmjC6ZfzVDPL_unT1hs_CmY6qCX2.fqpBl.ODb74ARXiWlm6g9qpInYM1SZ4WGh7A VSuQh75aafNIFILMJ_xaoE8VMWaDEd4XloC5CNd3HNkoA2nBgZAaPkxRLZXEpAK_zGJCTEk17e79 gMoSq7f0HDAXaYreO6kqFiTKmSYOI5TOzUm4eyTHCruI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:46 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d92a2db682ecd2e464273bda9352fd0e; Tue, 11 Dec 2018 22:43:44 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 19/38] capability: Initialize as LSM_ORDER_FIRST Date: Tue, 11 Dec 2018 14:42:55 -0800 Message-Id: <20181211224314.22412-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook This converts capabilities to use the new LSM_ORDER_FIRST position. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 2 -- security/commoncap.c | 9 ++++++++- security/security.c | 5 ----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 83858e3df9e5..15fc49ee41a1 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2092,6 +2092,4 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern void __init capability_add_hooks(void); - #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 18a4fdf6f6eb..ec387535e597 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1363,10 +1363,17 @@ struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory), }; -void __init capability_add_hooks(void) +static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), "capability"); + return 0; } +DEFINE_LSM(capability) = { + .name = "capability", + .order = LSM_ORDER_FIRST, + .init = capability_init, +}; + #endif /* CONFIG_SECURITY */ diff --git a/security/security.c b/security/security.c index 701507174f40..eab64bdc60fb 100644 --- a/security/security.c +++ b/security/security.c @@ -277,11 +277,6 @@ int __init security_init(void) i++) INIT_HLIST_HEAD(&list[i]); - /* - * Load minor LSMs, with the capability module always first. - */ - capability_add_hooks(); - /* Load LSMs in specified order. */ ordered_lsm_init(); From patchwork Tue Dec 11 22:42:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724983 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DBDAA91E for ; Tue, 11 Dec 2018 22:43:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC9332B341 for ; Tue, 11 Dec 2018 22:43:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BFC9F2B6AA; Tue, 11 Dec 2018 22:43:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19ED32B341 for ; Tue, 11 Dec 2018 22:43:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726609AbeLKWn5 (ORCPT ); Tue, 11 Dec 2018 17:43:57 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:37751 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726559AbeLKWny (ORCPT ); Tue, 11 Dec 2018 17:43:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568231; bh=PBT9NIfIFWqve0jgHQc8SqCsASaMC4tLfOD1iemFqzE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Hj9Fgv2BK6BOQPCOoYDUfB4tmj4W3L1lGRX2NAf3zA+i9kBjgae4aj/2Otb9Qf3apKW5DFVkTKN33MLZ2aryahfpxNqvnCIXvA9nyCtgKSZHSxp1RoL57mw8LIwh2N6Ib/rU3o77jOl5XwaJ9duGn4GV4SPn3DUxJEYvFRxzvg6GFlMbAwMmow/7ABhxK9aTmsjkQpmat/PdzkOD3y6uLkEV3cjjz8QIUkHkxjQaKlLLGck12rhmzy/te3wk/nWUcsE2OnYOWdFLsNWiQt3WM6Hz5rtPqUsBdPQS0jFZU5yB6Jzu9kvaqKFJbmhkEqJAo6oweb0EkxES/f9pqyezPg== X-YMail-OSG: GFYM0dwVM1nBF2LyWlPECLqKVLs3YI.0Lzskt_B4WcwqBqe9vBHbj39Xk1QbLfz zfFvlFUqn9Gd6WxUFRK6HFqRlvfzeQ34PDrwmV1w3GCxoZtgI.69B3XQnvbfJm3JeJDQVjuLryEC 3HCTDrh0k1DrSJJ5jLybZ6gAB29h3.RZMcoUaZAZMZ6Mw_ze2inBXO4t8IvlznjgDm0xYGKIXVQL lRDnfIJA1A12FaF_w7jR8LK4UD8OD6uK09ilcV69ZH5XvZO3dZD.F6uVd0GDd6irOTkm28L0sJ1t YMRRf920119Z.Ini79ozHD6xMDKJTcbEa0qpEYwYDvH337kInUI2uvvjBbTriIn0CVVSds5foWms S4yiMn1WzJwck_5UZTOCqTZndCsFpqaPuluA1eEmrECZFE66Ga5T3ucCvDSlMd.F7zP3ShHH7Xxc _906RlgeVwVgo1Tp9JUwA9CClRURKvbIuLEH.TecgzyK28XDt.4UDnllGnd.ZeZsPc80S56j5SXM GCXIJb2UZqMRyxhoLrAnTOTo8eLJ7FgW79dMk9C4YH.KVaqNVHJ.1mZp7S7BkmKC17nYYyGvPREI RdES3V2ORakg5qDWS3ZPmeLgn5zMKR5YylRDMfUgAP6YjCJuvFJRNpsvsjH1mDSoB64NrG_NRl5o o.iAzbOOjPJMOXO5r.78VCMqJS2ushazcnGUQ1TJ8RBgD8w9YDlrVAp8VMcu4ZbDn_ABceslahYB LYvK8m5XHDYMaPiWA_uFLD.iPFpOeTGbugBECFIf0LZZy0qJTqzS1HulYXDX7012903mDOlbrdVb dihLjMaoXMUVCJuwHvhMSkqvay6l.xhRWn7OxXoVHjrg_IeEWR_ZcY_WbhgcfocS3xq0N2m2SHw8 2O22kQ.mtz0IPQS5QdZVZHXazI30PGxCWFE49qP9uCfd6Xwk.UtiITMahfkk83mkEZqTq88TcZbJ Pcc.qELOp2gYXtVzr0.7OAKEWRNmKlsXk3rFueXLpP1_djUKw._4F.qtjLwj3EHTbezFBLAfsHD7 Pz.4NjX6py23Jvs69hGHEjPlB0votRo1pHN7Hu5vwhWQyOpH155Y4DKlcRF4gsqgpACEifAkXHio 80hWLnqYcoMemFIbqHybd1cgho9qrBfvSBrN9kg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:51 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:46 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 20/38] procfs: add smack subdir to attrs Date: Tue, 11 Dec 2018 14:42:56 -0800 Message-Id: <20181211224314.22412-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Back in 2007 I made what turned out to be a rather serious mistake in the implementation of the Smack security module. The SELinux module used an interface in /proc to manipulate the security context on processes. Rather than use a similar interface, I used the same interface. The AppArmor team did likewise. Now /proc/.../attr/current will tell you the security "context" of the process, but it will be different depending on the security module you're using. This patch provides a subdirectory in /proc/.../attr for Smack. Smack user space can use the "current" file in this subdirectory and never have to worry about getting SELinux attributes by mistake. Programs that use the old interface will continue to work (or fail, as the case may be) as before. The proposed S.A.R.A security module is dependent on the mechanism to create its own attr subdirectory. The original implementation is by Kees Cook. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- Documentation/admin-guide/LSM/index.rst | 13 +++++-- fs/proc/base.c | 64 ++++++++++++++++++++++++++++----- fs/proc/internal.h | 1 + include/linux/security.h | 15 +++++--- security/security.c | 24 ++++++++++--- 5 files changed, 96 insertions(+), 21 deletions(-) diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst index c980dfe9abf1..9842e21afd4a 100644 --- a/Documentation/admin-guide/LSM/index.rst +++ b/Documentation/admin-guide/LSM/index.rst @@ -17,9 +17,8 @@ MAC extensions, other extensions can be built using the LSM to provide specific changes to system operation when these tweaks are not available in the core functionality of Linux itself. -Without a specific LSM built into the kernel, the default LSM will be the -Linux capabilities system. Most LSMs choose to extend the capabilities -system, building their checks on top of the defined capability hooks. +The Linux capabilities modules will always be included. This may be +followed by any number of "minor" modules and at most one "major" module. For more details on capabilities, see ``capabilities(7)`` in the Linux man-pages project. @@ -30,6 +29,14 @@ order in which checks are made. The capability module will always be first, followed by any "minor" modules (e.g. Yama) and then the one "major" module (e.g. SELinux) if there is one configured. +Process attributes associated with "major" security modules should +be accessed and maintained using the special files in ``/proc/.../attr``. +A security module may maintain a module specific subdirectory there, +named after the module. ``/proc/.../attr/smack`` is provided by the Smack +security module and contains all its special files. The files directly +in ``/proc/.../attr`` remain as legacy interfaces for modules that provide +subdirectories. + .. toctree:: :maxdepth: 1 diff --git a/fs/proc/base.c b/fs/proc/base.c index ce3465479447..e133de4897df 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -140,9 +140,13 @@ struct pid_entry { #define REG(NAME, MODE, fops) \ NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {}) #define ONE(NAME, MODE, show) \ - NOD(NAME, (S_IFREG|(MODE)), \ + NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) +#define ATTR(LSM, NAME, MODE) \ + NOD(NAME, (S_IFREG|(MODE)), \ + NULL, &proc_pid_attr_operations, \ + { .lsm = LSM }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2517,7 +2521,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, + length = security_getprocattr(task, PROC_I(inode)->op.lsm, (char*)file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2566,7 +2570,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count); + rv = security_setprocattr(PROC_I(inode)->op.lsm, + file->f_path.dentry->d_name.name, page, + count); mutex_unlock(¤t->signal->cred_guard_mutex); out_free: kfree(page); @@ -2580,13 +2586,53 @@ static const struct file_operations proc_pid_attr_operations = { .llseek = generic_file_llseek, }; +#define LSM_DIR_OPS(LSM) \ +static int proc_##LSM##_attr_dir_iterate(struct file *filp, \ + struct dir_context *ctx) \ +{ \ + return proc_pident_readdir(filp, ctx, \ + LSM##_attr_dir_stuff, \ + ARRAY_SIZE(LSM##_attr_dir_stuff)); \ +} \ +\ +static const struct file_operations proc_##LSM##_attr_dir_ops = { \ + .read = generic_read_dir, \ + .iterate = proc_##LSM##_attr_dir_iterate, \ + .llseek = default_llseek, \ +}; \ +\ +static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \ + struct dentry *dentry, unsigned int flags) \ +{ \ + return proc_pident_lookup(dir, dentry, \ + LSM##_attr_dir_stuff, \ + ARRAY_SIZE(LSM##_attr_dir_stuff)); \ +} \ +\ +static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ + .lookup = proc_##LSM##_attr_dir_lookup, \ + .getattr = pid_getattr, \ + .setattr = proc_setattr, \ +} + +#ifdef CONFIG_SECURITY_SMACK +static const struct pid_entry smack_attr_dir_stuff[] = { + ATTR("smack", "current", 0666), +}; +LSM_DIR_OPS(smack); +#endif + static const struct pid_entry attr_dir_stuff[] = { - REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations), - REG("prev", S_IRUGO, proc_pid_attr_operations), - REG("exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations), - REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), - REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), - REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), + ATTR(NULL, "current", 0666), + ATTR(NULL, "prev", 0444), + ATTR(NULL, "exec", 0666), + ATTR(NULL, "fscreate", 0666), + ATTR(NULL, "keycreate", 0666), + ATTR(NULL, "sockcreate", 0666), +#ifdef CONFIG_SECURITY_SMACK + DIR("smack", 0555, + proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), +#endif }; static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx) diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 5185d7f6a51e..d4f9989063d0 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -81,6 +81,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); + const char *lsm; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index d170a5b031f3..35691877c3e1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -390,8 +390,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, char *name, char **value); -int security_setprocattr(const char *name, void *value, size_t size); +int security_getprocattr(struct task_struct *p, const char *lsm, char *name, + char **value); +int security_setprocattr(const char *lsm, const char *name, void *value, + size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1139,15 +1141,18 @@ static inline int security_sem_semop(struct kern_ipc_perm *sma, return 0; } -static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) +static inline void security_d_instantiate(struct dentry *dentry, + struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, char *name, char **value) +static inline int security_getprocattr(struct task_struct *p, const char *lsm, + char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(char *name, void *value, size_t size) +static inline int security_setprocattr(const char *lsm, char *name, + void *value, size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index eab64bdc60fb..81ff6a71e78e 100644 --- a/security/security.c +++ b/security/security.c @@ -1472,14 +1472,30 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, char *name, char **value) +int security_getprocattr(struct task_struct *p, const char *lsm, char *name, + char **value) { - return call_int_hook(getprocattr, -EINVAL, p, name, value); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { + if (lsm != NULL && strcmp(lsm, hp->lsm)) + continue; + return hp->hook.getprocattr(p, name, value); + } + return -EINVAL; } -int security_setprocattr(const char *name, void *value, size_t size) +int security_setprocattr(const char *lsm, const char *name, void *value, + size_t size) { - return call_int_hook(setprocattr, -EINVAL, name, value, size); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { + if (lsm != NULL && strcmp(lsm, hp->lsm)) + continue; + return hp->hook.setprocattr(name, value, size); + } + return -EINVAL; } int security_netlink_send(struct sock *sk, struct sk_buff *skb) From patchwork Tue Dec 11 22:42:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724977 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4D95991E for ; Tue, 11 Dec 2018 22:43:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BA2F2B341 for ; Tue, 11 Dec 2018 22:43:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2DD3A2B6AA; Tue, 11 Dec 2018 22:43:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 16C1B29FE9 for ; Tue, 11 Dec 2018 22:43:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726565AbeLKWnw (ORCPT ); Tue, 11 Dec 2018 17:43:52 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:40805 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726548AbeLKWnv (ORCPT ); Tue, 11 Dec 2018 17:43:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568230; bh=ynlFBU/OJkeApIeJxkFCkcN4bhspcm3eSha5ckjlfaw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=d31K81Oqlbk7Fy5pshEW+JDMg4KtDT/ABOTKaqKX138+W+LFW3Xz+2Sf6aWE3DQLRJsF4EEhS7TbmaWmZ5JzaeeFR2h4UW0A92tsbOuSOp6MWZ0ofhF5sxibi8GYKwNkagY1U3ZKd+OYqlvwVk2dAegE5dqgI1boODnCzxI5jj9mFd5jQsjlqX4/bplPIXCBoTZS9deEfu7yFLZGG5gpgv+Mqs6tWFM6ytxlfQ9fntu+9PTL53LF/Zzt5Bp4nb0tSWPbaq7RfeTyFjESPAfd2WFRUr4fODufoiLRQw+yMkpN6wi0jYJl+lX0bBIVCSgjjPKn1Exk42FTaZ2de+LvnQ== X-YMail-OSG: JA8HMecVM1lcCpWxRLfEcdkpAuz16D5UVsJb_bZgxKaUEfNColYP1kK9C05SULd EKgUG3_LdxpC1564eg_RmmNZc6LFFMR_LKC5b.NnZlIHi.oXb_UlF27dTOd_VHZfXdGz9caTTg6e LRzgsX6FJcl2uK3e1NSeKEr4VFMCEcF5doMRba6pirwjKfJgBfXnYW1YuyyIdVYDasmnm6Y4Wzd3 xTb_QsX_cM14fB.6GpLEw37AzFHerzTxpTECge6jfVwTB7.HOvqUAOoAfaNoM6gUpw1o.3BkMe9d 3gDnT0yoEnHbupK3PnTRRBHvySIrxt_yv8F6cZHCfLau9kPtnShVx_zwfYTm._hIPremL_gRSEFr g6q0fCuw.lp7PDMv0NffMlm_H303M3BJHEi5K6nrnG9Xkd5GrJl69tzKZYeTJiI16rqDMzaqGd8m wEGrRCaE8tVRWf7h9AuHmsBOQlNtz9M.Mp3r.73Tnmny7U1AUur3e0gMy_c21wNpMdEAnQ6A..Aw b7Tx4KKi1s0ofvbu0eK0dtBSAhCUTLAUJ2OieBqC0AD7khFuag_GR8IQu1sJh_bG5.TCgYCraYQO 6mtVUJp3dg6TYHPHir8Xni8wHUNbRXK7eaeJWAGAKgpNzyVrOoHm77j5qfCy.cH71CC8zsDWxf.Q cIGIa6LEsIacHpquHFl236kdGBoEBSYwHqjYxOkujt2Q34wwtdsO2ktiGCwALvmsqXSPly9IIZLS ssA0g0UHke6eJf8607dsJ4lrd_UMJTCqeqbCgP4uCSm3Fu4hayN06ARv0XgK8VhHY2A8XZTGpphG xwycm3hzL4UMWDSX93aFnzpp.WttrYFsdGqGRmOba9TcZ5FjjS3wEkyad0xnJN27YcCnr3fb03b1 yc.zi8ihozyMQ6paOpnd_RaLMWkXXUnCMTyiWMxcZgnfcF0q.VRMTFFVwWUmF1eEUFPmJnTwPg9l 6jAm7RvXsL.SBlibd5YsLTj3tT21WkywAJIIbDwqFbV2lzBEAuQFzmtR.2DAGw8QGrosLtjRa8r5 9bRfrNjo1ktUqLFqNp1J0pDPdP7RGG6C07sGfZsYx3KZC5Q60hgmGuJ.26EBZR6gGAAdEacKhxLD YADyuSEuPSGvgL3G1zJ0NilIHJtUE.tJ7xiwqJ1qO84M- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:50 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:47 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 21/38] Smack: Abstract use of cred security blob Date: Tue, 11 Dec 2018 14:42:57 -0800 Message-Id: <20181211224314.22412-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- security/smack/smack.h | 17 ++++++++++--- security/smack/smack_access.c | 4 +-- security/smack/smack_lsm.c | 57 +++++++++++++++++++++---------------------- security/smack/smackfs.c | 18 +++++++------- 4 files changed, 53 insertions(+), 43 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..01a922856eba 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security; +} + /* * Is the directory transmuting? */ @@ -382,13 +387,19 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + + cred = __task_cred(t); + skp = smk_of_task(smack_cred(cred)); + rcu_read_unlock(); + return skp; } @@ -405,7 +416,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9a4c0ad46518..489d49a20b47 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -275,7 +275,7 @@ int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, int smk_curacc(struct smack_known *obj_known, u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_tskacc(tsp, obj_known, mode, a); } @@ -635,7 +635,7 @@ DEFINE_MUTEX(smack_onlycap_lock); */ bool smack_privileged_cred(int cap, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *skp = tsp->smk_task; struct smack_known_list_elem *sklep; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 849426ac6a6c..f34117b8c3be 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -122,7 +122,7 @@ static int smk_bu_note(char *note, struct smack_known *sskp, static int smk_bu_current(char *note, struct smack_known *oskp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (rc <= 0) @@ -143,7 +143,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_task(struct task_struct *otp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *smk_task = smk_of_task_struct(otp); char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -165,7 +165,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_inode(struct inode *inode, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -195,7 +195,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_file(struct file *file, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -225,7 +225,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) static int smk_bu_credfile(const struct cred *cred, struct file *file, int mode, int rc) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -431,7 +431,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, rcu_read_lock(); tracercred = __task_cred(tracer); - tsp = tracercred->security; + tsp = smack_cred(tracercred); tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -498,7 +498,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - skp = smk_of_task(current_security()); + skp = smk_of_task(smack_cred(current_cred())); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); return rc; @@ -915,7 +915,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_bprm_set_creds(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); - struct task_smack *bsp = bprm->cred->security; + struct task_smack *bsp = smack_cred(bprm->cred); struct inode_smack *isp; struct superblock_smack *sbsp; int rc; @@ -1746,7 +1746,7 @@ static int smack_mmap_file(struct file *file, return -EACCES; mkp = isp->smk_mmap; - tsp = current_security(); + tsp = smack_cred(current_cred()); skp = smk_of_current(); rc = 0; @@ -1842,7 +1842,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct smack_known *skp; - struct smack_known *tkp = smk_of_task(tsk->cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); const struct cred *tcred; struct file *file; int rc; @@ -1895,7 +1895,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); ssp = sock->sk->sk_security; - tsp = current_security(); + tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't @@ -1937,7 +1937,7 @@ static int smack_file_receive(struct file *file) */ static int smack_file_open(struct file *file) { - struct task_smack *tsp = file->f_cred->security; + struct task_smack *tsp = smack_cred(file->f_cred); struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc; @@ -1984,7 +1984,7 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void smack_cred_free(struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct list_head *l; struct list_head *n; @@ -2014,7 +2014,7 @@ static void smack_cred_free(struct cred *cred) static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct task_smack *old_tsp = old->security; + struct task_smack *old_tsp = smack_cred(old); struct task_smack *new_tsp; int rc; @@ -2045,15 +2045,14 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, */ static void smack_cred_transfer(struct cred *new, const struct cred *old) { - struct task_smack *old_tsp = old->security; - struct task_smack *new_tsp = new->security; + struct task_smack *old_tsp = smack_cred(old); + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = old_tsp->smk_task; new_tsp->smk_forked = old_tsp->smk_task; mutex_init(&new_tsp->smk_rules_lock); INIT_LIST_HEAD(&new_tsp->smk_rules); - /* cbs copy rule list */ } @@ -2064,12 +2063,12 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) * * Sets the secid to contain a u32 version of the smack label. */ -static void smack_cred_getsecid(const struct cred *c, u32 *secid) +static void smack_cred_getsecid(const struct cred *cred, u32 *secid) { struct smack_known *skp; rcu_read_lock(); - skp = smk_of_task(c->security); + skp = smk_of_task(smack_cred(cred)); *secid = skp->smk_secid; rcu_read_unlock(); } @@ -2083,7 +2082,7 @@ static void smack_cred_getsecid(const struct cred *c, u32 *secid) */ static int smack_kernel_act_as(struct cred *new, u32 secid) { - struct task_smack *new_tsp = new->security; + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = smack_from_secid(secid); return 0; @@ -2101,7 +2100,7 @@ static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_smack *isp = inode->i_security; - struct task_smack *tsp = new->security; + struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; tsp->smk_task = tsp->smk_forked; @@ -2285,7 +2284,7 @@ static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smk_of_task(cred->security); + skp = smk_of_task(smack_cred(cred)); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; @@ -3612,7 +3611,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) */ static int smack_setprocattr(const char *name, void *value, size_t size) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; struct smack_known *skp; struct smack_known_list_elem *sklep; @@ -3653,7 +3652,7 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (new == NULL) return -ENOMEM; - tsp = new->security; + tsp = smack_cred(new); tsp->smk_task = skp; /* * process can change its label only once @@ -4298,7 +4297,7 @@ static void smack_inet_csk_clone(struct sock *sk, static int smack_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) { - struct smack_known *skp = smk_of_task(cred->security); + struct smack_known *skp = smk_of_task(smack_cred(cred)); key->security = skp; return 0; @@ -4329,7 +4328,7 @@ static int smack_key_permission(key_ref_t key_ref, { struct key *keyp; struct smk_audit_info ad; - struct smack_known *tkp = smk_of_task(cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(cred)); int request = 0; int rc; @@ -4598,7 +4597,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return -ENOMEM; } - tsp = new_creds->security; + tsp = smack_cred(new_creds); /* * Get label from overlay inode and set it in create_sid @@ -4626,8 +4625,8 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, const struct cred *old, struct cred *new) { - struct task_smack *otsp = old->security; - struct task_smack *ntsp = new->security; + struct task_smack *otsp = smack_cred(old); + struct task_smack *ntsp = smack_cred(new); struct inode_smack *isp; int may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 06b517075ec0..faf2ea3968b3 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2208,14 +2208,14 @@ static const struct file_operations smk_logging_ops = { static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2262,7 +2262,7 @@ static int smk_open_load_self(struct inode *inode, struct file *file) static ssize_t smk_write_load_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_FIXED24_FMT); @@ -2414,14 +2414,14 @@ static const struct file_operations smk_load2_ops = { static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2467,7 +2467,7 @@ static int smk_open_load_self2(struct inode *inode, struct file *file) static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_LONG_FMT); @@ -2681,14 +2681,14 @@ static const struct file_operations smk_syslog_ops = { static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_relabel); } static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_relabel); } @@ -2736,7 +2736,7 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file) static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char *data; int rc; LIST_HEAD(list_tmp); From patchwork Tue Dec 11 22:42:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725075 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1356C18A7 for ; Tue, 11 Dec 2018 22:45:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 017802B6AA for ; Tue, 11 Dec 2018 22:45:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EA0652B756; Tue, 11 Dec 2018 22:45:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 644F02B6AE for ; Tue, 11 Dec 2018 22:45:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726855AbeLKWpw (ORCPT ); Tue, 11 Dec 2018 17:45:52 -0500 Received: from sonic303-49.consmr.mail.ne1.yahoo.com ([66.163.188.175]:35272 "EHLO sonic303-49.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726851AbeLKWpw (ORCPT ); Tue, 11 Dec 2018 17:45:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568350; bh=2uARvLb1q2zznR0LcReH3B1TK7Gvxnoz0sP/IEti4Co=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=DvBHUxdliBud1jxIa/Gau/OMOqwgpw8V9+egdLDdkDMUV97rcp35JNaZHVatjYnc8iB/JTfKykxT5Xgygn+y0I4kr/zoy2lGo9C/oSyDTgX8iUMZKOvd2wElLJyrzqoKd5CcxlBFkXzRGJEDqwFo8MsoQMohxkGptVf++GZK9TJWmquVUconYg8CXLlBz/d+hxcK+HsPhAxfVH+Vnj8JFA9ceg1/c2BgnkGhVAe/xORZO+MKVCYsZfOVKgwHNUxDygIwspLMZn69Hg8/6b0K3zOgdLzVAm8x8elVY871p6sT9ULy1nbYcu5N4PY6+kNWM01vy0qowswQrQ3firtQGQ== X-YMail-OSG: 1nLngaAVM1lv9XJh24xR8UVSp9RDXBFEO7WpWmTEEDFytfok7lqUCRnIBG6kYUI QhvHTqPqoJQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:45:50 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:48 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 22/38] SELinux: Abstract use of cred security blob Date: Tue, 11 Dec 2018 14:42:58 -0800 Message-Id: <20181211224314.22412-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- security/selinux/hooks.c | 54 +++++++++++++++++++-------------------- security/selinux/include/objsec.h | 5 ++++ security/selinux/xfrm.c | 4 +-- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index edd5b8dd3e56..24b6b459fa2a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -225,7 +225,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -461,7 +461,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, @@ -480,7 +480,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -1951,7 +1951,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -1973,7 +1973,7 @@ static int may_create(struct inode *dir, if (rc) return rc; - rc = selinux_determine_inode_label(current_security(), dir, + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, &dentry->d_name, tclass, &newsid); if (rc) return rc; @@ -2480,8 +2480,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2645,7 +2645,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2688,7 +2688,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2991,7 +2991,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, u32 newsid; int rc; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); @@ -3011,14 +3011,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, int rc; struct task_security_struct *tsec; - rc = selinux_determine_inode_label(old->security, + rc = selinux_determine_inode_label(selinux_cred(old), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); if (rc) return rc; - tsec = new->security; + tsec = selinux_cred(new); tsec->create_sid = newsid; return 0; } @@ -3028,7 +3028,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 newsid, clen; int rc; @@ -3038,7 +3038,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, newsid = tsec->create_sid; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, qstr, inode_mode_to_security_class(inode->i_mode), &newsid); @@ -3500,7 +3500,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) return -ENOMEM; } - tsec = new_creds->security; + tsec = selinux_cred(new_creds); /* Get label from overlay inode and set it in create_sid */ selinux_inode_getsecid(d_inode(src), &sid); tsec->create_sid = sid; @@ -3920,7 +3920,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3940,7 +3940,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3955,8 +3955,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3972,7 +3972,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3997,7 +3997,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4546,7 +4546,7 @@ static int sock_has_perm(struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4566,7 +4566,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; u16 sclass = socket_type_to_security_class(family, type, protocol); @@ -5444,7 +5444,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(&selinux_state, @@ -6381,7 +6381,7 @@ static int selinux_getprocattr(struct task_struct *p, unsigned len; rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (current != p) { error = avc_has_perm(&selinux_state, @@ -6504,7 +6504,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -6633,7 +6633,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cc5e26b0161b..734b6833bdff 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -158,4 +158,9 @@ struct bpf_security_struct { u32 sid; /*SID of bpf obj creater*/ }; +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 91dc3783ed94..8ffe7e1053c4 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -138,7 +138,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0; From patchwork Tue Dec 11 22:42:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725079 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C316B1869 for ; Tue, 11 Dec 2018 22:46:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B3EF229FE9 for ; Tue, 11 Dec 2018 22:46:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A87AB2B6AA; Tue, 11 Dec 2018 22:46:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5292229FE9 for ; Tue, 11 Dec 2018 22:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726295AbeLKWnx (ORCPT ); Tue, 11 Dec 2018 17:43:53 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:42166 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726553AbeLKWnx (ORCPT ); Tue, 11 Dec 2018 17:43:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568231; bh=yzS41n1rCVRHChOBSSjNfES4FV7tKjQHrZu9+D9erQU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=UeX3hPoKqVD/YNQuBS8PHgMl5zaQDEJqy0q6m5QWgDOzRZDBd7QiX3mjvVy/7wR+uZh3ngZ7yU2BXXl7bxSZh2gJq+r8VHApWZWlw5bRpmhDY76LuSAMEd5xx+hZimH+GZ+KspZp2YrBoimByLaIqi59nQi3zflWM6P71D8nofPsPduxuxYa+DW3v0GVa8EIejjaDz8FM+TpGLufaO4lUkEapkZFkunujjYa0TyCEbcJbDwizEaXwPsBij8y87ZkeSxVwxGHTPbDP7EAueGQLLmGOfD2UDosFCkhIXXowZGXqaB1cgT2GYLdmYxtLx7TuFg8bJn/wlQHPZz5vVP6Rw== X-YMail-OSG: R.R8J4wVM1kHGFDRAkC59YJWoZP3nfRZMilZ24D_9Gqo94RD1cb7jqe2n.NPlLP _gg4RQaA6XXE0lKnoFjxHqRFapXHT1gVWCM7Ombddy9dOBkXnXUZfUuAPOyiWIXYbZvPRNRdBgqP WFo_cuZ9TPwY.AjLUsP8z4.xFIc12BOg.OYFRsyQ2aovskvQULOFzOT1xushjxuK1KuSCoS0McNN 58PnS2HhyuOw4SociF9MXeiJzQ3l6wQHJGU4pAZM4Lb9cGtTDQJuG5f.EjvQ.wKAdl27iGxwxD09 aBY0a3bXY1AjQHdPaVFweQpGCnpkj1to9EkvQg6KHcaiFMskGgKYCcxenUyGbui_6pP0cuwI366c cdJyK4Mx2rkVMZ_QoI215IgADJkgtWvHBwA0pJEdy7ONfuBozmyIgP1E6xjuEc0CCTXuFYE0LNJs uBeeKlGUpI45sIO.ChNpGkdTF517KdrcTtrr6a4JAlCJdJrE8KFgG22NFSITvan4F2UjIe3iP.J9 HQP1kD2RfpqlnAzpCyGbAq978AGDmQm2.4JlflPHeXptPmr1d9_8v80Sl8.iM3ogriUsuIB3r44Z Km7uSKVPa7IW6juQ4Da.ZHmb_VN3umpurSP6A7dbDxi7ZQWDYtdxGLcRJHNQbq.TxUh40HsujnNf Wa5mb1yBCVQxLL6i6Kd.hdntbE1JNL30FyNDPL23esBKV6cl6wzupgEm48mR8q79mt.K8OqJ94ni BRsRsnQUQ0BmlXPIQHM8p_DdW01IUAB79BAov5STMR62ujI_e7X_hkfq.iW0vQkG8fCm0FWT3o3n SnAN5iOkYctkVqd2.l1AWoCPU.4SEJ.wCpSEoPwkfBMKHuCBucO.XQHFKhKXCN_ptgfjB5ITG_f1 dVqQUzHSI8deCACV0WZnalq6R92LreJxMhlomAmEPgumdTNzKKbTggD3xa1KaknMFcJvamCX4ADp KT32j48jOs2UDOetdUF78wbWrPbiN.R8Kn5lry5hAAqrbOlXBE.UQ0_suEbuDBARl9jqksHGn2oJ rpl278XV3Y1oq6SXfMeZKw4BaKDrfeT_8CbnIiyt6e8OAAC5nnoHzuKdfblN6bLFmerWUfH_Bi4X lnxRbe2vLWQiCbQXmDy9XaKtWFdcLX6.pM1nrAg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:51 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:50 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 23/38] SELinux: Remove cred security blob poisoning Date: Tue, 11 Dec 2018 14:42:59 -0800 Message-Id: <20181211224314.22412-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SELinux specific credential poisioning only makes sense if SELinux is managing the credentials. As the intent of this patch set is to move the blob management out of the modules and into the infrastructure, the SELinux specific code has to go. The poisioning could be introduced into the infrastructure at some later date. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- kernel/cred.c | 13 ------------- security/selinux/hooks.c | 6 ------ 2 files changed, 19 deletions(-) diff --git a/kernel/cred.c b/kernel/cred.c index ecf03657e71c..fa2061ee4955 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred *cred) { if (cred->magic != CRED_MAGIC) return true; -#ifdef CONFIG_SECURITY_SELINUX - /* - * cred->security == NULL if security_cred_alloc_blank() or - * security_prepare_creds() returned an error. - */ - if (selinux_is_enabled() && cred->security) { - if ((unsigned long) cred->security < PAGE_SIZE) - return true; - if ((*(u32 *)cred->security & 0xffffff00) == - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) - return true; - } -#endif return false; } EXPORT_SYMBOL(creds_are_invalid); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 24b6b459fa2a..41b230d459a6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3922,12 +3922,6 @@ static void selinux_cred_free(struct cred *cred) { struct task_security_struct *tsec = selinux_cred(cred); - /* - * cred->security == NULL if security_cred_alloc_blank() or - * security_prepare_creds() returned an error. - */ - BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); - cred->security = (void *) 0x7UL; kfree(tsec); } From patchwork Tue Dec 11 22:43:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6E04691E for ; Tue, 11 Dec 2018 22:45:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5A98C2B6AA for ; Tue, 11 Dec 2018 22:45:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4EEE52B77F; Tue, 11 Dec 2018 22:45:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B2F222B6AA for ; Tue, 11 Dec 2018 22:45:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726639AbeLKWp2 (ORCPT ); Tue, 11 Dec 2018 17:45:28 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:41073 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726618AbeLKWn5 (ORCPT ); Tue, 11 Dec 2018 17:43:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568236; bh=mOH1jMGSjEQ/xFrT6GtLpC/r3huR+zGxEWp8FnuIDGw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=PGX9mJJI4/vTHrdbngVq7VqBk35AWpggqE2Xj3jhfaoHm8Cn39zSn1u8mR00WZydmRW0JDsCxAtsap1Rn8JXUR/lnImxKUhJrWb0ioUx6EawKvUorVrPtBEKuuocOTHyKzXu8oVEo0T0t5rA4WTmYkf14/cJFJci5Pzzmet3bhjUlRNzdh2aN3EWE9ZKNEoLAiicvFF5Vl/g/TgVzZDfmrNMc4/HRu/+aob5caUSyQPBPRyvIwN4vwn+5wiSEyLp0Hh1GLWYOnsR20HFkuLO0ZF8RDvh9i6ivX7qVAoTcatvRF+mDJ0mivm76u9MQ22s4gcqlZLWfSmuTa+RBMvGpg== X-YMail-OSG: Y08GeSMVM1lEc4O4lfpxZI.Exf0jvIhrm25hC4AmQIlReiW14TVtkmCRLBwk1nS kSCt7mAQtDCsLnqAk9hbbYyLDNo920fjTTajuJ8iUGeO.pv8tnn15wO.HjsRhB_B8Sxg6.QSd7yN oTPcHDDj0kFzvZ6pgDVJZRXrxiCJ3VTCHGgwQwbvsTm90lfsKJ3y.gTv.dWt74Vyyzv9VyXp8V5M lx9dE1d37UOTiU2qfGeTateL7SL5DPnVg1salqoK.OOMAjQwfYHG.PUORyGZS1we7IpjZ7n2j1u4 PxYAaimmr_LR08vaCKzNFuj_6YEYJo.6EjDzDef2QNLbzOeiOhc.GdN93HUBv90v99Q1mXMs7FOU v.wN3EPZs5dOiCzpxFaq.tbS75HcswiaadXB8TH6vcEvSGQlefTpCZ3JNOAv2ejMOHuC3wpG7kZ_ bJt4VJqS1IoI5lmc4xonHnK4miIJsctNqd3wgR2vg8NRk2tclfmeq7vQ4RhPLZkCreT1by97HhNg zVthn1d5KBFm2c.4j1BXuVzSooIgzksgN1z7GdUHB74gRoKobjaxUS75PEXE2xKYkt4ngDGrTYEQ rfJbY5FggyAgmaDWhDnUKHlxXez.ycbsEafbWSq3UKhFca94d.5fbkeaXeFwlJ3sp2Ixrfek48Tp HsD6iqbRHlAB2MrTcN7XrMsIoK0tm.pS_KmIASlyoeckqRzCvzFzWIn65fmqIGO0aRFeiZeGiheG RZ5kpgcEVyeCiMTIjNH73HHoyyrVdoii4CTVyqyfj0Hh0qcx4uJzL_3FHh1LYaVW5EnemWXBvP2m zaFX7xi6gR.Vk7CGQ38mvSn05UKTRX6d4fkFZ_YmnmnP09.h_5gwzz2gc13Zh4K5p2DLTBtUxzse p2YKCjtkdqKb2tkR0PignTneW3.fU.Y8vgMX_mqgiieISWj83OGhypRIS8VXMJIkZH4vP.zJN32u .h2x4l9G4k0Spg8U51hlU0X04dwp1SzejL5.yGcUinfb2VUsDOJ58_BpjL2dL.3CcXCmYPaKVSHR V_S_e8ZFT7MPs956TwfQfRB61Uuq03cxOiyGyj.aeSaNLv4CHsD3OO2Gkw9lfvSKfHYUHFI0VCeX F4lw1xRyWcv0G8JlA6RfL Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:56 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:51 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 24/38] SELinux: Remove unused selinux_is_enabled Date: Tue, 11 Dec 2018 14:43:00 -0800 Message-Id: <20181211224314.22412-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There are no longer users of selinux_is_enabled(). Remove it. As selinux_is_enabled() is the only reason for include/linux/selinux.h remove that as well. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- include/linux/cred.h | 1 - include/linux/selinux.h | 35 ----------------------------------- security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 ----------------------- security/selinux/hooks.c | 1 - security/selinux/include/audit.h | 3 --- security/selinux/ss/services.c | 1 - 7 files changed, 1 insertion(+), 65 deletions(-) delete mode 100644 include/linux/selinux.h delete mode 100644 security/selinux/exports.c diff --git a/include/linux/cred.h b/include/linux/cred.h index 7eed6101c791..2e715e202e6a 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -15,7 +15,6 @@ #include #include #include -#include #include #include #include diff --git a/include/linux/selinux.h b/include/linux/selinux.h deleted file mode 100644 index 44f459612690..000000000000 --- a/include/linux/selinux.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * SELinux services exported to the rest of the kernel. - * - * Author: James Morris - * - * Copyright (C) 2005 Red Hat, Inc., James Morris - * Copyright (C) 2006 Trusted Computer Solutions, Inc. - * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. - */ -#ifndef _LINUX_SELINUX_H -#define _LINUX_SELINUX_H - -struct selinux_audit_rule; -struct audit_context; -struct kern_ipc_perm; - -#ifdef CONFIG_SECURITY_SELINUX - -/** - * selinux_is_enabled - is SELinux enabled? - */ -bool selinux_is_enabled(void); -#else - -static inline bool selinux_is_enabled(void) -{ - return false; -} -#endif /* CONFIG_SECURITY_SELINUX */ - -#endif /* _LINUX_SELINUX_H */ diff --git a/security/selinux/Makefile b/security/selinux/Makefile index c7161f8792b2..ccf950409384 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -6,7 +6,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ - netnode.o netport.o ibpkey.o exports.o \ + netnode.o netport.o ibpkey.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o diff --git a/security/selinux/exports.c b/security/selinux/exports.c deleted file mode 100644 index e75dd94e2d2b..000000000000 --- a/security/selinux/exports.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SELinux services exported to the rest of the kernel. - * - * Author: James Morris - * - * Copyright (C) 2005 Red Hat, Inc., James Morris - * Copyright (C) 2006 Trusted Computer Solutions, Inc. - * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. - */ -#include -#include - -#include "security.h" - -bool selinux_is_enabled(void) -{ - return selinux_enabled; -} -EXPORT_SYMBOL_GPL(selinux_is_enabled); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 41b230d459a6..c82f11270de6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -79,7 +79,6 @@ #include #include #include -#include #include #include #include diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 1bdf973433cc..36e1d44c0209 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -1,9 +1,6 @@ /* * SELinux support for the Audit LSM hooks * - * Most of below header was moved from include/linux/selinux.h which - * is released under below copyrights: - * * Author: James Morris * * Copyright (C) 2005 Red Hat, Inc., James Morris diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 12e414394530..1a745e2f49a9 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -49,7 +49,6 @@ #include #include #include -#include #include #include #include From patchwork Tue Dec 11 22:43:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725069 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C4E911869 for ; Tue, 11 Dec 2018 22:45:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1B752B6AA for ; Tue, 11 Dec 2018 22:45:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A58CC2B756; Tue, 11 Dec 2018 22:45:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 434142B6AA for ; Tue, 11 Dec 2018 22:45:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726578AbeLKWpf (ORCPT ); Tue, 11 Dec 2018 17:45:35 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:37620 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726612AbeLKWn4 (ORCPT ); Tue, 11 Dec 2018 17:43:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568235; bh=OVmMPLMFIEQe7/xmXls0TKHgNoRAVpp7J85y53TwffI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=enHTj/9YELtIFEzwY3nxBncHZgDFGrJQ+s5H3kJSe8sX3IPdfgsbJ8gArf73UANTE21WKG3/pIw9tIXhCg8PeC2zaPau4x0lTXCHgGB6xiG7PVb7zFNGCuehgm/AIymNgn+Y8TC9/LVENDdjDj/A2UNeDMDwTIGJMH6cXkJrXfZm2/GLWvGV5K5JTso/6DxiC1KTyrecah79+K1XZfKrCSEtv/WPjf6WzHJ5c5aJbnQOPv+OpNkqj3WCZ2MhtXimuyHtZyCe1xXcxJq2091u15SgcqadG247BkX9B2C4PUG1ijt59tcpSusqiRvYNVk0uY9fy37FMjQcWB0AVHhPNA== X-YMail-OSG: phSwpIkVM1mrZPZppe1tOr8Uo.5TJPiS1o1EmiL.gu0.owdo9SApHQHNUehHmXg hkzutMBOO3.upVX8SidomT5WFsnQ2eUKH3NPGNjM0EVRvrwZmrobU6vdKIWJfCmtWOV50GubAxAX CyYgHkn5k5qkTva1MHa3Fnredlg70FMxktrJ4cOO3Dw430zuxDwgF4DCWU._5QVQyNIziurJnks6 g4fmI6WKfYLvBs76Bd9CXbuFtuqfyHIxio4BLy1uxaeCiTxL6oaDdBSXt6.R0i.rpJrlKH6DMKdx T1C8f2jVrI3xijpDj4Be4yj63vFs9X5yxZYquAloyxy20Bj6L3VS1KPEa6ThWsDeGZQuOHrHA7le gznCpQ9R1Y2ku0SVV9x9p5tzqPtzhfWUtqAWj5kQp2DWmpOhG6t1u.6SCbdRh0m6EatcqLp3gB6J BMezrONMSqMUHdARqrisvorLKHdfGpsxfICCW3HbkExmcGUnYkk6GT7vEWJlHBA_vO55ngmGiLsp Br1AWsNNJjVx8JAtN66awt2cJZxSlKVUO0jWxJkI7zZFcYTq7eKJL9u9AZ0l8M22LdLj9iaWVl5X DhyijW_dch5hfUR.rMI8auY9VaAqg6Y4eTPJe.jv1c4lM3LodNo62.xutQlvmXSG2H6tXeobX6rD TtTrvAnzkyy8owau.yzgjI6O8Qo5gb748M3d.5S8zcsAldtdwH5Y5FdfXCuY0beDCcYiXrCgOuGv RvZ1OruXnEaySp93e0ND_zKOBfG5UAKYyo9A5ML4zFzv8W_L7z966.iULDvnohPXTNZ4Kp5h4TCJ iKkHbqGU7aLdKyLW9_J_v2kaKDAglNMDa30ozHcMOMi68hann0qUPV_YpUvITkJYNIVz2HtX_I4_ eFBJXE55Qt8JUCto4F9zkalwL_sLvLjPeGbdBzz9QitS8LCTB1.D9ngEJidG3cEWSTJH9zOWJnFO EKAE0BQeCe0KoHusNVnsYMdiWwCqUALbq1vIBfb_QIY3fG2bMEKSy5dmoxVJCcoKDDgTvWni9_xS zO3y0NTWzSccb59AI36_mB7Z4paNduLA7P0h.DUUFh5UJ0xkLIrJ8Ql4OSC4u1YphhNV0PIqI1WQ 5BehD6RDMXulRalwzyodBDccfstDqoxHuR.vwsQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:55 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:52 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 25/38] AppArmor: Abstract use of cred security blob Date: Tue, 11 Dec 2018 14:43:01 -0800 Message-Id: <20181211224314.22412-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 16 +++++++++++++++- security/apparmor/lsm.c | 10 +++++----- security/apparmor/task.c | 6 +++--- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 08c88de0ffda..726910bba84b 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -975,7 +975,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) } aa_put_label(cred_label(bprm->cred)); /* transfer reference, released when cred is freed */ - cred_label(bprm->cred) = new; + set_cred_label(bprm->cred, new); done: aa_put_label(label); diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index 265ae6641a06..a757370f2a0c 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h @@ -23,8 +23,22 @@ #include "policy_ns.h" #include "task.h" -#define cred_label(X) ((X)->security) +static inline struct aa_label *cred_label(const struct cred *cred) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + return *blob; +} +static inline void set_cred_label(const struct cred *cred, + struct aa_label *label) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + *blob = label; +} /** * aa_cred_raw_label - obtain cred's label diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index e8b40008d58c..803ec0a63d87 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -59,7 +59,7 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers); static void apparmor_cred_free(struct cred *cred) { aa_put_label(cred_label(cred)); - cred_label(cred) = NULL; + set_cred_label(cred, NULL); } /* @@ -67,7 +67,7 @@ static void apparmor_cred_free(struct cred *cred) */ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) { - cred_label(cred) = NULL; + set_cred_label(cred, NULL); return 0; } @@ -77,7 +77,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) static int apparmor_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); return 0; } @@ -86,7 +86,7 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old, */ static void apparmor_cred_transfer(struct cred *new, const struct cred *old) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); } static void apparmor_task_free(struct task_struct *task) @@ -1484,7 +1484,7 @@ static int __init set_init_ctx(void) if (!ctx) return -ENOMEM; - cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); + set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); task_ctx(current) = ctx; return 0; diff --git a/security/apparmor/task.c b/security/apparmor/task.c index c6b78a14da91..4551110f0496 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_label *label) */ aa_get_label(label); aa_put_label(cred_label(new)); - cred_label(new) = label; + set_cred_label(new, label); commit_creds(new); return 0; @@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token) return -EACCES; } - cred_label(new) = aa_get_newest_label(label); + set_cred_label(new, aa_get_newest_label(label)); /* clear exec on switching context */ aa_put_label(ctx->onexec); ctx->onexec = NULL; @@ -172,7 +172,7 @@ int aa_restore_previous_label(u64 token) return -ENOMEM; aa_put_label(cred_label(new)); - cred_label(new) = aa_get_newest_label(ctx->previous); + set_cred_label(new, aa_get_newest_label(ctx->previous)); AA_BUG(!cred_label(new)); /* clear exec && prev information when restoring to previous context */ aa_clear_task_ctx_trans(ctx); From patchwork Tue Dec 11 22:43:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725065 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8B61D91E for ; Tue, 11 Dec 2018 22:45:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B4BF2B6AA for ; Tue, 11 Dec 2018 22:45:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6D5C82B771; Tue, 11 Dec 2018 22:45:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF0D02B6AA for ; Tue, 11 Dec 2018 22:45:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726663AbeLKWpg (ORCPT ); Tue, 11 Dec 2018 17:45:36 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:41619 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726616AbeLKWn4 (ORCPT ); Tue, 11 Dec 2018 17:43:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568235; bh=qNf9MfBwO3Sxe+oX3dUWwfB5aAArEZsPKtpkBR2iPAk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=J6TdxglZ23LWVnsb9os+ZsxNGJHJ3Jg/eNok0RNaMdqQAKskWwVp2RwCyEovB+iUFTf8QpuZu2EJ9/e/07+eYW5AhRGmbX07DdeybVSSX9OzrlK/2JkznD1jQ1TovJ2VynkhYEOJuJd4J5HMkzkLCUwj8uVGkH7yeVsPxlSL3Jn1hs9LTzaFvYIYeHM2MjvVNl4m3oruPz+3ljvNaqYxPWSxwFMRxY/d0egb9D14A0VPW7F0MzJStnuj1+AdcmSv2IgNtJsbyKej4eEaIsazJKD9U7m/J4nrVs3GpnCqi0/QMu1keEH9SACIAtfZrM7B91/Pv/VjtNXl6ocoxsg5Mg== X-YMail-OSG: isdzqoAVM1nPgJj8NQv55IYqJGvjmZjVM2UmLdGpuMbmznUqho4FhyDbdjgzQib vdQE350aURYbuQe9dhgesBucY6ccFwcVsD9BFA2U9XsafaYplFFYZtDgXAtiCsnmIWPGDDd15WPK 5lXKY1CIq2b6HmacN7iQl8h11C8rufv9sGN_pmpO9yE3n5avDO.VChq6.ffT.LqfHf3L1pnmlM87 Zb6N1FvlyrvSYDliJThjLSBW0t1cMxo1JRNPJEmvPxpaL6OmctzFcRtGsh007Xw1zwDFcMvM77lk pMi06gnO0nPp3XT7s961ksOQrhODdDVTPBjieRV80OCqqNNcSJ.PUVygF_uS5ZL6ZMhJFcSHBM92 g.9E1t_9rPr1A2k72IVenq0SlqOnGKlZcbNM_SgawpQqbBCvf4_U.seE0rkW2QdPKlue7omSd2IQ wQRLIv_MLspTXbMfX6O3GHMnEFN5GHalrQScvKLNDfisXTF34K.G50hKt2fCNiEdnhh3As3B5W1p 8YCCAyNZJCntVporyUUpB8CDaatSN69cZ4huxu0hDH6QSwzYRRcy.eRxfFa4ST4xr.cyDzolCt5m e3J4nHoQ.UWTqjdQY1OvMm1gnQlO4Fg0skpfXOes4yjjuyA9y8voceisEbGdYTzaKJUUbUXNMKw5 493dkbqRXegIDxIiVmYwFVp.JRP2zfz_KOwDQwD1u9ymUo5gY5thD4johxGEUAKSeSdEsayYQh83 MJXaZWy167gkbzXu7Q2PUQ_tgbqWNpEcMgKoZsXmD2rmoIFaF6nWD9aHaiQ08nPQhq_FS834dvVs ryJ3pft3qLZo81zB4Wkf8Fed6a0np4b5RUDQkUXjWMsqT.hBqeMVGKZEuMCr2_Y_0y2bA93tWlEY TlHTgBkPxflN5IETM7wMIXTRuGNyV_M2y77JtQ0ZR.LCNZto73cvt7LvSuWXTJjagdY6V50QuKTf psYmYyLERKX0tUmlZjgyRgPY9Om5qfCvY27aiqXuZKIv6tOlJhtksdLNdWRgdRjEji0g_oHg9jnK 8zQ_ZGIMoYvaAatb92WI9rEGZwZl3_gfPtXwk53kQBn8B5.C66sS_apRenLCUUpI0xLa4wY4N7sX VPp.qBFbTtYSIfI0km3BgP1nHT8louIeXMWNmUbfHp8s- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:55 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:53 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 26/38] TOMOYO: Abstract use of cred security blob Date: Tue, 11 Dec 2018 14:43:02 -0800 Message-Id: <20181211224314.22412-27-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide helper functions that provide the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- security/tomoyo/common.h | 21 +++++++++++++++++++-- security/tomoyo/domain.c | 4 +++- security/tomoyo/securityfs_if.c | 15 +++++++++++---- security/tomoyo/tomoyo.c | 40 +++++++++++++++++++++++++++++++--------- 4 files changed, 64 insertions(+), 16 deletions(-) diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 539bcdd30bb8..41898613d93b 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -1062,6 +1063,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, /********** External variable definitions. **********/ extern bool tomoyo_policy_loaded; +extern int tomoyo_enabled; extern const char * const tomoyo_condition_keyword [TOMOYO_MAX_CONDITION_KEYWORD]; extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; @@ -1196,6 +1198,17 @@ static inline void tomoyo_put_group(struct tomoyo_group *group) atomic_dec(&group->head.users); } +/** + * tomoyo_cred - Get a pointer to the tomoyo cred security blob + * @cred - the relevant cred + * + * Returns pointer to the tomoyo cred blob. + */ +static inline struct tomoyo_domain_info **tomoyo_cred(const struct cred *cred) +{ + return (struct tomoyo_domain_info **)&cred->security; +} + /** * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. * @@ -1203,7 +1216,9 @@ static inline void tomoyo_put_group(struct tomoyo_group *group) */ static inline struct tomoyo_domain_info *tomoyo_domain(void) { - return current_cred()->security; + struct tomoyo_domain_info **blob = tomoyo_cred(current_cred()); + + return *blob; } /** @@ -1216,7 +1231,9 @@ static inline struct tomoyo_domain_info *tomoyo_domain(void) static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct *task) { - return task_cred_xxx(task, security); + struct tomoyo_domain_info **blob = tomoyo_cred(get_task_cred(task)); + + return *blob; } /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index f6758dad981f..b7469fdbff01 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -678,6 +678,7 @@ static int tomoyo_environ(struct tomoyo_execve *ee) */ int tomoyo_find_next_domain(struct linux_binprm *bprm) { + struct tomoyo_domain_info **blob; struct tomoyo_domain_info *old_domain = tomoyo_domain(); struct tomoyo_domain_info *domain = NULL; const char *original_name = bprm->filename; @@ -843,7 +844,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) domain = old_domain; /* Update reference count on "struct tomoyo_domain_info". */ atomic_inc(&domain->users); - bprm->cred->security = domain; + blob = tomoyo_cred(bprm->cred); + *blob = domain; kfree(exename.name); if (!retval) { ee->r.domain = domain; diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 1d3d7e7a1f05..768dff9608b1 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -71,9 +71,12 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, if (!cred) { error = -ENOMEM; } else { - struct tomoyo_domain_info *old_domain = - cred->security; - cred->security = new_domain; + struct tomoyo_domain_info **blob; + struct tomoyo_domain_info *old_domain; + + blob = tomoyo_cred(cred); + old_domain = *blob; + *blob = new_domain; atomic_inc(&new_domain->users); atomic_dec(&old_domain->users); commit_creds(cred); @@ -234,10 +237,14 @@ static void __init tomoyo_create_entry(const char *name, const umode_t mode, */ static int __init tomoyo_initerface_init(void) { + struct tomoyo_domain_info *domain; struct dentry *tomoyo_dir; + if (!tomoyo_enabled) + return 0; + domain = tomoyo_domain(); /* Don't create securityfs entries unless registered. */ - if (current_cred()->security != &tomoyo_kernel_domain) + if (domain != &tomoyo_kernel_domain) return 0; tomoyo_dir = securityfs_create_dir("tomoyo", NULL); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index daff7d7897ad..15864307925d 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -18,7 +18,9 @@ */ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) { - new->security = NULL; + struct tomoyo_domain_info **blob = tomoyo_cred(new); + + *blob = NULL; return 0; } @@ -34,8 +36,13 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct tomoyo_domain_info *domain = old->security; - new->security = domain; + struct tomoyo_domain_info **old_blob = tomoyo_cred(old); + struct tomoyo_domain_info **new_blob = tomoyo_cred(new); + struct tomoyo_domain_info *domain; + + domain = *old_blob; + *new_blob = domain; + if (domain) atomic_inc(&domain->users); return 0; @@ -59,7 +66,9 @@ static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) */ static void tomoyo_cred_free(struct cred *cred) { - struct tomoyo_domain_info *domain = cred->security; + struct tomoyo_domain_info **blob = tomoyo_cred(cred); + struct tomoyo_domain_info *domain = *blob; + if (domain) atomic_dec(&domain->users); } @@ -73,6 +82,9 @@ static void tomoyo_cred_free(struct cred *cred) */ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) { + struct tomoyo_domain_info **blob; + struct tomoyo_domain_info *domain; + /* * Do only if this function is called for the first time of an execve * operation. @@ -93,13 +105,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) * stored inside "bprm->cred->security" will be acquired later inside * tomoyo_find_next_domain(). */ - atomic_dec(&((struct tomoyo_domain_info *) - bprm->cred->security)->users); + blob = tomoyo_cred(bprm->cred); + domain = *blob; + atomic_dec(&domain->users); /* * Tell tomoyo_bprm_check_security() is called for the first time of an * execve operation. */ - bprm->cred->security = NULL; + *blob = NULL; return 0; } @@ -112,8 +125,11 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) */ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) { - struct tomoyo_domain_info *domain = bprm->cred->security; + struct tomoyo_domain_info **blob; + struct tomoyo_domain_info *domain; + blob = tomoyo_cred(bprm->cred); + domain = *blob; /* * Execute permission is checked against pathname passed to do_execve() * using current domain. @@ -531,6 +547,8 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = { /* Lock for GC. */ DEFINE_SRCU(tomoyo_ss); +int tomoyo_enabled __lsm_ro_after_init = 1; + /** * tomoyo_init - Register TOMOYO Linux as a LSM module. * @@ -539,17 +557,21 @@ DEFINE_SRCU(tomoyo_ss); static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); + struct tomoyo_domain_info **blob; /* register ourselves with the security framework */ security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); printk(KERN_INFO "TOMOYO Linux initialized\n"); - cred->security = &tomoyo_kernel_domain; + blob = tomoyo_cred(cred); + *blob = &tomoyo_kernel_domain; tomoyo_mm_init(); + return 0; } DEFINE_LSM(tomoyo) = { .name = "tomoyo", + .enabled = &tomoyo_enabled, .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .init = tomoyo_init, }; From patchwork Tue Dec 11 22:43:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725063 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F17B91E for ; Tue, 11 Dec 2018 22:45:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 500532B6AA for ; Tue, 11 Dec 2018 22:45:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 432E02B6AE; Tue, 11 Dec 2018 22:45:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 097F12B756 for ; Tue, 11 Dec 2018 22:45:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726476AbeLKWp2 (ORCPT ); Tue, 11 Dec 2018 17:45:28 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:35881 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726605AbeLKWn5 (ORCPT ); Tue, 11 Dec 2018 17:43:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568235; bh=E8dB7le//TQ04tA/XXun+XOH+E4VnMacimoj3DTyvwQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=i+xL2vt7n+0YmOnGT6rY+QhNl7b8PpmOQljArKkgYGcVx3bRZVlZvzZ8canHpBSGNK9Ud43pXRYVleCIvXMzt4axJ8LO2FzEDxjdRLmthsmpXq05QRIVxlT5C8n9nwJxyGd9NP7Z54JUzPaWVNu0KpXEA9mQ6G4EmgRoi1ClZ3HU8cQ0zSzcekINHj4zk8nbNGil1mDEuL9+kpZon9jYtpVGwC6HQlf3W8Lk2DVIQ6cyr9OXFdjnfuCntztzVDxUUUh8YWxj4IfYfVmgsYyy0SNsnZxz8zjZsv/gDrccFds7hgl7So/aT2wLCH5U/Cxp4Vsm0i0KtsQoTtQeiI+rXQ== X-YMail-OSG: O.k4rj4VM1k.d5C.EOXuAhUu2zfs0l74Fb8D9uBXRt7WI8PrI8EgBO61RWuwRqG 1numN3UBqljOt4jRn9xqZWt1wXvzIAts7t4LGA.FY76LrZ_C3zuxL2A7q75TP853adjnbwnpgjba Q8ZqnYCE7uxptZeW2_PqtAZ4RvXBvFnIc_D.z5nYtAFa7njPduF8jL4c_M81m1Vs2uYdyiL_UPpv MVckeziZdOwBtMD5t_KyvbFqDCk7RcaOy53CjbiKJIovg6BH8fmH74PDHkQc4GTTigqaib0ivru2 n6zrMLaTBFeZ86mOkWu4JgU63Fdb_q20PpN.Q2xcfh9WpsxKTmvwWBDr6Oc_olf.hYVq6lSVKTVl o.9T2npJ_hoikNMRqMMKVRwYKuf7TyFbR23SiZtPRGRNQNrWWOMmTFR7D_clbzmCZ4sZALzr.CQU ZJY1mfEBWYRzUUkQQByGLF0gcz4nz2by0sXY6S7Yk4WDPQFhd4J88.txKKnUG5JF7rK8nNVHZUhA dGui86_b8pzcpZPD.keZKMZsLgC9ZkBOL5r_aco1jsMBoGzk5CVZFRzeA7h5RtAIM7ls8EIg5IXA m2UGkejOYy8zBfs9RLETyTxSvrsu8ga1UPv_E6YGBsldj6H9b.TyFVblmx_HamK5DtQ3.4Wp8C0g gpZTFk6Eknc_qEu3LKcSy6g7d8Vjn6JlR0mGs85UPK1XW3QO6VI2mJZi7QbyT3MNzGhdyu1Pn.gL X9GCJ8zqsVV3FxaAIUzrJCd2G_rDGKNIO37zhGWoYeQN77B4KLs_.tupvU.coH3coqqcCFjTls1d a15GurjlJiWKUbvLLJkbJyBR6dcUjQEThLZXw6g1Jez11p8u7yBdKbdmyU2.HmGYMTjY9thzGhEn s3a8hBPNo5JxXOoOlec0yKAgJItcTIRXVey7eXTJivW91mhwIMoYbHqwxg9Dku6agVVzgnhoalV0 VWftcrRcQ_1r6CiT6Bk6zBxuMAf380RRqqcH3bGVwvrgMZFxXMm1M5WspGdVjGYX4mK4puSgVe1Q nrzrI.67reXSWM6KLv779jcK6AGfEfwUU5ULc2wo1qyoSJz_uk.yuASiDGYXADGtSm00ngP_2acz 207yFE.Pf2zXO.hOECH.3tVbCL77SpWa_P0dMyQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:43:55 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:54 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 27/38] Infrastructure management of the cred security blob Date: Tue, 11 Dec 2018 14:43:03 -0800 Message-Id: <20181211224314.22412-28-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 12 ++++++ security/apparmor/include/cred.h | 4 +- security/apparmor/include/lib.h | 4 ++ security/apparmor/lsm.c | 9 ++++ security/security.c | 89 ++++++++++++++++++++++++++++++++++++++- security/selinux/hooks.c | 51 +++++----------------- security/selinux/include/objsec.h | 4 +- security/smack/smack.h | 3 +- security/smack/smack_lsm.c | 79 +++++++++++----------------------- security/tomoyo/common.h | 3 +- security/tomoyo/tomoyo.c | 6 +++ 11 files changed, 162 insertions(+), 102 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 15fc49ee41a1..c9458280214e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2024,6 +2024,13 @@ struct security_hook_list { char *lsm; } __randomize_layout; +/* + * Security blob size or offset data. + */ +struct lsm_blob_sizes { + int lbs_cred; +}; + /* * Initializing a security_hook_list structure takes * up a lot of space in a source file. This macro takes @@ -2053,6 +2060,7 @@ struct lsm_info { unsigned long flags; /* Optional: flags describing LSM */ int *enabled; /* Optional: controlled by CONFIG_LSM */ int (*init)(void); /* Required. */ + struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ }; extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; @@ -2092,4 +2100,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ +#ifdef CONFIG_SECURITY +void __init lsm_early_cred(struct cred *cred); +#endif + #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index a757370f2a0c..b9504a05fddc 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h @@ -25,7 +25,7 @@ static inline struct aa_label *cred_label(const struct cred *cred) { - struct aa_label **blob = cred->security; + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; AA_BUG(!blob); return *blob; @@ -34,7 +34,7 @@ static inline struct aa_label *cred_label(const struct cred *cred) static inline void set_cred_label(const struct cred *cred, struct aa_label *label) { - struct aa_label **blob = cred->security; + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; AA_BUG(!blob); *blob = label; diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h index 6505e1ad9e23..bbe9b384d71d 100644 --- a/security/apparmor/include/lib.h +++ b/security/apparmor/include/lib.h @@ -16,6 +16,7 @@ #include #include +#include #include "match.h" @@ -55,6 +56,9 @@ const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, size_t *ns_len); void aa_info_message(const char *str); +/* Security blob offsets */ +extern struct lsm_blob_sizes apparmor_blob_sizes; + /** * aa_strneq - compare null terminated @str to a non null terminated substring * @str: a null terminated string diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 803ec0a63d87..70669e676212 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1150,6 +1150,13 @@ static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb, } #endif +/* + * The cred blob is a pointer to, not an instance of, an aa_task_ctx. + */ +struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { + .lbs_cred = sizeof(struct aa_task_ctx *), +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1484,6 +1491,7 @@ static int __init set_init_ctx(void) if (!ctx) return -ENOMEM; + lsm_early_cred(cred); set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); task_ctx(current) = ctx; @@ -1724,5 +1732,6 @@ DEFINE_LSM(apparmor) = { .name = "apparmor", .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &apparmor_enabled, + .blobs = &apparmor_blob_sizes, .init = apparmor_init, }; diff --git a/security/security.c b/security/security.c index 81ff6a71e78e..c49d4a18c75f 100644 --- a/security/security.c +++ b/security/security.c @@ -41,6 +41,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); char *lsm_names; +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; static __initdata const char *chosen_major_lsm; @@ -139,6 +141,25 @@ static bool __init lsm_allowed(struct lsm_info *lsm) return true; } +static void __init lsm_set_blob_size(int *need, int *lbs) +{ + int offset; + + if (*need > 0) { + offset = *lbs; + *lbs += *need; + *need = offset; + } +} + +static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) +{ + if (!needed) + return; + + lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); +} + /* Prepare LSM for initialization. */ static void __init prepare_lsm(struct lsm_info *lsm) { @@ -153,6 +174,8 @@ static void __init prepare_lsm(struct lsm_info *lsm) exclusive = lsm; init_debug("exclusive chosen: %s\n", lsm->name); } + + lsm_set_blob_sizes(lsm->blobs); } } @@ -255,6 +278,8 @@ static void __init ordered_lsm_init(void) for (lsm = ordered_lsms; *lsm; lsm++) prepare_lsm(*lsm); + init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); + for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); @@ -382,6 +407,47 @@ int unregister_lsm_notifier(struct notifier_block *nb) } EXPORT_SYMBOL(unregister_lsm_notifier); +/** + * lsm_cred_alloc - allocate a composite cred blob + * @cred: the cred that needs a blob + * @gfp: allocation type + * + * Allocate the cred blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) +{ + if (blob_sizes.lbs_cred == 0) { + cred->security = NULL; + return 0; + } + + cred->security = kzalloc(blob_sizes.lbs_cred, gfp); + if (cred->security == NULL) + return -ENOMEM; + return 0; +} + +/** + * lsm_early_cred - during initialization allocate a composite cred blob + * @cred: the cred that needs a blob + * + * Allocate the cred blob for all the modules if it's not already there + */ +void __init lsm_early_cred(struct cred *cred) +{ + int rc; + + if (cred == NULL) + panic("%s: NULL cred.\n", __func__); + if (cred->security != NULL) + return; + rc = lsm_cred_alloc(cred, GFP_KERNEL); + if (rc) + panic("%s: Early cred alloc failed.\n", __func__); +} + /* * Hook list operation macros. * @@ -1182,17 +1248,36 @@ void security_task_free(struct task_struct *task) int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) { - return call_int_hook(cred_alloc_blank, 0, cred, gfp); + int rc = lsm_cred_alloc(cred, gfp); + + if (rc) + return rc; + + rc = call_int_hook(cred_alloc_blank, 0, cred, gfp); + if (rc) + security_cred_free(cred); + return rc; } void security_cred_free(struct cred *cred) { call_void_hook(cred_free, cred); + + kfree(cred->security); + cred->security = NULL; } int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) { - return call_int_hook(cred_prepare, 0, new, old, gfp); + int rc = lsm_cred_alloc(new, gfp); + + if (rc) + return rc; + + rc = call_int_hook(cred_prepare, 0, new, old, gfp); + if (rc) + security_cred_free(new); + return rc; } void security_transfer_creds(struct cred *new, const struct cred *old) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c82f11270de6..ac6d8a2d00f1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -209,12 +209,9 @@ static void cred_init_security(void) struct cred *cred = (struct cred *) current->real_cred; struct task_security_struct *tsec; - tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); - if (!tsec) - panic("SELinux: Failed to initialize initial task.\n"); - + lsm_early_cred(cred); + tsec = selinux_cred(cred); tsec->osid = tsec->sid = SECINITSID_KERNEL; - cred->security = tsec; } /* @@ -3899,47 +3896,16 @@ static int selinux_task_alloc(struct task_struct *task, sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); } -/* - * allocate the SELinux part of blank credentials - */ -static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) -{ - struct task_security_struct *tsec; - - tsec = kzalloc(sizeof(struct task_security_struct), gfp); - if (!tsec) - return -ENOMEM; - - cred->security = tsec; - return 0; -} - -/* - * detach and free the LSM part of a set of credentials - */ -static void selinux_cred_free(struct cred *cred) -{ - struct task_security_struct *tsec = selinux_cred(cred); - - kfree(tsec); -} - /* * prepare a new set of credentials for modification */ static int selinux_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - const struct task_security_struct *old_tsec; - struct task_security_struct *tsec; - - old_tsec = selinux_cred(old); - - tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); - if (!tsec) - return -ENOMEM; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); - new->security = tsec; + *tsec = *old_tsec; return 0; } @@ -6889,6 +6855,10 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) } #endif +struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { + .lbs_cred = sizeof(struct task_security_struct), +}; + static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), @@ -6971,8 +6941,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_open, selinux_file_open), LSM_HOOK_INIT(task_alloc, selinux_task_alloc), - LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), - LSM_HOOK_INIT(cred_free, selinux_cred_free), LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), @@ -7191,6 +7159,7 @@ DEFINE_LSM(selinux) = { .name = "selinux", .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &selinux_enabled, + .blobs = &selinux_blob_sizes, .init = selinux_init, }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 734b6833bdff..c2974b031d05 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -25,6 +25,7 @@ #include #include #include +#include #include #include "flask.h" #include "avc.h" @@ -158,9 +159,10 @@ struct bpf_security_struct { u32 sid; /*SID of bpf obj creater*/ }; +extern struct lsm_blob_sizes selinux_blob_sizes; static inline struct task_security_struct *selinux_cred(const struct cred *cred) { - return cred->security; + return cred->security + selinux_blob_sizes.lbs_cred; } #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/smack/smack.h b/security/smack/smack.h index 01a922856eba..b27eb252e953 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -336,6 +336,7 @@ extern struct smack_known *smack_syslog_label; extern struct smack_known *smack_unconfined; #endif extern int smack_ptrace_rule; +extern struct lsm_blob_sizes smack_blob_sizes; extern struct smack_known smack_known_floor; extern struct smack_known smack_known_hat; @@ -358,7 +359,7 @@ extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; static inline struct task_smack *smack_cred(const struct cred *cred) { - return cred->security; + return cred->security + smack_blob_sizes.lbs_cred; } /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f34117b8c3be..459f7d523ca6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -309,29 +309,20 @@ static struct inode_smack *new_inode_smack(struct smack_known *skp) } /** - * new_task_smack - allocate a task security blob + * init_task_smack - initialize a task security blob + * @tsp: blob to initialize * @task: a pointer to the Smack label for the running task * @forked: a pointer to the Smack label for the forked task - * @gfp: type of the memory for the allocation * - * Returns the new blob or NULL if there's no memory available */ -static struct task_smack *new_task_smack(struct smack_known *task, - struct smack_known *forked, gfp_t gfp) +static void init_task_smack(struct task_smack *tsp, struct smack_known *task, + struct smack_known *forked) { - struct task_smack *tsp; - - tsp = kzalloc(sizeof(struct task_smack), gfp); - if (tsp == NULL) - return NULL; - tsp->smk_task = task; tsp->smk_forked = forked; INIT_LIST_HEAD(&tsp->smk_rules); INIT_LIST_HEAD(&tsp->smk_relabel); mutex_init(&tsp->smk_rules_lock); - - return tsp; } /** @@ -1965,14 +1956,7 @@ static int smack_file_open(struct file *file) */ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) { - struct task_smack *tsp; - - tsp = new_task_smack(NULL, NULL, gfp); - if (tsp == NULL) - return -ENOMEM; - - cred->security = tsp; - + init_task_smack(smack_cred(cred), NULL, NULL); return 0; } @@ -1989,10 +1973,6 @@ static void smack_cred_free(struct cred *cred) struct list_head *l; struct list_head *n; - if (tsp == NULL) - return; - cred->security = NULL; - smk_destroy_label_list(&tsp->smk_relabel); list_for_each_safe(l, n, &tsp->smk_rules) { @@ -2000,7 +1980,6 @@ static void smack_cred_free(struct cred *cred) list_del(&rp->list); kfree(rp); } - kfree(tsp); } /** @@ -2015,14 +1994,10 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { struct task_smack *old_tsp = smack_cred(old); - struct task_smack *new_tsp; + struct task_smack *new_tsp = smack_cred(new); int rc; - new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); - if (new_tsp == NULL) - return -ENOMEM; - - new->security = new_tsp; + init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); if (rc != 0) @@ -2030,10 +2005,7 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, gfp); - if (rc != 0) - return rc; - - return 0; + return rc; } /** @@ -4659,6 +4631,10 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, return 0; } +struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { + .lbs_cred = sizeof(struct task_smack), +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4837,20 +4813,25 @@ static __init void init_smack_known_list(void) */ static __init int smack_init(void) { - struct cred *cred; + struct cred *cred = (struct cred *) current->cred; struct task_smack *tsp; smack_inode_cache = KMEM_CACHE(inode_smack, 0); if (!smack_inode_cache) return -ENOMEM; - tsp = new_task_smack(&smack_known_floor, &smack_known_floor, - GFP_KERNEL); - if (tsp == NULL) { - kmem_cache_destroy(smack_inode_cache); - return -ENOMEM; - } + lsm_early_cred(cred); + /* + * Set the security state for the initial task. + */ + tsp = smack_cred(cred); + init_task_smack(tsp, &smack_known_floor, &smack_known_floor); + + /* + * Register with LSM + */ + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); smack_enabled = 1; pr_info("Smack: Initializing.\n"); @@ -4864,20 +4845,9 @@ static __init int smack_init(void) pr_info("Smack: IPv6 Netfilter enabled.\n"); #endif - /* - * Set the security state for the initial task. - */ - cred = (struct cred *) current->cred; - cred->security = tsp; - /* initialize the smack_known_list */ init_smack_known_list(); - /* - * Register with LSM - */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); - return 0; } @@ -4888,5 +4858,6 @@ static __init int smack_init(void) DEFINE_LSM(smack) = { .name = "smack", .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .blobs = &smack_blob_sizes, .init = smack_init, }; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 41898613d93b..4fc17294a12d 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -1087,6 +1087,7 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; +extern struct lsm_blob_sizes tomoyo_blob_sizes; /********** Inlined functions. **********/ @@ -1206,7 +1207,7 @@ static inline void tomoyo_put_group(struct tomoyo_group *group) */ static inline struct tomoyo_domain_info **tomoyo_cred(const struct cred *cred) { - return (struct tomoyo_domain_info **)&cred->security; + return cred->security + tomoyo_blob_sizes.lbs_cred; } /** diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 15864307925d..9094cf41a247 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -509,6 +509,10 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, return tomoyo_socket_sendmsg_permission(sock, msg, size); } +struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = { + .lbs_cred = sizeof(struct tomoyo_domain_info *), +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -562,6 +566,7 @@ static int __init tomoyo_init(void) /* register ourselves with the security framework */ security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); printk(KERN_INFO "TOMOYO Linux initialized\n"); + lsm_early_cred(cred); blob = tomoyo_cred(cred); *blob = &tomoyo_kernel_domain; tomoyo_mm_init(); @@ -573,5 +578,6 @@ DEFINE_LSM(tomoyo) = { .name = "tomoyo", .enabled = &tomoyo_enabled, .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .blobs = &tomoyo_blob_sizes, .init = tomoyo_init, }; From patchwork Tue Dec 11 22:43:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725049 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F4EA91E for ; Tue, 11 Dec 2018 22:45:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 80A812B6AA for ; Tue, 11 Dec 2018 22:45:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 74D612B756; Tue, 11 Dec 2018 22:45:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 133D62B6AA for ; Tue, 11 Dec 2018 22:45:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726474AbeLKWpW (ORCPT ); Tue, 11 Dec 2018 17:45:22 -0500 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:43103 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726639AbeLKWoB (ORCPT ); Tue, 11 Dec 2018 17:44:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568240; bh=qbpXcajJrA98ZZWDlgqmt0cbStnF49zKm903egriuBg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=E9qwNAYrFkRahkCJ18tky1txxWbWFWRN/sEIXOybZkCPV2D0ri1ywlINFYpaW2vaBMVcHF2B+sMKo3FR0rtdmZ+DH8Shghp5c5uxPX2SMUwWYvzOkCgXhIPkH4hSiKVxRSm0zdUnzHKT8tV857xHD43b81axVmaVBvN5pP829ToJEt9znVZEOwxyEFs24RJTgdpxqFiZR/DXymALQV8Pp0zssopVZO/FxU4W0HO3e96Xkcd5OSXmCv3UeFQ4IFFdJ4A9eSAMtwc1HjM8FphUxaT4xiMaGDO5paYneAEyQbjv7aDW/DBalh2v/yhrl+gBKcxkzD8Ds35MtdyQuy6GOw== X-YMail-OSG: AfjBwb4VM1nSUwDNELJuo9P.WUbp4xyw04hu2DBY1V4bRRDhLUlFqMp.uZfGp6k X5x1l1ziSYyEWyr518UzcQ59RHKKuy1tTrwxVvBagXFUtgABVZ5vDHfApWaL92RYSMhV40nXIwPv MCukAhZOa41otLqxuYMFPorXUr0Uln16W5QOMfV68m89t.yJ_A.73sKzcJQ8MyXUZB9GL1AKChjt FCavrTb8mkF4ub.iDL7CY0pB0DNr4K4R81.px7C9dht4yy7ldc5TY.AxWuUjou.X..RfR6hiXdT6 fmpkwH647UYlMhvaQ6XTAbPBXTL6chEgsxdwYT5hCn.Uyy.t81mxnI0pIRWcUBs3lFLK0_zqRiMK YDqGxY5VBrp4.MQJ8sSV93Msx7XvoRVanS__2t9E2K766boKoJO2VMV9bPGL0nAHpHI.L7b2faJY HJfrghLOAgIBkWI8_5FJxFzX.qmINV5TBmcbOWMtqknXbuj3BkS6gnyVZezYQ0wDY_JIeNgngYWj 7rE9WlQWE6_CgFifIWUj1plXEC3VPMn5EYWE7WNBm.AWcvP1R9W08amDYP_GtEzSgjfTmvJeX4EQ 6htYG43lHVm9A95qKEUaK_XiBRIuGr0YRi4Q.aVUaLqAoo0wYN21Eg36U3iUCVZOyO22TrxoYH0R fzUQlx0FA9FY2kH2t4bZZKZxqQARaWlYqu8lhINIR0E9AMC5ot_fhrsvEWqK3eoEI4z9awEJdgvg v6Crxcrwu_U_fn1IUkDNpBMZNhfHS.EJztxHO03Palb4Np96gg4I2w0U_9sl5L7Cx6JO2O4GBN9E Y42R2tP.tb1woIPEs6iN7.tBNEBo_aTqeqetC0F3g6rDhS33tdkfdeTSk3y5iBfSAbzcaWMAX80h mgySH_YLcOkUdwB2tILEgLCoeYpJWhbJxhOJRq9mH6lvJggrs9VDM4QMlev884hPQL_Ttc6AIvZ6 3V18a1fCeUFcfzuSJqn1MX45ZMYFw67jhWfe8eRFGtCxyDOtq57Y1PleyEiG3nVmPxd5JKgF4iH3 XV7796r9YWmlkJEXZfMTimkwGsWRF59c10VRA1O2GcNA7CcNCz.FSjKSWJI2.q044q4taw9L5el6 iDEr5D9htcl6OmU.iSP4LO3oBxnnHSerNii4uOA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:00 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:56 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 28/38] SELinux: Abstract use of file security blob Date: Tue, 11 Dec 2018 14:43:04 -0800 Message-Id: <20181211224314.22412-29-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/selinux/hooks.c | 18 +++++++++--------- security/selinux/include/objsec.h | 5 +++++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ac6d8a2d00f1..ce1d37378eb5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -393,7 +393,7 @@ static int file_alloc_security(struct file *file) static void file_free_security(struct file *file) { - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); file->f_security = NULL; kmem_cache_free(file_security_cache, fsec); } @@ -1881,7 +1881,7 @@ static int file_has_perm(const struct cred *cred, struct file *file, u32 av) { - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode *inode = file_inode(file); struct common_audit_data ad; u32 sid = cred_sid(cred); @@ -2225,7 +2225,7 @@ static int selinux_binder_transfer_file(struct task_struct *from, struct file *file) { u32 sid = task_sid(to); - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct dentry *dentry = file->f_path.dentry; struct inode_security_struct *isec; struct common_audit_data ad; @@ -3537,7 +3537,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) static int selinux_file_permission(struct file *file, int mask) { struct inode *inode = file_inode(file); - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode_security_struct *isec; u32 sid = current_sid(); @@ -3572,7 +3572,7 @@ static int ioctl_has_perm(const struct cred *cred, struct file *file, u32 requested, u16 cmd) { struct common_audit_data ad; - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode *inode = file_inode(file); struct inode_security_struct *isec; struct lsm_ioctlop_audit ioctl; @@ -3824,7 +3824,7 @@ static void selinux_file_set_fowner(struct file *file) { struct file_security_struct *fsec; - fsec = file->f_security; + fsec = selinux_file(file); fsec->fown_sid = current_sid(); } @@ -3839,7 +3839,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, /* struct fown_struct is never outside the context of a struct file */ file = container_of(fown, struct file, f_owner); - fsec = file->f_security; + fsec = selinux_file(file); if (!signum) perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ @@ -3863,7 +3863,7 @@ static int selinux_file_open(struct file *file) struct file_security_struct *fsec; struct inode_security_struct *isec; - fsec = file->f_security; + fsec = selinux_file(file); isec = inode_security(file_inode(file)); /* * Save inode label and policy sequence number @@ -4002,7 +4002,7 @@ static int selinux_kernel_module_from_file(struct file *file) ad.type = LSM_AUDIT_DATA_FILE; ad.u.file = file; - fsec = file->f_security; + fsec = selinux_file(file); if (sid != fsec->sid) { rc = avc_has_perm(&selinux_state, sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c2974b031d05..e0ac2992e059 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -165,4 +165,9 @@ static inline struct task_security_struct *selinux_cred(const struct cred *cred) return cred->security + selinux_blob_sizes.lbs_cred; } +static inline struct file_security_struct *selinux_file(const struct file *file) +{ + return file->f_security; +} + #endif /* _SELINUX_OBJSEC_H_ */ From patchwork Tue Dec 11 22:43:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724989 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5E7CA91E for ; Tue, 11 Dec 2018 22:44:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4EA2A29FE9 for ; Tue, 11 Dec 2018 22:44:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4287E2B5FB; Tue, 11 Dec 2018 22:44:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D8FC629FE9 for ; Tue, 11 Dec 2018 22:44:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726663AbeLKWoD (ORCPT ); Tue, 11 Dec 2018 17:44:03 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:37315 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726650AbeLKWoC (ORCPT ); Tue, 11 Dec 2018 17:44:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568241; bh=lKw+YFFirAcuaGMfYgMV+U5QfYDFlilvNclUnUdmOyY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ZxaGPXTp5ox4BX/Dj+pw63S5VfUd0WlLpxNuEl0Fn0RXN949Ioe2xRVYDYrje01dwUABoKx+fenfHZPsUYcLuBrUqdHct3JO8SiRWIjZPNmNikNJDOhQlPb1XnzKL/FuucsHWeY7Ip+yU8X2wwNqDEXZlyeNJm4vBveDfWpnFs0ofFAKHIKd8q7RzeT/6gLIh2v2i5/TvlA6v68iGn51dp9YRO3xW2icOw8rZX3hF5StbCTVf//MOW34jg28CDXjUWVQyA6M/6f0050ebHogCulmLU24ZqHZczHxkvEt+vVkX1wEdMH1iI3ZEC80nfzzIcQKv1KmoiLZUBLum4MSqw== X-YMail-OSG: tEGvkfAVM1n.MsrCGcE.bzc3C47xW8OQlLS5AsUcnqJJtKC2wEQJOUnfDkOgM.I 7xkWMbZWWLGRpeescZ_xSHu5aQ_UY1dB807gLyCSGa7L67.c8zEIvzZlarLoRmz.2_o.X780g2IN lp3vTRg3mmtAGsCmfaKp5YmY7oJ1qCy2xmw4JQcJLHhUIpAQkb9UEIbYUVkCW7fGAS.tPzD0RZWI dhP9KR3XeVgHos5KF072JiiqYTRO8Z6AbKHO2Z2PUckjN.ZWDN9onwFjzlaAo2CA4X5oqUTjfDHe OjQYq0AfftHjUjthzNfldMPG4r7hL7NL3vW3cT2c7CXvuOYBXRD8plqZA8YRi4ZFvdTg5qkBWiOl 2KTpj3vCTIe7smHuHRttjCiaJmdrjCNduHnnsIl.954yta7W.se1dYaTWiRKlWuyGKIgbHdPv5pD VML3rirTEg5bQOTJKZsnN21eF_0b5P2dG5sB7PYkXqF0hQZv8J9UPsrgnnvLYnVR_Az5gYk0yj17 h7elQ5Ka9DQbWFo9z0O_pPKANj2ecJ85W7xsPtsahH30k5tlgbzMwT38.hbK9asSZMDpG_44hkOU J49pOvbqQcVnOCFmxPG5A2UQIMwWj_QIEJis37rMmrxvC_dnHTvYDSyDPRp_DbloL4lhe_IaERaK 6zYKlg_rfYOh7WzcW_n7C.HU75krKT8j89_DuZJIyfmQsyf8rX_q0wnBZ_BP3VT8uHacpOmHZLwL c68JA60eaVZndofhUySiq8FeQRJUVAmhwsCUwrvoYkYcYjBIV1Jg0tjobZz5UvVj7JU4s.jlpm66 ghbNSaqB6gm3ptdM05kVQ4A1DnhMz2h1liKwbs5JW8ONwKEpxRJRfvbk6o2ZmBmFfbLPAwO87j1m wE7iyJFlrE8baxZ87saRvZjLjyyfVQ51ryLsLYP_Y2EIDvITj8pvGq6g8AxUCaVBa5RybA15VVpX 03fQpzKITWkpk.VCCNhSWY_aFc88OWh0uDEwyh0RKiuKBbJDOTtwHOe6aipYlbFVuCq3MCYQ09y_ IV20F1KhcV5hDMbVC5KKKQeyy1I1LpBggj128Q_7ec3r4Q7tlBe2Y33bRQSxqMfYnDiZyuSU_7cm cYcTznIJdg3KMQFuMSp2eOilw2HGpJdTiaQyGeg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:01 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8f4847c15ff2a33ea2e557120f9f24e5; Tue, 11 Dec 2018 22:43:57 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 29/38] Smack: Abstract use of file security blob Date: Tue, 11 Dec 2018 14:43:05 -0800 Message-Id: <20181211224314.22412-30-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/smack/smack.h | 5 +++++ security/smack/smack_lsm.c | 12 ++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index b27eb252e953..50854969a391 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred) return cred->security + smack_blob_sizes.lbs_cred; } +static inline struct smack_known **smack_file(const struct file *file) +{ + return (struct smack_known **)&file->f_security; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 459f7d523ca6..3e11be8cce7e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1573,9 +1573,9 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) */ static int smack_file_alloc_security(struct file *file) { - struct smack_known *skp = smk_of_current(); + struct smack_known **blob = smack_file(file); - file->f_security = skp; + *blob = smk_of_current(); return 0; } @@ -1815,7 +1815,9 @@ static int smack_mmap_file(struct file *file, */ static void smack_file_set_fowner(struct file *file) { - file->f_security = smk_of_current(); + struct smack_known **blob = smack_file(file); + + *blob = smk_of_current(); } /** @@ -1832,6 +1834,7 @@ static void smack_file_set_fowner(struct file *file) static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { + struct smack_known **blob; struct smack_known *skp; struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); const struct cred *tcred; @@ -1845,7 +1848,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, file = container_of(fown, struct file, f_owner); /* we don't log here as rc can be overriden */ - skp = file->f_security; + blob = smack_file(file); + skp = *blob; rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); From patchwork Tue Dec 11 22:43:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725027 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C02E691E for ; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AEA982B341 for ; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A33CD2B756; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D1B4F2B6AE for ; Tue, 11 Dec 2018 22:44:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726220AbeLKWo4 (ORCPT ); Tue, 11 Dec 2018 17:44:56 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:46051 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726654AbeLKWoD (ORCPT ); Tue, 11 Dec 2018 17:44:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568241; bh=LLC+kO5vVrGkpb8+XiusWEcN5YP2bfPWb69cQmSh7Xk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=meeH0ZEar7aeARk5FqNL7Bv39W19/+SxPw3xxNhbUkSSknyR7gpZL0i98K1MLXuk2SrB2Bht+bVdXCAhU4sRychuQf6KhimhKxGJ9vX9xejE27RomzBwaTmR8uCgJ4tE5o9OS46OLxOzH98yCgBPZ6J3ujsUFiTADOJkLa1Hrwj0TLWck6ilBLF8ZVshtH2TmqiJEBszkWz+qHLxbOHhG6gqhnxF8gFpKdtSZ5L0iZIL62Ma6ycCT/4iA4WbP2WiaRyan9XEzAm7GYKb9hwO7xiONwWnlm4a23OaZeHye+ltZVo/pl55chip64K7aJV1j4iSfFmJ5gggNLOeGMungQ== X-YMail-OSG: ojkgujIVM1kmf0AOkoMbigeSSVg_WLO2MZy5gcP6TOxgALnncmK5Y80URoZROBm TtJk5_z6_qtLJqrX7C1FG7H7lw5n86jSV7IaXf_5n4mi5NmraCrbWYPjlUwL2CkIPzmY.bCfIwGz 0Y2.js0fKW7xZS2c_n_UkpXrCBx62Abgad6I8dn4QCucIPvy7K8goqYKG_8pzGruUCVcNWpwZHCa wkSM7ZeIU3CuLEb.xh8u25b3Y4hBHG_QNOYmWJsUj_x84iioywqd04WAcvEg8vqPWXECo6p5YXeW 1mhxJghXHXYw9YHYCscua31jDV7qg7IObLMGWgNns_SeWUAORIAx8Bv7tIDA_wTqquM_lh8eEbIq JY7w3bL_NYti9uGLQm0fVhj8d1CzwJRFDgXWy4Wof9iIsJSVNHrKF7v2cn35CwhOsCpWHPIlfO5T VuTrQ9Tl8.dnIgRSJE0W9pfHpwjfbjKWbZ9OJPTRDw3kTanwStJ78fku2Ir0OLklQnFt2ttRC1bL oKZCFpnn.JQ8iNXpeetQwfV3oGt6yTLkdBwmtdzaREAw5OF38PYDMeMltamKL6EN0TP4YKQS.MgS d9F3IhcF1Ljl.cN6oICmid.fxKfFW_IC8RbR_4x77gOhJdCyd0b8yW2hL6aZ9JgdhTOXxKKPXVoR vJ4DQJP8.pd3qdhwyD8x5WFFeq4SPModu_1kp2MC_2sdKjn1u58FUx.lyz6nrkfyxdigZefmNOTC N6i12tUF8Dsi41h9_hBcJrMq3Lz0Avi_LBVncssSlfkExedkMQvZuSKTZOS1xA6x4kSpr2HItiPh 7m.ZdwwB2NfYdwZ9POJr9d7ToeOcbIWR9vjn.vy0yAq.8v3Re8.nr4KlRr9xxlEQbJTBcW_3HwsF 4FZ.ok5kTbhp3eqFLpTN87IjEYrh1khzzv3UO_9vrN.bQ2_nSoM0AV7pEERCchb0KQwqzEMPQ1TP 1UbQojJFttLUj63DBSKdoOWW99wJwWX.4HARhlbm3mH6oPsyMyP8tNWAWQhU9PCoVCkNAS6YMf_6 nZUD5rZEC32nEGk0Jd6xpO_60z3QrcjXFqrwHY1xPAkpeEeKWf1ds1ZYsmDWeUn5G8f7yHq1p.R6 ccybx5k1pGuak.jPqjywuWShXjMYQsHFQ280NPw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:01 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:43:59 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 30/38] LSM: Infrastructure management of the file security Date: Tue, 11 Dec 2018 14:43:06 -0800 Message-Id: <20181211224314.22412-31-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/file.h | 5 +++- security/apparmor/lsm.c | 19 +++++++------- security/security.c | 54 ++++++++++++++++++++++++++++++++++++--- security/selinux/hooks.c | 25 ++---------------- security/selinux/include/objsec.h | 2 +- security/smack/smack.h | 3 ++- security/smack/smack_lsm.c | 14 +--------- 8 files changed, 72 insertions(+), 51 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c9458280214e..64499c2d44cd 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2029,6 +2029,7 @@ struct security_hook_list { */ struct lsm_blob_sizes { int lbs_cred; + int lbs_file; }; /* diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 4c2c8ac8842f..8be09208cf7c 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -32,7 +32,10 @@ struct path; AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ AA_EXEC_MMAP | AA_MAY_LINK) -#define file_ctx(X) ((struct aa_file_ctx *)(X)->f_security) +static inline struct aa_file_ctx *file_ctx(struct file *file) +{ + return file->f_security + apparmor_blob_sizes.lbs_file; +} /* struct aa_file_ctx - the AppArmor context the file was opened in * @lock: lock to update the ctx diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 70669e676212..3ae8c902d740 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -433,21 +433,21 @@ static int apparmor_file_open(struct file *file) static int apparmor_file_alloc_security(struct file *file) { - int error = 0; - - /* freed by apparmor_file_free_security */ + struct aa_file_ctx *ctx = file_ctx(file); struct aa_label *label = begin_current_label_crit_section(); - file->f_security = aa_alloc_file_ctx(label, GFP_KERNEL); - if (!file_ctx(file)) - error = -ENOMEM; - end_current_label_crit_section(label); - return error; + spin_lock_init(&ctx->lock); + rcu_assign_pointer(ctx->label, aa_get_label(label)); + end_current_label_crit_section(label); + return 0; } static void apparmor_file_free_security(struct file *file) { - aa_free_file_ctx(file_ctx(file)); + struct aa_file_ctx *ctx = file_ctx(file); + + if (ctx) + aa_put_label(rcu_access_pointer(ctx->label)); } static int common_file_perm(const char *op, struct file *file, u32 mask) @@ -1155,6 +1155,7 @@ static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb, */ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), + .lbs_file = sizeof(struct aa_file_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { diff --git a/security/security.c b/security/security.c index c49d4a18c75f..499842ece0fb 100644 --- a/security/security.c +++ b/security/security.c @@ -40,6 +40,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); +static struct kmem_cache *lsm_file_cache; + char *lsm_names; static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; @@ -158,6 +160,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) return; lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); + lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); } /* Prepare LSM for initialization. */ @@ -279,6 +282,15 @@ static void __init ordered_lsm_init(void) prepare_lsm(*lsm); init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); + init_debug("file blob size = %d\n", blob_sizes.lbs_file); + + /* + * Create any kmem_caches needed for blobs + */ + if (blob_sizes.lbs_file) + lsm_file_cache = kmem_cache_create("lsm_file_cache", + blob_sizes.lbs_file, 0, + SLAB_PANIC, NULL); for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); @@ -448,6 +460,27 @@ void __init lsm_early_cred(struct cred *cred) panic("%s: Early cred alloc failed.\n", __func__); } +/** + * lsm_file_alloc - allocate a composite file blob + * @file: the file that needs a blob + * + * Allocate the file blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_file_alloc(struct file *file) +{ + if (!lsm_file_cache) { + file->f_security = NULL; + return 0; + } + + file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); + if (file->f_security == NULL) + return -ENOMEM; + return 0; +} + /* * Hook list operation macros. * @@ -1131,12 +1164,27 @@ int security_file_permission(struct file *file, int mask) int security_file_alloc(struct file *file) { - return call_int_hook(file_alloc_security, 0, file); + int rc = lsm_file_alloc(file); + + if (rc) + return rc; + rc = call_int_hook(file_alloc_security, 0, file); + if (unlikely(rc)) + security_file_free(file); + return rc; } void security_file_free(struct file *file) { + void *blob; + call_void_hook(file_free_security, file); + + blob = file->f_security; + if (blob) { + file->f_security = NULL; + kmem_cache_free(lsm_file_cache, blob); + } } int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -1254,7 +1302,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) return rc; rc = call_int_hook(cred_alloc_blank, 0, cred, gfp); - if (rc) + if (unlikely(rc)) security_cred_free(cred); return rc; } @@ -1275,7 +1323,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) return rc; rc = call_int_hook(cred_prepare, 0, new, old, gfp); - if (rc) + if (unlikely(rc)) security_cred_free(new); return rc; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ce1d37378eb5..9669a059ce0f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -145,7 +145,6 @@ static int __init checkreqprot_setup(char *str) __setup("checkreqprot=", checkreqprot_setup); static struct kmem_cache *sel_inode_cache; -static struct kmem_cache *file_security_cache; /** * selinux_secmark_enabled - Check to see if SECMARK is currently enabled @@ -377,27 +376,15 @@ static void inode_free_security(struct inode *inode) static int file_alloc_security(struct file *file) { - struct file_security_struct *fsec; + struct file_security_struct *fsec = selinux_file(file); u32 sid = current_sid(); - fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL); - if (!fsec) - return -ENOMEM; - fsec->sid = sid; fsec->fown_sid = sid; - file->f_security = fsec; return 0; } -static void file_free_security(struct file *file) -{ - struct file_security_struct *fsec = selinux_file(file); - file->f_security = NULL; - kmem_cache_free(file_security_cache, fsec); -} - static int superblock_alloc_security(struct super_block *sb) { struct superblock_security_struct *sbsec; @@ -3559,11 +3546,6 @@ static int selinux_file_alloc_security(struct file *file) return file_alloc_security(file); } -static void selinux_file_free_security(struct file *file) -{ - file_free_security(file); -} - /* * Check whether a task has the ioctl permission and cmd * operation to an inode. @@ -6857,6 +6839,7 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_security_struct), + .lbs_file = sizeof(struct file_security_struct), }; static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { @@ -6927,7 +6910,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_permission, selinux_file_permission), LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), - LSM_HOOK_INIT(file_free_security, selinux_file_free_security), LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), LSM_HOOK_INIT(mmap_file, selinux_mmap_file), LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), @@ -7112,9 +7094,6 @@ static __init int selinux_init(void) sel_inode_cache = kmem_cache_create("selinux_inode_security", sizeof(struct inode_security_struct), 0, SLAB_PANIC, NULL); - file_security_cache = kmem_cache_create("selinux_file_security", - sizeof(struct file_security_struct), - 0, SLAB_PANIC, NULL); avc_init(); avtab_cache_init(); diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index e0ac2992e059..96374dbf4ace 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -167,7 +167,7 @@ static inline struct task_security_struct *selinux_cred(const struct cred *cred) static inline struct file_security_struct *selinux_file(const struct file *file) { - return file->f_security; + return file->f_security + selinux_blob_sizes.lbs_file; } #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/smack/smack.h b/security/smack/smack.h index 50854969a391..2007d38d0e46 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -364,7 +364,8 @@ static inline struct task_smack *smack_cred(const struct cred *cred) static inline struct smack_known **smack_file(const struct file *file) { - return (struct smack_known **)&file->f_security; + return (struct smack_known **)(file->f_security + + smack_blob_sizes.lbs_file); } /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3e11be8cce7e..c560cb8e155c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1579,18 +1579,6 @@ static int smack_file_alloc_security(struct file *file) return 0; } -/** - * smack_file_free_security - clear a file security blob - * @file: the object - * - * The security blob for a file is a pointer to the master - * label list, so no memory is freed. - */ -static void smack_file_free_security(struct file *file) -{ - file->f_security = NULL; -} - /** * smack_file_ioctl - Smack check on ioctls * @file: the object @@ -4637,6 +4625,7 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_smack), + .lbs_file = sizeof(struct smack_known *), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4674,7 +4663,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), - LSM_HOOK_INIT(file_free_security, smack_file_free_security), LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), LSM_HOOK_INIT(file_lock, smack_file_lock), LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), From patchwork Tue Dec 11 22:43:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725037 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2174C91E for ; Tue, 11 Dec 2018 22:45:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1383A2B6AE for ; Tue, 11 Dec 2018 22:45:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 082042B771; Tue, 11 Dec 2018 22:45:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 86A042B6AE for ; Tue, 11 Dec 2018 22:45:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726333AbeLKWpK (ORCPT ); Tue, 11 Dec 2018 17:45:10 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:36310 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726658AbeLKWoD (ORCPT ); Tue, 11 Dec 2018 17:44:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568241; bh=kRBO5gYSD2+Kt+mgu48Ix2zGEOe/PuFqithweguD1I4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=NcG0vcs8q6FWuBOgR5ItqZDKth1lO1hnIEIVY4RzASXrccqJJVKBbiK96J+blpkpTeV955HElMx6/JGPUH3s3MwPcXasudzlFBBpt56H67xsK9SO570zAKlxOhbpta3ntopoWD7cM6ZfApiBT40aDjKCUni0ljX64AyeNMWy9cBOS2AupDQgpq5Gad64deg8+gbCIw+IBECnES4xcH56+R7hf74USxHyNxBNe0OJQQZ+Fn+/V/iOLSkBpZBVuYilcumGRJvI+V4BwDhMdy929RD8acKTAGSVdfsVVZvcPPkxvoIUr3sBASnySofRGDVKw4lQ91H1KHgIEba5pmoPGA== X-YMail-OSG: qg5pdXwVM1lg6c1AhpSy6JIeTcflRDOQi7kEW6Qy5.rjaOq9oUazFcHV6jsD40V fTfg1C42pqHMRlU9hHWQzKpIOdk36t4Lt.6SyXqx8C8P0I19M37SpeHaf6SeqzGZIdO.IQucphWk WwMaYgwg1e6a2.e3gT6yHPnNOkGA_Ha1ivAJMG8cy7fXnaOhqkzp9lTUay2micvbdj2QPU5_QcSa n00Gpx91cAVKYaeSZWGvXkihbpmH.6tJaFm0f310EbCIBsGk0ol3U634LCSJL7QdrPalO.Zis63r E1ht0R39nzuL7rBB0clK_unUVqtKnBf9bDq2lbK4071lYDIPptOLL.5u5HzWJsLbP9INHx_DQW4X VxETwgM2qdogeV1e4nvmgjlSxEfC.h6IjBePIEd4yHxDBOlMaDFDuPUn_DAkSkGu00L4lM4WqfR9 RnxmjA3yRgC.xu3m_cLR5DN2zwBW6xXrnM64rzY0SLQp_stvmYI7l8fN8PWBmqR3EzVY32x.1mep VsfioVmVmaKAkaAWAiKEeBulE_nlKMHnfFmaNxFJmYejUMRuHWEfRokF3TfkfTR6JwHAtAvJ.PM1 krXex9YH70jo338WI8swJg1JnczYpV6YOE8E_AL8LKnZxoDFy3Aj4PkgvR9NqRDQHQjTQCxMqpt6 aF9ZVNo_TxhXg5UxR.4rlQjPOLno77x7dbIW3YxHrYRJTdUw4HMy7mhQKZM8rZhF_zsgM8py1iVW MoNPoV3TUvE94eHWQPlT9XQtpCFF9a5PT9toxCiJrqhrOhZwKy56Tb7xLp1QDJa55dYIm23yixev oMEr0dr7OEx7zV2Dsl7i0Zt1uLoJdFfNp1f1ar7w86FYFlQv1faQZ9OLhVy0Edk062.3_3t7wIi8 JK9YIyfzIynaWg0F06yL7I22tAAytwh9EMMSrqIjIp_RfrU0o.eltrLaP74MPxKTqxI2TI2gnrSp xVTLNuCdiCueWMedV3sruojYXxFt.yrxWFtFDJKjwIdts9WM2awfmJDdmmZL0XsP3jR06ZLr5Q46 le5h4Qsa2xsrEA2lYnGzdpHYsE2DtLb4TmLn3bqrxiE0D5s2BLJFKUXSRwg1jszQ4LEDxE4WNqtl X2Zn72R.zWNCNCkArWQ9CpmOOQG4YPLNnrHcoiA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:01 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:00 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 31/38] SELinux: Abstract use of inode security blob Date: Tue, 11 Dec 2018 14:43:07 -0800 Message-Id: <20181211224314.22412-32-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/selinux/hooks.c | 26 +++++++++++++------------- security/selinux/include/objsec.h | 6 ++++++ security/selinux/selinuxfs.c | 4 ++-- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9669a059ce0f..3069e95d86e6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -272,7 +272,7 @@ static int __inode_security_revalidate(struct inode *inode, struct dentry *dentry, bool may_sleep) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); might_sleep_if(may_sleep); @@ -293,7 +293,7 @@ static int __inode_security_revalidate(struct inode *inode, static struct inode_security_struct *inode_security_novalidate(struct inode *inode) { - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) @@ -303,7 +303,7 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo error = __inode_security_revalidate(inode, NULL, !rcu); if (error) return ERR_PTR(error); - return inode->i_security; + return selinux_inode(inode); } /* @@ -312,14 +312,14 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo static struct inode_security_struct *inode_security(struct inode *inode) { __inode_security_revalidate(inode, NULL, true); - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); - return inode->i_security; + return selinux_inode(inode); } /* @@ -330,7 +330,7 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr struct inode *inode = d_backing_inode(dentry); __inode_security_revalidate(inode, dentry, true); - return inode->i_security; + return selinux_inode(inode); } static void inode_free_rcu(struct rcu_head *head) @@ -343,7 +343,7 @@ static void inode_free_rcu(struct rcu_head *head) static void inode_free_security(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); struct superblock_security_struct *sbsec = inode->i_sb->s_security; /* @@ -1502,7 +1502,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry, static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) { struct superblock_security_struct *sbsec = NULL; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 task_sid, sid = 0; u16 sclass; struct dentry *dentry; @@ -1802,7 +1802,7 @@ static int inode_has_perm(const struct cred *cred, return 0; sid = cred_sid(cred); - isec = inode->i_security; + isec = selinux_inode(inode); return avc_has_perm(&selinux_state, sid, isec->sid, isec->sclass, perms, adp); @@ -3030,7 +3030,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; @@ -3130,7 +3130,7 @@ static noinline int audit_inode_permission(struct inode *inode, unsigned flags) { struct common_audit_data ad; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); int rc; ad.type = LSM_AUDIT_DATA_INODE; @@ -4150,7 +4150,7 @@ static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info, static void selinux_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 sid = task_sid(p); spin_lock(&isec->lock); @@ -6529,7 +6529,7 @@ static void selinux_release_secctx(char *secdata, u32 seclen) static void selinux_inode_invalidate_secctx(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); spin_lock(&isec->lock); isec->initialized = LABEL_INVALID; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 96374dbf4ace..26b4ff6b4d81 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -170,4 +170,10 @@ static inline struct file_security_struct *selinux_file(const struct file *file) return file->f_security + selinux_blob_sizes.lbs_file; } +static inline struct inode_security_struct *selinux_inode( + const struct inode *inode) +{ + return inode->i_security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..145ee62f205a 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1378,7 +1378,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi) goto out; } - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); ret = security_genfs_sid(fsi->state, "selinuxfs", page, SECCLASS_FILE, &sid); if (ret) { @@ -1953,7 +1953,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) } inode->i_ino = ++fsi->last_ino; - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); isec->sid = SECINITSID_DEVNULL; isec->sclass = SECCLASS_CHR_FILE; isec->initialized = LABEL_INITIALIZED; From patchwork Tue Dec 11 22:43:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725029 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EC33E17FE for ; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DAFD42B341 for ; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF2EF2B6AE; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2FAB12B6AA for ; Tue, 11 Dec 2018 22:44:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726620AbeLKWoD (ORCPT ); Tue, 11 Dec 2018 17:44:03 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:38459 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726655AbeLKWoC (ORCPT ); Tue, 11 Dec 2018 17:44:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568241; bh=yMQklFwhAM+SkyFA3GlpZ7nPGFc0LOqkP3jCwe0SRVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=P7Ip+FcY9VaKM0JrlDCwnBs2Ib7i04HSMpAqi6Ehd/ALU5oLyxiLDRp93o4xWWOzUQujmVU4EPrs7/cSUMUtutklrMZ8mTHCsxCR5KYUGTGZLEwMypJphPs5RU2iv59dml0GgwchzmsGzUz3/KH4c+I3rczQ3Z4cMN5dR266PIhkXwlFV+EFSQZBojL3iUF5h/vzLqDuXyLdRdWc1dWT3qRpQ9UmevlOIc9I6NQ3E56479yzchmCtscX8ytaAHs8K0e5bWqilCndMKrhW740vsIYHdCg5HzcUMu9k598nQ0NOCBdFgtLcJexqSJo6auudvgEYntn8BLb2eKbbj8yQA== X-YMail-OSG: DOdPDaYVM1mkDrNNuuXu.2FaOvJbZ4539q1xAAlWDsHu1112.HpAZph4tUkQxjF fVBt0yodjx70VQn3c4ha0Zc6jiB9e7j2CLewotLHZBXY.VjuYbqj4dVMI3fpR3O8N.A8Cs2glSyq e.CzWOxlb3MXirTqygwzeyMeX3n2jHNt5ubF4vjx4pxQhDv8UVp4KnvBJ9FTfCNUHFRf2MOuXmD_ yi_cxMSzqeT_Lxifx3k___ogaHLyl0f0LsmtRhsEq0Ke5eYlND5ON3lSp.yUjS5LY0aQQVgHAmED w2XrOqWhgUp2hL8YOSM8_nCP._.RZCHz_vRbwG0U8RJT...Pln60bVgOfbyreAin3Nk7ESmDeuqi cSKkN2ic84z7nZWmdbPbMNgl5mjt0b3cY9l4UCC98c8jGeZ4ED2A_C3.D_79TmOudu9wOdcpuIls nOIl16ZTEKVK3K3a_3YLP.BDIgSUAufAPvB7fRiKSw9_H3bs5_HQIzYIvDJWI5BTnghajmklhUqA AHxMA04.C9Qr9mGg9qq_PxPDFYzz2DBQG_VaQZzAcjNKmXfAVSL9qSDf7bwQlgPcJ6JtAI_T8J54 IoJmTFKCBa1LJ82ehrlQBTFNlgXP2JtlhY68RCbnDKZi7aAE0FNkuK4iHbRUuGabTLU.nu01NHXD f.T6cYPVdG3LGRg1UmvO5FzyBoElmF.dVvW1okH4Ey3wsq3k2vjBb174Qg2hhOMOrk5bwiAwZkfQ 7M8KnQgrHVacQEWsIBzQdCDLPzkxGM40EWfOPdnm4fyTjLX7XBHXjfcJziuCQImRQsD_MflplcQ_ dycFsfLtdfUmZhJ3IKD9X788L7VegAfd5FJieiXuJ6Qh7aO9xFgsMWuoTG70pqkYI7CC_y4lXTAq nvxa1ej4qmAnLUJ8VcVFNOES.XdsRJVDc5D0QLn5e5DyiKN3EW.3.G7mpcRfDTX5gSDu.kPi0hAH 5Y1J5kFAMjTw9nUnZJsnP9rlpMkCZvd2OTG9TCC1dHxaXwT2aXQZR.fOjbb84Ukq8mILtnTNFA8x uF7KkiFYosNLAUs6e1wqfAADxIcqI0bb357lvpEH8OPDJh_0nJjX2dbOLUaPHhI46L4CW_uP3COw y3WPT9BXCnvkW3q5lFrkLHVhqYgRp_hpNJThQWA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:01 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:01 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 32/38] Smack: Abstract use of inode security blob Date: Tue, 11 Dec 2018 14:43:08 -0800 Message-Id: <20181211224314.22412-33-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/smack/smack.h | 9 +++++++-- security/smack/smack_lsm.c | 32 ++++++++++++++++---------------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index 2007d38d0e46..436231dfae33 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -368,12 +368,17 @@ static inline struct smack_known **smack_file(const struct file *file) smack_blob_sizes.lbs_file); } +static inline struct inode_smack *smack_inode(const struct inode *inode) +{ + return inode->i_security; +} + /* * Is the directory transmuting? */ static inline int smk_inode_transmutable(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; } @@ -382,7 +387,7 @@ static inline int smk_inode_transmutable(const struct inode *isp) */ static inline struct smack_known *smk_of_inode(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return sip->smk_inode; } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c560cb8e155c..c086110cba80 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -166,7 +166,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) static int smk_bu_inode(struct inode *inode, int mode, int rc) { struct task_smack *tsp = smack_cred(current_cred()); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -198,7 +198,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -228,7 +228,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file, struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -826,7 +826,7 @@ static int smack_set_mnt_opts(struct super_block *sb, /* * Initialize the root inode. */ - isp = inode->i_security; + isp = smack_inode(inode); if (isp == NULL) { isp = new_inode_smack(sp->smk_root); if (isp == NULL) @@ -914,7 +914,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - isp = inode->i_security; + isp = smack_inode(inode); if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) return 0; @@ -994,7 +994,7 @@ static void smack_inode_free_rcu(struct rcu_head *head) */ static void smack_inode_free_security(struct inode *inode) { - struct inode_smack *issp = inode->i_security; + struct inode_smack *issp = smack_inode(inode); /* * The inode may still be referenced in a path walk and @@ -1022,7 +1022,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const char **name, void **value, size_t *len) { - struct inode_smack *issp = inode->i_security; + struct inode_smack *issp = smack_inode(inode); struct smack_known *skp = smk_of_current(); struct smack_known *isp = smk_of_inode(inode); struct smack_known *dsp = smk_of_inode(dir); @@ -1360,7 +1360,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *isp = d_backing_inode(dentry)->i_security; + struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { isp->smk_flags |= SMK_INODE_TRANSMUTE; @@ -1441,7 +1441,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) if (rc != 0) return rc; - isp = d_backing_inode(dentry)->i_security; + isp = smack_inode(d_backing_inode(dentry)); /* * Don't do anything special for these. * XATTR_NAME_SMACKIPIN @@ -1716,7 +1716,7 @@ static int smack_mmap_file(struct file *file, if (unlikely(IS_PRIVATE(file_inode(file)))) return 0; - isp = file_inode(file)->i_security; + isp = smack_inode(file_inode(file)); if (isp->smk_mmap == NULL) return 0; sbsp = file_inode(file)->i_sb->s_security; @@ -2063,7 +2063,7 @@ static int smack_kernel_act_as(struct cred *new, u32 secid) static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; @@ -2263,7 +2263,7 @@ static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, */ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); struct smack_known *skp = smk_of_task_struct(p); isp->smk_inode = skp; @@ -2726,7 +2726,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *nsp = inode->i_security; + struct inode_smack *nsp = smack_inode(inode); struct socket_smack *ssp; struct socket *sock; int rc = 0; @@ -3334,7 +3334,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) if (inode == NULL) return; - isp = inode->i_security; + isp = smack_inode(inode); mutex_lock(&isp->smk_lock); /* @@ -4566,7 +4566,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) /* * Get label from overlay inode and set it in create_sid */ - isp = d_inode(dentry->d_parent)->i_security; + isp = smack_inode(d_inode(dentry->d_parent)); skp = isp->smk_inode; tsp->smk_task = skp; *new = new_creds; @@ -4603,7 +4603,7 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, /* * the attribute of the containing directory */ - isp = d_inode(dentry->d_parent)->i_security; + isp = smack_inode(d_inode(dentry->d_parent)); if (isp->smk_flags & SMK_INODE_TRANSMUTE) { rcu_read_lock(); From patchwork Tue Dec 11 22:43:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724995 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 34B1717FE for ; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2608F29FE9 for ; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1A0DA2B756; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06AAE29FE9 for ; Tue, 11 Dec 2018 22:44:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726720AbeLKWoK (ORCPT ); Tue, 11 Dec 2018 17:44:10 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:35531 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726696AbeLKWoJ (ORCPT ); Tue, 11 Dec 2018 17:44:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568246; bh=MiP39d63uWalPr3Rc655IR8mZb4u4EGEgth5ub7YGA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=oNBH53JTHJ8t56E2qLMM45TlJSktC2VdT5kY8TvIpIpOzFpv9rwGH202vsejDoyfYytIYUAcVw6PrdXYiQPvzeANaH0bHGv5G0W5X5wNp3JtvrHeCovXuce77woESxtIZfpt6Ln4nTYHjS6j+AY+Y9MheqFrZfdTyX+HbXfPpghzES5iRoOVc188V10bQ6ds6LX0ErkS7lWXGb8lxB5OiP1A94ds7gKc2MKsE/D+B+D4MjyzVeqYuEZ4aY5Gv5RiFeMcEzP2I67V0NNoKNlfAwwL10n/Q6LJCuyQ7xdtzLE5pSoQC3HzGRa/rfi7Wc7sYSyRk6laI421TNT+4jlY2Q== X-YMail-OSG: VzNhbEEVM1l9vZ22wUELQBoBlz9hUf_IF7zSRxv8knnj6jmPH4CFbEFDWRgDnD4 .zE.SenDoaXKyxT77U3mrOErn2WB9Ce2BwDtrKaO1NR4lRCyl8CJQydJyUJ1XuZ4vtXb3LCXqDNl pTwQoIdMrRDxZ3hUbdjfHcv8dqz1MDtnoZVRiygrC_ia1zmyWciYICCX23ya5LN_KOB5t8q6YAuJ o.sX8DwLNdamcL5P_YlZ7CBEFqw9s7xtFAObiLWcMwnqihg0wm3YE7tMe1n6eb5A8nL6GUveXxnQ Nt0QAdlwr7IJYcK7qg_M6eNoG8zQd9vdHJOPKxxWTDyaBGma22G.2_UEJueWnkfCMKCBIBHVeR.3 lhUZ224SDTvEPvrpWyOBrwt2U9CEsvMaelbugjit4d8LNFmjjuZaACjOD9tLhSouCp1Xt_JCE5_u 9MnQaQC5.GlHZmyCzh7IBqMIMdVPD5Pm5D4X4JFYQKEEMzDBPbzp7B0893ozlWh_Vu27KQWLSb6E wAFl6MVZYFlMV6IFQG_SZGRDRO7a7qXPP8q0eRS.cFcwbcYxa6uzKRCz_eET3TCyFQwLY6CNsjX0 yYlf0IWLOqkUDrMW.xPZLp6uRMTO0l5vQQyAnUhSWX1rvv8rXkDFdloAhORQSe1HIgznUUYdQ9Wt 8E9cCBsVpmg8RgboW..nyMPuIRE58btmzc3z448aOIG1SXXMTuC3JgjBJ9Srd1N2mY2KkQnNuaac GZEzKmO2UTr8bJ9_uj3Vebs9E9JxVmQKnbFOijPurfntvHCDUlBiZ_xiRsLQ0zwqf.8BWX9_Aisu aP0x92N9rRM9QkRTlfijGPMQYyVFEMWP_ieLINpasasNAGoLOfpvfKchIqNnrDgEaXpppSwgJkHb hh9NcFnfxTZZWJJaeeDUEKlS7dyMIM6cxEEk4Ew3q0WYwlc0zxBB3zYD2EExKv.KQvx9O7gwmkRQ cJA6Sx71Y50DjaDnmMLpm_5xpj.St4PLyaZu7MjbzmxQ2osG4B1ULGhuyls_6Sc8KOpsYkLO5ZM0 u48EV_6s.3rHnOCdJhKxw9KQ0z5F_Ws5WQalhzsxqRGs.FEKmBtXXt9o5V1hZpp6aveQTtr3EeMG rMLoF2yuo569cuIXKHdI6vFSsEg15rP0CZP5LFmisYU0- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:01 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 33/38] LSM: Infrastructure management of the inode security Date: Tue, 11 Dec 2018 14:43:09 -0800 Message-Id: <20181211224314.22412-34-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 3 ++ security/security.c | 64 +++++++++++++++++++++++++++++++-- security/selinux/hooks.c | 37 ++++--------------- security/selinux/include/objsec.h | 9 +++-- security/smack/smack.h | 2 +- security/smack/smack_lsm.c | 76 +++++++++------------------------------ 6 files changed, 93 insertions(+), 98 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 64499c2d44cd..65440005ec92 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2030,6 +2030,7 @@ struct security_hook_list { struct lsm_blob_sizes { int lbs_cred; int lbs_file; + int lbs_inode; }; /* @@ -2101,6 +2102,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ +extern int lsm_inode_alloc(struct inode *inode); + #ifdef CONFIG_SECURITY void __init lsm_early_cred(struct cred *cred); #endif diff --git a/security/security.c b/security/security.c index 499842ece0fb..0cc48072eb3b 100644 --- a/security/security.c +++ b/security/security.c @@ -41,6 +41,7 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); static struct kmem_cache *lsm_file_cache; +static struct kmem_cache *lsm_inode_cache; char *lsm_names; static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; @@ -161,6 +162,13 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); + /* + * The inode blob gets an rcu_head in addition to + * what the modules might need. + */ + if (needed->lbs_inode && blob_sizes.lbs_inode == 0) + blob_sizes.lbs_inode = sizeof(struct rcu_head); + lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); } /* Prepare LSM for initialization. */ @@ -283,6 +291,7 @@ static void __init ordered_lsm_init(void) init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); init_debug("file blob size = %d\n", blob_sizes.lbs_file); + init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); /* * Create any kmem_caches needed for blobs @@ -291,6 +300,10 @@ static void __init ordered_lsm_init(void) lsm_file_cache = kmem_cache_create("lsm_file_cache", blob_sizes.lbs_file, 0, SLAB_PANIC, NULL); + if (blob_sizes.lbs_inode) + lsm_inode_cache = kmem_cache_create("lsm_inode_cache", + blob_sizes.lbs_inode, 0, + SLAB_PANIC, NULL); for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); @@ -481,6 +494,27 @@ static int lsm_file_alloc(struct file *file) return 0; } +/** + * lsm_inode_alloc - allocate a composite inode blob + * @inode: the inode that needs a blob + * + * Allocate the inode blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_inode_alloc(struct inode *inode) +{ + if (!lsm_inode_cache) { + inode->i_security = NULL; + return 0; + } + + inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS); + if (inode->i_security == NULL) + return -ENOMEM; + return 0; +} + /* * Hook list operation macros. * @@ -727,14 +761,40 @@ EXPORT_SYMBOL(security_sb_parse_opts_str); int security_inode_alloc(struct inode *inode) { - inode->i_security = NULL; - return call_int_hook(inode_alloc_security, 0, inode); + int rc = lsm_inode_alloc(inode); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(inode_alloc_security, 0, inode); + if (unlikely(rc)) + security_inode_free(inode); + return rc; +} + +static void inode_free_by_rcu(struct rcu_head *head) +{ + /* + * The rcu head is at the start of the inode blob + */ + kmem_cache_free(lsm_inode_cache, head); } void security_inode_free(struct inode *inode) { integrity_inode_free(inode); call_void_hook(inode_free_security, inode); + /* + * The inode may still be referenced in a path walk and + * a call to security_inode_permission() can be made + * after inode_free_security() is called. Ideally, the VFS + * wouldn't do this, but fixing that is a much harder + * job. For now, simply free the i_security via RCU, and + * leave the current inode->i_security pointer intact. + * The inode will be freed after the RCU grace period too. + */ + if (inode->i_security) + call_rcu((struct rcu_head *)inode->i_security, + inode_free_by_rcu); } int security_dentry_init_security(struct dentry *dentry, int mode, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3069e95d86e6..f0e7ac26f3a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -144,8 +144,6 @@ static int __init checkreqprot_setup(char *str) } __setup("checkreqprot=", checkreqprot_setup); -static struct kmem_cache *sel_inode_cache; - /** * selinux_secmark_enabled - Check to see if SECMARK is currently enabled * @@ -241,13 +239,9 @@ static inline u32 task_sid(const struct task_struct *task) static int inode_alloc_security(struct inode *inode) { - struct inode_security_struct *isec; + struct inode_security_struct *isec = selinux_inode(inode); u32 sid = current_sid(); - isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); - if (!isec) - return -ENOMEM; - spin_lock_init(&isec->lock); INIT_LIST_HEAD(&isec->list); isec->inode = inode; @@ -255,7 +249,6 @@ static int inode_alloc_security(struct inode *inode) isec->sclass = SECCLASS_FILE; isec->task_sid = sid; isec->initialized = LABEL_INVALID; - inode->i_security = isec; return 0; } @@ -333,19 +326,14 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr return selinux_inode(inode); } -static void inode_free_rcu(struct rcu_head *head) -{ - struct inode_security_struct *isec; - - isec = container_of(head, struct inode_security_struct, rcu); - kmem_cache_free(sel_inode_cache, isec); -} - static void inode_free_security(struct inode *inode) { struct inode_security_struct *isec = selinux_inode(inode); - struct superblock_security_struct *sbsec = inode->i_sb->s_security; + struct superblock_security_struct *sbsec; + if (!isec) + return; + sbsec = inode->i_sb->s_security; /* * As not all inode security structures are in a list, we check for * empty list outside of the lock to make sure that we won't waste @@ -361,17 +349,6 @@ static void inode_free_security(struct inode *inode) list_del_init(&isec->list); spin_unlock(&sbsec->isec_lock); } - - /* - * The inode may still be referenced in a path walk and - * a call to selinux_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - call_rcu(&isec->rcu, inode_free_rcu); } static int file_alloc_security(struct file *file) @@ -6840,6 +6817,7 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_security_struct), .lbs_file = sizeof(struct file_security_struct), + .lbs_inode = sizeof(struct inode_security_struct), }; static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { @@ -7091,9 +7069,6 @@ static __init int selinux_init(void) default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); - sel_inode_cache = kmem_cache_create("selinux_inode_security", - sizeof(struct inode_security_struct), - 0, SLAB_PANIC, NULL); avc_init(); avtab_cache_init(); diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 26b4ff6b4d81..562fad58c56b 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -57,10 +57,7 @@ enum label_initialized { struct inode_security_struct { struct inode *inode; /* back pointer to inode object */ - union { - struct list_head list; /* list of inode_security_struct */ - struct rcu_head rcu; /* for freeing the inode_security_struct */ - }; + struct list_head list; /* list of inode_security_struct */ u32 task_sid; /* SID of creating task */ u32 sid; /* SID of this object */ u16 sclass; /* security class of this object */ @@ -173,7 +170,9 @@ static inline struct file_security_struct *selinux_file(const struct file *file) static inline struct inode_security_struct *selinux_inode( const struct inode *inode) { - return inode->i_security; + if (unlikely(!inode->i_security)) + return NULL; + return inode->i_security + selinux_blob_sizes.lbs_inode; } #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/smack/smack.h b/security/smack/smack.h index 436231dfae33..bf0abc35ca1c 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -370,7 +370,7 @@ static inline struct smack_known **smack_file(const struct file *file) static inline struct inode_smack *smack_inode(const struct inode *inode) { - return inode->i_security; + return inode->i_security + smack_blob_sizes.lbs_inode; } /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c086110cba80..9ff185af378a 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -288,24 +288,18 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip, } /** - * new_inode_smack - allocate an inode security blob + * init_inode_smack - initialize an inode security blob + * @isp: the blob to initialize * @skp: a pointer to the Smack label entry to use in the blob * - * Returns the new blob or NULL if there's no memory available */ -static struct inode_smack *new_inode_smack(struct smack_known *skp) +static void init_inode_smack(struct inode *inode, struct smack_known *skp) { - struct inode_smack *isp; - - isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); - if (isp == NULL) - return NULL; + struct inode_smack *isp = smack_inode(inode); isp->smk_inode = skp; isp->smk_flags = 0; mutex_init(&isp->smk_lock); - - return isp; } /** @@ -758,6 +752,13 @@ static int smack_set_mnt_opts(struct super_block *sb, if (sp->smk_flags & SMK_SB_INITIALIZED) return 0; + if (inode->i_security == NULL) { + int rc = lsm_inode_alloc(inode); + + if (rc) + return rc; + } + if (!smack_privileged(CAP_MAC_ADMIN)) { /* * Unprivileged mounts don't get to specify Smack values. @@ -826,17 +827,12 @@ static int smack_set_mnt_opts(struct super_block *sb, /* * Initialize the root inode. */ - isp = smack_inode(inode); - if (isp == NULL) { - isp = new_inode_smack(sp->smk_root); - if (isp == NULL) - return -ENOMEM; - inode->i_security = isp; - } else - isp->smk_inode = sp->smk_root; + init_inode_smack(inode, sp->smk_root); - if (transmute) + if (transmute) { + isp = smack_inode(inode); isp->smk_flags |= SMK_INODE_TRANSMUTE; + } return 0; } @@ -965,48 +961,10 @@ static int smack_inode_alloc_security(struct inode *inode) { struct smack_known *skp = smk_of_current(); - inode->i_security = new_inode_smack(skp); - if (inode->i_security == NULL) - return -ENOMEM; + init_inode_smack(inode, skp); return 0; } -/** - * smack_inode_free_rcu - Free inode_smack blob from cache - * @head: the rcu_head for getting inode_smack pointer - * - * Call back function called from call_rcu() to free - * the i_security blob pointer in inode - */ -static void smack_inode_free_rcu(struct rcu_head *head) -{ - struct inode_smack *issp; - - issp = container_of(head, struct inode_smack, smk_rcu); - kmem_cache_free(smack_inode_cache, issp); -} - -/** - * smack_inode_free_security - free an inode blob using call_rcu() - * @inode: the inode with a blob - * - * Clears the blob pointer in inode using RCU - */ -static void smack_inode_free_security(struct inode *inode) -{ - struct inode_smack *issp = smack_inode(inode); - - /* - * The inode may still be referenced in a path walk and - * a call to smack_inode_permission() can be made - * after smack_inode_free_security() is called. - * To avoid race condition free the i_security via RCU - * and leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - call_rcu(&issp->smk_rcu, smack_inode_free_rcu); -} - /** * smack_inode_init_security - copy out the smack from an inode * @inode: the newly created inode @@ -4626,6 +4584,7 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_smack), .lbs_file = sizeof(struct smack_known *), + .lbs_inode = sizeof(struct inode_smack), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4644,7 +4603,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), - LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), LSM_HOOK_INIT(inode_link, smack_inode_link), LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), From patchwork Tue Dec 11 22:43:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725021 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B73B291E for ; Tue, 11 Dec 2018 22:44:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A83B329FE9 for ; Tue, 11 Dec 2018 22:44:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9BE242B6AA; Tue, 11 Dec 2018 22:44:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1354729FE9 for ; Tue, 11 Dec 2018 22:44:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726239AbeLKWoi (ORCPT ); Tue, 11 Dec 2018 17:44:38 -0500 Received: from sonic311-28.consmr.mail.ne1.yahoo.com ([66.163.188.209]:44176 "EHLO sonic311-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726368AbeLKWoH (ORCPT ); Tue, 11 Dec 2018 17:44:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568246; bh=rtgbAY8v8bf2tMWocN4/v1BHGqtzr15pWf8snPHIIn8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=MTSSMZQiJGfO2lz3OCDx3mwrFNR7BZFxhpvp6he8a2kehNR4TfXnSpYlv/i0IPXDYhA6A6lD6u1e0lRak6VV+WfKi8g4IWdw+Kemt4CKhE1Cm/T46QClFGDPIlJ56IFYN1VLXTsthzhGh7Y6DQvL2aEj0aOf/n0zJ/zUW3BtwN/DSFlL2O7+wnGGQNjyjcJYtGsiehyjPdoa9QEPk9+Nt/RETB1UNkEeZ57z3j1yS8G1ZrudTHbEV8nHh2OuA3jjgBkBlJ3IaXiS9TlM8xNFASsEJojkSMmA8EAw+1kjMyXpuVqVQhXAf77QrYCEjNkusJtjec58aWutY20/FZuahQ== X-YMail-OSG: ODv9pKMVM1k5bhJQ17ZasrABywSFB0XI0VLo3BkVWEgONXM1uTRUaQOcwoYL1ys WYGcMXnme3BwY41bs7wJUl1gNL3QzRZqR9WhX0sMsUSFwrSnXqOJWq2sWfzvaKHYf2j93xNOpIJJ 0aVPPtq1fxDRII_KMAHNELdah52lWV2kWJgx.fwH2i.DT0aNaOi1YbG2xEGZOBgKzxJ..EwAXnFw qciDWbFR.w6uvp3uKv.Q6QM5p6lsk6h0yj7NLJbObqpmU4AW2WPZzqQDBcBrcHP0T_HGwzivPZh7 _jnIDELvU70v5R8S1sPfzRLKnUlXjHe2p6XOoGfIwVTsE6UDuHjSGpCOZnLLzAbcybzi_N3fYYzJ y.WWloMNNkruxfMCAHuTtQsnj5cCN3XbYGkIwd8VhOjpZXXJdnLwZytDXIteroVEBoahRelyhbaV M6d4l4XYQ2wJiL0TSSFtnfAoDDRDxfjTugnwmUM46nJ23c9VplZZQz4DleuSwMQyHEd7b6FOv_WL UKSa812SJE50ualiS_YlZmf3_Y93NKWS95J2dXwMjWAIYRUPQNqS7pOs8ijDl_hyBbFy0e0vTddW 7N_N0Lzx9c10d.P71wbuLl_HCYJhnjgU0mQz_Wite8y95uLktqepGOGi48YZUDN57l9klyCgP0WD CpmOHWlRvh6mKRXQ7USwWyITUHUwA4TMViya2.Esepi07cPnidmdVap0os_wtUj5rjdGUYMhHU2N y3qyy7F12xOpLwW5TOlIAhCEBxBk4IxVAwz9fvahAm7Jt5oEH0hlgsMHkvE4beB395A.KWtQNM0B cTGty3ipS.Qe2w3ZUW35Uuv7WtIS_bqRNfMLYAWU7JwZ.0EDvfWMlheM62fQ6hdUYkI2F3ohW30V fdxf.QTWuQsQF6VGwLzj_BBiajmMiJ7nawDwVWlqNfVjaeopr_Y9c3cjx5VXI8tCmoMHaF1hs4AU gRpsloZWwlgCZlpfWy9fn00U6OQpia1nrUjUxo8LIhsgRmfwiTxJi0.dQEk1QldET165f6jL4FcD IY9DwaOxwGMlTySXvN1uKjR9iaGSiiZVxIpSwO1tUgXBfcZlw3IT_kazF_bx2_PJ8SIcadSzAGLh 3YHS86.OcyGpWXqRVRQmfcmib6X.MmKElvLj6rNxIpR0- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:02 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 34/38] LSM: Infrastructure management of the task security Date: Tue, 11 Dec 2018 14:43:10 -0800 Message-Id: <20181211224314.22412-35-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move management of the task_struct->security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. The only user of this blob is AppArmor. The AppArmor use is abstracted to avoid future conflict. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 2 ++ security/apparmor/include/task.h | 18 +++----------- security/apparmor/lsm.c | 15 +++-------- security/security.c | 54 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 27 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 65440005ec92..243c7c6e181d 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2031,6 +2031,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_task; }; /* @@ -2106,6 +2107,7 @@ extern int lsm_inode_alloc(struct inode *inode); #ifdef CONFIG_SECURITY void __init lsm_early_cred(struct cred *cred); +void __init lsm_early_task(struct task_struct *task); #endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h index 55edaa1d83f8..039c1e60887a 100644 --- a/security/apparmor/include/task.h +++ b/security/apparmor/include/task.h @@ -14,7 +14,10 @@ #ifndef __AA_TASK_H #define __AA_TASK_H -#define task_ctx(X) ((X)->security) +static inline struct aa_task_ctx *task_ctx(struct task_struct *task) +{ + return task->security; +} /* * struct aa_task_ctx - information for current task label change @@ -36,17 +39,6 @@ int aa_set_current_hat(struct aa_label *label, u64 token); int aa_restore_previous_label(u64 cookie); struct aa_label *aa_get_task_label(struct task_struct *task); -/** - * aa_alloc_task_ctx - allocate a new task_ctx - * @flags: gfp flags for allocation - * - * Returns: allocated buffer or NULL on failure - */ -static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags) -{ - return kzalloc(sizeof(struct aa_task_ctx), flags); -} - /** * aa_free_task_ctx - free a task_ctx * @ctx: task_ctx to free (MAYBE NULL) @@ -57,8 +49,6 @@ static inline void aa_free_task_ctx(struct aa_task_ctx *ctx) aa_put_label(ctx->nnp); aa_put_label(ctx->previous); aa_put_label(ctx->onexec); - - kzfree(ctx); } } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 3ae8c902d740..83dc23f33a29 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -93,19 +93,14 @@ static void apparmor_task_free(struct task_struct *task) { aa_free_task_ctx(task_ctx(task)); - task_ctx(task) = NULL; } static int apparmor_task_alloc(struct task_struct *task, unsigned long clone_flags) { - struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL); - - if (!new) - return -ENOMEM; + struct aa_task_ctx *new = task_ctx(task); aa_dup_task_ctx(new, task_ctx(current)); - task_ctx(task) = new; return 0; } @@ -1156,6 +1151,7 @@ static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb, struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), + .lbs_task = sizeof(struct aa_task_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1486,15 +1482,10 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) static int __init set_init_ctx(void) { struct cred *cred = (struct cred *)current->real_cred; - struct aa_task_ctx *ctx; - - ctx = aa_alloc_task_ctx(GFP_KERNEL); - if (!ctx) - return -ENOMEM; lsm_early_cred(cred); + lsm_early_task(current); set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); - task_ctx(current) = ctx; return 0; } diff --git a/security/security.c b/security/security.c index 0cc48072eb3b..d3d3963d7914 100644 --- a/security/security.c +++ b/security/security.c @@ -169,6 +169,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) if (needed->lbs_inode && blob_sizes.lbs_inode == 0) blob_sizes.lbs_inode = sizeof(struct rcu_head); lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); + lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } /* Prepare LSM for initialization. */ @@ -292,6 +293,7 @@ static void __init ordered_lsm_init(void) init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); init_debug("file blob size = %d\n", blob_sizes.lbs_file); init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); + init_debug("task blob size = %d\n", blob_sizes.lbs_task); /* * Create any kmem_caches needed for blobs @@ -515,6 +517,46 @@ int lsm_inode_alloc(struct inode *inode) return 0; } +/** + * lsm_task_alloc - allocate a composite task blob + * @task: the task that needs a blob + * + * Allocate the task blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_task_alloc(struct task_struct *task) +{ + if (blob_sizes.lbs_task == 0) { + task->security = NULL; + return 0; + } + + task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); + if (task->security == NULL) + return -ENOMEM; + return 0; +} + +/** + * lsm_early_task - during initialization allocate a composite task blob + * @task: the task that needs a blob + * + * Allocate the task blob for all the modules if it's not already there + */ +void __init lsm_early_task(struct task_struct *task) +{ + int rc; + + if (task == NULL) + panic("%s: task cred.\n", __func__); + if (task->security != NULL) + return; + rc = lsm_task_alloc(task); + if (rc) + panic("%s: Early task alloc failed.\n", __func__); +} + /* * Hook list operation macros. * @@ -1346,12 +1388,22 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { - return call_int_hook(task_alloc, 0, task, clone_flags); + int rc = lsm_task_alloc(task); + + if (rc) + return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); + if (unlikely(rc)) + security_task_free(task); + return rc; } void security_task_free(struct task_struct *task) { call_void_hook(task_free, task); + + kfree(task->security); + task->security = NULL; } int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) From patchwork Tue Dec 11 22:43:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725011 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B2D6E17FE for ; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A222229FE9 for ; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 953422B341; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 29D072B6AE for ; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726240AbeLKWoa (ORCPT ); Tue, 11 Dec 2018 17:44:30 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:39486 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726700AbeLKWoI (ORCPT ); Tue, 11 Dec 2018 17:44:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568246; bh=q3ZwNVKWIQFkGRgaOEndkUgGeJo8IZZCX1iJ8ynimVY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=fjFZ2X9GGIpNL6bJWUjZb6TTsCyJ5CFFi5uAJJzwXpaYBZ82U5pQmZnCBPA1KVBuQbDsLKjpqaIrbNUB1npnQ45ckCFZeHDog5OL2FVEBIaGTCYIVPYv5sc30wuxtELZqlghYs0oi8CQnfH9WwhXwPvo71UMiY50afgL+GZSj0Q+I2rlDgjJ6vx4uxS1XL6J03V2dsoqT/EGbsrwolneJ+YUpGeV9wEfILwUB5IORsmBTynJDz3IcqY13iYbz7Or4mFAw4Xzr8yB26MAj6sLoTGhUHdcIYlZiZDx9Omj/83J23gD/3Sgzp+lW49UAnbit+J80kN/DU++cpxPjehAZg== X-YMail-OSG: zZ6RMH8VM1nLG2Yho7WzsW8rJvcmzS3eKKzEGyn7TVIvfA3p3y81X2OU7Imncj8 lROCobPX7ZCnzmTuHQDIDXTjX7SlCk8y2AqNltEYT0v1LUD0CkoILaHenld5ihyHE_AdfWdqmgdj 4t7SVF1MBeYaB8DjaWeM8_IwZLHHM1jfLs28EKqMkAjh7EbFj1CtE3m1VGh2RVQ0zK9brdxvY2T5 d64fIQ99AbXJng8.hWYk.Zmc4_c93ivA2.eOAY.5aui07DnXl44VtX5DQrW8ntw59RAwJnTajdO9 andjJJiDQMMMD4V_.ynU5TWhL9NntQXZgV7mKK4EhbJcMpbmIXcFc1pFtIObFqKyYpxAcUclQH0K iydM8_9mIDCpsCZ9A_Yl7TjU3Q5ddkFe6Sry1NpK5RWUTlbkguwCglMUHEhs5mYlzh9g3H_5qxJ6 k4yrWKgZeJ30vHIzmnQrjYNfbik_ZPfa6EpKmNsHIuzZ4A_dzFepaOwkxPkOZQIriTxdLeXUK6Ut jWcEJ1awVOXTSho4B47omn1sQC0a0QqDrTeJyl.b4QE8_rPlbpw26c4HyRd_6mBZlj2mHYz6ew6b 5W2e_YcbYJBL48wn4TfNmTk7lt7TM6r3EYuaj0zzZ1ozioTSqgY0aRAtRWFFC6cBAraf9rGl.mjX XX8i_B2GrZEF5O5WLee_SKX4CNuvDQ._hm2q_AxfSOqZmYCE4DLpfrJMxv8TMCNEUxjbZVEtpyr0 IosAAe1VWJpgDoRXuJz9QGryF4wDVFB06mFC3d2LhEqMpa_uWc0blzMmCkYOOObX891Ljsx6r_Tp g7zJMR6NPZW9z59nqUHco9tp1zTDB5ZhCAAemBhE7DBRYa2cMXDuzmhXYj0iTTknQTzc39NtB_JQ CqMR99Dc69CGt1YUSOR8yp0QsrEYzpGXAdH0q.lsqDMOC5W.ita0DTAD7GyXJgBcuPk0eKkz4Gkl vZj.ri2AtGUylZJJD7FSD9Xmpq6FLRf2UkA5h3pDKZTHD9Ocw25L6osi2_aSlr0UePnxWuPemNnF LmsKV0mYmUeHf_oedRSe9epoT8ZM5FJXy12CA2olzFyGa2FaSw.eeB2pAWVA5OQ4z3ERz12OpFlA dcQrzGVoKS.OVsvigC6ucD7ocpDDh5ImOrb7drw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:04 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 35/38] SELinux: Abstract use of ipc security blobs Date: Tue, 11 Dec 2018 14:43:11 -0800 Message-Id: <20181211224314.22412-36-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/selinux/hooks.c | 18 +++++++++--------- security/selinux/include/objsec.h | 13 +++++++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f0e7ac26f3a9..1e56b036018a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5889,7 +5889,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, struct common_audit_data ad; u32 sid = current_sid(); - isec = ipc_perms->security; + isec = selinux_ipc(ipc_perms); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = ipc_perms->key; @@ -5946,7 +5946,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = msq->security; + isec = selinux_ipc(msq); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -5995,8 +5995,8 @@ static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = current_sid(); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); /* * First time through, need to assign label to the message @@ -6043,8 +6043,8 @@ static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = task_sid(target); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -6097,7 +6097,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = shp->security; + isec = selinux_ipc(shp); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = shp->key; @@ -6194,7 +6194,7 @@ static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = sma->security; + isec = selinux_ipc(sma); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = sma->key; @@ -6280,7 +6280,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) { - struct ipc_security_struct *isec = ipcp->security; + struct ipc_security_struct *isec = selinux_ipc(ipcp); *secid = isec->sid; } diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 562fad58c56b..539cacf4a572 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -26,6 +26,7 @@ #include #include #include +#include #include #include "flask.h" #include "avc.h" @@ -175,4 +176,16 @@ static inline struct inode_security_struct *selinux_inode( return inode->i_security + selinux_blob_sizes.lbs_inode; } +static inline struct msg_security_struct *selinux_msg_msg( + const struct msg_msg *msg_msg) +{ + return msg_msg->security; +} + +static inline struct ipc_security_struct *selinux_ipc( + const struct kern_ipc_perm *ipc) +{ + return ipc->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ From patchwork Tue Dec 11 22:43:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10725009 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 445553E9D for ; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 35F8F2B341 for ; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 29AF529FE9; Tue, 11 Dec 2018 22:44:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6D3A2B6AA for ; Tue, 11 Dec 2018 22:44:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726378AbeLKWoR (ORCPT ); Tue, 11 Dec 2018 17:44:17 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:46129 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726711AbeLKWoI (ORCPT ); Tue, 11 Dec 2018 17:44:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568246; bh=Il9GpnbV91+fys2zxOGbpdhryeWPuMQjgXeEO7Bfh2k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=prTrZXqGqFzroyYtN+YEBDGdQnSIA3W/hmx83yDeGBfeAv4/BsYS/xCJ/2moR2Jp8UgpqSLZO0uHrY1DOX8QS21DsyyFHf1WSeRR3IFIJg1fjh3QhDZLFHrjOYc9nNdltM9UN5nOhYeBPEopUBsR4HnBaNz00klAn3IPJXg8K5NjtKGgc1uIGva5PP3L6lreGo2CB1ciqOqAaXA2qltYcXx3Ti34JltQek47lwxmHNMykxholCVtyzkUGGs8JgdJB0iSlkvKfdw+tbzFh7qJFmGClqmF4gZNVBUgoCBDp3GyWV5a7u32HRpLF8ZtFlxsZIJXb4un3I9Nd2LAWTl6lA== X-YMail-OSG: GULJ65IVM1lK.OjqGz8yqzFzTBJXMoEKqNyElswLU5IL9QqZIgQWc3Ar1PIXMQd y4z7mx4uiMaPI_zM5PhTtKSo7U9njstHLyYY1qd4rC88I2EScqGp.C_0BblbfBINxlkq.QXLfqmE J.VmGeOkGfN.A1V4MwTbWbKHBywNkifpIs.ZwV1bNGKX_TiSITqsjhOOLR0jAm23TsKXFyoIifNX Bfp8P.nCvhD17cDiy_zAIBroN8K7PmVbGiyqLgLdmhw1anI.olzAVY8MaidTgNEBX.stGFx78hE8 fnL2qWQkcF4Fngku_A8l4IAQaZmTUEX3c.qH3Pd6dPf_lWW7cc7L5AAZlsiHCvSzDfr69xDL.tfI IkpwaXF1SrMaVufm4jYQn82qRNavPfqi9rTYtGVJKyyyLkSws7vOjid53q9KRjxPZl_zEy0wYjq_ lI8K7hbA49Q9ecm9XR17KqhgLU3ZD_U4k8CeZHdesTHtgWd.ZqIo8xpY36Dn3wtC4P7x8QWSmnwP rT.PjBNVbvTUOi9o1yYpznzvWAa6D1wA.XRh15e4I4XEAPGxZuYY0h0NPXfksGBehlSnCFzWziar vC6m9YMAXvj2ygD9yRkUaxW76NjPope.7W.x.0pXzwTcdNVv5mSEjpxJyK_1G3n_7J8wc70zAcH8 9fbCbFYYxaTZB1fMfNrnod_KL4Bl1d.SCY_6Unx8oB9DirmGas6NM3Kem026CGYpoe9PASXpM.IO ptmUztRMJ3TK8btBztwBmQMRpMy4o5RwC0qfhlIYToplywEWgY1O.SLg5LqlQ2JtcIPisPVes7ce z0W1oB.qWD0__7KMJz5yf4D_7lm0aAyU3ANLpNvjMO63M4pD1oBqDSnroT4pgfY1Rs8NQaflqW7z OTwv_O.vga4D0HFiHWKIOSL5wgJP01DZSfSmx975f3x8oHA_k3vN.Z8U6heci1g1zljKA7X97EJz X96JRcqHOcDpKU73WbY48hz85vfGJlzYDg2FvrKuFzcW3A_wAQb1BS4jPvadw9XnluERdURul1lb IF_27fWcyogbmKH1wb4CYrk2yC50wY8h_.21PrNl3RawY3pZ8uI_m.hphUd9JFFokJ_9o9PKBu5p kXwswsHIcmcL2e1xt6FoLnAFZ9pkZWBPvCnpROg7U0GI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:05 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 36/38] Smack: Abstract use of ipc security blobs Date: Tue, 11 Dec 2018 14:43:12 -0800 Message-Id: <20181211224314.22412-37-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Signed-off-by: Kees Cook --- security/smack/smack.h | 11 +++++++++++ security/smack/smack_lsm.c | 14 +++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index bf0abc35ca1c..0adddbeecc62 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -24,6 +24,7 @@ #include #include #include +#include /* * Use IPv6 port labeling if IPv6 is enabled and secmarks @@ -373,6 +374,16 @@ static inline struct inode_smack *smack_inode(const struct inode *inode) return inode->i_security + smack_blob_sizes.lbs_inode; } +static inline struct smack_known **smack_msg_msg(const struct msg_msg *msg) +{ + return (struct smack_known **)&msg->security; +} + +static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) +{ + return (struct smack_known **)&ipc->security; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9ff185af378a..ceda326a6e47 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2918,7 +2918,9 @@ static void smack_msg_msg_free_security(struct msg_msg *msg) */ static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) { - return (struct smack_known *)isp->security; + struct smack_known **blob = smack_ipc(isp); + + return *blob; } /** @@ -2929,9 +2931,9 @@ static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) */ static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) { - struct smack_known *skp = smk_of_current(); + struct smack_known **blob = smack_ipc(isp); - isp->security = skp; + *blob = smk_of_current(); return 0; } @@ -3243,7 +3245,8 @@ static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg */ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) { - struct smack_known *iskp = ipp->security; + struct smack_known **blob = smack_ipc(ipp); + struct smack_known *iskp = *blob; int may = smack_flags_to_may(flag); struct smk_audit_info ad; int rc; @@ -3264,7 +3267,8 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) */ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) { - struct smack_known *iskp = ipp->security; + struct smack_known **blob = smack_ipc(ipp); + struct smack_known *iskp = *blob; *secid = iskp->smk_secid; } From patchwork Tue Dec 11 22:43:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10724999 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EE1D517FE for ; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDB8729FE9 for ; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D19F32B6AA; Tue, 11 Dec 2018 22:44:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3F1C62B341 for ; Tue, 11 Dec 2018 22:44:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726717AbeLKWoJ (ORCPT ); Tue, 11 Dec 2018 17:44:09 -0500 Received: from sonic308-17.consmr.mail.ne1.yahoo.com ([66.163.187.40]:41624 "EHLO sonic308-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726643AbeLKWoJ (ORCPT ); Tue, 11 Dec 2018 17:44:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544568246; bh=NEVQq6fYLlth36xT/2dWjaLbh9KjtCaEpz5d/7QnsZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=pyzNcmxerxZ5cQxbL2nXzvUNOY9SBXz08nA4FRrNXp0PrHknKR/YlI28m9pFJiOItA9rGDPWEHJcFUvoLhcUWGYapB+NpAeMKIzNqHjtwK6Hb5x+jFkU8OqGKhcb3weP5kAzelXoMWOwjXpUrqTOXQ+boVtBl0TU4cstRIo/WqNOxRE3S5v0f6jjb1dp32A4z/aG8reYfyulF4G+dxK1rJhw7o3SQu/RRiKq5du060loNHEbCZeBLZopAaaeq3pVMMtt4iFODt1FubhDd2h0AIVPeuRKeZ3DEVJZIa/TwOJdPo4Rv1PkoVfrOc/BdDozAOIWlVVWpA9QPGhJziMRJw== X-YMail-OSG: S94JI6cVM1nrasuDLvmO.XWqvJPxUFfaBTGke_JAsIvLh4vwnepszR9eT4d31Nu vk7OPZgoLlxSwDS_G1RUBpizsHM8YiATHR4kuytoHdecSty.VCMF5Y3hkEKK7niCZJwiBC6RWmem bsQT1dZdLlyjBlt739OPRqb8CH.Lw1MUcohIcxMNoaic8IZB8GHgsAsTF4JDo.N6KVv03WJWc7P_ r7G33poemqqPe9Cba3WrJt9T8D6CzOG9P0h8MfZ7U8fz5djpFiO8w0s.LHhyHy38jaKX.PpEQLGk .otHFoXhqYXHk700KNEXpY7o7hDv1Z28t7iXaTIYG.CbKoKCjUwYt9Rh4FWjiMIYp5teVa9lNUQK zUiJc9_ZBF9CY9_0XWXGum414OjI.ZaobRkB9FAjj1hS.R5x4pnteNwodFOwFzydj2NepZDkr6ia 7WUghEWPSz.MepSvEEeLIuaRDsUNpWfI4Q9b8mARNuPzI9IWtuRrQ3Wmk31lPDoPLytjYcujKxuN iS2ORxCFhBlArhqTjBPVfFnB6iiS0iHI.aVteE9eaZmGOKr6BwXySRUHDSE7jlTeSKt91i437krD rIgzQmybCdu0uGpzL74PI95k6vZ61F304UxbHAB6mkqwQfxoGwxoT9XG2i2c7i0Krx1TuJXYwMp9 yagarP_kvJwHNZmxzEB236n3VowkKxPYm7VP2xG6djqIuglSRjILwH8Nbm3_6DeXEnqV_hBy6WZF E3_288PN9VnZQ4525jAB12_b5amCx5Plgi.UrnfPI7yHQ6KF6jeavwLL5e6Eg1sHj00nmwbQOsDn Nh3NzHNiT9CQPbyK3bRXKcXogZx1V_SOrj4a8A5t8RHRoz7o1231VA9rQxoHr0O.SS3NDmGPpdOJ X_Qw5OONgMAxyeMn2SGCVBzene3MFq5.oarLwUylUsbms1eCMJJUZFehrVDsAjFuAokC8RrDj_dk Z_gUvUAHtFvr.Ihu1jKQfkMvpCfcUdziEolRQy0xFGRf1u6R70UWy3UDVs.r14Tr05mcdlXVfeCk _qZok4PyWeBsZ1O.WL5aOMX7QfwSEqkzSub6KNNesQkXs12xGoz4w.ubLhr6IISMHfS5k4kbjDHD MW0K_yCvkjjqWjeww7g6.8wt9WESfSyAaj23dBQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Dec 2018 22:44:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([67.169.65.224]) by smtp411.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6f4a30c5671782919fad3da3c826f035; Tue, 11 Dec 2018 22:44:06 +0000 (UTC) From: Casey Schaufler To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com, casey@schaufler-ca.com Subject: [PATCH v5 37/38] LSM: Infrastructure management of the ipc security blob Date: Tue, 11 Dec 2018 14:43:13 -0800 Message-Id: <20181211224314.22412-38-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> References: <20181211224314.22412-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move management of the kern_ipc_perm->security and msg_msg->security blobs out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 2 + security/security.c | 91 ++++++++++++++++++++++++++++++++++-- security/selinux/hooks.c | 98 ++++++--------------------------------- security/selinux/include/objsec.h | 4 +- security/smack/smack.h | 4 +- security/smack/smack_lsm.c | 32 ++----------- 6 files changed, 110 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 243c7c6e181d..f2cc950e6172 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2031,6 +2031,8 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_ipc; + int lbs_msg_msg; int lbs_task; }; diff --git a/security/security.c b/security/security.c index d3d3963d7914..60ae6b470a0b 100644 --- a/security/security.c +++ b/security/security.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #define MAX_LSM_EVM_XATTR 2 @@ -169,6 +170,8 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) if (needed->lbs_inode && blob_sizes.lbs_inode == 0) blob_sizes.lbs_inode = sizeof(struct rcu_head); lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); + lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); + lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -293,6 +296,8 @@ static void __init ordered_lsm_init(void) init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); init_debug("file blob size = %d\n", blob_sizes.lbs_file); init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); + init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); + init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); init_debug("task blob size = %d\n", blob_sizes.lbs_task); /* @@ -538,6 +543,48 @@ int lsm_task_alloc(struct task_struct *task) return 0; } +/** + * lsm_ipc_alloc - allocate a composite ipc blob + * @kip: the ipc that needs a blob + * + * Allocate the ipc blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_ipc_alloc(struct kern_ipc_perm *kip) +{ + if (blob_sizes.lbs_ipc == 0) { + kip->security = NULL; + return 0; + } + + kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); + if (kip->security == NULL) + return -ENOMEM; + return 0; +} + +/** + * lsm_msg_msg_alloc - allocate a composite msg_msg blob + * @mp: the msg_msg that needs a blob + * + * Allocate the ipc blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_msg_msg_alloc(struct msg_msg *mp) +{ + if (blob_sizes.lbs_msg_msg == 0) { + mp->security = NULL; + return 0; + } + + mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL); + if (mp->security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -1618,22 +1665,40 @@ void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) int security_msg_msg_alloc(struct msg_msg *msg) { - return call_int_hook(msg_msg_alloc_security, 0, msg); + int rc = lsm_msg_msg_alloc(msg); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(msg_msg_alloc_security, 0, msg); + if (unlikely(rc)) + security_msg_msg_free(msg); + return rc; } void security_msg_msg_free(struct msg_msg *msg) { call_void_hook(msg_msg_free_security, msg); + kfree(msg->security); + msg->security = NULL; } int security_msg_queue_alloc(struct kern_ipc_perm *msq) { - return call_int_hook(msg_queue_alloc_security, 0, msq); + int rc = lsm_ipc_alloc(msq); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(msg_queue_alloc_security, 0, msq); + if (unlikely(rc)) + security_msg_queue_free(msq); + return rc; } void security_msg_queue_free(struct kern_ipc_perm *msq) { call_void_hook(msg_queue_free_security, msq); + kfree(msq->security); + msq->security = NULL; } int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) @@ -1660,12 +1725,21 @@ int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, int security_shm_alloc(struct kern_ipc_perm *shp) { - return call_int_hook(shm_alloc_security, 0, shp); + int rc = lsm_ipc_alloc(shp); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(shm_alloc_security, 0, shp); + if (unlikely(rc)) + security_shm_free(shp); + return rc; } void security_shm_free(struct kern_ipc_perm *shp) { call_void_hook(shm_free_security, shp); + kfree(shp->security); + shp->security = NULL; } int security_shm_associate(struct kern_ipc_perm *shp, int shmflg) @@ -1685,12 +1759,21 @@ int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmf int security_sem_alloc(struct kern_ipc_perm *sma) { - return call_int_hook(sem_alloc_security, 0, sma); + int rc = lsm_ipc_alloc(sma); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sem_alloc_security, 0, sma); + if (unlikely(rc)) + security_sem_free(sma); + return rc; } void security_sem_free(struct kern_ipc_perm *sma) { call_void_hook(sem_free_security, sma); + kfree(sma->security); + sma->security = NULL; } int security_sem_associate(struct kern_ipc_perm *sma, int semflg) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1e56b036018a..d4337aa7bb59 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5837,51 +5837,22 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) return selinux_nlmsg_perm(sk, skb); } -static int ipc_alloc_security(struct kern_ipc_perm *perm, - u16 sclass) +static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) { - struct ipc_security_struct *isec; - - isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); - if (!isec) - return -ENOMEM; - isec->sclass = sclass; isec->sid = current_sid(); - perm->security = isec; - - return 0; -} - -static void ipc_free_security(struct kern_ipc_perm *perm) -{ - struct ipc_security_struct *isec = perm->security; - perm->security = NULL; - kfree(isec); } static int msg_msg_alloc_security(struct msg_msg *msg) { struct msg_security_struct *msec; - msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); - if (!msec) - return -ENOMEM; - + msec = selinux_msg_msg(msg); msec->sid = SECINITSID_UNLABELED; - msg->security = msec; return 0; } -static void msg_msg_free_security(struct msg_msg *msg) -{ - struct msg_security_struct *msec = msg->security; - - msg->security = NULL; - kfree(msec); -} - static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, u32 perms) { @@ -5903,11 +5874,6 @@ static int selinux_msg_msg_alloc_security(struct msg_msg *msg) return msg_msg_alloc_security(msg); } -static void selinux_msg_msg_free_security(struct msg_msg *msg) -{ - msg_msg_free_security(msg); -} - /* message queue security operations */ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) { @@ -5916,11 +5882,8 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) u32 sid = current_sid(); int rc; - rc = ipc_alloc_security(msq, SECCLASS_MSGQ); - if (rc) - return rc; - - isec = msq->security; + isec = selinux_ipc(msq); + ipc_init_security(isec, SECCLASS_MSGQ); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -5928,16 +5891,7 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) rc = avc_has_perm(&selinux_state, sid, isec->sid, SECCLASS_MSGQ, MSGQ__CREATE, &ad); - if (rc) { - ipc_free_security(msq); - return rc; - } - return 0; -} - -static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) -{ - ipc_free_security(msq); + return rc; } static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) @@ -6067,11 +6021,8 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) u32 sid = current_sid(); int rc; - rc = ipc_alloc_security(shp, SECCLASS_SHM); - if (rc) - return rc; - - isec = shp->security; + isec = selinux_ipc(shp); + ipc_init_security(isec, SECCLASS_SHM); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = shp->key; @@ -6079,16 +6030,7 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) rc = avc_has_perm(&selinux_state, sid, isec->sid, SECCLASS_SHM, SHM__CREATE, &ad); - if (rc) { - ipc_free_security(shp); - return rc; - } - return 0; -} - -static void selinux_shm_free_security(struct kern_ipc_perm *shp) -{ - ipc_free_security(shp); + return rc; } static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) @@ -6164,11 +6106,8 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) u32 sid = current_sid(); int rc; - rc = ipc_alloc_security(sma, SECCLASS_SEM); - if (rc) - return rc; - - isec = sma->security; + isec = selinux_ipc(sma); + ipc_init_security(isec, SECCLASS_SEM); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = sma->key; @@ -6176,16 +6115,7 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) rc = avc_has_perm(&selinux_state, sid, isec->sid, SECCLASS_SEM, SEM__CREATE, &ad); - if (rc) { - ipc_free_security(sma); - return rc; - } - return 0; -} - -static void selinux_sem_free_security(struct kern_ipc_perm *sma) -{ - ipc_free_security(sma); + return rc; } static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) @@ -6818,6 +6748,8 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_security_struct), .lbs_file = sizeof(struct file_security_struct), .lbs_inode = sizeof(struct inode_security_struct), + .lbs_ipc = sizeof(struct ipc_security_struct), + .lbs_msg_msg = sizeof(struct msg_security_struct), }; static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { @@ -6928,24 +6860,20 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), - LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security), LSM_HOOK_INIT(msg_queue_alloc_security, selinux_msg_queue_alloc_security), - LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security), LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), - LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security), LSM_HOOK_INIT(shm_associate, selinux_shm_associate), LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), - LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security), LSM_HOOK_INIT(sem_associate, selinux_sem_associate), LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), LSM_HOOK_INIT(sem_semop, selinux_sem_semop), diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 539cacf4a572..231262d8eac9 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -179,13 +179,13 @@ static inline struct inode_security_struct *selinux_inode( static inline struct msg_security_struct *selinux_msg_msg( const struct msg_msg *msg_msg) { - return msg_msg->security; + return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; } static inline struct ipc_security_struct *selinux_ipc( const struct kern_ipc_perm *ipc) { - return ipc->security; + return ipc->security + selinux_blob_sizes.lbs_ipc; } #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/smack/smack.h b/security/smack/smack.h index 0adddbeecc62..9c7c95a5c497 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -376,12 +376,12 @@ static inline struct inode_smack *smack_inode(const struct inode *inode) static inline struct smack_known **smack_msg_msg(const struct msg_msg *msg) { - return (struct smack_known **)&msg->security; + return msg->security + smack_blob_sizes.lbs_msg_msg; } static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) { - return (struct smack_known **)&ipc->security; + return ipc->security + smack_blob_sizes.lbs_ipc; } /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ceda326a6e47..4dcdea45e785 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2893,23 +2893,12 @@ static int smack_flags_to_may(int flags) */ static int smack_msg_msg_alloc_security(struct msg_msg *msg) { - struct smack_known *skp = smk_of_current(); + struct smack_known **blob = smack_msg_msg(msg); - msg->security = skp; + *blob = smk_of_current(); return 0; } -/** - * smack_msg_msg_free_security - Clear the security blob for msg_msg - * @msg: the object - * - * Clears the blob pointer - */ -static void smack_msg_msg_free_security(struct msg_msg *msg) -{ - msg->security = NULL; -} - /** * smack_of_ipc - the smack pointer for the ipc * @isp: the object @@ -2937,17 +2926,6 @@ static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) return 0; } -/** - * smack_ipc_free_security - Clear the security blob for ipc - * @isp: the object - * - * Clears the blob pointer - */ -static void smack_ipc_free_security(struct kern_ipc_perm *isp) -{ - isp->security = NULL; -} - /** * smk_curacc_shm : check if current has access on shm * @isp : the object @@ -4589,6 +4567,8 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_smack), .lbs_file = sizeof(struct smack_known *), .lbs_inode = sizeof(struct inode_smack), + .lbs_ipc = sizeof(struct smack_known *), + .lbs_msg_msg = sizeof(struct smack_known *), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4660,23 +4640,19 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), - LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), - LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security), LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), - LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security), LSM_HOOK_INIT(shm_associate, smack_shm_associate), LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), - LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security), LSM_HOOK_INIT(sem_associate, smack_sem_associate), LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), LSM_HOOK_INIT(sem_semop, smack_sem_semop), From patchwork Wed Dec 12 16:05:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10726663 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A1CA4174F for ; Wed, 12 Dec 2018 16:06:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8FD452B1BB for ; Wed, 12 Dec 2018 16:06:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 83DAC2B254; Wed, 12 Dec 2018 16:06:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5ABA52B1BB for ; Wed, 12 Dec 2018 16:06:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726281AbeLLQGK (ORCPT ); Wed, 12 Dec 2018 11:06:10 -0500 Received: from sonic307-9.consmr.mail.bf2.yahoo.com ([74.6.134.48]:40888 "EHLO sonic307-9.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727830AbeLLQGK (ORCPT ); Wed, 12 Dec 2018 11:06:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1544630769; bh=AAyDaqBwEWrHzXrCEtlpl306HHAwsgI0AAHJccOhSfc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=Bx2K1QWc0JV1Ji+5i52w22o0H1dZA9g8VnvfUTjBDvwIoY1sNELSH06P9aPFs6xHLekdqwpSKtT95UZ2c33kbzFQMjmBbJlSzWQxKqdBI6eZdgnfGAa71tzz7YvkjQSnU18IiVSTHIxi1Qef6+/GLvini9+Ag1Yf3lvU1tV9q8+gaT8N6BIylBZFz0RXaODVkgsVAaMWoNrColh/DYpXMeb5rxdNSkejixJzmp3pG2HvLXGFXxT1v0e/TgmQrNzOu2XXSEFJK8njMmXMqqHvkbsPoV1updg51Q32O36LiIVgSC2QXhtGM3SxiOsb0sreL6RXR4+XkUjaU4RaO7EPXg== X-YMail-OSG: IbcGqDIVM1kijcQXooZJ0yH02tUHUPsz2kYwHQ7cPD3k9xvzETfaR06USKMfUwr OgcpJGMjVc.UPi5zLc_mF2_NEZ5lYfzjaC31MDc8tsCaI6GaXOfTn_jE7RfxjPBKUS6nbWyXRrIJ uUmCVUtUQuI.mnGyMX5RhmN2Vd6By_576QkN.PQo.qlLYIvfkykQ9uHSPl9qeIURefqKWdyE142y u4kjHhyXoWt8P4_2.nALhZvdETPH8jB0CJCbuQrwvTjZUMla0A9GxRAlXI3Z8mx9JDJ8UsXQwzVV 3AMaZVNb5p8Oc3vLYLeFfUxj4.h_vE1Uj8klJZAQqQPVA9KYGzwWUxbxxqmgndyN4yUFQjMudf7C JesLSQrsDfTFKX5EI9dZ2qWqbghYur8AHkZ9eqr7d_0DmsjJXKXcv3O8.zsKJSYr52SmF1rV1_c1 YlE328iZOfMMDzs5ybmSbDd.N33vNOlQ9DfbILuAbafGwc_H.pbX9Iorzj5oIf5kDPqPRkLx2XQB qWYETZGX5YP.Y0kVYqEPU.01LAv32.meHh8v.FzlGHyhKFZbU6b868GUODyKAgMKbzyNvOkM5B1E BAeM4TTFzjNGfzhhHb_4FCmcIPhW0eO3Vo4R6FxTx69N8H8hJIE5x_JQgqvlIvpwRmwm8D_gLO3q HN2URR1T2iRoXRxOrfXammZJxKUHB5XV1B.C5zUONbdTDgYqCTv8MTCq0l3mm8zWQzDPSXsN7izt 1bqoLGiaBjo0kjEmnnJgOFnO56BEAYrHKbhXMO7rdjRxU1S_xiul74R9So3rL5aPKlXPahYBueoI aPB5UZ4jJt9moueIGJ3F2wsr9k.RTk__gedMJM.WgN570Cg1fju2brdsMKgYC0U8Vz2j.DdgEBLH RnPYtvsyVqTA0xCZ3U.twGq21roux56tRySrg80TXHsYTWrPwQd52Byo7qv0TfjmGn4W48JCDQ1U ei3XsMjnA04aI5KwuiCn5P45fDhZ8ASLGhb6buFqe3rxrseq.1WzdOVbtplFYLnYquiHBjhqIQge v61esofMkdsiM3UMoHLnoqNpaCqHH50NnKJVtLyBvGhic8AM8kgq5iY35OZwUytNbn.pEYy1LHk9 b7HY_nwtJpBjefylHekSey7JuHVgWcUyVz.5R Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.bf2.yahoo.com with HTTP; Wed, 12 Dec 2018 16:06:09 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp410.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID fe2a1506230eb1105a50167d41a8a69f; Wed, 12 Dec 2018 16:06:07 +0000 (UTC) Subject: [PATCH v5 38/38] TOMOYO: Update LSM flags to no longer be exclusive To: jmorris@namei.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Cc: john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, adobriyan@gmail.com, mic@digikod.net, s.mesoraca16@gmail.com References: <20181211224314.22412-1-casey@schaufler-ca.com> From: Casey Schaufler Message-ID: <68432944-ad46-5b8f-09ba-cb956a479d49@schaufler-ca.com> Date: Wed, 12 Dec 2018 08:05:56 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20181211224314.22412-1-casey@schaufler-ca.com> Content-Language: en-US Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kees Cook With blob sharing in place, TOMOYO is no longer an exclusive LSM, so it can operate separately now. Mark it as such. Signed-off-by: Kees Cook --- security/tomoyo/tomoyo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9094cf41a247..066c0daf0efc 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -577,7 +577,7 @@ static int __init tomoyo_init(void) DEFINE_LSM(tomoyo) = { .name = "tomoyo", .enabled = &tomoyo_enabled, - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .blobs = &tomoyo_blob_sizes, .init = tomoyo_init, };