From patchwork Mon Apr 18 14:59:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816744 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7626C43219 for ; Mon, 18 Apr 2022 15:35:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241143AbiDRPiK (ORCPT ); Mon, 18 Apr 2022 11:38:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345722AbiDRPhm (ORCPT ); Mon, 18 Apr 2022 11:37:42 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 692A12ED7B for ; Mon, 18 Apr 2022 07:59:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650293995; bh=FrtnF1QWnv6CNa0v+rzlMUyWifYNw9jrxv4OBi8+iac=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=rbZpu+alTOAoJI+wtr/Drkh28JEaLsFKAcYENIaLwRByGDg8SdFbJZtV31wjVH04mAi9ki4zPfsWlYJGWngb108gT/hK1cchTwTP+L+zP8tzkv0gFFSo6A9CEJyM6Uh7VHWvKS+6ZTE/xA+gWZxddeV3Xfxp0k3sXM118Wj8FgIha0W0XGtC3xvg1l+hMbfbQPPUAUuTBcw4JUCL9a/c1s1dKjPyRLe/+97WXJRPL2UWUJA8NZ5W3sJ5FVujOCdkuy0pFrhZpoItcaNWPJV99vWRM7Q18HqfrqtLpd2BMUr5ZI+di4mNMgAXr+XWdg4XLy4aqS69GNtqIImUIvixew== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650293995; bh=usxWUtk/jJY1mCgLR9XfM/0RpveDKeL3gru/pqE/ETg=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=pmQwuG5oFq0PrpDuczON/ajDchMtB0SjL4T3JLXzeQ5RvOvOGSqvoYCuuVkZhwp+B71XW7KuHUCVzntZL3nxYWiC5JyHTZuMxeuABHn5PUhgKdpeLaDkUlj5ATjY2M/rNCAtsrRVvseoGE7pSschNI/Li60NYFghNdSCr7duXyeoaXfip9ye6tngauyxZ5QrUc6TUd01Q0anOoS0dzcwis3eKCNgs0hcKqXGmaKbcYiwPxGeRVdL1AOQFLWgzoFq1Yq0nubwdVoIDZLF6bhQvEbvLRJzISVak5xqOBd7xfzyBNpNfdfT+mRl+433Y2dNfMwq++CqfxkiMX3+56NkCA== X-YMail-OSG: JqkFVOEVM1luVx8VCja4JyF.fqBRXx0SRYooL26Bm4esqTjB268wcbdW.G5hyjG OHmJqTCHudTVPxGT2mW4shIUDu85O_dGEy99JZDJgQCPQoqsTrE3jzd6bJ2x6b_3D8wqU26QH273 mik87FsNNg4psNN53bv26ME8a_8_MzEcGsACgzryWyKlH3lzZJ1CCoBlRialYJJAOFZ2HLjnTLUL MVCecfNpwoYmTE8eipLG5YLYK2khmy__85NFnwxQrwIYUHfZ_SqjhFP4cABxqsxtMlLtM74KcLR6 YZSeuxJ361g708yOCJHZbLTps9V3tknVtNPmUdIxfZkbPGXV_su2zvWidGcb8_zbL5TFGUFQXhUr InoyV2ISiK4_LyA8ZqulmbzC1W3W6nQzcmAufkSBQO4MC4bNGC3mxl6eRH5PCDwMHG8JpG51eNui H7Q4lS5TFH0EWVSQr4oNIL7OQ9KRBvpoHuLdddYJ_KhcoyjcQ3WofvXwirgxUUdT7u46pMVMAETU fVMxq_nSjhtKzCPYneXuxRzwJ_psR_ddnkqjdvmwsletF_9wWFmsapqBDpiz4Ek7prLQrRud70GV 4W4mwVyN3xKqeOy7k7F_nlyPJQTdnH5OLdKRwetq0V4zYrH2v5T_mh4ij2Akqs0cd3Y47zM1NKPK i3QIoBI71aP8YPf4.QLw.JmhKqh73ao6GOotC5nR4I8ShqeNonGHifmvQxWYvzC4odWihJD3OMQA J8weal.WnYL.nqw1rzTRycUHsgxyzgUlkhrfhSiw7yxc1AJJTsEZhJgZfFkCxL9DAC6n1zgPKcWF _CM6BUACTDXqq9UujFa14MAbzsXfi3c0wskJ.ZvHegZ_alCOrDjZ.LeNiJGFBO6sFf4fU94aq1Dq G.pTAY40jGU3TXZ33_i9bPuP53mxEnBACjv5.gTeOylaErgQ7TJaW8d6ocwVsFLuO4rUD0Qr4sBm Y3pc2BGOnu4qMqfX_FJfzDcdFxZ7mpnfYwqVd_lbV76Rh3zF9w_POE75S5xxm69x9ac1HJbolYCb L1ISt_pVtIvNaFGcosYcjMEhh3p.5Kdq5Vl2lnZ8zfofeecS2wCkHiHFEFjojqsOxH6LTgZQPcll wtrEjORTURYfs0fnZBJ.dHT4snVZn8nIOmMbwVoLrldelF1xELkSSycMQfiP2nigF6Aa8Bpt8AMH NweXc5ep6LmTq7WpC52TaKngU0MTsZnEHvulrbLcsgReMB0FsebHfOqfL9CUmoRv8mUvtplOiy7X ZO02PdCPvkVX0WvkIE1Ln.F7SokT3JyPf68uuz.HIXMuiqm39w5CxAZjlSTmcx2bfwe.XSCyt_y2 OzHStG1tnDNRoX0R0wbSEo7.xxtd2wiV_UvdjdEtxnezJZxzRwTlh_sxy.fg_pO0wDrLbpnhWZ2K BDMZuEMlpc2YUF7vuIPkymBoR5kPpf96DUKd7BpHEFXZ3ASmsbxXI.WKUzgXwmpzZUjhG6Y3aCMV dPqtD9FxgDIQnrEH3NIMnEa_ERTlnOQJ0xvuTAF0WyaBLnOM2.GCIl7KkmXvHIVC_UVWO15Kgs7R .iT3VA47W_iPwHrGq95Lrct2hy8Xx5XkHbkMRsCoO6ab5s_xSiVHJ3szkkL2R_YvDd24Jk7bplIw gsowuC1Aoy.7JYpOzhh3LddL9atI_Zeo9iz0X4Pe4DvwtVeIH.y7YGLKFyRElURzi3zurl6lGaF4 Joc0ANFC3JL6_PaD_AwU8MC8_IrZBBER_ucGEsatbcKbzVl098bsCCpIkaUnrrcBV5mbXqqRoDTj TMDvYdPf6hk_HCmhudLDPqVUbH6Dvy2fHrH07bjZWGmCFonWAUt5UCY9jBH_NhyRHFcVS2aMGQyk Ch_7NpsagYGXHH4QJOiXCV.GuPPLlHmXB.7SWBwk3y2BhYeGNu7y3PowFM5zSjKBrs9C98cS9.tk BQGCnwAq8fkLxRRzGDUFBwIvoVn9sDxlJYhGHeb1FepOax824lfxyJn6_JyJ67Xe2JZUqPBRa47b 1T7MmElJP9zxu9KlIihh4S1ZvrafRJ.W7yovTv7v2ysH3ZA4C4HaWA1.c0ORJ_DOnOe9ZsDrimIZ co_XNhDTH1kKhP6vCIogKM391zaVaiRkqaXbZGg96ozvtOs6cNEohePqOirsUDGMK810GlzDunGp CfRqMmrjC.vT6uNEupQ.hC1b8__1JGV4asDaKsdktD546nEK0wJRmrn0mSiCQ5Si27L.Xxs0pVwB ZfKmH91wDcJcTnuwyUcaXLTaBgBbyYensZwRKbmFRAofzEYH9VAXm17A82TVbDhxk5lZ3ZfOZ5Pq op1L9ghU5l7ROqT1eZjKoq3MuFqEoN.YwQOM7TfL6_beOtwrH X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 14:59:55 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-8bhqd (VZM Hermes SMTP Server) with ESMTPA ID b46a1ec8e23e86c6d7b566815ebdad73; Mon, 18 Apr 2022 14:59:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 01/29] integrity: disassociate ima_filter_rule from security_audit_rule Date: Mon, 18 Apr 2022 07:59:17 -0700 Message-Id: <20220418145945.38797-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new fuctions are put in security.c because they use security module registered hooks that we don't want exported. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Reviewed-by: John Johansen --- include/linux/security.h | 24 ++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 25b3ef71f495..2986342dad41 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1917,6 +1917,30 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..22543fdb6041 100644 --- a/security/security.c +++ b/security/security.c @@ -2586,6 +2586,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Mon Apr 18 14:59:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816743 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72223C4332F for ; Mon, 18 Apr 2022 15:35:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244370AbiDRPiG (ORCPT ); Mon, 18 Apr 2022 11:38:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345723AbiDRPhm (ORCPT ); Mon, 18 Apr 2022 11:37:42 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D8472CCB7 for ; Mon, 18 Apr 2022 07:59:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650293994; bh=5s+AEQ13XmJQ5q86UAXeH/43Y+kxC2e33q06EB5U9G0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=gMGMiUbnHhDsERpFe0cJKRGjfu0nGxAQUGzLmJxtnM7BEc0WYE73/KpAHMsL40we2oT/Z6FB3X3slh9flfxXLtgDbKR66eHzZUA7WpjCyvssvu3YnuKoBr+DbtENG0NKNEylsFsjFKvxFwrs6ER2HphjpkPPwEnb0n85cV/kh1q7ZzM2Au4tAw+3F030jZYo8fTp1G+NPD/HGr/2t7aLzKnvDcS28zfU9Wraf9prMUwME9aGkVdLMqIDf82KvpdAUTRZj5Dnwd5NTVIUbEL7oqGth9geyKMic2epXiRDoTtj8D4ZRdjt4izwQxcpIKLUJaHFWYd12v93TgoajztB7Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650293994; bh=BjLXPw6EsyNxdZ5g91Qq38qokHwsZUE6FTHAEQ2F2Hj=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=A+pVnqS+3MEhC2GNaMh3IVgAnY7XaveVFzpW5Jrrd4TlsSZKTR27lM9aYlj2EEG3Y2Kh5pFG3arBtsxp9jLLUTkVTARoNof5nxVy3RbxW5nu1QjIK8PUaWQ9jD0LLyCbI+ebYRCWt5LZiEaXKEcDYbNeqrRBVBoavNbdxDJpmn2RCkBGNROpMgTLe6K/kw+Cxv1zcOribOxnik5KkhrbreQF2Tzf4eKVtm51oUawRtHu/WbcXIWPmy6bP7b6cG931AQSMNh4q2GMTzWjPHnuZ8AA72OEh+wI+MypP2jGvBitGJoF8ZQRlq92CrwNRc7i8WrYI6TFCjpW/NFNKhjBWw== X-YMail-OSG: UoP5uCIVM1mdO_UpOrGPVyMK8ObU1SlLLPO6uDLXM7g0o9WmLx1q17qVfLfKxxm DRm2TimsvNVWhoUdV.U0d48838r.LP6EB6xUjNIH7pDmxzGQg38Y1fCxFAX1AAQld1iYDPevlhcU ikSMHe0dqfzbxENeAF9zpvJ_LuVATpPsqBOPAAr7Yzi41yoM_Cup2Hq4s.x6ohP0DZiYjP6zUtwR 3P7VgOREeunARppPo6BOFPrL5PyGagG8hamD.0to2.lP6RFgPz0CF8r4QY.O86i6M___zQguMyfs 81NMJaZixdc1v7pGdOUxKpFr82VDFAABc6faAxMwslfZxpUfNHa4Ol59c7G1W7gA5BqJPdR9TI0g hx566eexUAQ1QMFk4x9IW8BOKZBvcP6ccETIIvauCs2fx1BaB2P9iQP9wfedNiu8X1YiTeTSHZ2F FaQnxtDPkx_cA3BuMTKAknNqzG91t7gZztXGdSLVdYHmxMEJJxzBe5FiWabDUyp_O.xhv6sUBet5 D_G7c8StW9AYK5B19PRAWY54SCjiEApaO_VxwtYBtOaa3zXrXa5A9eX7OPyrg7..fASbokOEqX4P fC0M1vgDL9Uh_P3I1Z8_mErqy0wlaCbc1sxwsR5l.ZSfu2KHFghV9hS92b6mtD1MIx82htxuJ33J ZhIJIrYm9cNs3BXjf8m_GZIw4pLRKKNHHeY4yz1TQg2pk8vIvOLhk38yyDMBNIastuFtxFdTIbSk AOESWJZoqOYGbUAU4KzeArkL5kuXJoTS5cPzun5g3VmQGDx9LOZQWzuTndquO9s0wdRIhvmGrRMt yrcGjH4fhi4u_Ze4cHtVtpcoq1i3AWzAyBxnnEvaHTnESKaykwb0l6crFt6YP3qXX9Rtuh0Y8LxM oVjahRnxg.gWYe8VOE0HErTvMGT__d78iZRn1dCbCGCdXMWTj.aLlRexzxEWpD2N.P3SxQKSWYJS N6nqXi.CXhbyrDdD70ptQLoeTGb4IQ6gl1mXi0LukMjuSci8Ceb6hny_KlqjJjT3qXk18Nodxbyv _b6xtjd41YLWx82sDtgpeUsimcgtGV7cCFWK049MUkhqZYplzJK06jd_9J8A2X9K3gJX49wAPc8C c4O1sSQEUSe81XBJi6QZ0HPwNGYhXiBSwqwlO8bmBeOWxJPcIwgAszQbT2BLRbX5kZlzUlH3oU0U L_XB.GvCNhTMNikMmGeWoHnJdgjJCNYTGKD9oMMWW_Tw0c_IWWZWKAGr9mMvS4DNXUKRWjp23mE4 xy2mhbIBFhSgXbXPYv.35zXRqzevYOBWtmXhwrZk0ikctfVSUJGVgrkolGYu7cyCdAZLifkKhYm7 W4N36lOnoi7eLfRDBwifscoXAuffoch_kG1IInWYFl.MCZAfaWFTF5ToBom2KNV_WA35elBA.zO8 VBqo7N2y_IgVUVWhVI3UPgbR2AU8qOjTNquD2ilXeepnh6_IGfOoqBef5cca4Lg04vViRgwZe8Yt IHg7ylfWhNAKd0lWQDzokRjgolS.qZdcoVZzuS2f8a7aSXny5xkh.QWd4vXf4MOzZb9KOWwjHXlT v3Q1rohTDzOz2Xagl59oXwR.zZYSzHa12DLkUcvi2L6_LH1ISTUa54LqwAa_7miNnIzlLPLZGmtF YLUkqMbeOA0ZNFp_.TrliXvk9U8JjxjiFmtnt87s1b.gkMjEQjwus7WYuycVe4J.bu.pBrvQQ1K5 irSXD4pE5PTPqYnbBG7oHdonmWN79kb..TXUOH.aVbuBWrFHPMwXMKYN6jELefjURwGTrkTTPSnC aGQds7eLV173Q3RNOGFZWXKnC4xO_HKSjuuYRLJ5NAbpMuqOB7I7fHuwcGK6U_xST0aiEH.WaA7E i6.5nja7bi50HGYmITR0LOiGkAGA_e7SJR.uIoZxDaVDZCF9Z0YDwppR4ynrlG05yxXVm7KKZZva vY3sHRPwblWKCFB11N299alQiLSG7d88bpNm5yejreZvVh79mSjmmbDbKKeBI56jFbGr_Yx1wzrh b15gQrYIuADeu7Ep62RxQFmXxHpov1ylZhzlnNHmix47XWmRPADZpJn1g6ufYd_FWLq0VzYx6o7n cW7yzQpR1y3QANCKqGyNKSgLvhMkUgkclf5Io.Jh5GRvnfEjpuwaGJKl7IOsFkBb_Q0xH4f.l81Q 6whsqIVloMeGBTYBrIREoJO6fgzJQs8e0kEOJfO55O56vyK39PmsIgMppTpclAc2bduqys3oe6Ks ZsUN1t7QLaIZiWVMz7EAlHNfh4HXLncJKIj6d2oNxGZERBrQzggZp9Q0PvSf.fO74VbR.x1mU27x 2qaZQ3iGVlx3p1rpNydiMOK1adAWIWQDsMuydNdc92oRZeHw8mg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 14:59:54 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-8bhqd (VZM Hermes SMTP Server) with ESMTPA ID b46a1ec8e23e86c6d7b566815ebdad73; Mon, 18 Apr 2022 14:59:53 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 02/29] LSM: Infrastructure management of the sock security Date: Mon, 18 Apr 2022 07:59:18 -0700 Message-Id: <20220418145945.38797-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++---------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 82 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++------------- security/smack/smack_netfilter.c | 4 +- 10 files changed, 145 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 419b5febc3ca..14d88e1312eb 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1605,6 +1605,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_superblock; int lbs_ipc; int lbs_msg_msg; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index aadb4b29fb66..fac8999ba7a3 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4f0eecb67dde..be8976c407f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -782,33 +782,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -817,8 +799,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -874,7 +856,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1059,7 +1041,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1072,7 +1054,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1156,7 +1138,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1166,7 +1148,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1183,6 +1165,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1219,7 +1202,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1771,7 +1753,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index 22543fdb6041..d956912741d5 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -204,6 +205,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -340,6 +342,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); @@ -659,6 +662,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2276,12 +2301,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e9e959343de9..7aca813b5826 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4535,7 +4535,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4592,7 +4592,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4608,8 +4608,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4624,7 +4624,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4759,7 +4759,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -4938,9 +4938,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -4972,8 +4972,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5015,7 +5015,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5048,7 +5048,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5116,13 +5116,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5182,34 +5184,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5223,7 +5218,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5233,7 +5228,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5250,7 +5245,7 @@ static int selinux_sctp_process_new_assoc(struct sctp_association *asoc, { struct sock *sk = asoc->base.sk; u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -5308,7 +5303,7 @@ static int selinux_sctp_process_new_assoc(struct sctp_association *asoc, static int selinux_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb) { - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); u32 conn_sid; int err; @@ -5341,7 +5336,7 @@ static int selinux_sctp_assoc_request(struct sctp_association *asoc, static int selinux_sctp_assoc_established(struct sctp_association *asoc, struct sk_buff *skb) { - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); if (!selinux_policycap_extsockclass()) return 0; @@ -5440,8 +5435,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5458,7 +5453,7 @@ static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5479,7 +5474,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5496,7 +5491,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5580,7 +5575,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5709,7 +5704,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5732,7 +5727,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, sk = skb_to_full_sk(skb); if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5825,7 +5820,7 @@ static unsigned int selinux_ip_postroute(void *priv, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5854,7 +5849,7 @@ static unsigned int selinux_ip_postroute(void *priv, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -5903,7 +5898,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -6903,6 +6898,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2953132408bf..007d1ae7ee27 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -194,4 +194,9 @@ static inline struct superblock_security_struct *selinux_superblock( return superblock->s_security + selinux_blob_sizes.lbs_superblock; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 1321f15799e2..800ab4b4239e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -68,7 +69,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -101,7 +102,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -236,7 +237,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -274,7 +275,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -355,7 +356,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -373,8 +374,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -392,7 +393,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -507,7 +508,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -545,7 +546,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -584,7 +585,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index fc837dcebf96..ef9d0b7b1954 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -363,6 +363,11 @@ static inline struct superblock_smack *smack_superblock( return superblock->s_security + smack_blob_sizes.lbs_superblock; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6207762dbdb1..2689486160a2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1434,7 +1434,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1817,7 +1817,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2237,11 +2237,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2255,11 +2251,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2268,7 +2263,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2281,9 +2275,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2396,7 +2389,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2428,7 +2421,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2460,7 +2453,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2533,7 +2526,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2621,7 +2614,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2715,7 +2708,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2763,7 +2756,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2788,8 +2781,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2852,7 +2845,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3583,9 +3576,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3631,8 +3624,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3669,7 +3662,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3881,7 +3874,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3903,7 +3896,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -4007,7 +4000,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4056,7 +4049,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4105,7 +4098,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4125,7 +4118,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4211,7 +4204,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4747,6 +4740,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), .lbs_superblock = sizeof(struct superblock_smack), }; @@ -4857,7 +4851,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index b945c1d3a743..bad71b7e648d 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -26,8 +26,8 @@ static unsigned int smack_ip_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Mon Apr 18 14:59:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816747 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D6F2C433EF for ; Mon, 18 Apr 2022 15:36:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232987AbiDRPje (ORCPT ); Mon, 18 Apr 2022 11:39:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345227AbiDRPjC (ORCPT ); Mon, 18 Apr 2022 11:39:02 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53AA4C11 for ; Mon, 18 Apr 2022 08:01:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294089; bh=Mc99k5LJl1NLZ3vwr3RCF20H2bsg0Mu/p0/f5FknUa0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=D8lrLN6oStFphaA+ugoHbcXUIfNi92K0b+P8UXdBt+BmGPFjFx4peRBpDVXhZIm7dp+ZOhLshPXsEtv3UjklEx0tEkvZBPZ/wGKnEfXIRWklrTLHBXMDZzNGdU0ousJO+2BiKbPHipygo+fkhEDEp77PA3WnRzqyGG9LoFfJwVFopJMEjsM+7Es+I4RTZxl61O+yLJ8B4z6ymDrV4Mv9e10cZTn17zLJRUGA+N0rWL4QI1/OcJl+ZFGb+jy43nWqqTw/SGaw3RrAhMX0tAQpyKNVjefZuYL98Cb1I+bIzaH3nODQwXDC8ZQTM6loA3O1+UljOlzj+4P+Rpzt2fIGiw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294089; bh=LNSOwznnzLPNrJQyNnDMP3+r0kgPoszHtGeuRo10+L1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=OFLgGGJx2zxNra9EL8hBaiDvfYYArWjChnDbmKd/YJwPlhiKIO1yO3YCHZjGslB8OIo9NP3lblzPBWpole4M8Bl1AILHgd4djQjVu45vbMbih3GHiFk3Ff4Dv2YBWu813HGmILEsABCDXgGTkv2e4RndeYwmJJ+esC3FCelKs9xXErlvwEAAu9EXLEHWz7D9vjzPcjCKJSmVpCwwkI/ery2ILkh9Bl/Feehi4en9sqRz+5GtZgCVW33fTNrSNNtzAVX0xmiH4/tKoKvUkEg0svn8cl41zAREschvtTS29gvJEfOz4gNCSQBx4pcZyOb0WMEkRBm6IIM3RZAze4grlg== X-YMail-OSG: xHKeIuQVM1lQKYFJWtO_xtbx2IeizCeMk.2M0J8ahA0_Cmo0eqa9K4ylssacqcG uHtbplq8dadI7BBCIFLoqMtmBrUVFs.7CDiSS5o5E91HLpdQg8X0jaM14Hi..1pmBbhPNYlZ65ag 2R7hTOEMwqLueekTmXfQITjo9JTccRZwRPR6UBayZRiA44YEJgy.U7GWjMikUcwKmX5Leo7CGuEc GebKhPkJBDRyHQgfsedBqUaG5lQrWQgaNpSd.NUP13DmWpOnShaJ27sFcWvWyrRgzMIxDiPjcXER 5deMz.UKiURmHA.Ah1Uktf4FCC3xtxW7yQMQWTviorlE7aU7nrWIsJvciwpO5r76FLKNKQ3lZr7Y p4SmToCB5mmHeUh999MQr2RFOInnmgXiP8WIev.eMP6H2A6bryBLDS2x5V4goJb4czev4Eh3gWT7 pAXkr4JOiAHZs.fHvjDxkUI.A_qnyq6syJyjiATPHFLVUoODUacf2moSWvFx6ifTShyQgyaUKdwe NnTlpJAH1_SPNSJZAsQNpqX4pYIWds4cGILAQdc0Axjo_KcpVDks4YHjk4VZYcP34vVpizjdaKBQ IFd86j3kYpSy156xqZOIZWxWyH_r0AfPn7EByVyFcVIffW5bs2ELlAwnHQMU58IrkyE39ZgMw.Jc veQXgkD6KRGY3FaJCKOIjfRz5hgoKoZkUnmLyhGjyu4IwtESYjVpeR0hO6jzDJn5UJ2Qm..0w_g9 BVDbcl6eQ.dsyF1qxmHi8fdVMa.eORgkke2ZZqYIDd.rSLxkhBLOrbhShP5zYv8j2KtVzr.SNM2g yr07hrxULe6U3T8OA9Qd_XyrWqo.uPRzKL.Bn8T0ES.wvSX8d90Plz2_daHh6.ius3rOXrpKJdz2 ngOppaVH02AEMwRaBIECxav9GXmP4FPVwRfbSOYP0DzfJXNXZ4Pjh4mDgkX1QWZ6Uc.49pR3mitg IfZnkD37lYwsspzH.N5CHkOcu1GDTbsIRnOhbA_yICJntfpL6sw7rpGXpSPCWmfxA552AWfSn6Ut cSIAJRcj28EzH_85XOSYl_KGRPi6fmYh7VjYB0BUNtQrtdaz5nzpZDsdF0NsH0pazBZrYY9wNIx2 nXZoZiEygss5NWN6CLIaRdXQ8TnJ17CHDd2y1vIdJF13Ioftw7P1QJ5co7aVqDuAip09UPtBc9dB tymT2wbXO2GzVfJjpAKEMyrlg1f3eqiJyVmIRYQ0jB7c4C0clwD23mknRgL5qAtZonw6ToDlXDR9 2O4yF_pAJvVNOuk.1GMztMlDGlgxTCy_dBtydKyAK6mesgGpsOp4lpwjzDE1XH.jTUQVzwmfLVNX mMS.5UTSIjGjkIH7nnU79LZFlev9UzZuM2SBQjbLIer489bAnE2Gsf4icWsI3j0RrHE1KstkvcXo F7fuZsa_bUdl4LjLH3HaR3hvURDehCrTb9FWkXDRS2q8SXv9dgolgiy95Bm6QFBbL6A9MkH2P9F. 5HgKtDgHuc3loTuHW8Tih.gXG.iA5VH0grjouHJnbD1F6qtcghohwF2Ny1BbsdKF6EeYR7hNBlnR 4Svqxb0Lzx7MeNFPh5lQnmw0PncO.8tRSrmhUgkG6sM4IS.tKLO7de5xviuR6enuYwDyyDMKY26Y 86mqYx9NGNnWXJilfD6ECyBoShFrggReVnR2uMlbSGoufqZXnYOFnXG6XUaP6xS2fb7KccFSLKwm ZxRmv32b.ILaDalk24flUQY8Geys8FgwlsB__Z8FA3cabUM_J5T8qq9WSYrUFJSsDnoHFRA8WBrH .1NxI4l6xT7Bo.5XPgHDdGW.mBFxlDQP9qXhslYkPmu7rzA8M_NSDgtaOwSo6MoiX02yIfp91og1 P4L_f.lgz2JDRasvJPznepowALjtS.DFGxVMii9VvPqbJOiJoymGopFx6ngx9XsMjTglsQROIbaC avZCKTSa2MoJVx7LFNGQsjUOTdu9k1uHLM4Q4XdGFnyWTgm61788weWwcr1C81p5wgTgDgFE2QAi 6iVh_zkSdk8eHH7vJWo05YW3Ur0zlh_sTnFqWa_ZarfEfE8SqXD3mrK6I5K34XUoYqqhT8yze_zN LnViPUwDAVrcGb1mXIzB_6Qu.5U7oNwreWnsPWZ2xDqwXsw7umnisOdagDhqPSlGszqy9dnMMFhP IQnvvU0m0x.TttGnCeY_LvQSG7QNT3qNNYs73bulasVA.vfHiLDa3K9F38kSXT2x_1I0nD1lslQr CeaHUo__bFRGZXV.EhApqD26SEHW2lFSmRWqTIlqmSEljcpzOQcuX98e.Mn_Pwctz96sKmuSlmUa GAfanOE.sYdElg6DDwOE5uz6H5g6tYamz1Zd3Sd3mmW46L3k3Dw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:01:29 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID becb8feefeabb669980d2a553c076f56; Mon, 18 Apr 2022 15:01:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v35 03/29] LSM: Add the lsmblob data structure. Date: Mon, 18 Apr 2022 07:59:19 -0700 Message-Id: <20220418145945.38797-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. A new structure audit_lsm_rules is defined to avoid the confusion which commonly accompanies the use of void ** parameters. Signed-off-by: Casey Schaufler Reviewed-by: Mickaël Salaün --- include/linux/audit.h | 10 ++++- include/linux/lsm_hooks.h | 12 +++++- include/linux/security.h | 75 ++++++++++++++++++++++++++++++--- kernel/auditfilter.c | 23 +++++----- kernel/auditsc.c | 17 +++----- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 +++++- security/commoncap.c | 7 ++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 5 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 82 ++++++++++++++++++++++++++++++------ security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 21 files changed, 254 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index d06134ac6245..14849d5f84b4 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -59,6 +60,10 @@ struct audit_krule { /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ #define AUDIT_LOGINUID_LEGACY 0x1 +struct audit_lsm_rules { + void *rule[LSMBLOB_ENTRIES]; +}; + struct audit_field { u32 type; union { @@ -66,8 +71,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { - char *lsm_str; - void *lsm_rule; + bool lsm_isset; + char *lsm_str; + struct audit_lsm_rules lsm_rules; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 14d88e1312eb..fd63ae215104 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1587,6 +1587,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1595,7 +1603,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1631,7 +1639,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 2986342dad41..ed51baa94a30 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -39,6 +39,7 @@ struct kernel_siginfo; struct sembuf; struct kern_ipc_perm; struct audit_context; +struct audit_lsm_rules; struct super_block; struct inode; struct dentry; @@ -134,6 +135,66 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize a lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is a value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + const struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(const struct lsmblob *bloba, + const struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1887,15 +1948,17 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules); +void security_audit_rule_free(struct audit_lsm_rules *lsmrules); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } @@ -1906,12 +1969,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 42d99896e7a6..de75bd6ad866 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -76,7 +76,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(&f->lsm_rules); } } @@ -529,7 +529,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + &f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -782,7 +782,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -796,9 +796,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + &df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -850,7 +850,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1367,10 +1367,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_str) { security_current_getsecid_subj(&sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_EXE: @@ -1397,7 +1398,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1429,7 +1430,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1444,7 +1445,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ea2ee1181921..d272b5cf18a8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -664,7 +664,7 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_str) { if (need_sid) { /* @tsk should always be equal to * @current with the exception of @@ -679,8 +679,7 @@ static int audit_filter_rules(struct task_struct *tsk, need_sid = 0; } result = security_audit_rule_match(sid, f->type, - f->op, - f->lsm_rule); + f->op, &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,21 +689,19 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_str) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( - n->osid, - f->type, - f->op, - f->lsm_rule)) { + n->osid, f->type, f->op, + &f->lsm_rules)) { ++result; break; } @@ -715,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + &f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index be8976c407f4..1e53fea61335 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1168,6 +1168,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1853,7 +1858,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5fc8986c3c77..c94ec46e07ac 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1446,6 +1446,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1470,7 +1475,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index 6725af24c684..56b121d65436 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 97b8e421f617..319e90e9290c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index f55b82446de2..54ccf55a077a 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..759e00b9436c 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .slot = LSMBLOB_NOT_NEEDED, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..0c368950dc14 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index d956912741d5..49fa61028da2 100644 --- a/security/security.c +++ b/security/security.c @@ -345,6 +345,7 @@ static void __init ordered_lsm_init(void) init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -472,21 +473,38 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + WARN_ON(!lsmid->slot || !lsmid->lsm); + + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -495,7 +513,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2088,7 +2106,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2101,7 +2119,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2599,9 +2617,27 @@ int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrules->rule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2609,14 +2645,36 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + hp->hook.audit_rule_free(lsmrules->rule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrules->rule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7aca813b5826..429309d8a910 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6992,6 +6992,11 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7308,7 +7313,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2689486160a2..6e0eaecd8256 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4744,6 +4744,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4947,7 +4952,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index b6a31901f289..e8f6bb9782c1 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -573,7 +578,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Mon Apr 18 14:59:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816745 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18234C433EF for ; Mon, 18 Apr 2022 15:36:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345333AbiDRPjU (ORCPT ); Mon, 18 Apr 2022 11:39:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345209AbiDRPjA (ORCPT ); Mon, 18 Apr 2022 11:39:00 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F443C17 for ; Mon, 18 Apr 2022 08:01:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294089; bh=h4uO5wfKE/cDGnftdi/csMqvrdQfPZIUSP+JM76GUTQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=UitKE2gzvIElNrdwR1bhYdlwI3BQTZDvtHTcfbH3tPKjR5wY6fSe8KndSc3XNJF6hUf3RXImo2JOyx2BWaZ748jxJJh81+6C+vflJpP7daNq58gtPpa/p7QCxIB9Aqi5Tao350A0kxB2CEfskkfezpiDWhGglOQpXdNUYMz5TjF9dTEG8QP+JIZBvt/nPRMWZacjw3waJ9Ru4+vuSVbbF0iZofJTXR6V9obr8RbuZnak8ZVVmhEFjceZJQPPTmcUiyDXhcpol2OspoLue13ch2PanrrPTs/pjavIthnzmMLyZYcJNN3RghKiajXlOXN3VDHubHfEcPTL4QAF0KslYQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294089; bh=7RDt25DgO/1jehz2/1JFYx74yTwn7B4EZrihbypNMS3=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=D9cWQeOTAkfNFb4US45suVsipnFinPqQ+0S4NbZFYT/+bUtm0VdWy+jrjtAwOJ0t2xFUXOB2WbTgXW0z1epV87K3by4oOlNhr3sawXRQFm3iXeI3RiRmtfsqO8yf0dngKBXf8vTtsm4h9eWJ/xxt9Pe2sk9MDSKa3IKV6Q7DhO8unrgqRL6NqyYhx6MjPKc05KHCN5DLP7/BW6fG2lLywh0x2EDURr1TLXvHayJlWdd3g0pmTCyeCtuZHNRlvcvAorG51ULSv6pfAdOCkM8LpaYi9uuGoVfKK/zrMyYlBECPcsIqw2ghheN81OTAhrj9MJINRii9oc3TSaWU7hGnIg== X-YMail-OSG: 71NRkb8VM1k4_YGMFl9rqttulA6RIHKY9eQIEKpe1UEyjVep7cVlGQjTkqQenEK dFiwL0F0HCrhBk1IQrtb6ECCMPMrdzvggQY9x.7Ct8UOs2jUFaQJiia7ow.wCS8V8wf6LZ4PH1L2 HlmUKGaZM4phvoZVybTUQ4O98xu.DcG.mi_o2F2saOHbNWaWDmAMI1x.kzpiiboZwNFiy8YoQjkR tSM4c7LPsE5Zof.zBh.b21cMUrs2K9IvbXzlpKPNkZnqG7rxn0dix0683FYupYWV7SOJbpOAgIOt T72IMW2OrDXpKQWXO_obgLHVdeg9dbWiw9mufH5ey_iMgSSqBpqk0O.jgJiVOd.gYZuvsf7B9eKj 33wwcsUBu0YbjDrh9XiPqRi4JqhQdLj_u8jdB7BuVIa.cYKFDi9ivpiK9YlOrQyx1eayoTRm6AgF rnBY.W8sZ5qmRB0fD130ydBJflLpKUwwWst52L5iwZPXvpV9qRSH_pF25l3KIk1.G1fQp.RVQxoq IxwsVV3tg3srmuOBdL_x2g.d3rQTDO1Qf0jzhXOUlEA7CS4H8vMuLyrM1AJnuR6xEkmkpYLo2YEK CoGsDzYKHC6nGZTdqmaKhcRLdUq6D78jy7cpTIJu2eUVcuH2FU_GQMW7mP0.2ciHg0jCN5q.p_wi BIKtz1ew1MEL2Okn1F0Rcxftu5PjBwpRB3dmyPh2yK0w1QAc8EmV7k44oe6qiqcvkxBpgRoZa8M_ I54w55MQdGNAOfLVUW2iUDgzzRrlbZM3kTn_bF.Zoz91y0QNgBCQmxdMejgiqR0dzBZfVSYhdZzY OMPWQJLLNuSu_IAG54BCZgN8toPAPv8zhmFMT0CvU2xVZ_aa7uokb7CAfma9fEFr9Sv_8EofuwRN .a..cQ4P3jAXMRZap93o4fSA8_KqxDOreC84CRkP8c6SvFLNm2MWNByvpDc4kvkUKBQfcctn0BLO ca51EKOLRDAlLYAig9B0e9eV3_OgAwid94lqANPCweYHRiILrikPvTSAQusaX6S5UjxthIUpoqza Rw.8Kem.QmAgXG6_mHfRM_inJASUaqEyy2CCdCGN82APb2ikkm4qlD_PR7Y6SaTDRQ_XjCPH92tf 10dwROiGg_vzlMsEboYm2ed7fBZWMWR.OL6O176.Ov95s2xHKXlttFUJ9zeo777IzQxcXfib5Dat uZnJTo8_Qlu_5BbKAaDd91NDJD.iUNCvedyoR40K3ziIBZDUgrkYrFDX6urmIDYMGt5HRFi9cJZW ZgZXPW5JypN5YRRpBg1nmnAfltB.Kj3WAjUazUSVSyXeXPeg0.1jFpYmTRYS.i7np9gtT56awkem usmkThnUNTtmx7vcGO2x8d7a_v.2JliQ4q7xFZZAY0k9BDjIJ65XFVGOkqdbaFVq6v.n2SOicvGZ 4PyG4YgzlfC9QnhHBlCVbwpS.hEKLHcmxOxUTdruHQ9ZLNZDSyBJ6375q6a9bOxChcPPCkygMFj9 cDz6.fCAMJFLrxVQGcVMGWwlhUItbEHrQMknV8VSu5m_QoR31hJeXEc1mTHau0aXllDy8sLmKcKS wB94QGY688nNrVpzNQEQNztpkkknvbU6ZrWaU3gcepZq8QSS.RiaHvuyOZ93QX3Bo5sbP6Z3DaLW 5WFS7DVoQWAmHLiSnbXLUO9u_uNgUTAxlFwBiEFwA8ESmufs_NT3j_f1yKghxybzHwkDvsoQjCaq YWjbFbh_kO1DHxNmciGyV8cWlWz4QvyltTYHVY135Bgt8I8VCsxpksBhIpqsH62HBESpbNdRCOfb fGfrd2smPzccELVEGyeetPyUE7IQqH5FIlFvnvuoGRgStiVKjFtjdusG_LGgnYhgZrKa2qmMRuET FpsKI7MozkCF5cinpx0AkXGpAyHhmz1aRyvC0Y5O.6IMoNOJLf.9bXj5ghK5ct_9MRGduMnfx0SK V3oqEUC6ID8ex3eXMr1Ke5Oy4GW.DG5rbceUjzIHLR2nvuv1p.079B5L7CN6xzhgv8ACV694w3j4 2jgmMa9ydELMDHqMyVsw82gYgEDzlJClNjb29QxAmzQs23T.IoLIfuNH_Bmu6e.fzwCgAx3nfa7U iZEVyHUuaeAclWlY4fGQBQJ9hKVbtT5YHxCGMOimlLCivaen3xihyL7CrNROCC9nLkk5Os2u3CMn NLZY86DDjHcn7lN.URQ3mfI3XR4kxYSRQduRRSBCsVjg_jgyAG4Iu4tGPmNM_K5mS1kmE4X0uMH3 9VNYD4wd_4h3LgGhpEBcWlLkni.TtsnFbPbbmBqxliaiK4Z3bX1bY9bERpM7DKLyk_ZeSfSWG05l KY27AZ_u0ULSg4qjqTNU5sFwik49q42C14ox_t1bo7XryEh4TGw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:01:29 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID becb8feefeabb669980d2a553c076f56; Mon, 18 Apr 2022 15:01:28 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 04/29] LSM: provide lsm name and id slot mappings Date: Mon, 18 Apr 2022 07:59:20 -0700 Message-Id: <20220418145945.38797-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide interfaces to map LSM slot numbers and LSM names. Update the LSM registration code to save this information. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/security.h | 4 ++++ security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index ed51baa94a30..d00870d2b416 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -195,6 +195,10 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, return !memcmp(bloba, blobb, sizeof(*bloba)); } +/* Map lsm names to blob slot numbers */ +extern int lsm_name_to_slot(char *name); +extern const char *lsm_slot_to_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index 49fa61028da2..d1ddbb857af1 100644 --- a/security/security.c +++ b/security/security.c @@ -477,6 +477,50 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * lsm_name_to_slot - Report the slot number for a security module + * @name: name of the security module + * + * Look up the slot number for the named security module. + * Returns the slot number or LSMBLOB_INVALID if @name is not + * a registered security module name. + */ +int lsm_name_to_slot(char *name) +{ + int i; + + for (i = 0; i < lsm_slot; i++) + if (strcmp(lsm_slotlist[i]->lsm, name) == 0) + return i; + + return LSMBLOB_INVALID; +} + +/** + * lsm_slot_to_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *lsm_slot_to_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -498,6 +542,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); From patchwork Mon Apr 18 14:59:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816746 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23263C433F5 for ; Mon, 18 Apr 2022 15:36:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345392AbiDRPjV (ORCPT ); Mon, 18 Apr 2022 11:39:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345237AbiDRPjI (ORCPT ); Mon, 18 Apr 2022 11:39:08 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BCC92AF8 for ; Mon, 18 Apr 2022 08:01:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294094; bh=NhXiLSPDZgHzjNbz7VuiflhsW9/UCs4f9uR1dVs/P+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tsOQJbRjFxqO38j4n0RqjGnlcjEXruGzGN5jkt+78ItgcMMeBUKN3CFLh/z/HPzPjcD0xW3PBtTIpxx62uyq++vowIO9iEILzDqgwTrGuOI4gPnmTPdJIVFPqdDNPX5eKw1M0o923fMW+Bk70UCg8oj9LyaZBzpLVWgz9OuaMRtaaRPGfEcf1DdugrHvqD8IzlxwxmzEUJgIsYB0igTK1CBKIZwJfOrvWV7MBwJWAU0dRSYNGqKuOTD2F6JL57Y3gIyoGLGXop82FvKV4w4pIqraEPJMH22HzP2r9GgW0mPPyjkws9iUK8MznjH7/FAT52HXcD8raXDmdKnf4D745A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294094; bh=mDGAvSgifJX3vaidCWZOVIabrWSbzo6iBLUKZl1sLGl=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ew6aFLDqYp1vOpp/ix+FpNqCsbGEyUH/rwi7G7GNw+1B6E13jjMdJHeWL69mfaYgXbWIrrj+j9YtZ3t55dk/h1dCbfRyjvcTAR3lG3OFcgQZvgX2kLF1MxgPt25qxa7ugqT+N4eLQXTaqbcNKS+yujDPB+AcWSKAkpuH66AFVrYzl5ryPjOo0h4dz5o6nnwQ5sy1M+Gk300XWonI5q8rLz40uS6wEM4RpKNv7igMOgkBRH6wCwudaClb3+ylBd5HGEoyhRguoqL5xnTK+MGWe7DNq9YHgQPOrHUUpwo7gQvpEviYQQbhZAVgERYdlASdB7yitSCmgjzDP24X4XAh3Q== X-YMail-OSG: .ORc7u0VM1lnIWztoGkpCrKlVWLUxOrWVyieaK4d.kcVtSKNEPhm10r0u5axynX bACzQRw783qsRNLaAeqs53WPfXWn4YySEpWLQ4Y6M4kL9QWd6R._tP1WvHzxDTqxk2TfPqjRybND AALlHdh3K0nlMtvMFTb9nUOW9TDgnU0MwUuSaKiA4OGao0RpaaUsSfId6nL7y27qaxmglReNL8og n2iFL9U3gxFufs3FZDi8rpqnDWlMDaIWuM421BWCHpBZHgKRLnMlqxX4VeuyTpzaYKztvgYf3Tli CdKyIyHlnUL41ZXvq3HMfZbP6Ti9V_fUnRQjfzuUuu3MnHIJymPbVyOBwFWn2dR3todyHUceo0dx Lz14pHBn1Om00MyPxC.mKpc7aK0qEmsyPsPIZwaGB8vQ0yyHr2NxtAEk.83chWmoVvX4Zx2rkuZD IfnFmXsxLHXsz.IKz6jO8n8aCDJW1D9s57bJEwaPMFXGoeQ.GatlXe1BMGTvWpSA5zFJXho_R8vD 8vNlei0Wz2gY.haKg_I6veAIMXEgtPq.2cVnfPl6HiwzsXxGhD0DGnCalnjj_Egafy_nz4vbkeeI xGu0i9n0mXuTEDYPOOaQ2jkNuW.R020gT7ZB8JnHLNViH1WleQilDnAsBmigisJqkJvgihiPqX6t HsL2JgTVrmMBWl9NmmLPVa.4cHZd69O9pFm6OuCZLqwEcafUOiQb0dvZtbOUfEmGwGp2OELmy7Dj RxIhdnTXiItjJ04VXl6o9IMVLytLp437glyhjSgGY9c6oGQIWYVwIA7FwkrYUwC0hst059QHHXMr 2JXNFYsSCbgnzYC18LreH_hxGx8smbGEsIQX_GQLyyxOwtzfzMYXSKXNrcD8.gvnfJ47ehb0x1oG jvb935AmgrS9jnC4cwiZ1FfprDUkpz48Buc_P.7SP4PTQx8ts.gubVrdf.Q3U5c73xQlHkTg3o7i mQRRjaRClI17za_WKyokfVn.g.xd2URMouiT1Y7ipfda.DJF0w8EiODIGrFyr1rqpMS65rK.o_PW vKd2_y57IpdEq3RagyTcOrouEYhn1RyMbSCzspOIaTQTzFFBJVAvnvS79.nC.e5eUaX3ym4n4RoG LsOXZ2yYm2QYkE9dULKmrqfr9Ca6CFC5YUbrvF2w_WNx9G1vKmS9IP4foHWOW8MxDchBl1Pex_30 QZaRluKYo1DzY1HqjXlPcEGMHl9mxutGtAM8Sn.GJetC54g62Z05NIo4WmYe5kaOJjjxaY969owx 9tZxU1OJMJDJ6uyaWSf0CNMnMg2xUDBZHd0y6Lp7mres0xFLWlAHhtkMmRIA.7x3wY.4ndJAfWs0 rkOyDVsWqZJiHiBd.vVqgyyEMBEyoB4qFRmw_MPJ6rc8ZXmZMPzWTlwEa4y.DcczLM738i1szP9o RbE4dL22WNtDilz1JhyhzYISUBfXMwfwYMzNkD_c4Y.y2gYCnb4sOeR2yD3HlFW7Ns8GpfYjWki7 6gPv0bYWl5iq5235FZOGbkYh7aetoLkvsXAEG23XFISY2aIoLDJGFZABsnaj9wHQSg2208QYRLnN FfpUvoAqJehM1.VvTaEGFiLMm6gUzf4q7mbxyzBhePOzLKa16RZmZHnxzEr_i8r72TwNAHl5Jn.Y qr5pbybV_q.3VgZ5SDqtQ_1xLIt4jsx1e6pCMpDxD86BDCJC83ytleY3zCngKCc00d8srmAnL4S9 JMb7RPUcUHMxdRkBh7qMeZ0Hy9Zw1GxxTRXHCz6HudJq6pTnvbn7Dq0MtDfzltAA5tD3CrmaX.RK 3araur54Qormj8dYA.bMYoeI9ehcjUI16SM333tY.gb13sGttU4W5Sefo6Q7RPax0Ht4MOgrh0TM oYF_HNbZXkP3beRNFEONcUaG0tXL3m0PeeAZcjG2tqv0Fpznsb0pjjFogZPbwpCGaE9lhiH5tNlL 0phEFw9uL2Mrrofhnbbn_s4oBQflrv.ewegeYz1_zOJuEp7SawmsFjhtl864iaUkfkH7UxWwGcyd LThsNeA9MXFbMZ0VShe1R6AW5ijhb2TQEehd6lWGtPNam9tUMtJdJuAmb6a2uXb8UcB.xW5LgX21 CNDgrIvrwYFe7y7l2njaZK0cAY4LjXHtvUZkz13X2UqqXJ4zF_spZTljAw60Kl42a..EgwAJMVU5 SVOPpJrp84gEItW4xpDGO0DPty8xiuNf79bVvnW39XkGwYCFMqEGfTU5dAjcZHoUfBohNn_a2gj4 r0H1V5tkkcZkcWVmQ8UQl8IKnZEC6QnmIM2cyMVU0d97gTMaiDuARLyL9tL5wNgauppFvV3hgxDd 4T1KnPN570_l2Ppa8e5kn911_4i9rCZ.w3RP92QH6xX.cB_e2uE5_JxYCE17Cv9jQsa.p9OZJAWt S X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:01:34 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID becb8feefeabb669980d2a553c076f56; Mon, 18 Apr 2022 15:01:29 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs Date: Mon, 18 Apr 2022 07:59:21 -0700 Message-Id: <20220418145945.38797-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Integrity measurement may filter on security module information and needs to be clear in the case of multiple active security modules which applies. Provide a boot option ima_rules_lsm= to allow the user to specify an active security module to apply filters to. If not specified, use the first registered module that supports the audit_rule_match() LSM hook. Allow the user to specify in the IMA policy an lsm= option to specify the security module to use for a particular rule. Signed-off-by: Casey Schaufler To: Mimi Zohar To: linux-integrity@vger.kernel.org Reviewed-by: John Johansen --- Documentation/ABI/testing/ima_policy | 8 ++++- include/linux/security.h | 14 ++++---- security/integrity/ima/ima_policy.c | 51 ++++++++++++++++++++++++---- security/security.c | 35 +++++++++++++++---- 4 files changed, 89 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 839fab811b18..64863e9d87ea 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -26,7 +26,7 @@ Description: [uid=] [euid=] [gid=] [egid=] [fowner=] [fgroup=]] lsm: [[subj_user=] [subj_role=] [subj_type=] - [obj_user=] [obj_role=] [obj_type=]] + [obj_user=] [obj_role=] [obj_type=]] [lsm=] option: [[appraise_type=]] [template=] [permit_directio] [appraise_flag=] [appraise_algos=] [keyrings=] base: @@ -126,6 +126,12 @@ Description: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + It is possible to explicitly specify which security + module a rule applies to using lsm=. If the security + module specified is not active on the system the rule + will be rejected. If lsm= is not specified the first + security module registered on the system will be assumed. + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 diff --git a/include/linux/security.h b/include/linux/security.h index d00870d2b416..3666eddad59a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1985,25 +1985,27 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #endif /* CONFIG_AUDIT */ #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void ima_filter_rule_free(void *lsmrule); +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot); +void ima_filter_rule_free(void *lsmrule, int lsmslot); #else static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, int lsmslot) { return 0; } static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void *lsmrule, int lsmslot) { return 0; } -static inline void ima_filter_rule_free(void *lsmrule) +static inline void ima_filter_rule_free(void *lsmrule, int lsmslot) { } #endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index eea6e92500b8..97470354c8ae 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -89,6 +89,7 @@ struct ima_rule_entry { bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */ int pcr; unsigned int allowed_algos; /* bitfield of allowed hash algorithms */ + int which; /* which LSM rule applies to */ struct { void *rule; /* LSM file metadata specific */ char *args_p; /* audit value */ @@ -285,6 +286,20 @@ static int __init default_appraise_policy_setup(char *str) } __setup("ima_appraise_tcb", default_appraise_policy_setup); +static int ima_rules_lsm __ro_after_init; + +static int __init ima_rules_lsm_init(char *str) +{ + ima_rules_lsm = lsm_name_to_slot(str); + if (ima_rules_lsm < 0) { + ima_rules_lsm = 0; + pr_err("rule lsm \"%s\" not registered", str); + } + + return 1; +} +__setup("ima_rules_lsm=", ima_rules_lsm_init); + static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) { struct ima_rule_opt_list *opt_list; @@ -356,7 +371,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry) int i; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + ima_filter_rule_free(entry->lsm[i].rule, entry->which); kfree(entry->lsm[i].args_p); } } @@ -407,7 +422,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + &nentry->lsm[i].rule, + entry->which); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -623,14 +639,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->which); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->which); break; default: break; @@ -1025,7 +1043,7 @@ enum policy_opt { Opt_fowner_lt, Opt_fgroup_lt, Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos, Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, - Opt_label, Opt_err + Opt_lsm, Opt_label, Opt_err }; static const match_table_t policy_tokens = { @@ -1073,6 +1091,7 @@ static const match_table_t policy_tokens = { {Opt_template, "template=%s"}, {Opt_keyrings, "keyrings=%s"}, {Opt_label, "label=%s"}, + {Opt_lsm, "lsm=%s"}, {Opt_err, NULL} }; @@ -1091,7 +1110,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + &entry->lsm[lsm_rule].rule, + entry->which); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1780,6 +1800,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) &(template_desc->num_fields)); entry->template = template_desc; break; + case Opt_lsm: + result = lsm_name_to_slot(args[0].from); + if (result == LSMBLOB_INVALID) { + int i; + + for (i = 0; i < MAX_LSM_RULES; i++) + entry->lsm[i].args_p = NULL; + result = -EINVAL; + break; + } + entry->which = result; + result = 0; + break; case Opt_err: ima_log_string(ab, "UNKNOWN", p); result = -EINVAL; @@ -1816,6 +1849,7 @@ ssize_t ima_parse_add_rule(char *rule) struct ima_rule_entry *entry; ssize_t result, len; int audit_info = 0; + int i; p = strsep(&rule, "\n"); len = strlen(p) + 1; @@ -1833,6 +1867,9 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); + for (i = 0; i < MAX_LSM_RULES; i++) + entry->which = ima_rules_lsm; + result = ima_parse_rule(p, entry); if (result) { ima_free_rule(entry); @@ -2158,6 +2195,8 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, "appraise_flag=check_blacklist "); if (entry->flags & IMA_PERMIT_DIRECTIO) seq_puts(m, "permit_directio "); + if (entry->which >= 0) + seq_printf(m, pt(Opt_lsm), lsm_slot_to_name(entry->which)); rcu_read_unlock(); seq_puts(m, "\n"); return 0; diff --git a/security/security.c b/security/security.c index d1ddbb857af1..9e0139b0d346 100644 --- a/security/security.c +++ b/security/security.c @@ -2728,19 +2728,42 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, * The integrity subsystem uses the same hooks as * the audit subsystem. */ -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_init(field, op, rulestr, + lsmrule); + + return 0; } -void ima_filter_rule_free(void *lsmrule) +void ima_filter_rule_free(void *lsmrule, int lsmslot) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (hp->lsmid->slot == lsmslot) { + hp->hook.audit_rule_free(lsmrule); + return; + } + } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_match(secid, field, op, + lsmrule); + + return 0; } #endif /* CONFIG_IMA_LSM_RULES */ From patchwork Mon Apr 18 14:59:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816748 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 829C9C433EF for ; Mon, 18 Apr 2022 15:37:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345284AbiDRPkD (ORCPT ); Mon, 18 Apr 2022 11:40:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345461AbiDRPj0 (ORCPT ); Mon, 18 Apr 2022 11:39:26 -0400 Received: from sonic313-14.consmr.mail.ne1.yahoo.com (sonic313-14.consmr.mail.ne1.yahoo.com [66.163.185.37]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F2BFB1E0 for ; Mon, 18 Apr 2022 08:03:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294188; bh=79dycniNE/psTMJPgnE9vt2X02zCvlolhDZ5Y1SzfAg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=YvVaG6lZs/N49z8askMRaYzreE1K28eqZJJIgb99Tht6cprp6ugN/UWy3+YfK434TOgt8uMcp5Q3J22Lqz0TBdIPzGwTB62e1OtfpkUaAf4lnFe2SgTEUcKR26D3WjAAe7KV93MJSQHxtGkgbyMW+sUV8RIBbAOx9n5srUvGS5G77XeLLLLReTWxwVMgLYvHYftELs5CL1M3VEy9bBmGxfVkam//X2e4SHYHKcrEfASK1nx0pW1Hg7kJQv7CLHPZNYvAOUkn9VpR7D0iQWhdkRfWKF1OnmVaGkSNOgbVTPh5VNgjQUbXFFfCzOnsumxPK8CmzFH0LDNlH1odF6rLSQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294188; bh=+lOKv10An49eve281wsstkGJB0oKVPkdcnSoFclbd0J=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=bL2jWqeTUACUvzLNcCPnqX1bZ8hCiOKKqQ2WSXDFmywOYoLyQ6PPVh+ldykxBGBTAM7homIt0T0DDVsys/+DSEv7FeTkXt730/TKmyII4YnftQYPWDi8tiWs2TEK9ReiLbphNEq7/8/fVyzaz1IYkcMrGx7aPI2fS2Z0J3OCy7DdjVW2qotvBNXnJG6jVbf5T6mH5sdh5ZHFbSAqiulfqKcPZPxNEJudSyLMTqAnBtAmxZuw+s53qEFQch9c9Ob68zDEkW7qOelaW035dopjYI5cihFhNg8pd/vneQhqSvldOSk6jjxBApqdri58LmA2p7J/3AgAn/NMKgbnMqJ8wQ== X-YMail-OSG: aZbeNU8VM1k3Tt5kDO1poy0mamdMLGcRqiPFESfoEbwQu7SZhmzM7BLxhG3H7l8 I53D2LX6kjnvGIrGUsdqrpKvKfMAcUW8neryWKruMzcyk8IjAimwoum8WuK4VhS6aIt_3V7B_w1R yd4C_aDkdcP2wL2FaXX16yfeFt0Ob66517WnY41TUMVDIR3geCYUEOrw60tRi278Dzt1yLmig0T8 RB0FwJhURbADE1zySAQ9iuXlmU.bITfyMJThz884nZuGvL4c.fWTfnOG4YewFmvWCLkfOQ8DAI8B mwTuuD8T0nZ35exAF5BuleT5sTNWoiNdP_YsfN9lsUPrMxDbqspmxAHXyXCnEwR6YbbCqxlmVpqP 05xIADNNaM0gzf1VmD5ubgn50wEl3eMJgPmroQ0Fydg1lcFb3NUFS2Qv5.cvlb05FjVrtdfn8jr4 UAZ7HreNjYHd1n_XLtUjtG1p5bNjOfExVz10_YRO4AYVLMtn9vG6IoyiVPxrkV4nLTwwhx7JByvN aBK5EiS5UnfxsBlIbdbO7wqZpPyapsghP3aATjgJFSIvlR3kNZcAmJUQbytCM1tELxj0OG9FeGWU VhypKI45hhfZvE3sAmD9hdgL3K8dFwYz061h4aB5o.8d4i3rHHtRfN0S5nYNstRWXL2a7AzXRmw4 vlAt16rEC4RPeabXomN.6jshK7DNimhWFSW5.CNUFgzgLs2.BNeAi6dtHjurCVLMsIalohVnlJvQ 4Pz2UIFz7cTExn33J3uTkPxGUMNS0P4p_bOWKC5ADkbgCqnWPHrpgfMtq11MhHR9gc_olabtERua zy5UJeyc0d2u.9d76Tm5iugjEL3lIHR0RmyOG4.1XEZnC.L4i9JSBBgMDhVeoqf4nysCScPH2CgJ oPXa8EOHXWlfn6Phn3mdSYvSUAOyvm3wVoxS3wAQUAUOZJWoi6Po0hSy1bsyYKyYOvgHGthnBSY2 Lv9NkojGQlM8h3OXYfU28ohC.wbFn65sjNYnbZFvdOC0.rBN_B4uBMRmmulEDbdMmGALEDee.PMB SwUQcsiNee7TVO8x48bVdgDWCLPQDnDWlIgqvc7eUzJEjBttAEEH5ChQut8qjdvSJT5YnMhaPa1W 8wYrRyXe00hOji4KToNuR4GoFD4U4rENqe_1N0El2eQyvoky.q97BIY7ibDd74kYFadEq5T4lbjF ESFJd50lDIsb6fF9CUwHH8M2p_ApzMWE2jkX_5EJjvokan3LdpZy0NWB3QA6zpzHOjNlaVX3bPP0 EalAeVXLq_OxNwFFyS4HY5XC6Mqoofcku6yQe.ekLipn7J5sLhBGIc7SBtr8xhWj7kO5bOVmuaKs 91272x1UnsxCdKzvEf3.cCTQqNfrKuBMDUFNntcHyfbC1oFfTxw5cELb70_9Kx5SQnhziJnzUQ1C yvp2Zg.Y18Y5wIGHqUGyuKzsEaL4g3ARvJMJfRyAxWceljBikWajm.70JSggIM648smqxAv4f0ZB V01uB39Z7UXPs6KR55W9RrRaxHMPAL1JDYnURQGxuzhxyRMElxoBiT5QuP8vuU1jK1PL.C7LiKzH YabeFi.J4wIF9mVwTKcNWU_T._7ZHEanWOLNDLGdrYwPebbQ0s4ro2plde7v0NmQXkXwE8gtVmHs 67kjhHSljYXXKhXQxjkRlLzDwwpkhTI5eCsaTnBWXvoHV076CiXl01pG2vGH8UT7VlOnxWMCm7IU kUSvihfIDCwkvDduQhRl374nErFlHPVGwVkqFOY5ivG4x.0WMJEfWSmg44D8NMTH8NuYQ..Jsl9O 3x6jag5ucaZ_56a.D.AOh5_.CsxSYDu2zfyjiLmYLiLl5vxv7bTw.PJXD3XhjtsTMQY4sUixTgQv MYWS6E0Tnml4Jxke3PAE.9PSlWFANH9L7rX.UnhZUeUqP7rfw3voRi6QNjmGYmMEY9rrmMNgSvcV je.zYMKNZX986O27AVB5yniuYl1VVzcL0ZtmwrOnzs3PHGchaRDERx6Ee6d97VPWACfVC_TOovto 19kVjTN4i4kGM3H7VXLtAemDhT2YdhOlaHcGYJc0EgSqXN6qPOe9QLZYFl4DvECFaEObdU7ziV_i ndUu6GdQWcA.J.Q4xATf9Voxq.oDhg9C8tsiY091eX9ilXWfJDMLepz8qVZUWDZJpZMVY9vEe9EJ i4maplZPoI9ocNenDnFEkB2LYeiX09vbKhIEzw9gqFKL8uLyWAmMuonNb9AzMEs.BUjBJ5A3Ua8m bMfQnEDwQmzBd5k_W3fIRFzeklrDB5cpBFgXAUpcG2_ImzKbci9.XwJDwWPcroeUJ3KEMLP0- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:03:08 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-b5q4c (VZM Hermes SMTP Server) with ESMTPA ID e12cdaa14792a510c07372742bad7207; Mon, 18 Apr 2022 15:03:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 06/29] LSM: Use lsmblob in security_audit_rule_match Date: Mon, 18 Apr 2022 07:59:22 -0700 Message-Id: <20220418145945.38797-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Cc: linux-audit@redhat.com Reviewed-by: John Johansen --- include/linux/security.h | 5 +++-- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/security.c | 5 +++-- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 3666eddad59a..ee5d14dac65f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1955,7 +1955,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules); void security_audit_rule_free(struct audit_lsm_rules *lsmrules); @@ -1972,7 +1972,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, +static inline int security_audit_rule_match(struct lsmblob *blob, + u32 field, u32 op, struct audit_lsm_rules *lsmrules) { return 0; diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index de75bd6ad866..15cd4fe35e9c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1337,6 +1337,7 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; + struct lsmblob blob; pid_t pid; u32 sid; @@ -1369,8 +1370,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_str) { security_current_getsecid_subj(&sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, &f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d272b5cf18a8..a9d5bfa37cb3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -468,6 +468,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; if (ctx && rule->prio <= ctx->prio) @@ -678,8 +679,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, &f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -692,15 +695,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - n->osid, f->type, f->op, + &blob, f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules)) ++result; diff --git a/security/security.c b/security/security.c index 9e0139b0d346..ced1c76a380f 100644 --- a/security/security.c +++ b/security/security.c @@ -2703,7 +2703,7 @@ void security_audit_rule_free(struct audit_lsm_rules *lsmrules) } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules) { struct security_hook_list *hp; @@ -2714,7 +2714,8 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, continue; if (lsmrules->rule[hp->lsmid->slot] == NULL) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrules->rule[hp->lsmid->slot]); if (rc) return rc; From patchwork Mon Apr 18 14:59:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816749 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5538C4332F for ; Mon, 18 Apr 2022 15:37:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345387AbiDRPkE (ORCPT ); Mon, 18 Apr 2022 11:40:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345466AbiDRPj1 (ORCPT ); Mon, 18 Apr 2022 11:39:27 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F3AABC14 for ; Mon, 18 Apr 2022 08:03:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294190; bh=4K9DoM5GdsOP9uBO1Slcbn4U+njC001nxgM9Gpo/0f8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=gOuRxdOTnRZpGR4lav0vbuqotTRxryLlZGCnbPO/40nQHEl3dNW/DWqV2Ei6iSVvrVsuTByo39JqPBT1Aeyp9p0qNjLoUvIPvOdK4PPT5L/SBE+6lZSIZkwxl0rkeVMMr0U5HlPChPQOGpBsQr4b4eyrPuuYTzW3UuXOUsWUjWOE2jXHu2VDgLrpS54VouhvcjgOyVJQa4AJ3Hmm5SPfeEf1XIM3yLYYGEVHdfdFSsoaP85RgqOgo9HqYpslceNN7xiLjwOVlbnCqd5h7x6QyYHhdk7m6dZqUKFQt/1XG9zEQXTFalUTWwaGslYQ3YJtIRnzlsWbE9WMTkA988YlDw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294190; bh=0pRjLiH9YBFGuP4x91VKvO/pIeMdTPv23xJmTeuYr5Q=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AEwAfUYYs/HVaCd4MbylUecjmGt+iGcJosK+oK9aUQtdtUWIkud+AGFdqsXrEmJatt6/fI9r56ImKq9l590xGKx49xtYXB8n7gCw/fL1wzg2zSukFj0XhnGtZEOmD9CgFjiQvjKfUO6dazn0UVlU8jL0YME701J42hCL7NyRlUjCoHGR4P0CNJmaHOwrzHQZ3QqTDa1x52rwCNLtYsjAHoN+9zNucUFj5UmSITz7b0blmmcXAhBsS3OXLPA7dvMVHrkfKqQSK+XEtkeQYkg8VH5gcCWtK1ID7wOqKnOa9tdXFPYx9NCXrodc2aLNGx9Qg2IMOEgqXxdNYqqZSA3T7g== X-YMail-OSG: 3BtJwA4VM1kFlnG2nlgE8gbwdVIKRHBg0BPpt7uHyFYLKOh9eWePRr5Hq40WvsA EW9uU23FWUn.auqdbNxbwW51VsfKXnkHrJ7T8Wt7hLioXxrl0Fe6woutfoJOZ3qZnFsQ.1OTuJHa B2n.03Vpq3lbLqHASr1SeG1Ecv_jsQF9ETAS4AfDEfmlEcqieIiNcfO7d6qXyBKA_W.YdmvsxUBa WykFzQ6ELoxXA0weOVVSYoPoyAa232cTR9YehfnJeNLHN5B4eOr6kLScw1pASyP5GCI.qqLzZS1P vC9djHPxwQ7bwKs2PTB0e3hwVg0_uiMerXyQzWe6WWTxF0V9NnaaUwjS7yOBQ4NyyMVeCwdka_wq Z2hbi7fywtSnFxieCIjvpc3V5mCWdFDmyMFOssrOmCQRdUm6hnmeNVjddtb0uWmMmOPQM1qOLcGy 9hMwg1sv0JQAppYZgtERIKZ0f_RLdr.UI_S25w7AHTQc0hTSBiL4gYJvysII3mjobvzlUjYU3xtA Rq1E2cdRupHky6wyi3hicvmLbnMFuYPYz3Z1Dx6TViy6K2cd58DbbUGQhpDCcDfT.jm1rpchT5kg wwKo6EIiB3Km9qBhqrYD4bjJnfxb6J0NymeR9sPCSmJO6fFF3HnnNC.7EOuWyt72yjBFjDnE7d3Y mejBhpGkkEIWzwx80p8jaM3ol3dtif1MfcilvWMIP7.h.0pK9xfXpimKxnmrsyVsHN5pUY_MOXcu uIZNjESHeMSXIf0vNQiK9hXbmXgYu0sL.rVWq0Gh8fL9foUuy1TzBWhkvZ9TwdhqDXNuaLjM.29o MMmLSTiECjHocn649VYNfvOTRvzGa5YhyauxRTXiqzIh0wCYVPWTgcBSG2CknGlCF4nzUyC1tWGz 51oIsB.3xAj4xjo1urzhGgeg3wmnZreiMZbqzfqxRK2P49xmI1P_YAPqGHumn.Ykmu5vyHAEno.r PNjE7oB2IlhyMCEs9pAkbwfSLCW3_eMJt2UGtLPA6l5TJgugiTYGaNmxOkY22eHS8nw7fLez__GE IQYUOBG.bv1pF94M1rScgmchgdRWIhtR0LzLZy2nM5SGmrB_y0Hhbl.WxWNwgOoISQV1fOoK7Wds oNH_016JkfaOElcs1.3YbQ_kj6iqr1zOR_Rzw2xYx7ZwdRUfhsSI5_ZliQyjG7PKPex8B.bge5G2 FcQbwQyfTIR2WLNplqF4dbjrOgkYk_5NdOmAbeYfm5hanoehjjn_skfpKT94BZp_CnWP76tp8qVh ZlBweo8uVWVvHDdY4zlzd9Ppoh.oJUkYc5nhzG1ax2aJeYP6NYSbH9buLiN03aM.txKU8j0LdaUf _OvU0ym81JRyNeFSrwkTg5if3U1E2Wwp04cvdmxIUQ9ic20XEmU7CjER2CAnKOGAqyMZgakOQK58 xy59Y6ujVnZrY4CfuxvkZX49_sVOiI9E7k95Gc1kgb6Jr8hxXwVn1P7GfbHRqgZw2a3_P8MOsIP5 Sbj2KuBEUx2umJX5MzdElw0kqIp.qFRTbc2oZ9X6l1zGUz989QprJOjmSQ3DLhHdv1obOduUI288 RHUM_iSn._dDwGfJW04OPoOApdrCzxtTPBDFmIjovqjUcxBDffrukgzTWZMDqZcUk7SGkz3FiCid leMdRc2EYjNbAvnc1YEvF9FK3Cx3sjSLbleNqIl776Du2bmYSUQSL2eeIzemPlFbCh.nDscqZ0VA krdfGH5KV41K2EYiSFPyRwJGWplgYl8jG4aY.Dbm7GCfW9eF1ianjWOwTZZP3ox8c0YolnpcIWrq TgDhPsePmdbG43c.VNHXvJM53xSQH_Bv9Tpu1s6qTVs4TYWORy9XLINUXrqPPvCJiOrsAyJ8ridZ bX8yukFAKfGP.WvXOp6loNwmbAH9UclPyO1COhNtr9pAc8XtXG3AFW732D7xJZaoB8NfRl9OGVUC OutgoDGWGUrlBrpHfubHoCJ6HKDrivkSk0Ya66oMHVbk0GT_GXn7z_b9LW9CQjWWxKeuu3u_xetb vZrgDz.6WkX5WhxLHYotC7ov.D5JT9dFuZwNgFHfH06RVnrfZPeLsoPLl5NmH5AE.ABEwuiNlwB9 0_YQxQzdeE7g8fnsYWKEip8isDy.U63skUanXAl5YqrSriI..r0V_l2JTmK9WCvZJTam_4Yqi0Yq dvTYr9UVElCTd.HcglDr4T7kmJ1nSYkvVZuDjGhExweqhDIhHUHTSAlijsXrUPCJU3MNDD2M2xG2 jj63OV1_linQM7nMeZVlZRDzk_3h.8Bq5Pwzw14_PROF8luBx0CZtInVQTgKSrO85EXoyqFhlCg- - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:03:10 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-b5q4c (VZM Hermes SMTP Server) with ESMTPA ID e12cdaa14792a510c07372742bad7207; Mon, 18 Apr 2022 15:03:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 07/29] LSM: Use lsmblob in security_kernel_act_as Date: Mon, 18 Apr 2022 07:59:23 -0700 Message-Id: <20220418145945.38797-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 9ed9232af934..610f70a99f60 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index ee5d14dac65f..68ab0add23d3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -463,7 +463,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1105,7 +1105,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid) *secid = 0; } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index e10c15f51c1f..3925d38f49f4 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -767,14 +767,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -790,6 +790,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -797,7 +798,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index ced1c76a380f..e9f1487af0e5 100644 --- a/security/security.c +++ b/security/security.c @@ -1816,9 +1816,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Mon Apr 18 14:59:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816750 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08346C433EF for ; Mon, 18 Apr 2022 15:37:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240251AbiDRPkJ (ORCPT ); Mon, 18 Apr 2022 11:40:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345473AbiDRPj1 (ORCPT ); Mon, 18 Apr 2022 11:39:27 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAF7EBE29 for ; Mon, 18 Apr 2022 08:03:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294195; bh=Gc9y9q3ea2iik19bt9Xi/CkGjNG4yOsYbl4gU0CBB+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=E4a8C+9+TeHbNmvqXIxpcFJfWq7v0/M1NIsFWwLuFwA5PA/QBMHP0BYIDcLOJdqd6fZjFJZYJlHmYQXL8KPFCTK43bqWHxsvCX/SiBiRUiAuUHRUjL256aIugAQ5+dBgut4zWO8Tk7vAI/8pqT7BCOMI0URwP2GIm+1RbpM5KpyKuzIFpErSQNqYsTdT/je29DVq9S3ckY3i98NZvzteGpIpHBg440CHN1IhsPMtfVeBdCYRCjLpZyFVCce5xY0UqbgtKYI8k+lBh4uSL/elBCaIotw4HcpI2wZ6jhqY4LtCeVDzZY/iKqeTtVlJdDVykf++vUlGoE+b+HtZ9Fz07A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294195; bh=OOYZDUjDYoi17BsUbFnJv6YALcd5oYgzumE6KYEoyIT=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=kfakZZrKm6x+V6FpJuwE90aBIvjqXDqsLL9I1xu4BT4GrvYEaTYCPw/q7NtYu7vrZ2cHUxSx67fqdeSV5Lc2MWK1yJdVGPcnQKmqmfG+P3Yx0FhtzuQUgJx4EbLQ7uNo6UmgAWdvVkQont4JwNCSDhecDP7Mv89h0F5QslSE/of8McRgknPOILt/F6VxkXqmTgr+dyJPHAmdvXJ0naikJaQUlSeiVKM+40WJglY6RUnD5pULYvHY5Tn8indAglNYVnLM2l/rwL0s/h3iRFCZ903BrNxZ8c6f7HLHqO18/SV0LezPr+Sipgbh57lcKUSJpmLdpC/whMHXMNH/xFtE0w== X-YMail-OSG: TGWlxgIVM1kOA67Ugs.oOJrv9mwi2.VdHVzrB_Fj3_v.Rsb0bcU6B2_Sylkch8I 4bZAkV2gUg7J23FdcWQ94CBByMr1tlHzUmsAPghKfFtRWwnLtsIviEWjhErnplSSuZtA5o6N3kD9 Loqo1cjV_HkB4BA0Rh2z.S2R58wa7AdykJqj_agJQhfVzBCzyL88l4syUbSVZ1v9f_Yy113ThWhU Aya.keQYdVOauyWVG_vdEUtX9lyev1_EDTt7o1eJV_gGoIACgV.6xfxO9voxtqMCai7cKjJnnSuk xPw9UuOnsvjK7m2V9J4L9I5H4jEFWKdEHT_RXbs38VMuiZ_oUz1LJ1UtAAkFFohzmp._lNPzH359 4nO4dLvfvfTpo8sxlqIgwlh4uctHu6Bo1VhRU7q58mtDFn93agY5leouBsJfono_h1npWhYNyodD B.p.kmrfSMcTbHI4b_CAK7Yj2PCBcdY4bpY8rXrmnRDgtt.Ac94OwsdaA58FyOQRMl3ZtX.FlWIC 3mY4qF6_wAOnG.DIWPfvwOYoDOYRCyyV4J1ICQ44q8FYpIjL2Vdz3DHnpKbmpHykA.5363.QqpKb Jex1uZKdR2vg8ZeWWTAuWmU2KBP1OlSM82i.Fo6XNICnHKK86F65GeE8dBssgplQd9sU7RJgUSbU qPreaZEJxfmk6n1XkJmsW2f1CtYU.1hCNGyWc_VZ70OjSf4ZWnYtFdmqAKOhSnpcZo4R708Sid1e O87N9LSgacbdi9xrnUg91NoSRe70V7wbQckPzuevJPKMcMIqshfK2aqn9YnXT..CX835JHv8_c.X gTHfM5NngTiBLvYPBUnDHgVA.BQtiGL81UNBvWWy1pBi54dDJgHwemE3cQdiArTyxgBKjulJmGbK G36RbPncZYFLY6Nro2UxLmzHzXjEXEmn_8JSaP7obXgQUqaXsYK1Y0pDTUfe5tSJo684XhXjxD9b DTq.bCXm2Xzc58yBrPmeQobGflB.WEoIqraOObfU_S_OOpyLCua.Mz95Oz_arz9dETlkBceQT4EO k.zeNggoQrY5NTrQOkP1ATJJVap5GLpmpNnRsTNmjB9PqmQUdRa4K_8zXqwSwVTTAgbM67g3k12Z sRXeAd7gOToxd3J55ktB213nyavj38iZKDwrmWMilysLUxP1TTDIltmR7zmkURI9zYSw0WgCjOVw UgWlfulDAta4x1bD47UdZs5k0GqhfrpctlEHqDdhd5A1ZxBUx1ZAUsFprG_QSlfpL9tuma.bJEiR pisJRfzHcgdkXFdBYgPZ0QI957.1R6.KUR4y.c_jHFC6VFyJwPkYmCSaT1NH7MISOU5pitz0a8ZF lwB.WyFFyaHSi70H8y8PbmKedLYJMRc.wMSDcTRn2Lnfyul8FMTPzLAl5TIu5gwueVJOpEbmRLRh .Kc55v67qwepu7kwzkeN7Aiw4b0e1n85eRXdx5Ghuej845LwD8YtO0aNuZjeHUx97GvgzFURH.bc 04qWFCYPvqI.oLBgjDrTAKn8.jHVabo.XY_.fw5xtA8UyzkD3EUvNWG9WYJC6Dc4uS8pUHh1XrTJ IcOjvYXNnen7H.BNKj3s6m7nlaJjmIBJVZK92ADPhYWL9rLYKlSY0QlTHD5BZ_SJai6F.6aUVub2 gEoPKeBdBfQAQA107iDrQVw0BdSz175_0qvtbUpezJx.i0aIN_CF8abTt04rpTyeg0TYrqewaDTR GiwwE6pAOhvJ.HVESe6_11lD1sVA.6X9sSnk_SqZlrKWXhNq0ZS9KaRMIF6B9idtGoBuOT3JECuo yrDHB6fdPNA5Ine7y.MKG5Wd24_R_NloU.8UhJpSVmlyp5A.yMdOLledTkL9dAGimHXG_hTD_EFk MN_8eJ9I4l6gtAfo4otX9Ie1BGwThdcFyevoWeuV2SKXaZ2eZ2R3PqJJotz1njuDEPBtsRfA8k.v 7xJC8sUXcMMuKxQMIrTNmdL9JoeGUEjfTloIoJ.6mBskLH55CT9YWO6aqx_mB3j5ZRU_tmWFIrBO Nb9T26ZLymPFWOYA2MTTbwKpGfhDrmsEtIOeD9UI8mWcQWObs575rbI.Wz_4capJ.ulg0OFD8iyY ECCLnWmm5Dw9P.Ckm_qBctsQJY.EjgTHHZbtKc7Zwgmkg3lBPIMFDGPi3GFg.DpD_2tDLchysthm u_JJ9HWGDRBcwcfSqcENFewp74KvaNiehfmTef9bfKQs0zYGIRf4FvvtOWrWLMypa4N2SFkLavGq ..crPBYjN2Np6zyzZfQPHLxl9GFPfmW6SDqFYkP2IJ.EbB_2Erm6pbsPVUYGfsIzucGCDfeRBMfc 5Bk3F3zgokD9WV8mI59..dVg- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:03:15 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-b5q4c (VZM Hermes SMTP Server) with ESMTPA ID e12cdaa14792a510c07372742bad7207; Mon, 18 Apr 2022 15:03:09 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v35 08/29] LSM: Use lsmblob in security_secctx_to_secid Date: Mon, 18 Apr 2022 07:59:24 -0700 Message-Id: <20220418145945.38797-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Reviewed-by: John Johansen --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 68ab0add23d3..57879f0b9f89 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -199,6 +199,27 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -529,7 +550,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1384,7 +1406,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index 3925d38f49f4..adea727744f4 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -791,14 +791,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index ac4859241e17..fc0028c9e33d 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -860,21 +860,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 498a0bf6f044..87ca3a537d1c 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -42,13 +42,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info) static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -56,6 +57,10 @@ static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 8490e46359ae..f3e2cde76919 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -880,7 +880,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -904,13 +904,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -931,7 +936,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -953,13 +958,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index e9f1487af0e5..f814a41c5d9f 100644 --- a/security/security.c +++ b/security/security.c @@ -2211,10 +2211,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2365,10 +2377,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Mon Apr 18 14:59:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816752 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B45CC433F5 for ; Mon, 18 Apr 2022 15:38:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245019AbiDRPkz (ORCPT ); Mon, 18 Apr 2022 11:40:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344147AbiDRPkc (ORCPT ); Mon, 18 Apr 2022 11:40:32 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF368122 for ; Mon, 18 Apr 2022 08:04:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294286; bh=VpP2hMspUDTZOC44Pn2gznN8CZnccBSv5oPb5zsRzdY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=AIxcu/1ULZbCxBEhz19t0zDMizjS2vAxmsM3aIF0Cn3TdGWeGQ4rWmvg5DfcficirUWsNX0pmI9zo3KHvgbtCLtTjRZLJoB0oKlyp3avyfnefHUZ/f2HvhllVbtf19T5dFHfEbMJx3qCOX6VvC0RE2t4KcGwDWPcqFkgTb1fUY0dy/mDwRZ4/nPcFDHGPF5I2llCrpz5UAyBiDklu+ONS0Jim02CQ/MXPGDlvi8rYKH1qer5/ZyWLDRoR29KbdYtEh5Y9R+6qwnT1ql2xsMDedyXBFC9fPTPKq9BvBiwK8Uv0zY2WSd7Y9BAuRn4iHRFn2a0n4NzGdxhUMVE+hn60A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294286; bh=f7XuLINAji/LqXhXrhy7TUb7qAMZAzSUiEfbtmLNJ7V=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=psP3HeN7QRp+8Ucpb7xEZLlzPe5rdadFClwAtAVBPuvx7zl/U/676rCQa9S6iwP5f9oiBcUJBvp4X8gAfwW+eq4qLKEeCNoZpTRMgPnRSMpr3rXLrpxr9yqpdtnnMr5w8gNSXfxtV96P3a4+OQJhingTGNuiQAdhyrBDXtrTqe7j9igPF6Oxj6h5B2uXVme45huGAkBbVTMbbdl2D0CCWoJPro3T7lKc/O4/oHdKeazHxCOjQUiFFTjOXO/k81W7b5fFnoX/R43Dsvr2zfdFQTDIx0KjajU6Ey/KJ44u/lHRGiRjTQr8v2uZMEKP/y8W7x4gr1bbo/dSLh+vFOia1g== X-YMail-OSG: MNxgzA8VM1kxaOtRIcyqbFWfZKPiAC3mlRJ1dHn7EeFtdyw3fAe2PlplrM.nE6Z LlKDS2exOMQQ1roZ816UmM6ujHD2cV9vMAUaDCox4W3tKLeSAh6FHXOMZpcGUzGxOKSvxcngMNY_ aHgMZ6nevDz67TVHucaEM4sgIN3ebKA1Nb2sU.2IPKS2xh3VupL95Q8_3piV9zcs0KzUAeBcU8wi PsKZ__HgceCGlbBbNNa.7MGpZhly4WL2FJl_OTCSLwMiY7rqQNKrWrkMUiwBEY82OZFPb7cSw8jX 3__UItNHHcpGjLWzUKtlzVg.O5MA68uQ0fwAeGrzzIY2ypx6B4edT6mgpcNI2cW8pXoQR7JpOOeq qbLWXA1XJCmzoPr_dzOc_II3AE1FxCzoDtbf2XV9Yg6LBBvBs1l2zwV9NK_W3od.pPayqMFZDPC0 _vWPrQP14Ivy3NXSeitqrI3G4qUiZNcydvE1uFtYa_giEqNP1LjBmo_cJiT6fT.J0sY2dlb2WG7O Gd4Jl6n7SwjpaOpq4yLhHYgOmJ2UbcRFdyN0zhgOzieIzuRre8Ucaw6JcwkJnbHltPJUlctzmN0S PAK.MJ7ceEJsfHARUKdJqJ1dsScMS3v3yz__TNO4a05h1jLkSEuvYyiwmLWAQyANUQsEbeuvwT.N 5T26TkF_4daijoVDKe3XTemJftEGujIe.zxqyPU8vOyboNktMWuFNuJR5CQQhd8A.QGdfbIN8D8q NT5Gzh.0WPbI8BZfUrDB1PfkRXrAGvi0_b_Cw46I7YEk5PKSSTZ2N_Sw7mPs.IWc90jb7zQXZ3W7 2UBdtsxljASF18tND9O_mItD2QFUiYMVaTPOhnvAnvVd3kXekJCS5G7YLIBaIQlsvW5lgx1W3ks. irMUStu5Q5CdpA846OBta4mdROkXgIeXVi1uMnDfFNeoynhF9HmsDNyiB5u3hsA8ptClkRvScikg OjcvT9B7pRiC.eyE.smbqUjxK5HM9vhluerXGPJn_D.d.RdV9iamDemqFIFLuMjgxWaXmZbAJ23F uYudLJ99xKa_pODzvvQKQhVQ4MJmrDE2H15fdUBJY0W4Cw8nZF2B0kUwiEz6ggh0hCZRT9ohpL_S xrDVs0eHdLbjIeZh7TlXkgCJ5hVfT4bmcsSbvQQvxA13EA8xJrVXG3_EOA3._6clveeoPvpQj6Kf m.lEKMA7xQrI5THetkBmCNZFrUtZrHKQNwYOG9krKa020FTmucwkv278xptlf2z9VWpfN_SOwPpH exF1AngBSY8ri0i5q3P_L0XUg_vQK4vkFKtikVkYbCjBuQSTNwgIfxyP0CQvALdsrtEdFDrXf_JU WVSzhJ1ZKSdgLeiVCYFIQ3xuNj.zKWx3PAze.if1kaJfzcyo7sE2MnZ9p6Evt8qy.ZDPG3Dhh_hK eaAU52Ikc8vstRwfW1Mu5BIEshzPpEaRRqVE_lGbUubQPQ_s4cDb1ah_yQsPR_fJFY_B01oOj9WH IB.KNokGFbDGKErbeJzS0Is29cIfvXUxiaE.7Eh0wyvs0x.RZsA1FGLTxfe0OYJP0TrwMPvtPiPz gshBHYA15Aanicu_4RRu2mXX4nUtrJNpOw9DAVd_1B2zLg0E9wnNaLR7dCVTZd9Z6z1ySyqC3NmB 7tKzAJMEOJDT6XmTKySpMzmF09grlLawzkg2JrLROBRLYFPDo.vF6C416jKquj4mCNW616mB9ThT UfyHgZdRPhTW01Gqc2uWE2PSAsNRAqcbrizF1xEdZ2JJ1C0SS7qeQ6eNL_CFLoCKLxfSk5r8WEsS umjRaZufgrmofHX2KT0fjYtp2GMGPHv8Vssd_4Loz0LtnfK9WBEjFYnp2g6CGG5rI5Nb4qDTVklG xEzTkVGKxLJFrWtiMhFdO_56VG7f2TliEf._9N.ZoU9PXYYXV21od7bjR2JaQH5Elx3mOFEUX8TT LgZEG1WdbmXZAKD_FXO2D0UFzP.5OVG2XkC3efqVTiZz5w8ygW7n.3LfswEAYa7MiWu__5JYRFBm QfDI5wAOnHTBLj4DQx0r6yuX6n4aNLsHSKs.P2t7Hi7KROgVQbyZvBhx4DEpFaaUVYx8R9xBAvEA xncyLEt7aF1xhwDvrsS_ENuA0y28Edf1eUddVhIft0queBXzw5hQS5Gzc9J6Cm5FACCXsS_3SGmD oxxpsJPUJvYU8NFVQmttXUBFCw6x_vNmKK6IhLUewhXxK_KU5b4hflru5T5rx7QmPVX9j2PXThKY LktkjJw1m76JepmoAGP5OAG9_1imH1We83rGvHpvHn_Ml_mEiZaBsikhw_N7yZAK4rf2biOEGuYq XDnq0cKPRSz783eNzMVQGOuCW.kvDUGDzyBq0F9lFYMPbVQRsuJmoYK2c0iK7hADpgU4eNXNU23p FdLgskcy2 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:04:46 +0000 Received: by hermes--canary-production-gq1-665697845d-ftzwk (VZM Hermes SMTP Server) with ESMTPA ID e42a5033a868ecfd55a4e02ebf801990; Mon, 18 Apr 2022 15:04:43 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v35 09/29] LSM: Use lsmblob in security_secid_to_secctx Date: Mon, 18 Apr 2022 07:59:25 -0700 Message-Id: <20220418145945.38797-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 21 +++++++++++++++-- kernel/auditsc.c | 27 ++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 123 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 8351c5638880..381a4fddd4a5 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2981,10 +2981,20 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; security_cred_getsecid(proc->cred, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index 57879f0b9f89..6ce44b9ae464 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -549,7 +549,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1399,7 +1399,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index 7690c29d4ee4..2acf95cf9895 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1464,7 +1464,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2170,12 +2179,20 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_current_getsecid_subj(&sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); + if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index a9d5bfa37cb3..10b9dc253555 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -679,6 +679,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -695,6 +702,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -1118,6 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1127,7 +1142,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1418,8 +1434,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx(osid, &ctx, &len)) { + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1585,9 +1603,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 445a9ecaefa1..933a8f94f93a 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 1ea2ad732d57..a28e275981d4 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -347,8 +347,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -656,8 +661,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3e1afd10a9b6..bba3a66f5636 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -178,8 +178,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a364f8e5e698..6269fe122345 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f3e2cde76919..0a99663e6edb 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -493,8 +499,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -536,6 +547,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -553,8 +565,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1080,6 +1097,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1134,7 +1152,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index f814a41c5d9f..6e6e44213d80 100644 --- a/security/security.c +++ b/security/security.c @@ -2192,17 +2192,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Mon Apr 18 14:59:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816780 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D01BC4321E for ; Mon, 18 Apr 2022 15:38:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344578AbiDRPkz (ORCPT ); Mon, 18 Apr 2022 11:40:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236386AbiDRPkc (ORCPT ); Mon, 18 Apr 2022 11:40:32 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEFCD108 for ; Mon, 18 Apr 2022 08:04:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294286; bh=FxMOPietULejA91xLFMdB5OOrsn00dr6TKgqrlqPo38=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=J/Hwp71dX42DIwJeGjm71xiV2GJx+EYuuZokmV1KZ/cz8b0RuhL7us9s3kfnFRY2HIRWLoayfSwXnAf9I+/pmDe0JmNsJKROJ/ux+yOPCNK3kW3MPhuqtzijMmWyY4LwzpPW0xFL9tIywlkkJBwwldixP7bWwn2W3pdsZ2WCjXr+oTV+x/ozjSWevU6m2R2gedd1j7FlZL8nzS2zl+h05eqNw1LlFXhnjfFsSqfKjNxoA1unpV7SnrmgTyEL3d3Q3xUr2UutWH2pK4a4t8TCmjySSPxDwFrrBRo7U6FTfCzgYiwVW//wsmwgJJyuzoJKDvXzTqKOw269pWUc8vPnfg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294286; bh=9yIk+Qm6BIIHAxJFwk5rLSDGMqmmAKGk42vjiaaAjJv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ccOet5KytRjf5aIYZu/EKN8IniWGF2UKKuC2vPn8eZgaZP+iAkrqklZ2bH+xCA7FRGG+As+OheKJ3vdHfiPmgCCdEGyq97bHndPjY5HoaXR3+2wEo0Eiki30z0MhiVu1ojCzA0pQegnt67VnqcHp7oTQseQDDmyjnaNZqnaCxHWIROrWKEIPpqTlJP+uUhjWNg2Qk+KXvcEzJrrKhiY1nQpanBV58lEGhJ5eLrep89fUWW87PR3ZcGyzzuIqXoTPrE3YEtky8s4Q8w57gW8GKvHJee2GYOjye+SHuxeapZbmMivSI0JuURGZAgD2C6FwoBnantPXFsYkjsNsuMbBUQ== X-YMail-OSG: ORks0DwVM1nKwA4xRD1Z3FuPluCcCMu1rKKOSz3onlb.tqJrC57EqCF3rRekn91 iwhp7ylJ4bTCq2J5IvYaFf.RO83gWT8Xa0CH22Hp0I1UUnBlq.mzShqlViEmqSwYFUikBNWWr3BK NQcEwhGmS69LzUau3nsZxo6zBhGmBXgcpvk6Mg_fEmBVF6I0v2X0Am1dIJm6nUm3DbarjOOObtyo SwK7AogxgnlaaMylS78xjb3GhlLIRG_l5_cDJaxXADG46EXoykcTLXEaNvkr1R03obxCobjfS5aq LTvFaHk.qy_DW79IGqDZYXWmXJQxeJmluRa8YiGKMj9XUHIPOf3lAwVBTyQo0xq.iAIOhoTWMgK5 MmJI0OGen6Aa9qgg8tahn4pKU4_KjD._IUJFEVBRYAvn5HQ728a13OsT4NPlHsl7bgC9nHf1XctS a6s03tzUWGIwTUwbVqkmIxo9rJ3xRUyvvV8vQAeiPWa63IHf_EK0Eam8qZA8rvaEkfc5I4yPON8Q IYpdre.uk6WepXOZXeQbVe.9qF.St9Rhhpp.g.Ub1iUhShq_vQsOG_E4UoivyFRvLvorOu4LiaKr 8QMWYjKRK_Denyl1iYAJzOI2TP6iCw0Cje4SePW_NXiRqtvmSncvWTGriHKiW_KUuZcnjSRAoNBH C1gTH_n3u5MrT70CBbZWHl8mSpP_aWIi78oCKr9mT97PD7.KZnliqk1t1dqtzAzivHTT2k_yLZDN 0Km3wO6w57s6clewte1VLkxiyBw9zTDP5dut1cBbG0PT.uMt9p8hv21dr7a.IP9McYkSsdcqAgCX XUTbbWqvFe2lwmN8HJlJm5sooLmchAwKZgixAXGvkR7kxtl3JFfGDHiKr1z8llqRDFHJXrKvB.fP Ju1ANczR9eceuSo85k88e_xmyD8amq7lnnqlj5.PHq.Fr1MBjxT2l2lmlANGqG1Xy0laN9hW8btK 24_oUQO95z3opLAp.sgAQLbzn1U4hxbLCsu0qdFdRRlBWLd3g2iqrzMOJET8ZreRkYGEI4UnedeF BloQmUCCn67Tfz3VeEcapO1IigcD0pGr4BSF5TtFupyPUzdfo8cFYzfwsQsZfmbdZDEtoHm0BFZG svkW3p_8UosHcY5a.g1A_oaXpM70DcDL6OOCUr5uWaC6etVWUj_WqnWw0Lhg8Q7QmcXLxhYfBMgw FFASFe5JmcMwD_LqUkwHIvOxoIH9BWzIqMW5eJBhsUnnPFd2rmjVeIOtscSJNuOc4z0gSWWDBvSL yQ9E9TKkLH7YvXkqzjeBCH.BlqJNTQ2zisyrzbkgTkkMctZ0r9yY2cz6Hyjmc1RR_mIc6K5WgWe5 0HcA2wVB1TlEuR53k9l7M8nyuezylEJ_W2Ry9kCZZGbCJ.znj7MFuza3enQGqo3Iy_BNln7QLpQ6 qa4ExdGhFMF2KlVSokCzxVtk.zrcXsmZt5SV8ztBM6PzytHOYJ8a7XoseGWnD1IhqrbmUVpT_Lzs v7Sm_9inZqnVT5roD7suhPa7wjZcgCxGgN1uVMWVa3VA_e9NkMGwYNMSVyIBaBB6pKWafUgKC..v wCMLr4Vs7FMCx13mIVaTxm6rvf0kfX_uE9AxWaeFiOnEDfCgY7zqG3q26xcP0UTedmCRV32omzyr Bcqj_C8KAcfNygcfrJJTrozA4tDGX3LveiMWZlp2mX5kheGbX6MCI3kpVgOqNG2NLF0zHXv0gT.f Po5gIiUdt9jLxC2wBVwnPqeAQVBhlFTi3XIwR92eXBySUKqlrx2c6GH5hHMt.sC7_pZ5ME4CBcjS PfxQ5GimEWos7x23N95Vk3OKmyWuOv.5HyrKLiH6OzfVCZ9_vjDm1RM.oFmhLRFiu8QSNzSf1eNU HymuuWy.YICbFmUD6GIgNth_fiuensJbtJNQB51emh..MHP.RLfHb0jnk0j3hQbtbE3E_s81XXs4 ZRb3ohyXgkr5X7Si_XB_JcHUyaVZgfOU7mWL3Vn2oJGj06_K1AUOfBQL4SSCleQik5s1vl1_HdGx RdpNXNYRUR9lnogWvE5QqM4d2xAKvOgBW2Rs4So2Rh4BYLrxTy0nQFxAVWkJmL_ws9S8MyqykwzW xfToWHrwsWxjyBrEesK3TOHW392PFKBN4b1SWWP2KwK2IdpUGrmpamKCrMv5ITByMh2cDvurWy1G dN20..KMgo_CUHegp6fChKnfR0AswTUkoD21MI_kji5OTTtIJ9mZg1xpHrGmNfHmJwQzn0Y6xedp pXhewZy4gs0BjZNPHzFkozE_f0lRVOIeOFx7EChbfb_66CFJAtXVc.ozoU2wC.2LKJN7FTyCMNsO Vryltb9KK0f4pG4b8O5yi2ORxE00zar3YpZAR6BiqwHA_BZrCJUgJ08RVqw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:04:46 +0000 Received: by hermes--canary-production-gq1-665697845d-ftzwk (VZM Hermes SMTP Server) with ESMTPA ID e42a5033a868ecfd55a4e02ebf801990; Mon, 18 Apr 2022 15:04:45 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 10/29] LSM: Use lsmblob in security_ipc_getsecid Date: Mon, 18 Apr 2022 07:59:26 -0700 Message-Id: <20220418145945.38797-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6ce44b9ae464..4cfeb5eb29fc 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -520,7 +520,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1277,9 +1277,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 10b9dc253555..d125dba69a76 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2662,12 +2662,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index 6e6e44213d80..131c851dd681 100644 --- a/security/security.c +++ b/security/security.c @@ -2012,10 +2012,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Mon Apr 18 14:59:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816751 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0645C433EF for ; Mon, 18 Apr 2022 15:38:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241699AbiDRPky (ORCPT ); Mon, 18 Apr 2022 11:40:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345296AbiDRPkl (ORCPT ); Mon, 18 Apr 2022 11:40:41 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39C2AB83 for ; Mon, 18 Apr 2022 08:04:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294291; bh=Dh2hcBFef4zC8mct1EoGkvlyiCusynlUt+FK0YzVoww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=T+DAH57Lnjq0aLc5+M3w5azbKqgoKXLmBXHEYQR0UjYIhaafQRxUN/6uZFQ4HYRUTL63ur3l4ClCw/GBy0X7zJRzfmXP1R2Ef1RAM+SM4FT1vnve4VXK5GCAfPOyOV3UVJNzZ/wID9EErp7IIBjDbleIYQa6hz2CBtPVUY8fm0XbM7+M6etzMDrCX/lJn8T3xVDuGIdJHtSEbI/pF+yDk6T4AvXQglS1VE134rCgxB9faNFFRCOb4x/qBZF1V1NWMVJPHNpcxdGia7qp7FCUkEIbObiRZchQiqML6VbfDuFYRuGnBKQVpti4y0zKA/m9rzJ56M35oHlJyaQpfNUblg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294291; bh=u2xUolzfugATPY2AVCc9fSUA04euOGWv2y/ahxsYQu4=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=daiIK5KwsYxU4V2FaWdGV1AUCKFY7Oo3sWSV1ONJIbE1Mat6U8kEuVhIZpAJ0ayiJ/JesEWAtItusRxjvsVTi24YHWBdW0vNj+syDR9EdOPw+9qAh4egR8hodywbQ1FfjlBP4Kdro33lHGlsaBjqzi2RreiTuahdHnWKFXW/njInm68ZywIjTyGm+huT9auJv05nUYD3khA7FB+Fka7/eY0Kw6kN4BKnjNPCmT4Lo0knJwitovR9yx2Am+nG8lhsKwyfFBl7byHqPVcaGOiIiMPLggD5l/+t6NzfC+LZGRqRFBuwHPKRd6gMm43kPq6wfIVIqhnNg3watGcpMo+8XA== X-YMail-OSG: ODHBYVoVM1loiSdTPmwtl9ORPFeBFKi7weRjQ8DDqidklUfDnBQJ_kxXnzH2wao x6q4DXJx2sshgW1rQ80mTwfpbJP9Tf_E56.D1eUkqpikgv8Oa_5CxS1iYpo0v25cuWR9NAj4lmIR 9x1a3QEYBpnt2NYEh4Y2FvO0tQdxJOY.ub3bBXI_0ytnjwzRs8DbF46.rJk4SEL8w_Vd6zmdvIzV hXKlceQ27p6cjBnflm.j.BJy7v8Q1By2SC2kpTLGyoav_DH4pAsaY2ZQRpDK.Y4EoVnHuOrWScUp 3KLQBJx.e.1T4ln8bh0dViXLaxPsYU91.LlpGndUSzZhTvkyYmBqatMjeQVeYyV0fH1_580TEODN JhoWExUTdVuqI_Ide08pENYF3710O5IScEQje7uaAYoWDYEKDEpPpxa1sFdEu.oec2JuQflu6N3y yhMGCE3fvZzhOYmy5iw0au8gnyyXEVOQSLeIlz1Qt7_cRiL_dNMigk0FgNNw8WYGiyXccr7wFUmA 2D99M0aCjWrU1au29vbicvwfbVXgzWpBPZFBLL3uABQ9Wb2W5C8swx8smr2efLqimKcVHF_DR6IF 6obB_84.1.to7IyX2N81.D1zrZEFkBvIxUu.HbSRQevi6dJI0o9N2Hx9YFTaVU6i3odTnDXw8P8x NbYcWSNkJ2fSHl443glD28Zgwnj3ZNFqm8Wfs63Al.OFYD9sNeYZoSpFYzuDmJF46qfDs9nvUND. KrF.dbBNPz1Q158mbL4IVvDKTbKiwWjZ.MoLyGXluGCPKyv0InfeROc.f4tOKTH4GviYuzxI3FAf dl4v4xcnd6feWv3jbrp_M7CquUDXcjV84vGvvMwegIUGl2M8CBE3RXdCRy4f73W5TP4YkWzUPujG E0ZKdUSJWchiAfKOIyututVA.pyY0rJnTaKLRfEILaQfBgIUH.hda.xUotoXdOi11pROQ7sLiZ7V QDwUT6y_ROcV75O6GQKwhJgcu2760Lp1xgSxjnrgB2PNUm3mCxCagSW6BEPtDgM30wZVtKQvKh.G CmfDDWD3xOjc4i3tXAnKobw5qLwjEQ6WMeMfLzGcUpOo0QOeKVenq3xgz.W6BhQFl15nNDK3udx0 4KZYBdpXq65Zuc2dFFkSJ45Gxhao0Ac5jpBEMHsNGWhZxWKihBefHwvXdLdz3HnSetiN_tyZDCUr juaRxXXPS7onKxQ8sJYQjYiFJ8W0_ECOTRdBC5MQUGF1jZl.0DYaFGuhQjwdwkZAqSz5QFkevjcf SvEDz.3cf_hBVO8WWGtRTWgodv1jubpWLkbVpyYgRiPHLlToQL5rUPS4xNKXR0OsF52Y2XAC3LFl hLcE1zQsjZjK9qetTM.mb7WWmEZnzTRIFQF7_VZWbpdKY11EVOyoQrU91zHzfDebXGetyTd3kL8f V6KDaCoH.fwYZ42JtvOgpLiLgOEyh3KuRLy4VCT93npxvR.upJagJ9dWxshpSfQJO28t1XFHsOo_ epcwxrcQGExxHnZBe1rWYF51xm.o8yLN3AxNsFJK3B_mVL6EgTx_yZRR_CYUksNE5.Af3lQfiwbX mbl6dO4QqzCYJUmrNGKYZLT9KYBB5T.71fekUqfP6IUD_5F9vO4cmrTAdmUdQAqS7pxkCKcjRdNw KmM7Y.FRp7dnjIpwRBGi80R_zPRSLugU62QhpxvkeUTGc66dhn.ODZ6QG6dnPpUmvnXSE_dZ28IT _J5gmMPrVbF5vfG6r5pjqfyqz0HuiqeJdkVa5Vaa7aCUJwomZG2KJflfyEVv49UIxstDu32sKUBc Bofgqp_WepG7HAPFNsl3dHcgGdaKEDq4z.ZYexUHwqSINrhiuOevz3DneGngmf9jvD4438y2Ml37 XyQMRHL4TzT25bnqG4axec3wYZbuBMoe3YbUcD9YW1Qtl1E47LDd5Gr3yg3airvJSkKenbpd6DSk _oPz_aNR2D2hPNPaUsh1NCSZnpo.x49gAK.1LD1PoBWgZGt05WXGtq4b3Q5B7Oq8Skd3PKFLKDyE D8jChoxslH2VDZpMqEW00AZSwVF9b2YatPKPMc5SaZhpBqROCz_MmdQy3N8j020NVFevJITLLFcy Qq9ysqFpODP5NgDa5G_ga5BPOpqEuS4FkCHohSvv60u4del0rTyWFbKud8xKjKxAxv_gueSfr3On 2vAW_sAB1ablZmDVzWSalz2hkEZbvU_fG6ya7Cg2sboSAXODrplX3rKnT1HiraHTRjFIizuTpWI1 NSFbcL1qnB9P7FtZbioYrDDZpA27h_Br.VUjTV7yKV_TRcbTdnlggu9PmJwJQtihH.0Qe7j8y_iF XgRuRo76wzlgthUyfDky3Lid_4L74o3dftnpc48EzUwCVTUELX7ukMWJstlcWEboILOfRgr0rB3k utFDidHPQaqc- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:04:51 +0000 Received: by hermes--canary-production-gq1-665697845d-ftzwk (VZM Hermes SMTP Server) with ESMTPA ID e42a5033a868ecfd55a4e02ebf801990; Mon, 18 Apr 2022 15:04:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid Date: Mon, 18 Apr 2022 07:59:27 -0700 Message-Id: <20220418145945.38797-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 31 ++++++++++--- kernel/audit.c | 16 +++---- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 +++++------ net/netlabel/netlabel_unlabeled.c | 4 +- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 11 ++--- security/integrity/ima/ima_main.c | 63 ++++++++++++++++----------- security/security.c | 25 ++++++++--- 10 files changed, 117 insertions(+), 74 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 381a4fddd4a5..bae8440ffc73 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 4cfeb5eb29fc..d11dfa33c1c7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -220,6 +220,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsmblob_first - secid value for the first LSM slot + * @blob: Pointer to the data + * + * Return the secid value from the first LSM slot. + * There may not be any LSM slots. + * + * Return the value in secid[0] if there are any slots, 0 otherwise. + */ +static inline u32 lsmblob_first(const struct lsmblob *blob) +{ +#if LSMBLOB_ENTRIES > 0 + return blob->secid[0]; +#else + return 0; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -502,8 +520,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1199,14 +1217,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2acf95cf9895..2834e55844db 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = lsmblob_first(&blob); } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d125dba69a76..b7bfc934436d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2764,12 +2755,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = lsmblob_first(&blob); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2785,6 +2779,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2796,7 +2791,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = lsmblob_first(&blob); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2817,7 +2814,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = lsmblob_first(&blob); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..bbb3b6a4f0d7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + audit_info.secid = lsmblob_first(&blob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..34bb6572f33b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = lsmblob_first(&blob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 17232bbfb9f9..f9eadbf53cb6 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + return ima_match_policy(mnt_userns, inode, current_cred(), + lsmblob_first(&blob), func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 3d3f8c5c502b..3d8d9162a5e3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,14 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), + lsmblob_first(&blob), NULL, 0, + MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +439,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +449,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), lsmblob_first(&blob), + MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL, + NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,10 +490,13 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), + lsmblob_first(&blob), NULL, 0, MAY_EXEC, + BPRM_CHECK); if (ret) return ret; @@ -511,10 +517,12 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), lsmblob_first(&blob), + NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +718,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,9 +738,10 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), lsmblob_first(&blob), + NULL, 0, MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -760,7 +769,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,9 +782,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), lsmblob_first(&blob), + buf, size, MAY_READ, func); } /** @@ -900,7 +910,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,10 +933,11 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, - func_data, NULL); + lsmblob_first(&blob), 0, func, &pcr, + &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; } diff --git a/security/security.c b/security/security.c index 131c851dd681..eae5b7f3a0db 100644 --- a/security/security.c +++ b/security/security.c @@ -1922,17 +1922,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Mon Apr 18 14:59:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816782 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CCEBC43219 for ; Mon, 18 Apr 2022 15:40:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343932AbiDRPnN (ORCPT ); Mon, 18 Apr 2022 11:43:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345417AbiDRPlz (ORCPT ); Mon, 18 Apr 2022 11:41:55 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DD293B00F for ; Mon, 18 Apr 2022 08:06:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294386; bh=gZinOR0rjH0VEq8KIPKeJFg5VYryd3doxauf+XrBdSU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=gv4ejR7CGnxp1ZhTl7TFL922Ll+dWp4kBAwiMy3HN0PwORVz8GsaFI/SODB4xrSH+iCY/u3MBw85fo1doqcnPM612/7+P8/g0frcZt7gyVvN+tF4kT+T2mlWUlJ80cqXZutKEbQhdCgwfnOdiaCmQM1GyGuH/GVY8nsuOJNAhbTEYNDjndIhIKMFXSQYI7pIexZKCTunZ6AElu6XIyCXQeTMKGgKZVJyKYyCXGW2/i5eZ6BnWnlBFacQNoW4a++jBh8hNEmLC+D2JiTnc0AYfPg0tuHpEYrpnf10xPGVf4NnFZ5Zj7z500xIbxT9XBnB+BuKUY0v5H5DaCCw4WUCSA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294386; bh=t47N1Bpp+t1WV/QGXAsIPOVFA+mLJN5ccVVfK8cIium=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SsdfAJUYzGCWPKkuDAKeFfZmIfalm1qfZBEpV1rwZyB4HDe1z1vHyEmYXcgFGq4XiieTxN76oY2hPCLtiPs8XDrnef1BmrHqYyGuXtJZYOkUx3lWVtuDMB4d4aUBP84Mt3aOSnSRpOeO1TEJZAZnLiHSi9ajjennd+0NbDzYBfmYKOskS2P8WyGTVXS8W+IVl/gXUGCRcj4V6E7TArhTiLQhJTYyFDQIwICxjUN/5tBgsEdudptHJNbzp92PTcuX/M+89xlwaO+wy98LRftasMOKnY62GRMKE8QhCpb4IlsccKY0v+EprZtjXyv6JVDCmPuU1z3JfM7sooAJPtvtgw== X-YMail-OSG: 6thIsl4VM1nBpODMipQA6p1UMxqdTjaU5SBCYnMSLGCK.OgG6iQNqi8v7I9wWo_ Bjv__f43tPPytrJ2.._rp_S5obm7RYwC4zKS0kfarIdjon.pgY.l4fLiI0M_agN0OavyTQC4RvlU cHTadaw0pP63NEYUFZhaW5uNLxV4TG6vclnTt0xAxT9kQ0llAkaEExsBw26bixktjSyUO6rg5_dT GvUUnx.CQiAut50SDyW8MzcNaS0jIvsXzZzEzkxHF86zxUUyOEXVeE7CB9qyr_aLuWVL.54f.Tj9 EFatT4znne98ZXTcRwCYQhboMamPhLepj._chjdmMhxqmOTbxJJ_Enb3zpONpOvPCkorbWf6G0ZO qZpNA9vTHFL1j_H5ZARYDKO2FYPuUE2HWO6MWGDSjm52baF4MhYxzOqw_tbiAr5z6madVBILO70_ ILz0pSmPlgdxbGyV18SY1YEpgsk6YsQKUKmo55KYAT635gCbwltB.f3x3qLGQTDxbz9WrXqwKvFM sZBl37flzvuyrGYrGeL60yUP4_Z1IFz9XN.p_otoOy.i2XAJst2lCZew6KXwbxknDQ9Co6c.4ibx DgZZsL2Bbojr7AmI7YsYtsQec6QliG2t6HZDeR10Z8MpjpV97oS_07XHvtDh1SB0um.5yUKxQmLO Z6h4Dmgl4aArFP8vYc4kCFaoL._NS5s.rTpht77pN9n.pnR249NdRs.p9OiU6VXpFnYyliElsm8G W8SCWXTjFlzONF5AQ7hyo3yjXkowwTBEXE76vAk_l43yymTqoiDF2sKqvYsIhzIHJQKskWFEmiV9 ePnciJjFEsABM9RiKB.X7vHWKokZOCLCNIkcsd.5SBHJ30W0JGjaevfsEOhNWp6U..G0Ky7hCHHu Os45Lyk0XPQSAzJi7Lj6wwIbrPzBUkff3nauGoLO4jnGL6sz813aryFXpAGj0E6J3eiQuoKQiW8L xapQ2VxqIC9z46ktadhKpCfqHJwL7djQGEoPmRL8jqlmlAa.nSHinhzsmEqTPcNQC6mDHUCEh2eM RD0GyVdz737Tpn3bkG6K1IMP4X2AjmDz69JlWNsChY_2wF2WKtglP_hGGvnbmisIcxaBtBoCVtH_ EMSnMKUahhgSVKemtgGJuvNgpK2zIxbYes63H9OgbcV1KrEx.8JKBSim8nviVVHLkcVqLXXUm9.f JAYEHYwPgewuvCpN7.sYaMZL_FnpqBdbitiNT2Zbiyn4JKG26WAypLpAsYJ8PCj2URH_ZDUsWkLY XT9BhwrBvSVcHjypYqyltntamePkbUTkpIeI.FHkvilYi0U1nif.H4t9oUFz.lLpsqluAtj7vfSf mxpPGK3bmfdbnLWX9_Utl_T0Mad53FAFHTFw_gbTdbKTAI5jX3yboD346Uo7fP6bsFISQP8AUEAu BjjNBkipB9fbY6HSohbwgI0tsVBm66cjfatddf7PokXXUz187Kq.Ly7tewSu3tsFjjd9JVnQYkaV MQRyKgAZ3vxp6CqcEb9m1lVebm5PeTElUWItXmlxNG7KlvWtQjs.EBS6zkqzF4DbQ_2bPnS.XZxH pNuCCM65sGC8DC9oi7mIeM.ZByKYd7uPanduJgC0ZaOptyhNdsdB47IQ5Kn6vmMHwt79voOS0IRF xvWxxDNAVWjFrs3bIbESNmqPmkCM1wVZPiQU.4eAcfn1CHqRTSy1XCXsiVSz2kEI7SB3u06adRoE DyKiJvZDy2K.6wcBXU4EpFdvHMyov_ypAO4TlIlbMon30QvJYOVwAJ3RPIICm6JXVProRdpcO8VD HY3okKf6yVNj5VI1yWhtSzyLr3FFYbHxwk7aPR9El_LAqKfuTArGQRw3CeBSQo871fy.SkGULq5N xQSZnAcWIJWEEfS3EjLU0FPez4AaZptCXTmvLe91QJvA9x6jiT0CDdLukU4tpp14_J4BD2K7.BvF 9Xy1Ja74MUbTETMq4PwCUkr7KEHCS2spW907br7mgR0V.nkTEUkVIRToa7FaeBe7kT6WgwT5qlqO aIfXje4ENFcbvYHAnvKXJr0E8HlTF9Flv9OMWx6OAeE1mos5Vns62lD0k_372IAIRgkZGszJcuvU XKmoQpwghIyrFuGsQfMex7oXXMlKcvn4.Z0AwpUDewZvWl.4mlayv8Re.78JTHH5PyXOhp.DHeWD _pqCHpGWZAA19fXb12mHhzCvrHywrb5aenj2GH4y3E48Z5vFUhscHsUcIiUH3H_kqA4y3k6vkFYE lU1UW9wmUgIGbromTEqCXprGTScsCQt7Z5TiNEn0IcD4.AwWlQnXWSuOQSFIdsP3V9IKacz0MZki taxqvVFRn4ERAuZRsQqfUDm6RR4QGK8O7yHdIDQxwzLK5QtKwVonR.eckw797zsmRFVPS5JnKuGt FnHloLgA- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:06:26 +0000 Received: by hermes--canary-production-gq1-665697845d-srvxf (VZM Hermes SMTP Server) with ESMTPA ID facb0f2176037c185ff3b4e507d76c59; Mon, 18 Apr 2022 15:06:20 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid Date: Mon, 18 Apr 2022 07:59:28 -0700 Message-Id: <20220418145945.38797-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 7 ++++--- security/security.c | 11 +++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index d11dfa33c1c7..781b1a2374c0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -474,7 +474,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1020,9 +1020,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b7bfc934436d..fb8c4c61189d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2300,13 +2300,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = lsmblob_first(&blob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 97470354c8ae..3deedfb2775f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -624,7 +624,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -636,8 +636,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(lsmdata.secid[rule->which], + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->which); diff --git a/security/security.c b/security/security.c index eae5b7f3a0db..297a6be2e23a 100644 --- a/security/security.c +++ b/security/security.c @@ -1566,9 +1566,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Mon Apr 18 14:59:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816783 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36D63C4167B for ; Mon, 18 Apr 2022 15:40:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238895AbiDRPnP (ORCPT ); Mon, 18 Apr 2022 11:43:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345271AbiDRPlz (ORCPT ); Mon, 18 Apr 2022 11:41:55 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33C41329B7 for ; Mon, 18 Apr 2022 08:06:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294385; bh=+DjS+Z0uL4cNU4DjtqD4pPkF56b3LF6vmgGemSjTWFo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=F2CkevcxcocDQIISoTA6Z7lL979cn8L7/XXZY1aLN2JAtWbVhwuL34viSPv4P8NcqloHzJCtzqAQ6aKMIHsXpcacScn4JHAbmUKJlyN4vhXjT/h1vtc6hQlYuTrrPRdqrcIi3ANX6IPfa+QzeKdkUBWMld0ITXTBJ9gztnLvgdJh0fz9HW2iUk/9Z/ZsXAjSUWGIUdFEu1lYD83ME6Z44ryMV+CwAt1NAmftAlZH0PqcZh9A6cS/NES8BUbXqpCz4louxaPPOs1fT45D9F3iX3dVYTvQb7wB0hYNtZa1TI0B7eHrzrbVMGBO3vWUPJxMWL4ZelWCe5E5v4WvkaPfAg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294385; bh=8At39DzCrqcCa5Ki2YxsXXIodNjBWIdV1TSEdKkBL9V=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SVGm1Q/iQHsnolCEV1JgTW42IlJS9cpsM0/Xr6b3YZQH8+xncTqnbyoD2IcTGVapywshle3WyLcVXK1DHvhYaAw+Mr17/8l+5g09+jao0ta6XyxCXMHftPCR2NbMA8Lm7PsaQSYtoipZS3RnfSDvfmfDfbMFtcSsvT1p1XyFU7EKdfTFYveGa2KOAucdp1n0d2OdeqiVwGRBc1ERzuo30akG36CgHjwVmD7K4+LQm7FV6iUNitlk37lQ66Qowt4/TPNfR7307GbMxbine1sbvuAdJCz/YL0v/TEfhEIT92JiPArAm24h6HUznSNFVoF1h7TZWponF8i6P/uLlYlqdQ== X-YMail-OSG: 6cvjZi4VM1kgP9tDSYQSE3NvQuBXzYfLPoo7y.uuXQZPVn8P5.ZJwbw2xkWtmA5 nu2JanvM_6.qN3t4JXtXrEnLu_pxMV052n7Tf0PzrC5zoyUQaCxb3qvHH_57YLCoMmSHEjLluRSA VhtM5HkbQJH7vRzSxKOqFPoJlbT3CFPzOgwkIObxyrZoInKU.WvMlt9uC6BaowkP51etUBraSEpt TKULiECAdOOTcliDdWbpmxhBNaan8vfg2DmL8Mj9Mz9KLXd3dZUNBKvQxuDv9Be4UjkB3x9QEJO5 AaSiRDy4O_yLqZ0nk_yE_n.7djhND4zuteKqyKJIy_SRn8AF6UW_Gi45ZHm5RSvA05l0dQIZKkgq 2eOFfgBPAvG1T.oRN0Nb7j486avEoIJrss0b0LLaSZHgY4nXu0YyNo8ZCfQ5Brq6DmVd4r.uu74G Z6Ir5nn_2xXG7EBw1RqlQ003u6ekYdd_m7TFY_nCOuwe.I3roWS_ZqT_s6xOEsj_JI7Z01NYdxlR uecFOTqEbSVnhUxMxeqKJ0VkICqrmrfHV56cwni9QFOC.5Q6H__xZhCEuXLNSLkGF8yFX6fmZW9Y wUNvnj55fFRTWUBhbYyT_O1cBdTRKjHK3t6E9NJ1jg.ImeDpBm_91LudMehDLMZgHHn_tKM9KNb_ yGyMn7r7bjSh6xFCoZYHh49boNTyMTDU2fY0F0f0AxpJ0wMffKe3_1y6CvdVaipuPMhA4v.hd.pk yO6NnvaARCQ6OOt8uqb59C52W4X5iYazegpRSOf7wy_t.0kW.pDdJPJ1IqOFLjFKkq4bxvOpyMZr cCBXLQKt6hneSPaT99fxbx4JHGj995UWjdW7MbSmyfyp5BRveTV66C9.j8Zldtr9bry7kLCv8e8V ZnL8UUWeqxTvepzlFal5HcSSFRrrpLvjwUXFPnfejp.AT_KBWSgnxmjfIYnpkD31smFjARZYeQxk _nXWlgi1VJ2K9EhUxk3_tkIA3WuaaUZR.Uj1CzlyFKhW8FbPenAyEAq0XppfN1oxb4wFFfMwbfR1 m_SKASuomRMzw5kmBfMWvEoLDnosIC_W9.KeqAqGFMQM3m1tnSuo1cmFmQkj.rqqrFUyCLAw4Up3 zgnowaw94fvh.i8gKY2ClMtSy75T2dGBLxd.yFUY6vHsfd.DJL_c1CCbzMt32c1wOXQOxTB0ljOs YtMLwjdJ3gp0V27JiajxDEcjRMDsNzXbEGHC9mWKbGVDSqLIRLmpKMramWmUWkWlAsR2tdzHfjsI _57NiSwlVD5ZgwP5Yu9P_Qkvi4sAC9KdWoNe11OFk.KbV8yGe.4_E6A03FJpog3.hs2ZUaIgehC9 dL2MX3YhdWsp9gbFAezWGSD4Em3dqrUdT9c4K3wmTNaATmgsK5sA4UffaKy0WCX818PWkgVDGEvI EQ7Xmed9g1qoMCqFzFgMevOC24Vpao9taFTCNpLCjaW9X6ndq.mAgc3UZ.PXUidg6fwD7xsdSivx JJPlOX7YnvWkqxETDmeETEubX_YPFILPWQ2Jamltr3DEMTG29qomVaMNJ.YiEpIbxXHx_XzD9EWn c6DY7.0Xchm3Fzec1N76g5ND_Nu2882wsa2EDAOuEkLMi83x3g92oMMfQiPhDB3UVYm0qbUn9Riq DaShhF_aKfXs7qF_vtssNCUOLVn3LCY8.Hoxg7kxvBB3e7e2xziBzt.ikRkn_OQvIR_nkopP2PcX mDDN4AB2ez_rD.KbGI8DljB6NReROUC1z7AxwBDIVofSQdTCdxz4A.NYTDrRRxk5uNa89XscwI0v RBbZNzyoJkA89ZlJS7wwKgYNS5mDUe7Kfnf1jzqckN16ZBKF0dVfp_KbVhq_o4i0SQXM6BToqJLK 1eJdoV2FzNncMT0wzzj0aGWQJ3si4u6pb4kuS5ptIWlmcRxvP6ywdaYaDRI08DTqbjD_7VUWo8HV 6qIu2b.CHdSePDRdlp0ogUfXF.SUlKSZZ5bJdYuFkf.Wn5EMnBLy9egeYcHoYhnisc6QrGOlJaF3 F5SPu5v95EWGofyP6Z0Siw9SYzmOtHfILR5XjCJnn7jXyrkRXZ1nsqQ6T05jB46sPmL6CMBYPo52 0u_wvWwHn3NwPr2emtoRNj7M3yXVH9pB2pUDzLLT8iva.U_YnquGctpBZIgDFwZ30WgjJKBLKP2f cS4eBQ10WVtybwdnzG.oUZHOhILgiyvpAZSLGjsM1cM6MjZPhM1qPMjnPQOEXnROlIRS2Y2FOEEd 76UNDqlHXwoMQrcwTYK3h7qHcJoFfcxA0_tUW3xceUmHSYBVYckx67esmGTko6XU6kWrIEP7fECJ Hxnli82worcDckPoh0b4RbYGLaDZXMUWyVx8RAb8LPtLAeKHb6IfnljAXGG8nYhzIKxbKNtZSEQp O9dvv5Vxu X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:06:25 +0000 Received: by hermes--canary-production-gq1-665697845d-srvxf (VZM Hermes SMTP Server) with ESMTPA ID facb0f2176037c185ff3b4e507d76c59; Mon, 18 Apr 2022 15:06:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Date: Mon, 18 Apr 2022 07:59:29 -0700 Message-Id: <20220418145945.38797-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Reported-by: kernel test robot Reported-by: kernel test robot Reported-by: kernel test robot --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 5 +++-- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 7 files changed, 38 insertions(+), 60 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bae8440ffc73..26838061defb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 781b1a2374c0..fa413a5a2ccb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,7 +501,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1141,7 +1141,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { *secid = 0; } diff --git a/kernel/audit.c b/kernel/audit.c index 2834e55844db..2b670ac129be 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fb8c4c61189d..52ea8da8462f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1814,7 +1813,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1823,7 +1822,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2759,15 +2758,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2783,7 +2779,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2795,9 +2790,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2818,9 +2811,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 3d8d9162a5e3..b9ef0f493041 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -489,7 +489,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -500,9 +499,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 297a6be2e23a..2ad0d4eb24b3 100644 --- a/security/security.c +++ b/security/security.c @@ -1816,10 +1816,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Mon Apr 18 14:59:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816781 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7567C433EF for ; Mon, 18 Apr 2022 15:40:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345216AbiDRPm1 (ORCPT ); Mon, 18 Apr 2022 11:42:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345438AbiDRPl4 (ORCPT ); Mon, 18 Apr 2022 11:41:56 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B97A33A35 for ; Mon, 18 Apr 2022 08:06:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294386; bh=xPF7DEG1xCo7psfNlZ5noEInP4YPXTc1c8CoK+lx30I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=SBlj7Zjx6APKvMDqrIWay0nsWcew587qvpfcHj3MxdYWc0QJ1wg4yOALfhRi005XzozxLRLdxdvyOflqnnuVXlNb15nX1LdkYg4QaNO0k6KYs33KylRtdchh6M483RRBZ+glszb5IbSmEeSj5XsNqQ1Z+BJr2eCfpAtyeAL+TGYzQqA49neSNvj9OJeujaYyF70cIZQYTtVwYBher4rodBZzveI5H36pBT4BQjm09f/I7Tjb+eAXf0K1wJp3VTsi5g5j7kwG1nPzB9MczB1Qz/8fsMDqzdvh1zr6znTdIceei4AgVpcrnvcGHbgUer3C5iGBgvFuE53tmIaWFVQfmg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294386; bh=8in36/nCWhFHelAhhchAIssIObbye3ZzpmB+K8Jcw1s=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Bk/xltaOIo0KcezJ24aW/wa9bHDZQP2Gh78Qs7D85GPcpFhETBXbjvoHVl3Y6sWxR7b3yrqY5t2TMeehNu7miSu8WSlXkJ9q5g2DtqSTtq+9FD91GsmRE3xlQlMUTYuK7oxC/gOzyb+Jb49jWbPw+nu99OUfE6lZIUGbPW2YSie0hysDuI0A/RFJvHz4Viyf6VYxX+hc4Wr3f1PL8yssHP+PX9EvSAC8z9y/iQAp/o5CU7/T0i19k+8x+fdkYcj4u5h5t7Cm+fYKuL0gRyleC5TpNBj2FewXeSEyXIUm7bIh+CUKxSb5jqU0mCK6syRDBAfxugt0TYkpDIvgMEsKKg== X-YMail-OSG: u95XZL0VM1lLwKGROLVRwuFcsBfr0PJ2KEqsKailqhWck29ZMgOsss5xBn.Ua6E kCJnPF76aG.NQEAmCENN41.Z8wJ_s9qKaQTfSo7NCrw5DKiDmofGSmqlPsFYh54kyLpMWOnFjK1i tD6_Bjk7a3eEXGdE6DouCBtqaq6MYKgd8DZgPMOP47jHVK1hSCmIcvKARQQqBqwsrxxseG9hD2nn x4UpyuBPbRQajg8rkr0Y5FUbqexQj7kkv1xB0dn0GL3wd8o43aZrKaFGVoPoiq1lFL2dXemm8FCx Rh4q0I8gNktkFTCx6QBsSIPxZkVxXUsGSRQBs.zlYchYfcDxb5rK.VOLw9ezgLw94UZfqr2n4Bhk N3ueXUqyf23PaYLFq7Unu8q3fTgp49qj26exjD.fk9r2fMAO0JtzU1sLCv.EIFwpBQiPeCp3uD3L _dP9CsaIDCCpkLX73WJq_sMWX1sxrJ1PESZ71s9lZkSCGcC1i65achFE93iloCRvd7OKIGIIMyIQ SSdgrixRrSTjMBgpDLil3MEO1mKSgSYkKlbRNNDqbqNRy0KlZw8DZh3aubDrBxCMEzmF.gEVg13y _brUEo6YgR1ZaPF_GDwnMZDs1d_4KCCrSXxyHZyzXb3qqZDd4zcKfjRKbmgItzTIT_3nTmAZLifS leuZD5GD6GI069_la9o9tcDANfhDT8bM4M1Lt1TOJYrsx.DsS7H4zDuQ4IegF_bG1ypAJVBOpd8B l4mnKk5En0TkKqoD9ELZa1E_7vbu4dLsuL7Qoy6GPVNFcNrD7_lW8leIfR.pKrrr8kzyWQV0gnc7 gHX9EI4nMObP5auUMT4KY6AIy692cyksLoPrjGRCc3gf1q6NSgC47zUFjlz50GezETiNbwclb1z6 9.xug5G1lwsG_BKmhaPqJDR0hqi7zfh.MCcB320BBVmBnYhtCY2W3c47U81Zg5_kZpzmE6IhixW5 NLTdXy9bblRONQ5gdQbJCf3f.4d5vXXt6TVqzwa_ssoXmNouIEyBYTpxZXRah5yFlcct7i0LIi_2 u5tWh9DZkkF.jwVNFx0PERx1ppeK_Nka9s6EvDzf9NnCqIbNK9X8ta.C6SDA70SBJzcUOFYcfFj8 dzd3wuCxgKXKuafrC8K04lPWzyTf0TcUwwvrgt8GkDsZ4y8I5MKUrszGPXXhwKKDsfCqbRZo1dUh xz.aPmb8vffRWb34m19x_ecM28XhGHBl9ZU6oVeaDP0SBt37100XO6oViEh5LBDhKbk1g_PUrFui gOzaIHovvXd.ew9UAnwNSOBTRU2QziFNvhuFG4PhkCOZcDBhV87UCXznFD4fLqnf0Bz5OdgbwuJc D8L6eH0YmOyENOvl9_RJvYm3wdiecQZdxbSgUoHiBrNvwd8AIbWfSbTkwqaWv_80BzyUeSdhHvrk r7AexQjFlgYrDnY2qq_9DHojba5q1bOxDsWRftkr5q.EOE5F6.UANvCuOBUH9egaiUfzDs7v_CY7 s0xRsPg_mQa4xb5j_HH_yw2_XwIbizXTlXU9be.b5v0kN9TPnMaemnG9ToYceGa.DtCbJk8DbtEi GGhzPRDg6em2dHK0JYQT5iElbMudZhXST5kZQQAnh9mEr83wNkYZ9xmOoiYIlw896Z0AbAqziaHW hN9PAkUZKrXgeEe7AQMn..PxNpUCeB0nNq8azwdp1gQqyOnTvEnmII6i8bN7Hkq..sw8H9A4u1mY QjBtywO_TFertD5PmNulcUnedkjnPZtlhL8kklPHzmfoQEvSduyWpAu17xXivsuuFL1JhOTV9I.x DXFFHZqX0i8WHbluedNxpePft5w55Ee7_SDvo5lvpfSfCndUt_AlVe0LRkRMTA4krk2GvhWdQ6IO cJreZMFmZtO.lXVA862IJs85HzrnMl9ahGREW1erLILb4F3Cra1mEpQ.4dFCLBJnVA8sSsbFzQZJ eLfkgfxSgvNvir_wsfmr1slJFd3UOUiYXuQvjSB9ztIjJGczISVdYMLaZ8AF0N.oZajxPdZt1fDj eL5ox5lh0vFkCZz6S1Ny9TAeBBF6VEhricE4O.FGVgsuNExOG6O89FOe45rD0e1Qz9flwwzG_TYk iiXuORuWxhq_vdwV8mKKUmBGPYpVgmzBRQZ6uGhRshbgM9_Wy7f_QFFpYiTMe0o5fFJr1DYXzIHw ao5kJ9RBqI283eQFwhH9BzqLYK6mJm73XsyRGJJIHNLlHYz6k1CkKboMh2OFVvWJXnoemlaUlPyk ZFBlY9NpbTorcBK6Wc6BLivUgZDdtn0rdkgNxdj.u4hwrWRC6p.hy9UKvvhSGsIjWjzUsboOJO8Z KWDTVMM1TDCFtmOHVBR1IgHPSHDo3ZigD8rSBAz87Ok__DIwowSxMrovn1kywJQabUnB8Lw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:06:26 +0000 Received: by hermes--canary-production-gq1-665697845d-srvxf (VZM Hermes SMTP Server) with ESMTPA ID facb0f2176037c185ff3b4e507d76c59; Mon, 18 Apr 2022 15:06:23 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v35 14/29] LSM: Specify which LSM to display Date: Mon, 18 Apr 2022 07:59:30 -0700 Message-Id: <20220418145945.38797-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/security.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 166 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 3 +- security/smack/smack_lsm.c | 7 + 10 files changed, 257 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..0f60005c235c --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index c1031843cc6a..f2d15348bdff 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2827,6 +2827,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/security.h b/include/linux/security.h index fa413a5a2ccb..a6574d13c6fb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -238,6 +238,23 @@ static inline u32 lsmblob_first(const struct lsmblob *blob) #endif } +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1e53fea61335..29181bc8c693 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -621,6 +621,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -632,6 +651,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index 2ad0d4eb24b3..ec4d1b3026d8 100644 --- a/security/security.c +++ b/security/security.c @@ -78,7 +78,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -672,6 +681,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -680,6 +691,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1752,14 +1772,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2191,23 +2223,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0 && rc != LSM_RET_DEFAULT(setprocattr)) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2227,15 +2346,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2246,16 +2365,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2263,7 +2381,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2404,8 +2529,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 429309d8a910..3098a6459b68 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6388,6 +6388,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETINTERFACE_LSM, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 35aac62a662e..79b480983bdc 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,8 @@ struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setinterface_lsm", + NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6e0eaecd8256..552c4d4d8fac 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3516,6 +3516,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Mon Apr 18 14:59:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816784 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A66AFC4167D for ; Mon, 18 Apr 2022 15:40:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245431AbiDRPnR (ORCPT ); Mon, 18 Apr 2022 11:43:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345633AbiDRPmw (ORCPT ); Mon, 18 Apr 2022 11:42:52 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31BDE33E1B for ; Mon, 18 Apr 2022 08:08:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294480; bh=wXGkXPOoZqXR1+vDMzUyhmy3q+IXdFsHGXXFWyw6XmU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=EwuhT9EzGIImq4liZX9W/+3fYM6DvJBCNlmQ82hgVBPr3pXmVlpAxBIHvrdyLYXV8vpLCs2AwBOfic9nbyTHqHlkL8zHfJ6utQQsArTH7Oyy7Mw9DC+TZLtDvUKUa717s3JGHsnXzQOsusRfh2As1pbLoCmEiUzzTtmLedSSiFNkqoHhz5YuuMXX9MwnpPQ2GNk+Togl68hkoOq/QhOx8XUIuKcX0j41wNa4XzEBhsxI1EKtEs3WqFrpqNGyTf+2ZFgLcKeEkzwuSNVL6Ms9CLJSDBKxjD7mUNJ8yQqLJeMgVVXkAlMHObNzvRWDfFhYbLWCzQEB+cOCH1VkoiH1BQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294480; bh=gAVTj3N4cC5riWjoqNrDl89ddH6UyK+syOskTWBRoSb=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=j09sM08yzq6fsvd6VJlQXqjSnf2k9iuEQr6niq6bk1fZ87lkiCJOTMo1CaHZvc/x73hvXZcOl/74MsE9G5Ipn4AKdpNZcYTCTTvwjW/DLmjE0yh7drdgn5PDhbokRF4sp85hwgufODWrFjuLEapVaY8PbIzHhTFkDnrNkcpVPe0wc6le5EnqeYyqgVNCta8qWrIFd3XnvKvdZbRlL65L4aEgT5Od2O+/StUUB7bu9NzVdWbruUFczLru3CCwlGjHm0y75rTd18F8N7Mjr9e9a4UkHZd6te3jhO6F5LkwhOVxCpMK3oTfqLdQUK9RJxhupD4eQSk8GA+wVpuEFnXCgA== X-YMail-OSG: 2K9cdUkVM1l9wPqyn6v5DBCr8ZY..tCsjBaYT37tJBPw6_1KcCRrqMqh1UZzDkR LHLKO5WMRkVJ0x_EowWnC.9L72brloOakb2tUmMHeghnAZOCozp2JsIYI.cnGgNtBfrAxtIf7Zm7 qkTgHChNwpmfcuqbKYhxCA8GVZA5mi1Of2mqF3CvrP4Gb1ODpKKDvT0YCil5yAB6Pqxoud2QM9sx 54ZX9ccDGaheedrvHU4ReCqD95NmeEZPB5giZfacnVBbMsppCGZwIsuN_Yak_jtnRnBAffWbYCQO GLJw0cX7.x2BZUPivclKeeNji3OSJBFtOWkR1cUVMYyWlDewQ0deLZTRDKg8ATj98n7aDeuYDW_x w_lDNQKrM26TeGzhJdmTTl0BIVuveXopNXffpijZMwamzwHHV_ymEXm3mn4.4havK5gkHhHgN5t2 6f90wETBNP6vVlU32FSdkdg.ltrLo.ufs.UYoknXrkS8iNaDwm51orQvSdoPHfkDFpYTuB.ODwDz beVHBjhiVShC.9Z2mLsol0N2EE81Qtg1y26j.JHKwtOBV863vpNtiRstiFYtJ0eknpiAtsuojLX4 7W8VXy0z3tNp9XH7xc62B1BluBlFq20HGw7g5AH2fjd3X6KPLoQL2IhSHxDGiazDOkmNC7K8tQI4 eg0MOUCb.HQuyXwCDbsUfoLEyKpUnt9bEQPJVJdlzNWBErjPRtEIDP5eiAFdY3gunQ84zGes0WcI FHHISkwAkQkcMak4mSBfD.1E8jasAqnPNpoEvD8W4wBUh_pSvpr.7c4SZ3u5e0Kjb.34FVz5679r ztPgi9u6kJXkyr9xqVzWaw_VLbBKsX_lOWTxhazsCZb6h.Syw2OOcIEvCY.bLucc6AJCfl8vFHYH 9N7RhWEGeCXGoW9Natb.e_3JvZcs1i3xEavuJX7RhEBPusGapsoDwysi4qvQ4WAzvbOBdswdF9b_ HRWaTEq5gzru4okTvHpp1l9barXQ3ib7kF2tLoS0jA6HUPuygX647BL.8jyMa0HN1OPDSWxgOOQv hgHczEGoO8P96tgqjJR9.rQJr83pOBxXt_CcT8zubBnJDbBD.0FWAU4J6Fe9Ivtz6hUdVeBRCq5n zXj0.t0IzGm8hZd4ezvaRkfCgwxSIkXEFx4FN36HVmV7ZKi3UU4Pmhs32HMiSz4M5Km7NMhAFSQO IL1qpGFGwnSukwIONACVTH3xiqfAK449ThOFn7ZyIYNa4gbKvqvbqhOT_t6OphESrgSCTKiiOVVo lFaVl494rZvYNSmzgfNWbuOqjpImXIvLwZqVbUOjzlvxOjuTYORJj32ujbdBTf8ndk7zKBWCZ5jW 144QssT4GFX1ednChTOzsCOFQ94uwbHEuD1Jz0STJyvEIAJh6AwHVheVVjCh7fP_iQZFEyhJu9Dk ZDnStehGtuRrMaQpJ95hc5sQ.cDCR2Prmj7iNUIEL5WCsEZLL3vRTAkJQQXQ3LcZiJUgLupQZCjX rMgin7IefWNxduuI7GsedJ3ie3fw6OMisQ6Qci8X5owl192I.rh7Uwhud7URyZZ7_O_3g4nTG_hV IhK90Rx1JV.2jTF_r6.ROzomwgTnBgAqSJ0WjoqhhJhJbxEeTvzyt9.DhwVeKfQRwj5mBZyY8tpf _mTtlqjDqQiB4VTaSX2djhWud66mqZqh_5Pn.SUxUEsBa9fQKq3nylTVkEBdiowERwapHtk05Ydp ThzzI_buccG2kPTOOh4FpI_dB57UqJ..4N5wHvhKe8KTVZivkLq6jO731QPBwYvQPQ.2YNw5YPTr rpX7VaWWMOkqMXhro5cz1wslTv3FiE1CE8r5xUKmBU9NjDEgDXsWigmnwNjnCskt0WMSlzLV1Ibb Z.sWoqvQOQNEiz8IPEpejITgiNqFF5qMJdzNww6Z9415or0sI.xPmb6dxelcn46EuqcD23WhG542 XrwEGhtdreGCHZENoH4jB6EHCyf2zQhPaJfJQXwBoFirUw4hJWM98Ovvx1oH8hwRk.9YFSZIxI.4 WnuUyFBVHwlLBNoAUv8aBxNGj3oXNM7dfWkOQ7VPioCJ2yOjxipTpNFFCqyl6n6deXRhuQrmCcQ3 JTaXS5elbMDVoNGF_c6CkunCr2_wZx46kU6aYrI9EAvA0tnlxsoSIYLMoBn90swnNfT4xTRs71RE fKFO7HTw4LbQ4iJrjeUmE0eP_BG_LzMthrMPEB7o2Gdvo9oIcUr9n833R7gfqz1ywp6U41lOjtrX wYJL7Bn4WibefV_JL5OKahuzMVtTi44nu2m4qL1z1TFSAYdf7uggUjDDEJ6Z4WtfSvsgMpaeQiUv eJLtQVaZGlolv5Lfx9W7N98IlINyi X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:08:00 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID 2afd461de5a55bc64b17c8606f02f3b8; Mon, 18 Apr 2022 15:07:57 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser Date: Mon, 18 Apr 2022 07:59:31 -0700 Message-Id: <20220418145945.38797-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 26838061defb..2125b4b795da 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2725,6 +2725,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3033,7 +3034,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3433,8 +3435,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index afec84088471..8ac30a5c05ef 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1383,12 +1383,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 16106f805ffa..dc8bdcdd2d2a 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index da92e7d2ab6a..77388b5ece56 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index a6574d13c6fb..5a681f60fd50 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -135,6 +135,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -587,7 +618,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1451,7 +1482,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 2b670ac129be..0eff57959b4e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 52ea8da8462f..1503fb281278 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index a28e275981d4..f053d7544355 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index bba3a66f5636..3b6ba86783f6 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6269fe122345..f69d5e997da2 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index bbb3b6a4f0d7..b3e3d920034d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index ec4d1b3026d8..407852be43da 100644 --- a/security/security.c +++ b/security/security.c @@ -2379,16 +2379,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Mon Apr 18 14:59:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816786 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9B82C43219 for ; Mon, 18 Apr 2022 15:40:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345150AbiDRPnS (ORCPT ); Mon, 18 Apr 2022 11:43:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345641AbiDRPmx (ORCPT ); Mon, 18 Apr 2022 11:42:53 -0400 Received: from sonic313-14.consmr.mail.ne1.yahoo.com (sonic313-14.consmr.mail.ne1.yahoo.com [66.163.185.37]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 013FB344FF for ; Mon, 18 Apr 2022 08:08:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294484; bh=Ruzjt5ghb7kFdt3goXyLm2Wp19YieM5AVmgmnmXeylI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=H/elLlPhJsZB9fHCmzqeSBYwnAC3wvozv4FZSGfN3q7dU3tpjkqPV7BMIUyVCEjAr24izFg4+8mxDDADBsbjHenPpvf4tLfWgJ8epITXTNeukcs72vYAxNKBd6CVGIZxOiqIV9tSr34gnslMyEeV7Va68qxngb61lTReVK/sPO5Tozy2EVUjJXr8N2nR8ocrSuI1o3meZS6iPWiXlBo5JDieHfNre+YZaaI8Zo+p0nSKdFZr0CvrZ8btPqqcSlyi3XE3cMrm4wOy2eg9oQyV8PA0gbDPvkjALNRbDZVXkV0woYddxGNdkgbNNJ/C97DdRoKRdncIEZXKLKy9dFaWDw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294484; bh=40ai5J5usfZofNphR2foRxSqKsIWfKc+8ZqOxWDjky1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WlE28q7wa/PsgAj/IOg5J4O+mPfF88HXnsPuPmaeZ0ai4KieFcIpMj2urwgadc9VWzzUdhXL41NZZ9B2PG7+mMsk9GQ6e5czQDOdq3Mh7N6pbGXiY2BFRnc+qSeSTucXBlxz8Wj8jF0mEGxUpOXDNnIMNICSM3VHjpJbqqPvzAbMD0GYiXXa8H29CySaS96GbVUzpdCuWJcE+gknurUR0uzrxb0EnFx4NXLU5qYSNPeb87o4Ss3BpUQGXdkhsEpqOpO44yoPoVEOWa8aKVRscyluhlnRHajSlrpjN1oMLowZ0criUBTaFy1Gio+miNg10kr/ea9qKbMTNE+LeXSTbA== X-YMail-OSG: 6X_i4HQVM1kFiKExcwXBhj03LS7x6oLW9Ocd0lJgndAsVd5BfDcleEKhMW61Hur mOy697j_EtFQq573eYli6OsZWJL6A25pq04BWUNjBFt5cCU.32zxwAmUzRoJzRtN.JqfmHqm87E9 LRCu_pxtNZ07STk1C1hQvPlv5CKx9hRVYoO9pGwynBP_dPBAhrY2cLzXS3gwy3ycZCDKSgeaP78J 9xctzaGjPBeC3oOMMSqtvX4gHcoCjO7YjwjogPwQ3OFxGCmWIEstkWZ_91ezu3e.tdw5Sg.xMXsx QjEwT8AorWVyfxh4Xp_ClnyQLJ32AG.5ZkZSiMB51IMSQdtnf42HC_CkgBT7rATfZDpRodb5QoS7 9y9awh9YSRYzzIxoIAezlbsWxKr.6vVkfIco5F4xjkJaK6zwz94ucRaLDHiQKFeQSyf95JCC_V7d 0kRYZ6YxpwaOG1xUdA50WsmZcRu0A9ns30v_HDKA3A44JW9N4lQdkjp8RZRQlRtRl2lfiy9c4jMs vChZWf3PIzlwU7GZQwFFc8ueNbUY07tXBYBYM1QIh0U5g9wINPtw5F1yM1sVhhoP4jBk0ECauG6D lEmCMHvvPaXfeYs_bzl896pEFA3cRy7YpoVoijWxOBqasEjpizS4_GZasysO9YpTrizRjnY9GwuR gVgI8pSnxTX8eR8WLGj_e6WqNUzvru4vMZwmj.LVPPLmNUEAC796jOXPCX1Syfg1bN_HvYdhECb1 EwEMAo7iw1PgZBnVuRpU2aHvg7z3zw_jWNb_P8rKBaPOiHQYJKKtfDHoOcUO5mbi8l28LOw32KaK F8PIjs1nTZJ0dWWTaHQKvokOOC7p92bT9hv9DNvmpZrK1cGy8pCaaE41ylutmbcuFs7Neuey809M XXJgIlcXDreixm74aCjKZzJHfM_ZNQ4V.P1rzKtbveb97w.MCz.L2lPkjnLCkX7.zEeApDjYFDpe .lJau1v_B_k7VpQiRqsuhGIBUxDjm1sZeHAwMcJYGDi.1T9KMWRKm2rXRYUuUt.yZ15fGw0QJ2hO KCZ_NosSZM07BMbEr9o202ngQuBwE6vlMmY.UhWZ.NjNKAkbWVlO8g3EaipEX0rIxeyQR0HLOJWZ RUpGbcBaP7ukgCredjqsGVHeZAsUf7Ai7eYHZDzbduia9rYSXay1keVaWFwxiIR_iUxiaZ6W9lHt pGuKW58iBpu9f3a8fLoISFS9Brm_20sPTlvNWmjJrEGpS_a6gE8tN9gZKV3bCdN5oBtukSqp81oP 05w_64WLukQVgix.uZvQFy2aqIwMAo.zxkh1ZdrERspw8pDEcXswNKd6.lnlhzd1JkmthsgF8sii 3SXrx1SMHv0k4zH2FFATXoChSpdCfq20T7lK00rtpqc9vObIz9YqKIzM_u.QjhIOC8RIeRrkHC3f MQTdVbUOKbrIuxhMtjrKG._jCcL75zYWD9x.NzxaFKyQ7JdUc_rJU0cMZ5UrW8ZdXdSNO9lFV6Ft s40qMVVmZicuaMcmRjKLsJRtTB4TQO49pZd16C78bDeQqtaSy_avOEM7Zgv6Uqu26qRDQCdqVaj7 bofgdBXtypYNJoVvaB8KTooNsDv4nQ7LChcjhaE.2mTHUFmFEm34mc2fXh_R2Sb1x1Ygg68yojj8 no0jcaxZafSbudo4V57MlRdv06d.dK9YINZ5a9OZnxoGxWVHceKsky_xJN_9MJIWNuH7FpH45lOR QzxljlJljyyBy4zGRS3tVfnbQdActRjPIC4ebjsFXCHgTDVcPpQKbnCQTeLEaIeAvbxbeGu_OQT8 hEVdpYINSiULwTYUAyBYBSZ.w3dWQThh9FuC5u6LA.9qDxgBLsaq9btKWE4D1GDMPBbfUNVBbSAY YN1bM1kT1OQCNVqj6UkG..TXj99n0h9T1YNUmOqVQnqnB9C71M8kk_ilz6TbmTAMeRJndP21_VHE vVr6Wqdk9r1H2zoUSMDdi2iOE0_7ac._Ujqt3wAn5wUatx2g5L7Htd_4WT_qvOeF0DLa9h6B2kJu dz3sq7_wika45dZUocgaleAV1xz5LZW5bqNvSeatimyU1dmfF4tHjJMiqM_tof8IYIQHiDRAHDBo ._WcXDXP8.8ZtatKCbaEg38DnbrkimO1es4Aqm9dyVSy2S_CpV6taDp66BGI_gawLi0zQqN0E206 SPUl8wHXH4xLqdYt8e2YT7eCaRWRThTAFj53AsAh9xGoj_d42n8Laag2is4luzkF_PH.rbD5s2dr nzdMxOhhbnU2SfmCzRSLlW__FMYGNdgBdiy7NhXBVNkkkN7jknVowWVQ02gVx_7Ejz6C34z7QKaX oHHzMFng8skKiPTF2KwRs6NvBHyWPi6QrCdrbHv9BbjPXdVvgDLFj2K9fskeibESCKEQ_aBIhHV0 cTFAH67aG X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:08:04 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID 2afd461de5a55bc64b17c8606f02f3b8; Mon, 18 Apr 2022 15:07:59 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v35 16/29] LSM: Use lsmcontext in security_secid_to_secctx Date: Mon, 18 Apr 2022 07:59:32 -0700 Message-Id: <20220418145945.38797-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() will now return the length value if the passed lsmcontext pointer is NULL. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 ++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 42 +++++++++++-------------- kernel/auditsc.c | 31 +++++++----------- net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 ++++------- net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 ++- net/netlabel/netlabel_unlabeled.c | 40 +++++++---------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 29 +++++++++++++++-- 12 files changed, 99 insertions(+), 127 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 2125b4b795da..b0b0c132a247 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2723,9 +2723,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -2985,14 +2983,14 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { /* integer overflow of extra_buffers_size */ @@ -3019,24 +3017,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -3080,7 +3076,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3435,10 +3431,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index 5a681f60fd50..945b21f6ffa4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -615,7 +615,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1470,7 +1470,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index 0eff57959b4e..a885ebdbb91e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1212,9 +1212,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1462,33 +1459,33 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); + sig_data = kmalloc(struct_size(sig_data, ctx, context.len), + GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + memcpy(sig_data->ctx, context.context, context.len); + security_release_secctx(&context); } - audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, - sig_data, struct_size(sig_data, ctx, len)); + audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, + struct_size(sig_data, ctx, context.len)); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2171,17 +2168,15 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) @@ -2189,9 +2184,8 @@ int audit_log_task_context(struct audit_buffer *ab) return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1503fb281278..802de65259d8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,9 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1134,13 +1132,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1400,7 +1397,6 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1425,17 +1421,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1595,20 +1589,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 70ca4510ea35..ad5be7707bca 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index f053d7544355..07660c7dd342 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -345,8 +345,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -354,7 +353,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -363,13 +362,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -662,15 +660,11 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct) static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK - int len, ret; + int len; struct lsmblob blob; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); - if (ret) + len = security_secid_to_secctx(&blob, NULL); + if (len <= 0) return 0; return nla_total_size(0) /* CTA_SECCTX */ diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3b6ba86783f6..36338660df3c 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index f69d5e997da2..35c3cde6bacd 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index b3e3d920034d..12e5d508bd08 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 407852be43da..91e9c8341a55 100644 --- a/security/security.c +++ b/security/security.c @@ -2343,18 +2343,41 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +/** + * security_secid_to_secctx - convert secid to secctx + * @blob: set of secids + * @cp: lsm context into which result is put + * + * Translate secid information into a secctx string. + * Return a negative value on error. + * If cp is NULL return the length of the string. + * Otherwise, return 0. + */ +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + if (cp) + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + if (!cp) { + int len; + int rc; + rc = hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + NULL, &len); + return rc ? rc : len; + } + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Mon Apr 18 14:59:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816785 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3C3DC43217 for ; Mon, 18 Apr 2022 15:40:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345271AbiDRPnT (ORCPT ); Mon, 18 Apr 2022 11:43:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345663AbiDRPmx (ORCPT ); Mon, 18 Apr 2022 11:42:53 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E4283465F for ; Mon, 18 Apr 2022 08:08:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294486; bh=At4+NxZXv0MZomzONJVkImtyKnD/GEtK+yc2Jid0QkM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=hXeK59YACZjLWOMQj803iSWV8jcVcorn7ovF6z/xi2i1hEobn31g92tJ7/0IDu5ezosJW798gTNDu/iyp396QwqskaD238H1eOkp5u0iDOG4oVmQa/zKL1xcbXcDPKqdpU5YMz15Kpz98T48k9JPWzJ1pm5RQicLDnZ3vOxs4XlPJUuir0Czg0m0p7Vu6V0wapqfCOLKuaap1fmFxj8Lq+gMu9TvEL/L4lRBhHEi9d11lslHH00OR/Fdr3t2D6ZynphvG2RLmtZ+7t45vBXtBNS0Q1AnAd9AE3GDUHpfzOv5pNVWwuSCZvt2kUgby6S6vZUP8IxsPJr8OyLDvsCCWQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294486; bh=THlOm56qqLM7jjy0oWlv79uA8dQtJmJQAV3MybDiqEI=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=S79kxUiTvDUqzeDjNxwMfzaLdUwRmz59BgUKvVzePzbTT+FC7mEmmREnhK8Yl4P75jBPR2WmWooM78cHm3tOnc8Z5VYIwI0ia0DVUpOcG8sMiMG9woAQqhhD9Zpuc/oLjNE6SMIV/mCLspltUA96nQz1uBYKn83ffKLYJhKl1nTFRngpdx8QT1uucfTzfLwAEhQNw9Q2HLi3IbtVRpIhZK7fLDntMUnwjhrbf8UoNqChnqMfqftCSvztyNdlQrBft9SthGV78/FWFo07pWVgzd99PEHz23BqE7+j9LvpSFP+615o5dGNcIuM7cAHckSqN0PMYWbyYdlmy0RmrItD1w== X-YMail-OSG: ufkWR7wVM1n7OFEt.pWhiGRlSa88oZ5wh5LJ3zGwE23j4wzdpLB34OZNa6YOms0 g..BUGMZGdpxyN8IDqWowjOuAHIM527Za2T34KZt78L4syj5seunfqtRpqjxDDg2NZnbcLScVDOv rNBCxvzlnaC6HIEI7BP9vG5UOjt7HC6jBVUYFhIk2s9dJRkIkE8HsoTfjmU5nbQaa9pTv.C8ZYP5 jLT1jcWI2e21n0hyExpXlRryUs4Khp6d6cKDZ99Kzt23lLZMs0xYwFO7l39aQNqqrV4vrt6W15gl Oqetm3Q520uG.e.7LHtJRPGqAnf8B9BYfEy05hOyxkWZ2eRZhsvcPSIxBfcT3Bi3EQcVVa9_OrAo fTvA9ZlowqqIWs4wa7Ct_i6Ru3VrdFWlTBZ.evYbvPlrMURuh6dtKUfAIRi0F_vAtCILG_beCcLN 0kpIdEvMjLpJsNlg7GOUFEOvWnnJe02SfbnHyw9wXC40oEVbZMtbj21oz24Vy8OdE1GW2YQ2VfNP lk8cqgZyUXZOcKN5vsDsV8OQG9DvqQuwf31GAGulyYM7I2.SBlDmrzEdNifiWb1bEes_OWmlpdWA k8l0jnnNrffxiY21cWa940r7z4TVWqprFGTtN2v2gHE2oJkW_3tR1CAtrr6BTZ_hKLMklNM3oYqY lRcwBykzrPMwlwNv9MrX_2p1VuVGDMaPVjci2LgDjUUlZb9AVKIkimMeMdd2RtPZcDf7sAwY.kOq EyPRg0YqkPScouJqSm0y2xta7A6gQnrLYSm4NQ7WlmodlzPoS0wILtsjEVPSQO9i6q5buxbiLrxN mnOTTxK1HauMbXimIxhn3aVzOZZErk5KBkHzOZ.Ayn8pSc2w.TpJkFR8BWZI6zE5bVlox2gHZaNZ 3OY5BR1t9C6W_uU7z91zJKTXv5l.UI.9htkQm8mBngYCSbdTB9aOv4o6ieKbWLqGVbF_tSl29xPE buDckv.R6iOhI.hjdszgIbfVmLxCPAkUlVAgYiKCSARJCfNOL2vIWqxtWLNl8GiE7o7mkjIFYS4g ctqAZX4IyrLzktTuMmMOflpMEZ5m7_22OjQBO5a0np2cnH6RjNIlQ.7JWBa.boq2xVULMZjpZXR3 bc2xRbeHDb3SXNGqOt85KgFWhBheMDXakVx6.KYTNt4C0uyLvw6eSTEDvveBKio3JlUXx.MzJ267 4z65xhkLcgtC3RST_WbQ0C1D3163qkrAVXImYumEDUnebTP2Jg2vnKNwnCWqItJ77K4Yx7N0ZTt0 zRe3I7keXi8YQNEUu7XaTCgVp0jGUJrxBzs9zS_PoylNKMNXE7pfmskPojcuywJRKdzasYs7Yudk nbMEX3TfHxlkXYH1QRcrdvo4AEUPPQC0zRbN6ZYslanvC711nhuTowdUKvs1HflqItYCuazQk271 cJMqXnYU4sXTkfw64.bApcCB9AEtZRQoxZ2XVnQhAw41Tz.2k4k3JR..TlyT5lWZL79SCe5FR5J2 fpcEZrc7vt6wApJ0A59Rs0I_nlzpJrhgJ6iW1ZO.TJ0mRN7nLjNxT53nGcZjLrdVjS2eDwhZUoLj WmhmJCV03qASl5_1l0fYHWycmwqMV9uP45CpXaTW5m2_tWU7HqDtseq3.HXSpspX531Eb_JTY8Ho fc8LaMNeJpZRo7M6IP4MzPZl5G.ZVAWMt.Akyc20.QBwI5b6yA6D7DLj7jA4bEplqRPkJ5RcfVMd SMBWtJR6iM0931NvVCcSKHLPT42RTHuwEbtulv21hKeO5vrh2KI47_urCstOmR.8QDCieUJZ8fiZ 3Sa90v4dR7VtPl7OfPK3k4EbGM.XcKZn6N1OnB3_cA3HdYa8_KqiosKBLk5Ycxv_O4WT3faLig5d YuwfagfP0sqohS9mpdbVby7KVBnyV0HGoT5KEPIKnGVP65l1_plUFKx8JvTGAXmLBzdL8PrdJbcU mjFrFNIMJE8JJoVZO5LEGjI4TaffPIOUqqTtMPtF2kdzHVSWcPYrbllg1KfL6Qn2QO8LNvdv4INx rTwMVMpwMLEHrj5YdZo2viWiQ.vMHebunv1Ikf6LVV6igII3waB6oyV5DXgb1IMonQAuzfDeFiZX 8rzbUOQ3bsiRT9FPdvNF07AUSh8nuC3up.SxJmuBMFdEm96B7Rd_WyUqr21VqMtdsyXNv7JGsVQt AbK54ChIcQ6LVAJP6BmvgG624cG6mA_CO8fs6OD378qN.Vlrj_e_wD7GZTD.HR703CxkEu7iojQG mufYvn.Gm6sfZ41gUXJhNthMG4VEzsshQohWyYOpdLRPTKqv1dcLqDFiFlHr4HJdEaJ3X4hZdqYA QZUeaCX.QByRq5_o7eJhJqHzVfkjWGuVdE6k8ghalTuubx1as492gb4tmWA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:08:06 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID 2afd461de5a55bc64b17c8606f02f3b8; Mon, 18 Apr 2022 15:08:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-nfs@vger.kernel.org Subject: [PATCH v35 17/29] LSM: Use lsmcontext in security_inode_getsecctx Date: Mon, 18 Apr 2022 07:59:33 -0700 Message-Id: <20220418145945.38797-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: Chuck Lever Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 77388b5ece56..b1505fbfb2e9 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2713,11 +2713,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2727,13 +2727,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2830,9 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2893,7 +2891,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3320,8 +3318,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3342,10 +3339,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 945b21f6ffa4..dc66f3f48456 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -622,7 +622,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1498,7 +1498,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index 91e9c8341a55..64073d807240 100644 --- a/security/security.c +++ b/security/security.c @@ -2434,9 +2434,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Mon Apr 18 14:59:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816787 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF5BDC433EF for ; Mon, 18 Apr 2022 15:41:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345572AbiDRPoN (ORCPT ); Mon, 18 Apr 2022 11:44:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345935AbiDRPnJ (ORCPT ); Mon, 18 Apr 2022 11:43:09 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2C7D6442 for ; Mon, 18 Apr 2022 08:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294577; bh=V+vPgvaKFDTnMpIdljAHcVYg6xkRL77vK84TmLoWvrc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=KBeYeg05yAoghP2TDrErLC2fTqkbQwk1LybHrGzhbZtfI62m2sH0C+i/gIaidrXwGeQpPJ84v6WEjFM/G3LaIP/lB0WEPH84YCL44tSVLhG5v/LzzXce0LKav6aYiES4miVgp48VX5mE5ur68th+7EPKCoYKHeSdbc6ZmyUpnJAjk/QhEBJeXiXyv9uOGEYyHt4paRflx/VzDeNJFT40+f87lydYQcW9EB8cJCb4n1/YnkV1Nm46S1BijFPzp/UMVMBIeihJFVEjmH4FUuc2W/eybn9eg0eurNwbk0yQes8id6yHVY56tIfqjdcTtls2FNMqo5VXt9F98sOaeT1+XA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294577; bh=gqp196CrJy8cfJBCHXNL1CY8C4RfoWezbd3JR8ZOkY/=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=arNLzkRAaiqv3jFzHv9oXoMspm5yvnMYcE1rwZJ9SDcA84H7G0U59b/DJhZO/ypGhWZnW6V0pcvXjppOEMRffMl+uc7B1ms5hsjotMor1KPtNWy3LYA3jhDUaSPMjsK0+dVhyAaVXqPGb4xlzrShC55ZAWAT1bQEuuuckzTSaSK15ngN8OJWowRoCJ3689o+sMS0PjXU0N6/g3d8QDym4c8rCI/sYIaE0J6TajDIpCXnxm4BcyE4/CFprSDuZa8XTFktpYGRSrUO6XiE5FaMczxJuKRfLaIZx4s4ersRKOHFyTyEdugphWAtRkf0h0xmnMD4O3mAeOsy7AowS1J7WA== X-YMail-OSG: 7PQfkCgVM1mXddLviGIViKMELg8ybUzTcenqgxWU8WDNdGozSKfFmQOvheD91p8 ZyDJ2_3ppQsayx0oaYbH_eSShqkMzVkg0F2vY_ocar8sxrIcb.tso4SRSETiaOR0kQhOYIB3drXf faaFQ_1WQGM56pHtNbRF1lD9GJrnaZ6ZhYlxKUsXmY5VBcomwDrw5.cuzxXR4jW2Tab0MozKWZcG ctOdOT6_atfSTmvKifAAqKdkVjvKdoPt_pAJsu659V9TntxTKImCaMr29IF3iG8wY8rNZzIXhZgP nvvp9w9e_rp3p0lrCic8KGo6DkzoaJcjfcxEBZGOcJ9bIcRkuGUiY23F_yyPHm80JpAq98CdXr72 89Q9IJ338C6nUVdAKgR37_REV.NQjOwjPbMyfydcsEWz12_7.ZdpB54RivgntK2KujavRlP_adIW xP5blOEk5mmJokOnsysdMbbwDRf07k_KxN485iVxv6M7UzfgYiKTJuai1ncFUnH6Z6XIF9PTa1aG zMANmTcRBuMdT34fkY.GtmjEROLkwU9kvV6PWdSM.f4PYRDdlM6weNHHiGxrSqeYlB7ypN6UVRSp vDFGK1GNLdeO5.l6yTfF4W1SD817K8oxRH3LvKxnS1MnIt4JOPQQE7cSr23HTfEBJkxEsJQbgcGB 4ZrGdI_.MFPvW_SoBzUIzTu8vUOkovczXhjCgSrYuQiKB7y0niNEmUHAgb4vr0CdPBlGyKfRlHU4 wi8qsLHmqKR7J6HCAORMAhcYze_d0oSSCyzFMSLDWQj52DkG3dDRu9rL5dpH8gUgdSIezmOKZXDd Lz98XOgb4lynXH3CY3kSdW_o1whfk7GcSW2TVuNbhmoOV8.jW_dgXvQmMKDFrUo.iKkL2PnQ1kQA mKXFhOx.Erjlfv_OfsecoobcwUIXc0tHWchYhGvvKE5kdOsY72hlqATZKQ3Ki5PjrhI4FetkT276 F3b0FCecc6YPJpplt09fXBP7V_t8GTYxw7cmzD7WBKhZnU2Nb1H4XJzOi4MX13bNIMaKe09MoQdd kYnavfpYUqpOVyyRoJbYFB324bQUrnFKLoo0wzC19WTLnBcbVO_ipL_k8pt3XLCKDAGYRD4TIZrz 0CiIQI4xCxjVBEOEOrfIk6XfkQqKyauhAjobDkDt_yFvMBsLy1q25B8gmy9WVDntifUo7h5H1NrJ dVlC7hdIns.Q8G0ojxKpPsce.bCecRVZHGSCfClViwgZY4r_CWFLAwfzIlI1CP_wdF2phF1Q5zMM uNxbk_RZq9ddUVS5gEI75K1_sptBGA4q3.mhdFyrkj5b0wH_zTVtf41Gn_gIkCReStCEnE6UuhHg X4nWIUbRmC3ooIKhDm9dL6VtgScQOIoVtUw0dfTP2kIyfJaKmtUAUfiOXbEa4Q..zqaNciXSmNAz eH1Z4vWekSqgeEKOeogUVSdFOUt45XCDw_WUZ5rQQvepzQEQzGFzLFgK1lTscgOuixCLGz4.21M5 afwmFuJzjqsmj3qC8cR6qQJcazRwI5WGds9oQLjv_8z2OEFR7Je24UykXy83bK2XgIjh_GFsJvTb h1bUQBh2YB80K56PTpsmrlbRESe67YoAZk2nr4bIblYu045Ct8mMBrsW8pDcNEl1GLFB13q.3HUS U.kZO9mekjOYRRlV0ZnkEoKXCqRZK48JeV3DufpVPuJ9jpaP5SCi3Rkm3ecfYosQlporFyaLxKlG N4e1zk8AzdDXvatpEsdvoX38K_k86QuYl0itPq0ri9hObyvrshGfdxzJzltYQCbs97yxsu97R1kN TIsZ6Ek2Hvigng0DkwNkMrcodnIBg8bm9u9I32D5Hh1ol_iJDxP2zCNudzetQ3sF9iCS6jrw4ZL4 bDuoW4DCRKOiLCl3UvK1ypwqeYtqXZqqCAahQI0AYGsc0Tzk7pkogUw49RcOXGW6hLkXmbT4f6Nj xjvOELMwpFy4ZPXKWof10_N_BDj3PXvQpXalAkOqoMJK_.z9CodDLqHH3tH9gc9IoahKZQl7KoGK sdO8wKq5jAUK0bpfWnmztWC.4tfS4PnU8fgKtpDvXC4A63xhOZ_CQivMONxdflwdOWZMUcicZ732 hLBJfSgVqrbtTmU0Jv0_JHW.838ZSdUopOJEbpHQu9T7nXMCucpDmTXO7fqRwN_5IwbaGFWRhCqj ohnZdnx8EnnwGYXpdRnQgG7hokMvrtoQ0DOk9BMyQBm36U8_xpzznB8JSPtNtPFcxx7wShsUISwU .TcFpW_wAIAKdQB3dy6IjB9jmAEkSjXe8hvVZK6xboBJ.tpEfbrMmFppISzbiRyUV00ymjQrFaDs 2RnFmelT_H2XbIxjVsLnxcnpdGBFCRWdlVvl969iCvWvrJg_OQICL1jAEm1jVqwixCPLw0WMg0rf UBxX7vn8- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:09:37 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-9gvrn (VZM Hermes SMTP Server) with ESMTPA ID d63a51ac54c25c4b8dfd633eacacc622; Mon, 18 Apr 2022 15:09:33 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v35 18/29] LSM: security_secid_to_secctx in netlink netfilter Date: Mon, 18 Apr 2022 07:59:34 -0700 Message-Id: <20220418145945.38797-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 35c3cde6bacd..f60a0b6240ff 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -397,12 +393,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; ktime_t tstamp; size = nlmsg_total_size(sizeof(struct nfgenmsg)) @@ -473,9 +467,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -610,7 +604,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -638,10 +633,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -649,10 +642,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Mon Apr 18 14:59:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816789 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D260AC43219 for ; Mon, 18 Apr 2022 15:41:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345627AbiDRPoO (ORCPT ); Mon, 18 Apr 2022 11:44:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345945AbiDRPnK (ORCPT ); Mon, 18 Apr 2022 11:43:10 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6E41272A for ; Mon, 18 Apr 2022 08:09:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294576; bh=jXU6EMty4Mb8Qkkf7LBLwuMTyKuMfSUNl5F/WUByJzk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=G4o9IaNnCdY03s8Gikn0iMa6OmPOL0zcaci0Uw1yzmKkL3q7fCUYWJcBJf/sP6o+6mZhQoM9VOK/ik4gpanKgsrPd2NUB/wgpN0vsl3Sl77Q4OKX+Z8cKox4bAfP7gjKu5CFcaAnnb+JXLg2kBh9N3OXqKW8+XBvMhyCbjrsB++KYvJvCVQkxyXv9qyFEU8FB1RcIY/fyQ6eE1QxDVJ5XYigZeXgRX3kZHAGQHlq237Jrj1MwtrWpRFD2jS8erVVj8ZTYuj1k5exhyAQMZYbCWlN+hHVTbQPM6DwSeLgwor5IOv8dtDsk3ZmVaBQoYXlymsc83pIXFCrn7y/wfuMdw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294576; bh=u4w1JM1W2pqAI/vp1CBCCCYaiFJs5SKvuCcQa4off+G=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AGxQmhzK8PLuAuut+hw6/vW1nqGiOYGOKrWHuUE6tyyumgu8cjEGONcRoSLXfSGbkteQjftuDGRfSkcnshkv5ih7ebJUKr5tYOS5HGECatDoc8WQY9EzY++088+bJKCUGaSAyUlosjXd/I1Ig/ldyIXniqhJ6n6dHOmycga1/ZF+1nxQ8AYec/a51gRJ7raKopWHlLvNAR2jfu4/cbO7jUtvU7daC0u12R9eoaVvqzTqVKg9rjn15YXHXDK7IrSMcIgVgh+HGySZEbgXQoJ+Q0iNvG3vx7NJTOa3iFC7/6docd/zcmmL34KJ8W6OZBMODRlcAwa5gUMX0lYkoLl9wQ== X-YMail-OSG: OnUmG.YVM1kcANe1.O_RUfiWqiw_2xIYFAsnJ1YZRwKAmrQd.Si7MopTxdfmkI. vo7xdG6BoUbm8MtX8FxBkfIxZZcGEWXNypb9jKfOf90jj2Qw2HHMgpsRjsIZi4TNqnQLdYPfsvl7 y1JPnERJn6SFT4XdpAJjPztVUeds3MRRCsp_Wf8CO1cVvD.jD.VOPiqChByum6sDbMITb_BpVARN zczeAGtuxVGbPieZNDv1NCzMHrv7nT3kVugO91rooWpUsvngOPtssR_1OiW3XMm1vuIn9gMyLEno QbP4pWR3SzGiUGOcw8JlHjaQ8zJXW8dVu_YkKfAVjRVc7yHdfwKziIF9rM0.BuPzAGf4uiLIf.OB cW4EvFLl4vh1uZr1ObYXlUkSY0Jpm_3N00s2VD3tiQS8KvVr.u8kXCR.G2Vt5u2aBm3TchWEh.UT HRqGxHOAF4XZdI9max7QOerKGETX2rejq.qL6G69l0SNPpB9zomX7ihD8kAD76_8lnA2isz_mdAq BOD66M3CZKfPOL9yBUBIPDpRXDdYPplBwjLm918VhIAG6FtaBYzs.jMoXFNrjfKROHMfnPv6hkJe 5jcR3yLKiLWTrL05ITHY9tptNKVMC3rP4G9u01k2nj1ifnXquBtb6S_D6Ps1jvIeH7SwdmI5Zxg8 JL6Gb.mYHN0MuuhhwPx3QJEh5xfpMHW.3OzgJV3tt.pEnArOT_vEzplRiliWWirZjieZq0t0nPRv .8byZJFwE6HBP1R57.31iCSv18XCWr1vgILJWLd56Nw2EekUYOLaw3c3Mjv9jxC0iFV56kBwsyLJ M6YTyuvBJ8UmkTJVOx547HtLrblpxQiCJM6lkJ3vpi1ps.1cHw22Iucifq9UCu0e0gwhof0i6cFZ MqjfA7B5vY4HhVybT2.E8EW76sY8to4m8JpIYHZAdGj.KFrnW2BXfdT2T6doA5pyu9x9NoeG_JBc O4Y2UnAOK0jKHFo_3pf9lifmTAVbKOdqx90BVNQ14k8UXlexU6DoFA7Kt_4Aerm1QC1fxv0Xf2_C 0b1LdqXUFfIHnk_SK87BNJ2ITJ_3fL2lXqu3.SOrkLmi2sGiKBrOnrqoRD.zIeZ0M0g_rh0uRBAc R6ciGw14TfdWMUqMYUwJ.oMsqKAlCCsAmVKyUMeAC8YoWbNS.0boX8in4d5cHWn4dUmgueDBj9sA oP64Cz8mgHYlBRDQExQzCwACSzy825ouid4qyV0FoOLnlbqKr3OXDIhvh2ExUTDyNIGBg2RwWx0l dyp7WReWqXUwzDddcC.A2z0JFb1y3yAh.Hjw.B1guBjQaD2beV2n5meObMHgk9JEQNgj9QZak_z6 nhu7zwVALUfYN_cPZdP51p0kVYGrKFWrWH6sfMeQ2rpQ0kaAydkEmDMDU08JI9fCKjdNbvrzkbGC qUhkAUe1Ho_rceGc9IHZxQDhT8kb0_B25mNbMnvOm0_QfzaQKJi3fE9Pamya5ZgpuPTpBfLNjKRW r9VzHyaNCIWvbYx2wYUICvBuHDiJE3SZ8e7JXRSFC53BOdn0F6xkK2lMxMJ7DjilVOcq02ZoO6pY lkxTl.m1nfzenWTmrkKIL_HRa8RjLNrEXaYspekJvcbs45OnDygXV5SSgy74nPAim3df0TvyNcp2 nOjiOvy4QKRRQyp80Qn7ltg6Owo5FKSkXo2cVkeskL3BDSNBbNWVeMQWz9MM0z7JbZmmqEX4A6fn Z7Z0_8I_QdN6VHszcwBqQmo.dCJ_29BTuzvhjLNROsOhZ5.AcQGWSC0ODCj62CzqO..QQ0MMKvLt nI9OqS9wEOKC9nrwwJfOJxuT3vV7PhVVldhMJBw0wCYv._eaOWkZhhua1p7vmwSZDCcQN_afD7pf sC7ayqY3JglLRZLogyxIZVS3hQkV6fYzpJQ_utO2gg7aKZCJ6AQQx5waBW8N97XkEZji3J4V9og4 gDhGL6mLNTQNWXGRpCqgcQGvZMgYNegnb046xecEQv8eh3jPbaH2aUhK70Dm4vGVYJ_RDR4vs0Rc Iq_BqL3SDHGXRfxmaEHuUT5tRQeAd.Noxgaii0mLI8_LcQNl58r0fJ5J6K8A34OQDjgzUPj7P_2a 3HuOBD86gC2uO095eT1QQXw2iI4XLfAOLS9frLkdtjsOiq5Ll_aTlSDKLxHXJTh97r5azBiNguuH CISKfsuZyDud8oMI.uZ4M58iMUb5yM5mHAF8n0jiCY6ethCBMvUTMJTlY3WbqVmztnuUbzvr7_pL lWU8d7It65NRtDXXTQipQWOy6.jI2zUDMdIQIQdYPWxGs9McOEaC1dmKmBu74xOevilnCdAjqC6y 7FXw- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:09:36 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-9gvrn (VZM Hermes SMTP Server) with ESMTPA ID d63a51ac54c25c4b8dfd633eacacc622; Mon, 18 Apr 2022 15:09:35 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v35 19/29] NET: Store LSM netlabel data in a lsmblob Date: Mon, 18 Apr 2022 07:59:35 -0700 Message-Id: <20220418145945.38797-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 62d5f99760aa..bb9c900da6b0 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1460,7 +1462,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1480,7 +1486,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 54c083003947..14ebe0424811 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 12e5d508bd08..910a03f15b0d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -496,13 +490,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -543,7 +532,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -561,13 +549,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -921,14 +904,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -975,11 +952,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1091,8 +1065,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1130,7 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1144,14 +1117,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1510,7 +1479,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1523,7 +1492,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3098a6459b68..653dd2e236f1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7003,7 +7003,7 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ace4bd13e808..f60cd964da62 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -73,6 +73,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 800ab4b4239e..0b8f99703462 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -109,7 +109,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 6901dc07680d..fac287237495 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3897,7 +3897,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3975,7 +3975,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index ef9d0b7b1954..ac79313ea95d 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled __initdata; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index d2186e2757be..c6dcafe18912 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -524,7 +524,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 552c4d4d8fac..2190c03ae3d0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3728,11 +3728,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4751,7 +4752,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 658eab05599e..13c2fa728054 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1143,6 +1143,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1274,10 +1275,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Mon Apr 18 14:59:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816788 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D042C43217 for ; Mon, 18 Apr 2022 15:41:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345603AbiDRPoN (ORCPT ); Mon, 18 Apr 2022 11:44:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345944AbiDRPnJ (ORCPT ); Mon, 18 Apr 2022 11:43:09 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05FDA6446 for ; Mon, 18 Apr 2022 08:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294577; bh=4/A9RMlo2VDUS+eJ3c9f9QVdqHvAgQb0ICSOChfHCEA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=A/UEjKhdKa7Fyvn5/Z2KDs//KFmWCJAvubbqPcG+G/zBCHBGhcfJPB3pXknWA3X8vX+QanDZAbX4FWVvgbJwYUkJoTe7009em1mY1omsOcoc1amS4xsap7kfAGP6uSuJ12i1tfD4/YcN4X1pufMB0DL2EX8Ptnue72WAxztyl5fbbmkjMFbCSqWYNzwrTBvOzUspWF5la2Rf/jAE/jpBwYSGEPg4yOPqrUfA0z6TqzEwC23JSMuj7CKN5Z/FgXKIwpkpUiX4VUDu1iN0gHhNARIUlWvuE8CchfBjKdl9usN0K4W0omJhi4gvTTwWYjAG5MsYbNHZ01Itdu7tPMA1rA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294577; bh=oJdMXoM1aHAN0JFEx9OPOD3AeUpsAyTED5nLyAsT5Bc=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=n3km329eHxinYLt1EXrIhO93S07FI9Qj8cxR7pQroJKhkgqATU49O+RpWKqJGIwXj5jeISfQMbKF68mMI2fTv3ors3F6z8T88T7gflhgXqQ3cu91uVzErnMuDn7xFuSdk6JXhae9QIqIHvhNdnzIxUMY+0C2QrTpAq4QiYgAJlI4DLOxQpVjI4BLo3qx7cGiJVNUHtO+20GMpOCQV2SpeGdZ/dk1uTi4mVZ6JljZTod9lzwcH8zjgAxsCJM26eqdIJp9ecTTM4d+EQpK2lop4hQIS+KEEJ3JEEcXDVpe9ozmXhCRpCdBa9p212BDaGQ9ljkhq/Y/EsatLreU8v2pKg== X-YMail-OSG: 0Grc2l4VM1mujQkL6LeEVi8A6k93WrDsKv_0lfuX_SsS._s1hQXUpw0ImYT8Z10 5UIJYHJCKyMFxbDojRW4PDe2pHcSAvigahxHOZU.ZXnv2AlK9CvEh2zjQYyLXsjWEr4snMj_HBNF GEU6g6Vf8ypUWhUWvsqDD1myZcMVHle7WxzV2qAs8oTo7EhwABHx588U_XCac1C.DohbwmQnJcTk sRg7qk7p_fEU5pnlEeNI9GhD4b0EYlhfX6CE_W0TxsqxCHw0eH2QceRdRBPdjEbcHTC_SKM_yUxa ow6iKw1T8OUAmYmGSRJB37MRlmZliQIaKqh3AJmDLKJ2NIs9m4SMGV8BaGLErbvbc1a7OlA7UwZg lT8DmkopHOqWwwjEXGQWarz3i5j4jvcU9Z.STuHQ.Pc_.V3uGBMBsUV1ne1hEaUgV7cyut.cAr1f Y5nxujZhJKd50VSa2MEXe2F0uihxFqxqH3vvxE7RTlue6qzPFeGUmSFW_wjcajxMcZGEZ6NcGDN5 Wdj5Ydv2F0fSpVkphAMkmaXD2SZo6s2eWavGlcV_C5.xY5gCU35mcOX.hFEiIntH2DK_6Kgh2OwH At1k9oXbvKgpB7VTgtwaghyqJwldxesgNySlXJ2gYJ_RvusRwh07xOoUiJOT18SBbKMIqT1EVP1P wehSaAjsF14jn0tsPF1gZIUHYzs0anF.OTpRMWCXq9QUm81fRTnZKqi8N.I_GDgSjQfAqoaPW1lH d8W7giSjOrRLnnDadvIJ3U59LZR2dUgDH1tH5NQZN0PWgHpEjLHIWkRLaKjG4cqJ1_HsSz1ObpG_ AbgVIYyu4HjMQZNIp_9vwSaUQ0VIrybkuNeTpVOjpRHtDjIFCOUwXIDfZUBZ2UbFQ_jfA4DQ33Bb S7UnSZyu6kOyL8mK0KrgtsYnH7_2lnUj76oIODxH3UtP_QcuAfe1mQ4KkXWwYMwozQcVbBVey7BW MEMiX.t_N54K31zA3hrcouMxCA3to8404dqEEbnBWH01nW2sHl58nwNy4jyjWYy1gwzw2QSkXDY8 LQSk5tqDyfIju4UlFb8yvgRLg3ktLlrNGLfx4K0Xho1dSR.vLS8ceHDXSAPCUMWHTQ.OHHDCcauw neyVGDr7UQu3d.HUIt53sxUWV5G3tWBdMwEhnDGiCBrUcwcbrK_V7QLCsV4.9xneO2UeIjyPaD2t FRLE8cREuBBNxk8RxfBNZpKJSd7ItyfFOYgsc0pqZr0lNCNbfEYhiv1j7HVhuRofmUG6jumB74NF oFXYB9iAj.37YSlo.9JjzzG_HozAb_Abc3TMjRDhD0ZkZt05.DnGXmYTgLoJuVJH_BMnaX8o4_So WUCIrSRHzo1WpHsOdf8.r.QklafSg4hY3hfrTBKvv5I.oQNvSARTNRTM4C3Vmx1GRbz.7lixuJ5T XrTTHOIhC6TZAtGA658rnIap4wlrMBkhinUpXPS3fvHcGlV56b5U5JTq6pJQWLIteFgkDIDXUNNK fH3P0cBlMC86GjeGD2grelNYcD9JQN7zyseaG6lRp9FUaev6br5Hvrjnu5Y3wdYcwBzA7NIE3Hgh cYXzVK3N19VYjyQnksUaAJqR2nt_8EwEKIVKKuOvIHSaHLbBDFmsMbFz6bN8HzW_HyIkFYkSx69u AOvkQCEpN610eQC5pCDrnPNXi96N9zykVXETHDXxy75MyOF8K4L90pwp1tfX35.4k.T2Nba6Nv7m hKBqT6O3HNTgbse_wFptoLAXWjerQ8_rybPMlXXSYL8XUfzs5WHYsId1mUrbPFkzHtyQ2CZc0jLo f6WjevgSgf4pg6KSfvGl8NtorNOeleV_4l4FBmIbJAFQsXpnIZGEACDVSZk98v4dshU9vS3gywje WDlSXd8S7KIuayZrlpI58HYLNMiQ4Jp90dn1tOL61_u3O3qnRoD4WVZQe5Ot70uXC.8zPH9kbJl6 uzrc4QpenbL.dnU9JE_g5mT.h5OL8sT52x6Ynf9BYUyDq.oamSLubARm1t_E5nHEfcFF_NshF3TZ q3uxc4zD1OQlveR9tlzM7d.9pwQwBstSOzN2e1IyH6vqEaGFZKUQPu9gc.e9C16FBFLEJwWsTorZ kN4UoiqRF.DWypXsEm5P_utsPIm4AYDg34jXQ48wxaVibfhJlv02oKhvZIkt0DUtZ1uv_9AIUOmG DuAKFAhTebecTD3tgy9C0YNZNjrBY3zVLoVycYJ2s6lIIn9R.j17rKjpsULgPvBl5Nd3BHmQt4vc 6wGE5A4vrc0wN5lGvIpcqahFsucmekmVCcAvD4YZ9aY3EAM0S1.h_wIH5.09m.O5elbW3gZX.5ut dFBJFSracrEWpjVHjIGj0xpkA1o4mmVsOMjrjq6LzH07yc.IsMJAHwrNcTQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:09:37 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-9gvrn (VZM Hermes SMTP Server) with ESMTPA ID d63a51ac54c25c4b8dfd633eacacc622; Mon, 18 Apr 2022 15:09:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 20/29] binder: Pass LSM identifier for confirmation Date: Mon, 18 Apr 2022 07:59:36 -0700 Message-Id: <20220418145945.38797-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Send an identifier for the security module interface_lsm along with the security context. This allows the receiver to verify that the receiver and the sender agree on which security module's context is being used. If they don't agree the message is rejected. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 21 +++++++++++++++++++++ drivers/android/binder_internal.h | 1 + 2 files changed, 22 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b0b0c132a247..259f5e38e6ba 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3024,6 +3024,7 @@ static void binder_transaction(struct binder_proc *proc, ALIGN(extra_buffers_size, sizeof(void *)) - ALIGN(lsmctx.len, sizeof(u64)); + t->security_interface = lsm_task_ilsm(current); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, @@ -4453,6 +4454,26 @@ static int binder_thread_read(struct binder_proc *proc, tr.secctx = t->security_ctx; if (t->security_ctx) { + int to_ilsm = lsm_task_ilsm(current); + int from_ilsm = t->security_interface; + + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + /* + * The sender provided a security context from + * a different security module than the one this + * process wants to report if these don't match. + */ + if (from_ilsm != to_ilsm) { + if (t_from) + binder_thread_dec_tmpref(t_from); + + binder_cleanup_transaction(t, "security context mismatch", + BR_FAILED_REPLY); + return -EINVAL; + } cmd = BR_TRANSACTION_SEC_CTX; trsize = sizeof(tr); } diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index d6b6b8cb7346..e3a0718ce17c 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -545,6 +545,7 @@ struct binder_transaction { long saved_priority; kuid_t sender_euid; struct list_head fd_fixups; + int security_interface; binder_uintptr_t security_ctx; /** * @lock: protects @from, @to_proc, and @to_thread From patchwork Mon Apr 18 14:59:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816791 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 645B6C433FE for ; Mon, 18 Apr 2022 15:42:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345514AbiDRPpc (ORCPT ); Mon, 18 Apr 2022 11:45:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345666AbiDRPpQ (ORCPT ); Mon, 18 Apr 2022 11:45:16 -0400 Received: from sonic313-14.consmr.mail.ne1.yahoo.com (sonic313-14.consmr.mail.ne1.yahoo.com [66.163.185.37]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C257C36E2A for ; Mon, 18 Apr 2022 08:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294675; bh=WA7cBcTlw5+Fmu57VfsVv1NsvknaIqAVso2hQjxqg1Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=JrczAAylXf8kfZF0Zy97cJHPo0ZSBpex3k9Ny0gzZ0SjMYrwEZFBAK2SIhFoQ0i8pokA0M8Uhp/1ZQXXsXKaZgnWTEMeh0Kx0p2XQzP3CfbtH6TUhYBYot5ThS7lRSzD229UObGtHPUqHhCziBQJhQVHSKGezexWx6hIhRFBIkZnQ7lKkr/sUSCyLU2zo3Ry4xipiiwacx94P7WiZKPwaWFixKAPvcUsh33xqqZQ2XCTtkVeBO3RhICTiSdVTE+HyRslsn3gQiahh/rdjAh2qmQ9OFChSSeJtDxY8HguYeIsI27VLj+wJGRwPVW0ChVp50wihZ2sXs0k2BQgmPz82g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294675; bh=E6+07JP7tOPkhBl+mPulPDhVT4tgC1jPbQbZy00eMY9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ioD7t2+mcrptncvhp9L6d/JEgtkejvNT/5upJCyL985Nvc/9LybyX7Zzp6CWbeE6xCKPADlgMGevJhCtkcSz/kOUohvVf+Wm8IWIWYXqZVXY4bN63BdE3S9hc0gycxwPisIPsJmzi9JYmj4wZ2dvdAfELewpsb2K+SbWa0ZhIkC4PrfLMTqw4ELSyCTGg7zmovTk7L5kKSLbjalzO1VG+fCZRyqk6b5ICyA0LcbdvYub2//mLCe+DMhYYqUNbJXcl1M6FzE1v5j7UiGY2uY0SjjyklWgLzAR78HEiOMECp+CdfycvbMEazj9EG++JHtgF+vgbXzjWozAB00TKcGGtQ== X-YMail-OSG: QC_ZqB0VM1nhWxY_nQxqpOLVW6dkL6ydzrtdgq6bsYN3Q023c.EgVvtsjZ079dC Ek9sx58fXYWKtX5UL2IxNUK_BYXccZMwdh50WrCHDs01b6GeBhIju7HW8jWIE54VWNaPjnL1Yg0j kIlbBZ4gEStwJtUC_H4.NIfFQkbhykHjjICe0m0cGMvJJZ04GdnHVuKI5DYL0Fpysj4qIwodUbWx rFKA2UJgdonoFCxfa1Fxm1fBMUXHqBLtVMK1wYAAhk.3rNyYfHdGbbR6qXYMREisug5MRasf3xxW Alx_LVzDjXiNRmbAIhsPoirBQJ3hRo02PKpTU4gXZadLDng55H2907SELQ5Ff7gYLmsd8.jYsStW i5k2n049yP2ah4Aq9dRW.ya0J5msmeMuQO5NKSXYxwfFc8ztE4bkJBCnCCAHKI58.b65eu4mHO0I uS00TP9pliWqTC_aBxA0gVax2r.5fjtpkiD8qr.APcwVZu8jaf2eKsuFTJ448P2j9_vOR7ZKbwDl cfTdyHMScmTFvQWb21KwDNE4U23iyoU7i0FPNZqRsnJ6olc9zs2mYzgZfhjXEaWVafmkCzhwkgO_ VN9gyZ9g43UUH1Z2EG966gzFAjBG682IfgXKkZ3wjSb9iQCLGXv1jW1Q4kU2INRGjkKIF9wFM2Fy JhyPSygio9N6zqdrvgCN3bmPxJQ2vKaigNYeb.VNnimsiszaZWY15R3w7DtR0yPn3.X_QMfY2JM6 DxTYGNUyNjvkxobP2yKr4r7AIXZ8Q9ROnIutzST0YKVKEcfmER5I8.HUUWiK9yQnl1VhuwEWyq86 AsTWotB7h_t0RmM_cFx5K70.qd0euRQjYgTcmEvFyCBa5sKeTU3hJ8Yui7BbdjqVDhqkmOJdy5Fe eDZeeusrZXKY57Vfocr8SZZq44NEtNKYd.F8DWhnVboHAWmu.gDG0GuOsk4kr4i81FnyjRRPhq02 ujHOySlGOGdfKeuYId9Lb5loJVQUc1.UQOYijOYG5nlj6WzIbJxzQpJjuO8ot212BYYEnJ9wbhY6 e1KBMsmVNtI3pdGUWvSEI5ZnKWIx3dXOY.Mz_g9m30TpMTqZ0WnCKObZ9QAQP2KKWAVjPQOOK5LG 0gnCmHH1AmQE6IPe6KPFl6srjFCfnxE_EVII_tIG5bk2wjXDg.bSgY.p4brGFQyf0z9RZdwzvisq ZuC_g7iYaTqerU4ODqXTLQnOWPl5.Z5SJszCQi_FQAUOOmmk_7ygiwMiTk.MyUAIS5tgiZS3KsV_ npu0RgQlPRXHWORwZUo4MJ9x0gwfP4AsxZ4q0Eqg.obInmZsacLE6OZ9xpBgGFyUDWrXYo0nz7Te QsqDdgU0PlGYg.SkjA3ojcRsGQjU4w5wn1c6_PtC5NXJ82XgdlgzRS5JZDSdF2w28yOuUaojFGxQ UGL4W3KRqd6Ln0Lya1g3oDkMsrFv43vu4KHXdkqzZy5rurZZ3A.jMKlp7WPf6QkZHyqzKiThun8u vMrSNvVksuad0VjhQJzFU_41nMWyxsxoKqM2gGd0F6D6XgSFSuVHBmcm679VBYgd61YxdmP9VvUz DsFlWYb9AfUBB73_sIWFT6R1DNO3VYVS.ZIoCrY1A0G1qFFntjhZnGV1hUXbQjC4dCXYrirorK5h NvP5qKsCfmsG25c0RQ.m.q1kUC0M3tcxAdRrwZ1QK5Ucsjq5WvFHH8bESSzKv3YByUP_FfEUxbAd YAP6lMouJZB1W1H8HXhDSLO3Dz8rmS0KA75R2TzUsYP14mU4CE2wxAyTfNwqPyXSrcw.7f7uNDvG hB1n8JUuND4QRgwGH76B66I01zN6mF_OSLfG1HpTJo1xepTm0swgcxxTb8IcLouAx7HaMQJU5TGC CLFK.GJaHkIfq45kbPKdDP1HhUgiXXN3wNXPAUb_7UNkEdT7Z.wzr1HQ5ixGK_UNBrFYV8GqvSLn fdGP19WhWEa0.fuO0aUSg2xU.wyoPLSwii_fRqVuXM9mgNPMvf_coxqk3e8A6576SsJgNraf3WU2 lyNUP8.NSy1TqcEGyRFpHi260LGnBwH_U.j.W5JBct1pMv_hVwo56z.n3GH_ojSmoB7vKJ9U_7uF rOkvXEsh7.VCi2YVlFZUJKi6COcKShx4JjZsFgr5UIbRvH6Egp2dFz7Yg1m7XiaR7CenuWhsR14l jRUlAe1qbi95xorjS.2Grp9YXQSnQDTrka1V38ZiuaWdSQtVC2o7My3mjnw5OCcMvN0z1xVwo0RI fJJ6BZiLvStbDqG16Ubr.KdPuzYah2hzBrR69yzcRLY4vhHZS.E7bqkIY.OynI191_.POVxIZEz0 0IkPLlBn_d0CubMhC4EZagDUf4KfeL7IxdvYAaf_S6uu8lB2hJofNJM6fFcE- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:11:15 +0000 Received: by hermes--canary-production-gq1-665697845d-2b87j (VZM Hermes SMTP Server) with ESMTPA ID 325f6f931fdc97e0cc6b332f80cb9e73; Mon, 18 Apr 2022 15:11:09 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 21/29] LSM: Extend security_secid_to_secctx to include module selection Date: Mon, 18 Apr 2022 07:59:37 -0700 Message-Id: <20220418145945.38797-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a parameter to security_secid_to_secctx() to identify which of the security modules that may be active should provide the security context. If the parameter is greater than or equal to zero, the security module associated with that LSM "slot" is used. If the value is LSMBLOB_DISPLAY the "interface lsm" is used. If the value is LSMBLOB_FIRST the first security module providing a hook is used. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 2 +- include/linux/security.h | 7 +++++-- include/net/scm.h | 2 +- kernel/audit.c | 4 ++-- kernel/auditsc.c | 7 ++++--- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 ++-- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_unlabeled.c | 11 +++++++---- net/netlabel/netlabel_user.c | 2 +- security/security.c | 20 ++++++++++++++++++-- 12 files changed, 44 insertions(+), 21 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 259f5e38e6ba..d59c4ebf7e22 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2983,7 +2983,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index dc66f3f48456..2150016492be 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -184,6 +184,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "interface_lsm" slot */ +#define LSMBLOB_FIRST -5 /* Use the first slot */ /** * lsmblob_init - initialize a lsmblob structure @@ -615,7 +617,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1470,7 +1473,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int ilsm) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/kernel/audit.c b/kernel/audit.c index a885ebdbb91e..28ff7a5f90bd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1464,7 +1464,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -2176,7 +2176,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 802de65259d8..231631f61550 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1132,7 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1425,7 +1425,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1593,7 +1594,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ad5be7707bca..9b5c44dec1e9 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 07660c7dd342..5d72d2f41562 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -353,7 +353,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -663,7 +663,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) int len; struct lsmblob blob; - len = security_secid_to_secctx(&blob, NULL); + len = security_secid_to_secctx(&blob, NULL, LSMBLOB_DISPLAY); if (len <= 0) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 36338660df3c..cb4b8b636f6a 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -180,7 +180,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index f60a0b6240ff..844955b2e163 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 910a03f15b0d..8deee7e176a9 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,7 +437,8 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -550,7 +552,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1120,7 +1123,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..1941877fd16f 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 64073d807240..be6682768760 100644 --- a/security/security.c +++ b/security/security.c @@ -2347,20 +2347,36 @@ EXPORT_SYMBOL(security_ismaclabel); * security_secid_to_secctx - convert secid to secctx * @blob: set of secids * @cp: lsm context into which result is put + * @ilsm: which security module to report * * Translate secid information into a secctx string. * Return a negative value on error. * If cp is NULL return the length of the string. * Otherwise, return 0. */ -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); if (cp) memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; From patchwork Mon Apr 18 14:59:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816790 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA9C1C433EF for ; Mon, 18 Apr 2022 15:42:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345644AbiDRPpc (ORCPT ); Mon, 18 Apr 2022 11:45:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345669AbiDRPpQ (ORCPT ); Mon, 18 Apr 2022 11:45:16 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 924D65A09F for ; Mon, 18 Apr 2022 08:11:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294676; bh=lg5n6X0Jaleg5WGjAFDMbKg9/7qG3ZPbBsw/+a/HLSM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tEOakH+zMlsRALP9meJ8U+fh1z0rXralfznqLK5O/sheDsBsDk7o8csBeglxnRYaPNCFGufJV3nGMwvTl29xQ1SihR5oYCwu1rpuzYTosBV7eNM0rndR2iAIVYGVNRQXm7TtJd+4TnTGMinVXZEMzFlovOL+xWg9+9ubf6K7fqinYgBVLmL5ywB+ZUwsoGrJAujpixAgcRrL/xR5lf67i2odxDrrAk93EId9oLL78mMvr0/jE+w6xfKqVwxc8xD4d4DbRkinNb2Ef83f+1KZDvC28hSBc8bXrqTznT5Bc268VyGwWvP5JI7p9JltrcZQtdTmoXUuWmbGHZ3QBNjTqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294676; bh=UQTGkqSw1gTKXDhE+cQjvs71seTzgbXdCXzT4aoUaUK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WMY6v4NYou1lBW4lpwA/pYRHCQG6k8SpMFWDJslfsXVSBXc/StG+y3EjiplmHW9MOUlU/X2jlWAdgvZ14MpkJ9SlruSNk4CIWc8KArrbAWgKlraq+BfXYjxjNSmhmRvkjHVfJYnzhjSvJXif37F1GkmQMFr68Gk3LXVpHlw3HVlEP9N1IO8FXsjTxBzKjm+nYQoYyKu4WRwtwzgBlQM95x0tOGDXg1R5yC0wRd0ZVicMtNa6RxiYOAmZ3b3mfzWaX0aZ+ejZdfVWIC+AZ+WAa7Sn2W8tfIwF53hbLEJoAChCVE2bxgn3ez2932E5maSbUws619Z+m3SGmxQWcg5qIQ== X-YMail-OSG: .yq_mnkVM1lS9ToOyxi19vg5qqDvk3d6izkKHadK8fjNAz2kHEZ.73UA63twJE6 RE5Rv86FTTZ77DYKjRlrA0ny31feRyRUQMJ2rY.Hc11G1khegRn9Ua_sEl_zlCDBKyHZ_saOWfo5 WbRJOu7eRvgbKE2Z_nbWCBAjG.JBu78NtEUMqZNYj1F0OE55nxUx6CfOXLVNgrgxNIqXSgpqzB1z h_EESQiADkfD8RUIBlkt4vt_CRz6mp8a4Wea88SWJyKf3B5fHaSEKqcQnRGtwYxU6FExGmHJuX1f kzQyoiEN122jOJzIcB21vyENyy6AW.8p5Pj7YxXdYyjdGqFZW4Mua5CsCn2izq3Pn52WEcgTyMUi ULFJgML9uC2AghbfeAQyL7zw_0XVfZYbiVHJtYcIJTXTOMZf2kAFj8DViQBbTcRBZ.SbEB_5mWTC G6uS8fK2rVzJVYaooYGghUYYNIxoAV.giOOl.DUu3mahJswbCCrxZgc3ri.VZAfgPunGVlOYtoyf 99pmDvXr3x1Zegn8fIr2LH5v7BYcvGoIT1FrAfrcX_AIAouNOueHVCYSxFvNEpkRbZzhDUA__KO1 evhOHBBNxhZXNVBT1vYom6F_z.52UMidELHq8qALwZ_eOw0NMx6YlhKlHAydibv7RrHBlvAO8VEn fqJzxrwlKAS_qRcTps0UHW61Gu9s3Zd_IV67eEti2..Q9ZFAuv02plKlrZ.B3tpJhoMuKevhPPsq A2RgGIyN0QafT68SwiIHjdHqussTtt4djvTv8PC1NYvzr4DFVHPBB3E1XTLpsfIqS8mfD6puuZPi 4_L6og9XMNsYr62w8j.1lAjnTsI4WPNn7hNQlhqh1bzAY3WERnSTMl4fwYN8EDxD6TzLzH7DOz7t AdrVGEOP9C0VBiZwbvoSnm7K9ozpJzK1adPDUzHCpEGHV4zfwPTwzFAKXaV8Espr88_WLCBv7bfe T19BbU8JUs1o1_HaC7zze2Cn0BFDvLc7qKFA9GVJZiiMgslJ41cDBr4VJHl3vGnIxj6XENoGakV4 myFRpZb50Es5m86UQrkby6or0Op.Z_9vBQB_JuZKZWo8ZQht4pUrWI9.7bkiy4XRBf6aoPK9cD6F Vxs978_meMZb_Q3ZH4qv3J6QpoZyID3n46Kjyhs3eNcG9y0Hmz5ucriu1Fd.y5TasoQa5oOrvKMJ xeGE3VqFUg1MLd9z4V_juGonalJ7D10r2yg8eElDpBHq.wE3QfLcFZF3aE10VhtexM4JuAm2JoSC ptPaO4cVBVx4uowTZxtJPMQd9t.mn8rwRcXC.d0DRUxAC416PY4pLG9ZBOqEH5kaO61Z2V1EeS4M QKPcUqBDiPCn83kuXGP7xgn1TCsBj1jo0blRfDuiffTDc7uvZoHHF08uEhe0pFtZp2LSGXCzyj6i At5SG5VaGE5FIB0Pbg7gBM.NjyST.8oo_F4PvCP2i6zDV.fmfjlbEZIrD7EcARNx9bocSKBI7BoH ie6aRWZCts_fnoKlZ.Xlg8sNVeEAMFdmLkOUiqLLzawGGXkXTmccOWnSnHkVyUM9VoP_6tG1.ZVG SgxmTX2oYOznOBLFoQZuoOjDmnEJgz893of6HCJ8V50pEZSBjak0ypJwFAADQfVtnRonmJd1UF_c mIc.ItdvrHWC0Cm0N9S.BQH2uHUKK2YlP.STJyAT1JEkhWVyCwLGcfLvXeHidxBkGZER5HGuOuwx .T8dj52sokdGoSK0UN8ImUb.9duRJmADMnNBKvi6oGQ3YIAte9QndnBQKy665fY0KSJAWZ9drcF7 PVkFFW3dQKQrevcMBX1WmEavbeUvclxElc24SOJJ_MaB2XR9Duh.wsVFYBgFhsCBz2hmad9BIghL clVOdj5OifwRqpu7fZD5kUoDf0Gk58corMJBEkrmK6rD9h52ViW1Ns1JfTnI1jxNoo49YR23ne6u bOcZqWWipm0.AtIySkWk5mZ4BM8iM801sldv.Ks2lGZw5x63lr.CKSf0EFf8XsUcQW3ZCsXuTNfq RcTgDShKid2v7BmmG9p4Ri6rLX_upsib_SDii5t6rYjKkcsnySjfDioSm53dseX08w_U2BlxoG3k EYRkKm_SEe0VIwX7XfIY3z7juTAocM7MogcO.L96iN.PKJjXo9bgm8224.xaETTvJp28Hsyv6xV4 uXUcyzo7TUoTa3W87rTlaaq4LfVdTOyUtb2Xe175L09vhZ7k1ctpdoFGd7mROpIv14myWt_UTTe4 SNGo9qJKe8cLjU3NveBQxzSirefPmJw0fGqbTeKPHG.N4f5No9j95UsW2PDhAWvixd05E_nYYLsB hOEvh X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:11:16 +0000 Received: by hermes--canary-production-gq1-665697845d-2b87j (VZM Hermes SMTP Server) with ESMTPA ID 325f6f931fdc97e0cc6b332f80cb9e73; Mon, 18 Apr 2022 15:11:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 22/29] Audit: Keep multiple LSM data in audit_names Date: Mon, 18 Apr 2022 07:59:38 -0700 Message-Id: <20220418145945.38797-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the osid field in the audit_names structure with a lsmblob structure. This accomodates the use of an lsmblob in security_audit_rule_match() and security_inode_getsecid(). Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.h | 2 +- kernel/auditsc.c | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index 316fac62d5f7..4af63e7dde17 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -82,7 +82,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob lsmblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 231631f61550..6fe9f2525fc1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -700,17 +700,16 @@ static int audit_filter_rules(struct task_struct *tsk, * lsmblob, which happens later in * this patch set. */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->lsmblob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - &blob, f->type, f->op, + &n->lsmblob, + f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -1589,13 +1588,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; + if (lsmblob_is_set(&n->lsmblob)) { struct lsmcontext lsmctx; - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_secid_to_secctx(&n->lsmblob, &lsmctx, + LSMBLOB_FIRST)) { + audit_log_format(ab, " osid=?"); if (call_panic) *call_panic = 2; } else { @@ -2297,17 +2295,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = lsmblob_first(&blob); + security_inode_getsecid(inode, &name->lsmblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; From patchwork Mon Apr 18 14:59:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816792 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A506C43219 for ; Mon, 18 Apr 2022 15:42:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345669AbiDRPpd (ORCPT ); Mon, 18 Apr 2022 11:45:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345687AbiDRPpQ (ORCPT ); Mon, 18 Apr 2022 11:45:16 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 527DF36E20 for ; Mon, 18 Apr 2022 08:11:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294676; bh=SEZ5yGN4WuR3EQqQcVrWwReXijssZ/504JFMBxTlkAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=kyLPaL4WeF7F2AiLwOcftuMtQNiMP8QoG3pG81D6aaybK7T6+sg8BLPGATx0rJWpOnba/s05Ib+vLMGEkCYROnoCBWATVt2ZxOj+8T1GXtjAKUFZEmmjnc2zUU6rcIo7Cgjq9C6lOXw4ee11Y9ZjbXvjRi6Qo4xl/qxAk9JqRxt1EuX5bYnkWoYUTyPgpbJf5AXJYCtgeXfGi2a1l2BO+B0g6aMdsI71MrMl3F6fpF0bTzvkFLRj0dIafAODcaFPA0t2zVCqIKokVPKZaoK9L3M3rYXZHCVNxNI8Zbi9vJyG8axWPuxpOdpzpccqJQ2/ESGwM+l4BrVoT8oybb25Kw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294676; bh=GX05bKaWTQ6G1QuVuiX9cQQL7jCv+vajwL8haslE5F9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UgyfWZVwVxuYq9b4kUieHyR/yqDLpOS7dxfM03rSuyI/ebaxqavw6bC9EP5o+x8liSUMbkGogifi5xXEF77lEeQP1UDAtHlFZ5B9DeC2iH3pWP706vhLkWbasAvWENtw2O5Mg1gYUzwWcD/VeKXCIyqOlt+i9Vvt2UEsJtPaEkSVbLDhOz1rtrNlo2ER9PkR4KY7OFOE1F2zVV+PntT41+t/WSgUSK6pY5h1Fh6V+jVH1ZoU9O/HXOqD2NJAcJuEeg/5wdlTHq55eQI2yK2I6uVr8ZbRQc5Wv7z5ObBs2CCQrORALz39Zq0GzzWAq30Y+QfHFBjnGiiPkBO49JkUdg== X-YMail-OSG: qCH712UVM1nyvCBnbiv3IIt8QeVbofMXB5wdpb.szoeoxNDKs7Nkh5CTW3EV.1n zzRfLQlf8Soi6.hsDFnF7HC_dALgqTmjq6Nx9etzIs4Za0ClkYCy_UhDoh0LTMe1MvE6PCroBbBf HJnb97azTFt7z3E957G_eFOXlmBlscoJ08ENHYXizkSc_2tywx.7wIvLag9s5262htiC.7gEezxs mHNATzUDPfxGGqYSVfphxhN17FmD4sdnmOH4HG.XlR1dGf4zNM5Ohpd2apLwmmPGhooXpJ2k.bd2 NCjqpPJRKqEnz_cQ_vPbAZ4HvUo8KQIozp9MZAXemnFkxzxOoWR76RJhU7GdcsY16tEiSg72bgyY fEzF5zggqpigMZjeM1noiKJGD3Bl3DUGVOX3Mt9X0uSrnk_hR9ms0jmKw4wiQWqY6JVA07NifBUG ZWCLKlb8m8z3jk7vcB3go_6ppSfYaiMxtOCz99ni2RG4ERHFbQHMBzMHjrSDw2t8MQRLt0Rwlz8g vzGS_nIq84kW17CiBPeY9az6yd9h1LTfK69ry8jRcwGzBoLz3gOWAUizdqoyHlrR18Ko5pz5PpnM npV0zUtHNeuyPbantarBOWWIMG8r3cDhJ0cfvkEUiqPR01NiTRZ31WGmhK7K20VuZCvNcXD8reUj 4H2pro3R6s445mcG8Y6vehc4lhwP0ApAe24imKaR0i46KgUtVPOZlJktiVRBLBhmlJ4MtzyqwGTv HxgQ6GIRjRu5tXRBqo0V2BYRGrHJwizftQ6ttuKX6yMK3MUPw0vhtinmyVzPV9uohKexjhR30VaY i540UdBMoj.8U4Gc.hraS7PH9egqtV1tBI5t26Yx95N1WuroaR6loyz8cFXAjI2DkT4x4YWWKQyS qvE1Dus2_tu3xSGlCTGcZfR5BMsDMeqia9u9UI9kyRNPL_hPiWl0t_hRhvn4mc9zbqCfghODQGCH 5GYKjQnfW.BMqlp8StpONtuZz52CCx20I3xtxa_3isFpxPO._EMSNfTNQc0vKmmQG1uuTeiMWn0D tm.YChqb4c0XpUan2HVU7e3RLoEO8cI1zANOhk22klroo_zid1NnJ.qbR9ns82gkdz8qnyOES46v 5L4VHENVZ0uQ8Yvf4721txvLD7BY0yTpqO4BklBZWmqERrCr4OoTNrxCRwbvTYzh8yxHF.EyFzyQ 01.NxYsNBeRcrkiOu4skwT1QOEH3Witt7QBGkNJerKWxjCGhB4Mcqwq9TMmWfhx7FJZX9g6IYbRU .lGu7UdmYa59u6FeUvMYeMnbbfXghDf51SpHm03PJObP9UEjjhSN2ZYi.KRWrpc7R3ateG9r4UiJ tBz2rLJ6CDjCr1_TFcoYv77OHtaNOvT3ezNMp_01qtDluT4.MeEx.6_kg.jOYJWVMkBMoHbU8DA8 DsASTLcepHCXqt.29ojVNilF8hH8U0QZAIFf23rsdyqID87Ewljj7ZOLkqUs0aijkVk3k9ehYSGG D2w2mrErx2Rhp6sUKo6DtokuiIsjyW1OkiCmfOO_FMplOUTPg2mpl0V01k.88cubls.ea8r5W1DD cjC4UpgUw6Inj.nLYyOwPr5w6NLj2D3GoSKZpHUkgbGL9ztIaL.9aT3r65IAFWWfX6LNaZqNes04 3iZIw8aPaKjO0Z.mrZAOSozRrH5xc2ZkLXYUyKMH4aDqOmbZO3s16Cp.VTYgB.k1EFooFTFC3WVk JFlqw9uxT182XnUxPi2QdBCurUU8IDaDFk5tqOq2jNTKjW.DC_y4eLss4PlqGDyFWneUKNSOQISF xxoKN66kThtdje99eLSM8WLo3h3xM_x2yx89n52rUJl_A57cl_jAWm3XrN1zwo_4zsMwq77JbiW9 UrCVeWoKjy1zuyxICpVT3KgyruVlS9q7tk6RuH3Wu7n3n7P.0Z4iM55E5Gs7sz9mjt.9gPAM5vfz IMtBUwidExBs3LusMonh1Ze.p02M75u6MFEHYSVOicm9z5NR7tIyj4MAL48PozDJdtCGIvxoItHY 6J3aCD5Yo645RCm9mO3Fx.D7NBcfYjJ4UjkyO.IfiWg0VZOVr8lCrq1u49x2bD4AkmZv4gVJsPfU F4GTIBbCIFG_Azr9cl0r6NXtk48pB.Jxz6XtBk0Ygq65iSJ80T_QsbeK2qtsF8cTQNmlYuKZhl.D x.BPaf1Csb8B4wxh1gSjytAm.ZajKiHuW1Mk2loxrG4WDppVLTh_fOrQGZfyosBj0jG4jAQX_V7G n07h5l.3fuyx.GN1lK.5cmgjz0BUQEx5m7p5T8W_YuwnkEa7eOIyot9vZydrXUfeG90ci8W5tmr_ .Ws6N2Cmd5aMgwzsrmTiB.pOZ0iufOEf0Zh8jmzwsAHhalwyEejnr4E.pKw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:11:16 +0000 Received: by hermes--canary-production-gq1-665697845d-2b87j (VZM Hermes SMTP Server) with ESMTPA ID 325f6f931fdc97e0cc6b332f80cb9e73; Mon, 18 Apr 2022 15:11:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 23/29] Audit: Create audit_stamp structure Date: Mon, 18 Apr 2022 07:59:39 -0700 Message-Id: <20220418145945.38797-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 12 +++++++++--- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 28ff7a5f90bd..6b6c089512f7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1822,11 +1822,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial = audit_serial(); } } @@ -1849,8 +1849,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1905,12 +1904,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index 4af63e7dde17..260dab6e0e15 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,10 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; + struct audit_stamp stamp; /* event identifier */ unsigned int serial; /* serial number for record */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -265,7 +271,7 @@ extern void audit_put_tty(struct tty_struct *tty); #ifdef CONFIG_AUDITSYSCALL extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -306,7 +312,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6fe9f2525fc1..557713954a69 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -992,10 +992,10 @@ static void audit_reset_context(struct audit_context *ctx) */ ctx->current_state = ctx->state; - ctx->serial = 0; + ctx->stamp.serial = 0; ctx->major = 0; ctx->uring_op = 0; - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code = 0; ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1950,7 +1950,7 @@ void __audit_uring_entry(u8 op) ctx->context = AUDIT_CTX_URING; ctx->current_state = ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } /** @@ -2066,7 +2066,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, context->argv[3] = a4; context->context = AUDIT_CTX_SYSCALL; context->current_state = state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } /** @@ -2535,21 +2535,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context == AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial = audit_serial(); + *stamp = ctx->stamp; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD; From patchwork Mon Apr 18 14:59:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816799 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D481AC433EF for ; Mon, 18 Apr 2022 15:43:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344906AbiDRPqK (ORCPT ); Mon, 18 Apr 2022 11:46:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345540AbiDRPpq (ORCPT ); Mon, 18 Apr 2022 11:45:46 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72EC75A0AE for ; Mon, 18 Apr 2022 08:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294767; bh=kMLscTMxM/e+jgLbdd4pjlWQBT9hBPTadnVTTCq3dTA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=i8tHt5fXSmbXoiXOTZOKiHASi/pNm4bTqx1Rqd+K7ElZ379SV6mvG/qeTeHmwVRECbd7JlGlToC/utfly3YGdsJtfr8ovnV1auUHHGOIu9ZuMLa1pKZLgJcgaE/aG/KwZqRgOa4VV38O1Pm0F74vWHsyTsb1X5vBJWQXep321JBO2YCwUC+Zcsk52vMD7iqyPGvmOC/hlyhdm26pImWqc5iyiTVe4iBlXAWlwjqX6cWl+O1itrMJyjJy16ftvaSIggtMuWHetW6RPigHRp3Wcs9vCt7IoMAu0hyp+Jk7VX4Dce3ULfs7MYYa7NIuVDCTKunjAWmtIwfNKejty1n69g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294767; bh=gHucft5FSsROnsYX433jHd9Ha4PMBW4b/VZJY4fJdFJ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WUskznrQAXHzyra/1lR7E3zUao2TMbsgb5+qiMXIS7jLsavjId2/l+XUUC9Nd8VuQ3xo+Pnhl1jNT5QBn4WuBC7m7o8r1f9jWaihngwndC+nVUXugA/p7egvmklnYUKAItUSJQiC76T5WSfYxcgiZKVidHwUTZhFPIQ83KyhYKwFjVCiAM0oPyAEfTq3ZYeN+UMhW+icHuDhhjhReP+mSL+lIRDhluc8c9Z0MPiFh1l7NgaOxAqUO8awLhFCJroL7zVqWdsCGb/84h8sJbvQ4F27JhlRI4T+2OEXXyxyGYQFuuH9z1am1cGZ7d4vJ4YwczfLVmWVqMiqsBXKGT8F4g== X-YMail-OSG: 8pXSGJAVM1njKlorQwrOCZKVoKcNDSOTew6QsUJcpN7glA.ILBQ51KXx8PIwsgn uAl7wuztEnq2tE2qljeAfW1_ygDUMvv7JwZRPCmyHy6iC5d2E5FXfTfnbBCpVBNEF73DwszmxiXi PJp9GWYXKrR6ECheFSU1GzsjN.yweKHi72aI.Md7LBbbJrGu0LjmPKIUnt9n5kDWPvEQnEhZSEi4 hIX5.FIlyYPPSC44g07eH0fm1UJKqvXOymyQIOica1VORAsVKTNthXuiDkLYV6k8aGb6mb5L3ykx abpuE80_f7i.rc_vqMUigcsfxOvT.jBelAeUlw174VsCc4KQrKr8lzJOBHvlgbPkMkzL9VT6ZsSC bho2ZB8vcFigJ0SZtdK8.b3LRqpFsnSGChxmy5vgehjy8.FXSEkjmbA9esOJGiTw9UzSfrBMe6QS keY5KuK7H2Ntz9bWfL2W1_HwK6__udva3a6WPItjCH3J75B14ePyeychdCfwa5wWmPISg0hETAU0 BtaWz2X5nw7fvQJpflwWAFj1RGk_G.OKJ9lArYxVmMB3zdEBSkuZSybT.nkHh.YpRboiNWJBqjtm s0vNTw41Y.Knh.Z0XAPByeliLf7CYOw5Ox6SJtrJCApIgkPKRY.JB7EVU0T3ldW11M722cLSejaG 8fm3VhF5_RGlKNgLhekmUcfX17hxCZy9_E8JmXi_UGrpIos8HNxyJDOpYrdnTREu1m6YFjPK50TW Xg.WCjyw6CQG.KIyAmwfmssPPzbbeX0pvDYmexhP0zrKTLkT5udkyVDuYQH2Q09UjO.Buu2Tk.Ba JTirU7ig5GzvF92hmZnb36zvsVAfUOoJeibYjLI2VB0e1NrPHYVIukuYk_BO7nChs_1pQJktIsmE lGZVFe95RFdypMDTR9EOYroaOrugKTXIJN8b3NInXfVgakZH2zdWdZDtkQfrtJLd1Gtv7NVDDdxM cBx1bipw20ZA8Th98mDDaaYkB8YYeB6SR3f7NUS.8.2nfJt7TC4YZg9Jdq2i.ecBTQ.VO7qD5pL3 CUeQBSCMVqga3TE81YglpbAeW8MamZ7ZL74aYrkjGx4_x.pF2UmlsE5gRsB2J2f8QkSXpP6k4ZfL bTuPd8amG1TCuGSVFoS5pNcf2NjKSo0SAorWoBhXj87XPCcr1jY0eNuZq.hx9rdKuZJghKcJgDL4 Mipu_uFyW.fnoXZfnjC846d4c.fjlRaOG11ZUHDUDWOfQxmbtcR.6jwaU75ULRr1wbZjOb2NWReO N6czSli1iluF_YmKJGPbZgNCssXEg8UBR9txVj_QB_1qq5UJX2F3vLxB9WjGoq5y9whJ1tJfKAQI 44iLwXXtXaDDRLWyyaFXfmcE.HDlH3bc2IqPFjBipILQCKZV.i.lDrRto20cJ1XpvKwK9hkXLYq5 AwA65MaKGxNoCFx9k6KRDABzNMO48mE0kbkdXVH38pMc2sWjjzeC1G4q1Xr1_Bf8_35AOGqud3Sr HnRZ57em8ckTjylBrVbDVW6mjkkokRRoY2i_j8RJL9wpKV3.BsbvyvyTcS_MwOgwPP2EVVlPVS9p 1dl7hsKKSN6bGAY6ca2ChK1D5wXWvH1zKOMWp2yPeoty_PGOLfDUbkreBz1DVfe50Li5qeRCFOFp L2v9cqMV46aaiW8C_QqoN5bW0_4Ya3pBWALjRG._VNU9KeHhNlUr2PC32tPQsF0dT8Z0esE71Wr5 e_NSjZ8eGo1Hre9mCx2F2KZfGEaTf8ZmY3NhcPwf4q_wpciYFKDy0qNxq0pBRTV0yJ4hUS.yv6rV h5rrTnvjz_E_YRY7HgiwWuIgT2nqlVN33Atof1BSHSS0k8K92E.KHjlGVb_7433fQy4BkXfiaht_ nfso9I0qQfdSVOM4tYUTAAKfuyySU3JIDrUnx66QM9AfwaQiAyY1sfbChEHvrNtVvfdr69yJ6Bsc 3ShjtVFM0f3BVSuaUd9YltLN7eGocgal1elYu_IXRFWmoHkpBLTJ.rDt.4Cu.YvmkuQEIMxNX.ag zd8eVhU4uFzLsGWXi6DboZ_Wr2.oKmxwn30gpK140zqpMNZ5mRlnYAKkgs6fUlg7vjWiPoTuQd7M SPZ5f00Gudhoqi4lFsjZnZ39uKcDTILBPPlTRIORgtMFYYBuQkLSa6MCVWXMF70eO6EWJsNmjzOG wKhDJNclnGu719F.icSlbwYHskKhbJXoR4i9clowTGvyCjXw0uSG5KjeGcRslPvLonXG9LfvuPog 7YLR5NaiAMdkjT1ud0BzSTvQTFusMS1zMR8sd6vfXK_aH1UDKfH5llgmF5hrxhxy7Os0Q4b1tORo KF2VLdq16tYAc6FE7uc4uPZNU7ljxUr7hy_MY.PHVm8LeaM.mpaJUT9jDrA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:12:47 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID ee952e2418b7fa05874502fbf35997b4; Mon, 18 Apr 2022 15:12:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 24/29] LSM: Add a function to report multiple LSMs Date: Mon, 18 Apr 2022 07:59:40 -0700 Message-Id: <20220418145945.38797-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new boolean function lsm_multiple_contexts() to identify when multiple security modules provide security context strings. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Reviewed-by: John Johansen --- include/linux/security.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 2150016492be..3fab84220f88 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -232,6 +232,15 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return lsm_slot_to_name(1) != NULL; +#else + return false; +#endif +} + /** * lsmblob_value - find the first non-zero value in an lsmblob structure. * @blob: Pointer to the data From patchwork Mon Apr 18 14:59:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816800 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E96F9C4332F for ; Mon, 18 Apr 2022 15:43:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345411AbiDRPqM (ORCPT ); Mon, 18 Apr 2022 11:46:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345672AbiDRPps (ORCPT ); Mon, 18 Apr 2022 11:45:48 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F5635A0BF for ; Mon, 18 Apr 2022 08:12:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294772; bh=ClsMUKhtMLE7a7NDrpNFEcSlIfUCv643dLWMaDabIbg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=X5kw5fclF0fxinjx1XQai4e+a1qJ2Cjl96g0VM9Jeox+WbR5B7COXDnwc14OwXS17h1ASNzcsEmlrkRbv6PwTHIlgbFmuubXOtfe+gzF52sMoRRNIi+J4cOMehaB68UqL+HC+Ykt6JZyRpsZcAgiP7cfTNxxKHDuoV+mqrumy4TLj8c9D/Rq70BKPH+qcEsp/1tuW4uknWZv0fQZBgBBoRGC3HFjhRRTnMj3LvjMkXX2GSqVuxnLheHajfxmGOBTkFxIIvnoVdTsQjcpmsVzvS7Mh2sM4vXA8PVm+cviyDRPeSi90lkuYIgP7DtpDw4aM9P19HjqEwqjKGg2CztdQQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294772; bh=/pK/xmZRUjcShdUOKrB8IKcCqk6Fal/YzeqwKrWyrkL=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=kjNKjuDtA7HFYPsMeP2apufQC360b8mrFE0icHJURCu6gtiZuMf+XW28DHAmQjDTcuxX87dOmHe/K2+FPHxRqLPaZPGc6rMB7I1jx+rQ9YgCBmODHDyBDxRutzsicI7WGphnln87F3lnZSIht+M2YTMqSfgnObAvryLE0/IHnu97rwSedjRYnT7xZI3GkLWQQv5XYeqX2Ciup6CZFHRu4C++CSWO1pHPkY+bb6sXhRPfdyqx5b6vDVUqvHqq+nlCi/yRAQ9WwlALOMnU8eSBbd4TRsXemrY6f3xaHNGu2S2nqzMPniGg1Bp0UCTh6wMLuVnFbXh7CHWOHockStkWqg== X-YMail-OSG: 3uT_ewIVM1nTDx1gnW_LgXd9XAPjFXUoKoEnTEAlcduyf_WthJuSyEHaoEeBk3V Ebevb2z.wQtVsIB1Q7SUIPUWFHChTiWytipvSYO8uddvV60ALdPjPNZj8W_XBDIxIZ0COGqGa9dg MnG0Vptg9t52VztSMtmv5PmHwvcgMYTKqSivCvKIQUdkdWmq56.LQsyCg9_QwrXZQls4TWCBlipp Fml74AR8BDxLP1e_ynsgq7tVpd3.ooC57l18V14lAkKg6xIxyiJSyxkhrdz7TDkw2TngeA8y_ihs zOSTNd7AsZ7ul.ADIz2xhoEM0pcuj0DBDj2KSwzXfSqNOtaemJ4nYHHftx5evpmIZ9VO_pNP1NBl 7Cn3PsdnnUbmfhxTvb6lFppvGr8V8iZKktfoaMSQe6Hl1GWN7evnDd8FQ1nX0m_3LNR71oN3wyLz T_OSfkBJYyewebwnNzDPknSpU4QGR1VYM4h4O1QoPLCW5bHTW66lzgw_0cSrRcJRRKy0lzIQwrIy jxjqTnLMAAHi_isvKZVIO9JyjYhPb_8pm2apW54mnK_3H4CvcIYis5xxqN_y_Gb2992QogMsL2Hn H4gUE.TOTRP_z2bt6cNOtgDiQ086eZKKFYQVoH3hvPpFd80v7T_ubXuavo9S0teblxKOdidCNFAy vPk9SWQ_vwtkqIJTjD56GVMmVh_Y56H4.3KHAtWQ9mEq.HDJ_Qt9IQUWHYKLkKEoa8hB92Z0KKzd f_Y8iZ9FR00tvYScZ4gnRxueGH.ZJNi_mC1ABjogbje3rABxgiELWi1jDJo7ceEzqCuqBgzJqZss zK0A_E52S2LhIm8kiAhWF1qZicBoQo_MFfGOwZVbGnKlB9J.NNuI8_biSB6nUWwCvlfx_.kGmFy. lg1OoydIaPjFXY1YkRllH3tWTvQscSRK1KBeOwQuWJhjifpDmO39Wbt.Gk6tK2fcDsH8V4S0Atkd .oFwxihHD.3z0S5tExekHt5ea3P6wXhjkraNwHQuoLNzfefyw_UQxiztivp71V4CWiLfh6S4GCFv kRbbyc0IhgT.GVvdCEJLvCj6wVmQJsPCfHJ00uW7uKCEpYTv6.r.lPHCZPkUlMbkYcTBB913aYHD GsKH0EPa.UdMB6I2ZopZ0yjvOn8Dfg20pFHc0pJ68HYt7tYI4j42PdfZck0CC5sVcg_m5PeNSviW lD_Nah5.yoM6dLIA0Z3TxkURnnAlOWt5lQUQZzdBFqUltLuVwzhylEGfQ_rjURbe3t3nw0fRibOU kNWZQQj3brBKbj9GeSvnvvl2H24KG890V.jb8QKuIHT82Pft_5FAXza1ZR9F.5QuARBUDcVP3RU6 dhMn.x67qKNOIq0vtIVIRDdpnb2Zz42_4vj4ZYlnaHO1fsMhfD13VoXfScRizleSZQSs0JtuUyOT aFi8iRZvu_YQmMdh5hRG4O41CVm2vERbpQ7orjLuYSBLupJvYtDssB8jm3tVHvBkDgGCC5yZO2R2 kv3Kbl4NwOJLlkAgx0.DuY5Ng2pT8BuQF08kCHbIpPM9KnLd0_8XiIb_C5z3LCeBJvO3ZUuiLdvo xjAyWGhFA18IEPYb0NB8E9vSXnWDeMWabKYpIyAqesjL0yPYCfloLMOtc21vlwGtitE6_ufRbkJi MfmqUvWA7RboZgObCYFmCVxc5j9AVrke1k6WSSyzwPDtWwUdxrNDQdXsNub0tBLQiw64oeNoRafk 0K8pJSe3IJvw7wsGl7aAcYYZaUQYgpAX5L0ao0etRpZQYeeHfZ0AHLlawLhZafpGZopVpHH5IL6R 8WMD46IfLxgOb9NyV7topZHvnw7YNRK2V2ROWsi4y42t8_YtcD.iB5hTwaweh2O3SCQnL_S602hN Xnl8e42clC6uiRil.rNAXW.LBfS.vPMZKFLTF2oaVsJ7pXVzgUjmlWJoh8rZNZ4fQzNcyQ5TAb4W Q3tpgVS5F0WDNceQ6YnApnm_LaXIFr9abmQznVaxl.yphjIm0HZGRRjD3ZqdikwmKW34r1MzHSoc dpL1sbny0SlLuebC8Cf0TlD1CCFMYeOsXj265ILDDVOodu450HXhBOj9zJaS9lQuzxgmDdHO495Z 7OH8z29BdADq9H5HdU.oF_cSojE543.HQG1MguT70FpWXxFpiFCMgbPPAapwRWVrnjWMCZxTmIze fTmP3Yl9uv1T3em7VYLqniy1xytBDLaN1TjiDkGUHCxqeiwglR8P6mlDUCk72ulfI8cBT4szVTPy vaNJ_bOGye3IWrDBnOtQsCSOP5jm1eFpDtLZGo_xg.Mz5Lh22.3igSzdUs8mQGEL2jKKfBTG7IFO 7WQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:12:52 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID ee952e2418b7fa05874502fbf35997b4; Mon, 18 Apr 2022 15:12:47 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 25/29] Audit: Allow multiple records in an audit_buffer Date: Mon, 18 Apr 2022 07:59:41 -0700 Message-Id: <20220418145945.38797-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Suggested-by: Paul Moore Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.c | 62 +++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 6b6c089512f7..4d44c05053b0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -197,8 +197,10 @@ static struct audit_ctl_mutex { * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ + struct sk_buff *skb; /* the skb for audit_log functions */ + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ struct audit_context *ctx; /* NULL or associated context */ + struct audit_stamp stamp; /* audit stamp for these records */ gfp_t gfp_mask; }; @@ -1765,10 +1767,13 @@ __setup("audit_backlog_limit=", audit_backlog_limit_set); static void audit_buffer_free(struct audit_buffer *ab) { + struct sk_buff *skb; + if (!ab) return; - kfree_skb(ab->skb); + while((skb = skb_dequeue(&ab->skb_list))) + kfree_skb(skb); kmem_cache_free(audit_buffer_cache, ab); } @@ -1784,8 +1789,12 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); if (!ab->skb) goto err; + + skb_queue_head_init(&ab->skb_list); + skb_queue_tail(&ab->skb_list, ab->skb); + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) - goto err; + kfree_skb(ab->skb); ab->ctx = ctx; ab->gfp_mask = gfp_mask; @@ -1849,7 +1858,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1904,14 +1912,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); return ab; } @@ -2402,26 +2410,14 @@ int audit_signal_info(int sig, struct task_struct *t) } /** - * audit_log_end - end one audit record - * @ab: the audit_buffer - * - * We can not do a netlink send inside an irq context because it blocks (last - * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a - * queue and a kthread is scheduled to remove them from the queue outside the - * irq context. May be called in any context. + * __audit_log_end - enqueue one audit record + * @skb: the buffer to send */ -void audit_log_end(struct audit_buffer *ab) +static void __audit_log_end(struct sk_buff *skb) { - struct sk_buff *skb; struct nlmsghdr *nlh; - if (!ab) - return; - if (audit_rate_check()) { - skb = ab->skb; - ab->skb = NULL; - /* setup the netlink header, see the comments in * kauditd_send_multicast_skb() for length quirks */ nlh = nlmsg_hdr(skb); @@ -2432,6 +2428,26 @@ void audit_log_end(struct audit_buffer *ab) wake_up_interruptible(&kauditd_wait); } else audit_log_lost("rate limit exceeded"); +} + +/** + * audit_log_end - end one audit record + * @ab: the audit_buffer + * + * We can not do a netlink send inside an irq context because it blocks (last + * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a + * queue and a kthread is scheduled to remove them from the queue outside the + * irq context. May be called in any context. + */ +void audit_log_end(struct audit_buffer *ab) +{ + struct sk_buff *skb; + + if (!ab) + return; + + while ((skb = skb_dequeue(&ab->skb_list))) + __audit_log_end(skb); audit_buffer_free(ab); } From patchwork Mon Apr 18 14:59:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816801 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 213A5C433EF for ; Mon, 18 Apr 2022 15:43:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240497AbiDRPqc (ORCPT ); Mon, 18 Apr 2022 11:46:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345570AbiDRPpr (ORCPT ); Mon, 18 Apr 2022 11:45:47 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF4655A0B6 for ; Mon, 18 Apr 2022 08:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294772; bh=h32jrF2Zh2EvU2lSatcW64eAZi8X5he9uuICOJ6hcZ8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=EUEXTWu282YVpawuQXCOORYBr+NeDn4ScXgjC+v6nlIZhaPqvRwTBrnd6+F3iCJSADvgjC2YCKld51Of0IMci31JMbuz7ynN+pZGDbFHVs8MjJlu1tBLQ0Eqb8cRp9I+E3fcIMoN1OrE9yhMwdylhL1wyHROrN9MmgJuunML7udwTDK5imkPTmGwpZz0rMQ9IJ61oLe7tfWWBRiDDvKbGf86fEromYYHL+NrGqc9vJ0rM4eWj3a8m+vnoefWoM0xpjR14B89Bp0aJi/hoEKKyQArhgi9c8mAhlXNMkTqFCw1iAaXeNOaC/Y9li3vPqomt6C9gKWS0DKOd27fzP6omQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294772; bh=pmA4xACC778LtA74VLN82kthedtveeafy7lyo4EkjkV=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=h92aszvKyyMkCyOvSUBLoRzD1iWwWtzIYor6YwHpKglgZbWzlz1dZFLr1DMQQCOFFBgGtG2mbjjOdUnebdfgyfkuGXzERpOaDwPC4xjpHhNMCD0jjP6H3BX5CTdigXf2osuVVYddGb8g82nyWHYSL3F0pqpTM2UKnAhzhCbsDXkWLPKy69GefnjH86Z0N23dLS9idcqS8oBV+YenwP34rKqdpJTm/Ny1k1788ZAk2S2DVhTMAhOaaVf/onwm012nnJ51PYLpkKZ/TS33vA0h94PsF8NoEG+4G9z8tOclrqSnk145fCPhvi6Wbea8jq3mHxH+lS0tUYbLNMLJTHaFxg== X-YMail-OSG: p2PFZ4sVM1ndt.GBi2tcOQNJYAb6SqrF8ELPpvVVoQcBG8ub9Ox.yvlCyNJbcSU RQBIh9nfafvpkuhoIpklIG3W.RxlWGs0nOOa4yyz7abTHsiqpYeJLFPW.4FhLtTdPHQUytU3ulX4 Yfu1_NJ.aI57W9OEBuvS6aGsx.z4NZUoAyZIiQJlTRyW4lnfLHE9Ob7XtjGqJh__4AGfeRdYYfrP RTJoqaiEf8PbskqpOh3r_yYMtyFdXhKxPc8KIcF1v4f3xrYRoAiXAYqTM1FMex6tHm4TBWWCa_Vu 9I8mrTkU7fAyNm76tppbiKnEgDkwi8mFzGEZkPQ0INth4cOzEOYVRC8JX.oHN.AdWsBtfl7FaYqS jlWrazgingSDphC6ls76IAYOkYBB84mVG1km5D2aOwkrZ7QbJlG2JjuJUmXSXTd38AbiYdDYW0kk QVXkcRHUPUyLV_VD7rKZALEgc4z6YCtPoMGFsJ0TKZbPCx4vQthfIHEodAUhvYPbI.Fuyo4Uz.P8 82DdaIjqafNSEVAHRiIwHo_ln7SMDeGpFv0jnP4UknfdWWsfejT0VlRDYw6hLcgcYLlxoDIv601b hXlOzOyTj4baB8i_iOVrbpdaexrL5dVzciLXcWStxHGdt9c1cGa_yKaQlv1vH5adfSpALHTyvfVQ SytNzmn9Vq1G2DciSjQ7UvFbKyYM31FESWrjTv0XvR28EKLebQycbibi.Za2It.3LTKHRawJ9XNZ vbvwtHl2SIOSfYtHRyOpcspZdBWv3_YdvQhtUIdCP8kPZH59OS6MAX.6AiuyMMWT0DCRzBXUxdca KiW61P7RyikAAkpI.s1dgUUGiMjLG3jJQPZ77QwYn3pvma0DciDNBCK.L1iYY61xyP5Aq_VAibH6 yHprYgjnbC8qWpOMroygfRcJtjozb8COFO51AN9KN5LQXO3E48M1Lip9Np1kzV6ODuTeF9XnwC_Z 6vltyXcx6CNEi.y8c70zj6vEhaWlGrEkuF4c2TnJVIesjnY7FcYRaEWsAsumUC89gYDVgxiUjMRV WVxUee2.RMLL3CFAOYpMtfksb2rsos6bc48XNbReMpnMsLPh3MB_UV4ZvkODbmZyOcoqM8PT1ssB GpjnEONWpTxpjdc6wUdFl7qlizIIQBQm8PIIawXSg6Rc64SM2kE0iBb7e1vmYmbwvXNaW6X0_4A. VAJ4fqx88xM0xduh.pQ9EEZ36fJaCKM_XouDNwspQ5yg4nbGtuC1XtA4KKkhqO_wLB1S2GOw3sxj k_6b16DKN0YE6GPy_tHC6SMo7WCdwlDmjQGm8SaGCLDosQkVR5RodyRoZx0voIibbteYiqCzLK2o oVvC8rKQ.a9Fgb3y_felupTRvGeoLyOSBJOpxGFb1t9Nc7eEsiv7oCfEbWFdIFQoXuwstV7qCVAk DFFChX_T9Hz7V9Gj29p3Ko1m03QKUKJsJ0iV1rpNoGqo9mZoDMoiznDDwo2d4Eypm2uSCWIMkhxM dmz3ggiMzPdLXepwlJc0PWe4maAiovOO5rFmU7omTKfTeu0.ylNyhl654JT7YlUOtOqlZnXmko3E Yx6LF7b_z2rtbFehEx7JTLQVyoiQ09RdwA4C1FciAqdtNt_lPV0CNa0VDCRJ7jw54Eo5zysDvZvU JnpeoANeDbMc8VznjWr.fzdO8.8PyhbVueGJIWE_XhVL2GkEXtTZH3067fpsmtrLa_41ipXDd_KW KbuwULV2eOR_SMvLJ7vpFeHcRUUfhjcOxUnGdHNoIBbjImG9fBpN19Ml_kr7RqYni_tqi5yEdytV 0G0wnj27nJdNrXlmsMQd29eTjkOWRq6DFnhWslT9njAgtPNqb3PaSquOOI3dP2doOZnaQSMmUOGz j6kobKBqAaV4elasGxc_4Z7gGxoqXInP6ZdbPA8ojFDbGV7Re1MBcPtzb5J69tnt502dYvNsqcao JeMTn9FsVQBThvSSn7VEm0mKaF3YoDajWY.5OPmLXGIBFNfid8A5eEOwNk4Gzux2u9ExL03zJnkU 5gt9dPvU0NJpXfGyoPzAarzAdLc.GskrJh3OeKGGjMx5xwll9Eq6xXxjJIGD5VvlKo8xF8y3IQDE BDE0OlbLTJX1w3e8OBKjU_C_vNi477qPlfYWGnu4j.mFplIA5M_fkaawST1B2rEibEDq5At.SrUq UO1tUSUzWzEr6f3iHo7Wd82zck6Rz29bl7PCRFtizRjKhKs9U.R2yysJ5gYwsqtbcIuy1BD3J1Lz xSqN60ANCbcHKues8mQcH7dut6anZwpbQu9Hcmmv9rNs.HlkFCrfzTLxep2ha6KYICYzqjuq0.Zi zejFsSCd7wcV4s.AyL2v7e9SUEW4D3RYaiO7Xm40YpKoSZAc9MRPL2oJD X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:12:52 +0000 Received: by hermes--canary-production-ne1-c7c4f6977-qcc8c (VZM Hermes SMTP Server) with ESMTPA ID ee952e2418b7fa05874502fbf35997b4; Mon, 18 Apr 2022 15:12:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 26/29] Audit: Add record for multiple task security contexts Date: Mon, 18 Apr 2022 07:59:42 -0700 Message-Id: <20220418145945.38797-27-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS (1420) record is: type=MAC_TASK_CONTEXTS[1420] msg=audit(1600880931.832:113) subj_apparmor=unconfined subj_smack=_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=" field in other records in the event will be "subj=?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Functions are created to manage the skb list in the audit_buffer. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Reviewed-by: John Johansen --- include/uapi/linux/audit.h | 1 + kernel/audit.c | 93 +++++++++++++++++++++++++++++++++++--- 2 files changed, 88 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 8eda133ca4c1..af0aaccfaf57 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -143,6 +143,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 4d44c05053b0..8ed2d717c217 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2175,8 +2175,61 @@ void audit_log_key(struct audit_buffer *ab, char *key) audit_log_format(ab, "(null)"); } +/** + * audit_buffer_aux_new - Add an aux record buffer to the skb list + * @ab: audit_buffer + * @type: message type + * + * Aux records are allocated and added to the skb list of + * the "main" record. The ab->skb is reset to point to the + * aux record on its creation. When the aux record in complete + * ab->skb has to be reset to point to the "main" record. + * This allows the audit_log_ functions to be ignorant of + * which kind of record it is logging to. It also avoids adding + * special data for aux records. + * + * On success ab->skb will point to the new aux record. + * Returns 0 on success, -ENOMEM should allocation fail. + */ +static int audit_buffer_aux_new(struct audit_buffer *ab, int type) +{ + WARN_ON(ab->skb != skb_peek(&ab->skb_list)); + + ab->skb = nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); + if (!ab->skb) + goto err; + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) + goto err; + skb_queue_tail(&ab->skb_list, ab->skb); + + audit_log_format(ab, "audit(%llu.%03lu:%u): ", + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); + + return 0; + +err: + kfree_skb(ab->skb); + ab->skb = skb_peek(&ab->skb_list); + return -ENOMEM; +} + +/** + * audit_buffer_aux_end - Switch back to the "main" record from an aux record + * @ab: audit_buffer + * + * Restores the "main" audit record to ab->skb. + */ +static void audit_buffer_aux_end(struct audit_buffer *ab) +{ + ab->skb = skb_peek(&ab->skb_list); +} + + int audit_log_task_context(struct audit_buffer *ab) { + int i; int error; struct lsmblob blob; struct lsmcontext context; @@ -2185,16 +2238,44 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(&blob, &context, + LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return 0; + } - if (error) { - if (error != -EINVAL) + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); + } else { + /* Multiple LSMs provide contexts. Include an aux record. */ + audit_log_format(ab, " subj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); + if (error) goto error_path; - return 0; + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob.secid[i] == 0) + continue; + error = security_secid_to_secctx(&blob, &context, i); + if (error) { + audit_log_format(ab, "%ssubj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + if (error != -EINVAL) + audit_panic("error in audit_log_task_context"); + } else { + audit_log_format(ab, "%ssubj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + context.context); + security_release_secctx(&context); + } + } + audit_buffer_aux_end(ab); } - audit_log_format(ab, " subj=%s", context.context); - security_release_secctx(&context); return 0; error_path: From patchwork Mon Apr 18 14:59:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816802 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DE60C433F5 for ; Mon, 18 Apr 2022 15:44:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345556AbiDRPrW (ORCPT ); Mon, 18 Apr 2022 11:47:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345648AbiDRPrI (ORCPT ); Mon, 18 Apr 2022 11:47:08 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E89D65B3ED for ; Mon, 18 Apr 2022 08:14:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294866; bh=THSmMt/jYH/D+Iz/LfOdT6bexzTnjyuZsXLDVPKXVx8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qiu9X23bEpzyY+FRQwPtfPltb6pSM2p+KgsU60e3KicQ3u7+s/U5LYiqaVRLpYCRVcu7Ldpsa8jdbKStDfb6CY8BzSNqIREHQKCi6uMCUu1G4KMhftalP+Ev5o7+GrkFoha07zueNZtXIVjzCzF6NvMOq9B0dygxBhSG6fp64ljq7B8vaVt8PMJvx0s7pPgaJFS9nKgizsilSEbMrvFcO8X2rNjOECb55YRhLUkz3/vwU3YQOvExkH3xIm8s2irUAKWuzJufKzEM6qEoHZTBAxoS7iQLoc7ZDkhW5PoT8eEeaQ+AUrY08nyoOvdh/iDk79l6V1r6LrrxJTFIZIRgCA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294866; bh=BdKTJ21h2NPBp0xOBZBGJnDCvy6iafVp+GJ6GlkHl6F=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=gIjgr8CcIvB8fhBHFfWiMAHq/H8Yy4lvfC1lNRy5EV++h4fB2i+hjK+7+vKCacuOAFxYzm8euFbzN7XId+VDrT1wvxN5TX3+WrJbEw5WIIyR+TH18+bWhP1XuaEbHKjFWGeQpBEIJxYUqBTt6L+qYZhp75SfB2/Pw+l2krMBNCO4tta5NYFJn4Qat81Pc8M87lArl72cHnwjP40tYZ7KiHbnwo8KZOgNbQUKdbIuLGPkOxLmDQFxghTA0+U1xjwIRNeHWDw2jIFtu5OEVdzjSc+Oy66gVXRcxpV/a7Yo8cCimKQmwnrxsQskLHky2ocDLDbsR1Habzc0ZgNIuP2gJg== X-YMail-OSG: Kbr1yM0VM1lwxGcGtALRsZKodwuyuaZ9m4zoboBBD_e8W0CfRSHRW3TfNdaYl7X 3MNEh3QJwQyGxhvomZgZqiUjlrF627u1_BRW7xMBJPihAU_wPbaVRucgvCvWGPEstHZoguOJi2kH zReURwSjBSgoql.5R2xELb5XfqVl4k40jUBJ2obWuZvRTSuYYZEACCGziqXdwTN6xBlJdsXdEBXl 8a2tYmw7KXh8JmLDfDoo7y5QRz5RJrtWTNPPuqKgibErQxy5RDwziKy.uwfr4VFH4FuBnqr950p_ JJ3lZj3CGJLUi0pyG7_zbAMoerwVEYNTBfVLwAc7mtj0r4jRWiP3KPqojJ7s.a_rovMtqeF3OrRc IxYfW_0QbtMTtwzq48_024eU2I1lmYf.NJvvYRRRd1B6g5fwrtYU5awNwmmMO4i3x8NHIIyIwmct L21k2ljoOtgsa0lEbU_ABvLQ.alcs4WZa_cUd4d8gF5anNjyx_i2m10v74osYxgF.uEM6KiQRhlX wHq9JePqadmiMSy61M45s1oHOti9r9Rj.gBDzIZxQxvcmf_hg.QiwQ1aJLekIRV4Xc.7wRv8MtMZ P_yiPMCXgEtC2NqCws6RLMiSfq5YKtiJNlXh33VyH.W7bXCVC0kvXigju4pi288JpE147DCB4yVq BboUvsS49OYFID5EgFasOi8n3v2pwdt1V1aXgPheW4V0XI0eXa8Z5WmqRxWPN95Qw2KIO2GqRRb0 bABO7xhMcvQiS004m62U5RAZbFAFxgmXdITR2Fi7bTbMS.D13igKshQyOFS6czf3vckCw70_Y3cC GCLlXTx.G0Vi_gFfw3Y2xjQgKRBcn2v.DmYOsost6MS86mN4vir0B4i_pf9szJQyx1caTi7n6LOg IixfQsptRG59qzyuxcq.FnveFJslUlwD3T4dVfuGyby9oUdqJI_db9.lkSOuEli1V0G.QTaryPQw JRmWt83BCKjt2ouTKSg7PRdrK1xvElqZ1PTKm1nD16aRo77WpNgdza4fZ6hHjeNPBpmzeNzzytzk UjZjUu0Rjh3i5bdM8B1TMbZP9ja2JpQko9txwDlMkEN_Jlbt2rS72wVuEnhKDOzteVzrsLZOxakJ fMgS.8lIjpEvoHkRq4IQbqd3qA6bOzd38Hjk.tm2IxCZr1Tf1rpoLdDVWFLA63OxGipeASCQ5Ozf Kn0K7_h2tovB1BGZSa1S2PaJacyLcZRcHosis39_PYFDYIaUriMvCyEfWrlB8hsx62CpEOXhVjuI ww2venEGhK.5eRx.uWjdE5DXHwWm1feqvdpTk4YTD6cLlE6_VxJc0dpjFoSUNH3fVbjaS9F5ifZw 8p3mX0mG2mWK.DQbtZZHanzZbreQgyjPK1hP2LhXe4WbN.WnGbNlllFLLA_MicP4GvFR6OFL6KLD G4.UDRBz_GA6XROENQxrcOnDg6XeKwn4L3QVBWeJyBlCDWRnzAXiQeWfysDnVR5cTpgt9_cYtYfa xwXNY4PwuoK86CyTQPwAx.EwmKXQk8d2wg3lSD18HbgvCGuR8GlIX_vs8gb1UCmFRAUl0mlHBkG. y5BFzSen3Qihk6VLoFTZn5De_KoAwhCI78LYh_9sCHxGlQ04QlQ1EECIroQ0g4JwH6xb7Q7MTVLS 13KBIVJQwhpraHJ0OH4fSsaiWSswQHmUUDKm_aIxDYqQAIQ7G5PZm7g9F7IRbYHBYBPdaYarkHqX WK1O3ogRAbFCs_zXF9bGCVxpxYv7CXe52zS5C7q_WCB_RpWa5qN7RXYr87oMM1xAFa6DijEfPcCp Zg8iWkZiiduTNXm0GVEKUWLPMlj.aplWh0g7sa8osX.F54SAysFgyX95MphYCJd2PXJ..3tEKR.b pW6ZZCqOaHg5ML4KdbYuUaNmkhYA1iaXYrJFyXErZnluP.0KQPQewNc6TfJRe5DPqGXOINWIxeDq Dg04Md6JMVUhE2IocfOZ5TeFgrxyEF3eKrBsJopLl8UAtSPer3iCqbkV32pu8Ocn.NShlZVvtmPy etpXf8mglUVm4Rq8gFwxEfNHTRAX.I43vbkUQy0s3EiMOg_qjSaR.Qv4j8A_Zt4zfjIijqhj2hr0 TQhL7_mkSCLGdhFqqfmwhhgmOwd_U_G8ihyBuGEbVwAw8yg3Suu4.AKfMNxzZyimA48RCakxwXfP JSQoRhoUGFPvZ094e_N.GsIN..9Oehsg1neugywXC.NSJObURPC5nSbbuFoJB6rqsHHqneLIYbLI xIFh0CTThxlJTX1zHkhpF_gwjY.wBoLF1q6H_7UpR2fzxdMkLnGWPzjAyP7ed.RivZkrkOIchuuk 0jINz6eRnxWyCUvZA9n.8ruWZvg_c2plYyMcWl4Jn_XLjGZk9oGVSZWQ_ X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:14:26 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-xjccz (VZM Hermes SMTP Server) with ESMTPA ID 311eab809775b4af02ae966c725fa26b; Mon, 18 Apr 2022 15:14:23 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 27/29] Audit: Add record for multiple object contexts Date: Mon, 18 Apr 2022 07:59:43 -0700 Message-Id: <20220418145945.38797-28-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=MAC_OBJ_CONTEXTS[1421] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=" field in other records in the event will be "obj=?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- include/linux/audit.h | 5 +++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 47 +++++++++++++++++++++++ kernel/auditsc.c | 79 ++++++++++++-------------------------- 4 files changed, 77 insertions(+), 55 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 14849d5f84b4..1b05eb2dbe77 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -191,6 +191,8 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); +extern void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); @@ -251,6 +253,9 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ } static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index af0aaccfaf57..d25d76b29e3c 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -144,6 +144,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM objext contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 8ed2d717c217..a8c3ec6ba60b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2226,6 +2226,53 @@ static void audit_buffer_aux_end(struct audit_buffer *ab) ab->skb = skb_peek(&ab->skb_list); } +void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) +{ + int i; + int error; + struct lsmcontext context; + + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + } else { + audit_log_format(ab, " obj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); + if (error) + goto error_path; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob->secid[i] == 0) + continue; + error = security_secid_to_secctx(blob, &context, i); + if (error) { + audit_log_format(ab, "%sobj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + if (error != -EINVAL) + audit_panic("error in audit_log_object_context"); + } else { + audit_log_format(ab, "%sobj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + context.context); + security_release_secctx(&context); + } + } + + audit_buffer_aux_end(ab); + } + return; + +error_path: + audit_panic("error in audit_log_object_context"); +} int audit_log_task_context(struct audit_buffer *ab) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 557713954a69..04bf3c04ef3d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1114,36 +1114,25 @@ static inline void audit_free_context(struct audit_context *context) kfree(context); } -static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, - unsigned int sessionid, - struct lsmblob *blob, char *comm) +static void audit_log_pid_context(struct audit_context *context, pid_t pid, + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; - int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) - return rc; + return; audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); - - return rc; } static void audit_log_execve_info(struct audit_context *context, @@ -1420,18 +1409,10 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } + audit_log_object_context(ab, &blob); } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1588,19 +1569,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmblob_is_set(&n->lsmblob)) { - struct lsmcontext lsmctx; - - if (security_secid_to_secctx(&n->lsmblob, &lsmctx, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=?"); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->lsmblob)) + audit_log_object_context(ab, &n->lsmblob); /* log the audit_names record type */ switch (n->type) { @@ -1805,21 +1775,20 @@ static void audit_log_exit(void) struct audit_aux_data_pids *axs = (void *)aux; for (i = 0; i < axs->pid_count; i++) - if (audit_log_pid_context(context, axs->target_pid[i], - axs->target_auid[i], - axs->target_uid[i], - axs->target_sessionid[i], - &axs->target_lsm[i], - axs->target_comm[i])) - call_panic = 1; - } - - if (context->target_pid && - audit_log_pid_context(context, context->target_pid, - context->target_auid, context->target_uid, - context->target_sessionid, - &context->target_lsm, context->target_comm)) - call_panic = 1; + audit_log_pid_context(context, axs->target_pid[i], + axs->target_auid[i], + axs->target_uid[i], + axs->target_sessionid[i], + &axs->target_lsm[i], + axs->target_comm[i]); + } + + if (context->target_pid) + audit_log_pid_context(context, context->target_pid, + context->target_auid, context->target_uid, + context->target_sessionid, + &context->target_lsm, + context->target_comm); if (context->pwd.dentry && context->pwd.mnt) { ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); From patchwork Mon Apr 18 14:59:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816803 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60A9BC433F5 for ; Mon, 18 Apr 2022 15:45:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231802AbiDRPsH (ORCPT ); Mon, 18 Apr 2022 11:48:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234917AbiDRPrJ (ORCPT ); Mon, 18 Apr 2022 11:47:09 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30BBC5BD06 for ; Mon, 18 Apr 2022 08:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294868; bh=zxytV29Ee/KqsOgddLCdzZjwv8OiqPiIqHzR85jUbE8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Yhp8ZF1K/LGkZGuNPs0gcQ7UiwsDVfgFy2oCOFIoSARJl3t19R6wPje8yKzjwiLTHHl6ULkwDKlCyopQnei4Bo6nxvESKTNaElh+CNz541fLn/TgKsb4cuShfY9003wztr5OV0ZEzpV0vGiD+Edy6nfLbXhLQOsdSHfMdaPqbH019+BqModozeu9DphDkfEgLQvSU5BPftDr4PHLdpAewBYiTYhQQfHHpRKd/XImuS3c8LjMI1EsNOiSATrsoeQIsDQxGCPtwmgXNVWWMPAH5I9Z/kE5ZodKJ7HVn6lZJKO5z2QaxT9vzUcqpZZnS7wvjDmAsbBWBO82/mIY3+Jx/Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294868; bh=Vk4LPorpmdjOoNmR/xSMm9gdeauguAtz7W4fHMrO/vn=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rbRlIFBGghlrJVs0TBJAGo19sYSAI5Mdh+Qz0Fm6UYwjzGvIWetO1X4P5J7W4dYy6Cq+GAJ+pXgb6mPwGUgKsGXLGIXeRoY5kmXd5+X55LGGNhScXlL4v2HwF39UOMQYmqcvJZMiHpbl0HVogIXZdA3qF3INzztw3gDnCsfxDJV81uIjgiR78DwTB6Nm2oyNGSGOETdQv6FqHWCWZt1VsZaCQ0mXryTgodELfurCsN8nRF6HIrRGUY8HB0NmRFaPq0mtqzVux+SQGGgD4+InuVvSY93bEqbVfdqZRYiKeZzWQEWjQBJPMKieDLjGSeOcNt7jme0Yi66GKJnqhOGgHg== X-YMail-OSG: NnLFzUcVM1nlTnEdG0edl6v83mjHge.vM7UhJeY5ofhOGQuCWzVz0ltul8rM6xq gD1he0CIlJ9ay6oB8StL1oivSSyPfykTJgrgVgRbc6PEdz2zLYCMjAgHxbDanHEQtaCGJZt9Ador SojpwAoXVkY8gMjlC8o4Zg_Q_aQK.W8tvnSyT97iRjBG_XInQvzO5ppNNNVgayLvdWUZacXAQYlP KGQOrIGqB_Oc_hK5mluyy0egX0EmO7aDfyJ9YLfX3QX1ydnhaoQLSRooTg1VUSBW9AlfZSoVysF. 9M3Hp4cAwBpU7_af9Kaui5fILTtmQA5yw2o_FezgTxEcKy4WAptXodgPZApdNqAYWmjy.x6Q9AaF 4LGMAsWaMn9bjfDdKrbc4kUzvI7EN.4X9I9NSJr6fdMxYVTlaiDzkIUHMB0t_.4g1QRFJTMjrOEw El7162tiOVrbFnrxyJ3BjzkFASJSL5E1yxQ9Q_NUbMXv.5gz8BwO1UY1NNtQ95.qJPuMz6Mdcab9 TW3N3UdbMKuVkfr8yhZjtNmgr1n09m4aNu2qbktCT9QltZo6_6XDJbIBYS73srn0GOJK3XdQlADy hsc23r0zj6DnSjAcoXqWlMtNJPuHmadNqWmaYcO9_D5gClsIAKC6tlGpP.Q8TG.6sTytapWIjyZ1 G_QjlvwHl2Qesxf1733sKS2uM3dpwYLZYdBt91PBitw8J89AAew24VA_USVFXXFv90Yp7pQ.sUoV rpP6gupVjW8eOfyI6RJjLREzfWJthX7vxaQtntwZkNPU9h0CnwuJKNCCzfbm_qvwfhSjAdow9yos m.7lLPXIfkp6GXRU4NxADITemyEB3juGaRXiXrPkbY5RvQsyPgldiJo1.qdhASiRfHuGRnM5BlY. 6Yw6LfbqKpC.DXMAuRDMn0Rr2ZF_swT8KQAcXtOV7Urc5mrWTKS42TaQCdFW8yYndzIxdfLHcPRg lk9uo6GIb9cvK4aGuwfywOSAR4AfzrJgBFMNJp06.Ef0zhSuXQOuwcWRv0gQQZ_19rbQBet5vKTz 2hUb2ceFSOf6cSgucSlkXUY0djHh.THllL30gSz79VzTlsLotBlUEasQT3wcutMaN13Ml_7rrsDi nLLQJnbR2rRGWcBBh9HgAaJneLE8sc7bF_yxrB9KBecTOocmozrxTbTSX3nOWKQKJKvY_HsqfEFj EJjwiNyseaK_VjTvoGepnN_gLiN7Vm4V.O0azYI.Ql2w8hnE8sFj5ANrZDVbC4Ol8eyFkJ5Mvb9G 3uyvZ9RdbLUQIqH4LUtxBPc29kQi5DpCvX1_eUB2uq0Ahm_ag994hSGY2yp1MmL.dVcpV_pYabYv ZKiQdE8qaErUyX7tORdk3iRa4bY2aAZPjB0nIeBZknFn4L2T_81s4uTgaLge.OvxEqkdimOfrpOJ UHUZY2N_Oj.gOhmHODrQn6jitkvu3MnvidDpe1a7vxFjEIIVo.m.VyDTIRjI5dLfPiEZgUqJeDVM VjyvkTtKK4s4UATfvDGa_iP67x3_EskWl5K1a95Q9G4QvWmu0sOs5pbO4h4bs2HVUQ4QbqzU48y7 DTPw2p9XjsCIWu7vb5LpcVRqczF7KNKesg10S7REvlIrjqME7LszigYf42.Gk8v3tpx73J1KqLzS GiqvZB40RqP1VZnZllHV884xq4EMjtWAwX2WCUuupa.buVf4jiFOBFi7YEy1l29FM6Dr9N2ZNE3. Q9BOCxPfzrPzZHHac_wKvm2j_RNTpqzbDPHnUNvQ3CeJzAZMPI0lRz9o8Unt2QEKeCbH5qt2mkG8 dLLgfnC9D87yQY7CwyEUswlbG1G9rvCUzN99T9Rm.7CZdIx.fwbyTku4KXwS_oE3RHn7L4vQhjV8 ty8F8L5Ej.BKOTLXB48uYheS5w_d9vZhbngt1_fPHUV0GO6xz6_5T0vf8aZJqMSeEVEFnn8JwdUd .GcHLSexAOXxehFO8A8YnPMfvgPGxDjuPQehf2pBIq4FwavDHFZ1krruj92ITzs2ONs_4ibYxN70 y37w74p35U0D93lxScwcvRJC6g2ICJZ.etycNav1sZkjUySs5BdNdgPbd9YI0L_pryOp9u0aA60t AcNZazdpBToMmwH83M4N.1Ahh9nyXF8Rne2TuHs75A8jKqZLZmVBo9uLDEVRaW76.gbvzsUSI.0t fj0peHfQjeppqgya2cWKHq7xg1RGv3rYWxOvl51nK3U3faZ9j4Mbqslj49BvK467S8NUaqWb1_Sg ZYJA04WfKE7qTxw0JqGQd8cKM8iblgFzCT675o5uMHhrj3nBTUDrr9Mwf2J1ILo5ZXaQCB_KvFY0 YJ3hmAJZLjqySF3D9dLwP3sWk26ZdXBLTZHQvcjnfYQlSbX407ZqJEGJUnco- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:14:28 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-xjccz (VZM Hermes SMTP Server) with ESMTPA ID 311eab809775b4af02ae966c725fa26b; Mon, 18 Apr 2022 15:14:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v35 28/29] LSM: Add /proc attr entry for full LSM context Date: Mon, 18 Apr 2022 07:59:44 -0700 Message-Id: <20220418145945.38797-29-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org Acked-by: John Johansen --- Documentation/security/lsm.rst | 14 +++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 +++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 ++- security/apparmor/procattr.c | 22 ++++---- security/security.c | 79 ++++++++++++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 9 files changed, 121 insertions(+), 15 deletions(-) diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index f2d15348bdff..f8aed4404e7e 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2828,6 +2828,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index fd63ae215104..425538ebc606 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1401,6 +1401,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 29181bc8c693..1ee58c1491ab 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -609,11 +610,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index fde332e0ea7d..172550f67fc0 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Requires: profile != NULL * @@ -28,20 +29,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -50,19 +52,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index be6682768760..4c6d4171ded6 100644 --- a/security/security.c +++ b/security/security.c @@ -802,6 +802,57 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2223,6 +2274,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2250,6 +2305,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 653dd2e236f1..cd977493f734 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6346,7 +6346,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2190c03ae3d0..9e442c4495bf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3485,7 +3485,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Mon Apr 18 14:59:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12816804 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3698EC433EF for ; Mon, 18 Apr 2022 15:45:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345456AbiDRPs2 (ORCPT ); Mon, 18 Apr 2022 11:48:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345728AbiDRPrO (ORCPT ); Mon, 18 Apr 2022 11:47:14 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32C9C5BE50 for ; Mon, 18 Apr 2022 08:14:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294873; bh=69UohOF3eRTLQZh2FjF33Zrm4UgU6zPehXD/dlT5I2I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=oPVbAjSlM89WvAYoyW62RqgjWWq9lBP3EPNHrTTYNreUeen7rPmgI+LfWY3fYutUqoGiyBvow9EzgyFStP/GJMt3ODF+rPbYK516PILPVvDv3kKkLHc2FCizVKY9DIeYnAvzC7tGBQx/15i/K2ZDihonyJYQHf7ynlPMTtAV0B19idYcI+0hjAkKlJcQ8nGzQuN8LmgsZhNZV8yE/YcGxfiEFwQikTW+6LOMEOvC9CouRJFMlDiPpSW9kHGEsURemIZp1eVNmot7n/R/9qGKRzmi20MXAtFuoBUkuhlO+qaCOpggJaSBjMC6PNq12lbW3fBdOrRWzVqmZEOOOoDy3g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650294873; bh=nS8fn6QTXDQjCIFL+o4u3xtJmoD/VojRgAaADHs79/N=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Bncmwg8/E86xI+dhKQGx8TE1QoDA5TsT7JlDL/j5EeBkMENq9v5feXTGpZZvwzAWamQKnRcOmOBy0D2S3qrHc1nLLZ6yZ1VfBbAPpWwrd8ln/uxN/TCOmeeW033KXPImGdTcZx3ecu3DFtVIcR4gLo5xrGeudSla69NExcDxCI5QTx0QQMRAnAYH5ShIaRT68GhtxzOK1bw3IlzlC3MyAkT1hCne2gKBg15gV9oi3hOfrlNssZTNyRpxcH/H0wYYbcn+dPR/dvFULs37TUg8k3QeyDBiMbUqtJZtYxqy85lP+hgvMthOAyR6HtYLl5XMFPbnFOHSfL1xH+uuB622NA== X-YMail-OSG: QUP9NT8VM1kDlX2S3pPL7dScr7DG3GjZ6wegZmh610UDvje.9iESBMDAqFuJ4.f .hr8_548_RU.rtXup7vMN4SfiDHc5kIWFMkX5S3xEhZ2Sxbu5PyrfY5pxESQaHSkHdHna6ogWumK nK0UPC0yktGSpXh9mj.d6dTmi8MlHmVyxaYeOTSzhorVD6epBCgnAExPGFZw7nerAqUwIaWYgkk6 jAsYK2togydhUh26HcbpNXMOGfVlJE4LkRNjSaYGl03_j8ZyOLuK9kq60.mlQZCVuhOKnN5C2v1x Vbm.TierF3_FypZAaS6nWxrTqAAx9XG6Yj5CwxcsGj3aoixbpGUKbnT3Bm6qUdopsNVw7CV.JvbC s7LnNw2252ISxbVevHTuEPG.b8jAjhghexCEvSKaMVTBk7J14a5olqgQBUSwhRKvSBVkY1IuUU3c nDLLwd_weFHKgAB5VyFGQCWWOCNGOd9Qm9Q1TTd3FosVBBYF.NOcDzb5SlFbHPxf_yJzClWVmObp A4jQjkhroswUvQruEsqdbYjrTmQG6FfUuCUmR7OH07XKX2xTrDb_BKmHUtubbSHA7Qyt1ma6wiF2 lYkaH2ft.fl0LS7QdafM7Ucdf_46IyfFx3kYwaxY8fEe3lDL8d3SXLyAyVXzc7m1BDph9zp7ueaN liL0AJEn9DQcvPcXQqi0whlZ80V1nN4RxjmFds3g1vmoVXQa5.SaEA.yWYzVHAzXhIIsjtYpBVZT TzqLXck18baYqd_UR6je4IAVADlXG51p5Rgr7hCOfK_1Eqf2Vk5UnsC.N7_OclQjtTCLtsWjs5FI AEJlujVIoqqxOn2QuPl4.kT6Vbi.FW7YILV4nKr_ngSa527n23ohM8Bgipvpcq6PpVHf7i4lBhJ6 HfXUGtmHsHsk0QtRSlLCcRUEZ6Ceqow_gfAB5SfATrAnYofx9rv6m0UHrDM8Zb3QVEyVv6VMpkdg b3S.yvZEpt3xUek5.vhU8F7Jw0N4OGUL4jEZdSjgU_ByEnuhzu3VuE0i9kKL5UaWwCbKZrNjfXt9 CmTZO25.KDtWxpBACluCbYDqUC0DOJIKesFP7Qsx69Pyo50G_Ip.x84I4_uyhfcY4oD2LGWTn.Qa fbKLzZafTUjgsFCfF507lsDsm9kJ_9Fs836pUomgNieFdhdAMZye45b8DAZWavQ1ALdWSXOOhhXg hybqo4ROveJbrRXY6v5caezUdmQ14hFaKl0PXi4jvTXORqgoZEV.rwDVp421PU2ES5X31OaguxKe cYn1IaIM88r3yAeDnzriahqmcWbE.._QQGNZoQSgRvlxE6hCyHJ194Ctr1rhSS.DL9cDU8Mrugju j9m8KPCu.xwCEm95g758rD4_StuyVhLW..GkPBgMAm6RSD9X7YoDlQljTkwSPMPdyVAuUx3WncHh 47ctydbWZqBuSr3pw6Z.vUYq0obBNAQFxPOgh9oxKgGKcGb14ZkrvjawZSzjzjCNzG61q7fKoCKu DIFJw5gnCelDqH_gz7uRBiSnybzkyS_Nf.4O9NpLOuphIMALUBHfQoKpEvjNyGMih3nCJERKncYC ZiZrTV3DkOyj0bgmfreLl6a32uDkQ.D3LdNtNE0.vLoudAwBnz3tiK5r7K7_vVYQYXRZUtHNozjq 0Hk.ovkmTeC3H81rHVTjZo8yC_8X6iXyKKW_ThcNQ.dLz.GL4vr0nsvVmcX3FBR3qUCSkOr1rEln u9.eEDE8ok1jrXlVx51FMzskg0A4vqVLJBlG4._2vdzhE3o_EdQ.x6RZzrXgKUmtHQgTJURWRuAm LwBt_3jlABbP2h.KTxCaQKbP3CSyFPdWwhMFkFQ4p.3TeWJTTsasMwbe9E2xsm7fJ.NhaKEVrlbN eq9Ae_po6x.pISY1elJliiuPWhfKrdaMYL60Dj3XC3mvloQALfQkXqh1yvbkoXkEmmeHGuZpaT3R Iqnp4yQ5qwlT0c2yFB26vKPKNZMeWlcOp18SaGgPe0iASTCRYFZqqHK_qgsOEX9Tx5lUzX_0kXhJ AIrRpqHDnGWJTCp5OnDsiU.2DQT_kUTzL44UFJOuar0_Y5bamnQkfUXgpI8.s8dLn1NvyECThIVf gNJCY408awzB.SpvxKgwRIJOHit4lyILnMkHWQtvyHuLIpYgz5pmK6tVRc4fszqsOiJfIEvW5wvF wPZEcq7WkXevoGfdnHNGXmDV6J4IfQ5NigdBMeLWxPrMiCUtqDULAmZ2rkk8V4rACst8tNRIECEq Ulv3rjP3EctNMxyVygVzW26PTW2BHv6lMBhVmVYYkqNib9sNNWa6Ql8XLWs51vwqhOLatNZU954C 1Ag-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Mon, 18 Apr 2022 15:14:33 +0000 Received: by hermes--canary-production-bf1-5f49dbcd6-xjccz (VZM Hermes SMTP Server) with ESMTPA ID 311eab809775b4af02ae966c725fa26b; Mon, 18 Apr 2022 15:14:29 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 29/29] AppArmor: Remove the exclusive flag Date: Mon, 18 Apr 2022 07:59:45 -0700 Message-Id: <20220418145945.38797-30-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1ee58c1491ab..388298a15556 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1145,22 +1145,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1264,8 +1248,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1919,7 +1901,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,