From patchwork Thu Jun 9 23:01:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12876080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75E3BCCA473 for ; Thu, 9 Jun 2022 23:02:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230371AbiFIXCA (ORCPT ); Thu, 9 Jun 2022 19:02:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236508AbiFIXB7 (ORCPT ); Thu, 9 Jun 2022 19:01:59 -0400 Received: from sonic316-27.consmr.mail.ne1.yahoo.com (sonic316-27.consmr.mail.ne1.yahoo.com [66.163.187.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52B233A81C8 for ; Thu, 9 Jun 2022 16:01:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654815716; bh=3o5SNPwTygO2LFJJxsuqLI+/nYBK+jKK5VhgaHDFflQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MB0GbsJpA9f+Go2z+Gg1OD7CbkwIhsEW6qVqdyv8KJQMR1TiJtdhm5PQpoa3viYnzwQ+FGEjOrmi8pt7qSAcbRGwsEso3cMrL0CMsiKuCUGoW7lBBadsxTyn7PVX5iASlMkCmIxRcKyHAe1F1pFogUWo/JmCCSawKl2sSwe37mfdyGwAyANbI6hvV7JvcSesDjDXA12Kp8p0dUNcP6sYO3dzpVXCYZaO4NXlk4j0gCKhG24Mu3Ef1J9nN6MXcv5U2LO/MiDut1OzKACGnllDWO5NX+5IuEddVGx+xcb5SvWJ4BqmlrcXViWwiunxuolPgsPIH2wX3qso4/x0jNIAYA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654815716; bh=ImdRA8lD7GaElGNVKGeK5gfGoIW5FujHb1sXef9nKX2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=qbEDwjx3KO1UvaJyjxGwEvce1IR7kPma+s/2eL+393BK/zuWQdf524oG3/Jfowj8kJ26YIqpBpnYAp6AS0/neZuPG/zL6sJKQljpKlc6NtEZzTGwaTGe+gfiLIYDIVNzloNJDe0uqssnc0jHIMInfqMAUnP8+f9Ply/VkTqhu2Nyq0i7BVUJOGagCE/Q+6Kb6fMO+pU2C4zyhhGwC2BkBHnX4yQ8fC+QBHqtDbh77z4W5r1HiYI2xkwoLBRpMgL8fiCOrwUtK0fMJmWi/m4yN+gUAd0VGhQAU+iPLLRuxM58VDJ7exxjGnoJmkthTlI2/OjBR1Zf1AtFUkZHd9DHiQ== X-YMail-OSG: iUOlzhAVM1l_HU.psXHgLSlUCS46SpbDejCxG0EL.cHrwH.MCXY0ci8HCty5TY0 B22PWoVxqs0lMz0wAR5iH.ASwNmxW0Btp7WkRX727UWQM6_FsLlzt9QpwvOG17E3QdIpcEmK7siQ 3USPrkBvjA_yKX4Yni4gCa.u4TwTHNYTnz5MgJ6wSPynmcsT6dce2ipmezBp0qlyFYwvqFuqx3EA 8u44SycOl84w4Tvi4gaEU983uJhA9ujsZGJkSUXfzajSII1z.egsIvzirXUPpQO7G27YTg9BgcPU Ap3LGnUn1zuKK9ec6L2S0B2LlNWAQLg1WQ21Ov7ZOyPebGecn4bgUfggiNW70yRzWtEbuvNWRVf3 4YmA6k.HXLUhlfiOkr1iW9mRNmRZf6dWNXSn6Za2J5p2sLc2D2HDzjiBESZ8RGXg953X6emS2orr fuBSwynmF821CM0rpbA8IfbB_qI8tF7vRWu7ujD0f75VuTjiJNYwdrk8n42NR4G8vbqW68lEWUJe JoIbFCg5ny.9kk1fx7FExuJ.811eJz5DMHzuIuf1svBK62fuT6.GmMMNYGQfjCdwI..mUJq9K1yE s4Bpyh_8u_FB4lHVx2DMIMQsbX3K8iwihDd1YockhMKOofzhuxdLtdaAV_NKZ8yF9ScXkJVG2tLb uOFwSPf4svEL8gYz7v6MbBbgkKrgOiU3uHtmoNW7asJwMbwGwKAnHEveOVS9680JylY6fDQscfw. X_hTW88lhZwbUFBkvGDeEHAxefoQyiFT2A0ZgQyTVuRBsnf9fojiyj.9i5RrwU3p1mfPF_TUdkdC pafeS_zmYEV5AKjKCR8gyte0mr1SZtDCujmdynYanH62XzvSyy53Ga8tgt5zEF0NdwHxeSBflvjF eXd8Yhjkfbrg2bEdajgNsFC8ioSYRORKvkpNojQfTjB6vbujE4KPawb7791bSyDX_M8DTU5cVL70 poIEmlnlSLjPrDz1XocyLru6gCKyY95E7QY0ZHYZ_jqIJCvbXhjRbr.thxAHd3fTzFmMMA13tulg 85BMxnoHvGotQc3aZiY7pqKZtl1XNRwiwRBA3bxzP6ddSAkoTkmxwbP5hj4oriDXKU5PS5ztxBvN zfOL8HzXQE5sk9Ix14FXG1MlkMmyzRLy9Y_o.rcBv8J.nJvLM3uyywB2LSprApLVv505lEx0p.Zm hsK3e5VRy4qLTvVf7RzdwJoz.iT2gNKZBybY3GGrDngWJXy0bpm2pTgmc7UXwFmiTAz4T9PKrtzQ jjx1k8YoRU72Robar0WOyAR1JqT3qZsWETWWFh5mCV0IIqe9RRsZmFz48CcrhGwpxe.VWxu4lqKk j0dSDNjQr06IRdVoouYgM2H_7gzsgv1cBO1rd.y322xLTz.ea1eJTB_zBL6j5AjBHYBbXm4zNs.X tr590AFYbxb9OJ6krDGvyH3AtlmvgHwoK2xoWwxWwgyzi4tLqYsdOgq1RokOJHafK9lPaPn_Feib wDeyZ.EUFQ2MrGOhkIVL4EBA1JE4VI_Kj_OZEV2W6.GrKdf0Mm_FAvyCqaWhL_9wqBll.zl3P81i .s9OyZfWphRUBDywAKUMXee8kRk_HEHrMcshNyR_lkRvcklSwOnzuAbnABaPvokqHmqRRnRGlzEp xOvG1ex3sUDjV47D7ow4Pcq4V5EOhNUkyOD2_puGBOtm9BE9Q6hj5.LsvM8ayz9HC9z2Pb23UOQG bpHmGZPz83S_Zslm9WquGOoET.c9Y0yrBJ35A9b53OBolk41IG00PLzYPRAPPNrBpVIBc69ZSQDD 0Dhwyqwh236rDJslpCRG5ljFFE_wKC3hsqyMHDHaQZf5UstTH7zi5P.4EnW9iKI_IhIDkXFXwb2n 7ictLf8ahGIanqXR1wrF41MIo2yvmf5clU1WNXFokD0Ey57ZrqhzSyFp.o68A28GUGbmgPcv2HMz atWJtyq9CvukSyvVJOT4llXWYgGo140aVnqzAqhkoVh9CbPedlEOv5LtQhLZXL8CVIljlwtFMzMQ ydH5e6c7F7GyWf2Oh6UO.WhyOqNtkIVQLN0y5OOS4KHPc3W4A0H1UqzbnCvxZTwavtTALhO_jnQw WUuFWFFAXFdsWp8DlTtf2F5mt8FKKFae3bn7erBDVIdv2rbmAhhBd3_LuEg_sQ8IYQEt5kl1ayTh TFBIyqT6sWyzTDenvXqC5g4zQ0u2xaxwty6LoqpHPTJy6Dm8LDesuk3CPjQerLM7keCm5nNRNdXX WdEm4qrz8lhUJU39UWW7r.Z_wCS6f1uGgm3kiOjTJYSfbIGKHy6Xip4qOiVK7RXjiwT5.spzjVah .dKP8NCJSbrp.Xp1ushv5Ju7UY4QnC_FmSmaYSRLtyAki9L2EVa0Qxz08jzHofBYY4ESaJHEFya1 1 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Thu, 9 Jun 2022 23:01:56 +0000 Received: by hermes--canary-production-gq1-54945cc758-xkjn5 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 0e6e0ce8663761707dd7260b164b0053; Thu, 09 Jun 2022 23:01:52 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v36 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Date: Thu, 9 Jun 2022 16:01:14 -0700 Message-Id: <20220609230146.319210-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new functions are put in security.c because they use security module registered hooks that we don't want exported. Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler To: Mimi Zohar Cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 24 ++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 7fc4e9f49f54..5260dbe9ef0d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1919,6 +1919,30 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index 188b8f782220..8b176769dd86 100644 --- a/security/security.c +++ b/security/security.c @@ -2580,6 +2580,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Thu Jun 9 23:01:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12876097 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 496C5C433EF for ; Thu, 9 Jun 2022 23:07:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231657AbiFIXG4 (ORCPT ); Thu, 9 Jun 2022 19:06:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234177AbiFIXGz (ORCPT ); Thu, 9 Jun 2022 19:06:55 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53DA126F49C for ; Thu, 9 Jun 2022 16:06:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816010; bh=qiW1yV5f9ANJJqC5KoOG/KftqckkY8ixFX0Qx5G3hEY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=OltRWRwPyeEAJAVHx6JshOHFECancEVfDuBjWl+5ERxnmMpSHvDIhvsECRALbw88DZKB0cKQED/v2Cvw/f0UvbzF7txO71hUbqPsC9/PDZ20nUryT/BosP9xZnXXVZzksex/BTy/Y/cdtE4cnyOiDT4z0EGY2+WpSk0YI3MA2HeHufW0c/pVFMH1SsWWVZcNsK/Rb1hc9zSbR1OPKfYvLVIE36uMBZKUctf+oQi5q2714XrB8zTzcNy58JCBFmahUm0cQgiE4Nm201NUmldsWqbqxsGwlZibUnY3pUpoxsPj0lW/WlBnMo79R7bABf1bfxVHsOL+eHJsxNCoTJzcbQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816010; bh=7Ofc497974l5RuZBFERq7xVI0b4WVtaIGA2et/OERb7=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XnRIBSg0AWh2b1yw8f+Ulvgw7+RY8vxIvqCQ1GIMBjJ9FpzpYWzvlSU/HQ4COYLoZTMfUVlUWOQVa8EhISJvWH66idyJji//SJFwBlfKGZAHwl8B03xU76q8ZVak3wFFjiZJ4SH1wePZhsa22NZNQ09ScZ9G4G+h977Jyckk19LQyeHWI0KgqfGuyjfciWBTK4SYf1OQ2tOmj7W8FXknl7vo3bxzb+YOFdbYg7j0bB3AJT/2x+e140P/atWjul9PKq5DVb5euVEFdz3dk9GY6xkEwmIncSRhtCpn7h/HSowOZC3si37uLzhI1SBLgV5Ke7C6BYNyCWLLNCxpe8z7Eg== X-YMail-OSG: L.dzM1cVM1lXyC6oMeacXhsClYVMEfXAsFbL.AlfjQa5DapRi2gO7XILeS9Y_On Wcu5PAfAHeIR25.Ko7QWrMnZ2EmarrPGT1jB8UKuKi1Uv3Z80MWzoW70Q2SGsyF2vz6h1OpAZRcH AhfIHN5yHfh4UxAr5ZFoGr5O.ijsHacToO0IHjcAeWLLoPuntbYEwOYs5dh2KUw1MnRlhhK_sUKP yWY_wibUyaMqZI2_ru.szkEPHe6qhhEnecddnG6gqN78xMCYYRbzBK9B304r0lkvEMf7MAV_1Gm2 PRQBxu6Thoe2bhQB0hwJpVO2TPBLbznY8kz6unqRGZPi_SmcchRT_XnwPBS8OVc8n7sQALr0x4Ee v_dTnTAk4DRbF_O0Xzp3yh5hLJtXdvkWGT.YE5Qb1orMs_jGD.JRiYw1.w7lTihSy2zk51QUn1wN GgK9piWrSwvlQAE.VY0ZwcRV.1n5p0yYNjYIADLPVT0Ws4kHsdnjxb_wubvtvX_9G7faz_oGjW2l oF6aQHmnGe1FWfB8vpM5LPhA6KTnrs.xoz5QxTk.lbImh5w9Gw6QU4R_wvjnyB1Oy6bByH_FuQz4 oecoVmgZaGPnOag5hTxlsCisFv.iRZimu_R7Enujt5ITDoFE.2nmBiwRHVYQCzpFaEZC7DPE0AmC eNpcTbsR5HyGJkisMt8e081X_P1anWVCcdLRYfOivNN45Vica7qDGogUcU1znSpMnzsSXl7VAglc RrYgtnJ6ju.7G9fZQB4n_OWEC_Ldz60BOUb1L0T2jJ9IsiN49fnMltPNm_YeXrXUSP7WJYyktbpp bxd2RXpVr1ipM_oVpikLSJXjpnZRmqIZngPAMXC9bhbKW6IaqLDPHrkqRqPydQHMJ7M0I_aaUrK7 _V.H1m8xHWIlx5h__Yt6PTJeVQD59Ha7H6fu9FsTSG8yUSZqR78ScbEbQ0egfvVXl9BRABtUeGrL zoW9cv5fda_2kZcnmkYpkAHdwbAZiMhy5tWvH9gPRWhbRkezNEZDQHdBNVMv6SXy1_4qCcrNnBM8 O9Xk2HQYAYL_p3n1z1crT6zowuweOVY.QtJ8ZqPCHcfe9agU4elgdMJ9iSZhSe8oEjcaNmWxNCYH gCKzIgrMx7sdJ0ZQLYKgDaUCVfozw0Bz1XTZr2xiUSvWVgbZMTlbUb.QUMcsP6SNlswN3XCexnb1 cLfNntSu12X20tYwGiviL7lwu7Hz5AgNIVVxzPA2V6Cppzy7e2CW4g7r_WwooHnfznr3keFoh8Zm .JxuLUEj6xIvdfrFIVNhOD.5nkijQZuyc_oPE49EFn2U3YHNeCH6qAKEJ_Gi4lIjOTPatNyJeo3g 0RPJhJV8Xvo3PQn0Gk7YpgPoGa7bzTXlOLTNrl1TX3EzG7OpguxqlGGKL.WX4X_H7jwCk37VRBJK Q62_7w8Vqc8tQ7mpQcEFikZkGW1Ja31dUlojRwVGMspuvwwKfjpN5cIee23qvz9RsmNRslcu8kUG gs1HUCChoN5_toVXjUTfeT0AkFTotOuIoEydSOXAkhaRek3XAnMGDhj8PCsXEj7i1wtbIuxwHHQ6 3nRC0tXnc7U2nE6yxpoqJ.hmN4k4nidq8MoIN30IRDb.F7z7wvgkfHazghjZt0Vdd0UV3whfTjzA kkUDmJ6MJI_.5_JYWnHuHrdqfUnhn2E87LsSFEWwfrtxp1.Fs5feZjkpAILordMpQ0mOMNfKI_F5 u5_7u5E2xTV_DXXBAB.alVgUrM_ZAz6Zi59bwuiihwj4PylG.1axwCvwd6FoP..SXjYZn0qOcVf6 E7DXuLeBN8nOqoolqtPPi.DatDeLVSIPT5mD3rnA44GJxvGKdolPB7xZek5AgqbBRIGWJYPyqKMI r8bmXerEsXlg8C9G6UZY6WfjZb4qmUNSVFFCNd1gVOAeVuZj3OovHCSvZKBtXaXFWMjwauiAQ.CS js9NnGi_7co0GKfKR9dBYukwea4d9NDoqik6WVF0BaCiNeNm4dCTrrffLPHm1w0JboNuVAEz2cNc Pz.Ms_a9Y9gBFN1G2SABMDfoeOPyWAuoQJAVN9zPhLwt0ta3zMyma9nLltZJxHAVnVqzCUzcFd7W fg6eRr_4uHCMOcm81eoC6NqMB_4PaQSbkUnQo.yOKN80VNRIsr9gnyFuRRdiINlp4tig7WwFhT.B bmcHX_fl546luR37zX6q_lcIOSpSwdcb0k.Lj_nnt1AqNKJuyuO2iP5jWyuZ9C4Rzfiz_rlD_C02 ccSKR6KqDF4VjYsCHxFVwppPN8eclJDEzylo1mmDApJBlc3qKpWWRvbTRqarohx2UiLK2WMK3Sml 1fItyKeSNiJ7HKv_5DD8GhN.MqnPQE.A- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Thu, 9 Jun 2022 23:06:50 +0000 Received: by hermes--canary-production-ne1-799d7bd497-2pzdr (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b20ca8b25547b2b344a65fa8c4e3e611; Thu, 09 Jun 2022 23:06:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v36 11/33] LSM: Use lsmblob in security_current_getsecid Date: Thu, 9 Jun 2022 16:01:24 -0700 Message-Id: <20220609230146.319210-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 31 ++++++++++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 4 +- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima.h | 6 +-- security/integrity/ima/ima_api.c | 6 +-- security/integrity/ima/ima_appraise.c | 11 +++--- security/integrity/ima/ima_main.c | 57 ++++++++++++++------------- security/integrity/ima/ima_policy.c | 15 +++---- security/security.c | 25 +++++++++--- 13 files changed, 124 insertions(+), 88 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 4ead3360a1c0..f25a867063e5 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3054,16 +3054,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 029c23719a5c..ce4a4af362f3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -222,6 +222,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsmblob_first - secid value for the first LSM slot + * @blob: Pointer to the data + * + * Return the secid value from the first LSM slot. + * There may not be any LSM slots. + * + * Return the value in secid[0] if there are any slots, 0 otherwise. + */ +static inline u32 lsmblob_first(const struct lsmblob *blob) +{ +#if LSMBLOB_ENTRIES > 0 + return blob->secid[0]; +#else + return 0; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -504,8 +522,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1201,14 +1219,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2acf95cf9895..2834e55844db 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = lsmblob_first(&blob); } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0986ded8e798..e56637b5d518 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2770,12 +2761,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = lsmblob_first(&blob); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2791,6 +2785,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2802,7 +2797,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = lsmblob_first(&blob); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2823,7 +2820,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = lsmblob_first(&blob); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..bbb3b6a4f0d7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + audit_info.secid = lsmblob_first(&blob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..34bb6572f33b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = lsmblob_first(&blob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1b5d70ac2dc9..f347d63b61e7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c1e76282b5ee..8c48da6a6583 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -166,7 +166,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: secid(s) of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -187,7 +187,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -196,7 +196,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index cdb84dccd24e..9ef8210e901f 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -73,15 +73,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + return ima_match_policy(mnt_userns, inode, current_cred(), + &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 040b03ddc1c7..5d6029ac52f0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), + &blob, NULL, 0, + MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +438,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +448,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), &blob, + MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL, + NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,10 +489,11 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + ret = process_measurement(bprm->file, current_cred(), + &blob, NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -511,10 +514,10 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +713,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,9 +733,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -760,7 +763,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,8 +776,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, buf, size, MAY_READ, func); } @@ -900,7 +903,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,9 +926,9 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index b04733a5d066..5c2bc6782e17 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -563,7 +563,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the secid(s) of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -573,7 +573,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, + struct lsmblob *blob, enum ima_hooks func, int mask, const char *func_data) { int i; @@ -657,7 +657,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + rc = ima_filter_rule_match(lsmblob_first(blob), + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -702,7 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM secid(s) of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -718,8 +719,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -737,7 +738,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; diff --git a/security/security.c b/security/security.c index 1e9c06607c39..1a4741178944 100644 --- a/security/security.c +++ b/security/security.c @@ -1916,17 +1916,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Thu Jun 9 23:01:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12876134 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7832CCA47D for ; Thu, 9 Jun 2022 23:08:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236502AbiFIXIe (ORCPT ); Thu, 9 Jun 2022 19:08:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345890AbiFIXIc (ORCPT ); Thu, 9 Jun 2022 19:08:32 -0400 Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62371252BB for ; Thu, 9 Jun 2022 16:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816108; bh=vRXNkEFwPBrhbUfQAAYp3D0X06XE5hkMGmH29DlHBtc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=oMvduhrwBYpaMHnmGfbZDUH3zY4Rppej3EyF4db2dqzP+Qcn7ecsVAowu7hBoGm4MqT/HvucGn38XTP5eFpulDE1zBbugklEhMSzx12gsa006/NtGSt/8TbB0vBPpy1Yp/WOZiU7PsgWOJc/o05jRUeLLwZGkfIk3gbW9aqzKiyvt0WA2ZGd/YeP2Zj06hN9JoizEO1PSELMIW8HMVazsYT0aE4DRSEqexQMKW2qA06iJIgjPS+n7hQjkBrWGVYogpKVur8g4HpNCVJCfYiEGkEiX3+T6Ehi5lRnPT1SoEzgKBEbIAnkJfeLS7yN4aEJcNXzSq3e05HHPX/3+h68Aw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816108; bh=MhhB+/2veZse5qPJZFp0D+Nk189VhzBkLyTqrAKukMF=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=e8Gu8um/z0Nj05gQuxr2F8qCDMYE5x6WcVrYf0xEM7LaqUSBGxjiPAu91URYijUGrAhEnCveR4fLGnO81YG5Gm+z/ggZEZJhcJZHe2J1kreWUPKOLttWb5N20gwUEE3Qib32zpqeQBWLOh1qXVX0AUY3+TmUIXSyNmhhmhMzpaGeBk0eYHq+BIlugYq6UaGB6rR2x/qcW6pxlWwRrZTXrPCwcnoUzGyNqN09DOjcayi9AX5nAvuxnjGP7Hq2BTSz5sQc6Y7OL4rqqJxy/R0wByQtAB9j+izt6Oa//8ggi0/vs8jqmxkoXFwE0gUV1Fx2Ec9eRZf/6qrS/aMJygJHcw== X-YMail-OSG: Nh_1mzkVM1kej0hSJx08_n5qVIWQ.K9fxDjlru9b7CSA9tdu7hZPacgnu0Uv5Gt 918r5KG2Lqv.YK5cCas_h8SFYsB.FpleJljxKxwngZTJeoJFrkcXsV0ip1Zmp2f35j7o19Xqt.63 7_eY_.GSyc1mZu2sCcc2ay1lsxuVhDU_jI6hnmqLSgbYQyxy3ZFFgZMYJW3NpMOW51GPkmHz9PLa 6kDPoqkwLfRxVxQlnrJYdVxBcbUO9PaN1koGtyvf40.AaD94wlJzQWkGwMVyvWU3D9yK4MO8iB0v SFf2cXPDxf98cFkqr91M34_1CFXZ87ydEQlH_S.qEfl_zHAni72_Od3WIJSN4MIvjjrNzz5jOtQS j5vJcCYLT7m2XARD_MeMgJ4_RYkJoMXFmXdLgywNheZtoTMHwYgxqpEn0uYeCCF0ls4.CAROGpik 7EnqMus0gcNR4i_suk8cbpvPNRxUDnnksyW5rLRtDzcq_0WdEreX0E1wDUDO9_dnc5kg3VPayv7e 85r9e7ZkrIuMisg2OQM0TRx8d17d10g5lBxBT5zhPFbcFh9ee005zfAtWx7RElqS28_gI_9kQNk1 nyRHIWi5wzdoKq9L1j91k.PL02cFBHTkIefXD6NEtElB3Cw8vQuX5KzCv93SX4.EYqfKSgwZhcY. fqT5kFmQ6bgSSXcNAus1IU2oS0wrjlx76G.VwafCQ5t6eWK1UvClB9Uyh3dHakJBtSydgx.mPMkX zz0A8Op2siyh8YQZUZHwt3M5shf0WobrKtAR74NwwfdgT2bZbL8B.YvCoZdO9uxoUjWXLn63u_ql X291a.JBwjH1iuy3j9S9A3mTht8j7pIxq5LNnjUSxY3jUMVxhsltRlu4hAN34SqIw_AUTJ4RoHNJ lDxBpRHBsA0FOVmQ6pXRcqfDsQKNvBDunpCmSDPjIhNW0zlcZyxgqKNnvdtRspx9Fev_E3.UYt6G DsglvpMujSKpzI8kVuVU3cfaOhmoRBTfxfI33GED191.rCN3RbdFOD_qY9vCBuhRgyzBZNc_RRpc qulx7IqUBRUOo5al0G5_1Hery2ombU2aQRAYOUjdEo.rFE2sNxuB4mRZigGxWlgfkDudT1JvjyY3 n6orrzCv2eYc6tD6AtceDu_9oU6YJIoTTfEka_LjkqKkBwvdZe.WGhfU6C.B2awAy.bnhj6ZyOIr XZQZPGIy31ycfVMKKz57VAMsQe8TS9awe9X0GwcqGbfcN9UN6YSc54y_XkxY_VlZYpxU_cIM09gH ftsb3My3frQklgiOksoq6sW3G2wp4wEczr8WyVqkyWc1TIT3bCNecrt6SWqCC6EF0UfkqKR.ysAL FJoMBnDC6e39bx.ipVxci7Og.5nfJRVbJqfULIJ7jPSkD71GfaIy6_VYgIYQzS4PKLhOcB.2JKzC HiGhkDftXq3z0nv9MZreQrNeFRMZJ1y5UoGKK9s6scuujQGEXvM.He87sB1cTjh1wC0DFac4z9Ue heWGTvtiaiwqonEvijRx0dcwSq5rlvEMCMLNJHTCK31ldqNWNORZ6tfxGPFBhVB79KkN.Eb7NkCC 5QRJxlPe8lA8Jjwhsb3eQ2D8wSYdc4_gkeieH48SjvN.v7ePQrX0gPM9wLKNAZ0m916S5r0ksbO6 d2ehHW9_OYnt.2h2aLBWxg0s6cVWNncskTXNFraeiCjqrmY8n_uOKSG.SLMg.RixT7fM6VSgsj0D 4wxYKILAs5Exq1osEH3EomYUMH1aAnqIqaZgtDRL6fguLmoiLobpfeStd_ihoRHlmNT8BimzPEkj 9Nnfl23qOz.iNi0451wpajUj8nitzno7E8epyQzQMLbX2SZK3P9EAtqTKAbvOJGJQTKV1ugxlVGt 4MQVpFFAMv.Dk1LfE3XvptzK0UZhkThfJ25vo5uJR4CS5F4W8r9efH2KBnLz_8sKHEaMglKOjE5k Ql5CG6c5pZ3X0s3_2MbI.Z3NAopqr_Gf1BZ6SDWSpzn6.uByI75w1KMgfj74d3kwXIzfNC9OgvY9 uPnYUrB1HF5w28P3jSElgJEUA4XU2iQOv_O6iYXa8PnidhkW3MnfNZtzIva5Wn4QhuXSEr2ek9XX mLVP5X4w7GomLa9S7DNjbvzMiqyyAaTOSKSIr87DpTsuL2J9oEhkbgUndjPEavhye9uNUX_FE1.z 6zORsw9uJTkb8MZSADvZFhRVDIlCuwVcMKjp.QEEVYiroRNJCMdqY5KTK19cQrs4lJozLMHGC_nR 0TmjYwSybxh6iIqp.yLnFpWjU4LTLVOUMzCIQdLswohpZkEfWjpqdMrZSnscwfKX.jk7pJEGl4cN nCMouQa57YDc3tip8QkGW3NqMGXmN0g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 9 Jun 2022 23:08:28 +0000 Received: by hermes--canary-production-gq1-54945cc758-dgl4g (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 81d1362bb2f9321f75335da17974ee85; Thu, 09 Jun 2022 23:08:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v36 12/33] LSM: Use lsmblob in security_inode_getsecid Date: Thu, 9 Jun 2022 16:01:25 -0700 Message-Id: <20220609230146.319210-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 13 +++++++------ kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 9 +++++---- security/security.c | 19 +++++++++++++------ 4 files changed, 30 insertions(+), 17 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index ce4a4af362f3..a478faa6124e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -476,7 +476,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1022,9 +1022,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2034,8 +2035,8 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, int lsmslot); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot); +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot); void ima_filter_rule_free(void *lsmrule, int lsmslot); #else @@ -2046,7 +2047,7 @@ static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, return 0; } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, void *lsmrule, int lsmslot) { return 0; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e56637b5d518..2d1dd5af8a00 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2306,13 +2306,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = lsmblob_first(&blob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 5c2bc6782e17..593b0ba51b6e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -636,7 +636,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -648,8 +648,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(&lsmdata, + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -657,7 +658,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(lsmblob_first(blob), + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, diff --git a/security/security.c b/security/security.c index 1a4741178944..ad1080e01ba8 100644 --- a/security/security.c +++ b/security/security.c @@ -1560,9 +1560,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2804,15 +2811,15 @@ void ima_filter_rule_free(void *lsmrule, int lsmslot) } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot) +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) if (hp->lsmid->slot == lsmslot) - return hp->hook.audit_rule_match(secid, field, op, - lsmrule); + return hp->hook.audit_rule_match(blob->secid[lsmslot], + field, op, lsmrule); return 0; } From patchwork Thu Jun 9 23:01:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12876133 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C661C43334 for ; Thu, 9 Jun 2022 23:08:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230371AbiFIXIe (ORCPT ); Thu, 9 Jun 2022 19:08:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345902AbiFIXIc (ORCPT ); Thu, 9 Jun 2022 19:08:32 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46A3627FC5 for ; Thu, 9 Jun 2022 16:08:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816109; bh=11nX3+bjsQCrKDSQyT3f/+AsP8uF2MtdhVcpcGXGytE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Ic7mXe/u8uneaKOUvV5GXsQyfavhvU/tRsm4bMAzZ4LtAXwkF1304PWLDb7sTl7ooe7KW1A9RetE1JLH6YIdZ09AiLnEQQ2ovYfLfKx8E3XHA2fXTnzokGDvqLMpNzhJMJH3pRmp8xS3ZBvTxVUIrADIYdCiBe5ampetGxbROsGA1Ds7Zp9DmLu6C89htcV14mVO60V0PTEaF9NPlUHx+EhIBw75QKU+4ZOI3y1hDRKX9HvAFbIB0oSQoMJ97OmAbvxHlORREVP4jmKKYtAmcNtSbQxpnwp7b84t/XTEVk/w4kTWBgevzLID88SFYMzUD/GJ7733R5fs2cUhcl5EvQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816109; bh=/JWDOPx7f4ru/maHxzBAOxmGr8CuzHtiM058CYNvzIo=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jgUsnTC0eoocU3l/cbIlXZ/WX9T64fpJeJeUNiafDUypn9OqYW4ePg7WMFkYQPsOUdefN1U/RkPlhdKV85Y1HJiQxwsy7P6o1kK1eJx4U2XefC8gZ+wOD8qlHFYNGKx120LzmmTERHNQQJJXh6jj4Dp9OQ4et7OlV0kh06zfsB0Swmrged/S46Ps9pPgX2Jq+AD1uHxTSXny6FBcrNTFrhu938dj9zbeyimZ7DngPYhqqeRk7Jta1ZqmTJc1MLawwUfBXQR0p2+l+W0R+6hbFZ9ZNaf6B/qOhMcOhtd2q9b/R4jSSe/ZzicP2qn9ptOXQ8q7PB0Ru6AW3yW9MKg/Cg== X-YMail-OSG: HjYCsC4VM1ml6wdNSSdKe.epHhaY_SLgoUkKeZJ8WWkh8M.C5zLJ9H3DMoSFZFW 0c0cbvtt0Hzc0T..Sz8oGaRpt00vW2dU2jAWG_UhSDUfdtjKz50IqvgEqdP4pmHPNy8Z2RM4afjK gEUe_wgjZRbC.O9EiLhJhASdWVrg4LHbjz6JYcFDFsZW.DESoL_xqIVXCEeuN4aDguYkMfCsQ0J8 YZiag8Y_q_mDLqSTl8ea.Va7SJ_VMQCWkb4k6MjzCbQRFbIZpnklSA9GY85Ve_o3eRy6BJTKjDOI GeEcwh4zE1v7MDim0H3g6PpQ0KVtKINgWyYJGEmmXlFJ2lL0j9N9vgEIxgZ_UkKe1DXCTQKwM1mF 1jI2l6lQG2SenlRpR3ZrHequx7Cj78vTbVXYCwJyHTcu_Phmp4NVoMVzNtgSwoe27Va.xeQqdZxz oQf0Fw4I0T8jBxIAIsx29Lri4MaCG82vXnZc6QOmVbZBbbDo9jHyMcwzrPG75YnVkmF8XwjcQt3U PHqGoyt9CZ4OeiWjwbjv.vXJPqmx.MeZR.nX_eVP53Ytj4dbTa2obR684ip4V_hRE5ptkVFn2KjW rJARSKwYfyy9wENfRBwBVSFiDFhydQbX8mZEM_irnATTKlTdixIquzsFvJDv6CcKERNkOHRNC3OQ JYaOGj8WEPRcoyGCEjHWKmmrt7WCP8h3eligPiPymiDnugu05kMAV_DkFF2vPjVDyePA5WX3bXmE z1atRofQQvkK2IGXMm6jQ6HXoPSMMt.F54PBGP7dJ6_oRbhAIVM_rgilQKq99ycMyw7CCfexeW8F lK_m8Yj5jgklSQ6hsUDw2bsFeGIpRnAEVTsPsZHy9rfTXHQpPpUERcZDGcHKNuJcdgaNqxT45SRI Z.zKa9Gqma8n1Kco5mRm6mKp5fVln21keJumleE2.jDgl5X0FEV2NECfRSyisG5oaQ1KYq40BQ5G F.x3EW4AnK.WNJDqatrFl8EoLTNa3wVoKXuPZydTG3JwwFbvkKwzgSgsN1WS8lsrKPoF_f0uIiuR PmQCjlNarViszo1cAqjUmSrpY4l6z4S7CBCL_9VbasJzUZayMokA9AHwu6jsiV3rEyNzKzA1Mm1H LLLN0nV.yCYIohfhXIsNdItgDhKAhXL7gU9mdgMY6kpboLAigFkKF3oUk4a0hfsMJlw93GFT.87o _OKbeIMSjiTpM5q3WsngOrsONC3lCdq_0k66TKIoPSpDGXJHQ5efq3UVq1nCeZa9l30jOB5_7ig1 GjvLFeezN.TUaT3hHg5bwKexzh11SgNmt7gnSLhqUY3hn2hZc92k_tgByVDR1Mkf3BhshOTuPYCn BD8JlLBva2UUOOvg0PVtiTRpqQ7BcZUWDtbGi7jS9pfA_jnbOekL9PjME6zBOVnNrB_9R.FE790I q2zG22XMA7.Cygro3f33qq5tpSnKoD0zYzSyai72_EymEMgGXAIK2CDZf0MK4d2wPwqQIX2zhRAf NxvdJUCP7qRNro763n.A_yDul.TkbXfYiGtZMbWOdkWMAaqOxFc3c8jiW62khcBp7uBs_TZ2fKdf 7_crv9N.5pvKLuwlbXrXk6X9XTQ66TrQOFQmsXtl9dktuSnE0jpdR9dxPQeLgzQquh0t7RoRhvq_ X1UP0ao4uN40EsUhMgzdYWENn3iv27VPK1XeF2iRO060KOjaEA3G0OIgcE_7V7dQvNjjJQ0G3Vdd 6Ti.mQk6mxODHmahq0iPBvJOa_fCFICqEz5UX7.GEN2csxs3_JcKwILsoqqVhfKpiV3_1ACU14Rw _qOXZzfAyr5RgQ2wW3zdiizRB10wCLg14jwMn7exMqwBGUTfhRXTyOUNN7w6UfpxExHNUnC6sKsl 6CyUWwryf_d6jompNuaVXUrhkZTzCDUnEBTlSs4XBAMBptZjdg86qb4MfWFhCzJfIvj3PHPU3_zJ AfXqoo.T5TgiiQSm4XqiTWA5Plf6XaUIKRcTsWJ4dEF8vdgTywOBkHuKFM1evcbr_qt06IApKeSq 9cO_m.iCnAXZ9n0vvIqj7IlHLwdnOYzAHgmeL0u7_f0CBQRZyFb8iyaZtEVN0K6uit2lxW790NmI I0z5Cah3lRIXRgtmjefzpX6yvuQK9oShVnc4Z7rBSzG.lgXkpouFPSznUMbH15MtiXOFeSEoykbX 83Ka_oXBg0uPoAPA7kfgaDiu26O4xNpV9Z4UTlAKV3rOZwOuz4k7dS4IpfRF_mJ9U5e9mEBnnVtk NUUWqsp.I0O1AocVC0oVGcY4TCJK7AvpjlveFyftEW_V_LmzYIRYM.jB0lOYGa_N.gswxLQSnlb6 heIfKwgwNXLRd5tcY6qMzqjp0LT28 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Thu, 9 Jun 2022 23:08:29 +0000 Received: by hermes--canary-production-gq1-54945cc758-dgl4g (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 81d1362bb2f9321f75335da17974ee85; Thu, 09 Jun 2022 23:08:24 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v36 13/33] LSM: Use lsmblob in security_cred_getsecid Date: Thu, 9 Jun 2022 16:01:26 -0700 Message-Id: <20220609230146.319210-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Reported-by: kernel test robot --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 7 ++++--- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 5 ++--- security/security.c | 12 ++++++++--- 7 files changed, 37 insertions(+), 60 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f25a867063e5..c2f71c22a90e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3056,18 +3056,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { binder_txn_error("%d:%d failed to get security context\n", diff --git a/include/linux/security.h b/include/linux/security.h index a478faa6124e..61d5f23103b1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -503,7 +503,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1143,9 +1143,10 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_kernel_act_as(struct cred *cred, diff --git a/kernel/audit.c b/kernel/audit.c index 2834e55844db..2b670ac129be 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2d1dd5af8a00..030f6e84026e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1814,7 +1813,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1823,7 +1822,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2765,15 +2764,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2789,7 +2785,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2801,9 +2796,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2824,9 +2817,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5d6029ac52f0..ecaa0b96bb26 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -488,7 +488,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -497,8 +496,8 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, + security_cred_getsecid(bprm->cred, &blob); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } diff --git a/security/security.c b/security/security.c index ad1080e01ba8..6df37398cfd8 100644 --- a/security/security.c +++ b/security/security.c @@ -1810,10 +1810,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu Jun 9 23:01:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12876135 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 924D5CCA47B for ; Thu, 9 Jun 2022 23:10:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345930AbiFIXKN (ORCPT ); Thu, 9 Jun 2022 19:10:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345904AbiFIXKL (ORCPT ); Thu, 9 Jun 2022 19:10:11 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB3C014AF7F for ; Thu, 9 Jun 2022 16:10:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816206; bh=oje8zQ4VCRBDmqjoigGlMIX5a/E3pyPEAc2tsL9W+gA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=B55to1FCRZX1YdwrNJNchU/0/o3Md6+GOfjGsUMArl6WPbh2E693NgjblLgbqmJ+BsgWrLF4x25ps6nlM9CnqcvC//VRlvsmVOREEID4CSrkw++dYr3wc5WM+dE0tyn3QJOIbSzRh6BEW582xcFiwcr5TvvSjyeLGhM5DOLi5NhcYtFepsgbLwKJNJGxr7/qRfeEEbtwzjhXNkPJ2Kx4IORAkaSTmsQoM8RGssH4/d85OotvapQPRQpc9qrV7pTtzEsJg6QyqEOCSqvpEodekXetoSrLX9jGTWImYIig4KYoceuoW7OD34GS5FIwkk50JoetLmhjk3Xn7vAfh+4gGw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1654816206; bh=CqzXq3iQmMd4vQS9ZElBjIDiU4NZnare2qoWshabyvX=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=VAGUNkNiCk7dzaubmlZkzdBQzkTZkbiqFsmhIzgNw8QJfz5SgJXhYLgVIoMy1wBfX63Oxmc/N3/Trg4D3xVFYr3OhS5DxaijAQ8SzS5+cgEHDzI+h0jJEpuIcpBZvrKu1BUTp3Up1d8OX9Op8vTVX04cn44iVmh6cw9PyydThwgCJ7oF/QXuCzBgzRC0AvRqlJnjePZy+t88jX1cJ0zuO+QHeBl6w0pmWSM+p+pHCoBgRTFNHL9P4lgMRoUHi+ovMLU9fPAFSjsbVOMb4g8Gg5WyG0n8ZgbRNwXcOw6lJ5HLC0oft/7KKI+BcomhbhCejSSv8jeB1MA+SmnNv/QJsQ== X-YMail-OSG: PHVLovEVM1lj4RfjXzil.wvsOm1FDdshO3vQ5WSuWtkoXysGSWpjFloxbF7Gahe KDmb3VqgxgoRFI2cCG_YlzJ8jdVTokkWTs8iqA3Etr8Tl9N.kkoIEkehSAcYFCQEBuV05MczdQM5 wGSo1puPbL6jOlxzhsD.PfkP2KE99rNpwGQ4vOEvO9E6.vH_XsNTnDbLds2DT_PE6_ngqRw66vnv mQ69MRAT5.kjR4mxkB8eZBPbXqgooUMS0rS.IHo7Xc8TAIosx7Im646hrHHVNjuMyVFPzTqW24KL XMsadvD7tsPjC19PY.hVI1fNTiVywRssqefTQaWN90qvd7D7Obzc9wN_G0USzFlylUfBtBkTFWRK 9DYnPMzZYHFBgt_gXFXgm6e.4iMFZjFrHuck9fXSqpr57Ff5qvPtkSxpcd5jWD5ti6Fkcg9_lEDC 9oWITLtveN5Pv66vDY_411iOIfc4pQNGAD3ElG.fE5YMyR9CC5CowuTzFKqJP170aCA22BTboa7G cpMuZ56ZH69H33kHjea0mGwMThhi8X6NFcZ4RLAYymjmBeH_xGMtOSJHxrvpNsgYsrjvAA2Rv3VV S.U4RjLTuUiu1MaFiWTcya_cOXdmQpM_q1noyyMdx4ZmTygidmlzwlwBOD7ByDHFbjdFUG0JSXIB TDXVqTCdljkJ31NXoNWM8TmHG0783wFWvS0gyQosUvo4lcxRln1ex.1fzfr_fo2KSmK9uTm4Laki 2jtwoNE102liq9_KIiHu4tcypgQQ.wI4LjQdMrHgDHvgfl3IChQLwT1F47kf2gmbV48UOwzTs6pF _u55rnwuHD7iYtTsMk85pogObTWMwRE6wd_B0mvplyivBPIxSP6X_8IgaoluB.6MhZ0xpklRkQ5t FKs6Weuckx5zHovJ4ZDnffFunKET0N_9Q36toSZE79isAPiTkcfoFQKb7aduHhwZVTOxNiRKIt_R GwDGfucGWt.wgM8KsnzbGFl4e7Vklx67EuHU7R_Khx88F.BcdW.8up.pBxphSIDA7l5AHw00GhrI 7ECwOV10Zj04Z5ZonyRTkf032pPkv4urKY.h2fvWA2g3Jegqq23BVI13Yx.eU4t08qSQZzV7kDog dhrg1mY9_HEIcmp0qWhZhC.liveT0rV0ekkUsPBgZsNuBFbFPK.T0M8yKVfvP9IRcm7TDnVs3hFe i4YBCAOb3yw3piw3NpmOnIvZTjmOAk6_87V3fty7pm1O09vxJP5w625SBHuLs09n4eChDvKNmB21 ICTg3sw06n9zX9Az2xnzLb0JEI080rgnibsFY6iTyEyoVauqIIjRI7eDHUyHvIP5b1dV7DXNd2e_ dsCs6rl2FymT3Ji.6l.Ja_xPAjSyaZAVAjHPjb_RX1ebLvudfSvypbU8ZLASW2U8KEqVZ9jJ0as4 9ljpCd2DXaYdUfpLzEs3dsxaX0EyHSWpVV1fOA0sZUUUkznmdvUwG2QVYLhOgSsgrsGDWyw_ZRNe YWRjp61ju172pPuzURpxbYmy6u1390G9lXGRw1arQb_LvaD7RJCsLXRhGtSoyculV7iXcV4F2i0p XOkQ26jVN1VFAr3BF8aL0uBCCmoeUTY6lPNLXKOhGpEk9kPxs3xbDuySbDNsseqBIyElmTHXKxc9 m_AskE1JMCgXlZp8dCWaxdX33DBU9iKm18HMS2QwVwOxH98sYyKw12QeAEzZp3Y9aDKlXhp33SOi KlYfU8RNiu6ukmmYy644lE9Tdu5KOeB46V4dpuLaBau7JJlRVlyD6evd1MfBQ1Uc_lWcWYTcAgke dFv8YNMYtA5F614MQd1zWRiku5ZDThv2l6NlRnqNk6oH.i6ByjBxa1vF0iprC0FTtzkn9ZNbSSxZ bkJOvtXHf6mpdmhuwCxk.3Gqoe3P0MoBtgfPEyreS_2HKm6kIMuYFKD5vdlgsxLYWQH.Sl2DlnLq g.75IXCd_F5OItVRahwPdfyDQB1xBSbJEuvuzsybaEHnV.b_mvysZQCRpz.Wp0oE5dFLWjjXixNi cbkRcQonPnldDY62Cs14h0l.RF6CtVKL.s4HeS5kGoytbltZF4R21TpvXWHZNVU3OIAyXWh.caGJ Hj81KysODfemCYlWs3ClzQaFLF13Qy3jn2FNSHNDuaEmQvm1q5AkMwxuwTIz_Q_zPKtUxGXYoHF_ kl05nfcfmYmkgzq2fqkJ9WILS_CXbg4ojdbGYdvgFsj9lUU5mK3tmVdf6P6EWt7sIyLFhYWS60p0 rQy8WM80.dzH.R823j7uvquylR5WB52gn62L_PW2d4gZqObwh1qAGzPM8Q2N7gZ.1lApLcaNHLWH kFzXhqrimnJziTO9XBiVmKHD5u4f5QF6NmiuEtAZGHQAKfcAc4IeRTbXQqJJIaiQxuvWVLowFYaG nzboo4As4 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Thu, 9 Jun 2022 23:10:06 +0000 Received: by hermes--canary-production-ne1-799d7bd497-7z8w4 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 62296d5a5fc11a6b88291aff65d8e04f; Thu, 09 Jun 2022 23:10:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v36 15/33] LSM: Ensure the correct LSM context releaser Date: Thu, 9 Jun 2022 16:01:28 -0700 Message-Id: <20220609230146.319210-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index c2f71c22a90e..9c1ed7fbda87 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2783,6 +2783,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3116,7 +3117,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3532,8 +3534,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 8c2dc2c762a4..b1c81e75f37f 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1391,12 +1391,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index c0fdcf8c0032..d6bdb0868729 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 61b2aae81abb..512ad208d62a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index a7a445bac8ce..a20fc156c697 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -137,6 +137,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -589,7 +620,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1453,7 +1484,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 2b670ac129be..0eff57959b4e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 030f6e84026e..cc902c9df77f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ddc8cd65ed12..da36301e2185 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 2c1f3280d56e..644dec6a8ef5 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6269fe122345..f69d5e997da2 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index bbb3b6a4f0d7..b3e3d920034d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index d60bc6abaa40..e434f085afab 100644 --- a/security/security.c +++ b/security/security.c @@ -2373,16 +2373,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);