From patchwork Mon Dec 13 23:40:07 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674905
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2E0C4C433EF
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:41:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244236AbhLMXlt (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:41:49 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:43817
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S241980AbhLMXlt (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:41:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639438908; bh=SXOF32V2D3oq++Ma3iBAcofIvwMGvODK6Fu8YccgUZw=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=IWotJD8t7jr2XfcEARU7bJ4ZAxBuyFBMaUeb49iLsRv44z8Oa4cqQipjbs4Y9N3VrN2acx6aSNlntYNC9tzHXbuT28d5LyKSybiI3kNCxpKI91Yvgb6SZ+Xd4/bvyHsmpO8kmdnaxzYjlwAynZrXUdnHj8TV782Q7tUWxzFfzYLxPH6kpSif1MaCYzkC+Yxl0F3RS0TmOHvmA8JEtI7F0E/DJ+O92751BHL3flZtWvlC8vqP+UqVxZESvbAD7/DeuKJv2q7B6UJ5kidj4/E2vyZk3SR2OVWAph1L3aEiatGD+YTD1iCht8FRq4qcKsMx3dUhCc27CjgtJ99zgXUYmA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639438908; bh=7DhhCH6ZSiPYrYC1RrvBFfjjHhaCyD74ddvzMQJfhae=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=DdJk+2p1pGE4zw6zU+AjDy7ifYSmMDD53gu+87liliU170sJLZ6J+6WipY6x6wQcdU5NIj3WP4K7gunJSuvMQrW9gyiU2sAm5p0iKJKbyKAH6IJNFdiFm/nMFV4c/MVFZLppvPIgrgfy/hVKhOdoDKY/s1IlJt9KUCzANEWX1iHn33GjUD/cK4gnBrXBR12BHrhnd/j7iSNY30FhnDaVGt0cRYuDpsekrJ3wtw5v5zN1rLPNEgTm+6BABGbmKPCFL0qNuLAz00EMDrRNXhzSwSXxd1I+P8RmL85TDBMiWINSBhHCyCm4VVUCAUUqgZdUfOVGsEEd9TTN8YDs46yNKg==
X-YMail-OSG: J9MkZAoVM1kmQYVG_L1EGVsayCVbzdTOImL4UT.G7363eNXAVbDDk0qufCAr2Ix
 bjZ2IJN2K3Qf.7aNlPU7R46c4hV7IlDhAJhLEsf3wVC9vFTsz8ppK77pjEchUNY4MsaQON3ErzI1
 5lsF6p.cSr5MEgkR13gkAk8.s6ijFvVDCEWhbd4uELkMkQbe.N8ALWH6aMtVtv1hwgAbbHNLqsDF
 Ff0Gs8y2u.YtDL5H_uPzNkYDqG6NCj8QbpBi7S0.RX6QDXNRSfEdnQE.0q.ou2crIQfP7.JuqGds
 FairnGg0PV_I9TJDC994xHpIEr9km3HMCCll.lW1ghs4qCkvooVYLOQms1XLf.I_jLrLucE4GFh3
 i0C3duGYBJymXJcTbHia6qvero4WhEjnVwzY46XmAl3PupS2YwuXfUWHfPQAZQty6g4MVurvUajS
 W0UdrJGZzrxkM00RF8EftXdLe26bwOpaJBdNpGPcq4Rm4CwYUoFTTrQtckxl4gNOJaM76xUyY6Fe
 1Lt.3ycB78NLl0EEsPuQVFd90og5AYQILg9MVigcFAkdZtVYvRNOJ5njnddmsanWnRk_t5kgi.FU
 rZRGH9SHo6sMN8B7EzLt33Psl2JAQGFro3hKKX81mZVt.fEg0hbuXQJr.Q.xOMWpxfwWBQx7INYi
 HlHrdxteuhsuW6RPsJaQuJWEr5tNyd4o6vtCXN11V4F3AmnkWDeSYxzybH7vR2Yn0tAYhkVg0zdd
 qYDt3i_nGSX1aa1bXAU48Tzgj0vU46OzSN0E5auxxXXJ0o2U30mY6JN5BeBq_GG2977_WvYEawx3
 KyYNgDm9eU1tJAT9S6bksM9vNxRC9t3btL0MhZOYpy0bTzESC3lwcCYvFEdelsmy08A3nBJFFDrZ
 sp2kVrRHgN3Rgl71vbNgjtcMJX_stOQbCo9aRfXbFtvKOuI.Jx8Djs4gyjcjOrlgqz4Kepnb7HMS
 I_hxE9u8zLPHf6GTNibEokGQ0fvGB5OVwSjoCYYcrQxeHd9xLb5qOCbearU69ZZNeH38DndQGOwu
 VsWXLZaifoezwc_GnuxiwbPzlRq2XBhNQrIy8CiKEQnKx0bGRpcstj6ERSdMDV5CDyKKXOZX3jtw
 2IYQUA08IdFbHz5i83jCT5WP9ZFtySHXWRo6xNQVNKCTCXiT6jV3uDuvnPwAeTX8JyHJ25AQa_Ul
 qU8Q8T3Rug4OZMm1qFTQFToK6kwtm0VOEGHpK_R3gZdV.s1y62RAJ6umKxbwxbOYFUtCJYnwmTkJ
 nPeXNfpDcp29CpjDriZRMiw.BDgoZSmo.5W7oXyX.jOcRlO2.R4cxwBfwuRZTJDcGrb9l0qn.HkE
 4i4QyflX3d9h615vafHb.vZzopPQKKZyVYQAmBmfSJiJad9WUkbK7fohQ.kCcmEIroCxfD5Lq_mJ
 mRWkS5gjRTr6y.tvth6FPX8QcDs1tYE.7VABHujfE5alRWdcufOYvS1OoCs7gXWhGzYKrOyIWGBI
 iGpN.eoec2lUhlIXMGKlsv.om_mK5mqXOedE02IsLpPFMnF1zlMalQ46yZPlVXSkjJ71KS_Gn0FB
 qnMPhU9gHEwCPWtQSwOVn0Jv8DNHCWNolSIFFRy8qj68gJhVDeyPi9Ioll3DCcmxZdCz6yyt6OS6
 8yct__MTbfPk_.BOsoK7Tu6qRaEpc4BcedqwRTr38qCxBht9TM3ffyg8DbZ9PO4pCVw19uXw6TjI
 ZR5kTVnH5YFwA5QMXwu0ERHfDbVR21kefN2ZZk2p_1bp4AZYMmdFwHGwp2KkeFum_x7eia6UWjtP
 lW4NnlCRIW8H2gGa8HrjIWxuu_sHYu4uZA52X22O.jSlFcmbeJPlYc_BcVSQwi3F5XPKbmofBu2i
 FqiE49.j2ynXAxtkmBCW3NKqbp8bx3bAMu.4eakE9TFtg0JC8MBUzVVwNvE2P7uo.2SyxT3PQIlN
 aFyGnW3fAMBvDryCpoFxR3Y4VL._NjYnTgtmDw43_CzVH6v6RZUxADtsakipfpD7pJq7n1OxkDTr
 smnv2B0NQUYvodgi_ztyXcRxM7FZt8s8Mw_dJ9zA.6wWqoH48MnVO2mQKaI4BR5ttub_9MoBcl7p
 GuPBVGsZtJ4GdzLupT4LoZbN3U3hqB133RW0U0Pn1hImt9fEfWSDk4TUl7gSD08kbiRqcoYvm6d2
 Ln7knS0VPEObV_lQhKeuJ4K.7OXaRvNWwe3TeqffLNNzUdMmnMIOzdRWaBsh0QjD2Uwu7QPHe1Qu
 DMpk3jfN0OmYwTT4GAq2KDCig.PMK5untvhEbyODUIQYXbQBUZxZTDWVdslVQSCluw.ZUOGnGfuI
 DK9UZqvfhzQ--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:41:48 +0000
Received: by kubenode545.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 11ae262dee001154213f3941f24256ad;
          Mon, 13 Dec 2021 23:41:45 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 01/28] integrity: disassociate ima_filter_rule from
 security_audit_rule
Date: Mon, 13 Dec 2021 15:40:07 -0800
Message-Id: <20211213234034.111891-2-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Create real functions for the ima_filter_rule interfaces.
These replace #defines that obscure the reuse of audit
interfaces. The new fuctions are put in security.c because
they use security module registered hooks that we don't
want exported.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Reported-by: kernel test robot <lkp@intel.com>
---
 include/linux/security.h     | 26 ++++++++++++++++++++++++++
 security/integrity/ima/ima.h | 26 --------------------------
 security/security.c          | 21 +++++++++++++++++++++
 3 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index bbf44a466832..71eac35bfa21 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1917,6 +1917,32 @@ static inline void security_audit_rule_free(void *lsmrule)
 #endif /* CONFIG_SECURITY */
 #endif /* CONFIG_AUDIT */
 
+#ifdef CONFIG_IMA_LSM_RULES
+#ifdef CONFIG_SECURITY
+int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
+int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
+void ima_filter_rule_free(void *lsmrule);
+
+#else
+
+static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
+					   void **lsmrule)
+{
+	return 0;
+}
+
+static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
+					    void *lsmrule)
+{
+	return 0;
+}
+
+static inline void ima_filter_rule_free(void *lsmrule)
+{ }
+
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_IMA_LSM_RULES */
+
 #ifdef CONFIG_SECURITYFS
 
 extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index be965a8715e4..1b5d70ac2dc9 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig)
 }
 #endif /* CONFIG_IMA_APPRAISE_MODSIG */
 
-/* LSM based policy rules require audit */
-#ifdef CONFIG_IMA_LSM_RULES
-
-#define ima_filter_rule_init security_audit_rule_init
-#define ima_filter_rule_free security_audit_rule_free
-#define ima_filter_rule_match security_audit_rule_match
-
-#else
-
-static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
-				       void **lsmrule)
-{
-	return -EINVAL;
-}
-
-static inline void ima_filter_rule_free(void *lsmrule)
-{
-}
-
-static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
-					void *lsmrule)
-{
-	return -EINVAL;
-}
-#endif /* CONFIG_IMA_LSM_RULES */
-
 #ifdef	CONFIG_IMA_READ_POLICY
 #define	POLICY_FILE_FLAGS	(S_IWUSR | S_IRUSR)
 #else
diff --git a/security/security.c b/security/security.c
index c88167a414b4..063c9cbbcea6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2563,6 +2563,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
 }
 #endif /* CONFIG_AUDIT */
 
+#ifdef CONFIG_IMA_LSM_RULES
+/*
+ * The integrity subsystem uses the same hooks as
+ * the audit subsystem.
+ */
+int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
+{
+	return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
+}
+
+void ima_filter_rule_free(void *lsmrule)
+{
+	call_void_hook(audit_rule_free, lsmrule);
+}
+
+int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
+{
+	return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
+}
+#endif /* CONFIG_IMA_LSM_RULES */
+
 #ifdef CONFIG_BPF_SYSCALL
 int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
 {

From patchwork Mon Dec 13 23:40:08 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674907
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 75357C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:42:55 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244248AbhLMXmy (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:42:54 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:34144
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244233AbhLMXmy (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:42:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639438973; bh=mqrxP8YbMqpdwGpiKDP5pDA2udZP8b7nOi28pU94VwE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=Lp6MPBRK09r/UyzC1eaotkHWeuR9T/ffRO5PlHxzKvbVsPsovBkrqOd40Pk8OqKpFORCGa58F3xxJAw2b3hGJ18EJfvME8njd4lc6ICYZoiBdDl8wKYFTUQ3d3w3yKRJLhHNNYNkIkZtH/iAPA6PtSKb+ziVOaHktnXzAoHnCmMP9GqDM7Gz24aHscDMda0JI8LPcbm/uZb3Dj3I0tUWaLGswv3RG4Rtu65ozGTimGTrtA18WCfjaOcyMUlaAQ1q1KC5m7g4myf1Fg1l04VLxt+SzjA+jI0Cp4aiSZnRjmfwLI1i+rU5GppbwZG0n3zY07zDC3evBtdDg1RAcVP+Og==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639438973; bh=k98kOvNEk/eVdV4/w0cza7/aaRdFpn+41IFesbu52Nh=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=TYXx3lAfpaD4BYPCLCF9Or7CJk2/2dBNuUcOD3caQ+k+0vlvblXQsLCmXVtw8qu/DZbRQ+rQIaMPIM00R5byYpEJbhcWuJMdIh1Eq4BF3eDcwROzsMBl3a9nscOxdBfe3s6mmSU92Suxec/cEt9ZOqoTeARrR61fqtKoXmNmNQ6VbwErqr2BDkEUOk/4ls989FbYxh0dCDWqnXurc+d3QPYa1ukKSr8I/lU/I77JSYHpOflAtZ50lyTZZfqdIvkGIEB+Mz92t7DD9O9CU32cOx50BM97Ec3LB1yv9FgENv4Qsm5fDYaGaTWrfwzt6Sm0fsYh3HkLP9S4PO0WQtQSCA==
X-YMail-OSG: 9ezkpLYVM1keYVEP4HGfbinZT1zilKc5zz0VMehl4tVEkq82O6inEfCTaGn9aaf
 OWN9hqMJqepdoEhP0zepAEwdpa7zbD3QWWHB7vbg2yBr9UDWdpjX9vJyNyHk7WZ1RQh_GT4RcIYY
 dGwUZ5_3_sjjEW0dB8teOqp8Lw6C22ErYDbhEONARGy28XahJSYlNtTNt250KR4wXvp2KnOcx1wo
 PEZQWB66JVAU9SGq3.6SIs87bjyhuyQopruKxZCGd7nFaP7U6ryygG7V5uWP_COyjODynMKXqL1J
 Tf_YABL.AIBapJMzq.I1J1.Sw3AINPPJd0THxalH1mw9vAlmwLKKeS2vTMwZYaWqd2_koaoP2Us7
 jgKtqFqVkBaAXY.n45T1k_EeOdCqxz43QbTMjizuJwKg_F4g6EMoLVQd2qW0uhcyznnJ_iU37zab
 Qdde9fdp8xUnmOQLhhHMAqVErBDhTxiUhvEBTxuAUWeocaA2ISHzgwiyCkFL43wZreLb2OJOk42V
 6xswHIQYQc1Bhks_rWF17Ux9P3jEMS8KnxXQ9l1cqAVsME1IrKWuGW64hHog9NWcXyDB_TIz9tCQ
 UNJZdI9zYWlA3dEpzVQKlkaOqv2EPowydO0syqD9yAu8MybUVcFLQ4G75EnSvk_jl.ZXcrJTT3Qb
 RxMTR1xECQj1JyZs6pYLJTRh4TKDbN4WR.wQiScntC04csx_BqiYTOPwssyloAaFUZ6tKIyHpdtu
 WUxZGXs4GCeeXgEoRWLT5p.PULkkxEUDJQsVI590IPBEt3eixl89HFrWH7.pwDE2KyWt1GkqNyzJ
 u62MosH64WCgJ0N7gSGwLhMrbOKWCBqWjb8.ddZFin9eF9lz2j6aK0NHqiDLm9NjGJfD2K5XeklT
 t7xMUuU9HqATBAroyPsxeer_8AUH5DshEagdDDpA44Dq4oB3F1rZeSjp1WA9QWw2Dyoiy6d5BGlE
 bfMGTtBLWepK8bGNbdJ2poyuHoF9SKZ6dVrnxC79kVZ7f9rpBpVSjvH2PFkOLyVBmLGxxNWeCXnb
 neQ8TO1TpzOFpyIWIM2yAUV1xRjV90OeW3ON.WdgICfwwWrgm1oGEWlIuWv6BmmMv7.VR44HnBol
 ngb8Lt5N5rYWSyLUIt8SLZyxtuVRMb83gbsEl8xPigpWr3OLNW7k8bb92IMVHNwy8x1ASF3oIKNp
 uC6W7wg17ps4kEW.7g8xIFrAYNe5idX54ShwwOpoqYf2lVGCjnnBSWuCF.2B4CQ35DJAinT.5kfE
 bLDh823cpPfdgn34_M2nuapO7nMD5eiyeGMd32p8hajbwct9QoJKLOQJ0SOoENn9jZMOxBPWXw5z
 c0NP0F60CKINpFnAuwURJfAtokuNBIqe_y6Y7ZAwQ.hj7kfoaATKZ8PdiEF2z3jbykkGguDI5Idy
 hGHHsrbHPskB8oy3xO5XEJlYKGuFm0FGEXgIjg6k_j8MqeDQ3mtvZoZQpToWJ1JtHkS5puFEbf0T
 IVdZUdhReVppjy1tGWkVMXQgi.GTdfTp725mu88ffivNftF5R66XwZbIi2RyIiegAKS0pHKzybRg
 t9hgGo4vVh60epQTHDLA8L7uWUW1p97PghdXcSV3CKh1vDGeuwzc7qvlWA2wPTPQNRq27teOGSh6
 C45kbyT1mxddumxM2P9p7uf8IKkTbEmuB9DMWKwKF76t1gkr8MhytRKCc5OjljcILHCUnyjrFsfv
 PhipaRDH9x.3oe8Fca6Smo7AwaSlbDqtOwK_9Ort.EdsvYvKb9z5UqT_mTlWmJjl2D7hVxRSxxdY
 vV.Kvun4.HwZD9S0NSqNdFGFsxYphHCtD8unxNXikUXphcFOBYR0sn4WHynk5ew7MCGLJ5U5.qDp
 .Klr0NQbiibHPwNC3l5DgEwz6VNPaOkOfxL7TsvGRQwaWHytubn6eQnSYsd4zAR7yQ0OC8IHRGcE
 6e4ryfk16H1VHl6U8Gv_IRba1_9fUpHZE20H8TgyEcblxTq5EaSix4nfsH4pTj7op58NKeXnz6k9
 ss1VBFulpcbafFhO_ahXKZx2K.MGFIkzpc.W1Y.xqwbLewf1eP4Qrp.5Oi.BLnxqtGoO.LcvmbHJ
 q8hcQ6ne57D479OpvZrKcNAtUCzdiEp.lzaxXk0.Qty6tS0FxbAy9EjHvJZ3L9mitkydUS3CzvlH
 047Am5vYgWWdlmNlBwXEA3qVOSjBRWcqLVVZv1BDkd0ZfUy26ZD3F4H8fpaAr5bF4tJdG_XYXYet
 BJ_IbZYi70f6N51IYqEIV0GI2WLc2jkqAUQ07h81vdN8MiUbXDG.5oub3GI11lDZztXVX9K_7UaW
 0imH9OeD6p5nQ
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:42:53 +0000
Received: by kubenode521.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 04ef0a30041a093d247185d7c5827f84;
          Mon, 13 Dec 2021 23:42:50 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH v31 02/28] LSM: Infrastructure management of the sock security
Date: Mon, 13 Dec 2021 15:40:08 -0800
Message-Id: <20211213234034.111891-3-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/lsm_hooks.h         |  1 +
 security/apparmor/include/net.h   |  6 ++-
 security/apparmor/lsm.c           | 38 ++++-----------
 security/security.c               | 36 +++++++++++++-
 security/selinux/hooks.c          | 78 +++++++++++++++----------------
 security/selinux/include/objsec.h |  5 ++
 security/selinux/netlabel.c       | 23 ++++-----
 security/smack/smack.h            |  5 ++
 security/smack/smack_lsm.c        | 66 ++++++++++++--------------
 security/smack/smack_netfilter.c  |  4 +-
 10 files changed, 143 insertions(+), 119 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d45b6f6e27fd..89b8e40186f8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1604,6 +1604,7 @@ struct lsm_blob_sizes {
 	int	lbs_cred;
 	int	lbs_file;
 	int	lbs_inode;
+	int	lbs_sock;
 	int	lbs_superblock;
 	int	lbs_ipc;
 	int	lbs_msg_msg;
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
index aadb4b29fb66..fac8999ba7a3 100644
--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -51,7 +51,11 @@ struct aa_sk_ctx {
 	struct aa_label *peer;
 };
 
-#define SK_CTX(X) ((X)->sk_security)
+static inline struct aa_sk_ctx *aa_sock(const struct sock *sk)
+{
+	return sk->sk_security + apparmor_blob_sizes.lbs_sock;
+}
+
 #define SOCK_ctx(X) SOCK_INODE(X)->i_security
 #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P)				  \
 	struct lsm_network_audit NAME ## _net = { .sk = (SK),		  \
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 0d6585056f3d..343631e20c2b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -775,33 +775,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo
 	return error;
 }
 
-/**
- * apparmor_sk_alloc_security - allocate and attach the sk_security field
- */
-static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
-{
-	struct aa_sk_ctx *ctx;
-
-	ctx = kzalloc(sizeof(*ctx), flags);
-	if (!ctx)
-		return -ENOMEM;
-
-	SK_CTX(sk) = ctx;
-
-	return 0;
-}
-
 /**
  * apparmor_sk_free_security - free the sk_security field
  */
 static void apparmor_sk_free_security(struct sock *sk)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
 
-	SK_CTX(sk) = NULL;
 	aa_put_label(ctx->label);
 	aa_put_label(ctx->peer);
-	kfree(ctx);
 }
 
 /**
@@ -810,8 +792,8 @@ static void apparmor_sk_free_security(struct sock *sk)
 static void apparmor_sk_clone_security(const struct sock *sk,
 				       struct sock *newsk)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
-	struct aa_sk_ctx *new = SK_CTX(newsk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
+	struct aa_sk_ctx *new = aa_sock(newsk);
 
 	if (new->label)
 		aa_put_label(new->label);
@@ -867,7 +849,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family,
 		label = aa_get_current_label();
 
 	if (sock->sk) {
-		struct aa_sk_ctx *ctx = SK_CTX(sock->sk);
+		struct aa_sk_ctx *ctx = aa_sock(sock->sk);
 
 		aa_put_label(ctx->label);
 		ctx->label = aa_get_label(label);
@@ -1052,7 +1034,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how)
  */
 static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
 
 	if (!skb->secmark)
 		return 0;
@@ -1065,7 +1047,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 
 static struct aa_label *sk_peer_label(struct sock *sk)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
 
 	if (ctx->peer)
 		return ctx->peer;
@@ -1149,7 +1131,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock,
  */
 static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
 
 	if (!ctx->label)
 		ctx->label = aa_get_current_label();
@@ -1159,7 +1141,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
 static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 				      struct request_sock *req)
 {
-	struct aa_sk_ctx *ctx = SK_CTX(sk);
+	struct aa_sk_ctx *ctx = aa_sock(sk);
 
 	if (!skb->secmark)
 		return 0;
@@ -1176,6 +1158,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
 	.lbs_cred = sizeof(struct aa_task_ctx *),
 	.lbs_file = sizeof(struct aa_file_ctx),
 	.lbs_task = sizeof(struct aa_task_ctx),
+	.lbs_sock = sizeof(struct aa_sk_ctx),
 };
 
 static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
@@ -1212,7 +1195,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
 	LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
 
-	LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security),
 	LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security),
 	LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security),
 
@@ -1764,7 +1746,7 @@ static unsigned int apparmor_ip_postroute(void *priv,
 	if (sk == NULL)
 		return NF_ACCEPT;
 
-	ctx = SK_CTX(sk);
+	ctx = aa_sock(sk);
 	if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND,
 				    skb->secmark, sk))
 		return NF_ACCEPT;
diff --git a/security/security.c b/security/security.c
index 063c9cbbcea6..7f2bed1b2d6c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -29,6 +29,7 @@
 #include <linux/string.h>
 #include <linux/msg.h>
 #include <net/flow.h>
+#include <net/sock.h>
 
 #define MAX_LSM_EVM_XATTR	2
 
@@ -204,6 +205,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
 	lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
 	lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
 	lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
+	lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
 	lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
 	lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
 }
@@ -340,6 +342,7 @@ static void __init ordered_lsm_init(void)
 	init_debug("inode blob size      = %d\n", blob_sizes.lbs_inode);
 	init_debug("ipc blob size        = %d\n", blob_sizes.lbs_ipc);
 	init_debug("msg_msg blob size    = %d\n", blob_sizes.lbs_msg_msg);
+	init_debug("sock blob size       = %d\n", blob_sizes.lbs_sock);
 	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
 	init_debug("task blob size       = %d\n", blob_sizes.lbs_task);
 
@@ -659,6 +662,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp)
 	return 0;
 }
 
+/**
+ * lsm_sock_alloc - allocate a composite sock blob
+ * @sock: the sock that needs a blob
+ * @priority: allocation mode
+ *
+ * Allocate the sock blob for all the modules
+ *
+ * Returns 0, or -ENOMEM if memory can't be allocated.
+ */
+static int lsm_sock_alloc(struct sock *sock, gfp_t priority)
+{
+	if (blob_sizes.lbs_sock == 0) {
+		sock->sk_security = NULL;
+		return 0;
+	}
+
+	sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
+	if (sock->sk_security == NULL)
+		return -ENOMEM;
+	return 0;
+}
+
 /**
  * lsm_early_task - during initialization allocate a composite task blob
  * @task: the task that needs a blob
@@ -2260,12 +2285,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
 {
-	return call_int_hook(sk_alloc_security, 0, sk, family, priority);
+	int rc = lsm_sock_alloc(sk, priority);
+
+	if (unlikely(rc))
+		return rc;
+	rc = call_int_hook(sk_alloc_security, 0, sk, family, priority);
+	if (unlikely(rc))
+		security_sk_free(sk);
+	return rc;
 }
 
 void security_sk_free(struct sock *sk)
 {
 	call_void_hook(sk_free_security, sk);
+	kfree(sk->sk_security);
+	sk->sk_security = NULL;
 }
 
 void security_sk_clone(const struct sock *sk, struct sock *newsk)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 62d30c0a30c2..90a140ea439d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4629,7 +4629,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec,
 
 static int sock_has_perm(struct sock *sk, u32 perms)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct common_audit_data ad;
 	struct lsm_network_audit net = {0,};
 
@@ -4686,7 +4686,7 @@ static int selinux_socket_post_create(struct socket *sock, int family,
 	isec->initialized = LABEL_INITIALIZED;
 
 	if (sock->sk) {
-		sksec = sock->sk->sk_security;
+		sksec = selinux_sock(sock->sk);
 		sksec->sclass = sclass;
 		sksec->sid = sid;
 		/* Allows detection of the first association on this socket */
@@ -4702,8 +4702,8 @@ static int selinux_socket_post_create(struct socket *sock, int family,
 static int selinux_socket_socketpair(struct socket *socka,
 				     struct socket *sockb)
 {
-	struct sk_security_struct *sksec_a = socka->sk->sk_security;
-	struct sk_security_struct *sksec_b = sockb->sk->sk_security;
+	struct sk_security_struct *sksec_a = selinux_sock(socka->sk);
+	struct sk_security_struct *sksec_b = selinux_sock(sockb->sk);
 
 	sksec_a->peer_sid = sksec_b->sid;
 	sksec_b->peer_sid = sksec_a->sid;
@@ -4718,7 +4718,7 @@ static int selinux_socket_socketpair(struct socket *socka,
 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
 {
 	struct sock *sk = sock->sk;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	u16 family;
 	int err;
 
@@ -4853,7 +4853,7 @@ static int selinux_socket_connect_helper(struct socket *sock,
 					 struct sockaddr *address, int addrlen)
 {
 	struct sock *sk = sock->sk;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	int err;
 
 	err = sock_has_perm(sk, SOCKET__CONNECT);
@@ -5032,9 +5032,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
 					      struct sock *other,
 					      struct sock *newsk)
 {
-	struct sk_security_struct *sksec_sock = sock->sk_security;
-	struct sk_security_struct *sksec_other = other->sk_security;
-	struct sk_security_struct *sksec_new = newsk->sk_security;
+	struct sk_security_struct *sksec_sock = selinux_sock(sock);
+	struct sk_security_struct *sksec_other = selinux_sock(other);
+	struct sk_security_struct *sksec_new = selinux_sock(newsk);
 	struct common_audit_data ad;
 	struct lsm_network_audit net = {0,};
 	int err;
@@ -5066,8 +5066,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
 static int selinux_socket_unix_may_send(struct socket *sock,
 					struct socket *other)
 {
-	struct sk_security_struct *ssec = sock->sk->sk_security;
-	struct sk_security_struct *osec = other->sk->sk_security;
+	struct sk_security_struct *ssec = selinux_sock(sock->sk);
+	struct sk_security_struct *osec = selinux_sock(other->sk);
 	struct common_audit_data ad;
 	struct lsm_network_audit net = {0,};
 
@@ -5109,7 +5109,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
 				       u16 family)
 {
 	int err = 0;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	u32 sk_sid = sksec->sid;
 	struct common_audit_data ad;
 	struct lsm_network_audit net = {0,};
@@ -5142,7 +5142,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
 	int err;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	u16 family = sk->sk_family;
 	u32 sk_sid = sksec->sid;
 	struct common_audit_data ad;
@@ -5210,13 +5210,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 	return err;
 }
 
-static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
-					    int __user *optlen, unsigned len)
+static int selinux_socket_getpeersec_stream(struct socket *sock,
+					    char __user *optval,
+					    int __user *optlen,
+					    unsigned int len)
 {
 	int err = 0;
 	char *scontext;
 	u32 scontext_len;
-	struct sk_security_struct *sksec = sock->sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sock->sk);
 	u32 peer_sid = SECSID_NULL;
 
 	if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
@@ -5276,34 +5278,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 
 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
 {
-	struct sk_security_struct *sksec;
-
-	sksec = kzalloc(sizeof(*sksec), priority);
-	if (!sksec)
-		return -ENOMEM;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	sksec->peer_sid = SECINITSID_UNLABELED;
 	sksec->sid = SECINITSID_UNLABELED;
 	sksec->sclass = SECCLASS_SOCKET;
 	selinux_netlbl_sk_security_reset(sksec);
-	sk->sk_security = sksec;
 
 	return 0;
 }
 
 static void selinux_sk_free_security(struct sock *sk)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
-	sk->sk_security = NULL;
 	selinux_netlbl_sk_security_free(sksec);
-	kfree(sksec);
 }
 
 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
-	struct sk_security_struct *newsksec = newsk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
+	struct sk_security_struct *newsksec = selinux_sock(newsk);
 
 	newsksec->sid = sksec->sid;
 	newsksec->peer_sid = sksec->peer_sid;
@@ -5317,7 +5312,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
 	if (!sk)
 		*secid = SECINITSID_ANY_SOCKET;
 	else {
-		struct sk_security_struct *sksec = sk->sk_security;
+		struct sk_security_struct *sksec = selinux_sock(sk);
 
 		*secid = sksec->sid;
 	}
@@ -5327,7 +5322,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
 {
 	struct inode_security_struct *isec =
 		inode_security_novalidate(SOCK_INODE(parent));
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
 	    sk->sk_family == PF_UNIX)
@@ -5342,7 +5337,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
 static int selinux_sctp_assoc_request(struct sctp_association *asoc,
 				      struct sk_buff *skb)
 {
-	struct sk_security_struct *sksec = asoc->base.sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(asoc->base.sk);
 	struct common_audit_data ad;
 	struct lsm_network_audit net = {0,};
 	u8 peerlbl_active;
@@ -5493,8 +5488,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
 static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
 				  struct sock *newsk)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
-	struct sk_security_struct *newsksec = newsk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
+	struct sk_security_struct *newsksec = selinux_sock(newsk);
 
 	/* If policy does not support SECCLASS_SCTP_SOCKET then call
 	 * the non-sctp clone version.
@@ -5511,7 +5506,7 @@ static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk
 static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 				     struct request_sock *req)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	int err;
 	u16 family = req->rsk_ops->family;
 	u32 connsid;
@@ -5532,7 +5527,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 static void selinux_inet_csk_clone(struct sock *newsk,
 				   const struct request_sock *req)
 {
-	struct sk_security_struct *newsksec = newsk->sk_security;
+	struct sk_security_struct *newsksec = selinux_sock(newsk);
 
 	newsksec->sid = req->secid;
 	newsksec->peer_sid = req->peer_secid;
@@ -5549,7 +5544,7 @@ static void selinux_inet_csk_clone(struct sock *newsk,
 static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
 {
 	u16 family = sk->sk_family;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	/* handle mapped IPv4 packets arriving via IPv6 sockets */
 	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
@@ -5633,7 +5628,7 @@ static int selinux_tun_dev_attach_queue(void *security)
 static int selinux_tun_dev_attach(struct sock *sk, void *security)
 {
 	struct tun_security_struct *tunsec = security;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	/* we don't currently perform any NetLabel based labeling here and it
 	 * isn't clear that we would want to do so anyway; while we could apply
@@ -5762,7 +5757,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb,
 			return NF_ACCEPT;
 
 		/* standard practice, label using the parent socket */
-		sksec = sk->sk_security;
+		sksec = selinux_sock(sk);
 		sid = sksec->sid;
 	} else
 		sid = SECINITSID_KERNEL;
@@ -5785,7 +5780,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
 	sk = skb_to_full_sk(skb);
 	if (sk == NULL)
 		return NF_ACCEPT;
-	sksec = sk->sk_security;
+	sksec = selinux_sock(sk);
 
 	ad.type = LSM_AUDIT_DATA_NET;
 	ad.u.net = &net;
@@ -5878,7 +5873,7 @@ static unsigned int selinux_ip_postroute(void *priv,
 		u32 skb_sid;
 		struct sk_security_struct *sksec;
 
-		sksec = sk->sk_security;
+		sksec = selinux_sock(sk);
 		if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
 			return NF_DROP;
 		/* At this point, if the returned skb peerlbl is SECSID_NULL
@@ -5907,7 +5902,7 @@ static unsigned int selinux_ip_postroute(void *priv,
 	} else {
 		/* Locally generated packet, fetch the security label from the
 		 * associated socket. */
-		struct sk_security_struct *sksec = sk->sk_security;
+		struct sk_security_struct *sksec = selinux_sock(sk);
 		peer_sid = sksec->sid;
 		secmark_perm = PACKET__SEND;
 	}
@@ -5956,7 +5951,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
 	unsigned int data_len = skb->len;
 	unsigned char *data = skb->data;
 	struct nlmsghdr *nlh;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	u16 sclass = sksec->sclass;
 	u32 perm;
 
@@ -6956,6 +6951,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
 	.lbs_inode = sizeof(struct inode_security_struct),
 	.lbs_ipc = sizeof(struct ipc_security_struct),
 	.lbs_msg_msg = sizeof(struct msg_security_struct),
+	.lbs_sock = sizeof(struct sk_security_struct),
 	.lbs_superblock = sizeof(struct superblock_security_struct),
 };
 
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 2953132408bf..007d1ae7ee27 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -194,4 +194,9 @@ static inline struct superblock_security_struct *selinux_superblock(
 	return superblock->s_security + selinux_blob_sizes.lbs_superblock;
 }
 
+static inline struct sk_security_struct *selinux_sock(const struct sock *sock)
+{
+	return sock->sk_security + selinux_blob_sizes.lbs_sock;
+}
+
 #endif /* _SELINUX_OBJSEC_H_ */
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 1321f15799e2..800ab4b4239e 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -17,6 +17,7 @@
 #include <linux/gfp.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
+#include <linux/lsm_hooks.h>
 #include <net/sock.h>
 #include <net/netlabel.h>
 #include <net/ip.h>
@@ -68,7 +69,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
 static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk)
 {
 	int rc;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct netlbl_lsm_secattr *secattr;
 
 	if (sksec->nlbl_secattr != NULL)
@@ -101,7 +102,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr(
 							const struct sock *sk,
 							u32 sid)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr;
 
 	if (secattr == NULL)
@@ -236,7 +237,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
 	 * being labeled by it's parent socket, if it is just exit */
 	sk = skb_to_full_sk(skb);
 	if (sk != NULL) {
-		struct sk_security_struct *sksec = sk->sk_security;
+		struct sk_security_struct *sksec = selinux_sock(sk);
 
 		if (sksec->nlbl_state != NLBL_REQSKB)
 			return 0;
@@ -274,7 +275,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc,
 {
 	int rc;
 	struct netlbl_lsm_secattr secattr;
-	struct sk_security_struct *sksec = asoc->base.sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(asoc->base.sk);
 	struct sockaddr_in addr4;
 	struct sockaddr_in6 addr6;
 
@@ -355,7 +356,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family)
  */
 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	if (family == PF_INET)
 		sksec->nlbl_state = NLBL_LABELED;
@@ -373,8 +374,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
  */
 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
-	struct sk_security_struct *newsksec = newsk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
+	struct sk_security_struct *newsksec = selinux_sock(newsk);
 
 	newsksec->nlbl_state = sksec->nlbl_state;
 }
@@ -392,7 +393,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk)
 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
 {
 	int rc;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct netlbl_lsm_secattr *secattr;
 
 	if (family != PF_INET && family != PF_INET6)
@@ -507,7 +508,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock,
 {
 	int rc = 0;
 	struct sock *sk = sock->sk;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct netlbl_lsm_secattr secattr;
 
 	if (selinux_netlbl_option(level, optname) &&
@@ -545,7 +546,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk,
 						struct sockaddr *addr)
 {
 	int rc;
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 	struct netlbl_lsm_secattr *secattr;
 
 	/* connected sockets are allowed to disconnect when the address family
@@ -584,7 +585,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk,
 int selinux_netlbl_socket_connect_locked(struct sock *sk,
 					 struct sockaddr *addr)
 {
-	struct sk_security_struct *sksec = sk->sk_security;
+	struct sk_security_struct *sksec = selinux_sock(sk);
 
 	if (sksec->nlbl_state != NLBL_REQSKB &&
 	    sksec->nlbl_state != NLBL_CONNLABELED)
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 99c3422596ab..66b813e15196 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -363,6 +363,11 @@ static inline struct superblock_smack *smack_superblock(
 	return superblock->s_security + smack_blob_sizes.lbs_superblock;
 }
 
+static inline struct socket_smack *smack_sock(const struct sock *sock)
+{
+	return sock->sk_security + smack_blob_sizes.lbs_sock;
+}
+
 /*
  * Is the directory transmuting?
  */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index efd35b07c7f8..db72debca070 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1434,7 +1434,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
 		if (sock == NULL || sock->sk == NULL)
 			return -EOPNOTSUPP;
 
-		ssp = sock->sk->sk_security;
+		ssp = smack_sock(sock->sk);
 
 		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
 			isp = ssp->smk_in;
@@ -1817,7 +1817,7 @@ static int smack_file_receive(struct file *file)
 
 	if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
 		sock = SOCKET_I(inode);
-		ssp = sock->sk->sk_security;
+		ssp = smack_sock(sock->sk);
 		tsp = smack_cred(current_cred());
 		/*
 		 * If the receiving process can't write to the
@@ -2238,11 +2238,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
 {
 	struct smack_known *skp = smk_of_current();
-	struct socket_smack *ssp;
-
-	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
-	if (ssp == NULL)
-		return -ENOMEM;
+	struct socket_smack *ssp = smack_sock(sk);
 
 	/*
 	 * Sockets created by kernel threads receive web label.
@@ -2256,11 +2252,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
 	}
 	ssp->smk_packet = NULL;
 
-	sk->sk_security = ssp;
-
 	return 0;
 }
 
+#ifdef SMACK_IPV6_PORT_LABELING
 /**
  * smack_sk_free_security - Free a socket blob
  * @sk: the socket
@@ -2269,7 +2264,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
  */
 static void smack_sk_free_security(struct sock *sk)
 {
-#ifdef SMACK_IPV6_PORT_LABELING
 	struct smk_port_label *spp;
 
 	if (sk->sk_family == PF_INET6) {
@@ -2282,9 +2276,8 @@ static void smack_sk_free_security(struct sock *sk)
 		}
 		rcu_read_unlock();
 	}
-#endif
-	kfree(sk->sk_security);
 }
+#endif
 
 /**
 * smack_ipv4host_label - check host based restrictions
@@ -2397,7 +2390,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
  */
 static int smack_netlbl_add(struct sock *sk)
 {
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct smack_known *skp = ssp->smk_out;
 	int rc;
 
@@ -2429,7 +2422,7 @@ static int smack_netlbl_add(struct sock *sk)
  */
 static void smack_netlbl_delete(struct sock *sk)
 {
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 
 	/*
 	 * Take the label off the socket if one is set.
@@ -2461,7 +2454,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
 	struct smack_known *skp;
 	int rc = 0;
 	struct smack_known *hkp;
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct smk_audit_info ad;
 
 	rcu_read_lock();
@@ -2534,7 +2527,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 {
 	struct sock *sk = sock->sk;
 	struct sockaddr_in6 *addr6;
-	struct socket_smack *ssp = sock->sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sock->sk);
 	struct smk_port_label *spp;
 	unsigned short port = 0;
 
@@ -2622,7 +2615,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
 				int act)
 {
 	struct smk_port_label *spp;
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct smack_known *skp = NULL;
 	unsigned short port;
 	struct smack_known *object;
@@ -2716,7 +2709,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
 	if (sock == NULL || sock->sk == NULL)
 		return -EOPNOTSUPP;
 
-	ssp = sock->sk->sk_security;
+	ssp = smack_sock(sock->sk);
 
 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
 		ssp->smk_in = skp;
@@ -2764,7 +2757,7 @@ static int smack_socket_post_create(struct socket *sock, int family,
 	 * Sockets created by kernel threads receive web label.
 	 */
 	if (unlikely(current->flags & PF_KTHREAD)) {
-		ssp = sock->sk->sk_security;
+		ssp = smack_sock(sock->sk);
 		ssp->smk_in = &smack_known_web;
 		ssp->smk_out = &smack_known_web;
 	}
@@ -2789,8 +2782,8 @@ static int smack_socket_post_create(struct socket *sock, int family,
 static int smack_socket_socketpair(struct socket *socka,
 		                   struct socket *sockb)
 {
-	struct socket_smack *asp = socka->sk->sk_security;
-	struct socket_smack *bsp = sockb->sk->sk_security;
+	struct socket_smack *asp = smack_sock(socka->sk);
+	struct socket_smack *bsp = smack_sock(sockb->sk);
 
 	asp->smk_packet = bsp->smk_out;
 	bsp->smk_packet = asp->smk_out;
@@ -2853,7 +2846,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
 		if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
 			rsp = smack_ipv6host_label(sip);
 		if (rsp != NULL) {
-			struct socket_smack *ssp = sock->sk->sk_security;
+			struct socket_smack *ssp = smack_sock(sock->sk);
 
 			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
 					    SMK_CONNECTING);
@@ -3584,9 +3577,9 @@ static int smack_unix_stream_connect(struct sock *sock,
 {
 	struct smack_known *skp;
 	struct smack_known *okp;
-	struct socket_smack *ssp = sock->sk_security;
-	struct socket_smack *osp = other->sk_security;
-	struct socket_smack *nsp = newsk->sk_security;
+	struct socket_smack *ssp = smack_sock(sock);
+	struct socket_smack *osp = smack_sock(other);
+	struct socket_smack *nsp = smack_sock(newsk);
 	struct smk_audit_info ad;
 	int rc = 0;
 #ifdef CONFIG_AUDIT
@@ -3632,8 +3625,8 @@ static int smack_unix_stream_connect(struct sock *sock,
  */
 static int smack_unix_may_send(struct socket *sock, struct socket *other)
 {
-	struct socket_smack *ssp = sock->sk->sk_security;
-	struct socket_smack *osp = other->sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sock->sk);
+	struct socket_smack *osp = smack_sock(other->sk);
 	struct smk_audit_info ad;
 	int rc;
 
@@ -3670,7 +3663,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
 #endif
 #ifdef SMACK_IPV6_SECMARK_LABELING
-	struct socket_smack *ssp = sock->sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sock->sk);
 	struct smack_known *rsp;
 #endif
 	int rc = 0;
@@ -3882,7 +3875,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
 	netlbl_secattr_init(&secattr);
 
 	if (sk)
-		ssp = sk->sk_security;
+		ssp = smack_sock(sk);
 
 	if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
 		skp = smack_from_secattr(&secattr, ssp);
@@ -3904,7 +3897,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
  */
 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct smack_known *skp = NULL;
 	int rc = 0;
 	struct smk_audit_info ad;
@@ -4008,7 +4001,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock,
 	int slen = 1;
 	int rc = 0;
 
-	ssp = sock->sk->sk_security;
+	ssp = smack_sock(sock->sk);
 	if (ssp->smk_packet != NULL) {
 		rcp = ssp->smk_packet->smk_known;
 		slen = strlen(rcp) + 1;
@@ -4057,7 +4050,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock,
 
 	switch (family) {
 	case PF_UNIX:
-		ssp = sock->sk->sk_security;
+		ssp = smack_sock(sock->sk);
 		s = ssp->smk_out->smk_secid;
 		break;
 	case PF_INET:
@@ -4106,7 +4099,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)
 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
 		return;
 
-	ssp = sk->sk_security;
+	ssp = smack_sock(sk);
 	ssp->smk_in = skp;
 	ssp->smk_out = skp;
 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
@@ -4126,7 +4119,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 {
 	u16 family = sk->sk_family;
 	struct smack_known *skp;
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct sockaddr_in addr;
 	struct iphdr *hdr;
 	struct smack_known *hskp;
@@ -4212,7 +4205,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 static void smack_inet_csk_clone(struct sock *sk,
 				 const struct request_sock *req)
 {
-	struct socket_smack *ssp = sk->sk_security;
+	struct socket_smack *ssp = smack_sock(sk);
 	struct smack_known *skp;
 
 	if (req->peer_secid != 0) {
@@ -4748,6 +4741,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
 	.lbs_inode = sizeof(struct inode_smack),
 	.lbs_ipc = sizeof(struct smack_known *),
 	.lbs_msg_msg = sizeof(struct smack_known *),
+	.lbs_sock = sizeof(struct socket_smack),
 	.lbs_superblock = sizeof(struct superblock_smack),
 };
 
@@ -4858,7 +4852,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
 	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
 	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
+#ifdef SMACK_IPV6_PORT_LABELING
 	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
+#endif
 	LSM_HOOK_INIT(sock_graft, smack_sock_graft),
 	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
 	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index b945c1d3a743..bad71b7e648d 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -26,8 +26,8 @@ static unsigned int smack_ip_output(void *priv,
 	struct socket_smack *ssp;
 	struct smack_known *skp;
 
-	if (sk && sk->sk_security) {
-		ssp = sk->sk_security;
+	if (sk) {
+		ssp = smack_sock(sk);
 		skp = ssp->smk_out;
 		skb->secmark = skp->smk_secid;
 	}

From patchwork Mon Dec 13 23:40:09 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674909
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B2E5C433EF
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:44:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237827AbhLMXoD (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:44:03 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:36959
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S234565AbhLMXoD (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:44:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439043; bh=GBT5V72X3FEDQZIJtllwUk+zoYaCYDm6hxxff8xT1Lo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=bTowoWnNihHCCd+zTTwIJjyFwa3OzxFxRPDM2VhbbhWrCtzlVjY0kEQ+MgfMWd9W3iDuLp32J+NhC+xAWFZ/FNIiENA9JroEVTMDdg2q8h+WWsD7lH+6jS2OJnTEk+wfHcsrDbJvP7f5tz4bEDYN//rXfsIQOb2fEPt4gpYfrM4QKDljP9iKHgfTXEXghn0wLumRtMGnofgAokmBtpELPVFk1JHNZ5pmDSKeAc63KZzgKJB8QiVGqMc6mG5vJu9/hEg1P4PGxYnPaVy48zS2U0g/wIqk8ndi4un/wyxw4kM41Q8R0MkqZCXWWjf6piacP0KeHZSB8M/qcr/zsMoGqw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439043; bh=T52a35MF8f1OBHiZgYQ9GMsCpuMADDx0bBuo8CyDRYx=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=TYtlgYDXwwbxfDGeEwvaP26HNm8p55jPNZNlqRLNij/22lU4VeHOxbW/whJtWtAl16wFDZZH+KGr9ySCTSlEBB1TGHONx+mz7LsRKsN1qhK2Gk7OSi5vXvfatLVh6I+GfBgHY4m8sbznDDENyDBAWV6w/ZUvYRL1cuDPki7osJjIqSPbm6MBQa96Mv92myJGdX45cMe9Ab9Cqwu2x3DDfPgVxUSGgCwBUiMPlTbstNWFr7piAFgALgAYmO7BbvoA3E9f05b9ULEGilcc6qLylRNMHh6nulXCUuxstTNvBnyvt2MuLiq6rrbD7RwH15/tQ7KmF/AjyhlsBcBBjuCeoQ==
X-YMail-OSG: QqnmgvQVM1l0cdj6Z9D9f4ZGtW1vR.AeSIV0231ZrO9fUhUh_hC2bsPRdNp25B9
 NiJasf89SL3DESFG7EHuZH.m38SgBYvvtLCRf0cCbpUYpP6D1VpzkRH_WW5CTMsGKWgoH9NAIpjt
 BsSVsWPJupOONC1AcCeaMs1OM_DEmUyUwfpPXFOwsKd67iDFNEjfL9qH.B8sI76D.kaKg03RdxBD
 0Kza9l3j5WomDaNysxlZaKHX8n_rkkR8cXSAeGKHjo.DhYSm7MXoD03OCi9uJmu11TL6_K0wasvi
 RKcn4owhrGqKD5sAcrMWh6gLRdqKEX60ETh_GGbvrjBrBxw7hfCqLbPmNTbtt0nqZ3lZAtJs2iSj
 trDuLAJjs1jOAY9fLuM6mml959wnjzQgdVdQYHdKDOBFklLUUyxrVBTpzoFWIC.da7hsI4O1__EH
 bgXSg34FkXRmQGH7UdXPQ0LjouA.EtTjUs9d3EDWwMqxsPtvy42EJu8GWtnjTAv5eRv1Dpn2gOBr
 TbdvPQEqwU2AqG9teM_rRHsZOcvIHK4L39femLfkBoLPCrvywaYu_3C1Ii_LZ8lVgAN9YGEL3l.o
 jZBgH0mda76DqA3GXff3DEUmRJZ4ZUoauH1Gp6X7Sd_AlM0MIffGlGRP881Ku0c5LE7DjkAoM4Ax
 GrnWZXZeR_T7IfCJXwejJO2osopRbnVLx0z1wxa3.RFWqN_sx0fsVLMp6RjYKifUN4GDswluWOaY
 VAu5ewifWPuY3DNNnEYcGzfREqSOJ4BBz8oqY9vudCimaNtYb8CnPi8UFAilx2e_lzrTfMKy9yRa
 dtgJrYXo4iYHaUrjrJvdm18C_piQ9wWWVaGXm3HYUXfwIRTTxn5v82jsU7F4vg1DwrTcmfpkz7zx
 YJZTPZalQaRlNFHQn._gTvOCQiCE.mzP_BBqpXH3f00NCBZ4mUpAYQORz2e9NBxclGVj63bOIKiT
 XQ.t44taKmMCIehXINOBexkmM_z0gqTMpeqK_Aw1VYm_dN5rqsv5G1unYxsAMpYG5qJOkj_wLggv
 frXoEsh5Ip76c.OCiKIw73TuxcZ_z_UncdxSe0vsUjJMErZEj9YVgGo4wKdh4lk3DnmBOFzpGXfi
 ONfhnkh2A9nCApDtO4TIWLmDZOiK26gdk6nnoBpXhKv3VmwzUsq_h.iRVxsoB7m3a9pV3FI9h4IH
 uA6dshwsXyIdd7OEFZbEeMAS7NzQu98_VOM157sQwt6IboS_WytQthdzpybrvsGnJ5WVNas7UX65
 mUe_Tqlw950Apxy1t1IHC9DvneoCfEjxDnTKteN4wp._L6vtMCYv91I4cLjzXZc7D2gbYvPmT7Q_
 aOjEtvIXhdm47ukyDvweHeYCpaoF4bj1WRfm2h_bkt4BPf0n58nn5FIQkO5mk.nnbi7eD_M0R7RG
 9TYESRrgqe3fxpRnousT7cD5aaKP2Tx6fao8TJi0SVrSK8q3NV8fDgKuN.94B28C17x2UQXyW55u
 faLoze555uoDDN2StOP6uPKztjwcK2DG.DRbZ2S0QzGxomPBIsMV3um.BdWgtctdEboqe3JIkY26
 apxyCcoCkx0LxTzsMPOySRESs2JJeq8SEo4em_5kqE7yU9AzykACvkBrj.9bPYXRJT24REZKJC6s
 Ok4u47oHvdajlu71SusyGoQo8Boa5of_Lsy7VeX9fWayOvdNG.6MBOs.iXrlvfaOrBGjvInFqAhc
 HVcBPTafwCq.gBao15R5aNEwOgeCoDm5382kWqU7wmnhMISEll3SUk7gRW649Wx42lEuSqUJV8Or
 y5u5SCV5XwwI4.LjzhuPn8FippbJurx7An.KkieX_ocKFwYN.AMFq0zZOsiXRAyu3zfbbLUuLmVZ
 V8wveXp6Wu6UFiVj_jpBQTSw3986yXk5nU60PZ_bg_OFM2_Fg15cq61ggXNM_oEagEnhUR72Yfh4
 KziRfCaWYGxmy3aDp3amed7gjF6HdaQJ5ftPHUYmYRbedlqyL_lkGKvfb3sW1UQhO6aJkGHJUOIP
 Hxgj15T69tI9ZsqnBMyYBat.E5h7KAh2oarFjSYSx89Nv6.dyZbYMROUnUfQKaqKtaG9YfIsjzBt
 _IV7jPHs.sIrQJxjZp60FgKyRLh8nIuEHZADora.IideFVPUAecQ7SieGnkq0fgLjq9wR88ddy76
 ne7Ts8PdSNO07jtrsNRfSYnXkkgLZu8HF_vdF7Euw0h02DFI1kM2Z.TnZdvyww4aX7aTVKb.vsVo
 0VdSnNoo4Opcs5pUfi8fKSgtkRsAOkEUMXKnHJ_D6ufrErZeZLbXQWr8PjkoLucv0zBOZfAtr_mv
 vWAISFTzAcv4-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:44:03 +0000
Received: by kubenode541.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 34e29d69d518fdba15d74db2a1d7e6fe;
          Mon, 13 Dec 2021 23:43:58 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 03/28] LSM: Add the lsmblob data structure.
Date: Mon, 13 Dec 2021 15:40:09 -0800
Message-Id: <20211213234034.111891-4-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.

The lsmblob structure is currently an array of
u32 "secids". There is an entry for each of the
security modules built into the system that would
use secids if active. The system assigns the module
a "slot" when it registers hooks. If modules are
compiled in but not registered there will be unused
slots.

A new lsm_id structure, which contains the name
of the LSM and its slot number, is created. There
is an instance for each LSM, which assigns the name
and passes it to the infrastructure to set the slot.

The audit rules data is expanded to use an array of
security module data rather than a single instance.
A new structure audit_lsm_rules is defined to avoid the
confusion which commonly accompanies the use of
void ** parameters.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/audit.h        | 10 ++++-
 include/linux/lsm_hooks.h    | 12 +++++-
 include/linux/security.h     | 74 +++++++++++++++++++++++++++++---
 kernel/auditfilter.c         | 23 +++++-----
 kernel/auditsc.c             | 17 +++-----
 security/apparmor/lsm.c      |  7 ++-
 security/bpf/hooks.c         | 12 +++++-
 security/commoncap.c         |  7 ++-
 security/landlock/cred.c     |  2 +-
 security/landlock/fs.c       |  2 +-
 security/landlock/ptrace.c   |  2 +-
 security/landlock/setup.c    |  5 +++
 security/landlock/setup.h    |  1 +
 security/loadpin/loadpin.c   |  8 +++-
 security/lockdown/lockdown.c |  7 ++-
 security/safesetid/lsm.c     |  8 +++-
 security/security.c          | 82 ++++++++++++++++++++++++++++++------
 security/selinux/hooks.c     |  8 +++-
 security/smack/smack_lsm.c   |  7 ++-
 security/tomoyo/tomoyo.c     |  8 +++-
 security/yama/yama_lsm.c     |  7 ++-
 21 files changed, 253 insertions(+), 56 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index d06134ac6245..14849d5f84b4 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -11,6 +11,7 @@
 
 #include <linux/sched.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 #include <linux/audit_arch.h>
 #include <uapi/linux/audit.h>
 #include <uapi/linux/netfilter/nf_tables.h>
@@ -59,6 +60,10 @@ struct audit_krule {
 /* Flag to indicate legacy AUDIT_LOGINUID unset usage */
 #define AUDIT_LOGINUID_LEGACY		0x1
 
+struct audit_lsm_rules {
+	void	*rule[LSMBLOB_ENTRIES];
+};
+
 struct audit_field {
 	u32				type;
 	union {
@@ -66,8 +71,9 @@ struct audit_field {
 		kuid_t			uid;
 		kgid_t			gid;
 		struct {
-			char		*lsm_str;
-			void		*lsm_rule;
+			bool			lsm_isset;
+			char			*lsm_str;
+			struct audit_lsm_rules	lsm_rules;
 		};
 	};
 	u32				op;
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 89b8e40186f8..490545f0db6d 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1586,6 +1586,14 @@ struct security_hook_heads {
 	#undef LSM_HOOK
 } __randomize_layout;
 
+/*
+ * Information that identifies a security module.
+ */
+struct lsm_id {
+	const char	*lsm;	/* Name of the LSM */
+	int		slot;	/* Slot in lsmblob if one is allocated */
+};
+
 /*
  * Security module hook list structure.
  * For use with generic list macros for common operations.
@@ -1594,7 +1602,7 @@ struct security_hook_list {
 	struct hlist_node		list;
 	struct hlist_head		*head;
 	union security_list_options	hook;
-	char				*lsm;
+	struct lsm_id			*lsmid;
 } __randomize_layout;
 
 /*
@@ -1630,7 +1638,7 @@ extern struct security_hook_heads security_hook_heads;
 extern char *lsm_names;
 
 extern void security_add_hooks(struct security_hook_list *hooks, int count,
-				char *lsm);
+			       struct lsm_id *lsmid);
 
 #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
 #define LSM_FLAG_EXCLUSIVE	BIT(1)
diff --git a/include/linux/security.h b/include/linux/security.h
index 71eac35bfa21..96afea94938f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -39,6 +39,7 @@ struct kernel_siginfo;
 struct sembuf;
 struct kern_ipc_perm;
 struct audit_context;
+struct audit_lsm_rules;
 struct super_block;
 struct inode;
 struct dentry;
@@ -134,6 +135,65 @@ enum lockdown_reason {
 
 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
 
+/*
+ * Data exported by the security modules
+ *
+ * Any LSM that provides secid or secctx based hooks must be included.
+ */
+#define LSMBLOB_ENTRIES ( \
+	(IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
+	(IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
+	(IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
+	(IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0))
+
+struct lsmblob {
+	u32     secid[LSMBLOB_ENTRIES];
+};
+
+#define LSMBLOB_INVALID		-1	/* Not a valid LSM slot number */
+#define LSMBLOB_NEEDED		-2	/* Slot requested on initialization */
+#define LSMBLOB_NOT_NEEDED	-3	/* Slot not requested */
+
+/**
+ * lsmblob_init - initialize an lsmblob structure
+ * @blob: Pointer to the data to initialize
+ * @secid: The initial secid value
+ *
+ * Set all secid for all modules to the specified value.
+ */
+static inline void lsmblob_init(struct lsmblob *blob, u32 secid)
+{
+	int i;
+
+	for (i = 0; i < LSMBLOB_ENTRIES; i++)
+		blob->secid[i] = secid;
+}
+
+/**
+ * lsmblob_is_set - report if there is an value in the lsmblob
+ * @blob: Pointer to the exported LSM data
+ *
+ * Returns true if there is a secid set, false otherwise
+ */
+static inline bool lsmblob_is_set(struct lsmblob *blob)
+{
+	struct lsmblob empty = {};
+
+	return !!memcmp(blob, &empty, sizeof(*blob));
+}
+
+/**
+ * lsmblob_equal - report if the two lsmblob's are equal
+ * @bloba: Pointer to one LSM data
+ * @blobb: Pointer to the other LSM data
+ *
+ * Returns true if all entries in the two are equal, false otherwise
+ */
+static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
+{
+	return !memcmp(bloba, blobb, sizeof(*bloba));
+}
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);
@@ -1887,15 +1947,17 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
 
 #ifdef CONFIG_AUDIT
 #ifdef CONFIG_SECURITY
-int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
+int security_audit_rule_init(u32 field, u32 op, char *rulestr,
+			     struct audit_lsm_rules *lsmrules);
 int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
-void security_audit_rule_free(void *lsmrule);
+int security_audit_rule_match(u32 secid, u32 field, u32 op,
+			      struct audit_lsm_rules *lsmrules);
+void security_audit_rule_free(struct audit_lsm_rules *lsmrules);
 
 #else
 
 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
-					   void **lsmrule)
+					   struct audit_lsm_rules *lsmrules)
 {
 	return 0;
 }
@@ -1906,12 +1968,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
 }
 
 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
-					    void *lsmrule)
+					    struct audit_lsm_rules *lsmrules)
 {
 	return 0;
 }
 
-static inline void security_audit_rule_free(void *lsmrule)
+static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules)
 { }
 
 #endif /* CONFIG_SECURITY */
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d75acb014ccd..c6b25bf0b323 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -76,7 +76,7 @@ static void audit_free_lsm_field(struct audit_field *f)
 	case AUDIT_OBJ_LEV_LOW:
 	case AUDIT_OBJ_LEV_HIGH:
 		kfree(f->lsm_str);
-		security_audit_rule_free(f->lsm_rule);
+		security_audit_rule_free(&f->lsm_rules);
 	}
 }
 
@@ -529,7 +529,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
 			entry->rule.buflen += f_val;
 			f->lsm_str = str;
 			err = security_audit_rule_init(f->type, f->op, str,
-						       (void **)&f->lsm_rule);
+						       &f->lsm_rules);
 			/* Keep currently invalid fields around in case they
 			 * become valid after a policy reload. */
 			if (err == -EINVAL) {
@@ -782,7 +782,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
 	return 0;
 }
 
-/* Duplicate LSM field information.  The lsm_rule is opaque, so must be
+/* Duplicate LSM field information.  The lsm_rules is opaque, so must be
  * re-initialized. */
 static inline int audit_dupe_lsm_field(struct audit_field *df,
 					   struct audit_field *sf)
@@ -796,9 +796,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df,
 		return -ENOMEM;
 	df->lsm_str = lsm_str;
 
-	/* our own (refreshed) copy of lsm_rule */
+	/* our own (refreshed) copy of lsm_rules */
 	ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
-				       (void **)&df->lsm_rule);
+				       &df->lsm_rules);
 	/* Keep currently invalid fields around in case they
 	 * become valid after a policy reload. */
 	if (ret == -EINVAL) {
@@ -850,7 +850,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old)
 	new->tree = old->tree;
 	memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
 
-	/* deep copy this information, updating the lsm_rule fields, because
+	/* deep copy this information, updating the lsm_rules fields, because
 	 * the originals will all be freed when the old rule is freed. */
 	for (i = 0; i < fcount; i++) {
 		switch (new->fields[i].type) {
@@ -1367,11 +1367,12 @@ int audit_filter(int msgtype, unsigned int listtype)
 			case AUDIT_SUBJ_TYPE:
 			case AUDIT_SUBJ_SEN:
 			case AUDIT_SUBJ_CLR:
-				if (f->lsm_rule) {
+				if (f->lsm_str) {
 					security_task_getsecid_subj(current,
 								    &sid);
 					result = security_audit_rule_match(sid,
-						   f->type, f->op, f->lsm_rule);
+						   f->type, f->op,
+						   &f->lsm_rules);
 				}
 				break;
 			case AUDIT_EXE:
@@ -1398,7 +1399,7 @@ int audit_filter(int msgtype, unsigned int listtype)
 	return ret;
 }
 
-static int update_lsm_rule(struct audit_krule *r)
+static int update_lsm_rules(struct audit_krule *r)
 {
 	struct audit_entry *entry = container_of(r, struct audit_entry, rule);
 	struct audit_entry *nentry;
@@ -1430,7 +1431,7 @@ static int update_lsm_rule(struct audit_krule *r)
 	return err;
 }
 
-/* This function will re-initialize the lsm_rule field of all applicable rules.
+/* This function will re-initialize the lsm_rules field of all applicable rules.
  * It will traverse the filter lists serarching for rules that contain LSM
  * specific filter fields.  When such a rule is found, it is copied, the
  * LSM field is re-initialized, and the old rule is replaced with the
@@ -1445,7 +1446,7 @@ int audit_update_lsm_rules(void)
 
 	for (i = 0; i < AUDIT_NR_FILTERS; i++) {
 		list_for_each_entry_safe(r, n, &audit_rules_list[i], list) {
-			int res = update_lsm_rule(r);
+			int res = update_lsm_rules(r);
 			if (!err)
 				err = res;
 		}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b517947bfa48..194a62d86578 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -664,14 +664,13 @@ static int audit_filter_rules(struct task_struct *tsk,
 			   match for now to avoid losing information that
 			   may be wanted.   An error message will also be
 			   logged upon error */
-			if (f->lsm_rule) {
+			if (f->lsm_str) {
 				if (need_sid) {
 					security_task_getsecid_subj(tsk, &sid);
 					need_sid = 0;
 				}
 				result = security_audit_rule_match(sid, f->type,
-								   f->op,
-								   f->lsm_rule);
+							f->op, &f->lsm_rules);
 			}
 			break;
 		case AUDIT_OBJ_USER:
@@ -681,21 +680,19 @@ static int audit_filter_rules(struct task_struct *tsk,
 		case AUDIT_OBJ_LEV_HIGH:
 			/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
 			   also applies here */
-			if (f->lsm_rule) {
+			if (f->lsm_str) {
 				/* Find files that match */
 				if (name) {
 					result = security_audit_rule_match(
 								name->osid,
 								f->type,
 								f->op,
-								f->lsm_rule);
+								&f->lsm_rules);
 				} else if (ctx) {
 					list_for_each_entry(n, &ctx->names_list, list) {
 						if (security_audit_rule_match(
-								n->osid,
-								f->type,
-								f->op,
-								f->lsm_rule)) {
+							n->osid, f->type, f->op,
+							&f->lsm_rules)) {
 							++result;
 							break;
 						}
@@ -706,7 +703,7 @@ static int audit_filter_rules(struct task_struct *tsk,
 					break;
 				if (security_audit_rule_match(ctx->ipc.osid,
 							      f->type, f->op,
-							      f->lsm_rule))
+							      &f->lsm_rules))
 					++result;
 			}
 			break;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 343631e20c2b..24241db8ec54 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1161,6 +1161,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
 	.lbs_sock = sizeof(struct aa_sk_ctx),
 };
 
+static struct lsm_id apparmor_lsmid __lsm_ro_after_init = {
+	.lsm  = "apparmor",
+	.slot = LSMBLOB_NEEDED
+};
+
 static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
 	LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
@@ -1846,7 +1851,7 @@ static int __init apparmor_init(void)
 		goto buffers_out;
 	}
 	security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks),
-				"apparmor");
+				&apparmor_lsmid);
 
 	/* Report that AppArmor successfully initialized */
 	apparmor_initialized = 1;
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index e5971fa74fd7..7a58fe9ab8c4 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(task_free, bpf_task_storage_free),
 };
 
+/*
+ * slot has to be LSMBLOB_NEEDED because some of the hooks
+ * supplied by this module require a slot.
+ */
+struct lsm_id bpf_lsmid __lsm_ro_after_init = {
+	.lsm = "bpf",
+	.slot = LSMBLOB_NEEDED
+};
+
 static int __init bpf_lsm_init(void)
 {
-	security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf");
+	security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks),
+			   &bpf_lsmid);
 	pr_info("LSM support for eBPF active\n");
 	return 0;
 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 3f810d37b71b..628685cf20e3 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1443,6 +1443,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
 
 #ifdef CONFIG_SECURITY
 
+static struct lsm_id capability_lsmid __lsm_ro_after_init = {
+	.lsm  = "capability",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(capable, cap_capable),
 	LSM_HOOK_INIT(settime, cap_settime),
@@ -1467,7 +1472,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
 static int __init capability_init(void)
 {
 	security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks),
-				"capability");
+			   &capability_lsmid);
 	return 0;
 }
 
diff --git a/security/landlock/cred.c b/security/landlock/cred.c
index 6725af24c684..56b121d65436 100644
--- a/security/landlock/cred.c
+++ b/security/landlock/cred.c
@@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
 __init void landlock_add_cred_hooks(void)
 {
 	security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
-			LANDLOCK_NAME);
+			&landlock_lsmid);
 }
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 97b8e421f617..319e90e9290c 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
 __init void landlock_add_fs_hooks(void)
 {
 	security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
-			LANDLOCK_NAME);
+			&landlock_lsmid);
 }
diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c
index f55b82446de2..54ccf55a077a 100644
--- a/security/landlock/ptrace.c
+++ b/security/landlock/ptrace.c
@@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
 __init void landlock_add_ptrace_hooks(void)
 {
 	security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
-			LANDLOCK_NAME);
+			&landlock_lsmid);
 }
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index f8e8e980454c..759e00b9436c 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
 	.lbs_superblock = sizeof(struct landlock_superblock_security),
 };
 
+struct lsm_id landlock_lsmid __lsm_ro_after_init = {
+	.lsm = LANDLOCK_NAME,
+	.slot = LSMBLOB_NOT_NEEDED,
+};
+
 static int __init landlock_init(void)
 {
 	landlock_add_cred_hooks();
diff --git a/security/landlock/setup.h b/security/landlock/setup.h
index 1daffab1ab4b..38bce5b172dc 100644
--- a/security/landlock/setup.h
+++ b/security/landlock/setup.h
@@ -14,5 +14,6 @@
 extern bool landlock_initialized;
 
 extern struct lsm_blob_sizes landlock_blob_sizes;
+extern struct lsm_id landlock_lsmid;
 
 #endif /* _SECURITY_LANDLOCK_SETUP_H */
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index b12f7d986b1e..b569f3bc170b 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents)
 	return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents);
 }
 
+static struct lsm_id loadpin_lsmid __lsm_ro_after_init = {
+	.lsm  = "loadpin",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
 	LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
@@ -239,7 +244,8 @@ static int __init loadpin_init(void)
 	pr_info("ready to pin (currently %senforcing)\n",
 		enforce ? "" : "not ");
 	parse_exclude();
-	security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin");
+	security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks),
+			   &loadpin_lsmid);
 	return 0;
 }
 
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 87cbdc64d272..4e24ea3f7b7e 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
 };
 
+static struct lsm_id lockdown_lsmid __lsm_ro_after_init = {
+	.lsm = "lockdown",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 static int __init lockdown_lsm_init(void)
 {
 #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY)
@@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void)
 	lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX);
 #endif
 	security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks),
-			   "lockdown");
+			   &lockdown_lsmid);
 	return 0;
 }
 
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 963f4ad9cb66..0c368950dc14 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new,
 	return -EACCES;
 }
 
+static struct lsm_id safesetid_lsmid __lsm_ro_after_init = {
+	.lsm  = "safesetid",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 static struct security_hook_list safesetid_security_hooks[] = {
 	LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid),
 	LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid),
@@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = {
 static int __init safesetid_security_init(void)
 {
 	security_add_hooks(safesetid_security_hooks,
-			   ARRAY_SIZE(safesetid_security_hooks), "safesetid");
+			   ARRAY_SIZE(safesetid_security_hooks),
+			   &safesetid_lsmid);
 
 	/* Report that SafeSetID successfully initialized */
 	safesetid_initialized = 1;
diff --git a/security/security.c b/security/security.c
index 7f2bed1b2d6c..f5acb607e251 100644
--- a/security/security.c
+++ b/security/security.c
@@ -345,6 +345,7 @@ static void __init ordered_lsm_init(void)
 	init_debug("sock blob size       = %d\n", blob_sizes.lbs_sock);
 	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
 	init_debug("task blob size       = %d\n", blob_sizes.lbs_task);
+	init_debug("lsmblob size         = %zu\n", sizeof(struct lsmblob));
 
 	/*
 	 * Create any kmem_caches needed for blobs
@@ -472,21 +473,38 @@ static int lsm_append(const char *new, char **result)
 	return 0;
 }
 
+/*
+ * Current index to use while initializing the lsmblob secid list.
+ */
+static int lsm_slot __lsm_ro_after_init;
+
 /**
  * security_add_hooks - Add a modules hooks to the hook lists.
  * @hooks: the hooks to add
  * @count: the number of hooks to add
- * @lsm: the name of the security module
+ * @lsmid: the identification information for the security module
  *
  * Each LSM has to register its hooks with the infrastructure.
+ * If the LSM is using hooks that export secids allocate a slot
+ * for it in the lsmblob.
  */
 void __init security_add_hooks(struct security_hook_list *hooks, int count,
-				char *lsm)
+			       struct lsm_id *lsmid)
 {
 	int i;
 
+	WARN_ON(!lsmid->slot || !lsmid->lsm);
+
+	if (lsmid->slot == LSMBLOB_NEEDED) {
+		if (lsm_slot >= LSMBLOB_ENTRIES)
+			panic("%s Too many LSMs registered.\n", __func__);
+		lsmid->slot = lsm_slot++;
+		init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
+			   lsmid->slot);
+	}
+
 	for (i = 0; i < count; i++) {
-		hooks[i].lsm = lsm;
+		hooks[i].lsmid = lsmid;
 		hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
 	}
 
@@ -495,7 +513,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 	 * and fix this up afterwards.
 	 */
 	if (slab_is_available()) {
-		if (lsm_append(lsm, &lsm_names) < 0)
+		if (lsm_append(lsmid->lsm, &lsm_names) < 0)
 			panic("%s - Cannot get early memory.\n", __func__);
 	}
 }
@@ -2072,7 +2090,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
 	struct security_hook_list *hp;
 
 	hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
-		if (lsm != NULL && strcmp(lsm, hp->lsm))
+		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
 			continue;
 		return hp->hook.getprocattr(p, name, value);
 	}
@@ -2085,7 +2103,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 	struct security_hook_list *hp;
 
 	hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
-		if (lsm != NULL && strcmp(lsm, hp->lsm))
+		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
 			continue;
 		return hp->hook.setprocattr(name, value, size);
 	}
@@ -2576,9 +2594,27 @@ int security_key_getsecurity(struct key *key, char **_buffer)
 
 #ifdef CONFIG_AUDIT
 
-int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
+int security_audit_rule_init(u32 field, u32 op, char *rulestr,
+			     struct audit_lsm_rules *lsmrules)
 {
-	return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
+	struct security_hook_list *hp;
+	bool one_is_good = false;
+	int rc = 0;
+	int trc;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		trc = hp->hook.audit_rule_init(field, op, rulestr,
+					&lsmrules->rule[hp->lsmid->slot]);
+		if (trc == 0)
+			one_is_good = true;
+		else
+			rc = trc;
+	}
+	if (one_is_good)
+		return 0;
+	return rc;
 }
 
 int security_audit_rule_known(struct audit_krule *krule)
@@ -2586,14 +2622,36 @@ int security_audit_rule_known(struct audit_krule *krule)
 	return call_int_hook(audit_rule_known, 0, krule);
 }
 
-void security_audit_rule_free(void *lsmrule)
+void security_audit_rule_free(struct audit_lsm_rules *lsmrules)
 {
-	call_void_hook(audit_rule_free, lsmrule);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		if (lsmrules->rule[hp->lsmid->slot] == NULL)
+			continue;
+		hp->hook.audit_rule_free(lsmrules->rule[hp->lsmid->slot]);
+	}
 }
 
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
+int security_audit_rule_match(u32 secid, u32 field, u32 op,
+			      struct audit_lsm_rules *lsmrules)
 {
-	return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
+	struct security_hook_list *hp;
+	int rc;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		if (lsmrules->rule[hp->lsmid->slot] == NULL)
+			continue;
+		rc = hp->hook.audit_rule_match(secid, field, op,
+					&lsmrules->rule[hp->lsmid->slot]);
+		if (rc)
+			return rc;
+	}
+	return 0;
 }
 #endif /* CONFIG_AUDIT */
 
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 90a140ea439d..c295b1035bc6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7045,6 +7045,11 @@ static int selinux_uring_sqpoll(void)
 }
 #endif /* CONFIG_IO_URING */
 
+static struct lsm_id selinux_lsmid __lsm_ro_after_init = {
+	.lsm  = "selinux",
+	.slot = LSMBLOB_NEEDED
+};
+
 /*
  * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
  * 1. any hooks that don't belong to (2.) or (3.) below,
@@ -7361,7 +7366,8 @@ static __init int selinux_init(void)
 
 	hashtab_cache_init();
 
-	security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
+	security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks),
+			   &selinux_lsmid);
 
 	if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
 		panic("SELinux: Unable to register AVC netcache callback\n");
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index db72debca070..9c44327d8ea7 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4745,6 +4745,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
 	.lbs_superblock = sizeof(struct superblock_smack),
 };
 
+static struct lsm_id smack_lsmid __lsm_ro_after_init = {
+	.lsm  = "smack",
+	.slot = LSMBLOB_NEEDED
+};
+
 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
 	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
@@ -4948,7 +4953,7 @@ static __init int smack_init(void)
 	/*
 	 * Register with LSM
 	 */
-	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
+	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
 	smack_enabled = 1;
 
 	pr_info("Smack:  Initializing.\n");
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index b6a31901f289..e8f6bb9782c1 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task)
 	}
 }
 
+static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = {
+	.lsm  = "tomoyo",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 /*
  * tomoyo_security_ops is a "struct security_operations" which is used for
  * registering TOMOYO.
@@ -573,7 +578,8 @@ static int __init tomoyo_init(void)
 	struct tomoyo_task *s = tomoyo_task(current);
 
 	/* register ourselves with the security framework */
-	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
+	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks),
+			   &tomoyo_lsmid);
 	pr_info("TOMOYO Linux initialized\n");
 	s->domain_info = &tomoyo_kernel_domain;
 	atomic_inc(&tomoyo_kernel_domain.users);
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 06e226166aab..a9639ea541f7 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent)
 	return rc;
 }
 
+static struct lsm_id yama_lsmid __lsm_ro_after_init = {
+	.lsm  = "yama",
+	.slot = LSMBLOB_NOT_NEEDED
+};
+
 static struct security_hook_list yama_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check),
 	LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme),
@@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { }
 static int __init yama_init(void)
 {
 	pr_info("Yama: becoming mindful.\n");
-	security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama");
+	security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid);
 	yama_init_sysctl();
 	return 0;
 }

From patchwork Mon Dec 13 23:40:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674921
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 96BDDC433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:45:11 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244271AbhLMXpK (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:45:10 -0500
Received: from sonic301-38.consmr.mail.ne1.yahoo.com ([66.163.184.207]:39653
        "EHLO sonic301-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S238230AbhLMXpK (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:45:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439110; bh=lac83L4e5zt6gbRTXcOVn+b4xFE7sEfnnV3rmYMW6GY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=t3vjygkBO83qOZpQOqDn9rfbHPvogXTSBAeCivzktk+EPdrVrhMbzgtehb6RPiwbitHXnQKge68Y5K6bposXDzhieRAKo1a4Xci4rd0ZEyz+MGWxmkQvaw00v4dXMGjb6l7YLkUAzEWHiQjypDlEZj3YVhN68OwFselFZku8kRPsCoYOyKKWlruAIHnTv5/l29rLrLdj2T5JhfcztBQFjrzY7plSenKqQT0RiH+q5MvnT8alwQIkRQi6HxklSyFJfeCIIiuCzAfbl1qDcgSiL+d2sdkYqLlo0zFFnlsDfN1DBpTmhMppabyDBcRo6YMoBXU6FFatwMz725GI4IM1uw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439110; bh=7BIx518cae4jJh3aizKr+Z/QINb1rswR6Rz3v3nCBdZ=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=O4Z3LWDaoIPrkzrd9hgicmjPuO6pQ25kZeYYxG4eIfPv6dgnLvv2Fv7W5rxMyhXVGU2yhQgFNAKWxc4RX1TXBM++wF+NfnAA8cb8Zl8APo9WW9DwdR3iGBlq8nNDCeS1GWMIjNg3CvXCw/gDUf2BFeg8fDPECP/wDPSvRgxrs5OHQ16J8LhRP4MX0YDMv1qxsoBEYUzDQw20Z+tu8UM9t1n2FzyJK4FADub1hBLzIUcmnDZM0UddAZnBx87Q6giiuXxzDK14BXIpJYPYbg2HVADQYtNgBEGulx18ks8BTCV+saKuYMhZctEhm0hVONeFKawttHf8kcRVAHSXiMzrwg==
X-YMail-OSG: 0zykDv8VM1lXIynS86MfrNtvjtiPjfIVb4nELgQ0wnrTgDK58zStCJAqqtCSUQI
 kqFQfW9.nvanQpNykqkS3bd30T5eVaKTBycuA6W4sGgn1rT8ISldk9TvooN1TWLWGBcaHlJE.WZP
 ffQ2KgYFrXhiiRrTRD3TPVXUhnuE5HJ920XEkiLvJiHEFah6EXpil4wt0ACQcQELZCUidIeSMxpp
 VSlYl.ZRveSZgrbOYIdIbIoEWXdBOT2xZRZCdAybnWq.Vj0JrGngnsTr3hHaOL1nYwJkNCBCL_E3
 fq3_4qwZ0hC1ARD1RLwqhxpSQmeSqTqD56rDjSfPavQn1hk_XA_0eybHKSIvyA8gw.H0Kzq6Bwd3
 iJtSPEmpZ5fNnZdzAReG3IFbJ6TFUIQiGbrPXsVhXi2GdNs4U.GWCDzjGiQPHmEY5cc55kHubVBu
 yjAZDR4hfPijhhZG97xSH5OMkyzvt_EmQJMMR3R7wqGo9FzUFmQFhmo7W.TKvzOY52Q.o3EMx6gP
 4fedltXWLLCBbKTihdElDXMnz.MdcY8ynwH50FZ6zEbfUO_LK3lfvV816OgpILx0gE7ZM5Ilehjo
 yXGyGUeLFdrSYnpnIwL57B2hTHWtCc0VzKASzS1BY_KfhJHoTVEp_LZhKIfEUZMaP3GKsBXWDRvO
 vSv7ti6mmoHygXIi930pUumqlENSkRI8Lzem6_DW5eYwMc0RvWGchxD.MIR9POTDEwaBTqS8Uc6n
 tGDQoj1nSsVi9_OV1NFMTQrfxj_L9WO3ncMWWXdgMVjvfzXVMNL0_BZrvgsgwPzhppd0n1nV0g2Z
 a_tXEFWrPjTOpRBnk3JXBIfDJQpvYCJIsGzpAXemE4i2wsQC1y5Vk6aMu.RmzbWQrPudkpE9Ru7H
 nfa7gx9JbY2cGr_G.JhNJH.QiYfQL8lyjItv5OfJG.3i5GM9UxLwpLYRmgi4Tgt0IYNS1XPOpmTb
 .otMv682JcLzDU7ceWGW41bsjjEna.byNPU.5h4bZgwW5Y9tz.8w7RV_Xq5FCISztW4JaqGMTITm
 dtheDUZvzfGXQMZb6_n5aLQQYASWXFxqJLozO8NcNIs8YmzNm7kPf6EAbdbwflj3ThqmuTBijlJl
 2_skF8lPGar93sNHRgUJlA8KdiiVkeVjFnLQFzlrKhbaQ4qEMab3Dbcq3HMDWqUOe7b4oOprNopL
 Kqr_r4fnNZ4Kwu0r8puIfe0dMCqAZFx3XG8sFR5qpPmHm4dO7Ig0NtgIik_fsFKYRLBPD3VLMHYC
 m4PAOIkigg0mm_s1Skf1knTBYkhXumTqeEC7XC.PbaUPwdDWs64JNVkFki15r9XbFO8BzM7CGbPd
 DwUL36s8Lmvr9m7ouXkQy49pyCUaT1a0Y4cQH95gbGucsYS752kPtTufh5JKyO4lEXYxGCEn9fNV
 hmXasiiWjZDgxUp5cahpAmf8T7jSqJYP_TbW5zOg1y9novRzbS6bwbchEwhI2dkXv47qeWqGX1uC
 f6IT2MFs4rYXU5IbarSMbxXlNHu.b2wqLIUAFN9mgJYqEHC_btBSs968MXujC94HYQo5EGAipvms
 IpP6J5.y0XJk9HpLo_govRmkjs0kWPNJM7zSL_EbG1vQ2._tHX_H9nX8lv613NHHVLcDZ6q4ZWSG
 eSKbQAR7bVb_Lm_YD4_t9V1inL8MVds6FvjhKKNP_dV1b3umDKGNNnG4MUJHyx6KqlGEtWXrXyZV
 uU9p6mXK38oa1jmIhVRksIOKa6wfSDMgpyYflqWoVOZexk54cg0CL5Ov_PYl6n5Fje8QSscrb3Ti
 bTJ9IxIddabwxrF546mqvYyf2bOKomyuyr7SoPHxTXbrQ8y6GzW5HJBddfzwmnvZIAUIgRXLHlkk
 XCHC3r8L453mRlLZsc6DahqHLd7eSlOyqdgXVNIwejF2COx7woGIfoq3fxoXhLvj6DZrCD37nMPY
 G1m0yUHDyB5aZGaXRjZ3PvkPsZfOXuQmpCzAcSzt_uB3XUQM22xxn1ibk8.J5IHjdOkPH8WKiF4v
 VwooCiLdtuemerKsmjWc.LC0Dal.ctXvKKkufQb5qTMigFtzZwK.URTPcdX0ZCTioWOOy1l_p_0_
 Vptt10A1GmrpwmaBdW.FAyJ4QGJC7u2wbjbKNol6Vg4sWwtFozl85MSWZbdEg9mUNep0fiJQQe_n
 vjJFDIlZlffsI.3oyzDc5j1ULc6_kIlp.OS5.DPFr2Xv8dAwSQEL1y4Gb31APozZWzSva89oKPKV
 3XbhH5aVrwk3ltC4bYU5EbYTdB5EWb7c-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:45:10 +0000
Received: by kubenode545.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 83eeef32ece3304efb45e12e25148509;
          Mon, 13 Dec 2021 23:45:04 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 04/28] LSM: provide lsm name and id slot mappings
Date: Mon, 13 Dec 2021 15:40:10 -0800
Message-Id: <20211213234034.111891-5-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Provide interfaces to map LSM slot numbers and LSM names.
Update the LSM registration code to save this information.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h |  4 ++++
 security/security.c      | 45 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/include/linux/security.h b/include/linux/security.h
index 96afea94938f..1bc00edd3a32 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -194,6 +194,10 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
 	return !memcmp(bloba, blobb, sizeof(*bloba));
 }
 
+/* Map lsm names to blob slot numbers */
+extern int lsm_name_to_slot(char *name);
+extern const char *lsm_slot_to_name(int slot);
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);
diff --git a/security/security.c b/security/security.c
index f5acb607e251..9f3a467fb992 100644
--- a/security/security.c
+++ b/security/security.c
@@ -477,6 +477,50 @@ static int lsm_append(const char *new, char **result)
  * Current index to use while initializing the lsmblob secid list.
  */
 static int lsm_slot __lsm_ro_after_init;
+static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
+
+/**
+ * lsm_name_to_slot - Report the slot number for a security module
+ * @name: name of the security module
+ *
+ * Look up the slot number for the named security module.
+ * Returns the slot number or LSMBLOB_INVALID if @name is not
+ * a registered security module name.
+ */
+int lsm_name_to_slot(char *name)
+{
+	int i;
+
+	for (i = 0; i < lsm_slot; i++)
+		if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
+			return i;
+
+	return LSMBLOB_INVALID;
+}
+
+/**
+ * lsm_slot_to_name - Get the name of the security module in a slot
+ * @slot: index into the interface LSM slot list.
+ *
+ * Provide the name of the security module associated with
+ * a interface LSM slot.
+ *
+ * If @slot is LSMBLOB_INVALID return the value
+ * for slot 0 if it has been set, otherwise NULL.
+ *
+ * Returns a pointer to the name string or NULL.
+ */
+const char *lsm_slot_to_name(int slot)
+{
+	if (slot == LSMBLOB_INVALID)
+		slot = 0;
+	else if (slot >= LSMBLOB_ENTRIES || slot < 0)
+		return NULL;
+
+	if (lsm_slotlist[slot] == NULL)
+		return NULL;
+	return lsm_slotlist[slot]->lsm;
+}
 
 /**
  * security_add_hooks - Add a modules hooks to the hook lists.
@@ -498,6 +542,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 	if (lsmid->slot == LSMBLOB_NEEDED) {
 		if (lsm_slot >= LSMBLOB_ENTRIES)
 			panic("%s Too many LSMs registered.\n", __func__);
+		lsm_slotlist[lsm_slot] = lsmid;
 		lsmid->slot = lsm_slot++;
 		init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
 			   lsmid->slot);

From patchwork Mon Dec 13 23:40:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674923
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 21E53C433FE
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:46:18 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242893AbhLMXqQ (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:46:16 -0500
Received: from sonic301-38.consmr.mail.ne1.yahoo.com ([66.163.184.207]:44708
        "EHLO sonic301-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S238647AbhLMXqP (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:46:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439175; bh=vxCUG1h+lCJ94WSHwlr3/Hl5zyslpj5o24+SDdlt7RA=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=P/QTuGYnhkRoxqCEFDmWJFmL47QwPi+bb6YO4NlY7WYhb39fEr17Oe90Iw2ptr81nE76199sVjDRWbn3T9I7LctsBYisH1MI51Eyeo26JaYlD5ID17+Y3MlQyqKpk0yVcWz+UcLGAPxGMM+yv4DW+dQJXjSZM3nulTmKUwSklyXDOP8WX8bbxoObtzXhTK/u5eFDXrhfyVE7pP6r5UYLXLMbyjub2cPnzl3vhWDV+8qv4iiYgEYbVBphApNpDEBaz+CKOeV8HLibmUSMmStPyVrj8NxocbwiGZK9L1gfEW2q6qMm5Ge39ZrZ03UzAv1tmApWE6lnhpmF66DQBxtweg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439175; bh=NZZXhOMiWJZL6iq/JQxpUB2JQMzLleOpm7EshhtBfV+=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=KysZ6wvP86mqD8bt5x7bMwhtIebHrpsKY6OdR+bcRxlU7k4ys8+Mo7dTkOLgzpdel9GfcA6pdDxmiJ9wxM12emLxtD1ayCvJNUSjX/HgBoNLj66p2yZQKCsAUqczZRoIdsFXs3oGel46irUJdS9OtQpar6cP2HIyy89HcVxLwgvmp2EFekG7uAj9LUKXJVjojiOrxR/uVk7oK5xeo74UJ7rMON5bV2LSbIfZEHZebOY66KLi2c10ZS0hKKL8Pg3Bh7QzzhkgHTo88YlJK92Zf9O3GqM8lzFo7nrg/Ie3hMwqnUartS4+nEU7pHWc/XqcAxxuBXeJQTWM2oxUazcT0w==
X-YMail-OSG: mlpj3KQVM1mRknd3olSFcQntkPkEC1QeFR9K0mHeFl4_RQPG9cKhTRY9KQ9hi4r
 XA24QlLXhKZE.C85TIQDqCkdbQbNihCDVnG3YhLdpWLp4FHA9SVmXudSQPXcFcuhbE_ZvS12bq64
 oRD11P6xf2yE39r5I7589FxgSd5qlu_QPHK8lYuAKQbx19LnwA8lJd654y8hF5GZ45vwIOwOAAyL
 xquaiw3WbrqCvsvCT6Ssz_8LnW_iMyzIbZHZGDYrCxU_jajkiv0EXIC2VFgXog1J0B0n9TiJ1jyZ
 3Hqh3jspaowaR93BAXezFoGMAuUfRrdtUTLbH2DdMEwYsWlGz35P_nt3TKM5Og4VMevh__3B_Dvo
 eL5vxxVZNsovlBSU4Uj4PrqMBx66DafR8Em4v8ahBHY0NkoJ4ppvSGBoUTW8lJ4DEK5SGi9LDJ9J
 GvVWU4aPQFCPAP8syn34ww0CtLMnggAooZEQfqBdh5zxJ2vO6_Niv6t1haHDs3gWGq7MF6UQqE6R
 Lm6odwKzA7psBRG7rJ.SaaU6sgM8Oi4cgMIvQXm_E3n14G1kOSz54ZAJfQptNLMH.EI_j5QO96R8
 UJL0dxuBwSbRdZc.7xiYOtgXp.srOXY_hJFU1riMXB.OkJ3WOT8nNm803YCtXF.1ZWrj78beuF2P
 FPrTdqsTpDaQcrBbv8x8uEJ5vOy5JSdJmeDSbCIbXzGjx5hElVBy6TMRpHLaU_DKTUv2Mx5gTrp8
 CQC3Ehj.OVHb7al9BQCwj5LTL7As6FLyyu8iKzAAnoYDQ5veUWixD_0XzPWUZ4Y5Ymdj7SZNdF_e
 SVIN54sM4_kkfwWDvjtsk44vo0oHC4WOt3CG68c59JIpEeexs1tkt70IX1_oI4opmvRGsQIbs963
 TLH_uGUN5oiAAsNxJJ7kGicYTiBxpRtdkCzFH2eoAU4K_hs7edsQUz0Uuuai9FQbSHyTnXCQy_6n
 0SxLuiKmW9qHuWXYaz1Y9O4cd5nRpGYS1WcRNWxIx0gbM.f9u6ahcABgTk9ygTGDKmifrhOEp7cn
 ADU0JgqkgbCM0y5TnN0tRPzxzEVQfl6ESXoQL2KpazqksnXJ_QmXKgFUA_mv55xikOhFcJ6MaVdB
 wOauAW.A06CjWFlyxlXWGEBK.5yhWSoob9ysJ1YPvAOb8pctorVu8ibZd9hfGuyn3IB4EdzYt2sc
 JYUw7Cn2.wVcwNRYVN4.1.UhcptgwVd8w9TuQUHfZ48ZwTOl_DSJrGDXirXnRGegkhV_tOvmWZt0
 jzJezgADfyXHOPN4AT2kBoWJv._nSLIwhhfHF8zveDmHqDyBibVZU474yzwJjNbhFQ1zpDJiGTlb
 n4AQ4jAD00XS1N.OZZ3PwJzxxKyEs85qHm5kJYrqhAXcFtrsG4yc.nlWK0.L8mFc0a8ioykAkQ9C
 wCqPgdttuWExOlG04S84IcjztweD1t7.MBmK3AZ5QmK_uuqu1P8N44gC1YK8jMb9Xalxtz5FUn2q
 dsS5l1YvvXL44f2DLZZzQFTAMUDGRnyuAdpnMHCTa8lrXwV4klQ3hNRnHb8XrjzoA.lw5KDOUITw
 jbqfanvS2CQPfWk6z.U1PI4iIUIXdeI9eFNH24TnWpUbrYhxIaZLZIxpFL2irFCfKvufUetiFPw2
 rVYogVZcdONJS7VIZWQ78B_5IKV8Zkv1gFo1_Ii7lvYd4ESM6pYcf0O89OS2lNsiISpkXON6xD.P
 EIIKesmbbfQP4d_dy5sTnSJD4CztCCRxb1LC90GWUE7BBGFWyhtuAAAehQW_YT.LAJV82Cmtr26J
 j1ucm_M80lwz_sMxuf1trzfCbUYgU7ln.jmXTcIWph4ar2QdvAa8mdbxyRCDkE0Ms_2wl5x15kVZ
 xqmbxQSzs_OXIzdmiEefYieRIlDpfboCBk3NnEi0ySHEEjYtWeOa2CMvX.uiB2wAzaWAu_dZ2EWZ
 oC5nd1TZ2z7f2qgqtE6brcxP2Ew2dU4xWCCwLVDGaB9A0MF1gsnNmdm0.qXtHdnNOpXQYeaN2UPF
 RZwHpNPD6D59EgaAD7ndXQOfTKNsjCwqhnrRKtDQUHzAuSuZ4cyo49JzGoXSe02vIuZfnUarRQHL
 LoFxpaVkrs47Ppa9o4JGlWZt1mTnnZKjkxPsoCtxMNx9ucXndQHUfAqJMdQM.R4.kddw6TK20.rW
 yk.914UD4IujmmWWrzb82C0NWIV.Qh79ufecfDVXBk3_KFrlYi1n8drb5kErOEz6txsECoMr6nEK
 xuDNe4vHmhBnx7aMn.LEJGu1yj6Y.AEBZtRKk17Dfw.RCoBMy_ycYnYhIl8I-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:46:15 +0000
Received: by kubenode548.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID b7c8ca89523065c6a900f1b41ca9cf40;
          Mon, 13 Dec 2021 23:46:11 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 05/28] IMA: avoid label collisions with stacked LSMs
Date: Mon, 13 Dec 2021 15:40:11 -0800
Message-Id: <20211213234034.111891-6-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Integrity measurement may filter on security module information
and needs to be clear in the case of multiple active security
modules which applies. Provide a boot option ima_rules_lsm= to
allow the user to specify an active security module to apply
filters to. If not specified, use the first registered module
that supports the audit_rule_match() LSM hook. Allow the user
to specify in the IMA policy an lsm= option to specify the
security module to use for a particular rule.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
To: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
---
 Documentation/ABI/testing/ima_policy |  8 ++++-
 include/linux/security.h             | 14 ++++----
 security/integrity/ima/ima_policy.c  | 51 ++++++++++++++++++++++++----
 security/security.c                  | 35 +++++++++++++++----
 4 files changed, 89 insertions(+), 19 deletions(-)

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 839fab811b18..64863e9d87ea 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -26,7 +26,7 @@ Description:
 				[uid=] [euid=] [gid=] [egid=]
 				[fowner=] [fgroup=]]
 			lsm:	[[subj_user=] [subj_role=] [subj_type=]
-				 [obj_user=] [obj_role=] [obj_type=]]
+				 [obj_user=] [obj_role=] [obj_type=]] [lsm=]
 			option:	[[appraise_type=]] [template=] [permit_directio]
 				[appraise_flag=] [appraise_algos=] [keyrings=]
 		  base:
@@ -126,6 +126,12 @@ Description:
 
 			measure subj_user=_ func=FILE_CHECK mask=MAY_READ
 
+		It is possible to explicitly specify which security
+		module a rule applies to using lsm=.  If the security
+		module specified is not active on the system the rule
+		will be rejected.  If lsm= is not specified the first
+		security module registered on the system will be assumed.
+
 		Example of measure rules using alternate PCRs::
 
 			measure func=KEXEC_KERNEL_CHECK pcr=4
diff --git a/include/linux/security.h b/include/linux/security.h
index 1bc00edd3a32..9b853796bd4f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1985,25 +1985,27 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules)
 
 #ifdef CONFIG_IMA_LSM_RULES
 #ifdef CONFIG_SECURITY
-int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
-int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
-void ima_filter_rule_free(void *lsmrule);
+int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
+			 int lsmslot);
+int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+			  int lsmslot);
+void ima_filter_rule_free(void *lsmrule, int lsmslot);
 
 #else
 
 static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
-					   void **lsmrule)
+					   void **lsmrule, int lsmslot)
 {
 	return 0;
 }
 
 static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
-					    void *lsmrule)
+					    void *lsmrule, int lsmslot)
 {
 	return 0;
 }
 
-static inline void ima_filter_rule_free(void *lsmrule)
+static inline void ima_filter_rule_free(void *lsmrule, int lsmslot)
 { }
 
 #endif /* CONFIG_SECURITY */
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 320ca80aacab..22952efcc0b0 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -90,6 +90,7 @@ struct ima_rule_entry {
 	bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */
 	int pcr;
 	unsigned int allowed_algos; /* bitfield of allowed hash algorithms */
+	int which;		/* which LSM rule applies to */
 	struct {
 		void *rule;	/* LSM file metadata specific */
 		char *args_p;	/* audit value */
@@ -286,6 +287,20 @@ static int __init default_appraise_policy_setup(char *str)
 }
 __setup("ima_appraise_tcb", default_appraise_policy_setup);
 
+static int ima_rules_lsm __ro_after_init;
+
+static int __init ima_rules_lsm_init(char *str)
+{
+	ima_rules_lsm = lsm_name_to_slot(str);
+	if (ima_rules_lsm < 0) {
+		ima_rules_lsm = 0;
+		pr_err("rule lsm \"%s\" not registered", str);
+	}
+
+	return 1;
+}
+__setup("ima_rules_lsm=", ima_rules_lsm_init);
+
 static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src)
 {
 	struct ima_rule_opt_list *opt_list;
@@ -357,7 +372,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry)
 	int i;
 
 	for (i = 0; i < MAX_LSM_RULES; i++) {
-		ima_filter_rule_free(entry->lsm[i].rule);
+		ima_filter_rule_free(entry->lsm[i].rule, entry->which);
 		kfree(entry->lsm[i].args_p);
 	}
 }
@@ -408,7 +423,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
 
 		ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
 				     nentry->lsm[i].args_p,
-				     &nentry->lsm[i].rule);
+				     &nentry->lsm[i].rule,
+				     entry->which);
 		if (!nentry->lsm[i].rule)
 			pr_warn("rule for LSM \'%s\' is undefined\n",
 				nentry->lsm[i].args_p);
@@ -624,14 +640,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
 			security_inode_getsecid(inode, &osid);
 			rc = ima_filter_rule_match(osid, rule->lsm[i].type,
 						   Audit_equal,
-						   rule->lsm[i].rule);
+						   rule->lsm[i].rule,
+						   rule->which);
 			break;
 		case LSM_SUBJ_USER:
 		case LSM_SUBJ_ROLE:
 		case LSM_SUBJ_TYPE:
 			rc = ima_filter_rule_match(secid, rule->lsm[i].type,
 						   Audit_equal,
-						   rule->lsm[i].rule);
+						   rule->lsm[i].rule,
+						   rule->which);
 			break;
 		default:
 			break;
@@ -1026,7 +1044,7 @@ enum policy_opt {
 	Opt_fowner_lt, Opt_fgroup_lt,
 	Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos,
 	Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings,
-	Opt_label, Opt_err
+	Opt_lsm, Opt_label, Opt_err
 };
 
 static const match_table_t policy_tokens = {
@@ -1074,6 +1092,7 @@ static const match_table_t policy_tokens = {
 	{Opt_template, "template=%s"},
 	{Opt_keyrings, "keyrings=%s"},
 	{Opt_label, "label=%s"},
+	{Opt_lsm, "lsm=%s"},
 	{Opt_err, NULL}
 };
 
@@ -1092,7 +1111,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
 	entry->lsm[lsm_rule].type = audit_type;
 	result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal,
 				      entry->lsm[lsm_rule].args_p,
-				      &entry->lsm[lsm_rule].rule);
+				      &entry->lsm[lsm_rule].rule,
+				      entry->which);
 	if (!entry->lsm[lsm_rule].rule) {
 		pr_warn("rule for LSM \'%s\' is undefined\n",
 			entry->lsm[lsm_rule].args_p);
@@ -1781,6 +1801,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 						 &(template_desc->num_fields));
 			entry->template = template_desc;
 			break;
+		case Opt_lsm:
+			result = lsm_name_to_slot(args[0].from);
+			if (result == LSMBLOB_INVALID) {
+				int i;
+
+				for (i = 0; i < MAX_LSM_RULES; i++)
+					entry->lsm[i].args_p = NULL;
+				result = -EINVAL;
+				break;
+			}
+			entry->which = result;
+			result = 0;
+			break;
 		case Opt_err:
 			ima_log_string(ab, "UNKNOWN", p);
 			result = -EINVAL;
@@ -1817,6 +1850,7 @@ ssize_t ima_parse_add_rule(char *rule)
 	struct ima_rule_entry *entry;
 	ssize_t result, len;
 	int audit_info = 0;
+	int i;
 
 	p = strsep(&rule, "\n");
 	len = strlen(p) + 1;
@@ -1834,6 +1868,9 @@ ssize_t ima_parse_add_rule(char *rule)
 
 	INIT_LIST_HEAD(&entry->list);
 
+	for (i = 0; i < MAX_LSM_RULES; i++)
+		entry->which = ima_rules_lsm;
+
 	result = ima_parse_rule(p, entry);
 	if (result) {
 		ima_free_rule(entry);
@@ -2151,6 +2188,8 @@ int ima_policy_show(struct seq_file *m, void *v)
 		seq_puts(m, "appraise_flag=check_blacklist ");
 	if (entry->flags & IMA_PERMIT_DIRECTIO)
 		seq_puts(m, "permit_directio ");
+	if (entry->which >= 0)
+		seq_printf(m, pt(Opt_lsm), lsm_slot_to_name(entry->which));
 	rcu_read_unlock();
 	seq_puts(m, "\n");
 	return 0;
diff --git a/security/security.c b/security/security.c
index 9f3a467fb992..580ef0c40be7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2705,19 +2705,42 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op,
  * The integrity subsystem uses the same hooks as
  * the audit subsystem.
  */
-int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
+int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
+			 int lsmslot)
 {
-	return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list)
+		if (hp->lsmid->slot == lsmslot)
+			return hp->hook.audit_rule_init(field, op, rulestr,
+							lsmrule);
+
+	return 0;
 }
 
-void ima_filter_rule_free(void *lsmrule)
+void ima_filter_rule_free(void *lsmrule, int lsmslot)
 {
-	call_void_hook(audit_rule_free, lsmrule);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
+		if (hp->lsmid->slot == lsmslot) {
+			hp->hook.audit_rule_free(lsmrule);
+			return;
+		}
+	}
 }
 
-int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
+int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+			  int lsmslot)
 {
-	return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list)
+		if (hp->lsmid->slot == lsmslot)
+			return hp->hook.audit_rule_match(secid, field, op,
+							 lsmrule);
+
+	return 0;
 }
 #endif /* CONFIG_IMA_LSM_RULES */
 

From patchwork Mon Dec 13 23:40:12 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674925
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AEAE5C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:47:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243157AbhLMXr0 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:47:26 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:40282
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S243150AbhLMXrY (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:47:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439244; bh=jT4PVItnczWnZdcyjvqnskftXdrHFa03HpMlVEGDCsY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=HPp/ARJv5rLx4AeDAKfUvHDj/bAQ44J/AAGJgHnotKwH/ikvRMPZ1oqU/OUK18hbiCErzq7CS+GOXkYQvKaNdyUEvkIhbpjAdJ/ccxWol7qhyYpMr12QdrhTlheYt6Xfqby2KgddzYJ5qYF9OEXZoZoDpagyHEaQOGfUgIc8fiXJDVu0inTeNmIP9kPLkJJr0aexYaCkA+NJ/NmxHOpVvQhOtJ2jxB3OeSYHAl7BurDeKbJnTyjkcLXqqA3kQxyyrTD/6jvMNzp/1EM87SFhG6vQ4NtaeDd5wqsgv70kqGoZb2kO8n39TpO9o8Be/O4IGloMcKZMPPwvFXaNxWyPmQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439244; bh=f6G37XNN9VW/yMBt97O3Ayi4AQaOs7437zvjvRN0Kau=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=F6pMIv28N2S5eeT6TtgoUOFR8vXLqkWZWi4RhM4B9Ul/Mba/CBY2ziidFgVcR9LZ5RbV2lZ1XAQ8SqbZw6nm069bDNyG2iSL6y8b/8mrPPx2ZkDBQ50NsMJIB7/fkgEWUKLOBegALfcK+A6jXgYFW9mssFe8V1dnf8Hi2s5b7Lt4RoLELU9PpjTWY2y5GY49AMORog3kMfCB24GvQEWJMLOsqn5T2AfyUC9OCOKiw3sP4ZzmVHhEuwNeBRjao+0Pv667TSqBDiTNZa1qNZBq+Ff7kQGsX8ZjazmvB2FEkwdFUIDK8mHmQwxFtrlTEIO77QpP+XinHg4U5lviEMydKA==
X-YMail-OSG: hKmQiAQVM1kQ.ehfl9z90d2Qm12A6zpkeH36svwlzDL5lkeDyJ1AtMgJDq0n23a
 iuF_22CMX5W4MjijzkBVBrW4WzNysdVR_inTE4RMvGSwaasoiXgUXJv0spQ6wl1qhtiQXECaGdtf
 GMbIIMevRMdLNQ5qrWPcaS5CikHvRxRv9.nB9iKkQObQ4aFlXNqmJdV0Xny3Kf03wEzthOIrGqAN
 ujfKWJL0Jg3KNp8m5h_1hmWgzNlntn82.vOP1i3P2LFxhgtSOzCfkNbaWfR1kKKLoxDcqT0_ic31
 Owgg.8DdqOOswM2UNSmF_MMxwRMwg3a6j_hQAxCK3YJ8y0.uVu4gO6Xs6WpoSOgkR74bCvZ1X.Ie
 ANm55uwuBl.V8HiToHOWlc8gC7eNDPbjmh8qYhHaBGor9oW4Fx.rM4yYY6MfF9l5AkOpsF72xtXG
 45rILMFWQQMZpM57Ym7ggSG3b5EnaBqcisk16u8L9bpJX9ZNdF9lPclEDGVtR3FMpqYD1yo0Tjb1
 q.waftbxrlmyTBwjqVec9nSkfruwYmuxafFmS6ZkQd7SixZCGNsc2VRvCIRwU7wWeUPNW9SORjji
 3jxqRg4h5USVbX25Laqm7B7oWCR3KZY.yl_j8L2FoCS2WvJDB7FpBTkgVKIUeD4k1Xp6539xS_HE
 RpxBWv5wqtpSzcs9bZT4j.pihIj1V5dUEOTg5_Qu6nf6KREbFSa3TENAcz495aqC7gQFvAF.j0X7
 y2qmS__hqN.AsYQwIGQhXr7i6P3GpPZ4FMvjsvGxiH0mNQ3gINNFmIjbPREl5OIXi8WUEpXDRH1l
 nyJipkFlme2e69TdFeXLHHWFx60RCuU6XVZ8XbbPaE92MQcd911W6QgdALVw8wH7EhrrEnarsyJF
 COkUFcVjQf4l0TLBPUdUEbgPjmSA1cPx1vAT.7.RzuvUJ9FxyoHBemK7eEOPm6MVt2T_zEuW27Zi
 tspb3_G6f1.lxsGqajPV_Olj7Q3LUlia8r7fU_FxLxbIUqO8TZrCsax8Uefbi5aeVrE_PTmyLs66
 jVQZSw4jIx7wWOOsbxEIjGPiy29vWcWN8X3x1N.kfwpXFFLC92.eqcYONV3E4wFNtFjd_l.N4pMq
 tKiDxWIM2_0kNEcOeUd.dxpeWHkpPJBzZbc6rL1N_TUezVoW_CsgaSISjEUXIzGhs52LTC3Js9Eq
 ZEQrl9NhxQVcZv4QehrG0DkJ0LyeL4mzNhvmJ0GJQvypKhGUOhNy_62Zil7Ncl3VdsiGvRbWjc3N
 _LGntZ7IAG2m6U9QMEd_gW4GBHp1zBbmTxCC8loCzHY15o0qzg.7zb3Y_1huPe4c7UkTQ3i6Rsrn
 5k2OPARcd1Mi5B2wDcFnSJVJqZmKnTa7qqLwfJfu9F.CKmBhK8XDXaw9LfwYihv87b9sF_mZBsa8
 eAIOmszkg3Pz77csDqpgK7UeSURbL4Ke6M4aUaUx3vybure7SVj7ybBJ4uWWLX7iZQxbwl5k0VSg
 UcNuhri1o.uEYClDrSozsWufzKJW7KPkdSeH.537LBWQOZBJlxyL5dMfStTfG8YKmfp4KIzs6PvI
 AwYsYwzUr8OtqPIboDkCPaTFcSF3JNdiFl4Iny2KF2F4VE55Cpi_tTRW9iweCWAJD5g8awZGCieY
 _TGbuCz7nauYutIbmCmNqpwDdd2_bn7PkQVuy72KDDD872fStXFqBvijJYDECPb0VllOnWqJCDZs
 Ej7ZY5OcbSUV27i1x9ad6tgnMeJ1vLtnUsUxDjd8uiOFDzsMYQQl0xtRNSuLc4N9EtTpnstgmaXW
 IMvXe2oSS7gNbJSyzPIqctH3CwZZNw622419XB6huuqNCc8ws4CIzwSzv5NDM9K3RMELlDBwOWRo
 _rU7pW6Qw3NakCn7s5isneFo9EVPvU5oMiD1W88htFjqQd6jJS8snDC0uE3bsY2WbVHqhhDNTL12
 LLsgu5jh_r2PuEgotVQknES76z2RaeWAE6.TddRiUf2CQfTPVruxD4J0VAxDQc0GguuZnC6h3swx
 lz0ZYBfMvPdQm8Rp45leVQEcA6oFCmeAyA6cyRGJSH0KF7CsGOyPOYcxMnWEd9r9lsQu7Puc538z
 XiFRVtjQhZnctek4dDOiqexiHI8XRh1Gf8J9dhKOMUD.WHseUDpAkdjyYygjFs4V0RsELVoY3WR5
 0NPy9o2vxKnfMlxmMfAb_Ox31wDUmLOu577Qwpi1l3NcfnnghZMfm00HCSv0x6VI7YhEPQkYPhc.
 zEFVK6RsGOr_G12sPhTnU05Rk0m.3NcCG
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:47:24 +0000
Received: by kubenode521.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 8c2b01bd5b69dc97b5d7e5a25e3d4d3e;
          Mon, 13 Dec 2021 23:47:21 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 06/28] LSM: Use lsmblob in security_audit_rule_match
Date: Mon, 13 Dec 2021 15:40:12 -0800
Message-Id: <20211213234034.111891-7-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the secid parameter of security_audit_rule_match
to a lsmblob structure pointer. Pass the entry from the
lsmblob structure for the approprite slot to the LSM hook.

Change the users of security_audit_rule_match to use the
lsmblob instead of a u32. The scaffolding function lsmblob_init()
fills the blob with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the blob structure later in the series.
At the point the use of lsmblob_init() is dropped.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: linux-audit@redhat.com
---
 include/linux/security.h |  5 +++--
 kernel/auditfilter.c     |  6 ++++--
 kernel/auditsc.c         | 16 +++++++++++-----
 security/security.c      |  5 +++--
 4 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 9b853796bd4f..5a29b9bfdeda 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1954,7 +1954,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
 int security_audit_rule_init(u32 field, u32 op, char *rulestr,
 			     struct audit_lsm_rules *lsmrules);
 int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(u32 secid, u32 field, u32 op,
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
 			      struct audit_lsm_rules *lsmrules);
 void security_audit_rule_free(struct audit_lsm_rules *lsmrules);
 
@@ -1971,7 +1971,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
 	return 0;
 }
 
-static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
+static inline int security_audit_rule_match(struct lsmblob *blob,
+					    u32 field, u32 op,
 					    struct audit_lsm_rules *lsmrules)
 {
 	return 0;
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index c6b25bf0b323..88a8d69d03dd 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1337,6 +1337,7 @@ int audit_filter(int msgtype, unsigned int listtype)
 
 		for (i = 0; i < e->rule.field_count; i++) {
 			struct audit_field *f = &e->rule.fields[i];
+			struct lsmblob blob;
 			pid_t pid;
 			u32 sid;
 
@@ -1370,8 +1371,9 @@ int audit_filter(int msgtype, unsigned int listtype)
 				if (f->lsm_str) {
 					security_task_getsecid_subj(current,
 								    &sid);
-					result = security_audit_rule_match(sid,
-						   f->type, f->op,
+					lsmblob_init(&blob, sid);
+					result = security_audit_rule_match(
+						   &blob, f->type, f->op,
 						   &f->lsm_rules);
 				}
 				break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 194a62d86578..e0c71fe27c2f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -468,6 +468,7 @@ static int audit_filter_rules(struct task_struct *tsk,
 	const struct cred *cred;
 	int i, need_sid = 1;
 	u32 sid;
+	struct lsmblob blob;
 	unsigned int sessionid;
 
 	if (ctx && rule->prio <= ctx->prio)
@@ -669,8 +670,10 @@ static int audit_filter_rules(struct task_struct *tsk,
 					security_task_getsecid_subj(tsk, &sid);
 					need_sid = 0;
 				}
-				result = security_audit_rule_match(sid, f->type,
-							f->op, &f->lsm_rules);
+				lsmblob_init(&blob, sid);
+				result = security_audit_rule_match(&blob,
+							f->type, f->op,
+							&f->lsm_rules);
 			}
 			break;
 		case AUDIT_OBJ_USER:
@@ -683,15 +686,17 @@ static int audit_filter_rules(struct task_struct *tsk,
 			if (f->lsm_str) {
 				/* Find files that match */
 				if (name) {
+					lsmblob_init(&blob, name->osid);
 					result = security_audit_rule_match(
-								name->osid,
+								&blob,
 								f->type,
 								f->op,
 								&f->lsm_rules);
 				} else if (ctx) {
 					list_for_each_entry(n, &ctx->names_list, list) {
+						lsmblob_init(&blob, n->osid);
 						if (security_audit_rule_match(
-							n->osid, f->type, f->op,
+							&blob, f->type, f->op,
 							&f->lsm_rules)) {
 							++result;
 							break;
@@ -701,7 +706,8 @@ static int audit_filter_rules(struct task_struct *tsk,
 				/* Find ipc objects that match */
 				if (!ctx || ctx->type != AUDIT_IPC)
 					break;
-				if (security_audit_rule_match(ctx->ipc.osid,
+				lsmblob_init(&blob, ctx->ipc.osid);
+				if (security_audit_rule_match(&blob,
 							      f->type, f->op,
 							      &f->lsm_rules))
 					++result;
diff --git a/security/security.c b/security/security.c
index 580ef0c40be7..3ad3aa74c59d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2680,7 +2680,7 @@ void security_audit_rule_free(struct audit_lsm_rules *lsmrules)
 	}
 }
 
-int security_audit_rule_match(u32 secid, u32 field, u32 op,
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
 			      struct audit_lsm_rules *lsmrules)
 {
 	struct security_hook_list *hp;
@@ -2691,7 +2691,8 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op,
 			continue;
 		if (lsmrules->rule[hp->lsmid->slot] == NULL)
 			continue;
-		rc = hp->hook.audit_rule_match(secid, field, op,
+		rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
+					field, op,
 					&lsmrules->rule[hp->lsmid->slot]);
 		if (rc)
 			return rc;

From patchwork Mon Dec 13 23:40:13 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674927
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9360BC433EF
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:48:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241775AbhLMXse (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:48:34 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:45038
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S236475AbhLMXse (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:48:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439313; bh=WqTilqDGcIu+1yT7DKcfjayEylLcsuo2HVtuuRvXH5c=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=jsvYivaPXDu+wKTF4Vo9e0+zu5C0gV1mhLegloQ/iAVIvGvTof5n0dKSj/sSDsKw/o93sT8OkKABdVJ/ckcMZO6DpYhx/wtRZfIj7AQ3WFyMCvMTsLiNPAG4/1RhxlbBZoR3KBZh01woB5rS8AYaRZayetdeqcTC1A12Ah/jiKU7HOXSyGlL9JPWLxF++g3oQssg2c8z1MocO6X66Hd9k3qJ7ao4z5cj8rjGEWJwwhXKy7ZgEaa1zeAt2hQNJYM7h8jiPhgsoEU29z4Vxt1CYe/7V+rvr2KSuMl8Z2hQ71Mmi5zVhF8/vfD739bISvfbNL/Ibqbro5ZWUe9eNBNA/w==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439313; bh=pZEQ+AKMGlTkclHIbVOxsbJlt0XKEaHRoaK8sLEla0g=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=YcZwdtgHFo0evK2+kh697ocImjlQNT8KNXF+2hRISMTlwwd9Jjq5bUOrHd/jH9bB87IPZhRzJKr5zSVA680nXSDhRkr9wkKfPw+MGAuqP47LbV5zm675HhonUM5w7oOvd4oCGDlcxWePTfsKxzOoKbo8GGMfqJix+9nYJHUiJCWl5RZWxa1JnpPL8n+t8CKi5Ld1HABoH1yTHkYUw/oWrgf6+AFXqjODITQlTdejBXjZ0pN1JGVOIz8ObWkK26bT5RFy6BqCgDjmEAcjOMtzUfR7aFDNi1q77I0SGFiPsHKl74I7Ip59eZ5sVvPDv1xvwm7Ixh/Ic1NZ/W/u36a0ZA==
X-YMail-OSG: WXWcCnIVM1kIkBckywGKgWDi.rkR8SWA5tiA6vG.YdhcczLjCmzS_RyOi8Dhj0g
 yxl6S7vjcM.w8D.XWmJhs38uDKp9zavBhgn900db2l9ecqSAtZKGsjfUrPhZw_ZgGlLTpSTrURq.
 EnMpby3D5f01QcuqQLqM5TS2qOVyXNRW.qOSVNVYWLayKRPT3H8xZx4Jeo9M24V3OFftxNSe4UsE
 MHThI1DzGj2nIuq7sMJSbxZ2S16i7PJgmxoy148Z1vobMqZbC9IXbUUG4d5nxvj1uceXjO3yAoSc
 XAq5jwUXV_aE1Z8PA.lvEhTqkEyXSW9VzVjmgJSuK.638p1qYFEQ9BMB5EP8Jkl4iSblIfDCCLGP
 2UA5v19VWxsRGoRzicDxpl1vzZdyyu0YLaMq83EAuek6D9qeQplOoV5QAIGH0FIbUtx4osQ_CbeJ
 TxOHyl5Ja.nPWAyWHm5w0oMGSL8EEYtMQkcPv_EAhCeQcWzqdf0Kg84.eDGxkn4vSD02Bi4t3uhX
 .UpZZrqT6oY7u3thLjmwazVuJ3WJ_Y7Z1n961IuwMyLIaoxMfgh2fXw4iloWaG0NQnaZUU7DOdCq
 tywuOT0FPiO8NDZIqJFNlUlneSReoyLKo0acRwAiq2cemW6QN6I0x7nDoTAozkNKpIissKbB1xC.
 FhLLP8Hd1W2D23FuLewfgMYuKN3yWA75XimLEWcdUMPgiW3ZeAAbuUPzszp17kmtM7qbnFABnYJT
 46fEohrMGqXuCRRfBO0ybLZxWVNss6OqENa5ebKb9P9K4idMfJua7b2CFr.PK..tB615FEMH089e
 hEISLRF0l1e7uy2V85rk6Car_dmj8F_zwkYiVsUXQWTVhdaigigxgFZNhhaWt84zG8nc8fM2gmao
 oyNy5F6FGcn_9v_BfgrMsU0WCV17gDHWd24LZzVW0Tp0Mk28k37RsCy9OdmiDQZkSQ2vLRnGv5BD
 qwvkZfYbmgOE94oMRqZdOpL3ZRtyNKXEKRVgQ6HWt34Zyvc8SMyASq5.UYtXIfQwkiLg1ZLZCkZd
 Ek2318UCZLYInnru7iQO6a7COa9019I14It5iz9d9UcYdexL.k4Q8lZqrVhDTz4jKiJqY8dDdcle
 0pAhtF2_75BbCuFHgnBpYohaV8OIWhuYdVt.e37J5I2Cbpg86RjJkV8goKVq7mVcYevMx3BQtlxg
 3CuwRN3hD8YmlhFw1sjKwEkGcFZpmz8Nx1ez616PYuLqGIhGw9bQJSC1fFCzZ6uDLbhztpQqSFP4
 .Y78qUJDUkgDTlS1ynoPz5OAXZZgdHUL3F3znlZJ2zXq.FPUdD4RqaoCSQ4K3wUqFGBVaeDtBH7z
 rj79B_QeKeDcc.Lqg5kADSFZ.lNKJYqYjNGt6PCMvy2CbPkAk5odpmZs6A8rmvBk6a.hDvSiBKMI
 WBO13_pdLMsxL8szpTtJc6u9CEB4lqcjYd8BK2qy7nefdid95elKyk5NS3laGJtm510i5Wy7UEhL
 KLesCBk.zNBxl_LJ3RnDj6h3ZLYFBoqZK35VFcqpx803bv.wniSXVDPmUjX.d1N_zNp9k.OoDXvN
 PQcpJp4BPsddZIm12GVjLt4HtY1vjWh.AVX80HL.ZGvYG_5YQuJdjZ7VqZa1PURR92wiVBUIkX1q
 XWgRuDn3qEUWAC5.NfDI5hngTK_TyMD7PL1PVkej416doiGuDYlc1mP3exTL93zCA.JnDcvist.w
 2qHHHsQqlEn_PRfx2TxwZwf1sy8QP4CMw4rV8uL0374gGKkjbwAoHLepedVfxuK0RfE7UCVaP3EQ
 DRnLAXMvkU4Xl6nxcB.bPPTW4FvouuDWZuKLpQVqNV3.jg6PFEO4rVP.FafA_Olrg4mIaPaOvZ3v
 CNHdtv8PvjalBEM_Qos1PXnoPTMce0oKICZGrdAg9uyzauyf9GEISa6f6D3Jo9j.seyEFjcShLMM
 Bh1jxyQ6wL2de4eyfFApurj6J4UHPzQg6JpHzswHBPW2xglefdXH9dYKRwcuGT.2Xx8t9.lx_QVl
 R_szFo2m1Edx2yqvM6XrG6Jiv0piXAMsgeZV6CnH9wuk3vhA9brNbPMycNEiKHtxF8p_QIuBmXTk
 ueAvOmKDmjKbLYRLrTFa1MwcAI.bisnoE9UCghhGNpcdyangIUL5WL6QoM8dPtikSGIUy6_2zDPH
 5RC73SptOYNCMJdEC.KrLKU6_0ggrjsRGJ1xozxNUbkIB0.HPK.GId0JQmPjqbDJfaAhO3pjE1yI
 TkoUhFIfEnDBSk5turGQ1K85Ohn8Xd8UBCVb12AM1u702RuTFt_G_oDfBPjwhRnlxBIq6.Ti9cAM
 VMHJp4cjL8kI-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:48:33 +0000
Received: by kubenode545.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 2e021ae071039d083444738cca3c5d3c;
          Mon, 13 Dec 2021 23:48:27 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH v31 07/28] LSM: Use lsmblob in security_kernel_act_as
Date: Mon, 13 Dec 2021 15:40:13 -0800
Message-Id: <20211213234034.111891-8-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.

The security module hook is unchanged, still taking a secid.
The infrastructure passes the correct entry from the lsmblob.
lsmblob_init() is used to fill the lsmblob structure, however
this will be removed later in the series when security_secctx_to_secid()
is updated to provide a lsmblob instead of a secid.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
To: David Howells <dhowells@redhat.com>
---
 include/linux/cred.h     |  3 ++-
 include/linux/security.h |  5 +++--
 kernel/cred.c            | 10 ++++++----
 security/security.c      | 14 ++++++++++++--
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index fcbc6885cc09..eb02e8514239 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -18,6 +18,7 @@
 
 struct cred;
 struct inode;
+struct lsmblob;
 
 /*
  * COW Supplementary groups list
@@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *);
 extern void revert_creds(const struct cred *);
 extern struct cred *prepare_kernel_cred(struct task_struct *);
 extern int change_create_files_as(struct cred *, struct inode *);
-extern int set_security_override(struct cred *, u32);
+extern int set_security_override(struct cred *, struct lsmblob *);
 extern int set_security_override_from_ctx(struct cred *, const char *);
 extern int set_create_files_as(struct cred *, struct inode *);
 extern int cred_fscmp(const struct cred *, const struct cred *);
diff --git a/include/linux/security.h b/include/linux/security.h
index 5a29b9bfdeda..aaa63bf5026e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -464,7 +464,7 @@ void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 void security_cred_getsecid(const struct cred *c, u32 *secid);
-int security_kernel_act_as(struct cred *new, u32 secid);
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
 int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
@@ -1112,7 +1112,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
 	*secid = 0;
 }
 
-static inline int security_kernel_act_as(struct cred *cred, u32 secid)
+static inline int security_kernel_act_as(struct cred *cred,
+					 struct lsmblob *blob)
 {
 	return 0;
 }
diff --git a/kernel/cred.c b/kernel/cred.c
index 473d17c431f3..e5e41bd4efc3 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -772,14 +772,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
 /**
  * set_security_override - Set the security ID in a set of credentials
  * @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @blob: The LSM security information to set
  *
  * Set the LSM security ID in a set of credentials so that the subjective
  * security is overridden when an alternative set of credentials is used.
  */
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsmblob *blob)
 {
-	return security_kernel_act_as(new, secid);
+	return security_kernel_act_as(new, blob);
 }
 EXPORT_SYMBOL(set_security_override);
 
@@ -795,6 +795,7 @@ EXPORT_SYMBOL(set_security_override);
  */
 int set_security_override_from_ctx(struct cred *new, const char *secctx)
 {
+	struct lsmblob blob;
 	u32 secid;
 	int ret;
 
@@ -802,7 +803,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
 	if (ret < 0)
 		return ret;
 
-	return set_security_override(new, secid);
+	lsmblob_init(&blob, secid);
+	return set_security_override(new, &blob);
 }
 EXPORT_SYMBOL(set_security_override_from_ctx);
 
diff --git a/security/security.c b/security/security.c
index 3ad3aa74c59d..171e2fe66e5e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1800,9 +1800,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
 }
 EXPORT_SYMBOL(security_cred_getsecid);
 
-int security_kernel_act_as(struct cred *new, u32 secid)
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob)
 {
-	return call_int_hook(kernel_act_as, 0, new, secid);
+	struct security_hook_list *hp;
+	int rc;
+
+	hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]);
+		if (rc != 0)
+			return rc;
+	}
+	return 0;
 }
 
 int security_kernel_create_files_as(struct cred *new, struct inode *inode)

From patchwork Mon Dec 13 23:40:14 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674959
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AB64CC433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:49:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244263AbhLMXtj (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:49:39 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:45505
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S243322AbhLMXtj (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:49:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439378; bh=jED1FKxellw4KtQDkWf6Z/5uafpV100mgrllKbb8X90=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=DEIbbkGO6YIqi7gr3KJm9RTXTpuAYmaPK4b2ckhYa9hDnniHq60fPqZHdPWpbIgibhGLXTyI2hnOpvmilltqIqsucKpjOshaGu2e2y9ynhTqOdhr71BeWgVR98KCrpFagjysirbdVY7PjKKvvcIZsjBCgqYjwyb3Bz7WxVxSZATD1KPr/vlPF2xVs5mnb6xuSgE5QnYVtNAqXQQjhlZmWd+PwnF+A+g4T9eCJE0XQ9XjaNn1AQLL8wDIuzKf5eL6iEYHffLuQYJXOzv7Kg0bCS02K8BUc0D4/cMW51vqccoauVVeHT7Hf7X09XlkF6m+GV5RQ+I22U9nj6POuTFKRw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439378; bh=V/ADtwObiPT035hBwB4n02igK7ErvLlMXO92/D5Wt8Z=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=kDB31NVsOWacd5kJumDs9pfT4GG+uPgCxeteU8YZLxLbpohVgT2O5vHy0NO3W7aA0zSPgUbJLDkyCpNlGZPO/q4BAvaCL8WcaK1dvL95aIl5gL+IXcxxz4htcNh8yX2Ap3CZDpY3Z4nnDKTw5F51EJUNAptxuspiJ9UHUgnw9tqWGmYb+cuOAKcTB5Hpsrppe63/9l9Hh4859itgwsBsCJEgrurwICW2W45O6X+2fRjQ3fIJJdrfwf0j5GZIWt1+JXSGe9D2+zUlBykZnv1WMJmmW1dF7M9urmKfpIQvHwNi1bw9CINQiIeHCxgMLTOwMbTH1GA2HGbwicRONGMuJA==
X-YMail-OSG: yxJ0gS4VM1mvuKEFInuzdpAPEHoEFSCzPrBQDCOuxRhSVefQ9ewJ5LrKxndhrSM
 oBKRpVUT2u8VpLCnsA4.hCyQMgXkqPQV5fiU.b_dmo4peXOevUU4j6zbJTdpwCT4giViHf49xtaJ
 D6x7Rr7ePN5s3cW.13az9qExpQ7m8iwmtwD2.wNteznkx586M..1GYcljFnyNf0e9OXsiJ.s3Rum
 xrZACBEft800Q0yCPk.WFN0SoEqo06dYfHChE1CIGGFvdPS8aDmLhfHrp7of2o65cJP.dDCfiOFH
 IdggmbJv0kpCNx6NIb7WYOIGgQ0vMkZ_4wWBi_euiM5alMg1hpC.fQ4YfjgWcQcRhMHpse5OQ1iH
 vsPPaFQsrixonA9U5fOKOfAuGLZBToLAb0T8UHzjyfzUpJEGnwdIl0axH9WZhObocA3InBAiw_GP
 .ZygM3Zu2AqwwivqnCLTYEONOgiq1jqY0iTjvnjojehtnOMr9Uufv9Rl0SO371xGPw_epsaB2wb2
 NnL.R6.yfV0CYo76IXny046riaPLW9pbgi1IkyO0l0q01uBZurRBd.46VZ8ISYB5tSOuIuc1Z8Cx
 6VSHtaRjepIE4BYHTS97O_DG5yTROKJhg_lnYxL37DcGvtw_.HBivAxzgVAh3f5CIhc_ts_XhVoG
 ndJMrOarleASemNaUjTs991aOYAyb72HuOvWILgIWnKzXz7Rbkcj38a7xmxaaxt0x45bp63Hbmsb
 60gz_cPyDH0THVEL3mZs0_anIlmsMRNKUk75Aw6JBpxnO3_2wexH60c_EejnITb2yWRwaT43WGkV
 cWLep3OGk5R4JyqK64LI4at_qDj3kWr1w9rmnLLNxfqXDxSTa4YpDBYej8Umr82CBnatovbR1GjR
 oFybsMT9SN5eqc12xGbbXIkbuy3qIOpSHNTG.m.H_s8ZIWBuOeFcRF4ONqexzafKzP8KKuI_5l2p
 fsDeqTTC_FsGMvudP9Yo9VM4t1Zv1ABp8YCBnra5UbeKQyJ3uiMExgiDTLJDT9ben53rh27jgVhL
 4aIF0t_vhltqEDQl4TO6U7WKZHjo80vQdOKCK1pgjS7gbQLSH0w8eoCACMjIQYAe9E448Ynrcfnu
 ALvznzjnbda4b2SkV.Rsw5X4NTIEAOPZNpLdUo_oajMqQ3AHVCKBQKvB9OImXWKZ8cY1g.nFm9Tx
 oTH19CM9YhOm2cPHHCOgj8mvpEOsKNwTkcKdSh2DmOjKDo1bkQdd9QsynNAq6SjLdudD09Cl47gW
 2c73FejA_PT7kBKmEc_pxjsE49alizY0cJ0QUci9gmlVtvsr9cziedUu4U71XnFWMdTwyvbb0CMP
 UVQAMWc_TnTTCsYk_BQjpbYR90I5w1Afb0eYXSqNJbT0RQ9Qiqs0gIZmFoibtWEJr0MOLRfY_Yy3
 gA9VkW98HkeupgCpaJJTmxLAuoXtI6wf9cVWafpxzDbKRNCYW64MFp7BUW0PGxn3psqxFppLZ7wW
 7NOPNjJ7IJE1QXLY1R9JmGlGY0s5dGsd.zxyud0BOdOZEMpA0uLhNaJQC1yyN_fodt0U_baqTjDP
 bknPzP6UgaP.Lu8wzvXgXi_Fz7s98vkl_otQq.dEiHGRG3ISqgUlE.4kTRtZXnaIAel7n.XFWKmC
 XGaYoQfWZ1i0KEdLqPtO3QYChwvO2n_K0ObRC0fz2oVXjLsnzmKzlvO6bHepDGjtj_Zjbydllk.s
 jGpx9fz_4l2o9leW.7FFo7z9NzyiXfxdpM54SPfehZvIgkHp5ajALDE9BYZg_18D0gidt1x0A8XZ
 uTo8uyjMtifsMtx9JOnbEcJCtJhCp3SSfUmPoiHvXtbM8eUscoyp2AuzNP3epL5xGTd7n97ZBa_k
 266rlx09mw0cR75zOQ2xedLJkM0t9RPKdqIGWyCVWGRv0y0qY2gRyT6oDQuVsZXvFzR0mf6TkYIg
 odpjd4Mm.5Qz7hh301YwiXLvAqfPX8F27XqCIlhsS7QC_5A_L.Zkt4TTuFcHANtW3L_It0acJEKd
 Vyanji.mORQCXlDgLyRrIto_HcbSxBT6TEVqFcWmeV1n5eaxKDCL7qHdUwh580jX5Cpfzld.d7fV
 j7EaG2JiuPTksEiVq5Hj5OOlZHKRxu_O8inY3OwVu4FNEroYDALWZLaH5xrugPxofCGg.NPt23b7
 dkwb_R02NjP3XdZZNAx2KC0Zdd2mjEu2NS_pdVsfYsHHi.GoYzBgIuVWdoepqoA0EEpQ5qrJLWTN
 SEeXqfDrUjqdLmenbGXFinvtSdIxKVZMng5iHHR4.oxrzJ7KT4Uqc1cDur1Onw_RCHfqFUSHt_Ae
 Vf8z14KGi4OL24U_4wUId6luhGjE0zcW37qdvV7sedew-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:49:38 +0000
Received: by kubenode527.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 3c37c5f8f0988af181e864687125ff70;
          Mon, 13 Dec 2021 23:49:33 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: [PATCH v31 08/28] LSM: Use lsmblob in security_secctx_to_secid
Date: Mon, 13 Dec 2021 15:40:14 -0800
Message-Id: <20211213234034.111891-9-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_secctx_to_secid interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its callers to do the same.

The security module hook is unchanged, still passing back a secid.
The infrastructure passes the correct entry from the lsmblob.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
To: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/security.h          | 26 ++++++++++++++++++--
 kernel/cred.c                     |  4 +---
 net/netfilter/nft_meta.c          | 10 ++++----
 net/netfilter/xt_SECMARK.c        |  7 +++++-
 net/netlabel/netlabel_unlabeled.c | 23 +++++++++++-------
 security/security.c               | 40 ++++++++++++++++++++++++++-----
 6 files changed, 85 insertions(+), 25 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index aaa63bf5026e..8a547fc4affa 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -198,6 +198,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
 extern int lsm_name_to_slot(char *name);
 extern const char *lsm_slot_to_name(int slot);
 
+/**
+ * lsmblob_value - find the first non-zero value in an lsmblob structure.
+ * @blob: Pointer to the data
+ *
+ * This needs to be used with extreme caution, as the cases where
+ * it is appropriate are rare.
+ *
+ * Return the first secid value set in the lsmblob.
+ * There should only be one.
+ */
+static inline u32 lsmblob_value(const struct lsmblob *blob)
+{
+	int i;
+
+	for (i = 0; i < LSMBLOB_ENTRIES; i++)
+		if (blob->secid[i])
+			return blob->secid[i];
+
+	return 0;
+}
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);
@@ -530,7 +551,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
-int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
+int security_secctx_to_secid(const char *secdata, u32 seclen,
+			     struct lsmblob *blob);
 void security_release_secctx(char *secdata, u32 seclen);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
@@ -1391,7 +1413,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle
 
 static inline int security_secctx_to_secid(const char *secdata,
 					   u32 seclen,
-					   u32 *secid)
+					   struct lsmblob *blob)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/kernel/cred.c b/kernel/cred.c
index e5e41bd4efc3..a112ea708b6e 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -796,14 +796,12 @@ EXPORT_SYMBOL(set_security_override);
 int set_security_override_from_ctx(struct cred *new, const char *secctx)
 {
 	struct lsmblob blob;
-	u32 secid;
 	int ret;
 
-	ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
+	ret = security_secctx_to_secid(secctx, strlen(secctx), &blob);
 	if (ret < 0)
 		return ret;
 
-	lsmblob_init(&blob, secid);
 	return set_security_override(new, &blob);
 }
 EXPORT_SYMBOL(set_security_override_from_ctx);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index fe91ff5f8fbe..c171c9aadb01 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -813,21 +813,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = {
 
 static int nft_secmark_compute_secid(struct nft_secmark *priv)
 {
-	u32 tmp_secid = 0;
+	struct lsmblob blob;
 	int err;
 
-	err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid);
+	err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob);
 	if (err)
 		return err;
 
-	if (!tmp_secid)
+	if (!lsmblob_is_set(&blob))
 		return -ENOENT;
 
-	err = security_secmark_relabel_packet(tmp_secid);
+	err = security_secmark_relabel_packet(lsmblob_value(&blob));
 	if (err)
 		return err;
 
-	priv->secid = tmp_secid;
+	priv->secid = lsmblob_value(&blob);
 	return 0;
 }
 
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 498a0bf6f044..87ca3a537d1c 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -42,13 +42,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info)
 
 static int checkentry_lsm(struct xt_secmark_target_info_v1 *info)
 {
+	struct lsmblob blob;
 	int err;
 
 	info->secctx[SECMARK_SECCTX_MAX - 1] = '\0';
 	info->secid = 0;
 
 	err = security_secctx_to_secid(info->secctx, strlen(info->secctx),
-				       &info->secid);
+				       &blob);
 	if (err) {
 		if (err == -EINVAL)
 			pr_info_ratelimited("invalid security context \'%s\'\n",
@@ -56,6 +57,10 @@ static int checkentry_lsm(struct xt_secmark_target_info_v1 *info)
 		return err;
 	}
 
+	/* xt_secmark_target_info can't be changed to use lsmblobs because
+	 * it is exposed as an API. Use lsmblob_value() to get the one
+	 * value that got set by security_secctx_to_secid(). */
+	info->secid = lsmblob_value(&blob);
 	if (!info->secid) {
 		pr_info_ratelimited("unable to map security context \'%s\'\n",
 				    info->secctx);
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 566ba4397ee4..762561318d78 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -880,7 +880,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
 	void *addr;
 	void *mask;
 	u32 addr_len;
-	u32 secid;
+	struct lsmblob blob;
 	struct netlbl_audit audit_info;
 
 	/* Don't allow users to add both IPv4 and IPv6 addresses for a
@@ -904,13 +904,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
 	ret_val = security_secctx_to_secid(
 		                  nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]),
 				  nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]),
-				  &secid);
+				  &blob);
 	if (ret_val != 0)
 		return ret_val;
 
+	/* netlbl_unlhsh_add will be changed to pass a struct lsmblob *
+	 * instead of a u32 later in this patch set. security_secctx_to_secid()
+	 * will only be setting one entry in the lsmblob struct, so it is
+	 * safe to use lsmblob_value() to get that one value. */
+
 	return netlbl_unlhsh_add(&init_net,
-				 dev_name, addr, mask, addr_len, secid,
-				 &audit_info);
+				 dev_name, addr, mask, addr_len,
+				 lsmblob_value(&blob), &audit_info);
 }
 
 /**
@@ -931,7 +936,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
 	void *addr;
 	void *mask;
 	u32 addr_len;
-	u32 secid;
+	struct lsmblob blob;
 	struct netlbl_audit audit_info;
 
 	/* Don't allow users to add both IPv4 and IPv6 addresses for a
@@ -953,13 +958,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
 	ret_val = security_secctx_to_secid(
 		                  nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]),
 				  nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]),
-				  &secid);
+				  &blob);
 	if (ret_val != 0)
 		return ret_val;
 
+	/* security_secctx_to_secid() will only put one secid into the lsmblob
+	 * so it's safe to use lsmblob_value() to get the secid. */
 	return netlbl_unlhsh_add(&init_net,
-				 NULL, addr, mask, addr_len, secid,
-				 &audit_info);
+				 NULL, addr, mask, addr_len,
+				 lsmblob_value(&blob), &audit_info);
 }
 
 /**
diff --git a/security/security.c b/security/security.c
index 171e2fe66e5e..7ae68b6ffc7f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2195,10 +2195,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 
-int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+int security_secctx_to_secid(const char *secdata, u32 seclen,
+			     struct lsmblob *blob)
 {
-	*secid = 0;
-	return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
+	struct security_hook_list *hp;
+	int rc;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.secctx_to_secid(secdata, seclen,
+					      &blob->secid[hp->lsmid->slot]);
+		if (rc != 0)
+			return rc;
+	}
+	return 0;
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
@@ -2349,10 +2361,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				optval, optlen, len);
 }
 
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+				     u32 *secid)
 {
-	return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
-			     skb, secid);
+	struct security_hook_list *hp;
+	int rc = -ENOPROTOOPT;
+
+	/*
+	 * Only one security module should provide a real hook for
+	 * this. A stub or bypass like is used in BPF should either
+	 * (somehow) leave rc unaltered or return -ENOPROTOOPT.
+	 */
+	hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram,
+			     list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid);
+		if (rc != -ENOPROTOOPT)
+			break;
+	}
+	return rc;
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 

From patchwork Mon Dec 13 23:40:15 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674961
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F1C25C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:50:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239189AbhLMXup (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:50:45 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:35389
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S238519AbhLMXuo (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:50:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439444; bh=4DGh/JM0QhmeTFRLj4qUlvPwzAsptonLJlq2DPQNd6g=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=TCZmH7xIgpQBbo+jxRo28BK+loPYFWOrQC+5dQNOUmuMks31yultzW2RY/YRc0qacwfjHt3KSr0BemMpOctoFZCd2/wg43XdKWKsjQIt+XT90EcTIo3xMnWutCE1bz1MNO+UlH3RSj2QkLNsJQYWnmpv5UO31nimmfI7uaedOE4v0sKz+XUuxe1qGtIGajOtmHVArUWneWySalY3jG75sJu9Y1Exwl/h2XE8F34M+ZRcdogTPD8LMRpcK01w6w3uW/ct1NVNI+XVZyfn4xS+1qX1pCgRibsHm0O57pnuqu8yYQEw93ixLcyJ3IxOlwlKubSqQB0gRq0BjSx3dcBmGw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439444; bh=lAw7NxdpvQt21T1uv17BItigZvUklMnHpeY8CDny0z5=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=BPzuj8B7xLj42GC5TwOUYHShWKsfXIh7vdm3i0zVj6KYtGp6F0Iv7X2Ok9APdb68k9nhw30bFw7Ubfp3zYIaCUbz/+KLSvpw5JDVKNxmldpAvX0eKGHBsGXC19JGZC/BPjl7za5qhOhLv1zKYZnP1cEBohLWS9uidzpYPFN51tfVnEL0ygPAoqekt+KbyBlV8gkUHvNJVZMFznDupa38WDkPkxnSCio5m28kGXFB6lrXGsNxL9xQLAhbyU2KGSY2og4CxGZ03i4b72h7NpRA/lEFMk9TdLuuIyxkVz3K1x3jCsj87jebd0TBxj9IdYUmIv6WJJhPtePZi15eOixcvA==
X-YMail-OSG: R7I091AVM1nKhsbJkLLpNRrEidQ3CCFDZ1QO3dRgE42V70_beT34NuGz6D.XBHM
 KHngGSK4I30212WLBgCfsh6Q5CQbv9xRrfW9Ca9vNfmDKXe7l.OkIE_Zd5Yio5urYvYZvHTWrKKQ
 gb2w7TM_v4hqBNwScPqOKyJcBsi7VZvZQU5LD6F3rUck9EBvXbxSREJHT1d.wk.MhDWMa1V_48vZ
 52_kxoEhjEQw_U5iZz11BKF3URmxXQ7MXVz6H9OeaGMEweB_mF3stYgZW3ThF0pzSNVeQsd2y6jZ
 NqS02rVPzjj0dYHvkfzG67eUKK7NzCKL_zbolRQMzCpzUtVNBp8bu.RRDNA64GIJkMPoiYys9oBX
 2qcysRQQC6B6jQdXXV6Bd2GEOERq.7LWVXXh5HW082U9GMFKvXtk9ADmmZzcnaTtU8A41BhstszS
 z8gaLbZ.1ec5ShB1DC2Fao6kIgSHZYGBPS3cf_Ax2Pwa.OSFGtV9ivGtO7hNspse4sT9sPRuu91u
 .aKHmVUhqVeLDHidBy1l0B1afczseQeTQahOcBu_qDX.hGi82xq16Oe9KpJh3nExIB_pMpatj8z1
 3Gw9JPTIr5kK5Z3ovtFzs9L6l_NZtCKAYfcLs8S51Uzq8QjtrvBVyb79E94OdMEOUTh.lCRZhgBg
 z9jENebH5ARp95F_GMAws5UQfu8AcFjFI3nvlZrdibnW6oReg5_drFfHTBisl9UGVViBQFO0llDe
 uAL12jw0xl8HCWd9UDKt_BOd9YThgNuowwbksWDnIj9KHXXRjxrtVGTN9owvN9G0xhxOwDSc90Om
 LUxYCZ5Q3Bi53GJhwmGhDd8k2pn.t6lH0PdvBw8EJlctl8JH2NoTkrmK_.uTYMQUy4C9vq6fA_iq
 POR.ywLsDZ4vV17ZgT7re8MzsJRRedRagHokZhFcOpjg3uWR2dIg2mVi3is.gCwkZZhb40sodGE6
 K4Tm93CUB0LsqXpMGYb3yiYxP_vnIX4UZnEUpDgbO8fgLKiDkr6OKnazYZ6p4G5dUD_bUBX4z5kJ
 TSDoovqZE3xJGyqQRvsFZnzhhdlmorF7T4C3AEG9.ZTxJsK01hZPBdK5t0ae6CZ2IL4F.kauflaq
 9PTHk9aHdoaQj0ZteYD2OYXtVprpwn96nOTiGqbG92ABr5ctKZfEu8j6e9XI4P8BcDuSTw7f.SK5
 G4n7Mx0eP2TC8wFNaa09ujMY_D9odjwavUKLnrX48ajhch9c5SZkExsl278LWdh53toXKcLp0N8d
 dcvMFU4ON_o1KHlixO39_Ce97eUcEeqwfVGGQYeRriMHLx9rna65LqmC.E2iXiAl6fpB0d76kTa_
 gutmaQsNQsWd2WDZ1HmypTvF6m7VW81.DrgPm45AlMH07AFV7IwCYuQ1pspuR_GGOe2jlIo.QHyy
 6iMFpb1cfHMhWgR4i.kbHQesQbNOYuDJqD261SW2HCxaZX00l36NQ3oxfG5uaZ407dSss0fD482o
 eYsHtf_kcMYdG5q6TJXbPYiqVE4PC7YtVTsHKi5Ncl5c7_LjIJiB0d74y5MarzZOFmnIm6FSeiJn
 byy4Eb8QSUVXPszL_7zyLW9nCqkZM0QKdCiDD6FHKGeGWgXUW_KrtfWdfizHCuLEatnE96DZO8PO
 nHE5mVip3avsg4CU8Yd_hy4PuS0AW6gpNeInf1T9vB_WlAoCqCwF8lkPHZ9JVK8Gj08ZRiNosrK2
 ZcOyeEXhjji78aWSN.rlnwRv4LF47gFjIaWPgkzICXWuw3Y4T_omIfNr4DbQzml3B0umasdL0fWn
 fSgdquIyBm9vEboAfF1lBIvjvIrl1YnJe36XSniwr5VOX25FnNwhcqHSEt435AcjhwGBtFgIrovI
 SwMAYk4N9Sx5Xn2dj3hW.yCkXZRy3uORsDRlYswV3txqROvxU2SEjmv7snF5LaiEjBn7_t9e.q7S
 NyH7YlSFGmz6HRLDuFyC9tGXyC2yhMd_nmIAOHA2oTA21PsxdS.BBprZZxqPkKE5dwhkIE9OxG98
 CPAaUbYD_VGLItLzU0AE_moY7Hxw_Qzl_KYMqiWBBVqofmLcxTZ2B_pa7lb6_4iek4HVeiYHYa.e
 SWp57qQh9OA2xr.HYpU1omJrU_6zA_UtqceUzgsnzhWnmng3tSxvDGQ4nEmgcjq15j0g6ATvQ.2l
 4kdOr11q8oZIXE0s5AzkcjMDsK8cQqE8NQu2EH8wbcMbjIiB5FE59fMoMJ3XyOJEKBC0qtMB1TLU
 BBloHtBuI8AA65NQyg5_ocQuwfvupXr9OWXuaHHUxHLrBsXo6crXM691hzB9iCYIeTKA-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:50:44 +0000
Received: by kubenode527.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 57efa93688f26ab0173e0a80180e1c16;
          Mon, 13 Dec 2021 23:50:39 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: [PATCH v31 09/28] LSM: Use lsmblob in security_secid_to_secctx
Date: Mon, 13 Dec 2021 15:40:15 -0800
Message-Id: <20211213234034.111891-10-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change security_secid_to_secctx() to take a lsmblob as input
instead of a u32 secid. It will then call the LSM hooks
using the lsmblob element allocated for that module. The
callers have been updated as well. This allows for the
possibility that more than one module may be called upon
to translate a secid to a string, as can occur in the
audit code.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
To: Pablo Neira Ayuso <pablo@netfilter.org>
---
 drivers/android/binder.c                | 12 +++++++++-
 include/linux/security.h                |  5 +++--
 include/net/scm.h                       |  7 +++++-
 kernel/audit.c                          | 20 +++++++++++++++--
 kernel/auditsc.c                        | 27 ++++++++++++++++++----
 net/ipv4/ip_sockglue.c                  |  4 +++-
 net/netfilter/nf_conntrack_netlink.c    | 14 ++++++++++--
 net/netfilter/nf_conntrack_standalone.c |  4 +++-
 net/netfilter/nfnetlink_queue.c         | 11 +++++++--
 net/netlabel/netlabel_unlabeled.c       | 30 +++++++++++++++++++++----
 net/netlabel/netlabel_user.c            |  6 ++---
 security/security.c                     | 11 +++++----
 12 files changed, 122 insertions(+), 29 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index cffbe57a8e08..7805d08cd1e7 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2719,10 +2719,20 @@ static void binder_transaction(struct binder_proc *proc,
 
 	if (target_node && target_node->txn_security_ctx) {
 		u32 secid;
+		struct lsmblob blob;
 		size_t added_size;
 
 		security_cred_getsecid(proc->cred, &secid);
-		ret = security_secid_to_secctx(secid, &secctx, &secctx_sz);
+		/*
+		 * Later in this patch set security_task_getsecid() will
+		 * provide a lsmblob instead of a secid. lsmblob_init
+		 * is used to ensure that all the secids in the lsmblob
+		 * get the value returned from security_task_getsecid(),
+		 * which means that the one expected by
+		 * security_secid_to_secctx() will be set.
+		 */
+		lsmblob_init(&blob, secid);
+		ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
 		if (ret) {
 			return_error = BR_FAILED_REPLY;
 			return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8a547fc4affa..669eff47737a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -550,7 +550,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 			 size_t size);
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob);
 void security_release_secctx(char *secdata, u32 seclen);
@@ -1406,7 +1406,8 @@ static inline int security_ismaclabel(const char *name)
 	return 0;
 }
 
-static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+static inline int security_secid_to_secctx(struct lsmblob *blob,
+					   char **secdata, u32 *seclen)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..23a35ff1b3f2 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
 #ifdef CONFIG_SECURITY_NETWORK
 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 {
+	struct lsmblob lb;
 	char *secdata;
 	u32 seclen;
 	int err;
 
 	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
-		err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
+		/* There can only be one security module using the secid,
+		 * and the infrastructure will know which it is.
+		 */
+		lsmblob_init(&lb, scm->secid);
+		err = security_secid_to_secctx(&lb, &secdata, &seclen);
 
 		if (!err) {
 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
diff --git a/kernel/audit.c b/kernel/audit.c
index 121d37e700a6..22286163e93e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	case AUDIT_SIGNAL_INFO:
 		len = 0;
 		if (audit_sig_sid) {
-			err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
+			struct lsmblob blob;
+
+			/*
+			 * lsmblob_init sets all values in the lsmblob
+			 * to audit_sig_sid. This is temporary until
+			 * audit_sig_sid is converted to a lsmblob, which
+			 * happens later in this patch set.
+			 */
+			lsmblob_init(&blob, audit_sig_sid);
+			err = security_secid_to_secctx(&blob, &ctx, &len);
 			if (err)
 				return err;
 		}
@@ -2131,12 +2140,19 @@ int audit_log_task_context(struct audit_buffer *ab)
 	unsigned len;
 	int error;
 	u32 sid;
+	struct lsmblob blob;
 
 	security_task_getsecid_subj(current, &sid);
 	if (!sid)
 		return 0;
 
-	error = security_secid_to_secctx(sid, &ctx, &len);
+	/*
+	 * lsmblob_init sets all values in the lsmblob to sid.
+	 * This is temporary until security_task_getsecid is converted
+	 * to use a lsmblob, which happens later in this patch set.
+	 */
+	lsmblob_init(&blob, sid);
+	error = security_secid_to_secctx(&blob, &ctx, &len);
 	if (error) {
 		if (error != -EINVAL)
 			goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e0c71fe27c2f..b28e2cbcc92c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -670,6 +670,13 @@ static int audit_filter_rules(struct task_struct *tsk,
 					security_task_getsecid_subj(tsk, &sid);
 					need_sid = 0;
 				}
+				/*
+				 * lsmblob_init sets all values in the lsmblob
+				 * to sid. This is temporary until
+				 * security_task_getsecid() is converted to
+				 * provide a lsmblob, which happens later in
+				 * this patch set.
+				 */
 				lsmblob_init(&blob, sid);
 				result = security_audit_rule_match(&blob,
 							f->type, f->op,
@@ -686,6 +693,13 @@ static int audit_filter_rules(struct task_struct *tsk,
 			if (f->lsm_str) {
 				/* Find files that match */
 				if (name) {
+					/*
+					 * lsmblob_init sets all values in the
+					 * lsmblob to sid. This is temporary
+					 * until name->osid is converted to a
+					 * lsmblob, which happens later in
+					 * this patch set.
+					 */
 					lsmblob_init(&blob, name->osid);
 					result = security_audit_rule_match(
 								&blob,
@@ -1109,6 +1123,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 	char *ctx = NULL;
 	u32 len;
 	int rc = 0;
+	struct lsmblob blob;
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
 	if (!ab)
@@ -1118,7 +1133,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
 	if (sid) {
-		if (security_secid_to_secctx(sid, &ctx, &len)) {
+		lsmblob_init(&blob, sid);
+		if (security_secid_to_secctx(&blob, &ctx, &len)) {
 			audit_log_format(ab, " obj=(none)");
 			rc = 1;
 		} else {
@@ -1362,8 +1378,10 @@ static void show_special(struct audit_context *context, int *call_panic)
 		if (osid) {
 			char *ctx = NULL;
 			u32 len;
+			struct lsmblob blob;
 
-			if (security_secid_to_secctx(osid, &ctx, &len)) {
+			lsmblob_init(&blob, osid);
+			if (security_secid_to_secctx(&blob, &ctx, &len)) {
 				audit_log_format(ab, " osid=%u", osid);
 				*call_panic = 1;
 			} else {
@@ -1524,9 +1542,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 	if (n->osid != 0) {
 		char *ctx = NULL;
 		u32 len;
+		struct lsmblob blob;
 
-		if (security_secid_to_secctx(
-			n->osid, &ctx, &len)) {
+		lsmblob_init(&blob, n->osid);
+		if (security_secid_to_secctx(&blob, &ctx, &len)) {
 			audit_log_format(ab, " osid=%u", n->osid);
 			if (call_panic)
 				*call_panic = 2;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 38d29b175ca6..be7073df19a5 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
 
 static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 {
+	struct lsmblob lb;
 	char *secdata;
 	u32 seclen, secid;
 	int err;
@@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 	if (err)
 		return;
 
-	err = security_secid_to_secctx(secid, &secdata, &seclen);
+	lsmblob_init(&lb, secid);
+	err = security_secid_to_secctx(&lb, &secdata, &seclen);
 	if (err)
 		return;
 
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c7708bde057c..67b0f3cfc5c7 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -341,8 +341,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	struct nlattr *nest_secctx;
 	int len, ret;
 	char *secctx;
+	struct lsmblob blob;
 
-	ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
+	/* lsmblob_init() puts ct->secmark into all of the secids in blob.
+	 * security_secid_to_secctx() will know which security module
+	 * to use to create the secctx.  */
+	lsmblob_init(&blob, ct->secmark);
+	ret = security_secid_to_secctx(&blob, &secctx, &len);
 	if (ret)
 		return 0;
 
@@ -650,8 +655,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
 {
 #ifdef CONFIG_NF_CONNTRACK_SECMARK
 	int len, ret;
+	struct lsmblob blob;
 
-	ret = security_secid_to_secctx(ct->secmark, NULL, &len);
+	/* lsmblob_init() puts ct->secmark into all of the secids in blob.
+	 * security_secid_to_secctx() will know which security module
+	 * to use to create the secctx.  */
+	lsmblob_init(&blob, ct->secmark);
+	ret = security_secid_to_secctx(&blob, NULL, &len);
 	if (ret)
 		return 0;
 
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 80f675d884b2..79c280d1efce 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -178,8 +178,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 	int ret;
 	u32 len;
 	char *secctx;
+	struct lsmblob blob;
 
-	ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
+	lsmblob_init(&blob, ct->secmark);
+	ret = security_secid_to_secctx(&blob, &secctx, &len);
 	if (ret)
 		return;
 
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 4acc4b8e9fe5..62c0c5b847c6 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
 {
 	u32 seclen = 0;
 #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
+	struct lsmblob blob;
+
 	if (!skb || !sk_fullsock(skb->sk))
 		return 0;
 
 	read_lock_bh(&skb->sk->sk_callback_lock);
 
-	if (skb->secmark)
-		security_secid_to_secctx(skb->secmark, secdata, &seclen);
+	if (skb->secmark) {
+		/* lsmblob_init() puts ct->secmark into all of the secids in
+		 * blob. security_secid_to_secctx() will know which security
+		 * module to use to create the secctx.  */
+		lsmblob_init(&blob, skb->secmark);
+		security_secid_to_secctx(&blob, secdata, &seclen);
+	}
 
 	read_unlock_bh(&skb->sk->sk_callback_lock);
 #endif
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 762561318d78..51cb4fce5edf 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net,
 	struct audit_buffer *audit_buf = NULL;
 	char *secctx = NULL;
 	u32 secctx_len;
+	struct lsmblob blob;
 
 	if (addr_len != sizeof(struct in_addr) &&
 	    addr_len != sizeof(struct in6_addr))
@@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net,
 unlhsh_add_return:
 	rcu_read_unlock();
 	if (audit_buf != NULL) {
-		if (security_secid_to_secctx(secid,
+		/* lsmblob_init() puts secid into all of the secids in blob.
+		 * security_secid_to_secctx() will know which security module
+		 * to use to create the secctx.  */
+		lsmblob_init(&blob, secid);
+		if (security_secid_to_secctx(&blob,
 					     &secctx,
 					     &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
@@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 	struct net_device *dev;
 	char *secctx;
 	u32 secctx_len;
+	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
@@ -493,8 +499,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 					  (dev != NULL ? dev->name : NULL),
 					  addr->s_addr, mask->s_addr);
 		dev_put(dev);
+		/* lsmblob_init() puts entry->secid into all of the secids
+		 * in blob. security_secid_to_secctx() will know which
+		 * security module to use to create the secctx.  */
+		if (entry != NULL)
+			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(entry->secid,
+		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
 			security_release_secctx(secctx, secctx_len);
@@ -536,6 +547,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 	struct net_device *dev;
 	char *secctx;
 	u32 secctx_len;
+	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
@@ -553,8 +565,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 					  (dev != NULL ? dev->name : NULL),
 					  addr, mask);
 		dev_put(dev);
+		/* lsmblob_init() puts entry->secid into all of the secids
+		 * in blob. security_secid_to_secctx() will know which
+		 * security module to use to create the secctx.  */
+		if (entry != NULL)
+			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(entry->secid,
+		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
 			security_release_secctx(secctx, secctx_len);
@@ -1080,6 +1097,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	u32 secid;
 	char *secctx;
 	u32 secctx_len;
+	struct lsmblob blob;
 
 	data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
 			   cb_arg->seq, &netlbl_unlabel_gnl_family,
@@ -1134,7 +1152,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 		secid = addr6->secid;
 	}
 
-	ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len);
+	/* lsmblob_init() secid into all of the secids in blob.
+	 * security_secid_to_secctx() will know which security module
+	 * to use to create the secctx.  */
+	lsmblob_init(&blob, secid);
+	ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len);
 	if (ret_val != 0)
 		goto list_cb_failure;
 	ret_val = nla_put(cb_arg->skb,
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 3ed4fea2a2de..893301ae0131 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 	struct audit_buffer *audit_buf;
 	char *secctx;
 	u32 secctx_len;
+	struct lsmblob blob;
 
 	if (audit_enabled == AUDIT_OFF)
 		return NULL;
@@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 			 from_kuid(&init_user_ns, audit_info->loginuid),
 			 audit_info->sessionid);
 
+	lsmblob_init(&blob, audit_info->secid);
 	if (audit_info->secid != 0 &&
-	    security_secid_to_secctx(audit_info->secid,
-				     &secctx,
-				     &secctx_len) == 0) {
+	    security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
 		security_release_secctx(secctx, secctx_len);
 	}
diff --git a/security/security.c b/security/security.c
index 7ae68b6ffc7f..a0612afefc24 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2176,17 +2176,16 @@ int security_ismaclabel(const char *name)
 }
 EXPORT_SYMBOL(security_ismaclabel);
 
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
 {
 	struct security_hook_list *hp;
 	int rc;
 
-	/*
-	 * Currently, only one LSM can implement secid_to_secctx (i.e this
-	 * LSM hook is not "stackable").
-	 */
 	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
-		rc = hp->hook.secid_to_secctx(secid, secdata, seclen);
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot],
+					      secdata, seclen);
 		if (rc != LSM_RET_DEFAULT(secid_to_secctx))
 			return rc;
 	}

From patchwork Mon Dec 13 23:40:16 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674963
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3D062C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:51:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244284AbhLMXvr (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:51:47 -0500
Received: from sonic301-38.consmr.mail.ne1.yahoo.com ([66.163.184.207]:36098
        "EHLO sonic301-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244133AbhLMXvq (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:51:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439505; bh=uLkiUf0AkXJu5UKLkfjJMYGyH/G9ehNWKG8YUmHWv1M=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=qfu0i4e6AhKu1FxDvHXhIFOUeHlZs/zYbk77pmmd7H7U+oswgChDVp7dlthf+RJLnGDtKHDGZERqebMXQzbvI4sdHX4V20Re8cbMojrw8LX19TWG8YAXX7WczyxM8BGgyqqD0yQRLngIBMokJuE+m7lJwE+hokxtxPtxB/Jsm1OtVGrFiS+TuPK00XO3BqpMHTcXjlbemshrvq62BaTHVQQ4at/UkahdFATGwt9sC5A7nmDJ3iM/Mpyb1K7Wqe98rvqSauPQDC4KJPRSjaWjaed1hl73EHg/7aFL5mx4Qs4IyoKW9LUd2mX6zyFGraSvck23qhQUy+hBeEGD2TIhiQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439505; bh=OXMgVYznAYfbR4Ka3VkZjn76srMeCj9P5Q+G3bzQPxk=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=O2/XJ8RUHWG5Gq6z3pHlbKHoyYXm0ljuKHAaFQImpTC8fEHBY/M7tHdIuZPxOnrLAaIBbZ3OCY0sh0M8wQnj+NUTiqxbkDvR+YAknIbaH3pbHX6Y8SdXX6PeMwUQ0f7+aYGpSYDMff4/4b8IwfCJSeD5uZCgya34SX7D6QcNxcTeTff3uSc9nTdSDqodjSLDmndvx6EW+SBoxOuo5mGRZBjngGewjm/CqIHcRIyXquandysuQUwAt6MpAEvO/VQLwRjzNS96k4kNyvI8TmMdFnYJ9du/LafPIj5jKmkLlEWHP1vBzsUDjOuSpCsINQT/SFG+R5bdkc0o0B9HE9cQxg==
X-YMail-OSG: 32FeDhYVM1nfOBmFHGsyzf4ltxK_u1Qkf0DO4FsDsCt50NGpOSHr9Mm7edRDW4C
 PjUMnr4Ong90ccTITuRvgncWGJ_Y2Cdadcf0MCAIEt33XJZkG6AwCi8JZ.mZkYf3zTjt6sf5YT5c
 RZcHx4tc4rujWsJcvDsJoURLEgaK5wRdLQVkYlCiVM_1U_lLAcU6MkVZqyviBcVtSyaxBEwr_XEL
 Nf64FgtUj7ot.Fe.XkX0xks2pfQ3qKuvdjLxrlYDJRwgBHOmh1tJQ8YeH1K_Eq4E5Hi8EESFEclK
 G3.jOB4PjF0KuzDRTMgG84h3N7fSz.FG_ntKJv8TFdeTCyYCnFhQ7lRIoU7VosI0XmlieUqWbG9v
 fQPAeIekwlwerHflaSVkOOuwhFt2W_UyVXVXfKlmZ0PGIYj0R0uc90pWql19XS3maWyAJ0DZljEK
 KiTsDJUUvWFZX5anp74tt4dYIu3q8dBOaWolaIvSAFG5HkiZVsa20MX9BuRDmXqGIL.6rCOC8jvF
 FLxRJEXL0xYXuyUe6apcrH4FphFOBULyiZbRhYER8oH02G5ibm.ryS1tP.sSMC0FTnUUq8uRiQF9
 lH2u8yDEmucBeRctzugFLA32W93KvvjphGU1j1UFY4AW0mv5hISdhPdqs7xVL5NDI6cETP6yhHV7
 dn6tcBboljcXb7u.mEWIuI0m6QYWSKAxMkluP.Km1YIc3iBC4F07rogT0QZK0pzqo60w0MVIt21b
 HArJ3u_Y0KHrbCegfF77M3J5jZpkL5LLchj4fN24HnjPH0OYGQvRKIz0CXk4QW7JytvLYYVA3SKq
 J1kAtkkYzZSC8Wjt138ZDAIpEeD.DfBlsEDYvdPL5O2Y0AJKseHiIKEQHonsT3zVQ8uDxf_1wURm
 N1omJAa72_IoMVsiteuNJ0j.RdYywB47G9Wdd76OsMiBLuBkJcfFDShRPUwsj2UU63yjRBn_s5RW
 OSLVqtBmGUL4Pf6w46rInfZpYrTtzfEP_wrVBNuJ2Qb0BYoEdhfgJ1hPXs51M_dIaeOSXYpImj_G
 XzZNgNBWORf15ySCGdi8KRT8t2Sk87xMgdF5YrQiCKw86iJNCcWSf3D4qGXwT4lTUZeP3ZwAjKEp
 qWFif6cJhTU3o5t5__l4ucXI0iF_MCevuEnYw8A7XKSJUON1AxyrtsmQHY5iJ_xOkdvSkEciK55d
 UVZyQhMVe2deMgfmiM7S9uROzadGbRY3VPa9pRd89..mlT8A11zGFsHHXKqO6tzUhpegSjHXoy2L
 tpWCblmURw5_BwYUV0bpslHq2_.6xn1E3ZH7WrH7a_rWOTP7MvZxHsHXjljdguHtGtSj56WcqPRI
 tQ9zMOGI_hO60I_1MSqYBIMfXnfD4RX_DUIWhPMDjaNoZ1BdVbuJHUKyDo9YjrtkLmwPr3ux7XLI
 NPqr9ANaP3QT.kVA38Id4CVS4Di0rg7IbYi.BzaDGOrch8HcWk0re.zSxEodznXquiOV1L2f3LxC
 LFUedLH3nySq.Hx_PcSt.5Pm9x.YoONwp5qyVkhnrO2laG6QWLRIVFR8xiHuWIuwPESmQCdQOxgx
 OMDIbGqSFAU8z5_FQWa2kFQgBgeFXdZ2328sSZcLXgeWOP.nIRSbm4.ztJzfPQLfUEnbg3AmuLR0
 P.Btjbimd3rkWtZIUXKeyoetnV2xplaVPRw4E4KbTWwnDg.uNzSO1T13p7WhRpiHqjUef6TbSGyM
 .1S6kXhKRLyqcqXxcjqViQID1D_zPhFhmgcISpch07NHEJO0eFVHAzk4tzR3tVRjv9h0ve7ZMrXU
 ibIvfr8UGnb_dKDMvgPUhnaNwpNbu4lyHVEb4wAe1q3modqDad_KqZsx.EEjGsaI.g_JWRC04nKG
 9d9A_uMhzdqjEvA2S9asZNFqE54FsPcRQs8FMu3aHZv17bSbt8ZAGtEoEEyKa3dt4D0n2Wv9UkRa
 aA5nhAuv492mlNyT3B6DZbshzDOVia0WjfWViSpUa3Bq51Zh1U4bQu.3HoYkv3MPAGaRizowVcOS
 lPBtUd1jcGj88zDmxYPa8GgZ9qRyqAaHZaTaaNW8Gwcp69Sij5SXa9b8HxkTxkZhJKl2jYb7GSOX
 lTPGmCrixQcYDEJMesArGY3kGEm_oIk.Md6yQCxLejBc2kaOaMfAJ9usnBwxnbZnVA22wAUZr7x9
 VRLqwKToeu0w7vbl4mnvbNvFKfIAAsZc2RLn7gIzRIlnS329UNQD6dXJelkXTtrSGKfNhpv7tteR
 REuFnyxxmnl_6kwxU35e0EZa90wzwmE7sx5nX.DEefjQ3_rybNuxaRkEHrFiCIFELef35c4NvI5h
 GhVz.XPcV9s1fHnp57GJw
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:51:45 +0000
Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID d4d0e09ffbe12f593b23adee924909bd;
          Mon, 13 Dec 2021 23:51:44 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH v31 10/28] LSM: Use lsmblob in security_ipc_getsecid
Date: Mon, 13 Dec 2021 15:40:16 -0800
Message-Id: <20211213234034.111891-11-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

There may be more than one LSM that provides IPC data
for auditing. Change security_ipc_getsecid() to fill in
a lsmblob structure instead of the u32 secid. The
audit data structure containing the secid will be updated
later, so there is a bit of scaffolding here.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-audit@redhat.com
---
 include/linux/security.h |  7 ++++---
 kernel/auditsc.c         |  7 ++++++-
 security/security.c      | 12 +++++++++---
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 669eff47737a..a0b9bf48a60d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -521,7 +521,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			unsigned long arg4, unsigned long arg5);
 void security_task_to_inode(struct task_struct *p, struct inode *inode);
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
+void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob);
 int security_msg_msg_alloc(struct msg_msg *msg);
 void security_msg_msg_free(struct msg_msg *msg);
 int security_msg_queue_alloc(struct kern_ipc_perm *msq);
@@ -1284,9 +1284,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
 	return 0;
 }
 
-static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp,
+					 struct lsmblob *blob)
 {
-	*secid = 0;
+	lsmblob_init(blob, 0);
 }
 
 static inline int security_msg_msg_alloc(struct msg_msg *msg)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b28e2cbcc92c..c469368818fd 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2601,12 +2601,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
 void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
 	struct audit_context *context = audit_context();
+	struct lsmblob blob;
 
 	context->ipc.uid = ipcp->uid;
 	context->ipc.gid = ipcp->gid;
 	context->ipc.mode = ipcp->mode;
 	context->ipc.has_perm = 0;
-	security_ipc_getsecid(ipcp, &context->ipc.osid);
+	security_ipc_getsecid(ipcp, &blob);
+	/* context->ipc.osid will be changed to a lsmblob later in
+	 * the patch series. This will allow auditing of all the object
+	 * labels associated with the ipc object. */
+	context->ipc.osid = lsmblob_value(&blob);
 	context->type = AUDIT_IPC;
 }
 
diff --git a/security/security.c b/security/security.c
index a0612afefc24..f8b5e2fa37a0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1996,10 +1996,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 	return call_int_hook(ipc_permission, 0, ipcp, flag);
 }
 
-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob)
 {
-	*secid = 0;
-	call_void_hook(ipc_getsecid, ipcp, secid);
+	struct security_hook_list *hp;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]);
+	}
 }
 
 int security_msg_msg_alloc(struct msg_msg *msg)

From patchwork Mon Dec 13 23:40:17 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674965
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B5BC3C433EF
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:52:55 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243969AbhLMXwz (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:52:55 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:35088
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S241908AbhLMXwy (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:52:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439574; bh=nVQjtMtAC70j8vT/pvUy3gBv56B7tT2mEw9lP5LTAR8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=pyGBVqBWb2suFoVZMuSdCJNpAw9mWxZR66aMdfEPMDIm/3i0P2hBDWs6PMsVndw/+qsSgg2jgRofVNGXohM/091uFBVEQ3CMIyUe1ua2v2T9/NzI+gdQV7WLTnGUZzSBTNUEijT4ZUH8IL39oe5bL3bzPTRQhfJ5eJlDFYU2/YOvocrlPECQ45/CaDaA4J2jJL7Dsu9gqE1r7Xfl5GUlDE3pkBVRs2K8TL8wwCcKqnCXX9SGY1iGVeBLeuE6cBVkm5pseDcE7o+JDzRHKK6f1iqcedHVlUkKOJ1WwQGUgsCtboww8z6p6qPThz8zWjqPrq3TDEUKmK2m6MfzQZcjig==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439574; bh=e/6xIKIq9L9DDZobZ5M4IV2S222X7qF6A0QXFnzTFcx=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=GePTuOwb+fy+OsYLj4zHQ9aUMCYquYII+TiTFpBgHUZ6Kizg99YCEyh93nZW3tnhi5WiJXeNjx7yd52g7N32dQpAMRDJzU3txIJY9QvTN200f9j1Pv/g6ITYJqnY4Md0TC7YDQBIECHD/GlVXZPeMf/2WNta2vE8YcFyzUPC5FQDTRaUTMccVxyIsdOgKS7zcGyFNvyg+vqPiSwq9+EMM9DtPsxMriUBVVjaZ7hHakGl5MQvU9h6xRUUQx5gBecoyMrDR5xSKh5xP2QFiHWLVthOD/6ft0w3rhfb+DVeHyqYO4NADsCn5y+AMIf7h11tJl/3SD2At2rfDymAgIYvWA==
X-YMail-OSG: nSEMfysVM1mLWoKWMVpifKjqKqDOtANx.pDpfcijV7Y6y2FIhyEZYY.xWZblcMU
 rG825EVCHtgh4Qqk7BnQGL53WltUH20VEHptICxw.Xr6s6FttJ363PTOqUYIGdu12F6Jw_FeMJcn
 f_euRD2xpyOdH28umf_2Y.xoM28MLRYUnrR.I9FO88Dprr0cxYbB7t13g3ix7_8xZLN._9DvlG3D
 STsasO3IZ5bSPCzG.x5INOddqN9J79NN1CBT7B7Mvbn.upq1cmMdQhwjxi6d4jxhxlI3t9fmXJ42
 HAKOpyfaERBRYspUxZdINLBu1ddxoCSzxfg_CArSgQha.Ksdp1...sSc1u3NVhCmv.CjolwEKvlY
 B_fqt60fGXTYcm4lJyGDPZ4QIV4OeXGWBhEJHd7.1mjetGYVv9CU7EgJHOywvpe0yKSwomTsFSi4
 V7V_4TiVdbZQUtafJkPUjj11ESNdQEuCqCX23a5ocd07GQlkUUeJmoPPTCBTlMYYlTmRYev7gcer
 6xTE1JHKn.mnnuiGXOxSgsdwO1GtfmihB9wRcgeYoc.7g7ZycrwpLywOOgolMGGHI.fH7Lzeyy19
 hsGu8lUCMx74AMixj_Kisu49qqRlRQ8eIoDBtYWx_P9tP_SwTTIpmhMFFZyqvfkOxOZpDixKtaMO
 FnGpr8IDQqRRgb5kxc1lA94QA31XawrjPZIoE_hJUmCpEzu2h01zhCv25oyzwAlnIUmZAamakWBj
 7cCvRgPPT8TajWp1A6G1GAwOjk2CJU3c2MVsmARg2209o.zc6CoEYWUoX9r.q6ItoHJCe5YhXMW2
 mJIRO0JGSmzPtx7yswg23T5cWvGFWIb1o0kujWRzwtEU7i9FVfc268AwHQXi4kfKTmeW4qoPUElT
 P7poGSVhdxwrPVm1ts.v46vTkLtARXKvTe9K7i7atlBBL8EEm8FCPBsVPSc1eJx0qA7jDhgAP6ly
 vRdRMFaxW17YVLmhu.iz_2qgV.K5XMOt6wsptmrdxW3Hb8UjjIxgAO6Z9xKuDe1BJvJlRrxwiUBy
 UKhPgXr8bqzMMSp_cVVu4KTR8yZj5fl3R4jhJ3jB892bwORIUkRDn8ljjFXb5C8777U85EwCCwcX
 CsYdisYfuxxaeKbeUqTBdOj2.J23W2t50pk4GJNSY9PoSscFGSDWxa6X7q5d5qLespruKnFCSYdM
 azgZQ_koAMPp1yg48OGHJd65bD0a614.zw0IMI8dgVd0Urufht67RrzfL4zW8TOMnVpjFRSz52Rz
 MeSdv.rvHhwjq2mA8v0744gxeuKwWmy5xBbuJBHLp5VziT1SSkI3Prv1wZtb44CJieJs0PNTI1W0
 wUdNfpa9E4DcxsR30S9vk2QvHuocZyr638OeYpKFtb_GxVV4AgGC5u__tMhmmf6JE.QAcV553B7b
 GMPwwIkW_ku9aLUKrvPTo6GWUpkyU39yt.oGVuWYr3pyDYqwPx5_niuOX8gr4jQtpV0UkDLSE08h
 gOVXg8xpI_ajf1RyC1yAeKuRl83VbytbxUS95qqAZj1fE6bzKzjWtrj_of5yPStGcqVpctq_kQOO
 yfqF23HF9UaV_3nbVecTtCm3tvJiamYSXy.6YdmsG28amP6AfbauobyeMwyswSkQFjse03v1NwsO
 GQZoa0MQ17mjSbI3y9Zc38tdTstO6EvgfnIZ8irVxmdDtYCiT8TLNSZVdGbvbB8hNljCL00JGbIB
 PH4pDxAmOWawbhms2yVf0oRBi1dKzY1OOTKfyj8CZPUbZbaK2zc8meUcXqgc6rU.HctzfZ_envnp
 PeSy.kuuNHn1vldxjQoxh.wr7vtcHtNCxUDrOvk8srvbhCpSm_pYkKxiKEG3Kc1lJ_Pa2jd66luU
 yguyUMdn2gM42f17YnsgXydfOSNWnbO5Se1Q6_fPR9IUQDi40YwQDTEDXmGZPHaTlwj6IFo.R2j3
 iPYPFia4cMQYwNWx55MqQ5zfgiLPzFASFXlSjCD7h.E0cgvqTNb5eud3NmOwMP_ymmpMjNTmmZWa
 qMp2eXgggceX8t_zvUlZ7rto5VWmXQovbVZEjaE3zfxiBR9mNembGhJ3zQ8Z7MYlihW3MJF21hj8
 76RdH95RKX4_FM3J0H1rztZSMAtI_E.Yr6G4mtuUx5MEIF.0WGn8FyHnSvce3oOGKGBx93WAmbOA
 RmxTPjMD.2AUx.53dD0TIsS3d5FwjwH8TebIq7VKzpU705Qjei_M4CpJTTHwCQY7BOUT2teLqZQ4
 pyCuerxUnafIEs.X5qKElojYFaPrS7DfNbX3VSGbLZk9iZ4T2q8CW3ZmvJkeG8ReftMzLhaVa7zb
 pSlpTMv4LVd71sLUJ28J_L2.Whwxj.b58y73anTvbXYRXVlQz
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:52:54 +0000
Received: by kubenode500.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID f07ace6e59053715f081c87d7cd69284;
          Mon, 13 Dec 2021 23:52:49 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        linux-integrity@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH v31 11/28] LSM: Use lsmblob in security_task_getsecid
Date: Mon, 13 Dec 2021 15:40:17 -0800
Message-Id: <20211213234034.111891-12-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_task_getsecid_subj() and
security_task_getsecid_obj() interfaces to fill in
a lsmblob structure instead of a u32 secid in support of
LSM stacking. Audit interfaces will need to collect all
possible secids for possible reporting.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netdev@vger.kernel.org
---
 drivers/android/binder.c              |  6 +--
 include/linux/security.h              | 14 ++++---
 kernel/audit.c                        | 16 +++-----
 kernel/auditfilter.c                  |  4 +-
 kernel/auditsc.c                      | 25 ++++++------
 net/netlabel/netlabel_unlabeled.c     |  5 ++-
 net/netlabel/netlabel_user.h          |  6 ++-
 security/integrity/ima/ima_appraise.c | 12 +++---
 security/integrity/ima/ima_main.c     | 55 +++++++++++++++------------
 security/security.c                   | 25 +++++++++---
 10 files changed, 96 insertions(+), 72 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 7805d08cd1e7..916a42c68b58 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2718,16 +2718,16 @@ static void binder_transaction(struct binder_proc *proc,
 	t->priority = task_nice(current);
 
 	if (target_node && target_node->txn_security_ctx) {
-		u32 secid;
 		struct lsmblob blob;
 		size_t added_size;
+		u32 secid;
 
 		security_cred_getsecid(proc->cred, &secid);
 		/*
-		 * Later in this patch set security_task_getsecid() will
+		 * Later in this patch set security_cred_getsecid() will
 		 * provide a lsmblob instead of a secid. lsmblob_init
 		 * is used to ensure that all the secids in the lsmblob
-		 * get the value returned from security_task_getsecid(),
+		 * get the value returned from security_cred_getsecid(),
 		 * which means that the one expected by
 		 * security_secid_to_secctx() will be set.
 		 */
diff --git a/include/linux/security.h b/include/linux/security.h
index a0b9bf48a60d..bf91ff071ea0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -503,8 +503,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old,
 int security_task_setpgid(struct task_struct *p, pid_t pgid);
 int security_task_getpgid(struct task_struct *p);
 int security_task_getsid(struct task_struct *p);
-void security_task_getsecid_subj(struct task_struct *p, u32 *secid);
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
+void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob);
+void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob);
 int security_task_setnice(struct task_struct *p, int nice);
 int security_task_setioprio(struct task_struct *p, int ioprio);
 int security_task_getioprio(struct task_struct *p);
@@ -1206,14 +1206,16 @@ static inline int security_task_getsid(struct task_struct *p)
 	return 0;
 }
 
-static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid)
+static inline void security_task_getsecid_subj(struct task_struct *p,
+					       struct lsmblob *blob)
 {
-	*secid = 0;
+	lsmblob_init(blob, 0);
 }
 
-static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static inline void security_task_getsecid_obj(struct task_struct *p,
+					      struct lsmblob *blob)
 {
-	*secid = 0;
+	lsmblob_init(blob, 0);
 }
 
 static inline int security_task_setnice(struct task_struct *p, int nice)
diff --git a/kernel/audit.c b/kernel/audit.c
index 22286163e93e..d92c7b894183 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab)
 	char *ctx = NULL;
 	unsigned len;
 	int error;
-	u32 sid;
 	struct lsmblob blob;
 
-	security_task_getsecid_subj(current, &sid);
-	if (!sid)
+	security_task_getsecid_subj(current, &blob);
+	if (!lsmblob_is_set(&blob))
 		return 0;
 
-	/*
-	 * lsmblob_init sets all values in the lsmblob to sid.
-	 * This is temporary until security_task_getsecid is converted
-	 * to use a lsmblob, which happens later in this patch set.
-	 */
-	lsmblob_init(&blob, sid);
 	error = security_secid_to_secctx(&blob, &ctx, &len);
 	if (error) {
 		if (error != -EINVAL)
@@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid)
 int audit_signal_info(int sig, struct task_struct *t)
 {
 	kuid_t uid = current_uid(), auid;
+	struct lsmblob blob;
 
 	if (auditd_test_task(t) &&
 	    (sig == SIGTERM || sig == SIGHUP ||
@@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t)
 			audit_sig_uid = auid;
 		else
 			audit_sig_uid = uid;
-		security_task_getsecid_subj(current, &audit_sig_sid);
+		security_task_getsecid_subj(current, &blob);
+		/* scaffolding until audit_sig_sid is converted */
+		audit_sig_sid = blob.secid[0];
 	}
 
 	return audit_signal_info_syscall(t);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 88a8d69d03dd..3054e06cc207 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype)
 			struct audit_field *f = &e->rule.fields[i];
 			struct lsmblob blob;
 			pid_t pid;
-			u32 sid;
 
 			switch (f->type) {
 			case AUDIT_PID:
@@ -1370,8 +1369,7 @@ int audit_filter(int msgtype, unsigned int listtype)
 			case AUDIT_SUBJ_CLR:
 				if (f->lsm_str) {
 					security_task_getsecid_subj(current,
-								    &sid);
-					lsmblob_init(&blob, sid);
+								    &blob);
 					result = security_audit_rule_match(
 						   &blob, f->type, f->op,
 						   &f->lsm_rules);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c469368818fd..b9a6760f55cc 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk,
 {
 	const struct cred *cred;
 	int i, need_sid = 1;
-	u32 sid;
 	struct lsmblob blob;
 	unsigned int sessionid;
 
@@ -667,17 +666,9 @@ static int audit_filter_rules(struct task_struct *tsk,
 			   logged upon error */
 			if (f->lsm_str) {
 				if (need_sid) {
-					security_task_getsecid_subj(tsk, &sid);
+					security_task_getsecid_subj(tsk, &blob);
 					need_sid = 0;
 				}
-				/*
-				 * lsmblob_init sets all values in the lsmblob
-				 * to sid. This is temporary until
-				 * security_task_getsecid() is converted to
-				 * provide a lsmblob, which happens later in
-				 * this patch set.
-				 */
-				lsmblob_init(&blob, sid);
 				result = security_audit_rule_match(&blob,
 							f->type, f->op,
 							&f->lsm_rules);
@@ -2703,12 +2694,15 @@ int __audit_sockaddr(int len, void *a)
 void __audit_ptrace(struct task_struct *t)
 {
 	struct audit_context *context = audit_context();
+	struct lsmblob blob;
 
 	context->target_pid = task_tgid_nr(t);
 	context->target_auid = audit_get_loginuid(t);
 	context->target_uid = task_uid(t);
 	context->target_sessionid = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &context->target_sid);
+	security_task_getsecid_obj(t, &blob);
+	/* scaffolding - until target_sid is converted */
+	context->target_sid = blob.secid[0];
 	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
 }
 
@@ -2724,6 +2718,7 @@ int audit_signal_info_syscall(struct task_struct *t)
 	struct audit_aux_data_pids *axp;
 	struct audit_context *ctx = audit_context();
 	kuid_t t_uid = task_uid(t);
+	struct lsmblob blob;
 
 	if (!audit_signals || audit_dummy_context())
 		return 0;
@@ -2735,7 +2730,9 @@ int audit_signal_info_syscall(struct task_struct *t)
 		ctx->target_auid = audit_get_loginuid(t);
 		ctx->target_uid = t_uid;
 		ctx->target_sessionid = audit_get_sessionid(t);
-		security_task_getsecid_obj(t, &ctx->target_sid);
+		security_task_getsecid_obj(t, &blob);
+		/* scaffolding until target_sid is converted */
+		ctx->target_sid = blob.secid[0];
 		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
 		return 0;
 	}
@@ -2756,7 +2753,9 @@ int audit_signal_info_syscall(struct task_struct *t)
 	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
 	axp->target_uid[axp->pid_count] = t_uid;
 	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]);
+	security_task_getsecid_obj(t, &blob);
+	/* scaffolding until target_sid is converted */
+	axp->target_sid[axp->pid_count] = blob.secid[0];
 	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
 	axp->pid_count++;
 
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 51cb4fce5edf..15b53fc4e83f 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void)
 	int ret_val;
 	struct netlbl_dom_map *entry;
 	struct netlbl_audit audit_info;
+	struct lsmblob blob;
 
 	/* Only the kernel is allowed to call this function and the only time
 	 * it is called is at bootup before the audit subsystem is reporting
 	 * messages so don't worry to much about these values. */
-	security_task_getsecid_subj(current, &audit_info.secid);
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding until audit_info.secid is converted */
+	audit_info.secid = blob.secid[0];
 	audit_info.loginuid = GLOBAL_ROOT_UID;
 	audit_info.sessionid = 0;
 
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 6190cbf94bf0..aa31f7bf79ee 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,7 +32,11 @@
  */
 static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
 {
-	security_task_getsecid_subj(current, &audit_info->secid);
+	struct lsmblob blob;
+
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding until secid is converted */
+	audit_info->secid = blob.secid[0];
 	audit_info->loginuid = audit_get_loginuid(current);
 	audit_info->sessionid = audit_get_sessionid(current);
 }
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index dbba51583e7c..2fedda131a39 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void)
 int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
 		      int mask, enum ima_hooks func)
 {
-	u32 secid;
+	struct lsmblob blob;
 
 	if (!ima_appraise)
 		return 0;
 
-	security_task_getsecid_subj(current, &secid);
-	return ima_match_policy(mnt_userns, inode, current_cred(), secid,
-				func, mask, IMA_APPRAISE | IMA_HASH, NULL,
-				NULL, NULL, NULL);
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding the .secid[0] */
+	return ima_match_policy(mnt_userns, inode, current_cred(),
+				blob.secid[0], func, mask,
+				IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
+				NULL);
 }
 
 static int ima_fix_xattr(struct dentry *dentry,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 465865412100..c327f93d3962 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred,
  */
 int ima_file_mmap(struct file *file, unsigned long prot)
 {
-	u32 secid;
+	struct lsmblob blob;
 
 	if (file && (prot & PROT_EXEC)) {
-		security_task_getsecid_subj(current, &secid);
-		return process_measurement(file, current_cred(), secid, NULL,
-					   0, MAY_EXEC, MMAP_CHECK);
+		security_task_getsecid_subj(current, &blob);
+		/* scaffolding - until process_measurement changes */
+		return process_measurement(file, current_cred(), blob.secid[0],
+					   NULL, 0, MAY_EXEC, MMAP_CHECK);
 	}
 
 	return 0;
@@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 	char *pathbuf = NULL;
 	const char *pathname = NULL;
 	struct inode *inode;
+	struct lsmblob blob;
 	int result = 0;
 	int action;
-	u32 secid;
 	int pcr;
 
 	/* Is mprotect making an mmap'ed file executable? */
@@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 	    !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
 		return 0;
 
-	security_task_getsecid_subj(current, &secid);
+	security_task_getsecid_subj(current, &blob);
 	inode = file_inode(vma->vm_file);
 	action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
-				current_cred(), secid, MAY_EXEC, MMAP_CHECK,
-				&pcr, &template, NULL, NULL);
+				current_cred(), blob.secid[0], MAY_EXEC,
+				MMAP_CHECK, &pcr, &template, NULL, NULL);
 
 	/* Is the mmap'ed file in policy? */
 	if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
@@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm)
 {
 	int ret;
 	u32 secid;
+	struct lsmblob blob;
 
-	security_task_getsecid_subj(current, &secid);
-	ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
-				  MAY_EXEC, BPRM_CHECK);
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding until process_measurement changes */
+	ret = process_measurement(bprm->file, current_cred(), blob.secid[0],
+				  NULL, 0, MAY_EXEC, BPRM_CHECK);
 	if (ret)
 		return ret;
 
@@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm)
  */
 int ima_file_check(struct file *file, int mask)
 {
-	u32 secid;
+	struct lsmblob blob;
 
-	security_task_getsecid_subj(current, &secid);
-	return process_measurement(file, current_cred(), secid, NULL, 0,
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding until process_measurement changes */
+	return process_measurement(file, current_cred(), blob.secid[0], NULL, 0,
 				   mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
 					   MAY_APPEND), FILE_CHECK);
 }
@@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
 		  bool contents)
 {
 	enum ima_hooks func;
-	u32 secid;
+	struct lsmblob blob;
 
 	/*
 	 * Do devices using pre-allocated memory run the risk of the
@@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
 
 	/* Read entire file for all partial reads. */
 	func = read_idmap[read_id] ?: FILE_CHECK;
-	security_task_getsecid_subj(current, &secid);
-	return process_measurement(file, current_cred(), secid, NULL,
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding - until process_measurement changes */
+	return process_measurement(file, current_cred(), blob.secid[0], NULL,
 				   0, MAY_READ, func);
 }
 
@@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
 		       enum kernel_read_file_id read_id)
 {
 	enum ima_hooks func;
-	u32 secid;
+	struct lsmblob blob;
 
 	/* permit signed certs */
 	if (!file && read_id == READING_X509_CERTIFICATE)
@@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
 	}
 
 	func = read_idmap[read_id] ?: FILE_CHECK;
-	security_task_getsecid_subj(current, &secid);
-	return process_measurement(file, current_cred(), secid, buf, size,
-				   MAY_READ, func);
+	security_task_getsecid_subj(current, &blob);
+	/* scaffolding until process_measurement changes */
+	return process_measurement(file, current_cred(), blob.secid[0], buf,
+				   size, MAY_READ, func);
 }
 
 /**
@@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 	int digest_hash_len = hash_digest_size[ima_hash_algo];
 	int violation = 0;
 	int action = 0;
-	u32 secid;
+	struct lsmblob blob;
 
 	if (digest && digest_len < digest_hash_len)
 		return -EINVAL;
@@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 	 * buffer measurements.
 	 */
 	if (func) {
-		security_task_getsecid_subj(current, &secid);
+		security_task_getsecid_subj(current, &blob);
+		/* scaffolding */
 		action = ima_get_action(mnt_userns, inode, current_cred(),
-					secid, 0, func, &pcr, &template,
+					blob.secid[0], 0, func, &pcr, &template,
 					func_data, NULL);
 		if (!(action & IMA_MEASURE) && !digest)
 			return -ENOENT;
diff --git a/security/security.c b/security/security.c
index f8b5e2fa37a0..ab285557a31f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1906,17 +1906,30 @@ int security_task_getsid(struct task_struct *p)
 	return call_int_hook(task_getsid, 0, p);
 }
 
-void security_task_getsecid_subj(struct task_struct *p, u32 *secid)
+void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob)
 {
-	*secid = 0;
-	call_void_hook(task_getsecid_subj, p, secid);
+	struct security_hook_list *hp;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj,
+			     list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]);
+	}
 }
 EXPORT_SYMBOL(security_task_getsecid_subj);
 
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob)
 {
-	*secid = 0;
-	call_void_hook(task_getsecid_obj, p, secid);
+	struct security_hook_list *hp;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]);
+	}
 }
 EXPORT_SYMBOL(security_task_getsecid_obj);
 

From patchwork Mon Dec 13 23:40:18 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12674967
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CCCF4C433FE
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:54:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239452AbhLMXx7 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:53:59 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:37450
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244280AbhLMXx7 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:53:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439639; bh=ErLYnnmzVYOVC7AIqd9CYsBXa/tj927ekfaGW6T7p/4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=ZJk7Yj5Y25oq1OQrGOP6FI80T+r4rHkt0z1g3h8saSDTZxXH/Y1uzHFLJZvW3ii5kzntfZL64iZZSSrC8Wb/NqZTRGRZ7r1xfGx4BLCWcCsxPltfjckH4xngDfGHsl4U20FviR0WGqf11jq3f82aPd6pL6OFfuCvng8hjA2HOeipMTzVdOrY2YpyuHFpGGOL+9mzLI0pDUa6pu+J9BlFWBr/IDRC11LET1ZDTF/hb6OLiCRkS1/SQOsx/zMtcZYa06HFwU4qHmt3nqfz1i4WqqmO2Tu1tP8IFgEUKBCYgCkRZlnEyX/9fs7bmG2qGqRiOUARg8l+rRDIHrmCUUvc0w==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439639; bh=zVEnaR/vrf4F15VPpXkgKSfuf3wEhEEG7X1UE0Dfbj5=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=KkndheORgywGDOhCAD6jyhD1/aXWeKYaoDG63q0a8z8XOnkW+ZPSyXh0xzmjDkRxzdsHPffTXHRZwwbBbdrzc0tnxWUOaffxH5knMp9PsFa/2se5yfxMMh1xcfsmOnmuIla0AUSzSR3CyCrsabnfQi1caiuSQGIr0XE/K3JxcZdwNibibz0D3mNzK1nR/X8SbGmdIy3LaHNOD19Gz29su+hkETsMz5I/9F/wE7ImLoo7PuxNlkiXzZhWJRxvr5dZhfSeChcGkk2h0W1pVlfSKQAt6j4mSkg3kaW/MnuQTxznJoJqwUwvXqLTZNGi/+s78ktXCL1h0rDdchbh4L/WlQ==
X-YMail-OSG: IYR.dRoVM1ltDfbKnJXbRMCh6vwoY.bCp1Og3IUSYHgKuG8Fehg34DBcacbuQc8
 VSrDGMf2psJ7ZYP5bb5WWl8QiO9K8S7MgE6E5f3EMbz5O1JcPMq.Z9xQFBLMAxw2e1gUycgpRMR9
 Gabemq45Ujr2TruqnsQMDX5Hc_Iti1Lv3J1E0x8Mhx2vPdy4pxHdt_SJnXL_1jCN4IdDG3tItU7s
 C3PU2ZF_U8e_0Wx977FFjDmodG6CUbrQmlezQJkMcMd2Ic4mW8_d.ltyee3bbKJvnzWZY0U3AwkL
 toC6ROs9QjJTdAKJh7O0sFRxNIgCjIDvEW4rMs.pZG.ItQNGXkzDC5T4MPkVxvlG_ETs9DqOPpfj
 DmA4YTiq1w1kAUrVrq.RZ9vIYwrrflwqBsFgX.S_9.oKbCTzA79RZi11hI34ZRU3LXaqPAS6kZ1T
 75OdW5_ik1ONnI1n1shpaWO0qjlTnTsQiTMeMluUbJw6TcgRmb0aNqgEYiGwC9oCuMX8rZ7ygeaI
 k._GNFsay0bKqldPj76X3C1HhgpQVqpsRW.ucz0X0n7hxs3nQPMlTj.Ec3wCENS3QegbLe12Vb4z
 OXlti7BDHvqagZNdrBEdCL.touzAjdsHD30Jhi1AwljbCmIRG8xFTjVRVznkW62K9IZjVvQzBsJY
 8E93oS5j4SKT4Fx5NL._J3ukRIuvHefTiptErwvtoX2QJp6PegBPvtma7yQfxACgWYdAM7ZIMXXR
 pkI86LNAAYF9gItl98Pmon9cLAZi5.FUf.yZL._Ld_dkF2Zo_aDe7Ky9eyPyeiGawFswV5iqO1pi
 9QsrtpqtCvtumZJB8JHzSSafP0rsgIn3b33rhmf7NXBtq9H2JbXPpXq._yjEPhMdIb0JuNLFEQ5i
 ooYWfkPAa.qpndZLNmUHgHF9jdeMwkr9zgFIbdhQd.Z0MPZjhHMvdptglpu9Q7LUin.XCoAkZymc
 sLyjcNuoTGkyrmo4_unhSyvVqaUVtKmW42hoIMZsqpOjC9DAxwMpWdEMxPWTmulvX3Yv2xOc8Bj8
 8516p0ZRWk8GHtL8pQWGVDW5yya0jx_2LNK6Ck4hsgZ8RVaQrWllpRIMU0SFQGfPx6gCcAdNMK1u
 tBOar8KVDXwgEDYTb3vjXfDbBhTmiB8hSYfutFbWgqwgOX7fWwAjKJZV0KnWcqq7VGXKb.im6WkU
 jeHOiSztvtpMqJdqbVqaH_UxhgMjBYMgN70jAwkK.DStiyNM4i5qn3VCT3eiJj5PSKy.BNh2iWJ3
 qV44d3sDic3XcR.zDNSptee9L5UfrcMhFseTOs6MjM.w_QRl.5tVMPMp6MJv4nNVi0q0FkeCmYTU
 _QRc0n60FC6Z6J5FmtqjNL8gWQb88PKc4aR8SDql5TR6H8yg02cETMFhmZmI9dQGOkzpyqmib9t.
 4TaZ05ltDqX6aWFhq1eQED4qoIHg2jgkDgndOWC9JRP4vozxuz_m23bRsC2KrRkU5d4WWc.iJaSC
 VMiWJGwzAx5fwjW8iB6IrB2CiOSfC.ra_p5HIFyaB.vsMCdED7p0F9u1N1ZvKaiqNuGIDEs0MHoA
 .Ts6QJPNq8yiDqqx3OAMB_8CviJqRwbS7X27Omd0uA5o6uqse_D1oO5M8zF_6sO5tAI0772QF8WN
 QGD8quUT9S48dYP68jxU66iY6ONPff28UPaEAvTctvYEsrC8lFx4KvHIP4PePMVaedLLJhBwceMj
 FY3UklT2LCFJu93doyMml3wYTL9ua_R5W_YM7oOrdcrlktkucXZXy6cbef4X5jhSZ_JcoQixUDQ4
 RNMUSaaFKexXlS6UGzId1XbFGngY6WdpHOn_ciepaDridoUqoIJnldPF85mppD7L76TLji7E6gMK
 ZNrBX5L0sMqHP829atIW9xYZ3yRbmRCGVsyC2LL4u2XGFtJE9Yhf95h2c_9FYeNstpSBRHLrTG3n
 JOcyD0moCMfCbLjzuufAaFxdOx_TKxlNekfH86BA7gYu_jhd914oG5qfNTBLeO4M.s0Uh7bjkhQ5
 eMTr5cBKpDP3JOHzcaL.QU2awKJs5MI.BrjAoDNOlhwrocXsSgKqWsLDLWs5ks3vdYKqTL799qbb
 lIv5544f86KFSYt3LINVLxInrsco99KjTlDEI_UAT6_Azw5RtJKIOzBZKrRlWBMDIuiACJOTQZJl
 2PAKbWmU8MeQwikKShvwkSt6_jdJo8bmtrawwA4wsvOySZ2u.VvZHG_w1Yhl_jkp7.xZui4R48AG
 RR5AsCKyfbFSnqTGxhbPiLRvJQdl5dvMaNhBBDHiTRsbmwhsuxdNVDNai.g2lAHK.LyNuCQ--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:53:59 +0000
Received: by kubenode509.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 49c1f8fed2f9bb0edca267b841b22070;
          Mon, 13 Dec 2021 23:53:55 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        linux-integrity@vger.kernel.org
Subject: [PATCH v31 12/28] LSM: Use lsmblob in security_inode_getsecid
Date: Mon, 13 Dec 2021 15:40:18 -0800
Message-Id: <20211213234034.111891-13-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_inode_getsecid() interface to fill in a
lsmblob structure instead of a u32 secid. This allows for its
callers to gather data from all registered LSMs. Data is provided
for IMA and audit.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
---
 include/linux/security.h            |  7 ++++---
 kernel/auditsc.c                    |  6 +++++-
 security/integrity/ima/ima_policy.c |  7 ++++---
 security/security.c                 | 11 +++++++++--
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index bf91ff071ea0..3433850a3f9e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -457,7 +457,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns,
 			       void **buffer, bool alloc);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
-void security_inode_getsecid(struct inode *inode, u32 *secid);
+void security_inode_getsecid(struct inode *inode, struct lsmblob *blob);
 int security_inode_copy_up(struct dentry *src, struct cred **new);
 int security_inode_copy_up_xattr(const char *name);
 int security_kernfs_init_security(struct kernfs_node *kn_dir,
@@ -1009,9 +1009,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer,
 	return 0;
 }
 
-static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
+static inline void security_inode_getsecid(struct inode *inode,
+					   struct lsmblob *blob)
 {
-	*secid = 0;
+	lsmblob_init(blob, 0);
 }
 
 static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b9a6760f55cc..34cec4cd3dbf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2239,13 +2239,17 @@ static void audit_copy_inode(struct audit_names *name,
 			     const struct dentry *dentry,
 			     struct inode *inode, unsigned int flags)
 {
+	struct lsmblob blob;
+
 	name->ino   = inode->i_ino;
 	name->dev   = inode->i_sb->s_dev;
 	name->mode  = inode->i_mode;
 	name->uid   = inode->i_uid;
 	name->gid   = inode->i_gid;
 	name->rdev  = inode->i_rdev;
-	security_inode_getsecid(inode, &name->osid);
+	security_inode_getsecid(inode, &blob);
+	/* scaffolding until osid is updated */
+	name->osid = blob.secid[0];
 	if (flags & AUDIT_INODE_NOEVAL) {
 		name->fcap_ver = -1;
 		return;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 22952efcc0b0..34ecdd7b01f5 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -625,7 +625,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
 		return false;
 	for (i = 0; i < MAX_LSM_RULES; i++) {
 		int rc = 0;
-		u32 osid;
+		struct lsmblob lsmdata;
 
 		if (!rule->lsm[i].rule) {
 			if (!rule->lsm[i].args_p)
@@ -637,8 +637,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
 		case LSM_OBJ_USER:
 		case LSM_OBJ_ROLE:
 		case LSM_OBJ_TYPE:
-			security_inode_getsecid(inode, &osid);
-			rc = ima_filter_rule_match(osid, rule->lsm[i].type,
+			security_inode_getsecid(inode, &lsmdata);
+			rc = ima_filter_rule_match(lsmdata.secid[rule->which],
+						   rule->lsm[i].type,
 						   Audit_equal,
 						   rule->lsm[i].rule,
 						   rule->which);
diff --git a/security/security.c b/security/security.c
index ab285557a31f..57423c92589d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1550,9 +1550,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
 }
 EXPORT_SYMBOL(security_inode_listsecurity);
 
-void security_inode_getsecid(struct inode *inode, u32 *secid)
+void security_inode_getsecid(struct inode *inode, struct lsmblob *blob)
 {
-	call_void_hook(inode_getsecid, inode, secid);
+	struct security_hook_list *hp;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]);
+	}
 }
 
 int security_inode_copy_up(struct dentry *src, struct cred **new)

From patchwork Mon Dec 13 23:40:19 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675001
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 48CD5C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:55:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244314AbhLMXzF (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:55:05 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:43214
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244312AbhLMXzF (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:55:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439704; bh=v2ArQcc4YgITLhmh4+LVreIOeftCXoVuskiPNB9noNI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=nPYiCZxMvYag9EIHbYJMkRB7ReRZKD22ueb+ta5A6hR1vEkOf3I7zfIeLy4ec27Yh9d/I3o42kV2NUcgQL4BwspmDEPt4pEWaZT0mgaKM3Sm0ZLTCltc64KEsCiK5jTnJIKtuN4gMy7QTINMeiHSzJQsDDzsfRrTADDtKjmHMVibnMjTfyWB7RtKt1CvHsAZGbXiKXaA7CUbomAM5xK8jQiifbEv9tksnTgpBa4soLQ+M2xViV6UTfyjuo5W5zGSfkNL09fbzO0ePHkYjUKL1rS83ZDf9bOAirrAN73Ai0vahpBrPUNwE3aWRz0M6SgYRxqEGydrANP6SIfRo/YZcg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439704; bh=FLz2twA7hGTRRCzOuwo2f1c7jpAhX1CAHrIOzxRGMI2=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=mXtQPkp4VLDbXviYgo1c3VbefHPqz9hy1Sqt8899Pk1nvyL2AQpNzag1l+fd50JHneUW2dPYN6F60UCT7amrjHS3VyhTkP272QPbIr7ke/IuYWpiggK0i1d+L+4s2vQUOwW4KfKak2a/osqn99lQFRytFkKRfQXhCci2+pne4mI692txmrwAxMuy9g9lYc82s9+LJkLDZfGgT3Th1DUfiXx7LwZ9sZBhB9EjecWbSelP+i+FWVR8tJWEgtvcoTq6EI1IlH0FtIiDt8bdQKdcNSHhiXaavwTiNK4TvKVbYmCILPgiPROyMktSIVJ8h1ba54NTPxnQSMbw7g9UIr10AA==
X-YMail-OSG: v9GoCdkVM1myh1lIkfIO2XXQ_HxQLRAmdKkYI20nV0lBxBcpV9R3KXmJkLT5mVQ
 iNcqT7PL2vhx9yxCCXuJYO.JZz9qbcn7QCDnPoL3QVyK.TfAoAoUfONGUxZD0uBjgpEQh172RVRT
 xZLxeGOXi7uZIfmCTtAtCWLDtrruPhiBVIXJCFlewVkGhSvPUQ9WTcXYKLNdtCztDMqrNcjYLYbN
 2SEs6_24pIn.q_WFQA_nuhahqpu9iozmMeMKbSWORxFLFhWgErueFxCPrcNMpbzpQK0JGTAAz4A8
 stVSi5aMQH0mmAij5t8QYCcuZtROlbFMV4Va0UKnrvkcDgckj7Q5EYwCF1OiNtm5vLczuERyvtYp
 K_W79GQ8bDnn6c4QE0wQdG0Jg0YC4WSP.jUeG.ure2vjXY1hiecFzjtfv2nlHA.S0lOH8CNULfrY
 9ujqngbwVqS9QjHSzgyKiNCvwL83mMCHplHu4_QhxknhLmLJ3T8yGdmWWZj0OszoXhAX1TLVUJVB
 IoD6T9wG9GvOzAllAwQ3KNUSklaD5iY7pjsCtu2TyvIyvOgOowe3sycaRYxGt3Iw9suYfDcBNvwz
 SP8MPoNiPvAWYKi6H4xS6pTgGWsDszdNtiyIKQ7YIhexfBPwC_4BykCz7tcXD8E0TnOHasvxcdCt
 zfOETb0CblpHpqB83bcH86.ZqxZeSE2Cckica_ZR7kMRgC4_EmFFjENuGf6Mgtrjtv6BWPsA3i1u
 bILfN6fMl_18s_baWe416E0Y9ZIVD8TxBiuPgiMZs8CsbeSnara3ba_KQrivkfHaAuOKaJELat8k
 3HbdsWC5UzXqBhnhiXXdThy.MhA_YIyiK80fmAndKzi2ss.3zvd.hBYP3cJUyDynFKqgYl5KeggM
 reWyX8Hb.aqs_bMqLui00CexV4K0510jUgxaW11N07rH5dVK8186kVCDOpxhwz_1eH4B6MSq5s43
 BV5Wge7uzTdYEudmMZOvfx6UFi8EC5yJ39gD5yLiUwQwbOp9Y7l8yiT4bAtmJ_GwrVcXGrBobsQ4
 knYYyuE5DdIRC0Lmo1ZfiQOY90GYIBdEUg_Vyti_7EEZkqIe30c.Jczb7Tv7bu7k6GgCEKkMr8XD
 jLxFc5sHfqBNg5hz0TM5pt8XXxiS0_WHOBSJu0Kxa79fknh1ao4ndLI1G.9dBO5GQvsmQWyOOah0
 h7dCW1o43zg6p48GC8pJOl6d18Z2va.n3RmQa0DHptEtCX.f2tb7ta38tt.Vk1QtEDIuhIOWnZw2
 .TlQLvZJ3SF3cV8NtdSj2q51zY23QCenbydy5VEge2VnBaYDxhCe8UwQrG9BTHp.p.llDu1fSEF3
 gCyv6RDuwJhTjRwmzeiv021ZOUCepHVR.7aNmbh.r_6r6lAxn9yfo0gD_qmQd9E5KwquTx9kxl89
 qxGz3yjFtRAzKhGJhGPanw2X_h4P3MgRwatnfpvdjoIG.6BOL7WGjUSRiyHS2JWFwz4rATSGgVXo
 NL9pL9UcliRBUYiAaX5GieaV6euDzihj19r3aF4hR.PhLz5dCxAPZennUcbvmdH0R3SLNC82QFXm
 8kObtDqaaIejOLGFiWFBnxo9WXXVum..3oKwBVMPQtQvei0w319Yeld1fyKJJIFG70qvPiZWLnP0
 VVDmrOfD7mcm.hxdm4PwVaAFrIPjz7ReVpWEQFP2TSB679lcMKVteImiWmhNt38K_ktHkij_TRig
 epHoIac9Z9f4z6kDA3ccGOMK89xEegETjLHXyRYepEf5i0hXjVD84TIpLsvltzmHvaxQ4bmG3iod
 LI_Iz4KMwJ9VGz5xjzjlLtGGJLMfAdNCokNjNxpCHSxj_TGgfHMvH._CzS6qpSMm.W4NPsfuUzF.
 6ZUIfqhP5Eo4.SKE8ES22561a0Hs6Ns9xw4neTdxrqOMwVsOpALM_Gjy9bkUTMK5yMgAs4K2sfsW
 Lb8W_qyPccFIy9jiTUq6m.flHNLwLZdOX99NvIgTb4GVoqq9irPC8zLTDPbokK7.z9h99U1yuKJw
 C.WCNyCwhwGIAOe7.JHsO2EXt9Em0pIhqWfVEFOj3NJK0MVQqLF89eqbzPkw7_d3HI2jV2tCkpMw
 xOfbmlrk.LqJyR_yDSX55YaYjpEAeXDwkr_HIeiR8f3aww0DGuZV5RExb_hwFQloQlHomUtqWYGL
 M552EMTtFg2GGvpUBk_.b.BY6lY03ucLFTJjibYwN94H4OAm71e1ULu4E57l2nd9qyile39CMVOw
 LASg3GC1xjUtkMeN1Q8Ci3TrMX1u_LKjUbfIJ4peqTPwTmZ0PSPPEZ9UrhWiLoctabjgRT8VxPbb
 m3bjHVGD0T0btmH_h1Dlxe7dqnITHFvpB7BtbrKwC3nRCgnkJ
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:55:04 +0000
Received: by kubenode530.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 938d4f01cf5160466ca0a1e860c118e1;
          Mon, 13 Dec 2021 23:55:01 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        linux-integrity@vger.kernel.org
Subject: [PATCH v31 13/28] LSM: Use lsmblob in security_cred_getsecid
Date: Mon, 13 Dec 2021 15:40:19 -0800
Message-Id: <20211213234034.111891-14-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_cred_getsecid() interface to fill in a
lsmblob instead of a u32 secid. The associated data elements
in the audit sub-system are changed from a secid to a lsmblob
to accommodate multiple possible LSM audit users.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
Reported-by: kernel test robot <lkp@intel.com>
---
 drivers/android/binder.c          | 12 +----------
 include/linux/security.h          |  2 +-
 kernel/audit.c                    | 25 +++++++----------------
 kernel/audit.h                    |  3 ++-
 kernel/auditsc.c                  | 33 +++++++++++--------------------
 security/integrity/ima/ima_main.c |  8 ++++----
 security/security.c               | 12 ++++++++---
 7 files changed, 36 insertions(+), 59 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 916a42c68b58..27b53e5f71a1 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2720,18 +2720,8 @@ static void binder_transaction(struct binder_proc *proc,
 	if (target_node && target_node->txn_security_ctx) {
 		struct lsmblob blob;
 		size_t added_size;
-		u32 secid;
 
-		security_cred_getsecid(proc->cred, &secid);
-		/*
-		 * Later in this patch set security_cred_getsecid() will
-		 * provide a lsmblob instead of a secid. lsmblob_init
-		 * is used to ensure that all the secids in the lsmblob
-		 * get the value returned from security_cred_getsecid(),
-		 * which means that the one expected by
-		 * security_secid_to_secctx() will be set.
-		 */
-		lsmblob_init(&blob, secid);
+		security_cred_getsecid(proc->cred, &blob);
 		ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
 		if (ret) {
 			return_error = BR_FAILED_REPLY;
diff --git a/include/linux/security.h b/include/linux/security.h
index 3433850a3f9e..3b653fe331dd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -484,7 +484,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
 void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_transfer_creds(struct cred *new, const struct cred *old);
-void security_cred_getsecid(const struct cred *c, u32 *secid);
+void security_cred_getsecid(const struct cred *c, struct lsmblob *blob);
 int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
diff --git a/kernel/audit.c b/kernel/audit.c
index d92c7b894183..8ec64e6e8bc0 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -125,7 +125,7 @@ static u32	audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
 /* The identity of the user shutting down the audit system. */
 static kuid_t		audit_sig_uid = INVALID_UID;
 static pid_t		audit_sig_pid = -1;
-static u32		audit_sig_sid;
+struct lsmblob		audit_sig_lsm;
 
 /* Records can be lost in several ways:
    0) [suppressed in audit_alloc]
@@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	}
 	case AUDIT_SIGNAL_INFO:
 		len = 0;
-		if (audit_sig_sid) {
-			struct lsmblob blob;
-
-			/*
-			 * lsmblob_init sets all values in the lsmblob
-			 * to audit_sig_sid. This is temporary until
-			 * audit_sig_sid is converted to a lsmblob, which
-			 * happens later in this patch set.
-			 */
-			lsmblob_init(&blob, audit_sig_sid);
-			err = security_secid_to_secctx(&blob, &ctx, &len);
+		if (lsmblob_is_set(&audit_sig_lsm)) {
+			err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
+						       &len);
 			if (err)
 				return err;
 		}
 		sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
 		if (!sig_data) {
-			if (audit_sig_sid)
+			if (lsmblob_is_set(&audit_sig_lsm))
 				security_release_secctx(ctx, len);
 			return -ENOMEM;
 		}
 		sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
 		sig_data->pid = audit_sig_pid;
-		if (audit_sig_sid) {
+		if (lsmblob_is_set(&audit_sig_lsm)) {
 			memcpy(sig_data->ctx, ctx, len);
 			security_release_secctx(ctx, len);
 		}
@@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid)
 int audit_signal_info(int sig, struct task_struct *t)
 {
 	kuid_t uid = current_uid(), auid;
-	struct lsmblob blob;
 
 	if (auditd_test_task(t) &&
 	    (sig == SIGTERM || sig == SIGHUP ||
@@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t)
 			audit_sig_uid = auid;
 		else
 			audit_sig_uid = uid;
-		security_task_getsecid_subj(current, &blob);
-		/* scaffolding until audit_sig_sid is converted */
-		audit_sig_sid = blob.secid[0];
+		security_task_getsecid_subj(current, &audit_sig_lsm);
 	}
 
 	return audit_signal_info_syscall(t);
diff --git a/kernel/audit.h b/kernel/audit.h
index c4498090a5bd..527d4c4acb12 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -12,6 +12,7 @@
 #include <linux/fs.h>
 #include <linux/audit.h>
 #include <linux/skbuff.h>
+#include <linux/security.h>
 #include <uapi/linux/mqueue.h>
 #include <linux/tty.h>
 #include <uapi/linux/openat2.h> // struct open_how
@@ -143,7 +144,7 @@ struct audit_context {
 	kuid_t		    target_auid;
 	kuid_t		    target_uid;
 	unsigned int	    target_sessionid;
-	u32		    target_sid;
+	struct lsmblob	    target_lsm;
 	char		    target_comm[TASK_COMM_LEN];
 
 	struct audit_tree_refs *trees, *first_trees;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 34cec4cd3dbf..930254bca7b5 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -99,7 +99,7 @@ struct audit_aux_data_pids {
 	kuid_t			target_auid[AUDIT_AUX_PIDS];
 	kuid_t			target_uid[AUDIT_AUX_PIDS];
 	unsigned int		target_sessionid[AUDIT_AUX_PIDS];
-	u32			target_sid[AUDIT_AUX_PIDS];
+	struct lsmblob		target_lsm[AUDIT_AUX_PIDS];
 	char 			target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
 	int			pid_count;
 };
@@ -1009,7 +1009,7 @@ static void audit_reset_context(struct audit_context *ctx)
 	ctx->target_pid = 0;
 	ctx->target_auid = ctx->target_uid = KUIDT_INIT(0);
 	ctx->target_sessionid = 0;
-	ctx->target_sid = 0;
+	lsmblob_init(&ctx->target_lsm, 0);
 	ctx->target_comm[0] = '\0';
 	unroll_tree_refs(ctx, NULL, 0);
 	WARN_ON(!list_empty(&ctx->killed_trees));
@@ -1107,14 +1107,14 @@ static inline void audit_free_context(struct audit_context *context)
 }
 
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
-				 kuid_t auid, kuid_t uid, unsigned int sessionid,
-				 u32 sid, char *comm)
+				 kuid_t auid, kuid_t uid,
+				 unsigned int sessionid,
+				 struct lsmblob *blob, char *comm)
 {
 	struct audit_buffer *ab;
 	char *ctx = NULL;
 	u32 len;
 	int rc = 0;
-	struct lsmblob blob;
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
 	if (!ab)
@@ -1123,9 +1123,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 	audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
-	if (sid) {
-		lsmblob_init(&blob, sid);
-		if (security_secid_to_secctx(&blob, &ctx, &len)) {
+	if (lsmblob_is_set(blob)) {
+		if (security_secid_to_secctx(blob, &ctx, &len)) {
 			audit_log_format(ab, " obj=(none)");
 			rc = 1;
 		} else {
@@ -1753,7 +1752,7 @@ static void audit_log_exit(void)
 						  axs->target_auid[i],
 						  axs->target_uid[i],
 						  axs->target_sessionid[i],
-						  axs->target_sid[i],
+						  &axs->target_lsm[i],
 						  axs->target_comm[i]))
 				call_panic = 1;
 	}
@@ -1762,7 +1761,7 @@ static void audit_log_exit(void)
 	    audit_log_pid_context(context, context->target_pid,
 				  context->target_auid, context->target_uid,
 				  context->target_sessionid,
-				  context->target_sid, context->target_comm))
+				  &context->target_lsm, context->target_comm))
 			call_panic = 1;
 
 	if (context->pwd.dentry && context->pwd.mnt) {
@@ -2698,15 +2697,12 @@ int __audit_sockaddr(int len, void *a)
 void __audit_ptrace(struct task_struct *t)
 {
 	struct audit_context *context = audit_context();
-	struct lsmblob blob;
 
 	context->target_pid = task_tgid_nr(t);
 	context->target_auid = audit_get_loginuid(t);
 	context->target_uid = task_uid(t);
 	context->target_sessionid = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &blob);
-	/* scaffolding - until target_sid is converted */
-	context->target_sid = blob.secid[0];
+	security_task_getsecid_obj(t, &context->target_lsm);
 	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
 }
 
@@ -2722,7 +2718,6 @@ int audit_signal_info_syscall(struct task_struct *t)
 	struct audit_aux_data_pids *axp;
 	struct audit_context *ctx = audit_context();
 	kuid_t t_uid = task_uid(t);
-	struct lsmblob blob;
 
 	if (!audit_signals || audit_dummy_context())
 		return 0;
@@ -2734,9 +2729,7 @@ int audit_signal_info_syscall(struct task_struct *t)
 		ctx->target_auid = audit_get_loginuid(t);
 		ctx->target_uid = t_uid;
 		ctx->target_sessionid = audit_get_sessionid(t);
-		security_task_getsecid_obj(t, &blob);
-		/* scaffolding until target_sid is converted */
-		ctx->target_sid = blob.secid[0];
+		security_task_getsecid_obj(t, &ctx->target_lsm);
 		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
 		return 0;
 	}
@@ -2757,9 +2750,7 @@ int audit_signal_info_syscall(struct task_struct *t)
 	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
 	axp->target_uid[axp->pid_count] = t_uid;
 	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &blob);
-	/* scaffolding until target_sid is converted */
-	axp->target_sid[axp->pid_count] = blob.secid[0];
+	security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]);
 	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
 	axp->pid_count++;
 
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index c327f93d3962..1a4f7b00253b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 int ima_bprm_check(struct linux_binprm *bprm)
 {
 	int ret;
-	u32 secid;
 	struct lsmblob blob;
 
 	security_task_getsecid_subj(current, &blob);
@@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
 	if (ret)
 		return ret;
 
-	security_cred_getsecid(bprm->cred, &secid);
-	return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
-				   MAY_EXEC, CREDS_CHECK);
+	security_cred_getsecid(bprm->cred, &blob);
+	/* scaffolding until process_measurement changes */
+	return process_measurement(bprm->file, bprm->cred, blob.secid[0],
+				   NULL, 0, MAY_EXEC, CREDS_CHECK);
 }
 
 /**
diff --git a/security/security.c b/security/security.c
index 57423c92589d..0e17620a60e2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1800,10 +1800,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
 	call_void_hook(cred_transfer, new, old);
 }
 
-void security_cred_getsecid(const struct cred *c, u32 *secid)
+void security_cred_getsecid(const struct cred *c, struct lsmblob *blob)
 {
-	*secid = 0;
-	call_void_hook(cred_getsecid, c, secid);
+	struct security_hook_list *hp;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]);
+	}
 }
 EXPORT_SYMBOL(security_cred_getsecid);
 

From patchwork Mon Dec 13 23:40:20 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675003
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 75002C4332F
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:56:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244293AbhLMX4M (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:56:12 -0500
Received: from sonic301-38.consmr.mail.ne1.yahoo.com ([66.163.184.207]:39853
        "EHLO sonic301-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244349AbhLMX4L (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:56:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439771; bh=Wg25zpd+lhC5QFAK1XyTqU0vb7Pl9qiJsjDAtynfIPg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=Ky6JUbrXXnDL46HXi3d6jDMWwb3NA+H5lluUpB8xVbqGFrgW6AOK9M7XcgaHYwheOfUJlX9Vmyz3aD/jVncSu+4A57UOSEBb6Ou1Km1tbMD0vEw/uyuBuCgo98gixdd9tXDjnbRSPmQoVPaVRcLlCeKf8LCE54fJTvQgJSotIeIsnzVLwuykNpiliTfBfb/CitYSSUX8Vv3urxtU9ppvAMeDxaUH9X62nqBJ2FTJwqP6qnhAbMthWwITLySvQpkywkBx8qAOiMltQGdtEEoBiCEHA7Vgarg/Yg0hC9gva3CfWcHdHFfDgG8/+iGgha7sy9TLPAm2Y96YTrXgODGGig==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439771; bh=e9xenz2e2AF2O4EwZEr2ug4w9qIHSbnD6zktSpN+s0w=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=fX5mlRwEkDwGxvUAEnanaX8Vr4g0PMjvKTZ4lWVnvaRr60e/R6D8K+LMJsi6DGUEZKczrVi1N+UJLfVgTFp1PpOyJ+4c5yLwl135vDyNzla4+wnOI1xRds/tr6Il7l9oTwwASOTM8dravXq4uCrfBOokgbycdkpm1swk7TcFsbST8F1H9n/+nq/7aWSZPiC4m+rJoh/JiVry3tIRBywT9BVi28LhyLy4134UECEscEUtP28fHiTiOtvUaJmGcaHOyZK9D+c4SjLvdJE3l0CawNuDSH+LoHirgnLteSW9mcmTZFopUmYFdU3p6QkAHq6/b4+ilqcQ9ZG53V7OrBWVog==
X-YMail-OSG: LyZVYxQVM1lgDhxpLuQr3P2tKrwnLToZTOVqYFbCOjkm5sLeHrHkeZIddKvNhmD
 Uk2zJ_ddff0P8ynFZKjFKHhPaBDD9oA3tACfLWJd1gz3A9raEpas5xr_6AKXLB8Ad5Jr_3f9OLh.
 0m4BKMjNZ_7g81HDznWe2GHiG5droXEkqB4pNP9TW6lNU21LkgHxEYbPpyHHmQ5I5_DzIgI.SfgA
 k3YdehhzMXM1sppMRjKtdC6BzTRK0uIDTkkav9a90bsv54imk8eyXQvvkr3nNFoK785mXRaT8ps8
 subcLs808ZWMRAfCzdw1F_fezh9QBS1upyy172u8iLJ16FI1Zli1OSHWKYkpZ5hKqmLYfRUvU.Es
 RnR2H2Da_PYhuAOHRu_yavfoqQdRxrBp4kK1B9vV9DHoJyrgf17.euA0c9_m1rX81QsWPiUr3H5E
 695y6.o2vhzxJBw329DIYF3Bp6k9ewSQmGxGCRUz9PpRGz1XAOWk3IjCdXwVfJ3yRF5b227cN019
 w.KkaEmgAHEuWDcp97vGiGn2Ct3pfa_KcU8TCUZRRMJYtnIgBahROfE.TJ6l3xHSr1EmZoXIbi0T
 fLBdoYQkaTGvzN8i0_qzND_7BpKKUbnFv3i449MowVMkFau8M1fPbPxjhtilsmPoFQAUQqg_dsJS
 6.4kNrqUm_aSd0CQIHQR9SGh0pMi.ceD8g_v9ZNfofyIJgABvwHb7RvEODDxEoQ_yNQPsKBoJvuY
 X8c7cOS.tfr2D9H2X0AL4QlWTuPvXJPmOH7DZXbPSOFPXPmRzwgZyVmzeTmx2kf9pshjZ7sMeH7j
 CklGdRp0qUIT4QCewAjLPTPe_1MVKaObHPe6CiUYU3JJUx.GkCSBk37IHIYNsPiF6k3otqRp6.xy
 9bo67O.PSulBjlsGqE6KZYxiMWReaRLY_ZILdAXs7K5qKXqBUYMWjY7Hl_RCznBoBUR66fisU4cs
 F2rSj93qRSjUKgIL.F6aaiZY5bH6OVpv68amjrw4fmxAPDEpRrgrXSvN5zJhlvW1hf6cjNSEryWG
 nSQWv8mHohYhqB9ZAMXpdu_N07QRohlDDISyHyGYYKoErGSHJS7fGqKkF6C8WhW9_hhqJISBMnhU
 rkrHWLH2GML88RH4nR0dNGn966gbk.UIYsFCRNNn6VKvY5aVt9l.uarXgi9zmJAd3irQs_fayBTb
 b2W0UnU4I8XDjxdFuLi8oOmsrxZNtBAKDygSY08UfNRWq5PrRDlDFqpVn9SfhJQAotGogJ131yH8
 D8TreqsHcjB5O8KrojPkBkfwLXqY15XAE6lL.TshBXB70CqSOxokfKscv4CL95L_lo0ZWtEo0Tlf
 bbgpX5_9lK76syIR5F68CpgipBOq6yojbAgEIXFwERhYolx8xMN0nJ.o3_R6w1uGCsDojZ2xdy4j
 HOi51jGtwkS2BKdDEq1TjKXhUBboWqtmNnV6X9GDZpYfFgTBrj4yJ9BzAwWaHU1dtBXU5E9O3qGU
 5RDR7EjzO6gstF8qfFfvD_hyMACByEnLkOt5kTF4qQfj6Vn6JuwcGh8YOntfDtaWKDBATCvvr.PF
 W.R6zK0JHLXOz523wnjSp8_K9f5iyAwcLzf3swMubp5cHY4mACVdJ6ApCZldKvwVf229i_mPLwe_
 qu8apPh5GIZ.DCqgHDMytWbOcE5_Ws47DPAojXk19YRxyTBA4Iahro.dFwFZ8bH5DdhWIxug2d1_
 fvIaj4a1lfNXk8nf7BB46ueYQxRCIPhqPaqKfda6QyON2BmygArtXtrlMxf9TEZmm2sr6JqJZoow
 LDaLHTInt3XAcm2sfOtvNVSLLhgNLpHFk7mDJBTehZASY65x4Is9V9K0qBfhyBWZj_mpAc8VBKRr
 XdBy.NbRidTau4tlZkzRE.BpRoZDaNBY461HF2XcT37wtdIHeTYVwRtXHbZiIiwaFtJWgy3wW3QS
 K872MQubkXgI77K3Ou5V75cWivHTBgFihFRVlt9yVim.0AL2qgSlbx8lPEwYzcL6k0j9A1TQIr7K
 BV7rLiXnMCuHDWuSf4dbELZ3R4hz1FWzfIJqtzfkj1_uvj6XxrS6ENT_g6.IrDmFxklkvurdKBE7
 Z9CS26rNhJQ5xL4NNaQVynHtXhXij9Lw_G6cMEgCb.ulAi.lEB0B8zu7Vcw_6XtfD8flK1oVldSc
 8oq7rJM6Re8rw6wBpeo0VDR_wN_Jv4XtmyAH5P6Xw6mOdYFY8nytb1j.lmwtabc_yGI8NJTjjQ5M
 LEtG4D6X_LL_3bOmqS9ClxsCva2OL9zI0bzsEIlIDJ5J2d2_iJHAESoQ-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:56:11 +0000
Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 51d439cf7f795597c5ba6903e72f95c7;
          Mon, 13 Dec 2021 23:56:06 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-api@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH v31 14/28] LSM: Specify which LSM to display
Date: Mon, 13 Dec 2021 15:40:20 -0800
Message-Id: <20211213234034.111891-15-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Create a new entry "interface_lsm" in the procfs attr directory for
controlling which LSM security information is displayed for a
process. A process can only read or write its own display value.

The name of an active LSM that supplies hooks for
human readable data may be written to "interface_lsm" to set the
value. The name of the LSM currently in use can be read from
"interface_lsm". At this point there can only be one LSM capable
of display active. A helper function lsm_task_ilsm() is
provided to get the interface lsm slot for a task_struct.

Setting the "interface_lsm" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.

AppArmor hook provided by John Johansen <john.johansen@canonical.com>
SELinux hook provided by Stephen Smalley <stephen.smalley.work@gmail.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-api@vger.kernel.org
Cc: linux-doc@vger.kernel.org
---
 .../ABI/testing/procfs-attr-lsm_display       |  22 +++
 Documentation/security/lsm.rst                |  14 ++
 fs/proc/base.c                                |   1 +
 include/linux/security.h                      |  17 ++
 security/apparmor/include/apparmor.h          |   3 +-
 security/apparmor/lsm.c                       |  32 ++++
 security/security.c                           | 166 ++++++++++++++++--
 security/selinux/hooks.c                      |  11 ++
 security/selinux/include/classmap.h           |   2 +-
 security/smack/smack_lsm.c                    |   7 +
 10 files changed, 256 insertions(+), 19 deletions(-)
 create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display

diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display
new file mode 100644
index 000000000000..0f60005c235c
--- /dev/null
+++ b/Documentation/ABI/testing/procfs-attr-lsm_display
@@ -0,0 +1,22 @@
+What:		/proc/*/attr/lsm_display
+Contact:	linux-security-module@vger.kernel.org,
+Description:	The name of the Linux security module (LSM) that will
+		provide information in the /proc/*/attr/current,
+		/proc/*/attr/prev and /proc/*/attr/exec interfaces.
+		The details of permissions required to read from
+		this interface are dependent on the LSMs active on the
+		system.
+		A process cannot write to this interface unless it
+		refers to itself.
+		The other details of permissions required to write to
+		this interface are dependent on the LSMs active on the
+		system.
+		The format of the data used by this interface is a
+		text string identifying the name of an LSM. The values
+		accepted are:
+			selinux		- the SELinux LSM
+			smack		- the Smack LSM
+			apparmor	- The AppArmor LSM
+		By convention the LSM names are lower case and do not
+		contain special characters.
+Users:		LSM user-space
diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst
index 6a2a2e973080..b77b4a540391 100644
--- a/Documentation/security/lsm.rst
+++ b/Documentation/security/lsm.rst
@@ -129,3 +129,17 @@ to identify it as the first security module to be registered.
 The capabilities security module does not use the general security
 blobs, unlike other modules. The reasons are historical and are
 based on overhead, complexity and performance concerns.
+
+LSM External Interfaces
+=======================
+
+The LSM infrastructure does not generally provide external interfaces.
+The individual security modules provide what external interfaces they
+require.
+
+The file ``/sys/kernel/security/lsm`` provides a comma
+separated list of the active security modules.
+
+The file ``/proc/pid/attr/interface_lsm`` contains the name of the security
+module for which the ``/proc/pid/attr/current`` interface will
+apply. This interface can be written to.
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 13eda8de2998..50dbe5612a26 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2828,6 +2828,7 @@ static const struct pid_entry attr_dir_stuff[] = {
 	ATTR(NULL, "fscreate",		0666),
 	ATTR(NULL, "keycreate",		0666),
 	ATTR(NULL, "sockcreate",	0666),
+	ATTR(NULL, "interface_lsm",	0666),
 #ifdef CONFIG_SECURITY_SMACK
 	DIR("smack",			0555,
 	    proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
diff --git a/include/linux/security.h b/include/linux/security.h
index 3b653fe331dd..872e543d37dd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -219,6 +219,23 @@ static inline u32 lsmblob_value(const struct lsmblob *blob)
 	return 0;
 }
 
+/**
+ * lsm_task_ilsm - the "interface_lsm" for this task
+ * @task: The task to report on
+ *
+ * Returns the task's interface LSM slot.
+ */
+static inline int lsm_task_ilsm(struct task_struct *task)
+{
+#ifdef CONFIG_SECURITY
+	int *ilsm = task->security;
+
+	if (ilsm)
+		return *ilsm;
+#endif
+	return LSMBLOB_INVALID;
+}
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 1fbabdb565a8..b1622fcb4394 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -28,8 +28,9 @@
 #define AA_CLASS_SIGNAL		10
 #define AA_CLASS_NET		14
 #define AA_CLASS_LABEL		16
+#define AA_CLASS_DISPLAY_LSM	17
 
-#define AA_CLASS_LAST		AA_CLASS_LABEL
+#define AA_CLASS_LAST		AA_CLASS_DISPLAY_LSM
 
 /* Control parameters settable through module/boot flags */
 extern enum audit_mode aa_g_audit;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 24241db8ec54..5ed40fd93ce9 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -621,6 +621,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 	return error;
 }
 
+
+static int profile_interface_lsm(struct aa_profile *profile,
+				 struct common_audit_data *sa)
+{
+	struct aa_perms perms = { };
+	unsigned int state;
+
+	state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM);
+	if (state) {
+		aa_compute_perms(profile->policy.dfa, state, &perms);
+		aa_apply_modes_to_perms(profile, &perms);
+		aad(sa)->label = &profile->label;
+
+		return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL);
+	}
+
+	return 0;
+}
+
 static int apparmor_setprocattr(const char *name, void *value,
 				size_t size)
 {
@@ -632,6 +651,19 @@ static int apparmor_setprocattr(const char *name, void *value,
 	if (size == 0)
 		return -EINVAL;
 
+	/* LSM infrastructure does actual setting of interface_lsm if allowed */
+	if (!strcmp(name, "interface_lsm")) {
+		struct aa_profile *profile;
+		struct aa_label *label;
+
+		aad(&sa)->info = "set interface lsm";
+		label = begin_current_label_crit_section();
+		error = fn_for_each_confined(label, profile,
+					profile_interface_lsm(profile, &sa));
+		end_current_label_crit_section(label);
+		return error;
+	}
+
 	/* AppArmor requires that the buffer must be null terminated atm */
 	if (args[size - 1] != '\0') {
 		/* null terminate */
diff --git a/security/security.c b/security/security.c
index 0e17620a60e2..1d734d9579f1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -78,7 +78,16 @@ static struct kmem_cache *lsm_file_cache;
 static struct kmem_cache *lsm_inode_cache;
 
 char *lsm_names;
-static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;
+
+/*
+ * The task blob includes the "interface_lsm" slot used for
+ * chosing which module presents contexts.
+ * Using a long to avoid potential alignment issues with
+ * module assigned task blobs.
+ */
+static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = {
+	.lbs_task = sizeof(long),
+};
 
 /* Boot-time LSM user choice */
 static __initdata const char *chosen_lsm_order;
@@ -672,6 +681,8 @@ int lsm_inode_alloc(struct inode *inode)
  */
 static int lsm_task_alloc(struct task_struct *task)
 {
+	int *ilsm;
+
 	if (blob_sizes.lbs_task == 0) {
 		task->security = NULL;
 		return 0;
@@ -680,6 +691,15 @@ static int lsm_task_alloc(struct task_struct *task)
 	task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL);
 	if (task->security == NULL)
 		return -ENOMEM;
+
+	/*
+	 * The start of the task blob contains the "interface" LSM slot number.
+	 * Start with it set to the invalid slot number, indicating that the
+	 * default first registered LSM be displayed.
+	 */
+	ilsm = task->security;
+	*ilsm = LSMBLOB_INVALID;
+
 	return 0;
 }
 
@@ -1736,14 +1756,26 @@ int security_file_open(struct file *file)
 
 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
 {
+	int *oilsm = current->security;
+	int *nilsm;
 	int rc = lsm_task_alloc(task);
 
-	if (rc)
+	if (unlikely(rc))
 		return rc;
+
 	rc = call_int_hook(task_alloc, 0, task, clone_flags);
-	if (unlikely(rc))
+	if (unlikely(rc)) {
 		security_task_free(task);
-	return rc;
+		return rc;
+	}
+
+	if (oilsm) {
+		nilsm = task->security;
+		if (nilsm)
+			*nilsm = *oilsm;
+	}
+
+	return 0;
 }
 
 void security_task_free(struct task_struct *task)
@@ -2175,23 +2207,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
 				char **value)
 {
 	struct security_hook_list *hp;
+	int ilsm = lsm_task_ilsm(current);
+	int slot = 0;
+
+	if (!strcmp(name, "interface_lsm")) {
+		/*
+		 * lsm_slot will be 0 if there are no displaying modules.
+		 */
+		if (lsm_slot == 0)
+			return -EINVAL;
+
+		/*
+		 * Only allow getting the current process' interface_lsm.
+		 * There are too few reasons to get another process'
+		 * interface_lsm and too many LSM policy issues.
+		 */
+		if (current != p)
+			return -EINVAL;
+
+		ilsm = lsm_task_ilsm(p);
+		if (ilsm != LSMBLOB_INVALID)
+			slot = ilsm;
+		*value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL);
+		if (*value)
+			return strlen(*value);
+		return -ENOMEM;
+	}
 
 	hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
 		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
 			continue;
+		if (lsm == NULL && ilsm != LSMBLOB_INVALID &&
+		    ilsm != hp->lsmid->slot)
+			continue;
 		return hp->hook.getprocattr(p, name, value);
 	}
 	return LSM_RET_DEFAULT(getprocattr);
 }
 
+/**
+ * security_setprocattr - Set process attributes via /proc
+ * @lsm: name of module involved, or NULL
+ * @name: name of the attribute
+ * @value: value to set the attribute to
+ * @size: size of the value
+ *
+ * Set the process attribute for the specified security module
+ * to the specified value. Note that this can only be used to set
+ * the process attributes for the current, or "self" process.
+ * The /proc code has already done this check.
+ *
+ * Returns 0 on success, an appropriate code otherwise.
+ */
 int security_setprocattr(const char *lsm, const char *name, void *value,
 			 size_t size)
 {
 	struct security_hook_list *hp;
+	char *termed;
+	char *copy;
+	int *ilsm = current->security;
+	int rc = -EINVAL;
+	int slot = 0;
+
+	if (!strcmp(name, "interface_lsm")) {
+		/*
+		 * Change the "interface_lsm" value only if all the security
+		 * modules that support setting a procattr allow it.
+		 * It is assumed that all such security modules will be
+		 * cooperative.
+		 */
+		if (size == 0)
+			return -EINVAL;
+
+		hlist_for_each_entry(hp, &security_hook_heads.setprocattr,
+				     list) {
+			rc = hp->hook.setprocattr(name, value, size);
+			if (rc < 0)
+				return rc;
+		}
+
+		rc = -EINVAL;
+
+		copy = kmemdup_nul(value, size, GFP_KERNEL);
+		if (copy == NULL)
+			return -ENOMEM;
+
+		termed = strsep(&copy, " \n");
+
+		for (slot = 0; slot < lsm_slot; slot++)
+			if (!strcmp(termed, lsm_slotlist[slot]->lsm)) {
+				*ilsm = lsm_slotlist[slot]->slot;
+				rc = size;
+				break;
+			}
+
+		kfree(termed);
+		return rc;
+	}
 
 	hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
 		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
 			continue;
+		if (lsm == NULL && *ilsm != LSMBLOB_INVALID &&
+		    *ilsm != hp->lsmid->slot)
+			continue;
 		return hp->hook.setprocattr(name, value, size);
 	}
 	return LSM_RET_DEFAULT(setprocattr);
@@ -2211,15 +2330,15 @@ EXPORT_SYMBOL(security_ismaclabel);
 int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
 {
 	struct security_hook_list *hp;
-	int rc;
+	int ilsm = lsm_task_ilsm(current);
 
 	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
 		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
 			continue;
-		rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot],
-					      secdata, seclen);
-		if (rc != LSM_RET_DEFAULT(secid_to_secctx))
-			return rc;
+		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
+			return hp->hook.secid_to_secctx(
+					blob->secid[hp->lsmid->slot],
+					secdata, seclen);
 	}
 
 	return LSM_RET_DEFAULT(secid_to_secctx);
@@ -2230,16 +2349,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob)
 {
 	struct security_hook_list *hp;
-	int rc;
+	int ilsm = lsm_task_ilsm(current);
 
 	lsmblob_init(blob, 0);
 	hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) {
 		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
 			continue;
-		rc = hp->hook.secctx_to_secid(secdata, seclen,
-					      &blob->secid[hp->lsmid->slot]);
-		if (rc != 0)
-			return rc;
+		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
+			return hp->hook.secctx_to_secid(secdata, seclen,
+						&blob->secid[hp->lsmid->slot]);
 	}
 	return 0;
 }
@@ -2247,7 +2365,14 @@ EXPORT_SYMBOL(security_secctx_to_secid);
 
 void security_release_secctx(char *secdata, u32 seclen)
 {
-	call_void_hook(release_secctx, secdata, seclen);
+	struct security_hook_list *hp;
+	int ilsm = lsm_task_ilsm(current);
+
+	hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list)
+		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
+			hp->hook.release_secctx(secdata, seclen);
+			return;
+		}
 }
 EXPORT_SYMBOL(security_release_secctx);
 
@@ -2388,8 +2513,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len)
 {
-	return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
-				optval, optlen, len);
+	int ilsm = lsm_task_ilsm(current);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream,
+			     list)
+		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
+			return hp->hook.socket_getpeersec_stream(sock, optval,
+								 optlen, len);
+	return -ENOPROTOOPT;
 }
 
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c295b1035bc6..824a6e4fb126 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6441,6 +6441,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
 	/*
 	 * Basic control over ability to set these attributes at all.
 	 */
+
+	/*
+	 * For setting interface_lsm, we only perform a permission check;
+	 * the actual update to the interface_lsm value is handled by the
+	 * LSM framework.
+	 */
+	if (!strcmp(name, "interface_lsm"))
+		return avc_has_perm(&selinux_state,
+				    mysid, mysid, SECCLASS_PROCESS2,
+				    PROCESS2__SETDISPLAY, NULL);
+
 	if (!strcmp(name, "exec"))
 		error = avc_has_perm(&selinux_state,
 				     mysid, mysid, SECCLASS_PROCESS,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 35aac62a662e..46a7cfaf392d 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -53,7 +53,7 @@ struct security_class_mapping secclass_map[] = {
 	    "execmem", "execstack", "execheap", "setkeycreate",
 	    "setsockcreate", "getrlimit", NULL } },
 	{ "process2",
-	  { "nnp_transition", "nosuid_transition", NULL } },
+	  { "nnp_transition", "nosuid_transition", "setdisplay", NULL } },
 	{ "system",
 	  { "ipc_info", "syslog_read", "syslog_mod",
 	    "syslog_console", "module_request", "module_load", NULL } },
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 9c44327d8ea7..1069ba7abf40 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3517,6 +3517,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size)
 	struct smack_known_list_elem *sklep;
 	int rc;
 
+	/*
+	 * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm"
+	 * to be reset at will.
+	 */
+	if (strcmp(name, "interface_lsm") == 0)
+		return 0;
+
 	if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
 		return -EPERM;
 

From patchwork Mon Dec 13 23:40:21 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675005
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1FEE2C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:57:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244344AbhLMX5P (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:57:15 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:39576
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S239361AbhLMX5O (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:57:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439834; bh=Sn5tjjAGSmqW3nsqIgtZNqgzkhGliBqVHotdg9HEefo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=YP84/wT2Xty3MBSNMp7XC4nnHiBV1Se90j+VUuV2H6dw53bcAeXNevBQihCVfBdqpgyPmzltM0md/PKZTXw7T1qtKuHz+mmWvSaeUdVuuofjrp3uaaNGgYAoTnaMJkvpkWrjW1sQuxznSLdve4Sr3iVHY77TCfE7e/Ra8BsSdvsg2/13AyxB02GptdtX491D3HD7SvoB9qTczkEIUFFKWJaGoKzxnsS5FdpwblJ2wVUEAmX+X3SIAiWUwN2q5hrjIgDuYzuT/CgE0WRsoGz1zfDoy7CD8ocbcPKW/vHt/fxgPvOp7EscQIStdGXhAOHYRDr2A4PXJa58bUcRrva1/A==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439834; bh=WWHXYx/YU0+TYu8UNTr5i2Tvia2wLWZDXQiN9WRM7v1=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=aazwde7/k1nIb62hXiFt1TvqqgFMaKRsUQdU6y3Fiy9nHj3HejDoHoP3/M/335opGhPe8pkdD+c9VCE4LkxnhNMEyh0luDq+NzWeaw3d7xYU95WRhW1R0wyqnSnLKe87xooY4ah7xJSR2SQOUrQIrXeU9hyLrZwQtpxDaUd4zmuT4k7Sk3xVQrGS0854ktBd/QS/m9SHnNYJGye84wFJ08Io0sn5/xMIjpZe44GbqUamINER4/xigTqr4rxqf1sb4zRYQ5XEM+2LbXiS9/6G3a+rfun/qWoq77Ll3s2A0E0L5O8a/eTStTJ4vfTM5Uk4vs+RzWdfAyAuM+nFxtit0g==
X-YMail-OSG: OEodNHwVM1lLc70lSb3Q7McpeYOUxzSMiC.VqaCS6Wjwe5xTSb59hzGao34qiKu
 uL32ec_SK00UScL6pFM.sEJltybyuVpFz0imSBdLLTby6G5Z1aIa31nZL0uqwPnXrjFKPKOm4c1m
 0k8HLpluKSUjHwYVg.6DebM0joz5sm1qSMzoq5.UMiOPStVKfcSvP4O8tTdwtYVD9e40uFqmvCpG
 eulXmrurJevY2p4Gk88OT1wMYNg8trNtLHjJf7GQ1S2evO0y2GTzhVoEcnZUvdmgLlyFT7Qjqk1Q
 zNlzSFt_IKDoAQOgnRE7u5tP4rkaV_6.XTLbHAZ1AM4h4fkIcgi1K57_4BAX7I8d1MNOMEAV.clQ
 a86dAO_Wxm4W34dgTYmt_oHbDrRPS4DBWFw46aBoA7scOmGuX7vKuqlN1eRNTIepCWP5ZMWG_wyB
 oGxTpaHUL2WNvw5h5GvA5QFQCPBUiOrutkf6HXL041LUh37bnsbAjiyIxmzCg3I3dLxv2eavksX6
 WrCwvWRp4SFJ2lIcxKr44tr9Xi50x4e.qmksfWxX.Rkf2QwvPDB95GERcv.VLdnvqMN1bcuhFQyC
 zwmwtmk4smmlpkg9ulNz6EAc5olnTgOsw9Asm13D5cUcEnC9ZDnHyQUPp7tY8YftGkR2aqeXv6JR
 3r2DmkXUEjz2nADYXpn46LinhDQOWFaIr9vmnjtpgEZ5TMrr3J3RAmkHg.z8xQEJq6KmKR3LSftW
 h7FEfG8NhrpT.rtWwglNTuIjOMp3Fro0CrkNJL0zuqptgEJsy7dNum2loO2Jp3.yKp3O5fnlxnSy
 5rfSz793NsTkiio6OELgPtIiWs2oaa6qB5WJ.GNZdJgBsP67Oey9lRwFZxQUIKSDVxP2xQRMZQG9
 zAZGcRjMyE30dlIvsN3wEjLamECq0g9zVETmy1MZ656oF2k564WYY9ee73Fv5emPXtNfTa9J0cEf
 TaQ9utj2tads_lvTlEDwW9k39M68P.wslaMP0OEez3JHMNPUI1z8CQWHTHgWVVhVmyY8cnU3jA_v
 JFw3ITbejy11v31Rn4ugdGgfzlSlpx21O.3uHNrykZgD.lL0D7wdAc9Cf2ekGJ4qAuR1L7IFphg.
 dyWttI6rdXuOAqHGgvPaAx4ulsCULFKE0VC604YEU56ZagnSUikNmofiH0F31HptE1V6gaAcphBF
 1mIpIOzJIGghzsQqy3Et9HlBoh1KbYsZPKm9vh8o9_u0sbzPEyuHqBNelagCxg4OpWIZKMjFKV_C
 PddmWocLOuLPPDckhPmXiEIfxQ0pUB1hPPADvM5F_8Ep56X6nFxQemMKGMBmu.gJekCAX.yHLAPB
 x_9RHnuz3RDzwkt5aLzwSEFdyVBs1G83wUsDdOy2oPCDc6rEiV8I_0R.4YVVqiODdFnkzdC1u8bS
 njTsr4DDV7Et3MCDg_zGUdVH_XCClEYReBTs8ja79aGuONvO9Z8rBkYI1Z3EFEYM.Fti11qZYl43
 8Q1hvLNX1xLbtMDxwZG07vVM147I1wYw1aVw10FJ7bByi9JuekUBYNifi3558Lfgi25AI2wQwcaB
 l_xoKZpw4zBbmwL7fMI5jN77dczJMO8XiDOCDmlqQbM8aKHnu.cL1Q_N7DSy_9p6eZ7PplxgDlrO
 BPqPGzD2LrOySeNgT6tkwIHBy2IajI2r5yi9Wx6GXaVkTX3ue55qDRyTmlWIkydrovWghaqTD.Zb
 s.rsCxwP4ggHZW293Bwz2H3vCuh2o4l4Abgp_gXy7gzxeCZjHGUOZWLlNnpaaUFgPsr7VnjPMhHm
 oYrL8EIOZqQkgYBSi7KAviizCmK.LHTyklCMeVToSa9BuRRIDPq3BuFunA4N.r.UjC5LcngeWhcK
 s6Za3H9R9QTJXpAUd40jzxEEoEfsiqQmCAFMp4IKDzPX.9O_M1vleTEG.0ligq7Eo.d4NFC5Vy0Y
 9zmquCiaXzPgyqLIIU5joT8ezreDD9poSZLg2badE9WcuGLIDedmVFG9yRQqcErY1tajoxGkZSTM
 GrbmEuwuBeoAQYMEXQnutfR0yFMMBRajfysAX44MCONoDd_g191vCGb1wwMeqf2vLopztD6rmqz8
 Nd0Szpaje_67ZDhZRTQ9k_aWeJwCABRwKHXZUqle5DE6HJBLaDHdkaA9Z2yXPslJIZ.k9sD.Ctdb
 0fCAvibIGdbAXaQs1x8AXe0Xzwruv1NmMt9ypCwJyz_0rTisa61529WBkK81.lXGuQX4sJyJavIc
 VwyJeczoGDSRAdTpGrj1JwasepWbBVJY_cqTD5VmPsEhcJoapkEYekCLY1DLNI2hC4zmz2B0-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:57:14 +0000
Received: by kubenode527.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 2cfefa36b6f587455d7cc15b16ec7ee3;
          Mon, 13 Dec 2021 23:57:12 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Chuck Lever <chuck.lever@oracle.com>,
        linux-integrity@vger.kernel.org, netdev@vger.kernel.org,
        netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: [PATCH v31 15/28] LSM: Ensure the correct LSM context releaser
Date: Mon, 13 Dec 2021 15:40:21 -0800
Message-Id: <20211213234034.111891-16-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: linux-nfs@vger.kernel.org
---
 drivers/android/binder.c                | 10 ++++---
 fs/ceph/xattr.c                         |  6 ++++-
 fs/nfs/nfs4proc.c                       |  8 ++++--
 fs/nfsd/nfs4xdr.c                       |  7 +++--
 include/linux/security.h                | 35 +++++++++++++++++++++++--
 include/net/scm.h                       |  5 +++-
 kernel/audit.c                          | 14 +++++++---
 kernel/auditsc.c                        | 12 ++++++---
 net/ipv4/ip_sockglue.c                  |  4 ++-
 net/netfilter/nf_conntrack_netlink.c    |  4 ++-
 net/netfilter/nf_conntrack_standalone.c |  4 ++-
 net/netfilter/nfnetlink_queue.c         | 13 ++++++---
 net/netlabel/netlabel_unlabeled.c       | 19 +++++++++++---
 net/netlabel/netlabel_user.c            |  4 ++-
 security/security.c                     | 11 ++++----
 15 files changed, 121 insertions(+), 35 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 27b53e5f71a1..32dca5b40e8a 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2469,6 +2469,7 @@ static void binder_transaction(struct binder_proc *proc,
 	int t_debug_id = atomic_inc_return(&binder_last_id);
 	char *secctx = NULL;
 	u32 secctx_sz = 0;
+	struct lsmcontext scaff; /* scaffolding */
 
 	e = binder_transaction_log_add(&binder_transaction_log);
 	e->debug_id = t_debug_id;
@@ -2771,7 +2772,8 @@ static void binder_transaction(struct binder_proc *proc,
 			t->security_ctx = 0;
 			WARN_ON(1);
 		}
-		security_release_secctx(secctx, secctx_sz);
+		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+		security_release_secctx(&scaff);
 		secctx = NULL;
 	}
 	t->buffer->debug_id = t->debug_id;
@@ -3112,8 +3114,10 @@ static void binder_transaction(struct binder_proc *proc,
 	binder_alloc_free_buf(&target_proc->alloc, t->buffer);
 err_binder_alloc_buf_failed:
 err_bad_extra_size:
-	if (secctx)
-		security_release_secctx(secctx, secctx_sz);
+	if (secctx) {
+		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+		security_release_secctx(&scaff);
+	}
 err_get_secctx_failed:
 	kfree(tcomplete);
 	binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index fcf7dfdecf96..df2b3bf46364 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -1374,12 +1374,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
 
 void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx)
 {
+#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
+	struct lsmcontext scaff; /* scaffolding */
+#endif
 #ifdef CONFIG_CEPH_FS_POSIX_ACL
 	posix_acl_release(as_ctx->acl);
 	posix_acl_release(as_ctx->default_acl);
 #endif
 #ifdef CONFIG_CEPH_FS_SECURITY_LABEL
-	security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen);
+	lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0);
+	security_release_secctx(&scaff);
 #endif
 	if (as_ctx->pagelist)
 		ceph_pagelist_release(as_ctx->pagelist);
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index ee3bc79f6ca3..194bb09663e0 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -137,8 +137,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
 static inline void
 nfs4_label_release_security(struct nfs4_label *label)
 {
-	if (label)
-		security_release_secctx(label->label, label->len);
+	struct lsmcontext scaff; /* scaffolding */
+
+	if (label) {
+		lsmcontext_init(&scaff, label->label, label->len, 0);
+		security_release_secctx(&scaff);
+	}
 }
 static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
 {
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 5a93a5db4fb0..f96da9ac116a 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2841,6 +2841,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	int err;
 	struct nfs4_acl *acl = NULL;
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
+	struct lsmcontext scaff; /* scaffolding */
 	void *context = NULL;
 	int contextlen;
 #endif
@@ -3342,8 +3343,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 out:
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	if (context)
-		security_release_secctx(context, contextlen);
+	if (context) {
+		lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
+		security_release_secctx(&scaff);
+	}
 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
 	kfree(acl);
 	if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index 872e543d37dd..e439663c955f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -135,6 +135,37 @@ enum lockdown_reason {
 
 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
 
+/*
+ * A "security context" is the text representation of
+ * the information used by LSMs.
+ * This structure contains the string, its length, and which LSM
+ * it is useful for.
+ */
+struct lsmcontext {
+	char	*context;	/* Provided by the module */
+	u32	len;
+	int	slot;		/* Identifies the module */
+};
+
+/**
+ * lsmcontext_init - initialize an lsmcontext structure.
+ * @cp: Pointer to the context to initialize
+ * @context: Initial context, or NULL
+ * @size: Size of context, or 0
+ * @slot: Which LSM provided the context
+ *
+ * Fill in the lsmcontext from the provided information.
+ * This is a scaffolding function that will be removed when
+ * lsmcontext integration is complete.
+ */
+static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
+				   u32 size, int slot)
+{
+	cp->slot = slot;
+	cp->context = context;
+	cp->len = size;
+}
+
 /*
  * Data exported by the security modules
  *
@@ -570,7 +601,7 @@ int security_ismaclabel(const char *name);
 int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob);
-void security_release_secctx(char *secdata, u32 seclen);
+void security_release_secctx(struct lsmcontext *cp);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
@@ -1440,7 +1471,7 @@ static inline int security_secctx_to_secid(const char *secdata,
 	return -EOPNOTSUPP;
 }
 
-static inline void security_release_secctx(char *secdata, u32 seclen)
+static inline void security_release_secctx(struct lsmcontext *cp)
 {
 }
 
diff --git a/include/net/scm.h b/include/net/scm.h
index 23a35ff1b3f2..f273c4d777ec 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
 #ifdef CONFIG_SECURITY_NETWORK
 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 {
+	struct lsmcontext context;
 	struct lsmblob lb;
 	char *secdata;
 	u32 seclen;
@@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 
 		if (!err) {
 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
-			security_release_secctx(secdata, seclen);
+			/*scaffolding*/
+			lsmcontext_init(&context, secdata, seclen, 0);
+			security_release_secctx(&context);
 		}
 	}
 }
diff --git a/kernel/audit.c b/kernel/audit.c
index 8ec64e6e8bc0..c17ec23158c4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	struct audit_sig_info   *sig_data;
 	char			*ctx = NULL;
 	u32			len;
+	struct lsmcontext	scaff; /* scaffolding */
 
 	err = audit_netlink_ok(skb, msg_type);
 	if (err)
@@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 		}
 		sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
 		if (!sig_data) {
-			if (lsmblob_is_set(&audit_sig_lsm))
-				security_release_secctx(ctx, len);
+			if (lsmblob_is_set(&audit_sig_lsm)) {
+				lsmcontext_init(&scaff, ctx, len, 0);
+				security_release_secctx(&scaff);
+			}
 			return -ENOMEM;
 		}
 		sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
 		sig_data->pid = audit_sig_pid;
 		if (lsmblob_is_set(&audit_sig_lsm)) {
 			memcpy(sig_data->ctx, ctx, len);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&scaff, ctx, len, 0);
+			security_release_secctx(&scaff);
 		}
 		audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
 				 sig_data, sizeof(*sig_data) + len);
@@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab)
 	unsigned len;
 	int error;
 	struct lsmblob blob;
+	struct lsmcontext scaff; /* scaffolding */
 
 	security_task_getsecid_subj(current, &blob);
 	if (!lsmblob_is_set(&blob))
@@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab)
 	}
 
 	audit_log_format(ab, " subj=%s", ctx);
-	security_release_secctx(ctx, len);
+	lsmcontext_init(&scaff, ctx, len, 0);
+	security_release_secctx(&scaff);
 	return 0;
 
 error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 930254bca7b5..3c72ff647fd8 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1112,6 +1112,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 				 struct lsmblob *blob, char *comm)
 {
 	struct audit_buffer *ab;
+	struct lsmcontext lsmcxt;
 	char *ctx = NULL;
 	u32 len;
 	int rc = 0;
@@ -1129,7 +1130,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			rc = 1;
 		} else {
 			audit_log_format(ab, " obj=%s", ctx);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
+			security_release_secctx(&lsmcxt);
 		}
 	}
 	audit_log_format(ab, " ocomm=");
@@ -1342,6 +1344,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
 
 static void show_special(struct audit_context *context, int *call_panic)
 {
+	struct lsmcontext lsmcxt;
 	struct audit_buffer *ab;
 	int i;
 
@@ -1376,7 +1379,8 @@ static void show_special(struct audit_context *context, int *call_panic)
 				*call_panic = 1;
 			} else {
 				audit_log_format(ab, " obj=%s", ctx);
-				security_release_secctx(ctx, len);
+				lsmcontext_init(&lsmcxt, ctx, len, 0);
+				security_release_secctx(&lsmcxt);
 			}
 		}
 		if (context->ipc.has_perm) {
@@ -1533,6 +1537,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 		char *ctx = NULL;
 		u32 len;
 		struct lsmblob blob;
+		struct lsmcontext lsmcxt;
 
 		lsmblob_init(&blob, n->osid);
 		if (security_secid_to_secctx(&blob, &ctx, &len)) {
@@ -1541,7 +1546,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 				*call_panic = 2;
 		} else {
 			audit_log_format(ab, " obj=%s", ctx);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
+			security_release_secctx(&lsmcxt);
 		}
 	}
 
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index be7073df19a5..dbba700fb151 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
 
 static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 {
+	struct lsmcontext context;
 	struct lsmblob lb;
 	char *secdata;
 	u32 seclen, secid;
@@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 		return;
 
 	put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
-	security_release_secctx(secdata, seclen);
+	lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
+	security_release_secctx(&context);
 }
 
 static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 67b0f3cfc5c7..40cbb00432d4 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	int len, ret;
 	char *secctx;
 	struct lsmblob blob;
+	struct lsmcontext context;
 
 	/* lsmblob_init() puts ct->secmark into all of the secids in blob.
 	 * security_secid_to_secctx() will know which security module
@@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 
 	ret = 0;
 nla_put_failure:
-	security_release_secctx(secctx, len);
+	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+	security_release_secctx(&context);
 	return ret;
 }
 #else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 79c280d1efce..3fcf44342b14 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 	u32 len;
 	char *secctx;
 	struct lsmblob blob;
+	struct lsmcontext context;
 
 	lsmblob_init(&blob, ct->secmark);
 	ret = security_secid_to_secctx(&blob, &secctx, &len);
@@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 
 	seq_printf(s, "secctx=%s ", secctx);
 
-	security_release_secctx(secctx, len);
+	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+	security_release_secctx(&context);
 }
 #else
 static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 62c0c5b847c6..5961a9b17f66 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	enum ip_conntrack_info ctinfo;
 	struct nfnl_ct_hook *nfnl_ct;
 	bool csum_verify;
+	struct lsmcontext scaff; /* scaffolding */
 	char *secdata = NULL;
 	u32 seclen = 0;
 
@@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	}
 
 	nlh->nlmsg_len = skb->len;
-	if (seclen)
-		security_release_secctx(secdata, seclen);
+	if (seclen) {
+		lsmcontext_init(&scaff, secdata, seclen, 0);
+		security_release_secctx(&scaff);
+	}
 	return skb;
 
 nla_put_failure:
@@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	kfree_skb(skb);
 	net_err_ratelimited("nf_queue: error creating packet message\n");
 nlmsg_failure:
-	if (seclen)
-		security_release_secctx(secdata, seclen);
+	if (seclen) {
+		lsmcontext_init(&scaff, secdata, seclen, 0);
+		security_release_secctx(&scaff);
+	}
 	return NULL;
 }
 
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 15b53fc4e83f..7cb6f27c8cb2 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net,
 	struct net_device *dev;
 	struct netlbl_unlhsh_iface *iface;
 	struct audit_buffer *audit_buf = NULL;
+	struct lsmcontext context;
 	char *secctx = NULL;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net,
 					     &secctx,
 					     &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			/* scaffolding */
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 	struct netlbl_unlhsh_addr4 *entry;
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			/* scaffolding */
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 	struct netlbl_unlhsh_addr6 *entry;
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	int ret_val = -ENOMEM;
 	struct netlbl_unlhsh_walk_arg *cb_arg = arg;
 	struct net_device *dev;
+	struct lsmcontext context;
 	void *data;
 	u32 secid;
 	char *secctx;
@@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 			  NLBL_UNLABEL_A_SECCTX,
 			  secctx_len,
 			  secctx);
-	security_release_secctx(secctx, secctx_len);
+	/* scaffolding */
+	lsmcontext_init(&context, secctx, secctx_len, 0);
+	security_release_secctx(&context);
 	if (ret_val != 0)
 		goto list_cb_failure;
 
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 893301ae0131..ef139d8ae7cd 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 					       struct netlbl_audit *audit_info)
 {
 	struct audit_buffer *audit_buf;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 	if (audit_info->secid != 0 &&
 	    security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
-		security_release_secctx(secctx, secctx_len);
+		lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
+		security_release_secctx(&context);
 	}
 
 	return audit_buf;
diff --git a/security/security.c b/security/security.c
index 1d734d9579f1..d14717fe0cb7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2363,16 +2363,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
-void security_release_secctx(char *secdata, u32 seclen)
+void security_release_secctx(struct lsmcontext *cp)
 {
 	struct security_hook_list *hp;
-	int ilsm = lsm_task_ilsm(current);
 
 	hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list)
-		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
-			hp->hook.release_secctx(secdata, seclen);
-			return;
+		if (cp->slot == hp->lsmid->slot) {
+			hp->hook.release_secctx(cp->context, cp->len);
+			break;
 		}
+
+	memset(cp, 0, sizeof(*cp));
 }
 EXPORT_SYMBOL(security_release_secctx);
 

From patchwork Mon Dec 13 23:40:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675007
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AA260C433EF
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:58:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241893AbhLMX6W (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:58:22 -0500
Received: from sonic301-38.consmr.mail.ne1.yahoo.com ([66.163.184.207]:38198
        "EHLO sonic301-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S235818AbhLMX6V (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:58:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439901; bh=PBedEzlKAak40yG894Xfp/LLsmNg/dxYLK2k0ILkdSA=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=h4AqiYb9pZGfAS7g9IZfGIuDiSGxxzehsrJ+spAZ5QFiOxeNnlVdBeUNQ5Vr2e13bupg00h3zOOyIfhJj06DOg6p2BTMCVJxjpybqRDL/Oe1qr68Y4UzlSyZ8d0MyBXjimX7LIpcci5+E50UHoaDNhN25iJLh1C/JvcOqQq/G9+wVjYKLvX8fbN+vrG6AvwbMRWFU0gOK0sclDCk/sLsXMAqFC3zhV4cCCyRU153PzmeMoZLJzioMDVQKYb1BjkLsB34vh/pWmG1eJ1I7HYDDH7RrWSxM4Ir2zLS/aS5AK9IVg6lcJJocJvL7iyAxz+xil/NnqpFGYYzKl0ylRtI6g==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439901; bh=8lHTP5kxRVnD3Ao+M8IU6wp6xqsDgQ3d25cUAITR3J0=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=JyW1xLUmZpVX1go82DEkoVT6QNJhcdHpWhEjD0AhS2YsWg9JtHOeV2j1lg4yAOf8s7fl2Mct9Wp+amhTL2pAXCB0XDv3M5rDg4+GnmgGCZSaQl2Rp4GTBkAEPmU6JdvDyK9zXpLZoketm/Dqc8O8Pm3ZYhFV1wpVq5YZKhkfPGxoUYtvlsvgaVMIURiAZacxlP7dnq7MQdbRWPUmomUngROLuiG/uDV8q9VzZVyrqsTEtFSL1s5gc75ICRXom/g6Re/zQ90kh/L9YOh9A3lKxQ80w3+BZKnrFq3sBz2E+XZUUhlnn7/4PaLtxFNviDPf8Ltag4Bp0qeQbQ6opKV3Hw==
X-YMail-OSG: 1mVmxF0VM1mufzy0HK7RrvJAFctnMUMSID69e7rsYqLuHf1wj8_BbWb7S08LaxB
 M8Xw0zz7W3r.OPl0dSGwRU_xr2p1tXRnSGIjJj1rXZd78AQAAA8ATgl4SF70GX05hydy0nAgw.4n
 P8YhAKdlhPHYRg6Vl_Pv2VxUDm_tSl5OIvewsAUq6zRk80.Tf4dSn6QtGlU2HnT.LOeBp94xAnjx
 REFHpfoVqavl5.UMPxJapNUp8Qe3EicS4Cl4dlZ.GXYUKK2e4Lweu.Zvac3jiW9G4AaK2V4XPIoZ
 t451ufQBEpyAT.RQP89VOiyRC2298NTgpdrHhxdonhcTxmtcXnLaK3tpZ78DBA4c1dL1Os6T4YT_
 b4HF0Ip3H5FLIqdXbecvGN_5SuLZmNA_Cuj2XatgLyBIvUlpBBwpBtH2xgayRcufMJNQW7GjTrRf
 _NmyOhUPpDLl3.boryNgRM0Ct3GlF2M1Pa8Zdr_D.imxalALcoko1lESbGTlfMZCN5uRCFNGR4S7
 0tXflxXkcQEp_TNiX1dHh_D8Cr6LLbikkfLUst0Hwc8c1rBKmSjskyO6ulAi2c8CT3H_sRelI.1H
 flaPZC94ckJewTC_.zxFX2tejT708IocHZ0ypnnSiEEIY02X7Fo44vQ_FTB9IbDoDm.PH8AOjgRb
 kfyRrSotrtaPNlNGprSKH8RXj7H79WSLnuWWQprh12E1Czc60pdtguWUygZqy8QvzXCmfnmkKudx
 owIJNe6FMVKTqqyiDrlosUeiYvRIifU8q5toGa0YDcifeDIxGF.EUUEQiqVntcKU5uiS4HcKQiQC
 75HXKmeBsjFAnVcBaVMQCpY1wz_7QRjvKoFdVKO5ppcmTuCMORgPD_HdSJqw5yDAhESudS55TLUZ
 iDon3VrqmbZ_uwkpBv1yfvIv85hEe8hodlHV4V.5nJhuGnYcXO7lwGfdTUHZK9jRad_OJQBlN4qT
 yCYdmTsSTzYlYwTFEnH2wPB.JvanGvBxE1TaVExzpo6.axoMUO7N2Q9huWs76aGyNEgV3RS1KNyV
 yalvm4_oHrIyrQjuIlGbMYD3LOGfwLDpFsXi.1_O58P4z6qkcxVth41ot7fBm80HoUGVLfFuBiwt
 .P8TxB4WtbPYOIU5GNxj9_MapVpo5kWCAynfKRx6jBMkexCZtkOiHictBeiZXqCD1c5iojkUjHBq
 ehz_ZvrvqW0Q1jX.hrBbgugVU29i7ZF3WWUl.9GD46GhyesQ_3FhEWg4VffRKKnP6xHvvXi3UoM5
 RydWs4FejpItzR.iNHMSZqePnbx0DE4A_ONaRto2TuXHT6GhiYyNNQxIHQ38KeGClhh7fOomRaen
 z46fwafiJXFCLuu7xP5Tmpw4lG2CZIGJEzdNVsDTlk8iPXttm8yhwVcich016EpFid3gcKyku7kY
 YdawH_bsc_qzBvzZDxcB8DMtPQbxmz69F5Ic0Ok2el1eC5Wmep.bimvBZsih.h8PjISbnAQRR7Yg
 MnC_YVdpkWDwWaf2DKx2AAS7keAg.6iqrbpqNOea.iEKxjeEPEkQrLx.icrL14P8c_nIknOK7.NV
 EBcdlW8l.QpmVNZgXtwKefoBhJZrZ0xNZQIEjsdJv11LE7VIX0v7bahl7bchUgBSawJ63UZMGx5K
 zMRgtzipltGMFT4BpNS2_Wxjb5pyq.VujepoJB.glRqnTxC9JPyxG0f.BqTWBsiNqLqHe37IBbsg
 aJZb72U9B24NnuigYruXa.2EtVWYK2b._tYb6xxbOJSHPQZ4NKNWG.Oq1jrX5dEw6vgvdQxxVDYV
 .xFZsyTql1cUUywPsey3sbpFO.gtpabCHOPOZRhLHiDQGX4rj.1fseZBka1dlmb0sLiD19Av5HWX
 fd_BOH1t411oxmvi0aIIzXW4DXCUapq72U4cGoe3eFFg3c_WFE74YPTjMZcrhv5l8ugCSVGdUVB7
 VNnaq7LuD7uWj4i.vOTd.R2Kfl3PsrbfUH5DNeWErCOn62LnriM8X1TBCJBjuIHUZnnet5vnPOIz
 ubFKbsW915clcjH5aX_GqxZJ.rgoIQFgPJcMPM4KRWQPpALDpnt9u82VT.6ICK1k4TlVtVD2mwVK
 JGvA5X57Wea77OEs0zx5kM6ZwMzZpiZt0OUa603j42JXVfS83CbBwyRhQQgXoEPi.rCEnWK3.9gw
 TtPBMNlcSu.8lVKqunJGt61KXR2LV5ttAFu3uhrrQvWrxzE8m1_ZZm574sdPaxSbppXhDiJ.RhJk
 XbgnztS0Mwq2ec_Z7HYjQAfEiKYdNlgOEI.8TYCJI_c7GrOQkPYyFcr6lTgljKs6WzWRhtY597gu
 cSqY5MV0wl.Qv4x5LS.H60Ha37pFIcelS9oB1hnVME5aevhkr
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:58:21 +0000
Received: by kubenode529.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 1cbb5caca434fc2d243d7902734cae87;
          Mon, 13 Dec 2021 23:58:18 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: [PATCH v31 16/28] LSM: Use lsmcontext in security_secid_to_secctx
Date: Mon, 13 Dec 2021 15:40:22 -0800
Message-Id: <20211213234034.111891-17-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Replace the (secctx,seclen) pointer pair with a single
lsmcontext pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.

security_secid_to_secctx() will now return the length value
if the passed lsmcontext pointer is NULL.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
---
 drivers/android/binder.c                | 26 +++++++---------
 include/linux/security.h                |  4 +--
 include/net/scm.h                       |  9 ++----
 kernel/audit.c                          | 39 +++++++++++-------------
 kernel/auditsc.c                        | 31 +++++++------------
 net/ipv4/ip_sockglue.c                  |  8 ++---
 net/netfilter/nf_conntrack_netlink.c    | 18 ++++-------
 net/netfilter/nf_conntrack_standalone.c |  7 ++---
 net/netfilter/nfnetlink_queue.c         |  5 +++-
 net/netlabel/netlabel_unlabeled.c       | 40 ++++++++-----------------
 net/netlabel/netlabel_user.c            |  7 ++---
 security/security.c                     | 29 ++++++++++++++++--
 12 files changed, 98 insertions(+), 125 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 32dca5b40e8a..b9699f7ac603 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2467,9 +2467,7 @@ static void binder_transaction(struct binder_proc *proc,
 	binder_size_t last_fixup_min_off = 0;
 	struct binder_context *context = proc->context;
 	int t_debug_id = atomic_inc_return(&binder_last_id);
-	char *secctx = NULL;
-	u32 secctx_sz = 0;
-	struct lsmcontext scaff; /* scaffolding */
+	struct lsmcontext lsmctx = { };
 
 	e = binder_transaction_log_add(&binder_transaction_log);
 	e->debug_id = t_debug_id;
@@ -2723,14 +2721,14 @@ static void binder_transaction(struct binder_proc *proc,
 		size_t added_size;
 
 		security_cred_getsecid(proc->cred, &blob);
-		ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
+		ret = security_secid_to_secctx(&blob, &lsmctx);
 		if (ret) {
 			return_error = BR_FAILED_REPLY;
 			return_error_param = ret;
 			return_error_line = __LINE__;
 			goto err_get_secctx_failed;
 		}
-		added_size = ALIGN(secctx_sz, sizeof(u64));
+		added_size = ALIGN(lsmctx.len, sizeof(u64));
 		extra_buffers_size += added_size;
 		if (extra_buffers_size < added_size) {
 			/* integer overflow of extra_buffers_size */
@@ -2757,24 +2755,22 @@ static void binder_transaction(struct binder_proc *proc,
 		t->buffer = NULL;
 		goto err_binder_alloc_buf_failed;
 	}
-	if (secctx) {
+	if (lsmctx.context) {
 		int err;
 		size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) +
 				    ALIGN(tr->offsets_size, sizeof(void *)) +
 				    ALIGN(extra_buffers_size, sizeof(void *)) -
-				    ALIGN(secctx_sz, sizeof(u64));
+				    ALIGN(lsmctx.len, sizeof(u64));
 
 		t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset;
 		err = binder_alloc_copy_to_buffer(&target_proc->alloc,
 						  t->buffer, buf_offset,
-						  secctx, secctx_sz);
+						  lsmctx.context, lsmctx.len);
 		if (err) {
 			t->security_ctx = 0;
 			WARN_ON(1);
 		}
-		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
-		security_release_secctx(&scaff);
-		secctx = NULL;
+		security_release_secctx(&lsmctx);
 	}
 	t->buffer->debug_id = t->debug_id;
 	t->buffer->transaction = t;
@@ -2831,7 +2827,7 @@ static void binder_transaction(struct binder_proc *proc,
 	off_end_offset = off_start_offset + tr->offsets_size;
 	sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
 	sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
-		ALIGN(secctx_sz, sizeof(u64));
+		ALIGN(lsmctx.len, sizeof(u64));
 	off_min = 0;
 	for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
 	     buffer_offset += sizeof(binder_size_t)) {
@@ -3114,10 +3110,8 @@ static void binder_transaction(struct binder_proc *proc,
 	binder_alloc_free_buf(&target_proc->alloc, t->buffer);
 err_binder_alloc_buf_failed:
 err_bad_extra_size:
-	if (secctx) {
-		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
-		security_release_secctx(&scaff);
-	}
+	if (lsmctx.context)
+		security_release_secctx(&lsmctx);
 err_get_secctx_failed:
 	kfree(tcomplete);
 	binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/include/linux/security.h b/include/linux/security.h
index e439663c955f..3c66edb31e14 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -598,7 +598,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 			 size_t size);
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
-int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp);
 int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob);
 void security_release_secctx(struct lsmcontext *cp);
@@ -1459,7 +1459,7 @@ static inline int security_ismaclabel(const char *name)
 }
 
 static inline int security_secid_to_secctx(struct lsmblob *blob,
-					   char **secdata, u32 *seclen)
+					   struct lsmcontext *cp)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/include/net/scm.h b/include/net/scm.h
index f273c4d777ec..b77a52f93389 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 {
 	struct lsmcontext context;
 	struct lsmblob lb;
-	char *secdata;
-	u32 seclen;
 	int err;
 
 	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
@@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 		 * and the infrastructure will know which it is.
 		 */
 		lsmblob_init(&lb, scm->secid);
-		err = security_secid_to_secctx(&lb, &secdata, &seclen);
+		err = security_secid_to_secctx(&lb, &context);
 
 		if (!err) {
-			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
-			/*scaffolding*/
-			lsmcontext_init(&context, secdata, seclen, 0);
+			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len,
+				 context.context);
 			security_release_secctx(&context);
 		}
 	}
diff --git a/kernel/audit.c b/kernel/audit.c
index c17ec23158c4..841123390d41 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	struct audit_buffer	*ab;
 	u16			msg_type = nlh->nlmsg_type;
 	struct audit_sig_info   *sig_data;
-	char			*ctx = NULL;
-	u32			len;
-	struct lsmcontext	scaff; /* scaffolding */
 
 	err = audit_netlink_ok(skb, msg_type);
 	if (err)
@@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 		kfree(new);
 		break;
 	}
-	case AUDIT_SIGNAL_INFO:
-		len = 0;
+	case AUDIT_SIGNAL_INFO: {
+		struct lsmcontext context = { };
+		int len = 0;
+
 		if (lsmblob_is_set(&audit_sig_lsm)) {
-			err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
-						       &len);
+			err = security_secid_to_secctx(&audit_sig_lsm,
+						       &context);
 			if (err)
 				return err;
 		}
-		sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
+		sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL);
 		if (!sig_data) {
-			if (lsmblob_is_set(&audit_sig_lsm)) {
-				lsmcontext_init(&scaff, ctx, len, 0);
-				security_release_secctx(&scaff);
-			}
+			if (lsmblob_is_set(&audit_sig_lsm))
+				security_release_secctx(&context);
 			return -ENOMEM;
 		}
 		sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
 		sig_data->pid = audit_sig_pid;
 		if (lsmblob_is_set(&audit_sig_lsm)) {
-			memcpy(sig_data->ctx, ctx, len);
-			lsmcontext_init(&scaff, ctx, len, 0);
-			security_release_secctx(&scaff);
+			len = context.len;
+			memcpy(sig_data->ctx, context.context, len);
+			security_release_secctx(&context);
 		}
 		audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
 				 sig_data, sizeof(*sig_data) + len);
 		kfree(sig_data);
 		break;
+	}
 	case AUDIT_TTY_GET: {
 		struct audit_tty_status s;
 		unsigned int t;
@@ -2132,26 +2130,23 @@ void audit_log_key(struct audit_buffer *ab, char *key)
 
 int audit_log_task_context(struct audit_buffer *ab)
 {
-	char *ctx = NULL;
-	unsigned len;
 	int error;
 	struct lsmblob blob;
-	struct lsmcontext scaff; /* scaffolding */
+	struct lsmcontext context;
 
 	security_task_getsecid_subj(current, &blob);
 	if (!lsmblob_is_set(&blob))
 		return 0;
 
-	error = security_secid_to_secctx(&blob, &ctx, &len);
+	error = security_secid_to_secctx(&blob, &context);
 	if (error) {
 		if (error != -EINVAL)
 			goto error_path;
 		return 0;
 	}
 
-	audit_log_format(ab, " subj=%s", ctx);
-	lsmcontext_init(&scaff, ctx, len, 0);
-	security_release_secctx(&scaff);
+	audit_log_format(ab, " subj=%s", context.context);
+	security_release_secctx(&context);
 	return 0;
 
 error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3c72ff647fd8..a3de97beba21 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1112,9 +1112,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 				 struct lsmblob *blob, char *comm)
 {
 	struct audit_buffer *ab;
-	struct lsmcontext lsmcxt;
-	char *ctx = NULL;
-	u32 len;
+	struct lsmcontext lsmctx;
 	int rc = 0;
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
@@ -1125,13 +1123,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
 	if (lsmblob_is_set(blob)) {
-		if (security_secid_to_secctx(blob, &ctx, &len)) {
+		if (security_secid_to_secctx(blob, &lsmctx)) {
 			audit_log_format(ab, " obj=(none)");
 			rc = 1;
 		} else {
-			audit_log_format(ab, " obj=%s", ctx);
-			lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
-			security_release_secctx(&lsmcxt);
+			audit_log_format(ab, " obj=%s", lsmctx.context);
+			security_release_secctx(&lsmctx);
 		}
 	}
 	audit_log_format(ab, " ocomm=");
@@ -1344,7 +1341,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
 
 static void show_special(struct audit_context *context, int *call_panic)
 {
-	struct lsmcontext lsmcxt;
 	struct audit_buffer *ab;
 	int i;
 
@@ -1369,17 +1365,15 @@ static void show_special(struct audit_context *context, int *call_panic)
 				 from_kgid(&init_user_ns, context->ipc.gid),
 				 context->ipc.mode);
 		if (osid) {
-			char *ctx = NULL;
-			u32 len;
+			struct lsmcontext lsmcxt;
 			struct lsmblob blob;
 
 			lsmblob_init(&blob, osid);
-			if (security_secid_to_secctx(&blob, &ctx, &len)) {
+			if (security_secid_to_secctx(&blob, &lsmcxt)) {
 				audit_log_format(ab, " osid=%u", osid);
 				*call_panic = 1;
 			} else {
-				audit_log_format(ab, " obj=%s", ctx);
-				lsmcontext_init(&lsmcxt, ctx, len, 0);
+				audit_log_format(ab, " obj=%s", lsmcxt.context);
 				security_release_secctx(&lsmcxt);
 			}
 		}
@@ -1534,20 +1528,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 				 MAJOR(n->rdev),
 				 MINOR(n->rdev));
 	if (n->osid != 0) {
-		char *ctx = NULL;
-		u32 len;
 		struct lsmblob blob;
-		struct lsmcontext lsmcxt;
+		struct lsmcontext lsmctx;
 
 		lsmblob_init(&blob, n->osid);
-		if (security_secid_to_secctx(&blob, &ctx, &len)) {
+		if (security_secid_to_secctx(&blob, &lsmctx)) {
 			audit_log_format(ab, " osid=%u", n->osid);
 			if (call_panic)
 				*call_panic = 2;
 		} else {
-			audit_log_format(ab, " obj=%s", ctx);
-			lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
-			security_release_secctx(&lsmcxt);
+			audit_log_format(ab, " obj=%s", lsmctx.context);
+			security_release_secctx(&lsmctx);
 		}
 	}
 
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index dbba700fb151..47d1085e037e 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 {
 	struct lsmcontext context;
 	struct lsmblob lb;
-	char *secdata;
-	u32 seclen, secid;
+	u32 secid;
 	int err;
 
 	err = security_socket_getpeersec_dgram(NULL, skb, &secid);
@@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 		return;
 
 	lsmblob_init(&lb, secid);
-	err = security_secid_to_secctx(&lb, &secdata, &seclen);
+	err = security_secid_to_secctx(&lb, &context);
 	if (err)
 		return;
 
-	put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
-	lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
+	put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context);
 	security_release_secctx(&context);
 }
 
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 40cbb00432d4..e4a0d1c8ac55 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -339,8 +339,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
 static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 {
 	struct nlattr *nest_secctx;
-	int len, ret;
-	char *secctx;
+	int ret;
 	struct lsmblob blob;
 	struct lsmcontext context;
 
@@ -348,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	 * security_secid_to_secctx() will know which security module
 	 * to use to create the secctx.  */
 	lsmblob_init(&blob, ct->secmark);
-	ret = security_secid_to_secctx(&blob, &secctx, &len);
+	ret = security_secid_to_secctx(&blob, &context);
 	if (ret)
 		return 0;
 
@@ -357,13 +356,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	if (!nest_secctx)
 		goto nla_put_failure;
 
-	if (nla_put_string(skb, CTA_SECCTX_NAME, secctx))
+	if (nla_put_string(skb, CTA_SECCTX_NAME, context.context))
 		goto nla_put_failure;
 	nla_nest_end(skb, nest_secctx);
 
 	ret = 0;
 nla_put_failure:
-	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
 	security_release_secctx(&context);
 	return ret;
 }
@@ -656,15 +654,11 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct)
 static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
 {
 #ifdef CONFIG_NF_CONNTRACK_SECMARK
-	int len, ret;
+	int len;
 	struct lsmblob blob;
 
-	/* lsmblob_init() puts ct->secmark into all of the secids in blob.
-	 * security_secid_to_secctx() will know which security module
-	 * to use to create the secctx.  */
-	lsmblob_init(&blob, ct->secmark);
-	ret = security_secid_to_secctx(&blob, NULL, &len);
-	if (ret)
+	len = security_secid_to_secctx(&blob, NULL);
+	if (len <= 0)
 		return 0;
 
 	return nla_total_size(0) /* CTA_SECCTX */
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 3fcf44342b14..c8825e89a21e 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v)
 static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 {
 	int ret;
-	u32 len;
-	char *secctx;
 	struct lsmblob blob;
 	struct lsmcontext context;
 
 	lsmblob_init(&blob, ct->secmark);
-	ret = security_secid_to_secctx(&blob, &secctx, &len);
+	ret = security_secid_to_secctx(&blob, &context);
 	if (ret)
 		return;
 
-	seq_printf(s, "secctx=%s ", secctx);
+	seq_printf(s, "secctx=%s ", context.context);
 
-	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
 	security_release_secctx(&context);
 }
 #else
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 5961a9b17f66..f19897b3cf39 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
 	u32 seclen = 0;
 #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
 	struct lsmblob blob;
+	struct lsmcontext context = { };
 
 	if (!skb || !sk_fullsock(skb->sk))
 		return 0;
@@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
 		 * blob. security_secid_to_secctx() will know which security
 		 * module to use to create the secctx.  */
 		lsmblob_init(&blob, skb->secmark);
-		security_secid_to_secctx(&blob, secdata, &seclen);
+		security_secid_to_secctx(&blob, &context);
+		*secdata = context.context;
 	}
 
 	read_unlock_bh(&skb->sk->sk_callback_lock);
+	seclen = context.len;
 #endif
 	return seclen;
 }
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 7cb6f27c8cb2..596a75814fbf 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net,
 	struct netlbl_unlhsh_iface *iface;
 	struct audit_buffer *audit_buf = NULL;
 	struct lsmcontext context;
-	char *secctx = NULL;
-	u32 secctx_len;
 	struct lsmblob blob;
 
 	if (addr_len != sizeof(struct in_addr) &&
@@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net,
 		 * security_secid_to_secctx() will know which security module
 		 * to use to create the secctx.  */
 		lsmblob_init(&blob, secid);
-		if (security_secid_to_secctx(&blob,
-					     &secctx,
-					     &secctx_len) == 0) {
-			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			/* scaffolding */
-			lsmcontext_init(&context, secctx, secctx_len, 0);
+		if (security_secid_to_secctx(&blob, &context) == 0) {
+			audit_log_format(audit_buf, " sec_obj=%s",
+					 context.context);
 			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
@@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
 	struct lsmcontext context;
-	char *secctx;
-	u32 secctx_len;
 	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
@@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 		if (entry != NULL)
 			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&blob,
-					     &secctx, &secctx_len) == 0) {
-			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			/* scaffolding */
-			lsmcontext_init(&context, secctx, secctx_len, 0);
+		    security_secid_to_secctx(&blob, &context) == 0) {
+			audit_log_format(audit_buf, " sec_obj=%s",
+					 context.context);
 			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
@@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
 	struct lsmcontext context;
-	char *secctx;
-	u32 secctx_len;
 	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
@@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 		if (entry != NULL)
 			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&blob,
-					     &secctx, &secctx_len) == 0) {
-			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			lsmcontext_init(&context, secctx, secctx_len, 0);
+		    security_secid_to_secctx(&blob, &context) == 0) {
+			audit_log_format(audit_buf, " sec_obj=%s",
+					 context.context);
 			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
@@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	struct lsmcontext context;
 	void *data;
 	u32 secid;
-	char *secctx;
-	u32 secctx_len;
 	struct lsmblob blob;
 
 	data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
@@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	 * security_secid_to_secctx() will know which security module
 	 * to use to create the secctx.  */
 	lsmblob_init(&blob, secid);
-	ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len);
+	ret_val = security_secid_to_secctx(&blob, &context);
 	if (ret_val != 0)
 		goto list_cb_failure;
 	ret_val = nla_put(cb_arg->skb,
 			  NLBL_UNLABEL_A_SECCTX,
-			  secctx_len,
-			  secctx);
-	/* scaffolding */
-	lsmcontext_init(&context, secctx, secctx_len, 0);
+			  context.len,
+			  context.context);
 	security_release_secctx(&context);
 	if (ret_val != 0)
 		goto list_cb_failure;
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index ef139d8ae7cd..951ba0639d20 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 {
 	struct audit_buffer *audit_buf;
 	struct lsmcontext context;
-	char *secctx;
-	u32 secctx_len;
 	struct lsmblob blob;
 
 	if (audit_enabled == AUDIT_OFF)
@@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 
 	lsmblob_init(&blob, audit_info->secid);
 	if (audit_info->secid != 0 &&
-	    security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
-		audit_log_format(audit_buf, " subj=%s", secctx);
-		lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
+	    security_secid_to_secctx(&blob, &context) == 0) {
+		audit_log_format(audit_buf, " subj=%s", context.context);
 		security_release_secctx(&context);
 	}
 
diff --git a/security/security.c b/security/security.c
index d14717fe0cb7..dc0d4ae44a64 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2327,18 +2327,41 @@ int security_ismaclabel(const char *name)
 }
 EXPORT_SYMBOL(security_ismaclabel);
 
-int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
+/**
+ * security_secid_to_secctx - convert secid to secctx
+ * @blob: set of secids
+ * @cp: lsm context into which result is put
+ *
+ * Translate secid information into a secctx string.
+ * Return a negative value on error.
+ * If cp is NULL return the length of the string.
+ * Otherwise, return 0.
+ */
+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
 {
 	struct security_hook_list *hp;
 	int ilsm = lsm_task_ilsm(current);
 
+	if (cp)
+		memset(cp, 0, sizeof(*cp));
+
 	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
 		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
 			continue;
-		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
+		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
+			if (!cp) {
+				int len;
+				int rc;
+				rc = hp->hook.secid_to_secctx(
+					blob->secid[hp->lsmid->slot],
+					NULL, &len);
+				return rc ? rc : len;
+			}
+			cp->slot = hp->lsmid->slot;
 			return hp->hook.secid_to_secctx(
 					blob->secid[hp->lsmid->slot],
-					secdata, seclen);
+					&cp->context, &cp->len);
+		}
 	}
 
 	return LSM_RET_DEFAULT(secid_to_secctx);

From patchwork Mon Dec 13 23:40:23 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675031
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 47FC5C433F5
	for <selinux@archiver.kernel.org>; Mon, 13 Dec 2021 23:59:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244373AbhLMX7Z (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 18:59:25 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:34725
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S242585AbhLMX7Y (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 18:59:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439964; bh=7aljRJZOQnxiiyHnbK9ZxaikfmtFhGou1fAGhswXEYg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=XL/Fntuct5OnQEcqyey9uxeb2AAsPmTIeNpotLpAyfZMnVSvmUbRH9EbrzAt1pG99xzRW6jCot5OKyAEQvh8pMPHkd82BNCI+awXPw2NbDqi2QwYz5qe6gH2Xxy/H6hiusEa3zkblbh1HWqDde8Gb3L3uECC/SgV0VRK1N6nxcsWNWu2DmsW1O4sy0QvwaLxVhqJ9Suo+3OAXgls93Sjk8FKvpue6y3AaQGkblrfDU5Psl6mq9ABD9UAEbviHg1+mUUBUFVVQmeEGZUd03l/r2Es+GzPu3dXnXoPJw54XH2ZEnuA8JCuMLMyA/dSZb2TG+Lyct8pytIX46XzjklxHA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639439964; bh=OJb3oQujEHudylx0PQavH7jpX9Vcky+B3oP0slc6k9f=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=PgbZPERcwgvdnSuYAjedj76GRqF6VKQtcF6vq+/OdHoPACa21zQc6JCdPa2o5pFyW31ijgtR5nJIsSbxuoIphF05mut4g4UmUkEJaOqfQfuOY4eo0kBXEZsn/AFscZMOeOZ2jBMX8tpGNX1Q51/1KK6rK21aMFnpAL4rquOoXlUaKqeitGpQ3ssCX7JdhTZ9B6WWju1INXCkCOpcnGZ/bgsCetOF4J2temModSS40a3bCDYoQHMCsefwtABXHiJRKvlXoFBNEKVZkBQ74qwxiaH/txDCm2Hrn5PnUjmXOl3LTAKnDvrlNa7G/FeLJBUotLdnd1pFwJRpGy/DthOc0g==
X-YMail-OSG: KP969SUVM1k3J.h_dKxei1ZrcqE7ao3ac7.ZzSVXJgBlFIggNAfAFpNYRmgHUrX
 JDLVRkAaQWudgNkDydZ7O5XxOVEGKf1wPkzEm5_t5M.ERhmhDYaoKI1FtGH0v4iP4pYiWnffxGR7
 dAXKDln8vl9RPsPrGD7wnWMdGJk.GurBLjOPWUadcJZkt1nksfBaMa1pSGUuyGAMzg3hkObYw1Na
 lBzGmwWYhYezQA2E6I5HeiM5.9AfSVLiaUlELXrMEyelybcF6M5D2OgJ0hkcvkCXG2QUaLzMvoUM
 114fWQfCmaCnGWOVRKqNyajFxJ7d7HuwSLhVdoHmSjsBeTC0H0atfohxXmbhOJjvmVx_4XLnOQEJ
 wvBxyRaiqlPcTOKv74H_xo7Z1YsZs5D8xajNCS5V9asfNvZv6mTaA7VKNEMt94mG6DfUJpmIJW2C
 2k_AC930OHJXkuQtItGJVLaaJ6CfOhBD1GQsFbtswkbFLBXcuyKUig7eHGQZ.V8N4EzasDZ.FrdL
 jUsHIyIcYu9O0.CzIO38IiyFjiRrUyqGz9_AcCdoxXepRQqwhVrhKHbsYjgCeDE6ebsz09f.KWzb
 9U6fItHWIicA2CBK8Ss.t6G6vgfc1UyJSTkChVyKO5jA3N3w9m6kaA_SIK_OSQpDgHG472u19pw4
 nel6AI8rOC9uZJ8rJvDGiJ1xTJYmih9xm8POPjQFVkjUrwCm5WP6G9tz5Z_JUD27XI0tqZHoYb8p
 M3aLr3V.2bPZmXSWXhnUSBIpzSF953dlMX7Wwm6k3TAipKdglO5ul8TosHPs0j5VE3P3_0vfB6WJ
 lY5C3gFdKMNR8VLtqVeQ5CAoJxBAQlZ2Xu_eUWXK3eDOGtQ4J3MHsGvBE9gHarp5CnqHWp_BJKcd
 sPsb6llakWvaj9RT7OpRUEpLJ_tzd_hvwmIS2wZW1Caf4JuzLapIwwWj8VGtqJfBUiuQO6MsWJjF
 s8fHP9gOKVV0tz9RfsiXooMQJ7aZqk_Wiq.q.GZ.cg_ImLkDoHA17pfLT8sqqCIa_aUU0x48BWgR
 pxqq7zGloyLv_RKh18mjLS1hyG6XJqwwodIRrwRsnSpeftsaej9bE.mIFPrJywmLRjgAGS6JrK.A
 BGzp1ovdj6TJ1o6z8GHOjZBZcK61qggabiYUy.4PlUJNXyMal_v.WYoUrltpFNinxaYKwgCfeVkA
 VuLFO.AVWcaub2FiPKGzVRSE1qxX9eMfUFyqlVhXF9aEREaEj2F183cMFBAwOnfR6nldzAcnyvHY
 i2SJXxK_YXqBPwAuBUW4oEZWlztjN40TGVZnP95sKaHxtjh05_bvT4J4Fun2NUtoz06MCffjZ1Ed
 Bmj4QSPeeS.jtK9bfhY5f7f70NOPTTUfdHeKHBR5WVocKbYQayko.CaQgTMHFPGIVg7v9BYsYPHo
 UYwdXW3y00ml1svhdGKCO2mvB27eNrQxaGbXmpVoj1jw8olEn8zNPEgV1r.tHzMgWfS9CF3jdi21
 zOHDXHrEwIyAEwgBuMZUwLwgkpckL2wLx9tuZ465JwOedOt7pasGKku5XYTey6yoj0wNQtsE2teq
 VwOATQwLHsCEAVIc.Cv__p3o6TYDTFXpisLTtRyQsJfTDn8nAhJLXdyVAuJXoLVJuK21uWdbZka8
 U006PFXjB3yrKcsf4Iht16z56Z0Z4h_Y5.f5bMRMM.ENtP6RFG7VvAqKhl.tAbVHqXSawjdolccw
 qgnhNxAAl4tmWMpairaLxyU0rEd.MIxiRHyHocDDsb_OXxpUe2jysS4phAbhVg3C9quSb7LW9RSy
 kYHJFFrOaGQIWqSgeqe3C3jZGw5O5nhnp1Vy4RQ6SKKNdD5OInsjNbSOkFVB_kNPXIG_3ML2e2u_
 F_wV3_BamTdxPHLKSyzacapS_wSMa9Wn2acs1mnlyyG9oYA8sNyee4vUyVs4NQzPMGkDJlgOjme0
 U2hWJbCcMSHBNWCHaXQiAzGpyZOFG1q3AJP0EQ_b4_Xg180XOzSE_Wo3UBbbJLJa0R.LwAMFmoqF
 6FO16Y.4IBj89YvuLf0Kf4MBs9FPdDF42k9qhbF3j_yIR4kBFSMUs35vtf3ztQNY2G6ecZeTJCMs
 QjnHy2CX8DIBw9ubZM4dvZxbwnq9Xc.CQ3VtFrbMfGQ6mL9IP6WPav4Q.sAzto1Z5jpZ6NItfJnj
 KwdYCs4UkvwVZ84uBGkIFmRHRKEPlFH.HG6H9vQp.MzJwk7c99gaxZ6Dt_.oNCP6ZpBk0GsuXNZa
 KCTUkKVcOCe.yiatY7NJy6V7vEyPH3RZEfyGxUHUzIecw
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:59:24 +0000
Received: by kubenode530.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 0dc0dbe9111101f136bd150c68ae8268;
          Mon, 13 Dec 2021 23:59:23 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Chuck Lever <chuck.lever@oracle.com>, linux-nfs@vger.kernel.org
Subject: [PATCH v31 17/28] LSM: Use lsmcontext in security_inode_getsecctx
Date: Mon, 13 Dec 2021 15:40:23 -0800
Message-Id: <20211213234034.111891-18-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the security_inode_getsecctx() interface to fill
a lsmcontext structure instead of data and length pointers.
This provides the information about which LSM created the
context so that security_release_secctx() can use the
correct hook.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-nfs@vger.kernel.org
---
 fs/nfsd/nfs4xdr.c        | 23 +++++++++--------------
 include/linux/security.h |  5 +++--
 security/security.c      | 13 +++++++++++--
 3 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index f96da9ac116a..4aa412e0bfac 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2724,11 +2724,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 static inline __be32
 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
-			    void *context, int len)
+			    struct lsmcontext *context)
 {
 	__be32 *p;
 
-	p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
+	p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4);
 	if (!p)
 		return nfserr_resource;
 
@@ -2738,13 +2738,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
 	 */
 	*p++ = cpu_to_be32(0); /* lfs */
 	*p++ = cpu_to_be32(0); /* pi */
-	p = xdr_encode_opaque(p, context, len);
+	p = xdr_encode_opaque(p, context->context, context->len);
 	return 0;
 }
 #else
 static inline __be32
 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
-			    void *context, int len)
+			    struct lsmcontext *context)
 { return 0; }
 #endif
 
@@ -2841,9 +2841,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	int err;
 	struct nfs4_acl *acl = NULL;
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	struct lsmcontext scaff; /* scaffolding */
-	void *context = NULL;
-	int contextlen;
+	struct lsmcontext context = { };
 #endif
 	bool contextsupport = false;
 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
@@ -2901,7 +2899,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	     bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
 		if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
 			err = security_inode_getsecctx(d_inode(dentry),
-						&context, &contextlen);
+						       &context);
 		else
 			err = -EOPNOTSUPP;
 		contextsupport = (err == 0);
@@ -3321,8 +3319,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 	if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
-		status = nfsd4_encode_security_label(xdr, rqstp, context,
-								contextlen);
+		status = nfsd4_encode_security_label(xdr, rqstp, &context);
 		if (status)
 			goto out;
 	}
@@ -3343,10 +3340,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 out:
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	if (context) {
-		lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
-		security_release_secctx(&scaff);
-	}
+	if (context.context)
+		security_release_secctx(&context);
 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
 	kfree(acl);
 	if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index 3c66edb31e14..e29d2894928d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -605,7 +605,7 @@ void security_release_secctx(struct lsmcontext *cp);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp);
 int security_locked_down(enum lockdown_reason what);
 #else /* CONFIG_SECURITY */
 
@@ -1487,7 +1487,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32
 {
 	return -EOPNOTSUPP;
 }
-static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static inline int security_inode_getsecctx(struct inode *inode,
+					   struct lsmcontext *cp)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/security/security.c b/security/security.c
index dc0d4ae44a64..1b9e1189d74b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2418,9 +2418,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
 }
 EXPORT_SYMBOL(security_inode_setsecctx);
 
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp)
 {
-	return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
+	struct security_hook_list *hp;
+
+	memset(cp, 0, sizeof(*cp));
+
+	hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) {
+		cp->slot = hp->lsmid->slot;
+		return hp->hook.inode_getsecctx(inode, (void **)&cp->context,
+						&cp->len);
+	}
+	return -EOPNOTSUPP;
 }
 EXPORT_SYMBOL(security_inode_getsecctx);
 

From patchwork Mon Dec 13 23:40:24 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675033
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 47B9DC433EF
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:00:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244384AbhLNAAg (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:00:36 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:35010
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244381AbhLNAAf (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:00:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440035; bh=IIKa//ZfOf9ldI+2RZhwihcRPJzmFh5O4/PZDXiqrxo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=At4f0v9ZRIeAl1TmpXlWbNAtmLwMyclenQ84AtCqi+1JgsAv+dFNs+KkLTH7qB2RFVc/TlMRNd2wuPXVDdZqKn0pmWbuU/mKSjoLEhn5WosF6zjJd7w1h95NCtc2ns63wFxsXEYdNs0/GdER9gytuhUbeQc9rDTKA0D3JYDOvltiPXallT3OPOS0Mtc73e/yALQu8vGguN7b3aGwdqLU2pIXZa9Kjlj07CuRrOUSOwngrFeSQvrPqmgA4CVoqpPTOA5RNPlP9Tty7o9mi4/gVaG009pwePTIzOI7aDk4mBYZd3VZilzTxel2w7n034d9nwbcy01ov65Q3phIdcdyjQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440035; bh=CwPoWL/GQUcdxFWZsBGI8L44rlH3jTfPje7Kl4NSJE3=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=rU6SnYCpMTBsfLk7PNtn1y7yEK8+xbithXL1qp4ja/SWW/3H2Q836OVdwiD/bLQz4/Bfrrn193jtI5u+kEZJCMADCYdLnHl7e1OdmfAJNfS4PzkK2KK8GK+37dFiHrMcEr9RnLhTAT93KzY8xklYlg/+U9SnpD5iCD7yuoZyi0YxjpOAhoIUPCM3CovSCLtJNkOcLikcav4F9gElyzq/WFtAgLLS/rgGGdrBo+fY447l9rWKgllqtiTnBA+JAZ5AI8N8AYRIf+cXq+Jj28rF+k1pJfGFSXV5jadcal06HIsK8E2/Do+MgjrmW85JsLeI+Hs4kW2tP5OqQ0rwyxULCQ==
X-YMail-OSG: rPKqrxgVM1n1y6qm4CPuvvnOVf0sfan3XVDMFwN.kTgvOzpa9FWkCNIVLgeYCEG
 FtwLQMWh8g3bXOiaXXiwPB5Y5fDUAycL0zi6wSChz2rLMumeZnpQcI.S99zEqtfgjoo8VGHkHDKS
 fDFz3yvgmhwxilA7bIPpAEoooo1iT34NZmS88hByExLZkuT1qTOZQQEfH5rwZtz2mQE80zbFHAo9
 JCZcMo5pSTVE4.lHuVK75r7Uqh2o.zeTr49hZLuV96A8rEux0WWcxHEvGkLdVeiwpDC3SPwXt3sX
 B3X_PtcywSxTSWiqgJbsCVS4pUqF2p3WxLMfdYmBQSf_cgLRL0uHP5O2LVGbK92tDXOa35bTgn_N
 bfAKE.72Li12I4EPPMr16x_NxcXVAdA6c7udIeoa9zSiLzr0rBHzQzHpY0.otklcHyK3w7jPDo4R
 pFggCihPx_DybzA9ywLAXf.ZZJ_mzTQ6NkqtvIdSmRmtH.oTtrmEHKeo6xEe4.CjO.Cdi65DKqoh
 qt3WYpzLX7qPJNwPOba4WR1U3jEYK3Nexfjf8fmaktI_BFtx5gbw9de8XCPMaLril4KiZUooCW.n
 wcVTKTVlWSE47NrNIp4BMca6PP_0dbYBqe7iyypRjWfZ9LpL0Ok5sGYMmi3btJNJi029oM73ssa0
 _tbK5nQxrpyPSGzN92kQFzQcYnKqyJA8M7YnD3.WyEwv0izfGbozD0R_xmo0yuoKLrMs6sgKt._B
 E5P_GoyPj1SarNgF268uT1SxalLQoeKL3xEyEDzv5yNyQZeurVGj4tx8Zo0yQCakpfigSfoOj.za
 P5D5xw49SYDGNDg9aFyRLvgWxQyWmOCjAiJ.yzgAzPg3m_Qg3SZmGdcQv58LoBjYrFQ8GXeowc2l
 uLryjYaUrQw.TARsYK6mpVRF.lKYUVwqvsb1Ig6DPGWaLSt9a4zHwI9bsj4eG7oYXiWLi9ZvJLRE
 BGr6LzCnrBph8Y2x5BMWNxOepov4I04eOvshf_ssPAWJY9GFQXqiSGaUiPD1kv_SXd8SpcabPtAr
 ON5UNHRETqoRb1i9jWdLrKGhFc7KKLyk0dv5noNqtWfGR4kXHICDNfChFVVvPW0YZi5yLQY90DzB
 l725TIhxBDnNQNF69mbJsiRFrBohmqsrUFfUO4uUYIhbHbth_m1VSLD2_1zHpSje58DtjZQPvEkb
 O2Tz045REDfWYoggILcqaOGfMEBDtLko0SRvAjDX3f4YcAg7hhhdFhY225q_EAtPR4nn3B6SSWqz
 7RXesQuGL3v6A76QMrY7x.id90b5LVF99YWytqI1yZ6VkOgoEUQaUNNBiZMWUjFGXPDPqYe_exse
 b7aO0L_ECXJNhRhX7I_TWWisnD.Hd0XkkS1jJO8PZgDtFpWIuFeFXCpQj.5G7lJ0oJzl3bq6hMHq
 Ik6ANLQbg92yoAvX1S.p2uHzwmUbjskZLql.PUy8O60tqCz8bmZaSTeYIhKpfPbZ7vGudtimqScN
 8UrPSQT2_1trBFfJlQL0LSQI0KIQUz4AWJLOd0lfXzkzDVJt6fC_1PUx8kFz_vzCqZAhpiXikOU0
 g0_8PEhMXyoVUly5bY8ukLVNcLXyxt8GDTAV_Qny_G1RHtlkp7Nb0C69Y6.trm1bHBqtcjQ6AVfI
 AQfnkSmOaJuvLeDfsM4idMOMp.Td3oiVWDqhfghguGO8aBLv._Kt0gVgKRTsi7mSgFNZqAajMvM6
 m4BN0UwrPtluMTeuLUNDXCl3JS1eAZXcGrPUDH5qg0vlLLe8JTLobnVnq86OaHKhoXSs5slZMh.I
 hKg2WjHwqh1TMQd_VYQk75cIQi4QI4h2mUHCDU0Wj1mM5jDtfpFCDp5SwPc9WOkVYtTfd5nuk2BJ
 nR7O3fefbTr35SrD3sqFqr0URG2Y.knWgEAWoIJ12LCeXuYUdFw7o8qULYzYtKgPs3CUO3I9RDfr
 1gMEyodS_xjU0SJvoJO6wiAqn4yGalNWraMG7mNg3C0t705b4nNz2bfCuaSxfjUPwGPKhPnNDm4J
 p_5ZT.mSc.iCqiDNz7DVdBetBnL9TDXKoD6tLWKKZgM3N0AxHDouB.urlhXyNyLtiAICZ_.sJaDK
 SdEHX1D28vmJCyx4jou_E3aDk77TCaL9V.aeNPii6As5m_YDNtZLqhYVpr8W3FbJhASUHsMVVSGs
 L3DTKqIqgyrZSkP.a1SMqrq2y6omzEU86kXkqdHXYnCr.GCBqO44BnRnRpNdxiVvZkaid8IYR_Cu
 mkNh56jOIeA3LLoLASPGxVC4V6hfWf1eLXv_3SIGqPlj3fXSPmmkMElZk9KTdLA5QFUu0cMpRZH1
 bIUNCrX7bVNmDYrSw3G55Oc.ZNVmpxyxEUlAZLIwDXiackaI-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:00:35 +0000
Received: by kubenode516.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID d9da30bbc942afdefef6ca173bbb7167;
          Tue, 14 Dec 2021 00:00:30 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Pablo Neira Ayuso <pablo@netfilter.org>,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: [PATCH v31 18/28] LSM: security_secid_to_secctx in netlink netfilter
Date: Mon, 13 Dec 2021 15:40:24 -0800
Message-Id: <20211213234034.111891-19-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change netlink netfilter interfaces to use lsmcontext
pointers, and remove scaffolding.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
---
 net/netfilter/nfnetlink_queue.c | 37 +++++++++++++--------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index f19897b3cf39..69343275c54b 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk)
 	return -1;
 }
 
-static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
+static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context)
 {
-	u32 seclen = 0;
 #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
 	struct lsmblob blob;
-	struct lsmcontext context = { };
 
 	if (!skb || !sk_fullsock(skb->sk))
-		return 0;
+		return;
 
 	read_lock_bh(&skb->sk->sk_callback_lock);
 
@@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
 		 * blob. security_secid_to_secctx() will know which security
 		 * module to use to create the secctx.  */
 		lsmblob_init(&blob, skb->secmark);
-		security_secid_to_secctx(&blob, &context);
-		*secdata = context.context;
+		security_secid_to_secctx(&blob, context);
 	}
 
 	read_unlock_bh(&skb->sk->sk_callback_lock);
-	seclen = context.len;
 #endif
-	return seclen;
+	return;
 }
 
 static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
@@ -397,12 +393,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	struct net_device *indev;
 	struct net_device *outdev;
 	struct nf_conn *ct = NULL;
+	struct lsmcontext context = { };
 	enum ip_conntrack_info ctinfo;
 	struct nfnl_ct_hook *nfnl_ct;
 	bool csum_verify;
-	struct lsmcontext scaff; /* scaffolding */
-	char *secdata = NULL;
-	u32 seclen = 0;
 
 	size = nlmsg_total_size(sizeof(struct nfgenmsg))
 		+ nla_total_size(sizeof(struct nfqnl_msg_packet_hdr))
@@ -470,9 +464,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	}
 
 	if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) {
-		seclen = nfqnl_get_sk_secctx(entskb, &secdata);
-		if (seclen)
-			size += nla_total_size(seclen);
+		nfqnl_get_sk_secctx(entskb, &context);
+		if (context.len)
+			size += nla_total_size(context.len);
 	}
 
 	skb = alloc_skb(size, GFP_ATOMIC);
@@ -602,7 +596,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	    nfqnl_put_sk_uidgid(skb, entskb->sk) < 0)
 		goto nla_put_failure;
 
-	if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata))
+	if (context.len &&
+	    nla_put(skb, NFQA_SECCTX, context.len, context.context))
 		goto nla_put_failure;
 
 	if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0)
@@ -630,10 +625,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	}
 
 	nlh->nlmsg_len = skb->len;
-	if (seclen) {
-		lsmcontext_init(&scaff, secdata, seclen, 0);
-		security_release_secctx(&scaff);
-	}
+	if (context.len)
+		security_release_secctx(&context);
 	return skb;
 
 nla_put_failure:
@@ -641,10 +634,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	kfree_skb(skb);
 	net_err_ratelimited("nf_queue: error creating packet message\n");
 nlmsg_failure:
-	if (seclen) {
-		lsmcontext_init(&scaff, secdata, seclen, 0);
-		security_release_secctx(&scaff);
-	}
+	if (context.len)
+		security_release_secctx(&context);
 	return NULL;
 }
 

From patchwork Mon Dec 13 23:40:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675035
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CD585C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:01:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244406AbhLNABm (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:01:42 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:40921
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244401AbhLNABk (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:01:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440100; bh=GSurOhVzqUI/nNz8OcXYb0Mj9Kn5l034tUBurXhhR90=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=UD1S1lKq2OpJHcL9VBdK72mwn0QTIX2gdu0FUJ3jYTM8jTfiXQ5//hwUE48cdzzKL4onRo8GyCXfAe1jnJ0uH3OynXu/+AnLTg6g7MdsuY0qODuw0MJs+piedrM9ctoDXcxBE5ebHYUS8kM8ezlnGglYlM2Ql7ob8MAmrqAOzSgPZ4JGpYYCSjfUIlfqZU7zH5ogiGGLbPfBBt0xS/DMFNMHByACXVpolXRxbw+YkR25Cmqlhji59DLkCDJLlcyWT94Pmu+0JfMfB6/a9bLMuXwPLX5OlVk/oQNupatj2O9Z65doUB8iEQDGSbaxEhnCdcUuETDcwTX1KhW/eHRBbg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440100; bh=r5CHfpI0eoaIWEkwmyLH8njrGMSU6xE379+DpX1Oz/H=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=Cp3yMTrEkPJUzYr2k5Fu+qzQX5UxtjAN0bMipepZGh65eDmHI2fuupX6InYpoe6K1TQTPmF4TAqZ9duhpCRHgUwEX5oDNjNPC0d6U7sdg1V2GR4O9PFK7m8RW5WVxOE/Zqb2ugNEQkan7d/NWVr9SkUECchLGAsA8H7I9Dp5LxEG7jD3jIxP/GD9cmDzpq8jKGZ3mkI05iYbeGzF4MGv5z11U2n0vkrbd9BDBuKc+7Vic5g6vIcHDk09b+/LgY7qSG8n6lmEiyaizDF/0d1f1XKlRJPAvYk62DtyImVjYRZTmd/4i+bwZQh9X9ud54LrcbO6b3peL/N19eNTqOswZQ==
X-YMail-OSG: zNgAoPgVM1nCfo6fJydlGuyYiazr.ZYj8GJ.8lXpohDXUh_A2bG26kDE6BKGdaU
 5fbDZDww4yizg4u8aezHCQd4gEx28mVoALEXZWsWzQeqqnDS9j80v1ZFNajqeZXSqsL5kx8Pf7MS
 GhZ3D.uExLINjEU0L3Afnpfgz5EFxG0__YdiIhkFa_OrfENcRrpNatqc9obvW3pdQWJ4n0v23qBO
 k6MjAJjxqcn6UdvOLRHcdL7wRhMEWA07OKTgknEHO1H25ncrUYwKAEm_hh7e5trRsPp_YHzLT3ji
 uoz3fojLHUfNh03_PyRX_vjsCAXhUwZSXjeEG_W7GH0r7N7Dvg2kgxnUtpY3i1j3hYo.pg3ypYsL
 Dwo7wbGl5.PIvbXWE5EorEGRTschoJbyQe.tt_OqllUhyoqrRRZMIWlZJCN1ospAQ2cxZlTjgsL2
 7fPa5JjKW9WS8bqXCoA4jvGf88XbcTV7cBdFMauiaoZLBQhg1n5Ao3IKAtj1a1N3ZazRP0it3xuf
 CPEWyhGwEf1_U2Eh4l_JL3qha6JONYmg0ELB2B2rV8MdWjcWRUr2AmHeCBrRVwKVEYToFppASZeo
 X3ProX3skf4VWLZdR1TwN.i9CKbzVo6pcLUqAGCszkoCfLUJtEeZn4OA4p9YKyI321kj5tPAp1_y
 7LQeEeWJySJf_Bw29GFtiXbFdYm2IXPIKqbYUfAktl9Jcbl1fc66RPsPY1usz.HGS97epHqFtKTB
 BUoMeUmdcmcQUDYZQ3bAg_tcYTXxuX4BG8YO2wC6lhYLeYXYRrq_DuMNVb2V0ZYCpw.zYo9AMeI_
 UyyvvM.s1iualwr.wl0WZuVO4d2UmcjhIxsHoyap7q9nu4TcyggEExe2Sj3i1fi.LyZp78AX37mq
 HiFAqs.TZGEZTULd_p4_c9T1LD1ETBf93Fi3yqVNuvToZl_._5Tm7fg2NycNHqnokmgPrC6oKQ8s
 xW5mpS84QTmuQga8kleDCFOPwY_f1ykieeg7j4twKPUgSHOnrnJaEPk_4C_v65ba.jadFt.aB1f2
 Q8EXPvzHH7KRbvq8D2T3LFvDEpri0smCsshO1FZW7pLyWB2QDLdItPRSlkV2JE9Fv4OdI9JM6HfL
 FSsA9mYy4ciGqffNCNC0WqQa8wtPVdJb2tfFfm6Kyu6fKbRlIfcWVKoTDy3sFaBDLfNM_S0xvngc
 zZ9DevBsXnMWc0UWlEDc.yOPZrUASnpWT2O3c5ZsqfE3gB0_zyuZnBggQ_59uKbxMmx7IKZwCkhA
 e34OI5ZSqcZfCIHcHKb9h_mnp7eE7P1K1x9Rnykyw6hw9_N4IYnzOaQ6vbsbpHFsCZMTi6V_lOGz
 8BXPAzd1ZN1_CRm0UJMwmN8oZJotaxXUYKOtYDNS2lCt15n32sZiQDwlsZHHxH7OWiU7JrCkPFTX
 s26C8XDLIC7Ktaze76Xyb0yWyfHJNB5v9noYIV1oj4CW6202SquG9d3aR4APCe21qaSdydD_FnHR
 ydEWtjgvFZQe3CJWoPaD3kZE0sDUrKGpyPz4CzUOvChhlFBhHDdShEAs6bq9GnGt_bMWdt8DKcb9
 gkkmathHVlmNRVDQjZcHXJPEoEl6EqKjo012EA.2BRjS.63eulHdMdWDhgVLhxMySmFwFWYdcKhf
 iexBqcc2_KFICPSbcvJEHDbEky_ygxDkyLn6nxi4ck02E..5_hicVtwpmFlFeVxRnWqpi3Xl7YfX
 Dm3fB5umSlyymwMVQOyDZOrJgqIdadMX3VYzdgwuak.8hqt2ciVnXrATnFo4ynBClQCOHDAClums
 IvGZTJZh3XCkGO8guJeI3TrcdPUlRXskQySvCXiWsJbD91lVtHfDGd.R_AQlhLWQKY8Sl7G5yz5n
 MpIjXF93gwznLxgrPmD6gXAVXnTPnAVgtpKaqEz6Q.jfuKZmyIgmoO9Q1ZMtKzgnGZK1gOUOYLGe
 7eDGN3UKfZwdksT0lrJOUHbTgGTeXKSH7jDw9Ut1T3M2s6aB8ed6kD0ImUmpU3AEKNIkdOfbjbvt
 rq8N6o9DG_4FrPyCSbLyaLH5KzQ1AscN64BD_LH5UbDBOFXJERZkl5gegiEqI1BnoplepR9C5L3A
 DYygX7FK320hm.OY9aqU4OT.7LbS5owiti9YGUIoIQbdwbwr5HUUrkuHMeFOHONjIyyzfDvW9MBo
 8ag3QCNQJo7B1jx_EJUGsgYFN9Px.IIVsMFHC7mZ4apOwHO7NNr22bJb_rAN_9k8ouhnHxj.xIlF
 aOtdVHxtRbWDjeM3C0DYSmJnyXrc9mwa2OEynH9_B_4v9XlKIMp6bAt.iSwoTbwpw51Phi3JeH28
 YH0PtXB8EynkXfES.Reqi48c-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:01:40 +0000
Received: by kubenode503.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 0cc56464e1a1cc4f0054ea02a08fc52b;
          Tue, 14 Dec 2021 00:01:35 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        netdev@vger.kernel.org
Subject: [PATCH v31 19/28] NET: Store LSM netlabel data in a lsmblob
Date: Mon, 13 Dec 2021 15:40:25 -0800
Message-Id: <20211213234034.111891-20-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Netlabel uses LSM interfaces requiring an lsmblob and
the internal storage is used to pass information between
these interfaces, so change the internal data from a secid
to a lsmblob. Update the netlabel interfaces and their
callers to accommodate the change. This requires that the
modules using netlabel use the lsm_id.slot to access the
correct secid when using netlabel.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
---
 include/net/netlabel.h              |  8 +--
 net/ipv4/cipso_ipv4.c               | 26 ++++++----
 net/netlabel/netlabel_kapi.c        |  6 +--
 net/netlabel/netlabel_unlabeled.c   | 79 +++++++++--------------------
 net/netlabel/netlabel_unlabeled.h   |  2 +-
 security/selinux/hooks.c            |  2 +-
 security/selinux/include/security.h |  1 +
 security/selinux/netlabel.c         |  2 +-
 security/selinux/ss/services.c      |  4 +-
 security/smack/smack.h              |  1 +
 security/smack/smack_access.c       |  2 +-
 security/smack/smack_lsm.c          | 11 ++--
 security/smack/smackfs.c            | 10 ++--
 13 files changed, 68 insertions(+), 86 deletions(-)

diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 43ae50337685..73fc25b4042b 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -166,7 +166,7 @@ struct netlbl_lsm_catmap {
  * @attr.mls: MLS sensitivity label
  * @attr.mls.cat: MLS category bitmap
  * @attr.mls.lvl: MLS sensitivity level
- * @attr.secid: LSM specific secid token
+ * @attr.lsmblob: LSM specific data
  *
  * Description:
  * This structure is used to pass security attributes between NetLabel and the
@@ -201,7 +201,7 @@ struct netlbl_lsm_secattr {
 			struct netlbl_lsm_catmap *cat;
 			u32 lvl;
 		} mls;
-		u32 secid;
+		struct lsmblob lsmblob;
 	} attr;
 };
 
@@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
 				const void *addr,
 				const void *mask,
 				u16 family,
-				u32 secid,
+				struct lsmblob *lsmblob,
 				struct netlbl_audit *audit_info);
 int netlbl_cfg_unlbl_static_del(struct net *net,
 				const char *dev_name,
@@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net,
 					      const void *addr,
 					      const void *mask,
 					      u16 family,
-					      u32 secid,
+					      struct lsmblob *lsmblob,
 					      struct netlbl_audit *audit_info)
 {
 	return -ENOSYS;
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 62d5f99760aa..bb9c900da6b0 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1;
 /* Base length of the local tag (non-standard tag).
  *  Tag definition (may change between kernel versions)
  *
- * 0          8          16         24         32
- * +----------+----------+----------+----------+
- * | 10000000 | 00000110 | 32-bit secid value  |
- * +----------+----------+----------+----------+
- * | in (host byte order)|
- * +----------+----------+
- *
+ * 0          8          16                    16 + sizeof(struct lsmblob)
+ * +----------+----------+---------------------+
+ * | 10000000 | 00000110 | LSM blob data       |
+ * +----------+----------+---------------------+
+ *
+ * All secid and flag fields are in host byte order.
+ * The lsmblob structure size varies depending on which
+ * Linux security modules are built in the kernel.
+ * The data is opaque.
  */
-#define CIPSO_V4_TAG_LOC_BLEN         6
+#define CIPSO_V4_TAG_LOC_BLEN         (2 + sizeof(struct lsmblob))
 
 /*
  * Helper Functions
@@ -1460,7 +1462,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def,
 
 	buffer[0] = CIPSO_V4_TAG_LOCAL;
 	buffer[1] = CIPSO_V4_TAG_LOC_BLEN;
-	*(u32 *)&buffer[2] = secattr->attr.secid;
+	/* Ensure that there is sufficient space in the CIPSO header
+	 * for the LSM data. */
+	BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX);
+	memcpy(&buffer[2], &secattr->attr.lsmblob,
+	       sizeof(secattr->attr.lsmblob));
 
 	return CIPSO_V4_TAG_LOC_BLEN;
 }
@@ -1480,7 +1486,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def,
 				 const unsigned char *tag,
 				 struct netlbl_lsm_secattr *secattr)
 {
-	secattr->attr.secid = *(u32 *)&tag[2];
+	memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob));
 	secattr->flags |= NETLBL_SECATTR_SECID;
 
 	return 0;
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index beb0e573266d..158bab993e32 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
  * @addr: IP address in network byte order (struct in[6]_addr)
  * @mask: address mask in network byte order (struct in[6]_addr)
  * @family: address family
- * @secid: LSM secid value for the entry
+ * @lsmblob: LSM data value for the entry
  * @audit_info: NetLabel audit information
  *
  * Description:
@@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
 				const void *addr,
 				const void *mask,
 				u16 family,
-				u32 secid,
+				struct lsmblob *lsmblob,
 				struct netlbl_audit *audit_info)
 {
 	u32 addr_len;
@@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
 
 	return netlbl_unlhsh_add(net,
 				 dev_name, addr, mask, addr_len,
-				 secid, audit_info);
+				 lsmblob, audit_info);
 }
 
 /**
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 596a75814fbf..60e36324568f 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl {
 #define netlbl_unlhsh_addr4_entry(iter) \
 	container_of(iter, struct netlbl_unlhsh_addr4, list)
 struct netlbl_unlhsh_addr4 {
-	u32 secid;
+	struct lsmblob lsmblob;
 
 	struct netlbl_af4list list;
 	struct rcu_head rcu;
@@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 {
 #define netlbl_unlhsh_addr6_entry(iter) \
 	container_of(iter, struct netlbl_unlhsh_addr6, list)
 struct netlbl_unlhsh_addr6 {
-	u32 secid;
+	struct lsmblob lsmblob;
 
 	struct netlbl_af6list list;
 	struct rcu_head rcu;
@@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
  * @iface: the associated interface entry
  * @addr: IPv4 address in network byte order
  * @mask: IPv4 address mask in network byte order
- * @secid: LSM secid value for entry
+ * @lsmblob: LSM data value for entry
  *
  * Description:
  * Add a new address entry into the unlabeled connection hash table using the
@@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
 static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
 				   const struct in_addr *addr,
 				   const struct in_addr *mask,
-				   u32 secid)
+				   struct lsmblob *lsmblob)
 {
 	int ret_val;
 	struct netlbl_unlhsh_addr4 *entry;
@@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
 	entry->list.addr = addr->s_addr & mask->s_addr;
 	entry->list.mask = mask->s_addr;
 	entry->list.valid = 1;
-	entry->secid = secid;
+	entry->lsmblob = *lsmblob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list);
@@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
  * @iface: the associated interface entry
  * @addr: IPv6 address in network byte order
  * @mask: IPv6 address mask in network byte order
- * @secid: LSM secid value for entry
+ * @lsmblob: LSM data value for entry
  *
  * Description:
  * Add a new address entry into the unlabeled connection hash table using the
@@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
 static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
 				   const struct in6_addr *addr,
 				   const struct in6_addr *mask,
-				   u32 secid)
+				   struct lsmblob *lsmblob)
 {
 	int ret_val;
 	struct netlbl_unlhsh_addr6 *entry;
@@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
 	entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
 	entry->list.mask = *mask;
 	entry->list.valid = 1;
-	entry->secid = secid;
+	entry->lsmblob = *lsmblob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list);
@@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net,
 		      const void *addr,
 		      const void *mask,
 		      u32 addr_len,
-		      u32 secid,
+		      struct lsmblob *lsmblob,
 		      struct netlbl_audit *audit_info)
 {
 	int ret_val;
@@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net,
 	struct netlbl_unlhsh_iface *iface;
 	struct audit_buffer *audit_buf = NULL;
 	struct lsmcontext context;
-	struct lsmblob blob;
 
 	if (addr_len != sizeof(struct in_addr) &&
 	    addr_len != sizeof(struct in6_addr))
@@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net,
 		const struct in_addr *addr4 = addr;
 		const struct in_addr *mask4 = mask;
 
-		ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid);
+		ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob);
 		if (audit_buf != NULL)
 			netlbl_af4list_audit_addr(audit_buf, 1,
 						  dev_name,
@@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net,
 		const struct in6_addr *addr6 = addr;
 		const struct in6_addr *mask6 = mask;
 
-		ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid);
+		ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob);
 		if (audit_buf != NULL)
 			netlbl_af6list_audit_addr(audit_buf, 1,
 						  dev_name,
@@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net,
 unlhsh_add_return:
 	rcu_read_unlock();
 	if (audit_buf != NULL) {
-		/* lsmblob_init() puts secid into all of the secids in blob.
-		 * security_secid_to_secctx() will know which security module
-		 * to use to create the secctx.  */
-		lsmblob_init(&blob, secid);
-		if (security_secid_to_secctx(&blob, &context) == 0) {
+		if (security_secid_to_secctx(lsmblob, &context) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
 	struct lsmcontext context;
-	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
@@ -496,13 +490,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 					  (dev != NULL ? dev->name : NULL),
 					  addr->s_addr, mask->s_addr);
 		dev_put(dev);
-		/* lsmblob_init() puts entry->secid into all of the secids
-		 * in blob. security_secid_to_secctx() will know which
-		 * security module to use to create the secctx.  */
-		if (entry != NULL)
-			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&blob, &context) == 0) {
+		    security_secid_to_secctx(&entry->lsmblob, &context) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -543,7 +532,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
 	struct lsmcontext context;
-	struct lsmblob blob;
 
 	spin_lock(&netlbl_unlhsh_lock);
 	list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
@@ -561,13 +549,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 					  (dev != NULL ? dev->name : NULL),
 					  addr, mask);
 		dev_put(dev);
-		/* lsmblob_init() puts entry->secid into all of the secids
-		 * in blob. security_secid_to_secctx() will know which
-		 * security module to use to create the secctx.  */
-		if (entry != NULL)
-			lsmblob_init(&blob, entry->secid);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&blob, &context) == 0) {
+		    security_secid_to_secctx(&entry->lsmblob, &context) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -921,14 +904,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
 	if (ret_val != 0)
 		return ret_val;
 
-	/* netlbl_unlhsh_add will be changed to pass a struct lsmblob *
-	 * instead of a u32 later in this patch set. security_secctx_to_secid()
-	 * will only be setting one entry in the lsmblob struct, so it is
-	 * safe to use lsmblob_value() to get that one value. */
-
-	return netlbl_unlhsh_add(&init_net,
-				 dev_name, addr, mask, addr_len,
-				 lsmblob_value(&blob), &audit_info);
+	return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len,
+				 &blob, &audit_info);
 }
 
 /**
@@ -975,11 +952,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
 	if (ret_val != 0)
 		return ret_val;
 
-	/* security_secctx_to_secid() will only put one secid into the lsmblob
-	 * so it's safe to use lsmblob_value() to get the secid. */
-	return netlbl_unlhsh_add(&init_net,
-				 NULL, addr, mask, addr_len,
-				 lsmblob_value(&blob), &audit_info);
+	return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob,
+				 &audit_info);
 }
 
 /**
@@ -1091,8 +1065,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	struct net_device *dev;
 	struct lsmcontext context;
 	void *data;
-	u32 secid;
-	struct lsmblob blob;
+	struct lsmblob *lsmb;
 
 	data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
 			   cb_arg->seq, &netlbl_unlabel_gnl_family,
@@ -1130,7 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 		if (ret_val != 0)
 			goto list_cb_failure;
 
-		secid = addr4->secid;
+		lsmb = (struct lsmblob *)&addr4->lsmblob;
 	} else {
 		ret_val = nla_put_in6_addr(cb_arg->skb,
 					   NLBL_UNLABEL_A_IPV6ADDR,
@@ -1144,14 +1117,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 		if (ret_val != 0)
 			goto list_cb_failure;
 
-		secid = addr6->secid;
+		lsmb = (struct lsmblob *)&addr6->lsmblob;
 	}
 
-	/* lsmblob_init() secid into all of the secids in blob.
-	 * security_secid_to_secctx() will know which security module
-	 * to use to create the secctx.  */
-	lsmblob_init(&blob, secid);
-	ret_val = security_secid_to_secctx(&blob, &context);
+	ret_val = security_secid_to_secctx(lsmb, &context);
 	if (ret_val != 0)
 		goto list_cb_failure;
 	ret_val = nla_put(cb_arg->skb,
@@ -1510,7 +1479,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
 					      &iface->addr4_list);
 		if (addr4 == NULL)
 			goto unlabel_getattr_nolabel;
-		secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid;
+		secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob;
 		break;
 	}
 #if IS_ENABLED(CONFIG_IPV6)
@@ -1523,7 +1492,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
 					      &iface->addr6_list);
 		if (addr6 == NULL)
 			goto unlabel_getattr_nolabel;
-		secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid;
+		secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob;
 		break;
 	}
 #endif /* IPv6 */
diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h
index 058e3a285d56..168920780994 100644
--- a/net/netlabel/netlabel_unlabeled.h
+++ b/net/netlabel/netlabel_unlabeled.h
@@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net,
 		      const void *addr,
 		      const void *mask,
 		      u32 addr_len,
-		      u32 secid,
+		      struct lsmblob *lsmblob,
 		      struct netlbl_audit *audit_info);
 int netlbl_unlhsh_remove(struct net *net,
 			 const char *dev_name,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 824a6e4fb126..6f790d96594d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7056,7 +7056,7 @@ static int selinux_uring_sqpoll(void)
 }
 #endif /* CONFIG_IO_URING */
 
-static struct lsm_id selinux_lsmid __lsm_ro_after_init = {
+struct lsm_id selinux_lsmid __lsm_ro_after_init = {
 	.lsm  = "selinux",
 	.slot = LSMBLOB_NEEDED
 };
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ac0ece01305a..9f856f2cd277 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -73,6 +73,7 @@
 struct netlbl_lsm_secattr;
 
 extern int selinux_enabled_boot;
+extern struct lsm_id selinux_lsmid;
 
 /*
  * type_datum properties
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 800ab4b4239e..0b8f99703462 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -109,7 +109,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr(
 		return NULL;
 
 	if ((secattr->flags & NETLBL_SECATTR_SECID) &&
-	    (secattr->attr.secid == sid))
+	    (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid))
 		return secattr;
 
 	return NULL;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8e92af7dd284..23a45c9dcf04 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3899,7 +3899,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
 	if (secattr->flags & NETLBL_SECATTR_CACHE)
 		*sid = *(u32 *)secattr->cache->data;
 	else if (secattr->flags & NETLBL_SECATTR_SECID)
-		*sid = secattr->attr.secid;
+		*sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot];
 	else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
 		rc = -EIDRM;
 		ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
@@ -3977,7 +3977,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
 	if (secattr->domain == NULL)
 		goto out;
 
-	secattr->attr.secid = sid;
+	secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid;
 	secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
 	mls_export_netlbl_lvl(policydb, ctx, secattr);
 	rc = mls_export_netlbl_cat(policydb, ctx, secattr);
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 66b813e15196..44fd5bc8ba71 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp);
  * Shared data.
  */
 extern int smack_enabled __initdata;
+extern struct lsm_id smack_lsmid;
 extern int smack_cipso_direct;
 extern int smack_cipso_mapped;
 extern struct smack_known *smack_net_ambient;
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index d2186e2757be..c6dcafe18912 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -524,7 +524,7 @@ int smack_populate_secattr(struct smack_known *skp)
 {
 	int slen;
 
-	skp->smk_netlabel.attr.secid = skp->smk_secid;
+	skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid;
 	skp->smk_netlabel.domain = skp->smk_known;
 	skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
 	if (skp->smk_netlabel.cache != NULL) {
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1069ba7abf40..9832b5e5c9fd 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3729,11 +3729,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
 	if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
 		return (struct smack_known *)sap->cache->data;
 
+	/*
+	 * Looks like a fallback, which gives us a secid.
+	 */
 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
-		/*
-		 * Looks like a fallback, which gives us a secid.
-		 */
-		return smack_from_secid(sap->attr.secid);
+		return smack_from_secid(
+				sap->attr.lsmblob.secid[smack_lsmid.slot]);
 
 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
 		/*
@@ -4752,7 +4753,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
 	.lbs_superblock = sizeof(struct superblock_smack),
 };
 
-static struct lsm_id smack_lsmid __lsm_ro_after_init = {
+struct lsm_id smack_lsmid __lsm_ro_after_init = {
 	.lsm  = "smack",
 	.slot = LSMBLOB_NEEDED
 };
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 658eab05599e..13c2fa728054 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -1143,6 +1143,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new)
 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
 				size_t count, loff_t *ppos)
 {
+	struct lsmblob lsmblob;
 	struct smk_net4addr *snp;
 	struct sockaddr_in newname;
 	char *smack;
@@ -1274,10 +1275,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
 	 * this host so that incoming packets get labeled.
 	 * but only if we didn't get the special CIPSO option
 	 */
-	if (rc == 0 && skp != NULL)
+	if (rc == 0 && skp != NULL) {
+		lsmblob_init(&lsmblob, 0);
+		lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid;
 		rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
-			&snp->smk_host, &snp->smk_mask, PF_INET,
-			snp->smk_label->smk_secid, &audit_info);
+			&snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob,
+			&audit_info);
+	}
 
 	if (rc == 0)
 		rc = count;

From patchwork Mon Dec 13 23:40:26 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675037
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9999AC433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:02:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241201AbhLNACq (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:02:46 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:35757
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S239232AbhLNACp (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:02:45 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440165; bh=/pHqOJC+O/1FpZFd856W6ZYsy0o7dIQH5ZBENXEFO9Y=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=VbQYERYs1UsHFgimKOjrEbtpl3TcUwUNwadhUOMU10RBDJuo2nKKjufNXkUySAWYZaA20O95NspsTjDacrI0BTQN9tDhmjfuoT//UCnp0o7OBhGyA6QRYl0z1YBKzETVx/Cu+SD2e/QBTZ8bEYR5AWVrPp2JFV0z8PN4u0QpoaDjaEPZULSyQmmR/VkLbPIMYDNSB/EEAxFaTijBNqIXku3xqHbbKr1X26d0exYMSeFTCV2ljIlr0mQt9pSwndY+oc7wkXixXVcLgEj8HUt6NkpEtlkncbjl7+bz6x3OYB1iyAy5m5sJ7RW44/xxyoV6DIpedUkdnkqDdIp1se3b0g==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440165; bh=5zDE+k4poBX2HVvaHxG72W9zxd07J/6Ii8nPTjhustl=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=iTiJjkVTPZGWmWTH6wVmVct8B23EBg+iGEtgFH+AbKzN99zmwACWjf95JmbW26NKSu4tjWLSC+ghN2S5ee4ycEKpZcPhj7Ja1CVEHS8JjFuESQDBhmKCWSbXtxuwNiKEYZ0jSeb71SHyWV9av5+CDpDE6+fIXAR3lDuQRMAfK+aRZDjnBhE9GemTZT2CDYpNKQIk5vN2G8l5PXlIyltrSEftqSQVCC3n24qE6W7ad2GYwnlYmYT5wpwUIojg9865+o46bZS10qtu36pTK4+17p/+/6O+hnNKSa/9hio7Tf5kDagrecqSaSZ7IH4T+RkSP8SXUE/ogck5I8wwjv5aXw==
X-YMail-OSG: D9Y2RM4VM1m8VF6y_GDUYbZ4qrEEKj03EoAjIOqpFT0ue45UfXkuoR825daQEh_
 pshvxavWjx8NY_PA01NPBWCJyRBtVX6QL5mm0gBGttZy830alWuLBH.yIg8bHKaAFIBp7wcAeQxN
 MN0g8tSpJA5eoxQnY1vlD4dI1FT0IsDPEWeV0e3zcD6TqQi3JdY6am0ArJGSlPcG4XzLbizlsE.a
 4ZOzha9826wc_FWKsSKzwdnsvJJRrL1cZgpuyPC1VEpiaacCIuVnbTfP.HAqonVm.fgEEgaThxGv
 Mu_eZWxYA_dA2wS861qwQ7fjkh6V9QZo896f_fXMWBfFMccT.HVyZZXLtHxh36hJZa8viwJjzZo6
 LeiaALdt1oTHaJ9Ez12kxBPP2PpxkwmNud.rXwL6REutPLVms9lOm4Q9R9f5gq31dG88lVaCN_gH
 hKq0YV06N94UkA6o1yOVIxzIL4mDBVdMlnyM7yL5oq0ktvteRv8cTHPUxDioqdkCcZ4Yohp0PWJn
 EsOVQBHwJeKwok98Po8zQdztDd_3TCJ04qD9LiP69bMWBjSvVWPnEtJJc_CjwkCbyNd6l5.GMzV4
 vdQltyfYB_iCOqttYkH33yi1Njy5EvXA9ccAdCoKC9TDkKFQPF11tdmk2wKsKzSHGwN_Jhs164Nf
 b55htQIrwucIPQj0_zd3ImnnFkGZpy6PsN3a9tsgqDBVOEb9rJvu13.pgbZby9AMjRoV9H8CDlRN
 yJzVsefRPxjuVtfMEkkqKfecrj7VKushKCH4APy2wLBXbc4RmOf8A9sY9Q.Nl1EKIWgUbes3_X6a
 fEO3QwLE4XpHwuzdX3o5AEoJdR.H1f1VVVU7AQ64SYdUbS72MmDskHimN4zC.iGY9eZsfXSNO35F
 DKKKVnF0YOquzOYmRi_aNL7HW424Z.hiY7_0OmlI5cxETULzCV7ZxueF9O8_Sho7lb7ldNQ9iuEH
 O1K.N02fMh2R074pJ9Oni5fuZkfyT__j3LkGiY1jMpq2EDvVBvBSenavVcdAyBR4naQoUr_j8.im
 x63DR53sEJfi2YFXkcT0HleQXZ.N0Q3y.Q3U4HgXVMy0ZFYDPt_3drYLZjkFqdRsax47zyvhOTQf
 4XUusUqF0Aj1oZgbs3z3e47mUABqpU8D64EjJMifrhLN4.OF6cqTImFomDWueA3BgW_dqofjGBWJ
 SS9qfZEc6bzGIJtiirJMgtLnxvgKHs2srShWovthYbbW60B48DgzBUXwBstZBIw2gjxmo4GxCvyI
 5erYUWRTiFbg7Mt5hQTSQyscAibaxDB_RZ2JmNz_IwyPZEWrOHWsSQaBkpqPpNfbgNTx2A5PZmF2
 5wUMyTkRXmInKFs_J4hYApyytGmOTn4CVJ0PPVCmBWxtfWr.D.5J0a1pFXTgYq7QqKEs8WsvBybk
 DZ6VDsLJVn4WrfnVnbIceGUvixUn5iqgpMVNURORYjQnfhTs2HXudrpkQiiUGF5YEHhSCrWlQitk
 5MQPQuvcKR2gQ3ghBu_qk2A6GxOch8BHDwbKAlVW5hHlrlNN88xEzN1xYNuThbDnaI0TfX2OMUe.
 kWttQyaf_ESyxtqEFsMhyUkKkgRveCYtZOrMEnuOWRZLdASAsTWTXZavbMIwR_3bK1LBITCsut_S
 VKyEZ7CJoyQpcbYaHQBBrM4LqnbmNHbPfJ7lpj6YIxAv6HQiCVqpCtQItbMwWneMEtX2wgPWLGaA
 CHeYxSJZhpsxDmL5EfxZkzxk6wgjwqo8Ci5TKvgJpIBz0NvxgUkUixVKoxpzS61QT0YtjGzgpW1M
 vf_lvkMzoAhT81F0QVbtK.NlCFTTDhRCrEoNUKM6k15EtbmPdXy4vyuGlCd.wCO_SZzQefmpd35v
 wda9zn2gpZFeu2zvlEwE33SfEVt4Ti88z8nf0j85yEmP7C99b9m6.6sGQbUtCg2OH_XgW4iqN5Wi
 kRWmutHEZtBIH4GFs6kShkdDlYebKWqwhx62zBu5LHWeq1VGjWDPpr42WdJlRkSlmSNnmlHg64E5
 B2OTFJZdwqgP1oXxqgdHCVYlHfoANT6dMhXj8ZVLxUb1Y6AKd27Sod91vYpk617s7YaEH7BzNQD7
 iJav2v5xCgP.s.ILT5uwR3RuKcw6FUVzPZnEkiZI6F4wGQ19g6agMVeEn6xVkeRnOo3djro..fUj
 V034ScwgXqprvZWzPcAneHQIyNCldf1GevE_BpL_8Hnun8K.Ir7S1GRzTUYmb.jFwgxi98cT.hYs
 6j_siaLResNUsyaGKC3HmuCS2lpvfY5bxFMzBmoZSVw--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:02:45 +0000
Received: by kubenode522.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 3e1325cfd5c69eb7866c2bf85c314813;
          Tue, 14 Dec 2021 00:02:42 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 20/28] binder: Pass LSM identifier for confirmation
Date: Mon, 13 Dec 2021 15:40:26 -0800
Message-Id: <20211213234034.111891-21-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Send an identifier for the security module interface_lsm
along with the security context. This allows the receiver
to verify that the receiver and the sender agree on which
security module's context is being used. If they don't
agree the message is rejected.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 drivers/android/binder.c          | 21 +++++++++++++++++++++
 drivers/android/binder_internal.h |  1 +
 2 files changed, 22 insertions(+)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index b9699f7ac603..e15fb8575c81 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2762,6 +2762,7 @@ static void binder_transaction(struct binder_proc *proc,
 				    ALIGN(extra_buffers_size, sizeof(void *)) -
 				    ALIGN(lsmctx.len, sizeof(u64));
 
+		t->security_interface = lsm_task_ilsm(current);
 		t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset;
 		err = binder_alloc_copy_to_buffer(&target_proc->alloc,
 						  t->buffer, buf_offset,
@@ -4132,6 +4133,26 @@ static int binder_thread_read(struct binder_proc *proc,
 
 		tr.secctx = t->security_ctx;
 		if (t->security_ctx) {
+			int to_ilsm = lsm_task_ilsm(current);
+			int from_ilsm = t->security_interface;
+
+			if (to_ilsm == LSMBLOB_INVALID)
+				to_ilsm = 0;
+			if (from_ilsm == LSMBLOB_INVALID)
+				from_ilsm = 0;
+			/*
+			 * The sender provided a security context from
+			 * a different security module than the one this
+			 * process wants to report if these don't match.
+			 */
+			if (from_ilsm != to_ilsm) {
+				if (t_from)
+					binder_thread_dec_tmpref(t_from);
+
+				binder_cleanup_transaction(t, "security context mismatch",
+							   BR_FAILED_REPLY);
+				return -EINVAL;
+			}
 			cmd = BR_TRANSACTION_SEC_CTX;
 			trsize = sizeof(tr);
 		}
diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h
index d6b6b8cb7346..e3a0718ce17c 100644
--- a/drivers/android/binder_internal.h
+++ b/drivers/android/binder_internal.h
@@ -545,6 +545,7 @@ struct binder_transaction {
 	long    saved_priority;
 	kuid_t  sender_euid;
 	struct list_head fd_fixups;
+	int	security_interface;
 	binder_uintptr_t security_ctx;
 	/**
 	 * @lock:  protects @from, @to_proc, and @to_thread

From patchwork Mon Dec 13 23:40:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675039
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8D186C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:03:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241190AbhLNADw (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:03:52 -0500
Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:34231
        "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S235658AbhLNADw (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:03:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440231; bh=opWqcFPSxyokgZUudrSgvYovvIvPsi6Mx4b4A7biD50=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=mKybigpinBVH7JAFBePRxcFvBHGf3r1lFRCbgWa8h01OIkwcvi24XWX1Z1CRcG1Nhhwaf1FJPl8JpKtjY/fkW+z+7dT8XKxEk4eG+iKRm52gxjNXDXrKIvZp6wL1BscAsTzFdFSKr5A3HfRxm2jeR+m+gMAzbxvy5X6q70QEu5qA2zsr0En8EAS+MVvk7INGzOHGm/JP/pxxILAcKM0T83RhcnAUO2tzSSJoJqIFqGBT+aNLcJHWwMY3rTUJfnYoo2dv3FHd/VHl4nSexV6lS8z62+mBxQ43iwWUOsqkKUmWa0ARnc7Bs83Dr3oakhz8f8NBuHuPD1+ls/oAfg0dhQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440231; bh=j/SpVQlb8vX0W95slJ+QL8BxVFKvGcXeM6o2FYInyuG=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=oShJS7BlWTXMjcOgjibAw3Tc4DqmtNuUlp48FZmxQ58o4pzp2HFdXA7FNAZZDG4QHTQPjGG0ni7DQCDkGGA4Q4O5xggD/E45ziZTdvt0O2H/zlLHFI46v8VWqXdFQ0Lpjd7fq7sFdBOIM1Aqfdh196rqEfv2FwPAo2O/GAhkFlq/V7PmqKS0Ghz84lcfMJScuYrQvNV9IMrQKjN78IVuhGnI3tdJDN/I9qv/jqWSsPpjTS+tDblVHZQZNCR2xh+4gcc1AGIyJ0MY5wbzUWfZtH2DBQEvPDhnxwtfWklDgmBpaZU7HKXvru4wMeoufZiu3HU23cCmngm3iODfUS/SNg==
X-YMail-OSG: oyfZnNkVM1kRn5dqnny_kzVh7.H.PEBzcbsoR4X4adBNH8vmAENDT5VMiqdHRBy
 gP7i6.rUAYe04bbe0AqQ6TuS1kl2nOsuWUE9crNdv5fPOzelpOToI8vp7K85uwHjfjR4hEx4b44w
 MO3A5f2LS4RUDOS2W8OkDLc2IQ5Hyex5tdDY_4_PG0VaiFJwqb._WY8WNBzOIGOw_QREU3BTdXf_
 639VJql7O7fhGpceeO3E7pOP3FhIrsn7bDgiAvLp943hE_OpRARwEOE6h.zkYHzazrAhMbUGp0vc
 RR7GdHV_LJsQmCzQ4d7_1SgC2ZGT6VfDaFEiCTN4ZVRe4guOgsa11z.GY.JTwNnUiqK8vFtyS8Id
 5K0HLz.sf.6pCBBr.KbaB.mu9lD71T04hxZqunkw.4m9xLGlW8Z_bwxZiW77QDhKVvBsGHDqhWvz
 o0MrZlBPJ5CTtF615cClfKAC7mHfNdJunv5drk2V4IaarLu8ZhFYrD2GnOavkkhlAD7LhXrTPV6t
 eon_vTwthkdvao8LGU1DLLyGfZgF2BeBoV.augArRluMEVyQZom5S8Mn4MBe.RIRU7A86SDZv.gZ
 X0O3Fj0Vpe3akuGE3rizKbArJb8mEx5LBZssRd.zUXQczF4JiTra6atuXuxjUkL88.9NlLEnhjmk
 2WyT_xGa68xHEBHrgdNcpB.Kz_NYSHmUOGU5zSnQ4CAURS89BFtthFvTrti6nG2iM9M5aDXXCGwr
 r6WP3a9Wp5hz8xlm0J6PDR0EP4tHUkEHDTBkrAKh7QxevddebGLpKynEedD28yMorKA3aviP2Wls
 r8U_AJOSGAjnTR3.VyDgHDxM4cGvla_k.FJvaSblCyATQW9w3nGakpZCoWuyUQYGQRPhL7MU0abn
 vBjHzxCcHjUsRntmJQacBauGtTBufjXfrP0IumZfQjVRdoNf0MovptlDcwr6rX0edmtGVOz0Ir78
 nYEbh2xs48g1ODrGsVRBEi7wlwOVj.Y3.UH_i1VN7B8MwB2D3fECiMeI6HQ2BVBSUNNEanmncyCs
 Bilr8VvvfLoXElDqOGGyAvEAQ6osOH.bcBE.WqrqsRbxcNZFkBlonzzPw6wnUl_G02q1RqM.UIqA
 sGVw3RflYiFKQLyQOgyG6pn99C2CX2NwV1Oed3f9YM96_QGvKcSdJ7kZtioxy3DPX9vd.6WL33mm
 LSNFf2e2.7tY_F52RQxmuFkZH5EpizIPlqpoHGuv2amKmE7zMX4hbFCMh_1VP3pMBr_Dw4W4_lRY
 oWMeYoO3e3yYJXfcfXOkNA33HyWr0fwJMum8XRhT76TI15j8KmEiSIkQ6ZBKOM5HPuyjy8FBabTC
 Pzhd94C9ceUL22GtYgXZa5OB.Xu3NrEPX6XA8B0POYE7j_7fXzsyyeoVOS8SfUJ5im24AHfZtqBq
 F69wcqTAkNZYz2UkK1F7gVsySHUO7a8xzkyS73EpnaIydRQoSFVhEjfmltDujGDnOpD717kWvTu9
 8L4BzGlqaJlNnqRpRMvdUpXbPA_WctrZZGkwqujz4sfHrwcWvc6zk_z.YEdna.rezSV8kOeMHZgC
 .e6xcU3DYnFpwWTl7QUrM0r3UPBhBbvjs4rM5Pu_VYR9TEDUyyvLeYf7VXrEejR1HR8_IhjEv0Cn
 LctjHMNpewD06oihDIUs3I9qnxD9obm6byzvQQIL4_fjWXn7N3hlrLwc7vWElBJdP3ELoJhBk4Qp
 3cimtKPnNO8UmHwOYqQpNznCJmOxnnI0RWorFuRSoLlt6g4NLqA0tGDen9xaPr1d8IudTXL4RY4X
 ySmtGhZiBOgfTK0YoTv7QgOb0OjUWGrnpwyU4QTfYKzgxke0sEnt0aF3hKpzfGUd.FAJFItDagdq
 jC0luG3bCERZCsZaz1jySACn0EZmUI10TI8qObvRs8ullfRxLEyQD9Xa7BketNCO3ju9Q9JMXxlk
 AUcpd11vIjAP9OOD6jryaRgLtuoRQYrxBCoguf.f7ftE.021LlhFpz7NwXJDW3lw3I8LwHLjym3Z
 KIgH2MaSY3adteYjaXAn4YUSxIqjoHY6_IjgI_.v.R61dCOCerB0zKcZC.wP01heVBmsBW.M1RWq
 NBEWbgsSqB1u3l3Uwhn8I7hm3jjca3wNtyHS8z.uXzW4HSyUSwGEnTnOHCYaoQqx_64_sspxq0EY
 2xwuk9ClrZMe7_.FIAazLy9EdcM3sMgaUpDrb4tL.PtO4NleJH0jomPaII1C94IMoQj8xeywm2iY
 d0UcYMONuGyeG743OKSjcXF5D2LWd.5COJWyBWeoibUpvikVqrp3DyobjtZekfxVeA4R1p0bevfk
 LMDogS7L3xZcGHDdWyLESow--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:03:51 +0000
Received: by kubenode548.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 45ca1362a2d7953997a5dcea844bd3a0;
          Tue, 14 Dec 2021 00:03:49 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 21/28] LSM: Extend security_secid_to_secctx to include
  module selection
Date: Mon, 13 Dec 2021 15:40:27 -0800
Message-Id: <20211213234034.111891-22-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add a parameter to security_secid_to_secctx() to identify
which of the security modules that may be active should
provide the security context. If the parameter is greater
than or equal to zero, the security module associated with
that LSM "slot" is used. If the value is LSMBLOB_DISPLAY
the "interface lsm" is used. If the value is LSMBLOB_FIRST
the first security module providing a hook is used.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 drivers/android/binder.c                |  2 +-
 include/linux/security.h                |  7 +++++--
 include/net/scm.h                       |  2 +-
 kernel/audit.c                          |  4 ++--
 kernel/auditsc.c                        |  7 ++++---
 net/ipv4/ip_sockglue.c                  |  2 +-
 net/netfilter/nf_conntrack_netlink.c    |  4 ++--
 net/netfilter/nf_conntrack_standalone.c |  2 +-
 net/netfilter/nfnetlink_queue.c         |  2 +-
 net/netlabel/netlabel_unlabeled.c       | 11 +++++++----
 net/netlabel/netlabel_user.c            |  2 +-
 security/security.c                     | 20 ++++++++++++++++++--
 12 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e15fb8575c81..13cb1ae1ce6b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2721,7 +2721,7 @@ static void binder_transaction(struct binder_proc *proc,
 		size_t added_size;
 
 		security_cred_getsecid(proc->cred, &blob);
-		ret = security_secid_to_secctx(&blob, &lsmctx);
+		ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY);
 		if (ret) {
 			return_error = BR_FAILED_REPLY;
 			return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index e29d2894928d..bec8505f2ce5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -184,6 +184,8 @@ struct lsmblob {
 #define LSMBLOB_INVALID		-1	/* Not a valid LSM slot number */
 #define LSMBLOB_NEEDED		-2	/* Slot requested on initialization */
 #define LSMBLOB_NOT_NEEDED	-3	/* Slot not requested */
+#define LSMBLOB_DISPLAY		-4	/* Use the "interface_lsm" slot */
+#define LSMBLOB_FIRST		-5	/* Use the first slot */
 
 /**
  * lsmblob_init - initialize an lsmblob structure
@@ -598,7 +600,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 			 size_t size);
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
-int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp);
+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp,
+			     int ilsm);
 int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob);
 void security_release_secctx(struct lsmcontext *cp);
@@ -1459,7 +1462,7 @@ static inline int security_ismaclabel(const char *name)
 }
 
 static inline int security_secid_to_secctx(struct lsmblob *blob,
-					   struct lsmcontext *cp)
+					   struct lsmcontext *cp, int ilsm)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/include/net/scm.h b/include/net/scm.h
index b77a52f93389..f4d567d4885e 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 		 * and the infrastructure will know which it is.
 		 */
 		lsmblob_init(&lb, scm->secid);
-		err = security_secid_to_secctx(&lb, &context);
+		err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY);
 
 		if (!err) {
 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len,
diff --git a/kernel/audit.c b/kernel/audit.c
index 841123390d41..3c6e88a9ff62 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1443,7 +1443,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 
 		if (lsmblob_is_set(&audit_sig_lsm)) {
 			err = security_secid_to_secctx(&audit_sig_lsm,
-						       &context);
+						       &context, LSMBLOB_FIRST);
 			if (err)
 				return err;
 		}
@@ -2138,7 +2138,7 @@ int audit_log_task_context(struct audit_buffer *ab)
 	if (!lsmblob_is_set(&blob))
 		return 0;
 
-	error = security_secid_to_secctx(&blob, &context);
+	error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST);
 	if (error) {
 		if (error != -EINVAL)
 			goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a3de97beba21..2cf39de8f961 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1123,7 +1123,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
 	if (lsmblob_is_set(blob)) {
-		if (security_secid_to_secctx(blob, &lsmctx)) {
+		if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) {
 			audit_log_format(ab, " obj=(none)");
 			rc = 1;
 		} else {
@@ -1369,7 +1369,8 @@ static void show_special(struct audit_context *context, int *call_panic)
 			struct lsmblob blob;
 
 			lsmblob_init(&blob, osid);
-			if (security_secid_to_secctx(&blob, &lsmcxt)) {
+			if (security_secid_to_secctx(&blob, &lsmcxt,
+						     LSMBLOB_FIRST)) {
 				audit_log_format(ab, " osid=%u", osid);
 				*call_panic = 1;
 			} else {
@@ -1532,7 +1533,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 		struct lsmcontext lsmctx;
 
 		lsmblob_init(&blob, n->osid);
-		if (security_secid_to_secctx(&blob, &lsmctx)) {
+		if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) {
 			audit_log_format(ab, " osid=%u", n->osid);
 			if (call_panic)
 				*call_panic = 2;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 47d1085e037e..ebbde7d9d8bc 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 		return;
 
 	lsmblob_init(&lb, secid);
-	err = security_secid_to_secctx(&lb, &context);
+	err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY);
 	if (err)
 		return;
 
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index e4a0d1c8ac55..e4f33fd86916 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -347,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	 * security_secid_to_secctx() will know which security module
 	 * to use to create the secctx.  */
 	lsmblob_init(&blob, ct->secmark);
-	ret = security_secid_to_secctx(&blob, &context);
+	ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY);
 	if (ret)
 		return 0;
 
@@ -657,7 +657,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
 	int len;
 	struct lsmblob blob;
 
-	len = security_secid_to_secctx(&blob, NULL);
+	len = security_secid_to_secctx(&blob, NULL, LSMBLOB_DISPLAY);
 	if (len <= 0)
 		return 0;
 
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index c8825e89a21e..541a49d5be9d 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -180,7 +180,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 	struct lsmcontext context;
 
 	lsmblob_init(&blob, ct->secmark);
-	ret = security_secid_to_secctx(&blob, &context);
+	ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY);
 	if (ret)
 		return;
 
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 69343275c54b..ea43bfd14544 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context)
 		 * blob. security_secid_to_secctx() will know which security
 		 * module to use to create the secctx.  */
 		lsmblob_init(&blob, skb->secmark);
-		security_secid_to_secctx(&blob, context);
+		security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY);
 	}
 
 	read_unlock_bh(&skb->sk->sk_callback_lock);
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 60e36324568f..a70269367827 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -437,7 +437,8 @@ int netlbl_unlhsh_add(struct net *net,
 unlhsh_add_return:
 	rcu_read_unlock();
 	if (audit_buf != NULL) {
-		if (security_secid_to_secctx(lsmblob, &context) == 0) {
+		if (security_secid_to_secctx(lsmblob, &context,
+					     LSMBLOB_FIRST) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 					  addr->s_addr, mask->s_addr);
 		dev_put(dev);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&entry->lsmblob, &context) == 0) {
+		    security_secid_to_secctx(&entry->lsmblob, &context,
+					     LSMBLOB_FIRST) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -550,7 +552,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 					  addr, mask);
 		dev_put(dev);
 		if (entry != NULL &&
-		    security_secid_to_secctx(&entry->lsmblob, &context) == 0) {
+		    security_secid_to_secctx(&entry->lsmblob, &context,
+					     LSMBLOB_FIRST) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s",
 					 context.context);
 			security_release_secctx(&context);
@@ -1120,7 +1123,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 		lsmb = (struct lsmblob *)&addr6->lsmblob;
 	}
 
-	ret_val = security_secid_to_secctx(lsmb, &context);
+	ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST);
 	if (ret_val != 0)
 		goto list_cb_failure;
 	ret_val = nla_put(cb_arg->skb,
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 951ba0639d20..1941877fd16f 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 
 	lsmblob_init(&blob, audit_info->secid);
 	if (audit_info->secid != 0 &&
-	    security_secid_to_secctx(&blob, &context) == 0) {
+	    security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) {
 		audit_log_format(audit_buf, " subj=%s", context.context);
 		security_release_secctx(&context);
 	}
diff --git a/security/security.c b/security/security.c
index 1b9e1189d74b..a1dec90d7757 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2331,20 +2331,36 @@ EXPORT_SYMBOL(security_ismaclabel);
  * security_secid_to_secctx - convert secid to secctx
  * @blob: set of secids
  * @cp: lsm context into which result is put
+ * @ilsm: which security module to report
  *
  * Translate secid information into a secctx string.
  * Return a negative value on error.
  * If cp is NULL return the length of the string.
  * Otherwise, return 0.
  */
-int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp,
+			     int ilsm)
 {
 	struct security_hook_list *hp;
-	int ilsm = lsm_task_ilsm(current);
 
 	if (cp)
 		memset(cp, 0, sizeof(*cp));
 
+	/*
+	 * ilsm either is the slot number use for formatting
+	 * or an instruction on which relative slot to use.
+	 */
+	if (ilsm == LSMBLOB_DISPLAY)
+		ilsm = lsm_task_ilsm(current);
+	else if (ilsm == LSMBLOB_FIRST)
+		ilsm = LSMBLOB_INVALID;
+	else if (ilsm < 0) {
+		WARN_ONCE(true, "LSM: %s unknown interface LSM\n", __func__);
+		ilsm = LSMBLOB_INVALID;
+	} else if (ilsm >= lsm_slot) {
+		WARN_ONCE(true, "LSM: %s invalid interface LSM\n", __func__);
+		ilsm = LSMBLOB_INVALID;
+	}
 	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
 		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
 			continue;

From patchwork Mon Dec 13 23:40:28 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675059
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B26C9C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:05:01 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238784AbhLNAFB (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:05:01 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:37881
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S232817AbhLNAFB (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:05:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440300; bh=4WSfb/YrW81av1VKokm3tSF+cQI845WVs77GasckxVg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=EIrpbM1dc79MYXj2Jzw46xFjMNITvG9uX3zZBApaBQpYtozt0ild/bYiN2tEQ2TEHU7JVbkIP4Gig8aZ/C8RszHBPk+0fFxFMkCQNhYMcRwPEGIIRbno/lac35397EJBvUGUhjnJDrsrhsHOksI/YeT5cL9+P0KpHyc5fEDIeQrZUBejSKd2DOJSPtuhsDOmWkXo+g6PuHR0v1KsZ+ytGiEv99GjNPcdtRCyDV2vxT2huBHo4z9Ju0x0bVit0ve6EGuyzcgSndrczSgPvRAtOI78XNYnn1Vz0DhhWm8WWunR9+Lk1DSflNEecEv6J9VJ9Z+0pP6YGWOY05+w7q4ZSA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440300; bh=20QH4BoFmuvmnHhZ3gbCqjw+LH5ipMFcBKgCAo9WlAA=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=iat/onq+llk1etUL2G027QuupvRQ5X6OBvVWafgRFY7U99jhPNpkD2m5wh42GEE1qVtjc13/OhKWGQ49smtG06z9HSLl7y1AIvx448sDL7E0Ojqhys+7hP58S1JlECgX4odvirr00W0cpUF0w6nzU4UHrdiHUSLKlk50xuCoSeTZbte9a/T7MjeY4CR3N+cgs1up856vflNszNoWOa3FY4qOkhpxLmFAVkoWZxxG74keWyq58RZzjsq2Ng+UKWu9Pq8QOoLuWQ0KehcXd3/3W3ekiH9dSfYQcMf7XtFZcxQZDGnHUodpdf9beU+M+cVxocxzBCCkmD0dVuds1J7Kpg==
X-YMail-OSG: ns4p0XkVM1lHWxHOrw_wqFUCEy9Dddt1KA1ZsgdnRL3BULr3UTrDhD8qoDqW9r9
 CoWCYQdtdgwG0wjU8.JCxYdM0KaW3rLURolA3QqGPDgWCaQ1GQNJt4BV6RgvMAtgfrck4qfZyuMQ
 dnwLQKwZh6CfiRjPaJTTpVAUJ9NIx0VQ6NWQafhxMvDo90whAI1qGS9hlS2y0lP7IB_thP9c.ztf
 3mrtmcz3jAZdsAEuvf61hl1Z1WwAT.sN2ctLqDnahHoijM4hkWPld.PlZ8E3b5arHRgGAes35QAk
 cNcC6ny1e3aXWo5sI8GaLcDDAuUwEKYQNAZsQLdx5GBZljy.zo.XIfdGZp4kS1FPioHYidGxBba7
 uA.3YrCCuRtRvI6TtJOFtvpEEWPA6wcN6F59ohDvJ8IPVaqvFDTKAVYQM8LBZiCzi7mrWUA3MSwO
 TY0dQQ4h7D6RQLenGqBryTXNb_5tePm3VcibP3_8.Vu4XcxWVlZTfyuNMDBh.42PasU5o0AeljeF
 FHeg.MCT_1Y6EEohgQX68ze.LYwHz.mxTgGdzlHbNazIjByCjMNySOxkJM4pGRF1v91pq7CJJmai
 N.7XbTYwcAqn78nkKWH5ggszK7e9DJ2hTiRH3YnoDB0RhK76ENQappykM.ZYNIe5.KBVDszWCvBi
 UTrOZ1ufV6WaHV1qcZ2Ha7jk8HDhtDm1hRrZdrFeunsoH9r6TnA2DcvhBgKNnuhprIqi.Es1yOAG
 1.ygHpnMrzOSW3njCj5yixHWtbmo5.JxfHu75tU3PmTdES60jtmo6eKdvrsXCYKGFV6v3EEa74Ng
 tpwVndcQobb3WpW.04cX7N4z2WL3wAH.5Om8CutYXPeij6iWH0SRCdphUlqvQzm.nF_.v1kmfgHJ
 ZUVrbCJeWyRp8zVFkJaAVCMUKPuqG91ACoJnY4_ZvwJtk_5HUokKlMamMt5gUbZvdRjrPDgPhCmC
 MuR0fb4RQW3UqrEordC.IffjkKEi4_dWcDKm4FDazEFoOP32a7Tobaz1Fy7RbkbpjvyJHxsjQRZI
 UbJGvplL2WG3tMPRWIgrwbntzWcLImnjPpj9uW3gW1xgLnQ9jTUMPC87ZIin6TEsg19_D6dYdivs
 RDXgmgiRXQTJB1s7sKMaqzt2vNSQmm6AyE_C62.DJGyN.SnerMfNmZ24SqFEyuTvCkca.xXGngGT
 sWQfWhsTshvPQypNhLThfEPWwlnOEXRt.8Hm6bPuV9F7QpyWXXNH2TS.pnsPeN6dkZ_Ma.CeYLDq
 a.Uwg6zPQ5D1SaGlqPrp5LK30MUdvayiLBoAX7Acb6BQ1gqQeTm5yOl.ggNqofAf8kN7Qizfi6oN
 FpRCqSkjaxUUsGiKGyDRv400VKWTwBmhEKW0PcyDQAxwnaQ42hljOCa8gILj34lZrv.UkZ_hgo65
 ybcdOrH3ePB3BZY0WfXoAjANBrHMdO7cNozFz2arBbC4RMNOjGrs35SSom4HotmoKY_ZVBwUBter
 a7znlkZEXdtDrHhXy5N8FA4J_MUZ0dH44y8_CZVuEaKtzoUSg9kUwl8RgKZgNxJGf7s1wSlq.y9J
 l7EY1tpCPFfHhbaVeBAJD171xkW7kjJ5BOnOJ47i_Vw2rWx2OHETS_VsZ_Okn_anVvh7bCV4qxGP
 x1E4vjnG_EwQsbTSFpkjfx3i4h4BXLCs4d1l5ZCqvf2M_U1oTdblOTYCLWynpvK.3ODKDUJYuBaW
 hlJdUelznzq2kt13q1b25g083.OqAZ2ISdNZZPkeO2UAqUu8miMvpHvySPvgyD00r5moOGh0Gunl
 RA9B0AQ0zocpbZ5.gZ1SBG253hPVFCxVPWrMZfqlH5HLX89H3G0OZsFgXl19BslZ41le0Xp2vCMG
 mhkn3YtF5gr1bcPyHWNCLM9HMMZ9N.rHCrkOrmNgoT2MGyro.S7lM6YNjazxHdomJMEIJ3jT7VoU
 P2ZKZx7QWgnRHkId.tf6lPXHh9361M_ZjmJ5jjtV2csQobPy.BaAkbx3OjfBhC05Jv3Z0XAido90
 mlpUs0w2ryVJcNSGY7FKwWmlUlsvzoXacZWEJw7KCHX7cFpBNokfcc1fOTYh7EkafVS8FTA7thfi
 lk7rcm8uo1KiZ0D3vnTB4TkYwEqYqs1g5ppJY0bHmc5f3aDz1ma_7J5ShWeeMs_qHfch_bTzfkRf
 APNWYDkpsnsbQbKjeUOMDGcfYlZUpUot_enc3XsvQqb9HE9SV23P1p3NecYn5naElOehN_Eehhjj
 JQuy1EuTZlWUzTwD6jwv0cBCF17C30lz7HIGYLZb95W2Hg9a4nSY1.cYjG0xWaUTP10i0lAzVCC3
 IYGfdcJx8GhqaPWjPj5Q2ow--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:05:00 +0000
Received: by kubenode516.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 2c944b2e55a0f5436b828dcda8d0831e;
          Tue, 14 Dec 2021 00:04:55 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 22/28] Audit: Keep multiple LSM data in audit_names
Date: Mon, 13 Dec 2021 15:40:28 -0800
Message-Id: <20211213234034.111891-23-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Replace the osid field in the audit_names structure
with a lsmblob structure. This accomodates the use
of an lsmblob in security_audit_rule_match() and
security_inode_getsecid().

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Paul Moore <paul@paul-moore.com>
---
 kernel/audit.h   |  2 +-
 kernel/auditsc.c | 22 ++++++++--------------
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/kernel/audit.h b/kernel/audit.h
index 527d4c4acb12..a2fca1134519 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -82,7 +82,7 @@ struct audit_names {
 	kuid_t			uid;
 	kgid_t			gid;
 	dev_t			rdev;
-	u32			osid;
+	struct lsmblob		lsmblob;
 	struct audit_cap_data	fcap;
 	unsigned int		fcap_ver;
 	unsigned char		type;		/* record type */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2cf39de8f961..d373b4d8eb34 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -691,17 +691,16 @@ static int audit_filter_rules(struct task_struct *tsk,
 					 * lsmblob, which happens later in
 					 * this patch set.
 					 */
-					lsmblob_init(&blob, name->osid);
 					result = security_audit_rule_match(
-								&blob,
+								&name->lsmblob,
 								f->type,
 								f->op,
 								&f->lsm_rules);
 				} else if (ctx) {
 					list_for_each_entry(n, &ctx->names_list, list) {
-						lsmblob_init(&blob, n->osid);
 						if (security_audit_rule_match(
-							&blob, f->type, f->op,
+							&n->lsmblob,
+							f->type, f->op,
 							&f->lsm_rules)) {
 							++result;
 							break;
@@ -1528,13 +1527,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 				 from_kgid(&init_user_ns, n->gid),
 				 MAJOR(n->rdev),
 				 MINOR(n->rdev));
-	if (n->osid != 0) {
-		struct lsmblob blob;
+	if (lsmblob_is_set(&n->lsmblob)) {
 		struct lsmcontext lsmctx;
 
-		lsmblob_init(&blob, n->osid);
-		if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) {
-			audit_log_format(ab, " osid=%u", n->osid);
+		if (security_secid_to_secctx(&n->lsmblob, &lsmctx,
+					     LSMBLOB_FIRST)) {
+			audit_log_format(ab, " osid=?");
 			if (call_panic)
 				*call_panic = 2;
 		} else {
@@ -2236,17 +2234,13 @@ static void audit_copy_inode(struct audit_names *name,
 			     const struct dentry *dentry,
 			     struct inode *inode, unsigned int flags)
 {
-	struct lsmblob blob;
-
 	name->ino   = inode->i_ino;
 	name->dev   = inode->i_sb->s_dev;
 	name->mode  = inode->i_mode;
 	name->uid   = inode->i_uid;
 	name->gid   = inode->i_gid;
 	name->rdev  = inode->i_rdev;
-	security_inode_getsecid(inode, &blob);
-	/* scaffolding until osid is updated */
-	name->osid = blob.secid[0];
+	security_inode_getsecid(inode, &name->lsmblob);
 	if (flags & AUDIT_INODE_NOEVAL) {
 		name->fcap_ver = -1;
 		return;

From patchwork Mon Dec 13 23:40:29 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675061
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2231DC433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:06:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242224AbhLNAGI (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:06:08 -0500
Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:41692
        "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S242077AbhLNAGH (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:06:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440366; bh=4mvg7Rjk4Ibg4L1ov7BoS5y61Y1g9bKqY43cFqldVy0=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=oxXeYIoWifqcttMDNRDaXGDTfzq7qWxdkZw4++8TW+zvT3eHda7Z1VAJg0u5nJO7a2TSHFhMjXT66bwWj/XuMyF4WVjMDadeB9DlNQOSezy/SuvxaoEsVxmULWn8ooaoI7qF4fHHeh6SvS4tVnveG0w/+wFBq0SbS3/TtP/qOuQcDJIq8bnMhEGeiwcfGOd9zMhfeVV8hA8DO4okhMj9SwiyigGRVw7eK6mljNicDaVTIPqXWvnJGHepiOfXxklTdmS/qU94YGAZbf/9rvDsBhGgAyEdpZIsDqu/1qDv0c/qan/0WUZq3Fjbh8Epd07gMNpwYK3tm1qDiMBpY9Xwqw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440366; bh=03kpnv+mxwiHlvUCxlUlDHsopy3/CccvSy7/qz0V61P=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=shj6+oL8LYGM8vykr1c+xq39GwL64JIhpU0cRVbGMvb52DjNfiLtHEsEaCENyLJfKmeMqFxHKxfNOs/QUElBKr2qNcsCB5JTAmJ7FwEg9YOrvlYBwr36nK92kGfRaXQrhjBKxnTt9wp7dZ5GCzr/G1gXcasX6jJH2vini7TG8tG/MccKRgpRSMmCl+EPEsRIOAvQtwEjUK4dmHSPNnWqaTWWQs9zmcppVDeTPDZ2wL9bOpmDQUzE+K6/vxG1WhtjrIrU/7yZXmqqBJEz34YfpIyVTlxHPDVKH38d5x8eFr/XrVTAG5VoScoUQMF2H4o1hM1SZ2no+pt0tF9PmM93cA==
X-YMail-OSG: CaIX9akVM1mVFs4ZCJVLZ0sBOYwLL8PFJEeP4OHGJe6p5JJwY2VxDOmBT977skt
 Se3yyAJrsRr4YOEIawFe2iEbsKa58FzMBXYixVX_KGRlVzZyukiwTR.4LUNpqvL0GXRsT1GG9zfX
 bPiw.xAsX2VDuboR75zPKsu8zV5mZBQX26MO0X1j0F1QcZQFjAmdzyNDxK4YY9sxSPw_DvqUNIqS
 zbRajpO8JV0PRRfB0qsGJmIIoaiGqGr1NjblPZ5UBmYLAkqUROtD3MGOShs3xhIC_a5yqaPHSM6P
 H9z8WBINTKDI0j9k5WSMNhfaDPeaEEZtQjLSb_8DAdSLQIwUf9bnh1AsGZ7zyBfvblaOtP7rw1_6
 27qf0JEhDlyNmA3ncmlA9Q5xPmg.XntLq5P1Ue9XPO8_1iFQinQG6k17Q6vU_8ziIJ6F9iOTG5RN
 LFMw0yRGxjqqhV0X6AtnzA4YFlmYrYBJ8giNva711B1M77jGIh1UnL3i0K8y6KkW4qmkV8a.xiiF
 ySJa9cFFzbSB.YJlncnMt8JcuWIrUi2WZDwkc2VcteYgduVPCWQGc2D9iDztRnmQFx7m3RLutRju
 ut7CdKHW_rC7aiREPr_uEEYklM5ay3GyKEVZG.1FUBJBZyCoKHFgn4c7ehigsSUTDk3Y.nkKXTSv
 Csn6qwM7ERB2jBbgO23BwadjWsd1HBSzBJcNI3MD8026gV7QCQgIUw5TzD9wzqs3l0siOvUpXH4g
 t2X4O7p0L0.0eGUvsuDYlAMZLRKtGYXMb0QzRYkHozebrEpndKwpPkMBG6C1AB5QmSN9jBry8CPm
 SUX_iHEBw_InjBvQ_Tdd2O_9pXnP7nr3Nz28rBZZ3Lf3AMBO6wGznGqdTeO7AU4_amPWU8ctjfam
 AYMjt3TbOAVS71AHrPMdU2f.QLfV1ORNfJglz8kkqKtnhSTE037xIRN_IzJb0HcGLZPY1b4gFo6i
 zCNuPcif5b0MaN1rHe1KksGjD3uhpPEzFC2KMYm6OM6WqfPsI8sDf36psALgolT4fuY8JpGktWZ5
 PZe68RSqQIK5rz0iRyUWuoouDAYzCEFLVEbzfrw6.dJ3CFPbBR1Gyywgub10FtD.kU87HcMJ9wbA
 TvIth4kM9ZMz9Gvu5lj2gSnD8DWY464HvwD7dArMokxm2vE3Pftf7YAKbdx98VuG5G4axFjQILEk
 JiKtvQ0DlaiiNcdqot5rvOXF7vOT2xmU5U__BuiOBbfqe3zJjiuKSYeqPfqQgTDFP73_7fF0cBM8
 NSd.IWfuZ12AqKx4WXv2tVY0f8YULV72kbP3dNNCNjPfvrErnNUVV6vjWK8UEDa1qnA8Jm1qkvCB
 An8WgnIVJHmrWijfoAWnBPfqW1A4QivJkCRf281XorTuQH9.flYWMBWTjS2xwggZIWoizDm8mVQD
 VddPDq1MxnlvyzPRT27KAA_9nc9xu.ehPBgN5ivCLWu5pD4UXZZFyG6EE1z3t6T5WIM_u6AtAaLZ
 tas89jgDu9S6TZtjPbb8UezEzOq1cVKh.P8TB9GDilatKm4Ru.xIsF1QUJaaevYAJjftJpLeycFz
 w75KlYCvrNSM.hdTR_4FRTIG8NEZCLKccwfLQO6BB0C.mi4Zj13YgPcn1y9GXgZ71gabY2QUZo1O
 UpvP8l3eSq.hdiKDk0UqoXZeuwwahZu348qk0DY_VOf8FXdq_IaOZUwqDaxt2Pr6vrPp30swTfSh
 SQ5izGNJCrnuWxW5CfBNND63vHBPWcoreOF.t27gjT4OffiFdCrOpEpUHuf7bDD.uEzawB4Yms.Z
 8HXzYieAAzV.ct85PlJLJhe2jBxaSbjh2zOq5DC1jAD6osIPGs.Li.ixIXJ.Z1lkPcyArF.DUipJ
 S6hTceTq_YRImZC_NkWuopcCGBcK4PUZIQfhYFFSYJgf5dSqhXxLqPieouGbn71E02bLp67csRRd
 EZzpXijyeClkqZEuUZ7wLGjAihQrD20yhPj8RljwC1210jEYJ4KaFilgJYs_Lvfkx9_9abbbwIfM
 D6aDYlpYJ9PjlNJic6V8HvawkHQbuYLIcpKZIVZ82TZt2nCfHkVnrcGrj6h8rOXeG8LHstcpUd3b
 5Asb8j6TJoVG4WDYyWqhM26cur5cKorsQVrA0FL3cpEgzOfkeqSMe9VeqByVguXm7rtAGpNqwndK
 kixhR09YV9vWSyIWuIBlz8Q0m_W7OSIH36CbjX8VbnjbbVgC.Sv8slBs2mIpC24hsWr1IMROKs_B
 r0zi6g1Vcb17J9fJtK_H6bCF3MdWFfVHmWr4QeUmuWtw-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:06:06 +0000
Received: by kubenode541.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 9e4b96ad20c974ca8a3eb449af84f999;
          Tue, 14 Dec 2021 00:06:02 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 23/28] Audit: Create audit_stamp structure
Date: Mon, 13 Dec 2021 15:40:29 -0800
Message-Id: <20211213234034.111891-24-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Replace the timestamp and serial number pair used in audit records
with a structure containing the two elements.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Paul Moore <paul@paul-moore.com>
---
 kernel/audit.c   | 17 +++++++++--------
 kernel/audit.h   | 12 +++++++++---
 kernel/auditsc.c | 22 +++++++++-------------
 3 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 3c6e88a9ff62..069cd4c81a61 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1786,11 +1786,11 @@ unsigned int audit_serial(void)
 }
 
 static inline void audit_get_stamp(struct audit_context *ctx,
-				   struct timespec64 *t, unsigned int *serial)
+				   struct audit_stamp *stamp)
 {
-	if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
-		ktime_get_coarse_real_ts64(t);
-		*serial = audit_serial();
+	if (!ctx || !auditsc_get_stamp(ctx, stamp)) {
+		ktime_get_coarse_real_ts64(&stamp->ctime);
+		stamp->serial = audit_serial();
 	}
 }
 
@@ -1813,8 +1813,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 				     int type)
 {
 	struct audit_buffer *ab;
-	struct timespec64 t;
-	unsigned int serial;
+	struct audit_stamp stamp;
 
 	if (audit_initialized != AUDIT_INITIALIZED)
 		return NULL;
@@ -1867,12 +1866,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 		return NULL;
 	}
 
-	audit_get_stamp(ab->ctx, &t, &serial);
+	audit_get_stamp(ab->ctx, &stamp);
 	/* cancel dummy context to enable supporting records */
 	if (ctx)
 		ctx->dummy = 0;
 	audit_log_format(ab, "audit(%llu.%03lu:%u): ",
-			 (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial);
+			 (unsigned long long)stamp.ctime.tv_sec,
+			 stamp.ctime.tv_nsec/1000000,
+			 stamp.serial);
 
 	return ab;
 }
diff --git a/kernel/audit.h b/kernel/audit.h
index a2fca1134519..56560846f3b0 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -99,6 +99,12 @@ struct audit_proctitle {
 	char	*value;	/* the cmdline field */
 };
 
+/* A timestamp/serial pair to identify an event */
+struct audit_stamp {
+	struct timespec64	ctime;	/* time of syscall entry */
+	unsigned int		serial;	/* serial number for record */
+};
+
 /* The per-task audit context. */
 struct audit_context {
 	int		    dummy;	/* must be the first element */
@@ -108,10 +114,10 @@ struct audit_context {
 		AUDIT_CTX_URING,	/* in use by io_uring */
 	} context;
 	enum audit_state    state, current_state;
+	struct audit_stamp  stamp;	/* event identifier */
 	unsigned int	    serial;     /* serial number for record */
 	int		    major;      /* syscall number */
 	int		    uring_op;   /* uring operation */
-	struct timespec64   ctime;      /* time of syscall entry */
 	unsigned long	    argv[4];    /* syscall arguments */
 	long		    return_code;/* syscall return code */
 	u64		    prio;
@@ -261,7 +267,7 @@ extern void audit_put_tty(struct tty_struct *tty);
 #ifdef CONFIG_AUDITSYSCALL
 extern unsigned int audit_serial(void);
 extern int auditsc_get_stamp(struct audit_context *ctx,
-			      struct timespec64 *t, unsigned int *serial);
+			     struct audit_stamp *stamp);
 
 extern void audit_put_watch(struct audit_watch *watch);
 extern void audit_get_watch(struct audit_watch *watch);
@@ -302,7 +308,7 @@ extern void audit_filter_inodes(struct task_struct *tsk,
 				struct audit_context *ctx);
 extern struct list_head *audit_killed_trees(void);
 #else /* CONFIG_AUDITSYSCALL */
-#define auditsc_get_stamp(c, t, s) 0
+#define auditsc_get_stamp(c, s) 0
 #define audit_put_watch(w) do { } while (0)
 #define audit_get_watch(w) do { } while (0)
 #define audit_to_watch(k, p, l, o) (-EINVAL)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d373b4d8eb34..68a582fa87e6 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -983,10 +983,10 @@ static void audit_reset_context(struct audit_context *ctx)
 	 */
 
 	ctx->current_state = ctx->state;
-	ctx->serial = 0;
+	ctx->stamp.serial = 0;
 	ctx->major = 0;
 	ctx->uring_op = 0;
-	ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 };
+	ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 };
 	memset(ctx->argv, 0, sizeof(ctx->argv));
 	ctx->return_code = 0;
 	ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0);
@@ -1889,7 +1889,7 @@ void __audit_uring_entry(u8 op)
 
 	ctx->context = AUDIT_CTX_URING;
 	ctx->current_state = ctx->state;
-	ktime_get_coarse_real_ts64(&ctx->ctime);
+	ktime_get_coarse_real_ts64(&ctx->stamp.ctime);
 }
 
 /**
@@ -2005,7 +2005,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
 	context->argv[3]    = a4;
 	context->context = AUDIT_CTX_SYSCALL;
 	context->current_state  = state;
-	ktime_get_coarse_real_ts64(&context->ctime);
+	ktime_get_coarse_real_ts64(&context->stamp.ctime);
 }
 
 /**
@@ -2474,21 +2474,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child);
 /**
  * auditsc_get_stamp - get local copies of audit_context values
  * @ctx: audit_context for the task
- * @t: timespec64 to store time recorded in the audit_context
- * @serial: serial value that is recorded in the audit_context
+ * @stamp: timestamp to record
  *
  * Also sets the context as auditable.
  */
-int auditsc_get_stamp(struct audit_context *ctx,
-		       struct timespec64 *t, unsigned int *serial)
+int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp)
 {
 	if (ctx->context == AUDIT_CTX_UNUSED)
 		return 0;
-	if (!ctx->serial)
-		ctx->serial = audit_serial();
-	t->tv_sec  = ctx->ctime.tv_sec;
-	t->tv_nsec = ctx->ctime.tv_nsec;
-	*serial    = ctx->serial;
+	if (!ctx->stamp.serial)
+		ctx->stamp.serial = audit_serial();
+	*stamp = ctx->stamp;
 	if (!ctx->prio) {
 		ctx->prio = 1;
 		ctx->current_state = AUDIT_STATE_RECORD;

From patchwork Mon Dec 13 23:40:30 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675063
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1F6E8C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:07:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232824AbhLNAHM (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:07:12 -0500
Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:43918
        "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S231280AbhLNAHM (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:07:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440431; bh=TxNpdlzUmw1+Q621GRMs5woVbaxw2QJk07agF6+Fd/I=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=g4Xx/cteLAbB9FJjnzgl4iWxM+11/nPK+EePDXARALvzZObCbXBvHqRkk3W9HTQKbw9+KAZSCetVw3aXZ/rkZcueUEHnhbTsxAXn0Q+jLqhNeXaOdSGavpvlZTQNqf8UBdkBV2p2ZaximGi4sxPtcCgTwNYNVmJD8k60enb3Dv1bddLFi+RclXeIreGNwXQkSi3pi083e6uMn2bsWiWKaFxBo+2468z8h0CCcFKzxysXvyjNK/tfP2FyKDQOfhwLZ7IYs20bFfn+FAgkUAHa9nOclVaSSKUHuKWGoBT+WUZL10Yl/c7kWbdrl7d0CWNNpIfO2JpxVPL1GM4JomlVoQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440431; bh=6kZqOyyifQKvDyAEplPy1+5QW2lJbvzcBKRE8bZSph0=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=SY8lzhaaKWAMJx9LajcmdmUhAbS2pPXJyvujUDRSgHLIDacF3fmsCqCfI7fOBR9nBNZspXhMZ3PiA7zXRHm6pfMXqGoz6EbQtZiKUUm1pRYLIS8bKo/9OTNgnWKp+nBDIffsa3UWhEGWTCEDdhc94cA0iHN6/ss9i345RjrYG3V7HtU76mVlnraaYemxz5w4T3sPh1y8lQLqUQ5OV3wxydHsni19NJey/UcAe/ZWHJMM29x9AwjSTGNz8AP9+cOWxH85RXG24pCCNbtalaO0fWDFJY7ktpfSk1hKo1fR+IPrJcDXY9ksejdvlaU2x1bjwYv/r97LHOqnH5fxITJXsA==
X-YMail-OSG: UM9eCKwVM1nophkTjnoLZQG7D6JWCNzW36cx5knz1vQ5aVbMnRJ2oDbWGr3qV4Z
 qV3o6zBjHs7fQ2m4_2wBh_ZaIseJTc352UPUx6UHG9zrRkV.l7bmh0a2hBxn1JgroGouQZu9btUz
 Rx2bvvMoJWeh0UJs226U4V5TagbcwZoUkJffZAQbjqK2_ZFWuLdjcW6RyPHWIk5.VfDClaw6_vBw
 MKoQzg2sMILygh2o8aYBUOFWc032TYxYfFVlSjODuf5N5Sv1u.OOQYi8FyTxkTL1boxjzBEAMEzp
 DUdLp3Ib35Q506tWNjKwNfHHTDKiMy5w5bdHd0K_l9_Q6ogQlW37NWxr6ZdEq2.ETmncZt6ySE_j
 hEaZDHVKtxLkaiLDtYseyTHRwgt25o1lrkYDrPKgwmqpi4va339.OkK_7zfAFxVkVRKiFp011Q9o
 IwQeMq2_X9_v0f6ZpUlzFwF0wVOQaTbGGhbNz1bDiF6r6NA13Unln9sKPn9NVWs54cBWe94fSkX8
 Qz6_wfu775V4oPKSKvlfU8JNoEESOtTQScGzLR9Km4vLB2DpELPtziRbQ5as8x.iUemzX4sHLlSb
 Kzb0z3HHam6WNloWKrSBtBkJOabQt4pswI.FL.6vSHjInclQamYwLgLblfRUJ_e6RWJvldjISEb5
 HkZwEk5a61XIFeUbMtezk7WWQJ1AVQToZZYMk2zaCyacxoUM19q6ysW1xfBDf3Za1KQOjCGFv9Yh
 RRMtHpj4UYqX59Nz7Mdja.hPPP0K5lZn7JA_WzuEaCL5T7yvuyI7hKGes3bjfEsMPItIURRV_6Vo
 tHBHYf_NdNfs6WYmtMLqbXK2Vx7b9fvrfaTzTpiqT79G8CnWr50ButEBrpSPa8nEENBie2Wq1yEt
 0NKZfSCb7t6pyb0zze1u.OH0JTgZPlZwcfOtrC8l7OSqcpok42DWflTmsT8TY9a1RgHQIIrRUXnj
 6C_weIYeCLenURBguZ6wChssNcz9lQEQk7pl.OR1gwJY1S3YYOMFQquscsFGKx_OUqsLuYREnIvQ
 rvxFpiL92MeoqC3JmT4j3e0iyEWdP2e1v6_cVbk827_MxQn9rRZxW97TXaFRqqjiee3cDOXF_AZ9
 9DtLYQRgx7Agl4Qr38gY7jPw2xs03zb44XWWpqa6L9ZWGpY4ITBVFEZXmhaxEcqyoDm8SgMwv8Mw
 coCfrHZMyKo5raExpeIA1sbU_wyEMLso_Apzmm6gVcNXYbutXkkADLQk0bAIosZx_pBIO4X3M9wE
 0NNRVxB4NkXAq_9nhHdFcd6oi.kTcaHO2x7ikLHnInyBatQCl.9CZr5Hq_h07v3pYV.08DxVdCKW
 M4DAdazOsTU_ReNv3vUycvqF4VP7hr_ePHLE1.DO_NVgae5rH0XdUGxJKg7hspj85ty3oMvdkOZE
 gZkT3QVyIxu7EdRbwuojKip.aKKJ86r8ac76GIfRTfzLbRiv2zNgb7uOn6YJKSCH7kvqRsV.tiEv
 KVY0QsaeE_vcHLQtADOM7hiO49rDqMkHbBi50CTVxmPqjtGaCg6HFebqYVWZ.83oChLss1LcdHv1
 gVKAmnmTB65jEJuAB77O67DWx2TmtpTqOKs6dsqvSVKVcRclEVAYVnonKVQKNAMziDHJ6uyUA5C4
 LDmPumZUgUJyctMc_3jcLAdwXL22feSKlacsqWXO1899ciu6qlP3X2uZjyGaJZG9giCMZJbIcbpY
 25sKlLnWAcXP7xZFWspUl2i5Vm1nfdDK7DkUk4iw7fet806z0EukZZ.LlmQQZt1DKtJ_l505rhj9
 4jvIvplWD9q_GDdKubQepiJ_7FsSKCNttLHOjcVBoQEEK9QS4h9gAxAQj9i5CrGlJbRTutdOhGti
 MF8Q8byPyAu2xglkheQHW9Gsd234oCqfhIBOOhp_C_pb6qBPB.qs0ThIGdA5krY84Qbm1K3jUPej
 FAamD.8IYIbI9Bz_uqEHvSBuC9.ncd_QV_iTjf_FwoclYPxPEJGCMXhauXdnCV9C40D8ytBnsaRP
 6JB2zFiTQ9xS0ANNymyGz11Om_EqhCflSFixm5Hi0zJJqJehK0I3jAXPVSm0RumogYDSCGe_x6oR
 WnyCBizQNUH9CFl38m2aqSJwEFZZroIHbUoIN9Wqy_64003RzpXDwQGZ.6GLhlQeK22HFsBlvF0P
 855oLFmoI.MtqodGtWumvEr4hMR2OUmUGMYPtP5PVg2dRr1iJp8UwG7Mo2n_ttvp4hs7q9D59ivE
 0S3vAj7tdWbj06p2hMtUadZA8eeap9GNzRD65Gfg85cwzDmSoYN6qt0WhSCbPwyT08UdjCaBl2iv
 D3YqAyd0c0Y5T44tSSVfeDw--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:07:11 +0000
Received: by kubenode530.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 7e9ba4d68a399c1dc68810fb1b73116f;
          Tue, 14 Dec 2021 00:07:08 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 24/28] Audit: Add framework for auxiliary records
Date: Mon, 13 Dec 2021 15:40:30 -0800
Message-Id: <20211213234034.111891-25-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add a list for auxiliary record data to the audit_buffer structure.
Add the audit_stamp information to the audit_buffer as there's no
guarantee that there will be an audit_context containing the stamp
associated with the event. At audit_log_end() time create auxiliary
records (none are currently defined) as have been added to the list.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 kernel/audit.c | 84 ++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 74 insertions(+), 10 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 069cd4c81a61..fc3662ff126e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -191,15 +191,25 @@ static struct audit_ctl_mutex {
  * should be at least that large. */
 #define AUDIT_BUFSIZ 1024
 
+/* The audit_context_entry contains data required to create an
+ * auxiliary record.
+ */
+struct audit_context_entry {
+	struct list_head	list;
+	int			type;	/* Audit record type */
+};
+
 /* The audit_buffer is used when formatting an audit record.  The caller
  * locks briefly to get the record off the freelist or to allocate the
  * buffer, and locks briefly to send the buffer to the netlink layer or
  * to place it on a transmit queue.  Multiple audit_buffers can be in
  * use simultaneously. */
 struct audit_buffer {
-	struct sk_buff       *skb;	/* formatted skb ready to send */
-	struct audit_context *ctx;	/* NULL or associated context */
-	gfp_t		     gfp_mask;
+	struct sk_buff		*skb;	/* formatted skb ready to send */
+	struct audit_context	*ctx;	/* NULL or associated context */
+	struct list_head	aux_records;	/* aux record data */
+	struct audit_stamp	stamp;	/* event stamp */
+	gfp_t			gfp_mask;
 };
 
 struct audit_reply {
@@ -1753,6 +1763,7 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx,
 
 	ab->ctx = ctx;
 	ab->gfp_mask = gfp_mask;
+	INIT_LIST_HEAD(&ab->aux_records);
 
 	return ab;
 
@@ -1813,7 +1824,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 				     int type)
 {
 	struct audit_buffer *ab;
-	struct audit_stamp stamp;
 
 	if (audit_initialized != AUDIT_INITIALIZED)
 		return NULL;
@@ -1866,14 +1876,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 		return NULL;
 	}
 
-	audit_get_stamp(ab->ctx, &stamp);
+	audit_get_stamp(ab->ctx, &ab->stamp);
 	/* cancel dummy context to enable supporting records */
 	if (ctx)
 		ctx->dummy = 0;
 	audit_log_format(ab, "audit(%llu.%03lu:%u): ",
-			 (unsigned long long)stamp.ctime.tv_sec,
-			 stamp.ctime.tv_nsec/1000000,
-			 stamp.serial);
+			 (unsigned long long)ab->stamp.ctime.tv_sec,
+			 ab->stamp.ctime.tv_nsec/1000000,
+			 ab->stamp.serial);
 
 	return ab;
 }
@@ -2363,7 +2373,7 @@ int audit_signal_info(int sig, struct task_struct *t)
 }
 
 /**
- * audit_log_end - end one audit record
+ * __audit_log_end - end one audit record
  * @ab: the audit_buffer
  *
  * We can not do a netlink send inside an irq context because it blocks (last
@@ -2371,7 +2381,7 @@ int audit_signal_info(int sig, struct task_struct *t)
  * queue and a kthread is scheduled to remove them from the queue outside the
  * irq context.  May be called in any context.
  */
-void audit_log_end(struct audit_buffer *ab)
+void __audit_log_end(struct audit_buffer *ab)
 {
 	struct sk_buff *skb;
 	struct nlmsghdr *nlh;
@@ -2393,6 +2403,60 @@ void audit_log_end(struct audit_buffer *ab)
 		wake_up_interruptible(&kauditd_wait);
 	} else
 		audit_log_lost("rate limit exceeded");
+}
+
+/**
+ * audit_log_end - end one audit record
+ * @ab: the audit_buffer
+ *
+ * Let __audit_log_end() handle the message while the buffer housekeeping
+ * is done here.
+ * If there are other records that have been deferred for the event
+ * create them here.
+ */
+void audit_log_end(struct audit_buffer *ab)
+{
+	struct audit_context_entry *entry;
+	struct audit_context mcontext;
+	struct audit_context *mctx;
+	struct audit_buffer *mab;
+	struct list_head *l;
+	struct list_head *n;
+
+	if (!ab)
+		return;
+
+	__audit_log_end(ab);
+
+	if (list_empty(&ab->aux_records)) {
+		audit_buffer_free(ab);
+		return;
+	}
+
+	if (ab->ctx == NULL) {
+		mcontext.stamp = ab->stamp;
+		mctx = &mcontext;
+	} else
+		mctx = ab->ctx;
+
+	list_for_each_safe(l, n, &ab->aux_records) {
+		entry = list_entry(l, struct audit_context_entry, list);
+		mab = audit_log_start(mctx, ab->gfp_mask, entry->type);
+		if (!mab) {
+			audit_panic("alloc error in audit_log_end");
+			continue;
+		}
+		switch (entry->type) {
+		/* Don't know of any quite yet. */
+		default:
+			audit_panic("Unknown type in audit_log_end");
+			break;
+		}
+		__audit_log_end(mab);
+		audit_buffer_free(mab);
+		list_del(&entry->list);
+		kfree(entry);
+	}
 
 	audit_buffer_free(ab);
 }

From patchwork Mon Dec 13 23:40:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675065
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 427A1C433EF
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:08:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244348AbhLNAIV (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:08:21 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:45284
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S232153AbhLNAIV (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:08:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440501; bh=O0t9t6KDAGwmtN5P/fvZGVlmF/QKJqhLo2fzNqAdHtk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=q6/mo7ConiGb85ElzpNwLw4EDUi4UUO3pCN68xjbiET75l1G4oVhfXbCXmK96jYGzUHlflieiwyRuUIzeBcid3F1gnCckuWCw3xt5wFAeM3fFPxhwWsJcL4pSR0cDk0l5TgatbnwHGG4KLziCwl5ZFr2y13qARzAMIPUKJQ2FJDJoYs65yid4sx1tHIumYi6g9W2J97E8DT8LU7HJ/APy2rklJB02Gq8ifohUCn7zzr0kt6SC2X6woCxi9gGOPkqkqE92kAUeeWj0CRoTfaYyqhQ6Y6gbC4pEjnqq2wKy5HyAPQ+faCnRnb1yVfEd0p3o/I+mGrUtvUveoehbLyaGA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440501; bh=0HRPhQo25TrB+JrIpm/t0Xbh3zepdLzr+2xTHr0MW2S=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=OH+5MY3MFm7J6ep/yGPM+lgqV/UtObATdoXDhg5j8poUwgfrDfKowZGXeKqXzip8EKKBWe4pZ+Gk0crkjw3fbibJ5DICsJBKBb7T+fhMMA9VnRRYv1DlItULx+HFB+909umfjt+/LrhCDNs8AQ+nYhIuHBvRYDaWfbem6fKfVEF75XESGM/q3oTx7ppU8RKUn1fasR0QaoqScb+i3z9CrglRV2Rk/0fiNisbf/BWwBPTDaDN0faDxQxPhBmaRIR+183PctseVQ7c11ftSJlCftaERIF6h6nYp+MnGvRxMVrM5RaJTxHV5jXaUOK55P8ckrytDqomDavqiPjoP3kr9Q==
X-YMail-OSG: wdEiZ0kVM1lO_WLhGuZhg5pkE01DwiusKLFKUAz21br9smv1.RcXs1_sjCNAmIR
 C7gezLe.kTRDEo9W4b7uJ5JJJkXPJiO50D9Tfa2JlTu3yarhXQj0tFAmCt4b1o7mUlMJItrc0ZOt
 7W5z0oqEylGa9bUz7pB2S4dyQLejIa_dXk2PHdvhttcQsGa4i5M4J6hv269oS58uZY0jqqD0dwt9
 nH6NQ1CAlsshUacFkHePKKIXo7l17xIMVC.cZYchvR8RhJF3P.TUPvtERvQP2Oyq1EBLslvCj.9F
 r8E3QORlNPUQRFljvCLQzzSqKj.bGg7iFuf4g2X89rLdEr0zoF7rxfqF8uFXYsbx9mw5amZazD71
 2Dif9TLDeoCLuS3caAbRiw8n3WxC4Moo8ygzcNnMDZLNt.OlR0bgE3db5Lcuid.uSmFJxbi8MiQP
 RhowTil.hyFEycQrfBwBu7Lr6StD54qtgIdCOYh65keX61BqxrBF1mnhyUZ8mbLoajW0JUZe6.PS
 0gl7RG_qxlMuNVBn9LBbEizZ.oMLN0Tcwvss9EMq6OBDywXqqLVekRHqhJOpHIzDTRY7KBBfeBNE
 yPtjawjQl154bqKxWc6vwXZfp8l6YpqSkuFxwSBXdPzlAr80ECXeW7M3UlK2J7iH6MfIyTpqSlSt
 Q3PyuqHmXrQ7Zz0RAA9Q4zh3XOqNdWM7oxFx8BPhEFEvLcB3.O5ZEbS8zEhdfSN403F8xEnBAk9b
 0pJzYdVSIFwgrkHDgIi9lepfHvGWfmQQF1InYmnkvq9MkvKHNJ1md27xvJDOkJ8hh.WcijvRr0OT
 eR00aZcEjMgL4cAweVFTidC8pv42AE_hRE_lgMdYBlyaTbFIJD7T4weO6ldDb5oaOYWnF9UN0wJF
 WLhMuI4DYP.5N5xbuta_SWgKFUxZ5XGi3qn8fn0d4sw88v5YOPVeCCr0MOWcqDWgGhKmJWyronja
 OGvi2qjDj82NckrTet6_CT5StFrVb2tsJXluQWSBSTCyS2g4T1Q4u_pufj.NVHKIDR.hCrarOE3u
 F5_MdOTl7eZdIvdYMbQM.u0RJF5LMuSw0igVvCOLKFeFvqDbsHWpLlEMIe37cY0_nRMQmjzzs2IB
 VESXUEjQ5pqxPE_77YoJwJMcq3Stbxwp5UGzgipoSZVNKza1_j3zBvmyp2VG0He92lSHstHMjo4u
 i_oRTM4c3clMCvjv.LBqHyIyak6KrwCzbyLQl6IdJYSLutPZuQJXPJebOSfFGiJ7pd1U8b55.PA5
 0izsKqZPRPpBoxolX4vPajRgy5yzqDPg2crTbjeCqnRTy6ylPU9IvY70rsHF_UG7eqEpaDkIkKcW
 Yq3V5rA8pVZBkEAI3CY6gJ.MCAXJlceZwvlbDaydf1eATvOAWwpYI2dJLMTT.tmwu9qPbJTID3r8
 lbxArbwMO2ObVPuQ8q_zSASwaM762JHKQA5ncCcU9As_rBtSAjNO0dmS2EmYu5FelDiZeN8zmsnD
 ZCWZTibhfWmyya3FjnZF.6yw0kLuewW4JkjSj0yVlOzAbKa.2YLgRu5dGwCdUewDctw1s0oK4f9h
 HbyDmimY1K2Ox_SIvOUhAMmGiEafDNP_RvPcZHchp.5dMm8_ozTc630D2j336azbuEGbKO.WqmOK
 1FtlgIxdyzRzgWLDO48Tz6MYJDapJtjKnUlaHDrf3Rlo.9nmvKdUaciNCkkKGipoAjDPqzYTpAX2
 c2LL9TihHCxlCAjtmBVuLQ7YLOfhuJF5z8ZDGjD2nkNhH7IhK2OHklp7JP99gjoEbZD.a.gmdmJq
 VN.YifuDqamB8yr8dboofQQPaqktbg7oJCQLU6c1ldNCgCXJaii.pILGo.6hYsroGWKMeso.Q8PD
 8H.Bl11FtFmzbI_4LO4U_EIjoswGx2R7yRCT6ev1kXcPnyCCuQVT0oleyJv9ypmVtK.5pT.0GisG
 8c5xNdD6qgxD6BPP4dZ3Og9lnb7syz756lpeP5SpzfQytQ110GiQ5IDzKyMEi7oVn1XpwMVM4Obo
 cDdpMIbZIVxPyAcdvPJaQcji.Mc8mPknPiwFh2pz_6zrLrP7AuZgiZ9_zmZiRY6bSgCOxDKJaub1
 LQPQzHsxqKN6sre3nFzxdhyNjur6lQTBZwZGFjHlZfWfr2w0dv8eiQ9rQgCGzl5U4X3MiJW9JHX1
 S6TnKlTgsRUWCp7sYvvE03HO5WTJYvdCmqiKM8_qWYWLCuNEiB9SYOkn0pigZCcPVrxjTX51xFxy
 q.NU31LqDfacBeimi9049pN79FWwnlzZBJfb29gM.bw--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:08:21 +0000
Received: by kubenode505.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 794c3351da4f176dfc5edcd3b1422ada;
          Tue, 14 Dec 2021 00:08:15 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 25/28] Audit: Add record for multiple task security
 contexts
Date: Mon, 13 Dec 2021 15:40:31 -0800
Message-Id: <20211213234034.111891-26-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
An example of the MAC_TASK_CONTEXTS (1420) record is:

    type=MAC_TASK_CONTEXTS[1420]
    msg=audit(1600880931.832:113)
    subj_apparmor=unconfined
    subj_smack=_

When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record
the "subj=" field in other records in the event will be "subj=?".
An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on a subject security context.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h   |  9 ++++++
 include/uapi/linux/audit.h |  1 +
 kernel/audit.c             | 58 ++++++++++++++++++++++++++++++++------
 3 files changed, 60 insertions(+), 8 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index bec8505f2ce5..a54179451410 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -231,6 +231,15 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
 extern int lsm_name_to_slot(char *name);
 extern const char *lsm_slot_to_name(int slot);
 
+static inline bool lsm_multiple_contexts(void)
+{
+#ifdef CONFIG_SECURITY
+	return lsm_slot_to_name(1) != NULL;
+#else
+	return false;
+#endif
+}
+
 /**
  * lsmblob_value - find the first non-zero value in an lsmblob structure.
  * @blob: Pointer to the data
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 9176a095fefc..86ad3da4f0d4 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -143,6 +143,7 @@
 #define AUDIT_MAC_UNLBL_STCDEL	1417	/* NetLabel: del a static label */
 #define AUDIT_MAC_CALIPSO_ADD	1418	/* NetLabel: add CALIPSO DOI entry */
 #define AUDIT_MAC_CALIPSO_DEL	1419	/* NetLabel: del CALIPSO DOI entry */
+#define AUDIT_MAC_TASK_CONTEXTS	1420	/* Multiple LSM task contexts */
 
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
diff --git a/kernel/audit.c b/kernel/audit.c
index fc3662ff126e..4ee2bf620df7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -197,6 +197,9 @@ static struct audit_ctl_mutex {
 struct audit_context_entry {
 	struct list_head	list;
 	int			type;	/* Audit record type */
+	union {
+		struct lsmblob	lsm_subjs;
+	};
 };
 
 /* The audit_buffer is used when formatting an audit record.  The caller
@@ -2149,15 +2152,30 @@ int audit_log_task_context(struct audit_buffer *ab)
 	if (!lsmblob_is_set(&blob))
 		return 0;
 
-	error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST);
-	if (error) {
-		if (error != -EINVAL)
+	if (!lsm_multiple_contexts()) {
+		error = security_secid_to_secctx(&blob, &context,
+						 LSMBLOB_FIRST);
+		if (error) {
+			if (error != -EINVAL)
+				goto error_path;
+			return 0;
+		}
+		audit_log_format(ab, " subj=%s", context.context);
+		security_release_secctx(&context);
+	} else {
+		struct audit_context_entry *ace;
+
+		audit_log_format(ab, " subj=?");
+		ace = kzalloc(sizeof(*ace), ab->gfp_mask);
+		if (!ace) {
+			error = -ENOMEM;
 			goto error_path;
-		return 0;
+		}
+		INIT_LIST_HEAD(&ace->list);
+		ace->type = AUDIT_MAC_TASK_CONTEXTS;
+		ace->lsm_subjs = blob;
+		list_add(&ace->list, &ab->aux_records);
 	}
-
-	audit_log_format(ab, " subj=%s", context.context);
-	security_release_secctx(&context);
 	return 0;
 
 error_path:
@@ -2419,9 +2437,12 @@ void audit_log_end(struct audit_buffer *ab)
 	struct audit_context_entry *entry;
 	struct audit_context mcontext;
 	struct audit_context *mctx;
+	struct lsmcontext lcontext;
 	struct audit_buffer *mab;
 	struct list_head *l;
 	struct list_head *n;
+	int rc;
+	int i;
 
 	if (!ab)
 		return;
@@ -2434,6 +2455,7 @@ void audit_log_end(struct audit_buffer *ab)
 	}
 
 	if (ab->ctx == NULL) {
+		mcontext.context = AUDIT_CTX_SYSCALL;
 		mcontext.stamp = ab->stamp;
 		mctx = &mcontext;
 	} else
@@ -2447,7 +2469,27 @@ void audit_log_end(struct audit_buffer *ab)
 			continue;
 		}
 		switch (entry->type) {
-		/* Don't know of any quite yet. */
+		case AUDIT_MAC_TASK_CONTEXTS:
+			for (i = 0; i < LSMBLOB_ENTRIES; i++) {
+				if (entry->lsm_subjs.secid[i] == 0)
+					continue;
+				rc = security_secid_to_secctx(&entry->lsm_subjs,
+							      &lcontext, i);
+				if (rc) {
+					if (rc != -EINVAL)
+						audit_panic("error in audit_log_end");
+					audit_log_format(mab, "%ssubj_%s=?",
+							 i ? " " : "",
+							 lsm_slot_to_name(i));
+				} else {
+					audit_log_format(mab, "%ssubj_%s=%s",
+							 i ? " " : "",
+							 lsm_slot_to_name(i),
+							 lcontext.context);
+					security_release_secctx(&lcontext);
+				}
+			}
+			break;
 		default:
 			audit_panic("Unknown type in audit_log_end");
 			break;

From patchwork Mon Dec 13 23:40:32 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675083
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2734CC433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:09:30 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244418AbhLNAJ2 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:09:28 -0500
Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:42012
        "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S242240AbhLNAJ1 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:09:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440566; bh=uFU9LFaVlOFrCfZBEG93kfPxZnexKoaHxwZJO9SgGwQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=RlBJp6ayRpRF+7dmmZa6xcRFJoVj3wAxQQ8XYnyf/bvGaOHcONG1Yw6PWcj9rSH40WfXuzVlhVt7c+WX7yntiW/3t622hYLKmrOHcBILBStZS0fpCYfXIOkjPpyw5goZwXqCX5OxuBxeJz03Ate2s2wgVhr/EQhHx1Sr6xiCXVgxxlsk5I6HV9+a2WC1zwMTsjUMRtvDGfp4DxuC+1iK/wp73tcdS//SIGoKTALqcjjKj5d4TvIu4jNW2b9CWx/726FbjGGdnKf1lzrMvUCc9oaqfNYW/rg6ntpiLTruWARtbtnbVwA/hnPL0wLq/Kg+1HMjtaeY7EIvO7ku+HdFSw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440566; bh=VKm9JCdRgQF4+yN2+vokgiW19m5aXZFB7FA7KVV2C4Z=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=hn4OttrftXUr/HflJT5SMmAxF2EF0enZTF6es5rae6WUi47OGXtOC9cKzpDvBk+Fbsu7kJefRERB2532DvNLH1CjtHRIuixvlyjMpk4EIFgN42PDm1w6q16sYnhplzhs2T4rqk756ccGDijIKMcvJeGMNjF8KFuw94xKu7KEdWHX7B9fRmeRGhuT0C3WfuiRbeg88whXXkVAViP9cJVc/WFrIqvrYLInMbXM9Msh6sFPwMSLBpOXrpd9vMJ5psjtA8PzJgrGvncJT1qr2MwouhMalkMR8LC9wtu6F6kiH+9OuSc10b1+udQ4/3QdjC+vDqzh5bAEcnYIbsLHSFS0IQ==
X-YMail-OSG: X6evFLcVM1koaQ5pRoVDuJMci3Sk2nPILFgSFewVcYtfNrlB5VVtHcu9gTscIB3
 IKEgsRGzRC9WxO3To9sH4Su2pQ6CrlUGMSA043hVrXTWR9zcFAmwmp34WVbkIlKQAGVu.fH4Gx3G
 HCQzMkvmmgPLEDqEYAyV41ilI876vWwRs1ZdPlTycNFw2H2kPKVHw08C843PaHvuxpV20OwhDXtW
 luLqjXB6_grYbVsMiTRzLqYmEV8hsigfQRp6JyFm09zUhwPJzyCWb3MP41LHQBxwYuOMgr_cPQq8
 VSjpdo7tZtNri7tcRnEx5GVViND8pp45P084VVsnDtBLko5MmcNq3JJ._cZITXhrUL6qmwZkz6WO
 cS4POyEe90.K02oWDIs5n5Sx3Ulg67_uxe.afRFTniAt.dqeE2tBsKcngEfcVmdbNvugOrHhq2qM
 dr98G9wnKjYujZC6v7_bFpEvKpTkleWRHhjZ5UDQ1e.9w70NFembb06jGgL4sybQ_Zb_cbUNAN1a
 08cy5pK2.794nZ9d2rwXNHGbgCiphzU53guxlrehgZGVbcecFfh8qoors39XJcgxXD4M_zGihLEZ
 lVGt1SjTsFZIhYFXWTzRq.cR3wv1hgziQCjfRqTqDfX_NAbCRmJxFnzhvp5SFWfQzqa_ALX5gaE4
 JlygaD4H6XM_QwynjIyw1lf2ZMO.WBrFk5FTtUHRyVKt6u7u79HBxREvAU9jlXq_x1vA_f.r32ZI
 Rn5P9kQjXHTduIcrFs9oCBRS67FCNGGWGzzGgMd0NqcvnaILtZiga4TTcsTldm87YxbkncjjqcTb
 lY55B1PimQUvkypY3crJy2H5GuYorcbuFsVBs0DBTjcPHlA8RKHGHBn78rHYdBDoum8yehbfTf6.
 TvpNw4qFzSCkGRa_KcuySj2rJwcVNHPsANenSaS8erd4xZIiQ5.5Pv5z6RzK3KfqaF0JQygVHGIh
 KNQceebGQT1PFqo5Z42y.r0Y3p5IB3v8BaE_eTfcAoBxZcWlP6VnuoqhB8w9W2glNWOLJcXdcM_H
 NehVY7gpYRvMvkA8zMkfDxheqj5nqEgkIzd6zxyleR79Tu.PeAfxz7DTOKDhsPZAoh42wvR5Np1j
 aEpRQbjSQo9qqArwpAvlKhngUhOyPIOLiiiRhelv_RvKgiAYHejQIMJyt2XaGGAXt8kQme1kT0ZR
 vbw2Nxbu.GZUPUiE18HAZaJVzhBbRVHQZZF2g6rmYa4yGOUlTjseCZc_suBSpxCQmmC1Cq5Egu.h
 StmofkUopREHSwpC_6Ri12cZn_V2wrUuuUDcmjjuT4EJBREH4qoxM3qASvQGeMM7w9Zx7KIsxwZb
 RswlVjI6wzq5P3ZVhdiwamd1ksET4crdYIGFZ2zf69RHJC.cWxONVNM7us4wPjq85.y_t3uVd.ei
 IRaV8jK3653leGIXgMXPwT6uPxLqI8J54ucrX3g39iVYwroyUp4UVuo7do63DcXsaIoGjsSMxFtN
 BAgAf6bK6L71z1s0qsO05.KCnIOpFkLT02APaK5_W3IvFIPP_LSMtpeDvIYl_BN8nji5p6vN8ZBF
 GLroZZTQCgjBpHhLOzm2xLXerZXwmWabxgFHggqhUdabmXDuoi61BxEgu95SeoaQXuu0opt4Nb_P
 PUFdAWBhBI9Dncb4U.DZ1vR7A6WCu5E60Q9SvBoahXSUU.M.mT8qAEjS.bqCS1RI5VVFvibOTFZr
 YsWFF.sb55jkvhAkQOt62JG7MyF097eQVERkJuF7lviZJZP1xkc1bn0LwD9xMantRS0Y90E6nCFS
 g1ah54u37qQlidP8l4JTo8b2uXI.QHExVOmwKj.GEO2E.A3yjEcuHYFyhp32np884P1KS5f_9NSW
 A3_p4doD0oyiJr9rYCvYw2wIJDbLm4Xan_lmzVpmt2QNjuMo1q2CwnNnhkwZyxNEt7nHam26vFEc
 NLN_6rKkZT03DaBAbtdKx0pGGRByzoBdSxy7ZwgVhO.I2ued.uLAYUP0LQ776gYTPwF_wHAtNrHz
 fAK3Ro1kZb.9aoNBVar1EWEPufkp8bbYM1GVef7UfeowyQ1BosRWdagPO8FsckMmOHsf45LqiN7n
 fDziM0fYguVHZu6yHfSFlbOUlo883mT5UU.TN.zIuGEdwAxd7UdeF.baRjWZENRLCodiTtIQY_NL
 jpLrhZLKmScz_LVTJchEVj6TuZj_l6YVXG0TP_AE1RG6px6V7jIsbA_z_KPeDhHcQjRDaeD4C3At
 K3_g4AS4Qwet9zn.M6G9wJJ.JihKGTAKs6jgS0ljiqs2to7oV1sW1AgyRPLhc17rcU9E049ofuhd
 kXuiy.IbnWWjqFm9yuPVt
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:09:26 +0000
Received: by kubenode516.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 24f1276e7a38c2430cd93af6fd730220;
          Tue, 14 Dec 2021 00:09:21 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: [PATCH v31 26/28] Audit: Add record for multiple object security
  contexts
Date: Mon, 13 Dec 2021 15:40:32 -0800
Message-Id: <20211213234034.111891-27-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
An example of the MAC_OBJ_CONTEXTS (1421) record is:

    type=MAC_OBJ_CONTEXTS[1421]
    msg=audit(1601152467.009:1050):
    obj_selinux=unconfined_u:object_r:user_home_t:s0

When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record
the "obj=" field in other records in the event will be "obj=?".
An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on an object security context.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: kernel test robot <lkp@intel.com>
---
 include/linux/audit.h      |  5 ++++
 include/uapi/linux/audit.h |  1 +
 kernel/audit.c             | 59 ++++++++++++++++++++++++++++++++++++++
 kernel/auditsc.c           | 37 ++++--------------------
 4 files changed, 70 insertions(+), 32 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 14849d5f84b4..94c87ec043c7 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -192,6 +192,8 @@ extern void		    audit_log_path_denied(int type,
 extern void		    audit_log_lost(const char *message);
 
 extern int audit_log_task_context(struct audit_buffer *ab);
+extern void audit_log_object_context(struct audit_buffer *ab,
+				     struct lsmblob *blob);
 extern void audit_log_task_info(struct audit_buffer *ab);
 
 extern int		    audit_update_lsm_rules(void);
@@ -255,6 +257,9 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
 {
 	return 0;
 }
+static inline void audit_log_object_context(struct audit_buffer *ab,
+					    struct lsmblob *blob);
+{ }
 static inline void audit_log_task_info(struct audit_buffer *ab)
 { }
 
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 86ad3da4f0d4..116566d0fc03 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -144,6 +144,7 @@
 #define AUDIT_MAC_CALIPSO_ADD	1418	/* NetLabel: add CALIPSO DOI entry */
 #define AUDIT_MAC_CALIPSO_DEL	1419	/* NetLabel: del CALIPSO DOI entry */
 #define AUDIT_MAC_TASK_CONTEXTS	1420	/* Multiple LSM task contexts */
+#define AUDIT_MAC_OBJ_CONTEXTS	1421	/* Multiple LSM objext contexts */
 
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
diff --git a/kernel/audit.c b/kernel/audit.c
index 4ee2bf620df7..85f278c21d4d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -199,6 +199,7 @@ struct audit_context_entry {
 	int			type;	/* Audit record type */
 	union {
 		struct lsmblob	lsm_subjs;
+		struct lsmblob	lsm_objs;
 	};
 };
 
@@ -2184,6 +2185,43 @@ int audit_log_task_context(struct audit_buffer *ab)
 }
 EXPORT_SYMBOL(audit_log_task_context);
 
+void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob)
+{
+	struct audit_context_entry *ace;
+	struct lsmcontext context;
+	int error;
+
+	if (!lsm_multiple_contexts()) {
+		error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST);
+		if (error) {
+			if (error != -EINVAL)
+				goto error_path;
+			return;
+		}
+		audit_log_format(ab, " obj=%s", context.context);
+		security_release_secctx(&context);
+	} else {
+		/*
+		 * If there is more than one security module that has a
+		 * object "context" it's necessary to put the object data
+		 * into a separate record to maintain compatibility.
+		 */
+		audit_log_format(ab, " obj=?");
+		ace = kzalloc(sizeof(*ace), ab->gfp_mask);
+		if (!ace)
+			goto error_path;
+		INIT_LIST_HEAD(&ace->list);
+		ace->type = AUDIT_MAC_OBJ_CONTEXTS;
+		ace->lsm_objs = *blob;
+		list_add(&ace->list, &ab->aux_records);
+	}
+	return;
+
+error_path:
+	audit_panic("error in audit_log_object_context");
+}
+EXPORT_SYMBOL(audit_log_object_context);
+
 void audit_log_d_path_exe(struct audit_buffer *ab,
 			  struct mm_struct *mm)
 {
@@ -2490,6 +2528,27 @@ void audit_log_end(struct audit_buffer *ab)
 				}
 			}
 			break;
+		case AUDIT_MAC_OBJ_CONTEXTS:
+			for (i = 0; i < LSMBLOB_ENTRIES; i++) {
+				if (entry->lsm_objs.secid[i] == 0)
+					continue;
+				rc = security_secid_to_secctx(&entry->lsm_objs,
+							      &lcontext, i);
+				if (rc) {
+					if (rc != -EINVAL)
+						audit_panic("error in audit_log_end");
+					audit_log_format(mab, "%sobj_%s=?",
+							 i ? " " : "",
+							 lsm_slot_to_name(i));
+				} else {
+					audit_log_format(mab, "%sobj_%s=%s",
+							 i ? " " : "",
+							 lsm_slot_to_name(i),
+							 lcontext.context);
+					security_release_secctx(&lcontext);
+				}
+			}
+			break;
 		default:
 			audit_panic("Unknown type in audit_log_end");
 			break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 68a582fa87e6..60b77e37ae83 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1111,7 +1111,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 				 struct lsmblob *blob, char *comm)
 {
 	struct audit_buffer *ab;
-	struct lsmcontext lsmctx;
 	int rc = 0;
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
@@ -1121,15 +1120,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 	audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
-	if (lsmblob_is_set(blob)) {
-		if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) {
-			audit_log_format(ab, " obj=(none)");
-			rc = 1;
-		} else {
-			audit_log_format(ab, " obj=%s", lsmctx.context);
-			security_release_secctx(&lsmctx);
-		}
-	}
+	if (lsmblob_is_set(blob))
+		audit_log_object_context(ab, blob);
 	audit_log_format(ab, " ocomm=");
 	audit_log_untrustedstring(ab, comm);
 	audit_log_end(ab);
@@ -1364,18 +1356,10 @@ static void show_special(struct audit_context *context, int *call_panic)
 				 from_kgid(&init_user_ns, context->ipc.gid),
 				 context->ipc.mode);
 		if (osid) {
-			struct lsmcontext lsmcxt;
 			struct lsmblob blob;
 
 			lsmblob_init(&blob, osid);
-			if (security_secid_to_secctx(&blob, &lsmcxt,
-						     LSMBLOB_FIRST)) {
-				audit_log_format(ab, " osid=%u", osid);
-				*call_panic = 1;
-			} else {
-				audit_log_format(ab, " obj=%s", lsmcxt.context);
-				security_release_secctx(&lsmcxt);
-			}
+			audit_log_object_context(ab, &blob);
 		}
 		if (context->ipc.has_perm) {
 			audit_log_end(ab);
@@ -1527,19 +1511,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 				 from_kgid(&init_user_ns, n->gid),
 				 MAJOR(n->rdev),
 				 MINOR(n->rdev));
-	if (lsmblob_is_set(&n->lsmblob)) {
-		struct lsmcontext lsmctx;
-
-		if (security_secid_to_secctx(&n->lsmblob, &lsmctx,
-					     LSMBLOB_FIRST)) {
-			audit_log_format(ab, " osid=?");
-			if (call_panic)
-				*call_panic = 2;
-		} else {
-			audit_log_format(ab, " obj=%s", lsmctx.context);
-			security_release_secctx(&lsmctx);
-		}
-	}
+	if (lsmblob_is_set(&n->lsmblob))
+		audit_log_object_context(ab, &n->lsmblob);
 
 	/* log the audit_names record type */
 	switch (n->type) {

From patchwork Mon Dec 13 23:40:33 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675085
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B5F63C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:10:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244427AbhLNAKc (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:10:32 -0500
Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:41650
        "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S238899AbhLNAKb (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:10:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440631; bh=rWTuUIAY8sGCwcNu7t1nRlYDj4aZvxMbuFNjr+lx5KE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=fj1CwNhC6RmtH1X902Vq0lXB/kKEbd1zC+cxT5Z0d2D8o3qZ21PJNT0bfAswP6q3JhqNqwwS1x2DfwgezDFDiXQiu7RFSXePY8ifyEedily//6Jsg31BKlNEJahz4D7jTtCMJVBIh5l3hRwUak1FkJO9ZgVC0IyerIbbkyhJFXU0M9Bcz6rH580vr4mZT+d1+febuwWNciS5AOt1kz62Iu1eekpGCAVeF51UoAjvXA6lcSA9nyba/KemqnqPGjjN6XHgPpUtEudvoLfca2BuGODb4OCK+iYIi92/MdygqVxFO8JW1lJICarxYoUo3BwtGkOM7zHls1BRqgSAGme1Rw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440631; bh=u2zsBOHNwkVkez89hI/X2NLCTM1MksSWFWckZbcynAR=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=YFn3l6WWi+SBW5cWb0e0vxCOSBDa6xaStucWFHp5MtBFeK/Hv99nqSeix9AZgaPRG6rrUMWPInH6GJd8DUXjTCRc7oEoFMyT5tv+eA1Uli426RuZHtMue3pCIaP1LGv5MfPRtCvvwzzynROAs1hWsh8nQxPMuV6xprbzUrHBvDdGiCCSzB+sjIlWN9HkGxL1KVGBpHLfFp5rfz4q8VoVseneQfHN9pnwIH1lNIoaKszV+DMcPhy3bdBAdk8bgSaxmY9ZEq+lMHRc/0aszaa5FgKdYbwNG4S2B5qtGS6/tym0LYkVhI/8T/92O8mQMiMgOVt8JTRRg/Aroi3lhiZFRw==
X-YMail-OSG: cLvgcScVM1mmG6tTKxNSk5zh4PgU8vtFAJzp2smHiyLebVIhsfTMb8aRoBa3ERM
 m31bNBTMMieooHa2DjsbeaOSCfol_puflqsNfEzua_IJ4dfWq1LZkMWrUz72DFDWelnFYQybOe47
 EQBA_nAA_GlJMZTNrnAqBQqzuKuW2no804kAsdP_B8.aS1.mLFF5irKn4JDHmyGj_b3oFy2SfArf
 9FhbubbbRA0Db3okW0bpDz7w3S2wPOLwSbTeS5mjSrGGOAAo8ekHeo14Ld19J5AyYNlRwaHioLEz
 zdR_E2ZTWDIF4cFL_0.1iXwCOHlDVzQ6xSaN.oc0R1E6pE63ZUiWAHChyDtqLJZq.2JD_yRF44Ar
 3.oCslMNUacHpvVfdc7qF6r7V6YUt1Snms8u2pFfG.U4G9AAe6kBIALCzKujCtywpkS9.pz.rf03
 klFe3sCRfzCjz4MGWyXG0heIV6Z5.kTPwjl0NHnvEy3vDKvGF._gtpjC5TJFF03jwSs3wF9FKQH9
 yMQvFsn5S.wT6N0.RzBH.XZm4IxxejIc_jYamYlU3LYVsJ8OBKXk7BUeoVWbTj_AN7vLEo5HmLbt
 sGTDlo.Tx7dQWzQJHpmO0.dxGJ9MrAiJPbrPHVedExN5ATJMbDSDCYvuC7.LlydxWrf_yXSsVkwD
 qNE9pIpNpoVIaDFljzQ6Q9218O9O.t_B7c.fGKRHC6oJKQ0KrYagrJb0egINzKnuE4Xx52iA_s2_
 X55c3fow1lztb8jRP.AyTOTqSOrLSpn3JEYfSE3ZsBiuKDII5Kl17IX1CzWJDCNuQEHvbuiVsXo5
 HA..dOf2sPfTTW_imZ0Ayn_PsVYVEkxIQkLrkJUui6_nruSO_QMaGl119JU7R7zClsejlwIJkZXL
 XYDsS.xd1O.IJ3O0q7BH76kRpYImVNNEJiliy9bEEkCETGc8ImSJk3.t6Bt1WOc4xWeMvDp5LglK
 BVs22Mw6yq2DqGgU1Fo8iavMuQUzDJTaeEWJ38qqqrvJ0BMPNpP8Wy007maxtC_gUhmnlFhL5ZJJ
 t9CYmpyjB16M_pYNersNsBelB7vqzJl52jPYY.jCbGhtfFnmJzSbU9ikpFm53zGN_YgmLFyXKgwa
 cMO2RWpsRi2SBjUCm3JC78ZitytMFcfLND_8HqMG6kZJLQGICHAl09yKBD.v6rVH_.diDiYDG7Pg
 LltxQp2RmqDyPWYDjWChJOtFHVulTS6vzRlw3ksA8.rjFWJ4lKt4EZN1tmUT9f13dRRQ.D_k6VhA
 eSgDHEFBslegukabt.f9Xzh.riXNqKQ8HqC7hdUbK3c0.GF4nmtCAUdAfMStX4orSMwZmHrrKq7E
 6bnq7f_y3ITTXm5qke8_k62ZkLyPaXsll3QIvVS935vI8_ChU_tB0V4BG2TPi4o1W28tL0eJMIhP
 .6Uo0RVHTkHccWh7v.3ykuk_s9leFrUsGpwfdetQTPw90oa6JbLP24PQbAzb2aQbgMUH_K0xDS1k
 FcODM2SvlkddbE33MVYVRcOSNFlxBYiiT_VR8MLmeqk207golXRW4kpVV0H0vbivjyAQRB7Kah4a
 K4MljuJNGCEFUHaeLqvpOH9wDzMP0HKQRRFoRaDBkpzZYwkeQFAw00t9EvjBjjITwXFsQN0XL7bB
 lzY8sN0WPMsmwfo19nt2n_DTeGVY1czOtMINXPKHjszbAtC7RTJBFw2dLgSXNsLC9Pz8sTD_u3Z2
 Bs8uL65u7fQzwbv6a4wDtTo0MfJiPusleusLsri0Z7qo28knX0YkaAMUjAmmNLpyyQ1gWPYIduij
 vpbWtQywRl5VRbOREAcQYfPel1hNROoWR4_7Ko1M.IXzoPX1pyuRQuLiIH55RsoygBLnIzYikt5H
 y6aE1Z.L59FuHClytPmc16Z9dkvZof8ZBk4XhGCsj5zPVdPxGL4xG13iphvxke7qPKLU2FfHVrPQ
 dBUd8yZZxoVLKl4E6.ZFEWwMGzkKKgFetfPXWidV_l.TUzl9Mxr7NEIKS6hamHm0TnUY0M6Wn_xB
 jzM_bEUQtVkHk8JbGUTq45aSIi9JvA8OC3EfxS7nGiY6AMu5AXUAm8o1I4ZfCo5PByykyeIqXXL1
 IE6EPLT2xil6Tg4hIfqZA0YuSJ7_HiBTdtUq8eDCAH_hjVQXgihv_acvlKj6m5XZ4gUjUjokMUay
 qdahzRukhDF4SRnqksx0x8yz9e1EYsTaBTZOiebXyUBYM526mt.f58uMivel_mO6oPcSPzCZ0dG9
 s8LN52LUh1.DoLzdcRRk_bFiQu1XQrTcN8CWpJIbf2zIqnMAit6agilOr6XgZ9LPkEabGcnUkUfa
 sW4wFMWJ4ZtW_vd5wEiA_
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:10:31 +0000
Received: by kubenode550.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 5808045f7f7a4ebb3074d4165fc760fa;
          Tue, 14 Dec 2021 00:10:27 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        linux-api@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH v31 27/28] LSM: Add /proc attr entry for full LSM context
Date: Mon, 13 Dec 2021 15:40:33 -0800
Message-Id: <20211213234034.111891-28-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add an entry /proc/.../attr/context which displays the full
process security "context" in compound format:
        lsm1\0value\0lsm2\0value\0...
This entry is not writable.

A security module may decide that its policy does not allow
this information to be displayed. In this case none of the
information will be displayed.

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-api@vger.kernel.org
Cc: linux-doc@vger.kernel.org
---
 Documentation/security/lsm.rst       | 14 +++++
 fs/proc/base.c                       |  1 +
 include/linux/lsm_hooks.h            |  6 +++
 security/apparmor/include/procattr.h |  2 +-
 security/apparmor/lsm.c              |  8 ++-
 security/apparmor/procattr.c         | 22 ++++----
 security/security.c                  | 79 ++++++++++++++++++++++++++++
 security/selinux/hooks.c             |  2 +-
 security/smack/smack_lsm.c           |  2 +-
 9 files changed, 121 insertions(+), 15 deletions(-)

diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst
index b77b4a540391..070225ae6ceb 100644
--- a/Documentation/security/lsm.rst
+++ b/Documentation/security/lsm.rst
@@ -143,3 +143,17 @@ separated list of the active security modules.
 The file ``/proc/pid/attr/interface_lsm`` contains the name of the security
 module for which the ``/proc/pid/attr/current`` interface will
 apply. This interface can be written to.
+
+The infrastructure does provide an interface for the special
+case where multiple security modules provide a process context.
+This is provided in compound context format.
+
+-  `lsm\0value\0lsm\0value\0`
+
+The `lsm` and `value` fields are NUL-terminated bytestrings.
+Each field may contain whitespace or non-printable characters.
+The NUL bytes are included in the size of a compound context.
+The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23.
+
+The file ``/proc/pid/attr/context`` provides the security
+context of the identified process.
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 50dbe5612a26..c90022027357 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2829,6 +2829,7 @@ static const struct pid_entry attr_dir_stuff[] = {
 	ATTR(NULL, "keycreate",		0666),
 	ATTR(NULL, "sockcreate",	0666),
 	ATTR(NULL, "interface_lsm",	0666),
+	ATTR(NULL, "context",		0444),
 #ifdef CONFIG_SECURITY_SMACK
 	DIR("smack",			0555,
 	    proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 490545f0db6d..b919d5ab9120 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1400,6 +1400,12 @@
  *	@pages contains the number of pages.
  *	Return 0 if permission is granted.
  *
+ * @getprocattr:
+ *	Provide the named process attribute for display in special files in
+ *	the /proc/.../attr directory.  Attribute naming and the data displayed
+ *	is at the discretion of the security modules.  The exception is the
+ *	"context" attribute, which will contain the security context of the
+ *	task as a nul terminated text string without trailing whitespace.
  * @ismaclabel:
  *	Check if the extended attribute specified by @name
  *	represents a MAC label. Returns 1 if name is a MAC
diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h
index 31689437e0e1..03dbfdb2f2c0 100644
--- a/security/apparmor/include/procattr.h
+++ b/security/apparmor/include/procattr.h
@@ -11,7 +11,7 @@
 #ifndef __AA_PROCATTR_H
 #define __AA_PROCATTR_H
 
-int aa_getprocattr(struct aa_label *label, char **string);
+int aa_getprocattr(struct aa_label *label, char **string, bool newline);
 int aa_setprocattr_changehat(char *args, size_t size, int flags);
 
 #endif /* __AA_PROCATTR_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 5ed40fd93ce9..28ed41a3ffcf 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 	const struct cred *cred = get_task_cred(task);
 	struct aa_task_ctx *ctx = task_ctx(current);
 	struct aa_label *label = NULL;
+	bool newline = true;
 
 	if (strcmp(name, "current") == 0)
 		label = aa_get_newest_label(cred_label(cred));
@@ -609,11 +610,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 		label = aa_get_newest_label(ctx->previous);
 	else if (strcmp(name, "exec") == 0 && ctx->onexec)
 		label = aa_get_newest_label(ctx->onexec);
-	else
+	else if (strcmp(name, "context") == 0) {
+		label = aa_get_newest_label(cred_label(cred));
+		newline = false;
+	} else
 		error = -EINVAL;
 
 	if (label)
-		error = aa_getprocattr(label, value);
+		error = aa_getprocattr(label, value, newline);
 
 	aa_put_label(label);
 	put_cred(cred);
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index fde332e0ea7d..172550f67fc0 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -20,6 +20,7 @@
  * aa_getprocattr - Return the profile information for @profile
  * @profile: the profile to print profile info about  (NOT NULL)
  * @string: Returns - string containing the profile info (NOT NULL)
+ * @newline: Should a newline be added to @string.
  *
  * Requires: profile != NULL
  *
@@ -28,20 +29,21 @@
  *
  * Returns: size of string placed in @string else error code on failure
  */
-int aa_getprocattr(struct aa_label *label, char **string)
+int aa_getprocattr(struct aa_label *label, char **string, bool newline)
 {
 	struct aa_ns *ns = labels_ns(label);
 	struct aa_ns *current_ns = aa_get_current_ns();
+	int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED;
 	int len;
 
 	if (!aa_ns_visible(current_ns, ns, true)) {
 		aa_put_ns(current_ns);
 		return -EACCES;
 	}
+	if (newline)
+		flags |= FLAG_SHOW_MODE;
 
-	len = aa_label_snxprint(NULL, 0, current_ns, label,
-				FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-				FLAG_HIDDEN_UNCONFINED);
+	len = aa_label_snxprint(NULL, 0, current_ns, label, flags);
 	AA_BUG(len < 0);
 
 	*string = kmalloc(len + 2, GFP_KERNEL);
@@ -50,19 +52,19 @@ int aa_getprocattr(struct aa_label *label, char **string)
 		return -ENOMEM;
 	}
 
-	len = aa_label_snxprint(*string, len + 2, current_ns, label,
-				FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-				FLAG_HIDDEN_UNCONFINED);
+	len = aa_label_snxprint(*string, len + 2, current_ns, label, flags);
 	if (len < 0) {
 		aa_put_ns(current_ns);
 		return len;
 	}
 
-	(*string)[len] = '\n';
-	(*string)[len + 1] = 0;
+	if (newline) {
+		(*string)[len] = '\n';
+		(*string)[++len] = 0;
+	}
 
 	aa_put_ns(current_ns);
-	return len + 1;
+	return len;
 }
 
 /**
diff --git a/security/security.c b/security/security.c
index a1dec90d7757..26b6cc0ee64b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -802,6 +802,57 @@ static int lsm_superblock_alloc(struct super_block *sb)
 	return 0;
 }
 
+/**
+ * append_ctx - append a lsm/context pair to a compound context
+ * @ctx: the existing compound context
+ * @ctxlen: size of the old context, including terminating nul byte
+ * @lsm: new lsm name, nul terminated
+ * @new: new context, possibly nul terminated
+ * @newlen: maximum size of @new
+ *
+ * replace @ctx with a new compound context, appending @newlsm and @new
+ * to @ctx. On exit the new data replaces the old, which is freed.
+ * @ctxlen is set to the new size, which includes a trailing nul byte.
+ *
+ * Returns 0 on success, -ENOMEM if no memory is available.
+ */
+static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new,
+		      int newlen)
+{
+	char *final;
+	size_t llen;
+	size_t nlen;
+	size_t flen;
+
+	llen = strlen(lsm) + 1;
+	/*
+	 * A security module may or may not provide a trailing nul on
+	 * when returning a security context. There is no definition
+	 * of which it should be, and there are modules that do it
+	 * each way.
+	 */
+	nlen = strnlen(new, newlen);
+
+	flen = *ctxlen + llen + nlen + 1;
+	final = kzalloc(flen, GFP_KERNEL);
+
+	if (final == NULL)
+		return -ENOMEM;
+
+	if (*ctxlen)
+		memcpy(final, *ctx, *ctxlen);
+
+	memcpy(final + *ctxlen, lsm, llen);
+	memcpy(final + *ctxlen + llen, new, nlen);
+
+	kfree(*ctx);
+
+	*ctx = final;
+	*ctxlen = flen;
+
+	return 0;
+}
+
 /*
  * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
  * can be accessed with:
@@ -2207,6 +2258,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
 				char **value)
 {
 	struct security_hook_list *hp;
+	char *final = NULL;
+	char *cp;
+	int rc = 0;
+	int finallen = 0;
 	int ilsm = lsm_task_ilsm(current);
 	int slot = 0;
 
@@ -2234,6 +2289,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
 		return -ENOMEM;
 	}
 
+	if (!strcmp(name, "context")) {
+		hlist_for_each_entry(hp, &security_hook_heads.getprocattr,
+				     list) {
+			rc = hp->hook.getprocattr(p, "context", &cp);
+			if (rc == -EINVAL)
+				continue;
+			if (rc < 0) {
+				kfree(final);
+				return rc;
+			}
+			rc = append_ctx(&final, &finallen, hp->lsmid->lsm,
+					cp, rc);
+			kfree(cp);
+			if (rc < 0) {
+				kfree(final);
+				return rc;
+			}
+		}
+		if (final == NULL)
+			return -EINVAL;
+		*value = final;
+		return finallen;
+	}
+
 	hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
 		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
 			continue;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6f790d96594d..cbacfdabbc30 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6399,7 +6399,7 @@ static int selinux_getprocattr(struct task_struct *p,
 			goto bad;
 	}
 
-	if (!strcmp(name, "current"))
+	if (!strcmp(name, "current") || !strcmp(name, "context"))
 		sid = __tsec->sid;
 	else if (!strcmp(name, "prev"))
 		sid = __tsec->osid;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 9832b5e5c9fd..e5437d72699b 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3486,7 +3486,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
 	char *cp;
 	int slen;
 
-	if (strcmp(name, "current") != 0)
+	if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)
 		return -EINVAL;
 
 	cp = kstrdup(skp->smk_known, GFP_KERNEL);

From patchwork Mon Dec 13 23:40:34 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12675087
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E7B38C433F5
	for <selinux@archiver.kernel.org>; Tue, 14 Dec 2021 00:11:38 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244415AbhLNALi (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Mon, 13 Dec 2021 19:11:38 -0500
Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:33044
        "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S244410AbhLNALh (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 13 Dec 2021 19:11:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440697; bh=ILfwu5YCWq+aaMpJ0ICX0L0I4dees4dHGOc836rinKI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=T/JRjc0fshckqXCnuWidx8AHHIZBqzQBjGvck3S+tVR1lEEmTJZdrKnOchyOuRU48InuLOUrSgB/xeCMwRKmHxo1XAfWi08/wWsWKdpTDdu3RIBZTDjP20fF79kLPVX8+LYnpScxlkLZ3Jt+q6jc4avLjzyck/KFjzFpAmsk0OaCRTheXfRy+VT27UwSDJoiFRHme8i1AKyzFj6k7OmCqOE0xBU4JlAeXRZAL6M0DRpia4ROGBVE40XMvxL/xWMh3C0HBneDuHfioqgCxLWPJM4crAMfnddCf1IyElsaiX7PmJ9D8yi6IiZMQBn9T9JZD1gM0Jpv58l0YQLJoz3RMQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1639440697; bh=Ppt2IS0Fm4P/To0BhBoA62Aq94pDN5B83hjpnJiRLLI=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=uXlrYQOgCG6czmOS5TSGgShYcHlijB4QCJF8csQ5jo3/cIMd99PBHn3Bg6n2D/BzkewdBUaM2JmldAbbbwwc7+meejEJwQKUN76ERWs0oGFsKXmkkSxc4V0R2BNxuIfr0wwHMHeeXmbVkfAlbRTa6VZWK/+c55DSzpq/EdqyW+e0LLREWGkQ/bKqJG8R+dX/HPyI6NHfu3Wz9vHoLZu2LQlSBxqTuubxfSQIQKKSyxe/hTSDPZz3+z6DcM4ewZH/Pg2V/qlzWE+97mzunIaHZSe3FOZmF7TX+Th6xBE+utnGKhy//zs0N4fhyaa4Sl64M9poRA5EUVtQoSzRt2XJ+w==
X-YMail-OSG: k92q7zwVM1nykDC2ZVP00pX.y7.HhpKJ4U0.0wcKDApxEp_omcZZRWasfhuo2xm
 Itnjo3b09fDcfHenVLIK12J5dMnH1pRnHlllWpBX16wc9LYzEm.2gSqfyhFoDNx.nxv1pMZXTkLV
 av7QfM3dq1KMpjtcSS8Co_rzP8.xq5G7ngJWPPfSBduACjiHJWtwucgcJa3xwfVk9HhT1LsqcXsV
 evSwSpVy3SxOhhZM2oZRyZ9IIPoyp64DyQ_KT.uZQUMvMjxkNTl0oyyoaTPnVHPOtkX00FmbwjXG
 bx.NkbK1NtS57bhqaA6ziVH5Tnd7lb2ajcB.rmJ4djIf_iAJHL0S5Mu4ooyaCENirWE5Ksoscf8u
 Vw45i4AveS9wpEbD9tN6pfhe7ilcMLn7XMBf_q6f2ILVIHuJqVK7aCCJ9q6blW7T1l5T2cet9wVy
 lyjku9S2i2XUDJFlDe_HAyOd_Ao5ctwTyZBLKjWIFAFGoQDcaeaSf71GTux5cnHSh37kKZMLwoff
 2IoAU_1CrQAOwp5goUpglKhsPJsPLJg7cNl09R7bM6boc5IVeeJxOsrePVHqQ72L5LGpCOIrV579
 jHjc8GtEAOnoX6pVRFy.2S0GPCMthH13FGXBosjvDduHTblATI9Z7B_TrwmD_pmWFO3HZBVkbNix
 sHOroESvsyWuy27dzUqLcMDsagKjWyezviJ0Uj63TujZOu5xBfAbp_B6yMOvQ3LxOgGTIOWcU7qj
 iJdKcVWtRO0DwpExRYryKoWAzGGY7j6hokp1MgiNbMtdvenSGQlMBjzUJ22uRpB1lcB.8gE9yLNi
 kpEafyMyFcdRiWU.DOYYTIF_rv.7.LG7o48SRSImVtZR_sy_H7ksCccW09fTwaPLo9qYEXdJ79Kd
 5uqQPLX77.JNRhX_ilxVDoUt9NP5F2aA1VCQGjhbrHwz2B7.db2gSEijCH1DC1D0VMUvWx9m9mH4
 SIzQy9Ldn2lodcRAMHfJoL1reHEc4QDmmsEY8rZiD3uiw2p1G7YqZp7iYI.Wie1avrl5M_5gOw4u
 Ak01Jc.MtkCUrkIORihCb9.7sCDd5LchgZ7kF4pnPr4t9NjqCtDVF9I3oXB.uAfieAORpggVjY6p
 skpaxrkV4BX9RdFbLyaFmrLKXYY3ohGc0f9FAt.swt7NRjZ51LIa4hz1XIwmO0rzJKdSdmzwPgN_
 U6eY8opyBjrACjtEarU5pw5H3qpB2qhGJft4.9wPTDr31JTk6mN1myig9omEE.nxHuAEOMK3f1fn
 Du0J7qJPHSvMwQk9SqcRIKETVdXPd_5QoNxvHe42g3GKmzZybC_N1FqM_yYXw_ouua4LA4Z0239I
 aqFhFURGeYW2CRIfBhtwy.orYqI0TJmPFGMFUMPYBe4EgFi0UkudwxW1xnaNztOAxDlap83u.g4L
 sgfTVnDnqDyNNghcHZptSjUx7AzDabd_V.SXV0BXMXCp81FObY6eB9tI3wUip69Su_AFyJcS0Iy9
 cQ0Jbxd0bvmQnxuheplNepZ3CA29ui5.9qcZ2TwFsED1j1jMHIdZ9rPMyICjMqpGCGZ82R_TPDQH
 Xjy2SXrtS6QX6H.s.WZ0pEJ9VkDTFhPJMzCl.XbFMxUqTl5uUy5oPAi3.pl6Ev.T3fcLoLYZRIuE
 47C5IvPIgb3fmS4umMbNuHtslvfgjGLUtBhI2SdmPWWKEaIU2fVy6kWTSCD.NDMpqSfDaglWHg1L
 .uESdowcWyeCbPSES5bSGKYhT4u.6mkYtJ21PDy0oMd5kQWffF1BN_jFoyRnUKSsaX3zuhOQV3xH
 EKBYSXOanybOTsWnOtTFQRBtP.E0bAfQBKqWHcT6lYcFmc_TGs4LpePnw7fJJhv.xhXaK3ZklwYg
 AatFRStJb3eTlB3R_FDcNt.jebskjbkY_bvAvyh7B3wN5CJP.X8E1Aq6RZmJFsLksIRrETIR6hFY
 hOqE93N8HJMQwFBztHnlTdGz483coTJbnpAUktyHTrF1yZamGJmxvhkQxGiQs06m_nPiynvnRE.0
 oYKI5KChkXQMwIYaq8_BOcmeqYcedsXfo_bnh9OEKgLiVvllZT.UT7nGKj..2s6Zf8J9lzCI2P2z
 xEyfApc3C9ald.myWuBBerBjUjeYfd3KYfFARQ16SfqyJ37b84LL1vRKhJGwe0JlJzXQYlQBfsdC
 haWP6ot84iM1kXP9Qvf.mvj6dVDMMYdyis8gTHN5SdgHvR.7GrZZba0pZghilMdNEuebzi.kZgNJ
 WkBPOWxoYudwK6Jy_ylM2SLMS5oCLau9QaKsRCPK0LA--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 14 Dec 2021 00:11:37 +0000
Received: by kubenode509.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID 9e450a556259a79ffdde5f51166f9c6d;
          Tue, 14 Dec 2021 00:11:33 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH v31 28/28] AppArmor: Remove the exclusive flag
Date: Mon, 13 Dec 2021 15:40:34 -0800
Message-Id: <20211213234034.111891-29-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com>
References: <20211213234034.111891-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

With the inclusion of the interface LSM process attribute
mechanism AppArmor no longer needs to be treated as an
"exclusive" security module. Remove the flag that indicates
it is exclusive. Remove the stub getpeersec_dgram AppArmor
hook as it has no effect in the single LSM case and
interferes in the multiple LSM case.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/apparmor/lsm.c | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 28ed41a3ffcf..816145276c74 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1138,22 +1138,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock,
 	return error;
 }
 
-/**
- * apparmor_socket_getpeersec_dgram - get security label of packet
- * @sock: the peer socket
- * @skb: packet data
- * @secid: pointer to where to put the secid of the packet
- *
- * Sets the netlabel socket state on sk from parent
- */
-static int apparmor_socket_getpeersec_dgram(struct socket *sock,
-					    struct sk_buff *skb, u32 *secid)
-
-{
-	/* TODO: requires secid support */
-	return -ENOPROTOOPT;
-}
-
 /**
  * apparmor_sock_graft - Initialize newly created socket
  * @sk: child sock
@@ -1257,8 +1241,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 #endif
 	LSM_HOOK_INIT(socket_getpeersec_stream,
 		      apparmor_socket_getpeersec_stream),
-	LSM_HOOK_INIT(socket_getpeersec_dgram,
-		      apparmor_socket_getpeersec_dgram),
 	LSM_HOOK_INIT(sock_graft, apparmor_sock_graft),
 #ifdef CONFIG_NETWORK_SECMARK
 	LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request),
@@ -1912,7 +1894,7 @@ static int __init apparmor_init(void)
 
 DEFINE_LSM(apparmor) = {
 	.name = "apparmor",
-	.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
+	.flags = LSM_FLAG_LEGACY_MAJOR,
 	.enabled = &apparmor_enabled,
 	.blobs = &apparmor_blob_sizes,
 	.init = apparmor_init,