From patchwork Tue Jun 28 00:55:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897376 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B4DEC433EF for ; Tue, 28 Jun 2022 00:59:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242364AbiF1A7D (ORCPT ); Mon, 27 Jun 2022 20:59:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240866AbiF1A7C (ORCPT ); Mon, 27 Jun 2022 20:59:02 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 701A221E0B for ; Mon, 27 Jun 2022 17:59:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377940; bh=tYqWAwtnK7psUEEe4XhJcu7l6wVw6vdttfwUfuyaySc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=SAgeBo1sjcMgWnDBC1xlcCce6xsk6wRmUqxJjNppwLOLQ2J/vQXOTqLS82D7XqD3LrJsxebgfmwlO4LDYo3XSRxi9wgjKN1P1+y63ter/kpIB7HgTSKwbIcEX8OIS22xJC+hu3WESRNeiUyd4GWG7sARE9mPFG1MIlD5thlBH6ws2z8vBbnAsMag91EBMjuMMfHck4Hew53YbHDRwgZYRwesuinkSqmAv/z/m21TD2xXzX+0O4SFo6q+yZAvQH0V7HSvdS4gL1nv0vla9dOUrp015yPAz2ncW/RvM/HtVrfLXkT6oROnjPEX1H395fhgRHL8/MVHHmi/xn8sWz5Ttw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377940; bh=QA6E2JR13S6k3NYK/bvjQvHkizLcH4RD3DodTeatUSw=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=DpPt8VtPI6yn3xopzfTt6WUjlXLfI7T/CHdZvf5qbOWAjGFTDqQ7hRshnapkiHsqyPVABe+YvRaZ4OERft4nrPb84FMxgIc8bq6bnGUTIjBmbZYZNOeCWP9aez+dAN2XPs4b7ZQJhWt5eshdB6wuBrPPJyjftNFrnBRgg5twzI2IClkR7IzzV4asx84MK7KF1CEkjuWPx8X8w3muR2xNjr1egB9F/P5Kn5J3og/uC44bQn+xm2gDDS/pt3Nz103IicM1U1xTqb8KIASqN+9Mf3aL5T4JrSpOigrsfo+W59cc2XOXKP7tCmQt60t1ibPZ8eYoDWrwFD7unp4OBlTsTw== X-YMail-OSG: v_79ysYVM1mRV20MgroC_3Ki095aENCZjUwOnNSxBwMbuMVeSkPKR8.me5nCUUw rKkM7jh7yayJczS_d484nIYpMRNprBPtpvhvRqaHmsNirz38z6774jX9MbSLafq.YNht0EnJWSMW o4Vu4i5t7tmpxeCGHLIRD8fYo2Qn6wWQUaLD_i2Qjb5iLWbOUCx9QgkJbq8x_7UMbNXhrrnMvJ0K dLMo6aYbfrcQwi2ku0Hc6cZG5qh3pd4Rt_sh.OZQbF0UEDd.CiJ_GrB1jGTX7svv2xSUU901AXhA OudH.yPjzL03PCN9QkEwSe7OCFqWoyspgWd39J1cyBANCfxDmILNqgthFYJjQ6vI_UfTdrnCJqyo dWobjiv7iQ2aC.2cn3SYqaLzwhsdWMjK0NfoMRlMDXZR3RzgALENj3MbEjpXH6jWtNoXeNpjIugt iMdyx4W8MBDEjKt34jMsx5t.9o2ZhDGUufXmU57Nr8mx54bL7n4Ma.bAbJBG.0uEYn.J1MMOQezL _cffaROKffBwtqKpp.wFPc5JQG1O2tBAOjP6K615Wig4KQ_F6_DlmtQBQWNgQljAoM_Rzpn5bzz. .jfnpHn5OkzMsC8_qNUdLZifNb6vG_3bkbxVA2MXuWKLySDguPzJo7ExAlzfLBmo6OWmgd1Aa4Fn Zw5Te8dIFhvB31QilJiQqbUJSoad9D.LPtrYQula8aReOXFnOSVp9XwrKxYV0QhftH3HkA8W9Pwf p6ZwHTiUn1g0cZeN_xgQQeYc76iObr030nXf3mzApcaBHqUEtsYrAA5SlUtI2nUyXz7giQ1kXB.T PlpsPuyT51p4wPYspBIdobUuwpurU.Rc8LzCoT9VhDsUE75j5a4VYyum87cA5EMSx7qhqqSUAmqa uoq6HaGWnPge__NuI4gjw5Xb4422O8KGZep36Nz63_kfRELlmBpEeq0MPpAcmb3rXoz0sxrlzBBJ UecuRQ60ZXN1mYNEYb0L8B2smNo33Pa0Bk5fOcolvOQReiUO2Y4EFg6zUQ09egDIuNUU8C6WySbi TMrEYLRlugSQ0GJnR76iVZNQw09o1oB_YRZ.6RsonVfA0cohWhdk1PbBMbD0GaCcowVVCFf5JrBm W.Fe6SjQni4c6pxWPyinaY6KXog1_9QbJ_X6LazABPoPK5me8v7clYRWkA1NYBvpqXw5sl8F8KEy GzhgmVBWSI3Rc3D.iRMOYtP2Q1KPduNqx4f7aC6HesvNfZQ3yxvF7cYy2r_lHrvGeLupXATo7dvv 7bp8FYaiNdcl.jQIv1llBuV4axTU8wU5Ywpq0WKYEa.DWvYBNUp1JNK4ZWNNNNT34yLLOCsN53rr noQ.jK1Mq8EbCD.jR7VjyiE0PySDvBRH0OWqlsg6FvsVl.Gp2rZPY_.wU0PNdQpbNlyUh4Cq2DWW kqTvWgcKvwoIm5V2c6M3YAsXAKje_TlFfw.KmoMgPrSA5TtjvJ1Ob5HFLi0mdSEhDzguw7aCG3AY Y5frcV8wxGYRPnYAGydVBaEgKPuP1dej5tsk9JcOOrC3gCTyeu7kwmzctfTARDaj7W29cRHE3Qa9 mAvv8Xv668pCJOKiMkDbOfd7K9.aqt7pqjaw3mEnllmUoyi6ON1B5Xd.tjKoxG9uuHbisof_9ZuS I8ahx878N8m8lpof1YO9p_xgsRt9._LICiVqph7xY0ahZVWq4c48cVPs6e3XNe9UxaUU9Xz9SOTB H9j2z4ZtVU7Wou.EW0LwMKU5GWcbf8BOm0mi8XOEingxfbwOK9zAYvdZpzHo4SjnwBy53G012vt6 mn8ednd_y3Tl9tsaGQMn8eIYD_s5Krgn1SYXL7nD7MXrDGKBBRM47UhhQ6C1st7g12T9GcUDjD0D 1yEyc5WGnMrA368nmr_bCmDf3Ri2TbFEBCgg4GMk5Bu0Kq3eZsrsZq3k6cwUE7P8iM7DG5pXBJT. jZcxIw.ZMC4MoobQJXb_DcpEgBCeXpNkiT3bhjO6XTMUCVi9axyzdzyKA2GPmRhT6R9lUpjoAdh5 G1FWojv93dQqdYlOwoH8swV43YssKxN8yLXXlQ8XItIy13NnPSHjaWAQQkSaCn5K991.Q84udzei 2DQTYypCa6npXxc8BI24PotBOrzvlJ3lXsW3yxAdu0u89djiLdOMyQJyUJrCr5Q_GCJzYAhpjjYm hq_wBeHAWhAkAo5K44G2v.NFfKfSqMaIqcGwC3MF4KdKOSPELKnd.40j_nADyLwAOf3a2yXvDlD_ eHwYqVt8.cn.uvV3_UEi2H3OMlPog2i3u4BD.2QZhxJ_vyFnazc3_LYg81FMYAQg1HhBO.e6abbz hX4RJE0ZELTtU.51VQQHcuEx8oWAOiKAwgnDXqgAm3dbDS0ChRneAw_0yHg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 00:59:00 +0000 Received: by hermes--production-bf1-7f5f59bd5b-b6lnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d0a6274eef1e7322c21c22475730a9ae; Tue, 28 Jun 2022 00:58:59 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Date: Mon, 27 Jun 2022 17:55:39 -0700 Message-Id: <20220628005611.13106-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new functions are put in security.c because they use security module registered hooks that we don't want exported. Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler To: Mimi Zohar Cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 24 ++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 7fc4e9f49f54..5260dbe9ef0d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1919,6 +1919,30 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index 188b8f782220..8b176769dd86 100644 --- a/security/security.c +++ b/security/security.c @@ -2580,6 +2580,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Tue Jun 28 00:55:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897377 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFC29C433EF for ; Tue, 28 Jun 2022 00:59:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242424AbiF1A71 (ORCPT ); Mon, 27 Jun 2022 20:59:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55512 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242329AbiF1A7Z (ORCPT ); Mon, 27 Jun 2022 20:59:25 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 690F7222B4 for ; Mon, 27 Jun 2022 17:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377943; bh=9TGjBk6+eqigbT+VFlkAmVEE1TysshUfnQ9f32ddIe4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=hD0cIyOhIewgSM1PnUuwP6qGUp+nGH+Sp7q0DDoihzjppII0k2s/QwHiP60B/OLZZsZQ5dBQh8famMG6aH7+E6HpXhGpLxhSNRX0UT/Ph4ZHuGGSjFTwUsAUzu8f7gwNWgUBKodYaIbWaQYN8afFFEKIiFu36yiZe0zYajNZNT0WQydOBT0DUXFvbAAYTta3m/t/N+yhh72nx2xOsqx+4hmbwGj4+mo8XNBDcW8KkofF/g0/W3oHyD+7baFK5TupmxmMJ/IE2zt09tu5uHEPDgNfJVyeLSGwmib1LlJqVid0wrFUZ5URccn+RZNkkoM5/F2OWB9/FUryODTu0bCkww== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377943; bh=40c6w1u4R2PHRbI/OhPZ4/mSSSWS9RA8/ckTx0AscY5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rVxY5bidpWTh+13VmLMTTurFpDN3yBaY9aeh7x5T0r0DXfN5e8BcRO9b585a7syPfCDZtB1Rnaj5cXoCvkPx+xMJK86h81OVGUyO398Lq5myYU4UD4EyQNGgEVRT3+D12YxteWC2WAyrnde8qSOs/Io8TMzu6GtaUvvNnib5epIlICFHE/WY0Oops6Nb1fSYQLg3Uh24BMMZCJnY5sI2X8bAZMlTNF7fkpcrDs3Gim+Qfx2lSd2mjuKjJRdO/hCJUmfg/f4t7+PBB4QrS7Kgdirv1Fsj0x2rsKCMyAwKmyOhStPyxjTLGgTiJYdqebDcnNP11uuXbbggglcrWph4Vg== X-YMail-OSG: 3B9BrI0VM1kuNNjahbUykmmUgSU0PPFgHtenN.a0gxP30NSmBn0sqfOEIqzr85c gigs8a20YglKV6ka.yqn51uS5P9Lj1Hp2wmldBnlZo7Vz0txJPPAGcriS5nlvUgkmIxLSubgcdnw 9wO_LUydXjIJVYg1CpzxqrXkRQJq4wtoeQqDKXD97He7FAPgKoIDdmFZ_DiR8CONoyqCGmxLDEKo Fx4PVsaLs4gc_Ub2uFMalbsXMQ8V0Ou2UBQBCW_R1HriBhMApL9cr0cokY4v7ODceUpcacEsXFHp HG4X4PIpEuoArTjTCm0ZTqCYhmj24r.hAiQnK7UU855lD_1unSUOLuP8x705krHt5OkojMT5q.pK 0346noaCBcGOVsT7U7OtIYxXGbIrIQ9wDhMJtTuAPA4KPWqMf.ZBrA1OSJsqHyrWOVH8duVT9uEa lC4pRQ3a8RGBS6U9AeYhGP4jCOvUUFH6E64OeG9Wecq7.GsdgAiBXeeGS8o42aXqHE5r6CbYX63g S_LR5zzzZVwd_nIZcdkvk7MI2xvOsLIW98sIRQ1lX5oj._NXpF2t5TybD0x8u_SYtJ1BpYLgGfr6 t_K0rNPeCn0YjGl2v0WQt9eSRkPT2GWAMPayw9ICPOxK_s1OZJahz_.l192Zqmk3YFsoyszf1D6X Nw7KTkQRYukenohCz.F5WbDVa4zTn8gStW.elaYcgDGFoHuNNSbWVCKnsL0IZpdPZWg4EdWDCgiW OhX8zHCWGL.MLUht13ODcDW7ZBx2Yxnh322_HaKlfgT_VIgTD8KV_D2pY4JuTuGnOp8Ap3RTurnh S0as4I3.vgI0LzcRdEMoqpurcTEjh1uIe5.IF.TR3Cn.7RkzecuESZRdLCYYYYNBG6RZSiuFZfMl bwDdGhLBhNYDHyY9YScGaN7lRwOKmwAHL2LHZp5YBMCWD81CC1PThafpWpn3FxR2ohR1aVvqPPH9 3_zd8pLM2UCW8TRDQ5DrnnQTl92Z1df2EeCwNfuMDeDSfMVdWUECJ7Ou.Ved0roSs2OYmJzEPg7V yku9FZl9QxdqNkoeycbYRkN9PkIAsuyIjBME0E_dRGy_sqmimwNdAcLHqoMydigb3P12LIAbmWgm ue2HiREjBFWZpV4GAw8fsFDTaYqK_LZqvvbf5Y0BPpQQImK2a7daz9bnXvV5jXv5H_4_PeOaQ1ig mC7hqazWFXdRNcqipP4QadrHoehZTIMQX1QUXK8FTF4qd.jar4n2bLhgmwrcUV697b4.tT0Vb5_w uIJ3rXoHm6kUhcIl8idMfvdkmFKjBUCEntuhSqB89m24dfK9dYgRAx6p4y5nOmqGpWKz9ycC3ZCZ FcZC3JoXzX1rwt24Lbrc9EGF65.tsX8pD9xhNzdNYAliF0wLDNKRcv3vskXMis5I2IfhKXGnz3Ov 78XOXxuEGeHmdtEDdU3.RKY4M.aTj7fOaLD0LrmQeV9rBSuvqRv51ntCgDZnwHkGU6bbZ27F0mZI RRIkT_oJfcwW_7j1qNAKRjlRMgw.uIwEu_9IjMhzZmg7jIE5sxqTHazGpM6N6zFQBLmbZfLh2qFg fXGdC3Ucg.keFZTPI4IMiB3ksU63Yxf..DW.cxGRDT41gxrF4W95Fdf6MRfIP2s2SzwiwhuNM6YZ 6avnr_o6OPSxZ332YMfsRe.cDubmbSRnp5H_.jiW3JPb1WKqTCgJBp002hlsfnGrkvFH1dF83HoI sr6K_87uV_TWsX4xqB4GjUxYYbzvAEDjC12l9avYt2BBcpx4Hx3CjcxVFqtsBY.6oZHLMiMD5v_f UB5Fjg2iVAtnotgduo1y3rAW7zgRs.vNqzKH_9mql23FS89kHn06ODk_A1XB50oBb5wgiHIYbebe 6L0DdOaZFMZgtNESIa7P4i_F32y4uSrcKNgDZqierWli3XhPCRqVVXa6Jf9tURMv74.baUkYNpUe inRzwnM9saSpOqEZyetDT63f7rk3LcxRD_hvsMewc2uJrMBhn1bvnzDNQOk0hSbZ1Sjlic7Lwe7v hkg0FDgvEsTIf_FKHpR2pumGmd7xdfWCVPbdYRyrzlvSGRGFIM4nWTWgfdDWSMtCg7KRgAV1uQ4c T5CaeWCBI1xXwuCNFE4s.1uVG6WayCJ32dFLdSjqQHg2r9xyjoJcVJPTjAsEdMhKgMxirQpcO0d9 hJqGh4EYMmn5W1vDXohRUrFbkclQ8RXqdQX7WTkGLe9AixNvGCupqG63cUkqPlw2CI7IRlwEiwpt fLmpgFKiyLWMGWgsLFjpgtCGmUyVmm5MGUwq0BHPpZvh5n3qVXL6cLpxKnvOmLresMPlka7sTODg 0DrSXCamj9GoO52caXVYpiLQRRmlqEaFOTRQ- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 00:59:03 +0000 Received: by hermes--production-bf1-7f5f59bd5b-b6lnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d0a6274eef1e7322c21c22475730a9ae; Tue, 28 Jun 2022 00:59:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 02/33] LSM: Infrastructure management of the sock security Date: Mon, 27 Jun 2022 17:55:40 -0700 Message-Id: <20220628005611.13106-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++---------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 82 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++------------- security/smack/smack_netfilter.c | 4 +- 10 files changed, 145 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 91c8146649f5..5d480797cf53 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1606,6 +1606,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_superblock; int lbs_ipc; int lbs_msg_msg; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index aadb4b29fb66..fac8999ba7a3 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 900bc540656a..ef9046866b17 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -802,33 +802,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -837,8 +819,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -894,7 +876,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1079,7 +1061,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1092,7 +1074,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1176,7 +1158,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1186,7 +1168,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1203,6 +1185,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1239,7 +1222,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1791,7 +1773,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index 8b176769dd86..6ce168475181 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -206,6 +207,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -342,6 +344,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); @@ -660,6 +663,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2270,12 +2295,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1bbd53321d13..56cada53993b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4532,7 +4532,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4589,7 +4589,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4605,8 +4605,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4621,7 +4621,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4756,7 +4756,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -4935,9 +4935,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -4969,8 +4969,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5012,7 +5012,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5045,7 +5045,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5113,13 +5113,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5179,34 +5181,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5220,7 +5215,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5230,7 +5225,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5247,7 +5242,7 @@ static int selinux_sctp_process_new_assoc(struct sctp_association *asoc, { struct sock *sk = asoc->base.sk; u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -5305,7 +5300,7 @@ static int selinux_sctp_process_new_assoc(struct sctp_association *asoc, static int selinux_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb) { - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); u32 conn_sid; int err; @@ -5338,7 +5333,7 @@ static int selinux_sctp_assoc_request(struct sctp_association *asoc, static int selinux_sctp_assoc_established(struct sctp_association *asoc, struct sk_buff *skb) { - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); if (!selinux_policycap_extsockclass()) return 0; @@ -5437,8 +5432,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5455,7 +5450,7 @@ static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5476,7 +5471,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5493,7 +5488,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5577,7 +5572,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5706,7 +5701,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5729,7 +5724,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, sk = skb_to_full_sk(skb); if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5822,7 +5817,7 @@ static unsigned int selinux_ip_postroute(void *priv, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5851,7 +5846,7 @@ static unsigned int selinux_ip_postroute(void *priv, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -5900,7 +5895,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -6899,6 +6894,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2953132408bf..007d1ae7ee27 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -194,4 +194,9 @@ static inline struct superblock_security_struct *selinux_superblock( return superblock->s_security + selinux_blob_sizes.lbs_superblock; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 1321f15799e2..800ab4b4239e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -68,7 +69,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -101,7 +102,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -236,7 +237,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -274,7 +275,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -355,7 +356,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -373,8 +374,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -392,7 +393,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -507,7 +508,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -545,7 +546,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -584,7 +585,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index fc837dcebf96..ef9d0b7b1954 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -363,6 +363,11 @@ static inline struct superblock_smack *smack_superblock( return superblock->s_security + smack_blob_sizes.lbs_superblock; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6207762dbdb1..2689486160a2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1434,7 +1434,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1817,7 +1817,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2237,11 +2237,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2255,11 +2251,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2268,7 +2263,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2281,9 +2275,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2396,7 +2389,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2428,7 +2421,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2460,7 +2453,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2533,7 +2526,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2621,7 +2614,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2715,7 +2708,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2763,7 +2756,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2788,8 +2781,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2852,7 +2845,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3583,9 +3576,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3631,8 +3624,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3669,7 +3662,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3881,7 +3874,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3903,7 +3896,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -4007,7 +4000,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4056,7 +4049,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4105,7 +4098,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4125,7 +4118,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4211,7 +4204,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4747,6 +4740,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), .lbs_superblock = sizeof(struct superblock_smack), }; @@ -4857,7 +4851,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index b945c1d3a743..bad71b7e648d 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -26,8 +26,8 @@ static unsigned int smack_ip_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Tue Jun 28 00:55:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897378 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0EEFC433EF for ; Tue, 28 Jun 2022 01:00:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242582AbiF1BAq (ORCPT ); Mon, 27 Jun 2022 21:00:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242451AbiF1BAp (ORCPT ); Mon, 27 Jun 2022 21:00:45 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5371C22B0B for ; Mon, 27 Jun 2022 18:00:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378039; bh=AzLzyC/yFYHD9/JKCXZzGq59aTfvpSNNu3a6CVGAxuU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MQrFn50mE0MMh0Alk37RSIhDcMyIfzXpqeZlEpi84rVR4cexvX5moIvDfFmTWBdNTfL2Vswywu9LH8V1f1nnTYh7ddfAlpvrRwHyIl9Dyc7g/b94N9NukxGhqJRv0jKfyYKRNR4yRLpuwjM7GmF3lMbi6RP3m9Q9aFi2/D5MqKoOuWmPNMfleIgSgkVe7B8gQhj3Ab2kcrKJJhEJ+cIQCIgNaOZWam5gdHBv3l8fZKllntSKVl+m4KXdtDncXtGIaqeKFfb+eZUQzEE00dOsmV2vBWUClWibzf09TmMpeAUNL0nO6KqbY/a59a32rKm0bYVqfWKfOyZMrHXPu2KrOw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378039; bh=KbCoXZSb+gV301yVODsCJiJMuZf9oXXJ5W6xVpu+xNS=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Gph9MGJ2jFVqda9Xblc5/GZ9AAch9o4NNe/6nQFVU+N7xPJv+hBmdmoPhN97rkjC4Do52vB9jKCTx5qVvvP1yQfsCNOr6f5VB0STdqQRIt0VObijwSBKBAS83fo+QyHapHZSdUh7KReyhc7E5zAX9xkv7WcdwnUZdX4ieRtlbr9acvamlQNJoHi21Tti/DM9cSdgM16buINXL+4qP0xzKIUsxM382HgaKEv2OcWEPc0HaFeUPygoFdhs7tkC0fSiPuqcaeCgqty7dhecm9ZU1hZLAlsSvBjHI0SWlR3I1y8gQWRKFBrVSoGz9VBVHoSp1ORwaH16O64atnJw3yyMUQ== X-YMail-OSG: .yktNjQVM1l8_2GGjhRgTWo6xV38yYJYrtMNfKwoV4Adl1PxCZidR.a88GvbOyT MJkvDCRO9rPvUK6OV_6BJd1NSkkOU4r7pKiMIga87156tSuErOucx8aP62O0p3gE.sdgMwrhlsyw eSrUsF8lv3mVIbvQO81n3TJMK0ZamjhX6QG1baH4UYFDzqJkg3VggxTvBXM4Kqg1ksi6MT8PTjLi 06VH_zE1GMfzpo3ZPaXGP4Gt0kq0435KOug7luSOyxZUslpRD5rCCgkRiNB8jGkxu...KfE2BA0T X4NCfyIx.8Lsy.bLdyfUJ9p6L6Uwna2Vy0Ywe0vX4m3Dwi7cGGOejN2ms9EZrsuZ1.6vMFkHHiBK 8tok5OIKk_r2r0dEARIXtmab0m3o7.Fe900jqZjT4hbltOQROW2RS_dmjZEVF0MsLazR4.YdNS6H tPbPFv28v0KukXb0b77VfgkFKAZXAm5TO1hmBn.Dz2QFrF2U1rc3DFtyL5gCsD95Mid9L4NDHSN6 QMDm6Hz0Nxw.4WfZSHxCtg8BEA0E5DhsOE6UIIEqJ1tjm4m8bkIOLg_PaEOcyqtn0wvOM9fkQ0bA 9LNA5NpjYld4UMXvIcgjZ5JreYhxcj18ZyE0SqUrosb4MFBQgFd58tzV2qImq_b7G3qPlkTcxnrU L3sbgmRnTnf7foZMmMqOhUp1n2dz0QcZx2YntONiI.8IzdfoXcWPbYwnBE6xgi4kiEMsUnr_j601 mHQ2njlqkgy92vc.Sy1Jlbgms2ZN1_Gsknwcfp_HgqMuCQp6HROi8VTc1ypTM5BDd2jAY57R0h2N GznwBbjmdQPZGK3Gp0bJfB8mPF7oHWzdRr_JtpUdF.9Nh0UDAYk.MAnlQFrUGGDe84DwsB0LZAQv rhr7rcTHoVMZZRUm9.fiHgw4wfWuySyFLbg9w2S.52VsAsADpEc4VCb15pj2iu40G3h0fr3EZq2_ hwRVcatvaM5FMWSaK.ZhOatvZEzomcagTrJliBiLPTwM.n6z6lmEMDdXmZR7M48ifFQHtEfnydpf 6U5PinDE9f3s6CfOqeaOF_aVSoKI2wO0vNu7ez9SnovqWtXCW4X7L801UgkoVEv4SSwt_RHYBM5h JDUEJOgty3VC6jDSP8bLsSfbHbI.GfG3YMLYz0Q4jOZUMqjiExozx7nYZBwRlbIZCamSRs0lzoZ4 fivZAr_A3gNN3L8GWxQTd81tKHD1.wgnkxWIl7UFL3u5Ba.cenTVirwkp5.kItTAtgt27o.X85d8 qFZSBI5H4eWX51CQtcu_JEORIeLgvvRTrMh_jRrUQqBS.QxjbdPI_7hHhuXbMhJvUfefG0CiQzwD 82SSS3RbfITrvL8stXsiLby6v6ty._BzxlQeSsIgUDppvsDlrsYL_o7tehccZgNWT3UO73Huf4bj vGPY6FZcaVTizUUmwM4y5nwm2c5MzuUR8oOI2yIzgmcq.wmzq8Pz.6lU.Ck8yWM.MmXPVyk4WB1H P5e84lXyOTEZCJJNhaviKqJVZgC8FmD0EvPfmUb5DS1j9SI9yHJUOpaDi9F5aXx5UH223o.8XT_b lK13G_GGJuttsW99JAw0jqAEks7pjlSMS7Y9y2MTbeNldv2RKJwUWzmNK4D27vn78KaDiDWb3HF3 AURrG8CyoDTx0RzoNctvhaUn1buPJpP7Rwn0HZ0G2A9TNqxx2UJefzYa5yISOMtUy4IriJdNP.Ix Qgy8jCXJbd5kfa8YctpBB9gg_0TIPrPSjxT99MW45GMCo7Ge.7yBVi2l5gAsiQQ37FhYlTRhwv8X PYEaOmN1MVJ5h2hN9ohvrbAmjaZA9HbdVMEuTzMJq79zenlEYiexBBvsqYaJ0XBiKICZzAqm9059 jQ9_GkrytLwSlEYKc2dNt0hpbFKPhNYbfJfMOO3.eKJHMG4bcEKyPR0p685Azhv84kkz5o_T9M7y QCv_cyNkf._nZekcV0GTelIGTyhlN5jHcKPMbGp3M98VEtwWSCsjJxuMAsmCVXAV2WUn95dPtzlb yfdgmLnziPVik8ZhZ5mNqpOfWRYUGkGgI.42w0DjL3iLjlkG5e9SdZMWG5QWayYnlR.C8Gf51Bva YHhFUnsYZBDQLf_7VSasD7aZ3.gaGcwG7jlL01TruxaNkvsyzY.GhiB0mmMmWFpZx.hMxFf1gvZo 0CSekg1GcqN1FoFDUR2W30h3k8eOIGPtYsm5AYZKup9gk.Ulam6GRpTsiOtWX59zq4whEj7m5.X_ GQuuQtmQdcjwLeMuoILZSAwSBPy0joQSzrEeEF2pG0CyPIuwHk_UPyyR7_CMLuCEBryynxSdzaMy .V.jPFYBS.Jfn99oFZjuaou_OMblLaukGyU4- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:00:39 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wjb4g (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2eb209f35c81771290ca3d956ba58232; Tue, 28 Jun 2022 01:00:37 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v37 03/33] LSM: Add the lsmblob data structure. Date: Mon, 27 Jun 2022 17:55:41 -0700 Message-Id: <20220628005611.13106-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. A new structure audit_lsm_rules is defined to avoid the confusion which commonly accompanies the use of void ** parameters. Signed-off-by: Casey Schaufler Reviewed-by: Mickaël Salaün Reviewed-by: John Johansen --- include/linux/audit.h | 9 +++- include/linux/lsm_hooks.h | 12 +++++- include/linux/security.h | 75 ++++++++++++++++++++++++++++++--- kernel/auditfilter.c | 23 +++++----- kernel/auditsc.c | 17 +++----- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 +++++- security/commoncap.c | 7 ++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 5 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 82 ++++++++++++++++++++++++++++++------ security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 21 files changed, 253 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index cece70231138..a7226989d77e 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -59,6 +60,10 @@ struct audit_krule { /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ #define AUDIT_LOGINUID_LEGACY 0x1 +struct audit_lsm_rules { + void *rule[LSMBLOB_ENTRIES]; +}; + struct audit_field { u32 type; union { @@ -66,8 +71,8 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { - char *lsm_str; - void *lsm_rule; + char *lsm_str; + struct audit_lsm_rules lsm_rules; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 5d480797cf53..0496a8d77ca5 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1588,6 +1588,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1596,7 +1604,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1632,7 +1640,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 5260dbe9ef0d..835fbb86a2bc 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -39,6 +39,7 @@ struct kernel_siginfo; struct sembuf; struct kern_ipc_perm; struct audit_context; +struct audit_lsm_rules; struct super_block; struct inode; struct dentry; @@ -136,6 +137,66 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize a lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is a value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + const struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(const struct lsmblob *bloba, + const struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1889,15 +1950,17 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules); +void security_audit_rule_free(struct audit_lsm_rules *lsmrules); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } @@ -1908,12 +1971,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 42d99896e7a6..de75bd6ad866 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -76,7 +76,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(&f->lsm_rules); } } @@ -529,7 +529,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + &f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -782,7 +782,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -796,9 +796,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + &df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -850,7 +850,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1367,10 +1367,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_str) { security_current_getsecid_subj(&sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_EXE: @@ -1397,7 +1398,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1429,7 +1430,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1444,7 +1445,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3a8c9d744800..9820f08fc47c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -664,7 +664,7 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_str) { if (need_sid) { /* @tsk should always be equal to * @current with the exception of @@ -679,8 +679,7 @@ static int audit_filter_rules(struct task_struct *tsk, need_sid = 0; } result = security_audit_rule_match(sid, f->type, - f->op, - f->lsm_rule); + f->op, &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,21 +689,19 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_str) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( - n->osid, - f->type, - f->op, - f->lsm_rule)) { + n->osid, f->type, f->op, + &f->lsm_rules)) { ++result; break; } @@ -715,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + &f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ef9046866b17..1aa6c56d79de 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1188,6 +1188,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1873,7 +1878,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5fc8986c3c77..c94ec46e07ac 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1446,6 +1446,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1470,7 +1475,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index ec6c37f04a19..2eb1d65f10d6 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index ec5a6247cd3e..51149997cd9f 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1199,5 +1199,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 4c5b9cd71286..eab35808f395 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..759e00b9436c 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .slot = LSMBLOB_NOT_NEEDED, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index ad4e6756c038..2cce3a2cfcd4 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -189,6 +189,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -236,7 +241,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..0c368950dc14 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 6ce168475181..8fdf046fc749 100644 --- a/security/security.c +++ b/security/security.c @@ -347,6 +347,7 @@ static void __init ordered_lsm_init(void) init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -473,21 +474,38 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + struct lsm_id *lsmid) { int i; + WARN_ON(!lsmid->slot || !lsmid->lsm); + + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -496,7 +514,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2082,7 +2100,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2095,7 +2113,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2593,9 +2611,27 @@ int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrules->rule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2603,14 +2639,36 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + hp->hook.audit_rule_free(lsmrules->rule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrules->rule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 56cada53993b..68dcdc52f9aa 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6988,6 +6988,11 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7306,7 +7311,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2689486160a2..6e0eaecd8256 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4744,6 +4744,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4947,7 +4952,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 71e82d855ebf..38f2c87a64dd 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -530,6 +530,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -582,7 +587,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Tue Jun 28 00:55:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897379 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17819C43334 for ; Tue, 28 Jun 2022 01:00:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242451AbiF1BAt (ORCPT ); Mon, 27 Jun 2022 21:00:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242603AbiF1BAr (ORCPT ); Mon, 27 Jun 2022 21:00:47 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BA3422B06 for ; Mon, 27 Jun 2022 18:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378045; bh=bf5sJak6w78RJMogf08Z0F5P1ba3DHjnEa2+4ISjYko=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=CTNrgo7/Iw3eoUmJNUbs91gNgCgkYxrTejjQGf69EcmdHTlo18MpCV9W+tK4VhFrvzkDvH4F7/FhyeJCE3+//6BU/cBgFs+747EEp1VthIx16C7NRAhfI8j3Fz1K9F393NTILAquyBF/7U+RMXyJDUJfVnKQeULDZ58Wsjb0/ZrKj4drgs/WPohXnZ3q44xPuzW9XKdrFlCeqKJxMTVAkfdL68j+05AX16iG7+RfGfpT/hTp///TTc/JcgiJykqdD5QkyZAI/SKNecxpkVvlKWCs/Pv+397tuR+fKkfRMKS4Sq94VRCVYItQoiGxhSQGHmhUkRYbKUQ7HQ3JbfZUNw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378045; bh=rMUIqK5xfFHtmytlNaSYqwX1glCHwGhf65Seq8xRYlr=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=MkxBgEYuFcob+6e2kZP0E63TcfoxaMN0mF8kkHLni2vn05CZD8Da525ItXq0gzX44fAsow+GW9FsepU+8B+kV2r8oNGLFtZYtXmKbpWmnaxQzLil5+FUGr+WbC1ObUgn6QyZsTW2/aBKxLFfZLsr/ff4NpK+xpKKkCOomjBOasd7xu8thsws1JsHfQZ1fFZ+tRhUI2lHfEgIruUd1CVthAksP7yy5r1EXTdGK/3CNFy6lhHel+12Wv/72UqvOTcXwH2q7spdVVraZFHa+GEBLMfbJQtRIfgU0StZrd7UWa23AxN3yisIayPCZkf5oqx4vMnda3/oJjGig1ViC62kNA== X-YMail-OSG: FdDUwOsVM1ngCAgPfyvYLDVfY6GwmCd74D9MnbviIDNgHsuGimcttALpm_blp.5 vlj4rJIfeTyNI_K_kjNwfVB5.3bHMKYnbAc.JkYrtkJ9b7.1Zt_LrzZA3Ua295EQ_SnoYfMh_P0O Hwq0leS5P82c4fn_Ua7dtI6wItCXbrefN5UvcGJRMnmrbyjcZ3xQmE2tXBAhIVUAKUXNtof5cC5m Euh6ERshVBRu_HAq6wJ5Xg08j7ov.m8VKIesHbLqMzFd9kbHcMqrT_YIUt74kJqZHhJBe34oYs3_ BF1IskJXX8TvF9YfSjbfoNaGQ_5WaMdYrbQNBGWPdmIDvQEJ.OppCOG5csk9I4IaPzzGc.c5xPmz YKLNnVahclH89Jx69E8_Mvmu4oir0MbdteU_ozeZCctYi9P0Vz.9S8QCcQcbVRoKMOP1SwBbu8yx oHQ_RakF3_PS31lEtEPY_xCujfIDsMfa.6xQMaMwGXfUiMBTBxiCw_LiisrVLuDVJuB1V7KvFq5r rwExSwQUeH9M5z1QJJPqxHrG21EgyfmZ3r2MG0PziKP1Y38K4fFAb9a9iTmkfTiLjmnemlp1UKfK 3P6rSQ7vq.G16f.5m5njvrL26EKtRaqLrl3UiSLIyXseYcCDTtONsR1xQJXKYDa._bYvDKA.Fb_j 82PcehnEytMz8.e6EfpLcDgKLBuUEWCJdl_epvQZIU0.unQB3IFBaSTOCC0mJD8b2iOLxDdgdsnh v6pZDjabcKuAY0YNIOLfvM56NDbKfgNpMx.kaF7LqhcrWj0I.p1ue6hRF1pxdXJsDSepxSyTwXBB 8yuEK0B.uSdSQ1NRXVBHwy0fDJpUha3RaYWJLe7RqXYXIosugR14tFh6jUu9Kryx0twcDoNwEm4I CIN9YrqlP9qi64g31TvFFo6r3eA.9MaESnG8tBvYd2CbvsmzttWQXyYdnnaehOhFcXjbus2jF0w_ cr5mDU9FsHHChItf2AP7hltUglx8SxX.TAFEWNpEuiK5jDBPh1e4BuiC9vkHr7zFzeINI8FxzHHt JV3_4PgEx_2MV6qSVshpn9fkvpIOVhqXtRb6.NKw081Iq.SGfTWV0PV5Q2kZ9439HAM22qR_S4CS vV7LLC5.9lvW_Wb4KdTEMdPSX31mxUPkXXvgj93sdekNFtwZ_d7.wy84QFUiwKqu.zTkYrFfLFYx Y.oexMMKpeocQYat683MNAeLVgrsc72zWTKIr6QhDZcKZH58f5lqdO598ErvzOrC46soFUQdZdxt PV6NszGvsbccSAwLRnCXTYfh3bPAwMS2ubbCTfrjUW7f9voSBfcbYwLhzSt0vKkNrd36AfSIRh9T gHWDbBKIDk340dZKXHMVh8ld80WqM4jwgEGe2gJWKrG8P7xODpa_NfSvCAf5pGsEo0tpJhHTp8yV kFS4abK4cCUutA9Sfi0PpWGPJVf1bQIsmH5MaG06ZO.Y_dq5CblHbCaGkDjHNXngLE8GRxxKYt9K TEyJG_.WOHIS3Bp4qNaQEm_A01kcyjaBAyKh_71Oy.16hUeLx8qTyoRkeECBeN5YqidyjhXGi9Oc WjJfpDJHq4KqeI51rg_W8E.m8_QUvpLQ_cj8WdxWM7S6dFZnfJy6GX6_1wOm1re8MDM9oVm_kkPz 6HJG1UWckNxMtJ22DBmHbG_Yw5fhPh8LC2i_dNSiK7xtGSMuDG.9YZEUJnfOUZRJP.Xd_PiPynqn Q0UCW.uUST7R82gWhj5a1wC5SPYzINtLFokjgcZr0r.8fIh.q.UXu1zsQQkTsuuRVhas2Y1.D85P LQMk5Lquqls2sZWgtuBzR6tzXX33HOxvqSVLQz25bfbz3sDjccSBDZxtb_0a59HWWJwR30OqGcsW GILoj.lM4VlKf79kjURPGtfaHIZQHLeRg1ehGm5j1N1zNh.wo_TbzsLJIMEvMJ0cibIZXXPvDwMM CD.ZmvleEsxaUVer0potz_Jw1dUAKpIvMhoqMePf77DvBtXICYFGGcgTSwYCmZLf22IIE.8f75Kh .gZzwZHX8tfjDp12TNlPFU5A5yPR9mdDU3aqLLAWCnmzh5JmcQuZJyQFbYICLdH7.oYlMmMiuv6w mvBVjpfcpjvLcThRpcM6N0mpLw4XqqITzYTI5aCacO_7J9j2sFdNtteGBpv6CvaJ7fe3pip3P0IA .pTSNFXans7PjQhQ0Em4jGkoz60gNSLrmQrNvCJ9uTCZccfaROPScuUgLPb9TPzmJkVJmZixohfv dPRfGPblnhl9nnyYZM0wF7P.z6Ms6OiPvL8rb00OBu65nEVc4hAGTFJY0Ok.Ttzn0SWoOAcWTUPX MEt6xraSXhcnyEHoxUS3M1bK0Vh._Kkr0TAox X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:00:45 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wjb4g (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2eb209f35c81771290ca3d956ba58232; Tue, 28 Jun 2022 01:00:40 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 04/33] LSM: provide lsm name and id slot mappings Date: Mon, 27 Jun 2022 17:55:42 -0700 Message-Id: <20220628005611.13106-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide interfaces to map LSM slot numbers and LSM names. Update the LSM registration code to save this information. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- include/linux/security.h | 4 ++++ security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 835fbb86a2bc..5b7a21237fea 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -197,6 +197,10 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, return !memcmp(bloba, blobb, sizeof(*bloba)); } +/* Map lsm names to blob slot numbers */ +extern int lsm_name_to_slot(char *name); +extern const char *lsm_slot_to_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index 8fdf046fc749..37c14572501e 100644 --- a/security/security.c +++ b/security/security.c @@ -478,6 +478,50 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * lsm_name_to_slot - Report the slot number for a security module + * @name: name of the security module + * + * Look up the slot number for the named security module. + * Returns the slot number or LSMBLOB_INVALID if @name is not + * a registered security module name. + */ +int lsm_name_to_slot(char *name) +{ + int i; + + for (i = 0; i < lsm_slot; i++) + if (strcmp(lsm_slotlist[i]->lsm, name) == 0) + return i; + + return LSMBLOB_INVALID; +} + +/** + * lsm_slot_to_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *lsm_slot_to_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -499,6 +543,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); From patchwork Tue Jun 28 00:55:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897380 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E27DACCA47B for ; Tue, 28 Jun 2022 01:00:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242665AbiF1BAv (ORCPT ); Mon, 27 Jun 2022 21:00:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242535AbiF1BAt (ORCPT ); Mon, 27 Jun 2022 21:00:49 -0400 Received: from sonic316-27.consmr.mail.ne1.yahoo.com (sonic316-27.consmr.mail.ne1.yahoo.com [66.163.187.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7538122B07 for ; Mon, 27 Jun 2022 18:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378046; bh=+QAFuIueFFODNFCIp51vXXsF16uaRjSDQ9f4wbnX1/Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=NsyTbaEAp67PjdMh+i04Uy8c68uB3vm9Uuo61kVmui1SSdWoGTsCSxf6aEgMWP61eJ3jyIMEUpzcjpxGk0QTxoRTSWji50OBKNt+K9n7cJ8pkdPjpw1MXooDmfKMVgqK/2aUyCMC3l2itI1PjO7A47kciMWCo9XxyZwtJBBek+31RVhwxFJ7cU+vl8DjHU3eAmO2jYukgFb610+wxGhjDDKvVnYv4RAjkLBtuAd2h5BcrONmUAnp/BXYEaCx+CcJHRzXRA851PqHxQSqw8l4TuduyZhP4j3+rf9b8eqA5kp8PXyKbxcCB59BxlqU1mGu1Lppp2ETB39n6fAWqpSNjg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378046; bh=bquD8fiVhrpPKojfjzVDPS7dI2DuWubLptqP3gwsz3+=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XxrV0nr9qW2acFNAfgpCP1tLdOTcj834eo4hCFThPQWA1cmidyCtaEGb+jKQbEs/HlZioD6VrYErsHnZrJEEyFpZ35nz1h/JrWGn4gcfbLe1M9aeWdjDUt/3PKT3ZSTAWpOPMzRS957o58+FAzpOuhca+0xESFCeNQGNBzLUrIE3stR7MrUv8HQasJzJnhcfhUXRlEBKYMwpGNX6D/+d1Q9TyvIj1BQ4OluCY0QFmwHirAo6ldYlnU6L6SEVjmNQB6F4kcXHS3BXKKPdUOyzxTMAbeKjIwEmn/4UwCf/bPA/Yo7BTz7zAr4g85eby2iR3bdWxT9WXykb/SNLwuZiwQ== X-YMail-OSG: aHyCj6gVM1nnfNMIW5n5ndOy0qFRTs8ohyE5BIpltz.XCrqSedpIRx7k7qmS7.e 7t.kQEeMV8EDxhibTIWy6MsMY_q5.gyOU3rBqy2mOna8Dtj50P3ImeclEdHnzImm0gw7FvZojiiY YfAjSQNuBF5dD2vEZnwt8KUoDiOvp4aCNCJpiKVtxLMOTd.f.FV6LNcS.teSdAh72yMP0xq7bRNy uG3wEpUy_RLRaAKn8PFyHxX9hMY_Nu18quG0zmTY7DjDsNaZ7A6abr5YZ8KCe1EuwQ.yFeHrkFjG 49Lm7VRV8r2WTavnULqu6eRO7Co4IU0FFC8MZ1ITugNZIQYoRgke.c7lzJOPOW8fvDjtMtzNH41b A.MSHr0y7KZ1rMz_XDCkTFeKGsvhIdXVk6tH7M1J3kev0h2E7DYh_7ZJi9wxWxrN_YyLGik6b22T FD9oExF_V_rJGLhdGtkOBrUs26kSYckrFLgduYpwOwWL6Hi6XLKfoVk6u1bPfa0melLnB.loyoIy y8NL3RWIqXYm2AY.HUOgkbjhqsj95Ejzlns2p_rcQNtXu.TsExxqdFsiTy8C.kEo9qOZ.FdjRX.P M_qkEYigYZozskcLjSkgdudGdik2o_zCv7LR29iF.nIZ0FVDNEChSXk07Lvrc6TimJNodf.XZ7NU xHNBPIzRjBB31cYjbOvXTwAWX7LATtR2nyhfpLjJWsEZ1n8caCmyoc1UexGwvh2QOiQgmsibqQcA SuXuV22rlBFYWP_kJABgZ32ygvmQnQMO.4HKnFc34HO6CNADyhDBXRgfNbsCIdM0kzH0sNfPmsoC D1vuhlhfOYofpkiSPKMcQ3Kn6PRqry6nBcXZzet77mXq6ADzYmXIlye03ZFBBHkPYGR4FyOjF3nq OuuPuZjVjlu_2sxq1rOaZ_Mf2MhyKuKe6mDSpDNlIJhL9nrCSGxlJ63m1qwShiCvUnlWraZmljvj XSAtILeae9J_r8oVs4LbL3TQOu.sbednYGflZMWNBOm36ZrJcQFUPDxTxS.uE7aIu9G2fBIPgVQu 4IKeWzBkgdjiZiZwPABs8miko5mcqe2ELhVoENSukMQnylH5hUrmuG4.eJwzHmqhX43kGwKHzEaA fr3RmwjyDl8XfzkAPD5Z5.2zJdyjdCKcx_TWK.5P_XMS_5OLm8T0Rphk_FWDB5ss52Is0aPXmdeP OWeEX8Ph4_5dFQ__wQ2MkJI0jHrF8bz2MSC5Fxk7PdytpubezjB7xP1nmSWs1F31pud3fy0Yr4s3 GCDcY4EhIeobRor6t0SQoSlWox9HorhTNhpEGtqiUqiwqapb8_kkIY.OsBGu74LzS6bARYID3kIn 8rha2irtxsle2YWg8GGJv8Z.KWoZpD2q9_geOWgoHTqfYlNUKxSHZswTfqzJSbqi_eiKMbbAy6NZ YG0Sd24uORAY5g7DcVcHMgZVN2YA7GSBdal5LTQsNT7fFSXRvYikmh.ifT5jPSTUlqPvM.wc3HVO 5e_ES23zFcRd07bEo0v7Mk3BS5_uLYyA1CKMqtQwkstTtmT98e82.wk2LMc9.DZ.TS95Q9cyAfR. ZpyP3NJTiuP8hJ9c9cthKM3owTMzo4jlMX3ZiGS2Lgkt5FIGJxV0bmL_k08TU1Dn_tt6yEY3COC4 zq.teNzNAkVHr_6f8IIr.CszzF_YG8jQ_YTySqc8CyfL2ZdQKJ1Cvc94dyK6FS_BbZHLP_2T2Ava r4BieLE72pUR.nARVbVOMLKxKu4aCrCx3rI0xaI5DMqDUdqLl7KC2xbj_snY0CZ1q.uLd82OGNPW Owj5ZPtdgDFmkr7_lvODbYeJT2EjcIxkOxcwn.qgzfUVpGBrK_DxTp1bx1LoDnoiDmdnUJNzq_28 OK2TN0bGdLWTMe6Zb8_2Xdgkhk65oHC99az18wnZdUEymoeZ59EbxTDgtj.hrvguPTek5j6RienL 8cX5Y4d9kcthk7DGc3_BoKbrseqoDYNcAQ7cXHuYUcxq60d4A4IFe3LDO7LOvDPdgxuKp0gpeLlt G8nGapE1ZbBopTNvS54C_zVGOiJDaejehADlDrPoLoEbcZXGDF20d9ERk6c_lgjIstlT4L32ExXK aduB9WbYV5jvSYQ63QJs1wluPq8FmuHljkwtjVJQ3UzU1ChLfqWHCNMV8MlS8Zp.ILvKi_Sxgyin V2qDf8_i7wSHYmehqfp208YKMYlH7_c10452P3JH86AAdKaKCVpLji6zPwlf2mG7QBgxzPWfhHhy IQJGtcsOE7LxfeecSY.M9uxO5FS0NnjgE523Q.KH_1v3BZ4l.IirgmPe4tiLLODEF3R1u5LMWY1e PaDaiQsU- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:00:46 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wjb4g (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2eb209f35c81771290ca3d956ba58232; Tue, 28 Jun 2022 01:00:43 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 05/33] IMA: avoid label collisions with stacked LSMs Date: Mon, 27 Jun 2022 17:55:43 -0700 Message-Id: <20220628005611.13106-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Integrity measurement may filter on security module information and needs to be clear in the case of multiple active security modules which applies. Provide a boot option ima_rules_lsm= to allow the user to specify an active security module to apply filters to. If not specified, use the first registered module that supports the audit_rule_match() LSM hook. Allow the user to specify in the IMA policy an lsm= option to specify the security module to use for a particular rule. Signed-off-by: Casey Schaufler To: Mimi Zohar To: linux-integrity@vger.kernel.org --- Documentation/ABI/testing/ima_policy | 8 +++- include/linux/security.h | 14 +++--- security/integrity/ima/ima_policy.c | 70 +++++++++++++++++++++++++--- security/security.c | 35 +++++++++++--- 4 files changed, 108 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index db17fc8a0c9f..bac75acc24ba 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -26,7 +26,7 @@ Description: [uid=] [euid=] [gid=] [egid=] [fowner=] [fgroup=]] lsm: [[subj_user=] [subj_role=] [subj_type=] - [obj_user=] [obj_role=] [obj_type=]] + [obj_user=] [obj_role=] [obj_type=] [lsm=]] option: [digest_type=] [template=] [permit_directio] [appraise_type=] [appraise_flag=] [appraise_algos=] [keyrings=] @@ -138,6 +138,12 @@ Description: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + It is possible to explicitly specify which security + module a rule applies to using lsm=. If the security + module specified is not active on the system the rule + will be rejected. If lsm= is not specified the first + security module registered on the system will be assumed. + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 diff --git a/include/linux/security.h b/include/linux/security.h index 5b7a21237fea..5b0b2a596cee 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1987,25 +1987,27 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #endif /* CONFIG_AUDIT */ #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void ima_filter_rule_free(void *lsmrule); +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot); +void ima_filter_rule_free(void *lsmrule, int lsmslot); #else static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, int lsmslot) { return 0; } static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void *lsmrule, int lsmslot) { return 0; } -static inline void ima_filter_rule_free(void *lsmrule) +static inline void ima_filter_rule_free(void *lsmrule, int lsmslot) { } #endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 73917413365b..b04733a5d066 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -93,6 +93,8 @@ struct ima_rule_entry { void *rule; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ + int rules_lsm; /* which LSM rule applies to */ + bool lsm_specific; /* true if lsm is specified */ } lsm[MAX_LSM_RULES]; char *fsname; struct ima_rule_opt_list *keyrings; /* Measure keys added to these keyrings */ @@ -285,6 +287,30 @@ static int __init default_appraise_policy_setup(char *str) } __setup("ima_appraise_tcb", default_appraise_policy_setup); +static int default_rules_lsm __ro_after_init = LSMBLOB_INVALID; + +static int __init ima_rules_lsm_init(char *str) +{ + const char *oldstr; + int newdrl; + + newdrl = lsm_name_to_slot(str); + if (newdrl >= 0) { + default_rules_lsm = newdrl; + return 1; + } + + oldstr = lsm_slot_to_name(default_rules_lsm); + if (oldstr) { + pr_err("default ima rule lsm \"%s\" not registered, continue using \"%s\"", + str, oldstr); + return 1; + } + + return 1; +} +__setup("ima_rules_lsm=", ima_rules_lsm_init); + static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) { struct ima_rule_opt_list *opt_list; @@ -356,7 +382,8 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry) int i; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + ima_filter_rule_free(entry->lsm[i].rule, + entry->lsm[i].rules_lsm); kfree(entry->lsm[i].args_p); } } @@ -407,7 +434,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + &nentry->lsm[i].rule, + entry->lsm[i].rules_lsm); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -623,14 +651,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->lsm[i].rules_lsm); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->lsm[i].rules_lsm); break; default: break; @@ -1026,7 +1056,7 @@ enum policy_opt { Opt_digest_type, Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos, Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, - Opt_label, Opt_err + Opt_lsm, Opt_label, Opt_err }; static const match_table_t policy_tokens = { @@ -1074,6 +1104,7 @@ static const match_table_t policy_tokens = { {Opt_pcr, "pcr=%s"}, {Opt_template, "template=%s"}, {Opt_keyrings, "keyrings=%s"}, + {Opt_lsm, "lsm=%s"}, {Opt_label, "label=%s"}, {Opt_err, NULL} }; @@ -1093,7 +1124,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + &entry->lsm[lsm_rule].rule, + entry->lsm[lsm_rule].rules_lsm); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1833,6 +1865,23 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) &(template_desc->num_fields)); entry->template = template_desc; break; + case Opt_lsm: { + int i; + + result = lsm_name_to_slot(args[0].from); + if (result < 0) { + for (i = 0; i < MAX_LSM_RULES; i++) + entry->lsm[i].args_p = NULL; + result = -EINVAL; + break; + } + for (i = 0; i < MAX_LSM_RULES; i++) { + entry->lsm[i].rules_lsm = result; + entry->lsm[i].lsm_specific = true; + } + result = 0; + break; + } case Opt_err: ima_log_string(ab, "UNKNOWN", p); result = -EINVAL; @@ -1878,6 +1927,7 @@ ssize_t ima_parse_add_rule(char *rule) struct ima_rule_entry *entry; ssize_t result, len; int audit_info = 0; + int i; p = strsep(&rule, "\n"); len = strlen(p) + 1; @@ -1895,6 +1945,11 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); + for (i = 0; i < MAX_LSM_RULES; i++) { + entry->lsm[i].rules_lsm = default_rules_lsm; + entry->lsm[i].lsm_specific = false; + } + result = ima_parse_rule(p, entry); if (result) { ima_free_rule(entry); @@ -2205,6 +2260,9 @@ int ima_policy_show(struct seq_file *m, void *v) entry->lsm[i].args_p); break; } + if (entry->lsm[i].lsm_specific) + seq_printf(m, pt(Opt_lsm), + lsm_slot_to_name(entry->lsm[i].rules_lsm)); seq_puts(m, " "); } } diff --git a/security/security.c b/security/security.c index 37c14572501e..141922732d10 100644 --- a/security/security.c +++ b/security/security.c @@ -2722,19 +2722,42 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, * The integrity subsystem uses the same hooks as * the audit subsystem. */ -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_init(field, op, rulestr, + lsmrule); + + return 0; } -void ima_filter_rule_free(void *lsmrule) +void ima_filter_rule_free(void *lsmrule, int lsmslot) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (hp->lsmid->slot == lsmslot) { + hp->hook.audit_rule_free(lsmrule); + return; + } + } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_match(secid, field, op, + lsmrule); + + return 0; } #endif /* CONFIG_IMA_LSM_RULES */ From patchwork Tue Jun 28 00:55:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897381 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FE2FC43334 for ; Tue, 28 Jun 2022 01:03:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242182AbiF1BDG (ORCPT ); Mon, 27 Jun 2022 21:03:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242805AbiF1BC0 (ORCPT ); Mon, 27 Jun 2022 21:02:26 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5724722B14 for ; Mon, 27 Jun 2022 18:02:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378144; bh=vcSW66Q/0Hq4FZPJSQERxuYrJ2YeSRucdjp9kvuPOwI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FLegc4FGHhz7skHiIssuUmB2eHLTXALnzoFkC1nkk8kotgKXd0gMkKy58+zvziktTKNQl8hixVRhQggL8Ga5+NjecP2TMRR2IAiPWIQrwvlE0sw59mY0HGrOLIy88w4+baCT4iQOh2pHndseUwJMp0S0xzF7fcuWd8cAM7FYwP42NOEi9S2GOXEYIeNoHiZN9YpUWesIOvZkYC0EIFY6Azt2iiGuj6CsshaLc14dOd1ZeuBvlgAATx9QLDoSw1WReH9ko5YMwQYb0FXFKFO00VTxz41bCTn+XBgmGH+P0sf98WXFNDkvc4X8LFV1LSesVhAntP0J2O3IC9XcDuw8yg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378144; bh=je1iv9XeAQ25RoQwoMZ0/J1oTsr2zzYTozag6j6oUJq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=qv2aPHxLXt49TgdBY7Exxv3bhvt6h7HXqPhBfBH18LYzOuNQhXPEhkQ7DlJ1h2pW0CtUYsTaq8ZLXs14nXbMxyQZdsCovMcc6YhpmuQ2iO1XlM3dijEKxSkpLuQ2ajmTElNGUm/erfNLugPw4cgXvdNN+xQlIUBE04IDBbidYPDVGPrrEBRR2+/BUoBlATJBtBKKlzgJob5BYYI0pe7XXkduOpuDmLWmKoGEV0AtlP4fiHwGMh6yasePczTRiWeD8sUaS8j39mp6z9przkXkx6oLW2sAIHwtib9Z7V+Tloya7LYS7CiNNJJfZJCxhPK+yyNTjiOVUqV3Ru/0sUcBmA== X-YMail-OSG: 3poEk_MVM1nrdovmES23BHNURK19TP3oJsImC5yiFWFh5aF00AwYbSujBqbaDjf iT.zR9o_ToeP.V0LwwzvSWmNjFZAnjHckF_9Xz1udwP0mCEZ5sa4BLJUKMzXnm5CxkM.TNW_LD68 KPogmYIHQ6lzrIO07zJgCNrD1nTnYnEOrLr3R4hBlBx.uao4JlawodWvKqA.4b4iTwBWPTZbT_qU 05atae6EJIzU0UeJHk2Sg_Yw_zF1TGIP9V2cfW5IYfoIsxwne2uvkED7TLB0HEkVMMayVafzdixB XM1SO9VHWIgAfAzQJ7gYlD8Dc0y63THukgoTc_7KOISgVAVrt3RrFx_R10e5s4zHO3X525MebuXa uTigG9hiIfi.s3qboDzFYyWeNMRc.2iz4AwbrfRYTdzxv.w75UuBuNbB0csAomcFtC79UrrTaD9A xnQCn5FH_Z.WpDndBVVD7g7El478HMEaGpxlhrIpOtHdHWgRGaUljDG_2iz1XcmQJuDnRBhke1Te l5R2MbJkW_hWCUqwYHMYsJ5515KzVYQkb3hxCMQIxTYDNIJZ6Q_m4dAjZw1bkhBf3mysv7f1QMgj NcAdMCXh4r9njqTSciD8hErJqLY0OcUOme2GJfWobqW8Zb0KbPH.9H0OHFQF8dC6gaDppgiKb1qY joHMcfa75IBPOXo7DeifmxAdYhFwydgr__xgt0J7k649jqZcBbdOElosJZwzW3PdyhS94bQ_Vxf6 fmx9CqsaR_fCbxkNQ7yiQOGd0bhP1JYt7jK15W4XcKOgbW1dPLswPQJJrIkL4W1OHSQohIqWjezv IXeCfQopgCX.R0kWgDCsSjnCYZeoUKVFe2gKb8vp13o6md3A_SfSWA6ffZ34HXdcUEUrYabAn30F 1Xx5aIStRBptwV8ZXl7jvVyVWX1PGjkwK1UBMeSWSi5JCCgryidVCCGX4EitRs7wQDjKw_LCl9X4 3Nq.XendfAAYJhESTfpeh3zEp2uj44yiuN3JmPBUG1EAsurKNC34wTBZiNvpb9i2rv4ce37rQHIW fVGOtz82M72WxWBk.y3zy1UY.Gk8ql44UIM1.FafJ5B4zBl08iP78aj2PMen4v92AUHVKe.1kvc4 jpacdADbpi12qyIq5vShu3hyBi_.KJCtEWsFnm2_c3CuTEIXYFkle.o0VRI0QAPFWQSpypV3GbHV m.pt8NtBMfBW_6fjnhzh_IBzQdNSnR8n776o6Tjmxksm9netdfMKMLZM8QHNMg_sCGCMrEFsKI6A XXnTc6k2inCz5DDNX008H2oCS87iqoSouX0xVNNkfjll.4YIHipV1ZaPZrbjkIe9rK9wP3_qz4LQ DP_WMyD3dWQtK1ocrsPCNF.vXh7wypgKVX2Uz7vaXN8n.T2FF8XKEYhSYS0AzKt0S19Z1IR2ByLO D1HsIdz12dWwn97znu28OuJ2mhNZ7ldb8WyYRPJYgeObxRo_ktQ31IkNIttBvCfMQwrfiGgeBh48 DflSi1METcG4eLZfxHcW3iLTxwnPD6o8eljo3ko9hb4W5kqWdEKmhU0ZJdEgm9.x4hcTSVNWdjMp 3LZWD05mSalCkvNuxxv8kwerKmo6fNmtLFGtEc7zNCMASwF6luG4Rn8VnFjOJZqr3sjRcp7rijZW qm9exlAEJoZBZWa30Yx5zq_V0xhEUkNVn.rE5l.odm_v2J3fYh6FV8SPNkBFJfwJWxRne2N8QEJi 72g1dr9rqGhFgnDeu25TTabIUdArUzoUJNXXHTO635NFcI8OjtyeRaYo4bzYvW_EBj9AIDkCAmKw BGzWm7OBAtbT1L0Qlv1MEncBmqeECQcH46dIahgkUZX2bHESfoiBQTN_it4IjdhcZwDRBW71UpRm s.8Jjh3AjjJLcGIqHSEBb5FWPpwiKm6N6OYhcMlY33FclWU5JynTHfAmjGC7hRDzmdOqyM5yUSH1 1SQrrBbm5XO3ip.dBZnfokh9mIMWkQ9LnWXMEIapmBt.QYTPUGuf.nOHAuvj06n2fDOLQgHriyem 6IxfvCrsiRp.jl3es6bn0QVbznV9Vft9RJprQMeBocFhZcOSUIiwp3PzUJcsJ.Rs._9BxlwFJMSS JMkOwnrf7mhgj.UzgenWr7YF3qttSmSkJhh9rabnBgQ1UKP5wHmb01RlvAIWngV34nj.zkW63iIS iKISeD9_BHn2XC8pByFQ1I0P9jUl.tqMnbDaWAAKpR7mAcHtrSXsWQiwVV3XqKwhmOVNq0K5pVyJ aPOnZJ44FZUV_eB3dr27yow7RGSyD.vSdpekXip96ebd.C8CMgILPt0BI1hn1a8VP9hwVLSIUFCM shPTzgeUWSe8035Qlk_7.nDw5WRZlYv9lb1sh X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:02:24 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wm5tz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dbf52cafe43ef47006ff0c558ab03737; Tue, 28 Jun 2022 01:02:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 06/33] LSM: Use lsmblob in security_audit_rule_match Date: Mon, 27 Jun 2022 17:55:44 -0700 Message-Id: <20220628005611.13106-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Reviewed-by: John Johansen Cc: linux-audit@redhat.com --- include/linux/security.h | 5 +++-- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/security.c | 5 +++-- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5b0b2a596cee..95ba8c223e0c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1957,7 +1957,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules); void security_audit_rule_free(struct audit_lsm_rules *lsmrules); @@ -1974,7 +1974,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, +static inline int security_audit_rule_match(struct lsmblob *blob, + u32 field, u32 op, struct audit_lsm_rules *lsmrules) { return 0; diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index de75bd6ad866..15cd4fe35e9c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1337,6 +1337,7 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; + struct lsmblob blob; pid_t pid; u32 sid; @@ -1369,8 +1370,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_str) { security_current_getsecid_subj(&sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, &f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9820f08fc47c..221196b0cde3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -468,6 +468,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; if (ctx && rule->prio <= ctx->prio) @@ -678,8 +679,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, &f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -692,15 +695,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - n->osid, f->type, f->op, + &blob, f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules)) ++result; diff --git a/security/security.c b/security/security.c index 141922732d10..ade59e3638e8 100644 --- a/security/security.c +++ b/security/security.c @@ -2697,7 +2697,7 @@ void security_audit_rule_free(struct audit_lsm_rules *lsmrules) } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules) { struct security_hook_list *hp; @@ -2708,7 +2708,8 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, continue; if (lsmrules->rule[hp->lsmid->slot] == NULL) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrules->rule[hp->lsmid->slot]); if (rc) return rc; From patchwork Tue Jun 28 00:55:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897383 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F7D7CCA480 for ; Tue, 28 Jun 2022 01:03:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242796AbiF1BDJ (ORCPT ); Mon, 27 Jun 2022 21:03:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242781AbiF1BC0 (ORCPT ); Mon, 27 Jun 2022 21:02:26 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2B5522B20 for ; Mon, 27 Jun 2022 18:02:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378144; bh=lAzeaySMYExR9867Wp/iqvj4/2i9k9dL3nyCk5m0AUg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=KMgqZKMlNsBMYbnXUnEmb3cqSsfi+4223y9du2CeVXNEB2knNePekroWgVHm78sQaslyvEXeEqoiMupzP3c+HejpGUj/xv1TPPku8vo78h6JgUCbOV5GNadtTsnYUrg7MeetgRxlGo6O8BLhJgs92IMA671PWg0Xo045QC8GlIwYQ/MyMPOvS2idUCMM5ncRworK2ORY6sDARFIG7Cv4rt/rn2HAyVlcacBkssxK8uxbTsZLjopvWk+VfUIXtR9MGp5wbdN7roqwBETS90w9Doj4qll671nqBXH1hfF2l7lajtdkcmzqO2K9njXf2qoSQVo12gKgmhuoyLeYjoni2g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378144; bh=gPLmQupEko+qO15pw9Mk7YBTdjQVEF/ntX0Dhhj8E3A=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=hqx02pzm0IQ36bQ+RWSa75M9crYSBWsiNjqmf/KXd+zVozS2DIS+jR1HOGkSSmlbHH8J/hs7ypZJy5bNoJZUjOyMAcojfPiI4z7pxLZ8dcf0FhhLRgR8uAoRhj4gSmAYmB82MR99lHxc+khEfgun58qNwyuX9kDBJNIed2eVKuFvHvBkldjYsi443VvvvRjTXEaTSZQasRVD9Xo/0itMt61Kaot/EICgxJ/5KAYSDQiQLiLO3JyXLHZDatrCa98+D5PaWCNxY5AwsiTTmPbNRzCeB2VVU8QCrqGRtsrS71dcgFhsXJBPhXZqI4AYrgyT+c4mGeCP8QAT4Hl+ogBWIQ== X-YMail-OSG: wjn6n8AVM1nX8SJP6BcjnC3bEqxiaDNQdQn8gPjQIdoNwKFM9ghks7Nb_Eb.L_5 Ixl2wimfp0gPOzWFFXvogPl8tXOC_3atLpwZ10KQEvCUvSa1bIp_iB8nxf4pfezN0NgQo8sglKPU ZLWgr1b1tUu.A6w7K22we7ICnFLNGh4dIpNj7eXL99x6znQQmf.kAFfSZo7EoeiN_GpUamdZXWFy ._Ado6jlE9vOkHkHwsRHDt0qoBdVsCqbBGpU2PPIGSI.xgR5n96fv.POm9GtCA.AaTM9UjMAQhv9 WTwweamVLqV25unx84BR58HDtGLuO80y8f0mfSCcWDu_j.FEuZoRknG5RGj0MuSRYvGq6bxCMpoh IiJEOKPd8RzVVId4ZRoEXsG5YFOHZAUb3zQ.lu4r6tfpuOaPnnwkA024Fd1wjkEbagSwysUhMYN_ C9GFCMMq0V8KdpzInKhJEnFJxF906Bu3tXmXt4LV515GLzkARWQ_cDZ5k9OxiKXcTVfI98AWyosM V61A7GHrZWfOUb6GSZ9sqc2OTsmJ2MjuV9ylUX622.kJhuNaJsF6ppagUhP3YvPk4l1W1dzoOt6m AATnWmjY9CwIxNvqjgTO2925616clEXk4wSQvgvgPGExPRr.6pe9aAJRU4OVTD5VrWGM6TGykVwh 5azmd_TObf52zbhFaNSp_JcXFA0cBX2hhnbt6XomMILxzhKs9KyKcJBFEc9FIRLeGjsysCpbMqAr uIfnjOmvGu7HdA4gWcVregKoqS1gzPnRHglViLDTeNKroZavWf0pm4swaRHgTaXqhOa7RL8Ag4Gx gaW9B8CJb0faSrvHeJkLvWlv.aCA16.1nE.wLjfLQS5ltWuW6Hwra5r4E88m.zFbtbEDgf4CnJey v3Vg5bnCr5.lG5kbU1oD9QikihZT.YtgN6nwNbNLMIPabWLWdtwnf9SGCuLVOcC2x0rGc5JD.1yi DWEs_WrS4Xktwgjzn12wORB1uJcyJXAYNQjuFz3rlZK_taj_draq0GneK0xHweqbOEZuGXHoqHPU fan2c7YY5Vikv407LeqMclLZYOaEf6l9a.gkegn7RxGghcnqfE8MkGCkPjwR3iArP8XgYGjAaJel m7qoNZBbQUQycaVZJ8C.D.nX.dTNjgesTRydsBV68pz0GaifWBd4vitUzyQ3HVUkMcPl1_h3W0et IfY0oXuiyWmftFcpgn3LAaIC7eLYXTk8hqohAWmrCrG2f7B6cYT7QEQWhdfO51qzO39DnzjeFnt1 L8XemIyjXKYzxAkuIIvBagNu5OLEEq.30pmlhT.l4QNnvWzvfrj.D696.e4zeyV4JlO36w3ngiQm PMwAV6IT_zNqLZYcaVL0eeHc_CZpK6Qlyj9_UVxX53v3qbR_k7oimKSonYP4k3gkOQJ6n_JNnJLW 9EBitMsAtNTbzKBY4NJFY2gVfC5orWeVSqhKAaxPRPMzNQRfpKKD_h9mzILUm.jv2cQSSxp5Bnox JWU93M.BStQzYwNGpiKyoh7WwhqVZDGbOa7cIA7QOE.BkR4Iy0_kyM9htE1Uf.3XmEdgCF.ajnxf 6lXk8vDq7GhuKHJWcmUZKYXqYtTYlOceXmAbxnwHBnYlAItOKwZBbKqmnMIiXyAhzItimEK0dIB4 pSDC8BLGrlhAe7eCQOpPzOxAosOfG7cZsFyilkFt3N88sJVQEhzX5rXZXcIMTnGHuXyWAcBWF2cq q.mMUf.4Qsa583ExN44MbYHL61AEDWrVnaB.Yau_3wUis8qmpqPAY_L8efoDLdcyTpuKCq5Gg9SD IbeY.b0JMRSc7wld1pBf7x6vKDN_mWBwJ.H8tcJzbgKUhTXuJys2eG.NULxazscpZ66bHnu9Jz4I P_5WrC5nm1x1IWVfwY2qIHDoJqzOgElSu7Msf5q9jbSWA.ebt1XW_sqTYgD7m645fu4Z7qom2AZ8 4zo5UfEEW8isbpdoerv3DE6ivqJtOQRfKCE6GoptubehlW1Ya3nzzNULNFV7FTUpeQjdOg4qOUn. O9zh8ob76yLyGZJOTaJdIUvs8zsnHIN0RoWhFSkly.8tqAqF_Nh0zEH_8aJOojq9eXWNhEqFdMxb 3MN8152fnKRHdfZlhTbdKn.AuFGvO74ADixTxqh_b0gWbNDU7GeF6FMDfht6UbzVfcgC2jkAwxve WK0M7_f82AO6KDPUm8YMFPOYfIBo1UstKladpz672ankjHE4s3Iqr.j5n5bmCibsKUl06NE7GKjW SyL4ax52Kdoz6x0KKZ8QUe3CyZ8YxzBiu2N5IVq8nk.7EwKQ7J.2lYdERag-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:02:24 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wm5tz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dbf52cafe43ef47006ff0c558ab03737; Tue, 28 Jun 2022 01:02:21 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 07/33] LSM: Use lsmblob in security_kernel_act_as Date: Mon, 27 Jun 2022 17:55:45 -0700 Message-Id: <20220628005611.13106-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 9ed9232af934..610f70a99f60 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 95ba8c223e0c..823880ba613e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -465,7 +465,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1107,7 +1107,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid) *secid = 0; } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index e10c15f51c1f..3925d38f49f4 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -767,14 +767,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -790,6 +790,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -797,7 +798,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index ade59e3638e8..d3b28a6b9248 100644 --- a/security/security.c +++ b/security/security.c @@ -1810,9 +1810,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Tue Jun 28 00:55:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897382 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9310CCA47B for ; Tue, 28 Jun 2022 01:03:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242728AbiF1BDI (ORCPT ); Mon, 27 Jun 2022 21:03:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242850AbiF1BCd (ORCPT ); Mon, 27 Jun 2022 21:02:33 -0400 Received: from sonic316-27.consmr.mail.ne1.yahoo.com (sonic316-27.consmr.mail.ne1.yahoo.com [66.163.187.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C485122B21 for ; Mon, 27 Jun 2022 18:02:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378151; bh=z3jiL2tCAI8K9XeufR5jyTcN598SmLsZZztorcUuBNM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XIUprzOOn613dOmiS1XbrYT4yPlc6d55MhS5QawvlPhdb4CoW5J06pi2WPHJHVwTyGZdR50J7qT5hgA/2VAQ6ZdgfZQWTTFItITg1QK5iywfcJNCAJOZ1t/krOXN1hTJGoVgjS+0KhA9zM0eTxI5XkWaiVVPWA4sthY1c0/dR61a33YWWT16FRZRTq29x5eITTADTr3YC4E4PVIzFiC0gxvSEGZMZoXAfC8YqMAGn53V9P9EqHMiXd65Msxf06fbBl7jkbtk3aLgM447/w2iQb8xBTYmcR4okVRXVH0VXADk7eYnwdQbB/qvVu9J2SQuAv/U2pCePhf1YGQQEYvudA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378151; bh=NNZ8jDM4uDDZqf6115zwAN06m2X+w/j043teU3HyfDP=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cJm2kcoyOEhHvzjH6mAsyAYE7ar/ZswJXp6ZkW/t+OIDk06L2SggO4AYLORlTMmHvskNTMQUXjfh/DlcBY9RRobuQ2hvnIt1GEjXkof78kQzLstidJdU5taGFnBrMmP0v4SJInGNXhoN9FZm3KDG5NmbLgg0aiOSFKH+rJidQEVYbwETSxKhmJXdNn3QhLU55GAzxI/8jRIZfsKlVc9iynT0GPfr7r/HK3NHaZ+qcsVgi4up7T/mlE0UiuxMNfjocMe48VoU9eWk+NqMoZU0Xcwh5ZVI7a9tFa1Cn8vevc7vPEncUtzNL9PL6dViyDqGMDz+E2IwOvOOuNlQLbop1g== X-YMail-OSG: 6AvIDGcVM1kGIjMnTaPeAbSRNjUbhRHB0lUa7MF.sbYvlB45vlC6b0F5oyMxRtu 6gujOHQPCcfKq1Qf0B72_ZucWzWi.48cI69nuG.6LuZ9TOiVzSMIXgdbKnV2wVCNRgT8Br_2.GoV giuODmTQMjGksOTQgK2AxhhrB9e5Qhj9aAr_GbDbqnTDB3LR9xzMRuj3WHFPicgJYfO7v8NaW5gf zMCmZWEioDf0FJimiUBAdKhex2SWvJK7LWRa.qM5IGst8OSvwsUh.zbE5gv8pmXYN22niYvIFQ4. cxX45dpPpRwNeVGoo0lzDXGoDdm4zMexhhHwV02SwgtyJOa6pp0WOyoKbMB5Gt4jqAstGIEUeVij 6yCw9TwTSmxuLnABOj_.25PAn8X.dvHmocGDbK.12fqGaF9Szf.63hDea5.to9P2m8VS94P.BkjF aDJAid.jmOAUjrgDCztCXCk.ykemTpKQHJ5IoBY46kYu9J2LnX1m02VkgGtUuSPKAcHr4OYOEq5u yNv.RjpSV2QoSUSSy20ZLhwAEo8.iegZ6odZ4X_qzPOq_sqgRW9INhhIZKBnuHSoaGFc2XfBK9Qp QTBHe0t22iHcQn6KhzawX8tvEODfUI8C5lCw2A88DUL4GIEDy6Sh9HjWUy7crqzrAfSCU0YVIizj SlWSvUmgAD8SS8.o76UPuKFbUo9wl0rITZNI5e15l7tQY74J6IfPHFBuD4mtLt0asTdYRwSrFwfJ iLdhyhQjhoTZDFBotbunksFe3pigpmUahDTVXZ4u82h.r8tOB282cIYWI0klcN8Ws9YkPWklpu8U fHqkoVLksOosTEwz5nYe1u6aU40h0o2kFpdrGrrfcMWnhk6fHd6WFMwufKo.3n1xNyNlCShFavmc 3LUF.klGnEuD74kZl6nC7OPFoUv73RsOILQX4gbi2tkPwr.mjDFsjne2qKvOn55Xkve9_RnDJUGs MFWbBkw4pn9odrZGnTFbkxIZaN1p_h4.s_PTlKvOekqPvPs.aUkFRk1ENPGrEwRWlj4lp.Yu6m_p MOua9gilxjMynHGV9sU.fXzT837SL1i2E3J_YD1H.fHQ6RfILTUQgx0apgxCwZ0KC2qkwRjpJ2Zl bcYQDk4eM.ebwA5BElA630Trvj5Ucbzl5ifvHoycaEPP6Dex23GhxV6G5Plt17J1yXmnNmV9vo7T rkEH7qasEHRyLxxKF3CJSLuMEVMXN5JP7PKUWnqF2Tk2Z.5.El6upeOuq9minSpCzqGy4gF1a7iW HTMY6kbbLFj7O9oDw0uOPMqfMMjdgw0.pVbGdFp8QU9nBIuPoJiCSe1t2oYPk_oUxTxhd6yDlJH. bFQFhtZlcp1DjgzlWHil40uG8TUOGe9sECTMDwsdEBn2eu4AhpMFNKmUSjTKEbpJCh1oz70ZHDSB uGApgIfiPYKy1V7buBUFkyAMLhj8LVgeByd25ZZf7oM3AUDbCqy4e8ivxgD9VUm6HdXDaOlfET.B 2RU1fvxmZ2bq2rCjmwZPQB2SokdsBkLZHdPR._.B5kF8FDN53bP_qq34gxMmo_qAbvypyNdbFuKZ BYjkiShaUBH2rrT56eb3o24E78CiqI7sZQznxLlHIF4LklxUpPncpFM4bWxhD_QZalR0ChHfzOZt hcARMEsjRmJ8gtgSdPBVBDa3XZmGVhhFk6LId1aB_4GF7_Y4KkkED49MB6zMdXrjoeSppUA2fLre RTytQ8E2jbyczVWBBgCKINIrxXOzzhUXXeGkYVxhMiWwJ5DIiCqVqN04hCg0lU.m_o6wN9PCWUAL E5KviX5dG1sITPnz8WV27h8zWy_lNTBKbzX0vHNXt4xKMccbAq25fkhZaXK_B4.exQ1gBNC9hMXQ FuDQ.3lxy56rqSc8cgrpRndv2nVPl2cwTKP8AVrGXin14pg30dVXWYpXPOtHW5TnoZrT884O1Rqh RhUWdefwyyOdVbat_Z0obfQju7Uuq9rnfdt5ADnqFvy0__LdxoUL1IR64O.cgz9xERBeeBfhaq5H ZpOxXSeHK5HtbMqhTgsoGFunEngAi5VjQDFdlniMZEuZ9DCVt0LrBz31hzTBK_sTZujuyU8zR6TN yozckMq1TVeOwJS.KqcjiehH.nHpxXJmSPhOWuHivdZuAWUlf3bvFsjhu7qgZBQwEFDgboyB81l2 lZnj.w9JCHFw.PGvp36CAadNixwU76TOffauHQcVwrwQypHGiDiJ7hl3PyyDjNKbig4U5ruTPQ5w Q27rUC7vIsLkZmJH_AAJNVCs3M_rDqTeseAZVajD7S53AtDpN.4pdG.3ZbkGNGHpcAVdDj7uWum2 qicBMEKiR.4mIzN5mBRIyWdu8kGjKrkH9S9j_74vreI9VXEPSskqF2DXLdc4A1Fs- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:02:31 +0000 Received: by hermes--production-bf1-7f5f59bd5b-wm5tz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dbf52cafe43ef47006ff0c558ab03737; Tue, 28 Jun 2022 01:02:23 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v37 08/33] LSM: Use lsmblob in security_secctx_to_secid Date: Mon, 27 Jun 2022 17:55:46 -0700 Message-Id: <20220628005611.13106-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 823880ba613e..8e09302bded7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -201,6 +201,27 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -531,7 +552,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1386,7 +1408,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index 3925d38f49f4..adea727744f4 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -791,14 +791,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index ac4859241e17..fc0028c9e33d 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -860,21 +860,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 498a0bf6f044..87ca3a537d1c 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -42,13 +42,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info) static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -56,6 +57,10 @@ static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 8490e46359ae..f3e2cde76919 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -880,7 +880,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -904,13 +904,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -931,7 +936,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -953,13 +958,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index d3b28a6b9248..08ed7acf4205 100644 --- a/security/security.c +++ b/security/security.c @@ -2205,10 +2205,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2359,10 +2371,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Tue Jun 28 00:55:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897424 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05861CCA47F for ; Tue, 28 Jun 2022 01:04:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242736AbiF1BE1 (ORCPT ); Mon, 27 Jun 2022 21:04:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242877AbiF1BEP (ORCPT ); Mon, 27 Jun 2022 21:04:15 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDCCD1EAE3 for ; Mon, 27 Jun 2022 18:04:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378244; bh=SEDujFIIf9a7F3wg8aOHzGN1rhozmxWwcgf1f6Nw8pc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=bXPDlz+w3V/JKxuIRD5s7Q1jtS/6lnTLVPrMzkhahsqFsIGyCYj4ldSiHbz6yTO9uKKKepYM8K4obZNY9AoYhRkbmUe9coRFIzDhxSsFeQN5n5SytjGCuJgk5Tq61l/A1/inwha4Idk+I/T3h3fhhz1ZmA9j1hoCcqTjpKRi+4PS4npM4k1t5Zj7+diAaM1ncpcMglbIuj8sZ+Fap9fIUtKCpObAiHIeuAjfBC3IXHsovS4QJECQ7jeRpSPtOc5DWF0VT+LJYezAnUldjaM4z3RWpgpM0+iGV5/uB72OMHt6QZQGiJq4HQtIMqaMkQFz7WgpS5vPWaWxSrMBU9419g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378244; bh=L67yYUQwK6wU1ow7uhiFWRYMVl3bxhnv9kSLuMHcpwD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=N4zt5wwgjnA/mqT1RawwkCT2IU1SZUHRLXucCVktTswvmLElfFBC27V/yrcf26LNWNvKok6lVzJ2YOMshDnuCV3X4nYoklD89aR2CkL4L+RrBwxi7eYNgwcll/K7SllJTrJ9cVdQ3LqleMra927N0gaFIbMMDNQvCegyWtpNMzWj0ZK3/0T7CAcdHOS3uiXLjxmfeJgD9sCeYSt1Tzny9TdPevDcHsUQMxlcQnI6riw6aQKsIWhBqTw8XPX8WR+vnF1qUB08Hpq+vJuZrpDdWDShA17QyTOg+sFb3+HE009HQq19LPfKy/rEsXPSu6y4h5gPHd9QnzH8bH8T3+Czuw== X-YMail-OSG: X6JkT.YVM1lG75mSc8_fcWmpY_w4IBznuLFq7dgxHrVdJQitnBCmGR9BnvWJYYu U6mRIjBCZKq3e5_HTyOgKKbTmmvFLzZ8VXg9fAOpBAwvXGAQFupUSM5bLTyqlt2jManY4aINasNP aVfClf3hgozv18NiHcdkIoEPE3rivqNSuRV4ax72xe14YBudZsK4VeuFwhHCpDMxnqrLovE4WTHs lLi4U7HbBEEUSwxB4I8O561zWbHtfgB9kxNeEnnzUQC8T4sq0i2VTAaoKJZYQCDvo_wD8VabzA5b cJvdpFVTGJs_ZQuvKm4bKIeJOf1VpefVhwtCbFO4G.ZTHX1Yc47D.6rcaj1uHfp3opA1hS1T7ixZ mHSk9SybnskzTOwq9Q2gjaBSJbuxC3wTRFcjrtD8GWqqS_bq_qQlQY1axNiR3JIqRSbdqXIMCiLg JHQNd3r7xdymj1d8i4aQR9UdiCuZfJoPagrPdvj_AefuZ9u.HDnle4qE3L341tnn8Cc2gqQfhZTv nZkrXMmgEVQxXywgkZPTGRXt7h6nwQzb.04NU1uU.YQF.fBEvE7hqeFbwwNXsoaXFORP7JzUjXl1 EXbKAVnBAvpKA.6mQqGjt4d1r3LBd3JChCLXkAJQ177pOGKFyAStU_0zYp6JdLEEBSjVxUnC7SKb hjx6xfMMyYbT7c6cP.hHjh4o5dUkGKmYHB5Z2E96d0fsHBDeBlzfAaO5qZ_xA_ebuEqITncGesht HDI1bRFiT4LaYAVcYSv.KqrThVcQN30tJ477G67YN.nE31ZYB1KFxzn7DUFqqq9Kd_T7JhEfw1ln nR0F6zGm5Q1YykQsatTgnsxlenXgrbkafuTzT6oak5pEXbReYYinjUBQvG1IvrWNJ8U9O7pAGhwr C8oiTuEjj1ElJEsaYxjbYfjPb4Bfp_wYGcXFZJWzAmKBWE7FPhgubxM3mnS6zwnMBsjErqzwkPVA .DFyvrF3xS5U18_W7e3uUnX9fIpKpoBC8J3jOjVguVniksxEd2zVZisN7q61kICxX6n2VFBb98aC AZxdyFMKhiv0bjKkIpLw1xG_PP9tWl2qY410mnddHxjxRkxQzHbJ1wGMC_KAI7IOse3B2Cp4tb5z Eek4wdAelOWihE0sc7sl.VN9wTSqF_MNjsFnLysSn4gHUurlhO6HJ8EdG7utoqBgttz5EDZCM9ou tftXR12nj2eVQYloUUq6sTXOVnqk9n1sUbBUyIfXxCm5Z2Pt7mhpHPuMFu9TAKV3vVpwoDOM4yXO Px_uz8Z.c2yRuErSMgvo0cU9yMCyfcbI616aCaxEp5tMIwM.ZRB1SiVOcdJC0BVrU285OIng6Z8O x94wmOvYA0L8onR7EXkIiyekov73bOIpk6xPQOimr4O8pdg7mKnaBzBZunIb7xZoHBShFHRovkkl RwXj8FK3D8cgn6x6EEcoHw.ymz_devPUv0.kXmtuk0vZHWPk.u4j3NNNERPyGotB3QyATSIHllpk l7jYpJdY2symeR_YloGMoVL5QhUZu8YYjHPytUZzE8EiYb5t8uDzvgu8MzMbqeriOUTprGTV6X_u fK9WP0eMDh5v3OTVRong7kdE3DHVS.ftu1PFribcHPozrs3ihdFjpaGc_fNRnt4syNhkvnUcZwUr EhVHsYpTSrsfetnhLu6Hooel9LDAtUpIdavjQffoIQomAKGMqi2AaySK7usCKg4LY9d0VV1stTWR M98gDeu7ObaEavW396ucz9UQmz6ZsuYx1XLttfa8k4JXZlBAPd38vHQzvXhCRY_PVAbQAbz80iF0 n.ui4OGbqsOp1AM.Pnh8jUSzq1GG2MNicFQ9hOswfdjx.gJbTVor3fys7iXLWCypdeP1PqaPccOt NcXdC6srhNAkvr4LAyhqXHRahCYBYifJB5lClMoKQPKCsS4fSL0xDwPmYzwO5mYuyMmaKw_89Yhs THP6XzKPJBnFI0YxC1V3c3g_DUQCpD_njDqEvkwB9kBXnjDwo_9GU2iB_6Wz3KJahzqUagAq6WBx W3_bbST_rILH4T.PMIdAu7RUNahpqWkpdDQxJ6omXpRe604jut7pBx939d6fx82ubmlMFf25oL3Z mPLQrONvfTW06GrJZ1PzBsH6n7WJyxFVD4wif_yZcWMB4.5Y2vFb9zqucf7n6jv45ZTaYgqW_OSF GYKQa0ihti8F5mFYI.VK8JRsbbENF.Bo.vKfFSUvTHX69fTTbjEq0x2fgr7oFJ2EccFck5JvrbjO Nua4XrJtbp9wvA2ibt1sZeFmkQ6_DN4z7AbSvVmfwrJQugD77hzjYmQnfVX9DU7uB1Xk6B24DehN Aa05wYFod_gD3i4LB_l2eoK1fJHdmCZbhoiMsG.mML7a8.h4D8KL.Nk1jPGqN9K1B X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:04:04 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7521274ed3fde3701c40279c1a2b59fb; Tue, 28 Jun 2022 01:03:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v37 09/33] LSM: Use lsmblob in security_secid_to_secctx Date: Mon, 27 Jun 2022 17:55:47 -0700 Message-Id: <20220628005611.13106-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 21 +++++++++++++++-- kernel/auditsc.c | 27 ++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 123 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 362c0deb65f1..4ead3360a1c0 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3055,10 +3055,20 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; security_cred_getsecid(proc->cred, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { binder_txn_error("%d:%d failed to get security context\n", thread->pid, proc->pid); diff --git a/include/linux/security.h b/include/linux/security.h index 8e09302bded7..e8e4a7a1029b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -551,7 +551,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1401,7 +1401,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index 7690c29d4ee4..2acf95cf9895 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1464,7 +1464,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2170,12 +2179,20 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_current_getsecid_subj(&sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); + if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 221196b0cde3..f2ba966c8838 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -679,6 +679,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -695,6 +702,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -1118,6 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1127,7 +1142,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1418,8 +1434,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx(osid, &ctx, &len)) { + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1585,9 +1603,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 445a9ecaefa1..933a8f94f93a 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 722af5e309ba..ddc8cd65ed12 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -347,8 +347,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -656,8 +661,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 6ad7bbc90d38..2c1f3280d56e 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -178,8 +178,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a364f8e5e698..6269fe122345 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f3e2cde76919..0a99663e6edb 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -493,8 +499,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -536,6 +547,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -553,8 +565,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1080,6 +1097,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1134,7 +1152,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index 08ed7acf4205..552a08750843 100644 --- a/security/security.c +++ b/security/security.c @@ -2186,17 +2186,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Tue Jun 28 00:55:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897423 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77421C433EF for ; Tue, 28 Jun 2022 01:04:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242916AbiF1BE0 (ORCPT ); Mon, 27 Jun 2022 21:04:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242695AbiF1BEO (ORCPT ); Mon, 27 Jun 2022 21:04:14 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC31623149 for ; Mon, 27 Jun 2022 18:04:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378242; bh=K8xi7gp5M8pAmE3PRl0lN01LpeF0ik++w9GdYI+Fn+Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=lr2Axwq+TGtqUeZkGzlse/nk++P3Bc+IIxleu89pHS4W3FSLOwMSm+ySiEfGvWb5cjBaWeCK2mO31vMLDZFZpGtxki+5MfhsCiwdKiKa7agfWFP1ewjEuqotGqTT/ZU0mP1qPdN0GZesn46NwpKg9RxIM4O/6F6X0GQE3daVOYeawoYkpghvHoi9cAiOj8laJjZTmtDpTOn/HQZle/5VAYExRuXHemUBWwvcBn98yNfjBj5Ee/iWq47Q7aWyafWOqIR5a/mU4YXLAQ12Cw2vSZzNM8HL73B18Bmv/L6GWoEWoOz3Sw+akzc6qXOMvJu9xsNgwixsOECFMTG/gfc2gA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378242; bh=2B1rYmJl4N+Nm8yOhgrPK8zBOFBHrc/L7H3Qx5zTfG2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=YM2oPyhhCUEiSormgMZiSRE4a+/Y4HH1nQAH6jWUViDdJcBdNot9hf8AD3mJ6xoR8YSYpFi1fSCXDF1bCEbZfPTrWqJ7qWc9L/mdxQE3SvmJuWpmNuW0/AkyxcfnunrzXfI2FEiWNEYkc1gA3Mi7lk8ECHUvJzbC3p/qFQ6R5/46kN9FwMllemA59eqetPy0QEZWk5zgCUXfSU400Bt4q2f+tPgiHAm8v7tyim0xUXwXI/Tjjl7QA6uVzHQK4RVedwHOJFLkwmEVSL+2WHUTj+h5uulLCqZtfM1THVbUX10oeT+IZp8e/vQ9JSqYrLvFp6OkyssvVWHZIGuWMJTHoA== X-YMail-OSG: M1xVGCoVM1n6dfteoX9V1izjn5HkOXDfGinY3b15x7_.O2PVCG7jwIX5_DEReOr .LL4bX_c34sX7DJczi4htMkDd.NRrQEIXla6ePV1MN8n4gzZ7EmH2vXvCgkz8WHMmokhflUea4Az hXHf2zSwDm4F1.E2l2tgEDbmgDtk2L9UOQ9SDHNMYCXB6UwWj9o60CIYx0Ft4nH188TBSU.J5gx5 pQ1sPmCTZvqQQ.W6svjgj3hg0QLmAF7oHNr8iEvSLYwxdFtgBHCGASs7z0U3vfRSB9r5mRXb5Wxx a_tBgUTq4yUx6m5FPrwm_uzPRoUDuNn2.yVcagVPIWlZistvDTIuD8pE4yZ6JPxQMckLy198Kt4q ItC5z2JUPKOW08A2nCjofT1AbLWMg7hJiyIStxfIOVNQZ74EMvp44Ypajt_bNnal_.wTaC3HoTS1 Il4sSNa8JIb0fNOVJ7G62Rd1kdMYK94s4lg7NXw36nymwYAXdh.hmfzZL0KzgBYVhR3GTs6FW1Zr hnTwB_I2aLEtgDc7myQOOfjJO4LGFLlrYOBzv7CnF7huENuwYwa5SSTCNhBAtVhkT1_y4WkwUX86 oscODwo8tq2QbfXWDRb4LxJBTO4mnIlJzh.cHDXY0S5SADi7v1DqWLbdSvRk3HF7wIxMFEE1ipy6 b7H7pmf_MlPvvzpua3lS5WYy0jusxG0PBDsC1BajsvpZWa1zsVS2XL37Edy7Vhxcf8zzLQ81t.Qg IHRwk7w7lw.wAfSlt3TQI.vFVp6x1ovQzfXkoyEcNLcTOO8GIpG9ujnOoSdKGLB7uYBvKbV_r.Sm vmxAjNLFwy.EMYzFM.OEA2kBxm4bZIl9d9mX..oy7YI8D5cHAXssT3mZoqSwXy1G_9cDr9dgDWSJ SHEhUMMUS0xVYwEdp4JTNWN5MpeFHlWhynhFBGL5o9lS8kTuq2GgzyQrvB05AlX_ga99PJagB978 g_6WFCWdNvJ9VxChWMNM3UDGY31m56V95sG9RA0C8.tPapIB_Euw7kqMi.u1IVNFIz9E1cybPpCd Kq_b4MfXQBfwOkc4VQIanklOGjEyGiBVHn8TZZOgDcFeLvIpcsrbvQPuX8vVbzyZaDY_jpf3D2T6 P31laBSqwv49zNqp1SJKBVhGnChY13VjgHP2cOgwOQi1RBZpiwQyIROc1xyfVcnx3o4SrVGxiQkV TDb5OUBiNmgsf63IV4zBNb3HiP3qjGl3e8o9Ey22POEVOyciK_fH3HUZ.KHHwf6Oc7bLm9ZbS8oR uYBnYN_u7yY2juQzBe76O3SX7jeyLBaWCvuaR4dbQtZEya5QMbMsq4Ovc1kyNCXA9ioWflaSqw.l qLKMiFo2GbjstaPYb9NFw6apSDA9sDNqwq6nxpDaQJbmgcP1SweDgd.esgJD9iqK3qg6e3iO0via YVmb3F2IF4nHfVqHidLUlppHm9nyf3VO5ZGFphqqZ2jwAIxVWRbba2B1We.1vmrRl7IVGqBWDpwJ IgbPdVsGpTzMhp.JsWNXiKJLPj8qKEgQ77Tzg99UBytViFklj9VPG51o_FaYiYsqQKZf2Ha4BI3w 7ep1LFadvfDx92HMkboAPS6nNDGrZxRkx2NW5BjcmIE0XZMXR76y4NDB6t2LLNk2GR36O4wxA2zo oxNi15qQNg8lUAL_ifNKx.5QrKkdYxNHV_2r0o_Ei49Gm3FbzNjA_CWEUIZIjNqnr1KSVhgEXk_E L7MLivzqC4Puo82vykhQa1oiOaFpGhoPZWCca97zAxZmD4uNjVPWyGNfWLKOD6WfCUOWoLE26fXe Ghv7nDMjd1aWoM0VBvWChjJp33PEIoBpn6gulQdt2Zq1a7H8JHf0tZW7hl.4pyL5s4GvTaC66aXC cpDVUycG08fQhjyAEpdRPvljKc_njgaZBbJYMVDsSSWSAkf4ktscXGVQJ0P6kZAcj0iV1Mb3bLhQ jefDHMDbg23BdvhXO15yAT4ccWNe4udTW5nsJIo7vBxZtJgxmToUkOSmDZPi0hu54SRzWOmioHbg u5FVEnZcOspJV.JEcTj.mGcaZ6ZgPZISjM98PItEru7_6LyM5.wYxyci8sX0hgb4GEvtwDl5PrpS m2CD7uWhdAeDi799MbvxlMgC4PXHe.HY09t9VHYg4G9YzmLzDYG_PMd6_TZeql.hzfKnNBph1q9v mpblKBWqKFrALYMo.DCQ9UMN9MEVAJyD0ONJDcystSyVieKmL6AO9hB31vlQRluKGFIzKt_ayvDz qdiU6sCbk0bfJ0q7j.HP4EkUzgZWaZZpOQDN.8IZTRh5sA_oP138ONgG0 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:04:02 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7521274ed3fde3701c40279c1a2b59fb; Tue, 28 Jun 2022 01:04:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 10/33] LSM: Use lsmblob in security_ipc_getsecid Date: Mon, 27 Jun 2022 17:55:48 -0700 Message-Id: <20220628005611.13106-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index e8e4a7a1029b..029c23719a5c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -522,7 +522,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1279,9 +1279,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index f2ba966c8838..94537d1feb9a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2668,12 +2668,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index 552a08750843..1e9c06607c39 100644 --- a/security/security.c +++ b/security/security.c @@ -2006,10 +2006,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Tue Jun 28 00:55:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897425 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C15EC43334 for ; Tue, 28 Jun 2022 01:04:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242894AbiF1BE2 (ORCPT ); Mon, 27 Jun 2022 21:04:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242889AbiF1BER (ORCPT ); Mon, 27 Jun 2022 21:04:17 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5C3F22BEA for ; Mon, 27 Jun 2022 18:04:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378247; bh=nmEsFqWoYBqCdeY+npaal0/9kZnTY11aQGu0witiIJY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=kZjV5uwqjKiuoDa4p5TUgbstW9bYz1jV81nuMQdNwfPLqGLownndcTNkOd/Xf5pJ8V9pDYMG9V9cDjEwOuQu7FkPBkXn3jdj2/c4scy7sHgFNuPKXQTnh35oeUm9/nR16rmuHqNEnL6KuTV66Qv7ZPTVy9ej5GdZLm/GbJdAZRTGBrDs33yDRmeqLf0d3X2HouvLYXeBtj7mHU0id60upv5Mh11iddUBZeJLidra81jvKutABfwE3Wu+M16rHlsCdiRP9Y6JdNB6Zbj32vLPkEbOC7xrCN3WQ5KC5ReoYugDkPLymFGisHvpST6bdMOwDedCPBHQgK1t/qgm4O0hVg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378247; bh=wbHaa582LUoeYQeoh/+jg7KwS1x+/5YaJvDqYvvcto2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Jg4DmEbP/MZzYwOQhqLzVQrYhG2gOubHc+a8hNz4FSkMuJVDBgZ/RNIScmVzMcG/SUFBJL1VZRPwNPhL2mNc7p6NLwDzHiKjl5YlCb7I3WMMIFBiN7JJwUfuWb+4R16lLg8wGjJvaWjLuogvnOiRigTOe9RQhAdwxhXXd2KUWRtD6t3GLQRs0EhGOR43u1Eopfd0rTiGepAeoKNtYzYjQ/+AUdfws79q2pfSRsHZWJloJ/tA4Ej5sfAiTH4jy21k2hd+E/tjmeHarn7DYQsn2bY4SyLxU4nEeyFuVY8UlULiDDHSojbBvE3MrYbBoEhjdziJ2yEw7YF0TDNPwmnDaQ== X-YMail-OSG: ShVfbiUVM1k_9XCpzPiwi58xeRh4Yk75VWvavbqMfn1i5hcSRsE1EXsnibZzKKG HWkEOjSu8k0jBB1A5BH3A6WizgDVM69DwZSbS9yPizSpAPjKxYBXSAPuuSGK59xixfvozVxzGpfK Aep0HVvR6TPpKePpcUQlsn29SFghnw5.IwFg.OzjQ7VMchReirY2WUE5xeENaXXu4kCXKOw.I4nA Wwy12Xlw3VrZUpAF_Vm55AzJZt37clh4pFksi4aM8NTAZVh8Mz20rG8lvocwCvQulVUIX.ZFwnYS DkRf1cGFL6Bs93CVVUpHtJqAW2RACuoRkqwafhJS5.R6GzS9FeuTnfLbHH6s0S9jIqVlLlhdv3eQ D3hJsrNHk7PibbSb7kA4lRIbJutSLihuB2FbRFe44s_oR1ZLZmiov6RDTxMQVcCEtjrrBwbHbexi xwKdHPrBOtZ1fmx7aNQPMYQEF7XJ72PnI_kRYkReMyPz6n.5DCGQmHSlxOYpeoMlKI45UnsAbw9h WTDNkKhPsO5LooM2MTlDVBiJEASYwbQjSF3uhbVUTs2YzoxR3vGvTOCpQ0GqCq2NTSWv48dok2Py UbW2VVBProHLvSEiL5mEvtNOhVSZIAtmzhra0ZmC3ssMQ_v8qVY8lm6VZuh2nfm6TM4lVxX3t2YW IL9UohUTlj0RaJfAmN_8Lk4KSjFiduljlCfOCkZAifKPI9pPNE7xAWcOYaxB2o3y05JOTb8WNKKr sWeV1BIXNw7BVG6uot4qOqXvejZkznvPApX8SjRyy8A75PQVfLuZgNIg7do.67Eamrj24Nr1ylsK y5ZxlOdMyughOGedml6TF9KF5CvkpQ_v9k2GZ62EMPuVt6IqMhsQUXvwzhOLfoi_Soq2tUAHwGBr fPS90CUltmA4ZG..gaPeOdQpexFkyOdKaPPVwA9dRmG7Ane.kg5llyHpilmotR4D4XG.G2uobR4. x8C9YYg9kAUQn7ujqzZ1TDkA8ChCKHgBy.4rSJ290ywwnKWClwD8ThKHpbVP0hRUATIActFJ6wLr cuXCugPxPtWSakLYQq6OHfe_KLSCEDqGTorDa5j593yVXoziZdp9wKml1CZ0LL5fzl1nQoo2hkKJ yrwFg1V5CMongg0Ob5EjrXEH6U.Hv_uVci0UWdQ7a8w_BFM6nePOBz3GltCGUUKEGQvpDa87TwXk KDwXoW8_6w9fuLK8crgKvdJUZwYWa7MmnSXj27OTKLs7IJZR9j2VSNHMe44_sHnb75nSti6LGzPy 2JcKISuXJTwoCtOJ.9LDjvcarGrXRm3hTCAs.bWHHlOzHEk8u5Sdwu32yLcGS8baZPk8ZyD5TY7X QrUGdqdx5WmGRoHBhqk3WVgne2KgWmBGr8SSp4nppO4qsIhNmIXWRRGd2002UL4561wynVqDVzEL iyfaboWZRNLj_q.NkKI_Eb8zp4iwt3sMFwSlOslnNj3EnFfVUNgoqvMbzFwW2WC.t6TwnKQqGuVh iofQOYUaC74FoAvwgBg1.3f3ccrJxmW_9UEXjGJUbNmCT7uu2PHW3sqokYif7Kv5f3s0bTPGIEkG xsow4St1Kpv5hKF9YKKic0A08LA5PB6MQHnvqTVVmMwlAZBfovnwrHicJMa95DoftFPhCCIa0qYl GMD2hHfaoFkonZUoqeptK.D7WGHn.STXfmhVsfBcsGS698b8hd.0HFf8JFk7Eofv0o3MNvDf54yb kpGEv8.7S7Emza1Zrp.H.yzEEifcSfctiHR.MSmL8RdR_GgdxCjIGWt1E_RMPAHQP3j.X_kh9JTZ 0YTE2Bz1tqz7jtsQ.pNAS4_woOHebulcBk6wFS9hN0kzznn1KGGJvv.6olQFTRkxQiT00IoekmL8 Q_wEYM6bzZTvT5zp3PcfJ5z2LU7b37gFmuCMYQPYT7t6TsZ.B_3tyc2xIYm9ja4mljFgqH9ivXR7 B5uVtVWzop4zQZ2.SLdgiitjHgq82BCTCtgq5ISKjE2t9W6yM2paOZlVeRcpoeMlKVjT7Cfp9Mnq jfjrMjBKsMvSr4x3t0OYPTE5MjGfIz8.YrPopl5_m.fFMXlAiRE0nL3HRJSo3Kh69twtN5B6zIv. 8HMAL.L6mFVtajbwF12Q4BgQdGibeZ1iVlQJqZg3Az.wFCEa_286A5h0zTIQnpeXSTHZn8Qqt378 9hsOqVy77BQFqGKxYpOPusCZfQ4Qad0xVcM7XgMw6JcUZops_lYjrMN5kRDtgKvJT2GW11pJS848 QgA6V8jPfRyCLkC12g3o8JBvL9GvjuVFifTmBylWulofScFXpHXSKWD7d.dJjBJRPna4tVKQ8GG1 rcH86PItUP_3aJdf5BaZ.N8k9LZZpIsq2Ma_IBNtYyWNVsbvpr9QVnEBcPtBg303X X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:04:07 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7521274ed3fde3701c40279c1a2b59fb; Tue, 28 Jun 2022 01:04:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v37 11/33] LSM: Use lsmblob in security_current_getsecid Date: Mon, 27 Jun 2022 17:55:49 -0700 Message-Id: <20220628005611.13106-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 31 ++++++++++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 4 +- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima.h | 6 +-- security/integrity/ima/ima_api.c | 6 +-- security/integrity/ima/ima_appraise.c | 11 +++--- security/integrity/ima/ima_main.c | 57 ++++++++++++++------------- security/integrity/ima/ima_policy.c | 15 +++---- security/security.c | 25 +++++++++--- 13 files changed, 124 insertions(+), 88 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 4ead3360a1c0..f25a867063e5 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3054,16 +3054,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 029c23719a5c..ce4a4af362f3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -222,6 +222,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsmblob_first - secid value for the first LSM slot + * @blob: Pointer to the data + * + * Return the secid value from the first LSM slot. + * There may not be any LSM slots. + * + * Return the value in secid[0] if there are any slots, 0 otherwise. + */ +static inline u32 lsmblob_first(const struct lsmblob *blob) +{ +#if LSMBLOB_ENTRIES > 0 + return blob->secid[0]; +#else + return 0; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -504,8 +522,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1201,14 +1219,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2acf95cf9895..2834e55844db 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = lsmblob_first(&blob); } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 94537d1feb9a..e5530bbfc83b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2770,12 +2761,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = lsmblob_first(&blob); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2791,6 +2785,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2802,7 +2797,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = lsmblob_first(&blob); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2823,7 +2820,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = lsmblob_first(&blob); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..bbb3b6a4f0d7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + audit_info.secid = lsmblob_first(&blob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..34bb6572f33b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = lsmblob_first(&blob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1b5d70ac2dc9..f347d63b61e7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c1e76282b5ee..8c48da6a6583 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -166,7 +166,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: secid(s) of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -187,7 +187,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -196,7 +196,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index cdb84dccd24e..9ef8210e901f 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -73,15 +73,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + return ima_match_policy(mnt_userns, inode, current_cred(), + &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 040b03ddc1c7..5d6029ac52f0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), + &blob, NULL, 0, + MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +438,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +448,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), &blob, + MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL, + NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,10 +489,11 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + ret = process_measurement(bprm->file, current_cred(), + &blob, NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -511,10 +514,10 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +713,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,9 +733,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -760,7 +763,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,8 +776,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, buf, size, MAY_READ, func); } @@ -900,7 +903,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,9 +926,9 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index b04733a5d066..5c2bc6782e17 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -563,7 +563,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the secid(s) of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -573,7 +573,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, + struct lsmblob *blob, enum ima_hooks func, int mask, const char *func_data) { int i; @@ -657,7 +657,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + rc = ima_filter_rule_match(lsmblob_first(blob), + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -702,7 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM secid(s) of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -718,8 +719,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -737,7 +738,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; diff --git a/security/security.c b/security/security.c index 1e9c06607c39..1a4741178944 100644 --- a/security/security.c +++ b/security/security.c @@ -1916,17 +1916,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Tue Jun 28 00:55:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897426 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 422E5C43334 for ; Tue, 28 Jun 2022 01:05:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242752AbiF1BFm (ORCPT ); Mon, 27 Jun 2022 21:05:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242670AbiF1BFl (ORCPT ); Mon, 27 Jun 2022 21:05:41 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8422E22B31 for ; Mon, 27 Jun 2022 18:05:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378339; bh=nN/Pq+0ZyHWT1ZKsDlXxwMua1jP9bHIcug8QyvfySHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cNxxjY3EQAIO3qGNJK0puQbK6lot3NOJeUGnfXHye0L5zQqND8EPpvI7NAj5kjYJ/49nlNJdgSlN2I7MRuR+eZVVCVnGYNMcmCah/EwRHzezn0fou++5LtEUeX474wRDtKLhvafaY7XP+1VsZVazZVZyfvEWhikRI4icvXFqRMMgZQSc2yIFyeNgvoti98CTJMm7NRfjxq1tIvi8Uo59AZBZJqQH9sj+bIV6MEbikebvnmjGfmF2sLaJP9JfLPT1fhwbckxqhP6bURHGEYc/0KcjqXucCOye1gp9QoGy551+PrM/jrlA72jaRaLJE2F3R085ZSrZRFUYDE9pu6mqIQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378339; bh=gidIIPgp1Fe6CKn226mRD56pZU6uUmKTzsaEXBlSWIh=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SulYHKS0+qmWPYbRaQAB3B+fJaDH7N004Ys46Pw25CUD+xdYGTpcpgTewPMUYYs9JP0PlwKOLa40LjHynobHqgFk2wv7CH+giI6MCI+khA0mZ8L+y9Kyn/lZagD7MzUYvIq1OjunFMPFd0AuTDiuaFVMBmfC0BdzF7CEZVJglX+BbRZDzccB3ga4Y0atWawMQ4iFmGri4wd02MYEmJJCVwdH0I177hNnRYig7+ZIHitIdqC1L1pSuj2cHo1yC6XOSe0t69+ZRorG+25vfROG6V57D695pzMJpvl7WRC7PDZCRleXJ2VB62PAFfPMbmlkjqJHdOaI0MZLOBCKBrFVTg== X-YMail-OSG: PUwWTWwVM1mHy8geZNNMtWmHqX1nswfjouj0FI_N3_0YcQ1s33gn0nhbJWfaPJJ NGgazlGqyf1ZyqxTnO8yGsgPX3Dsm1Pmugh1Y1.U.gTUOFeDFEbbiyKX3YlNmO0hdnwDlZUg7lu_ w2uYy.kDKYIY84VhlVUpFMRuAdrJxv71qOfFqaz9G5OCVuXp971GNwHIPdWKVHGRM7gdDkxicti4 3P7256YLIAD3LnKnqIn_dckp41S5Ud6vTinPkl2.g6QLuVQQT_vdOn.6lm2PqC36u514HClWjvO9 5g6g4Nxq.BkTDfFPw3zS4XjDOImTin573NqKTP4fk9j9Ju2ZPqbAgiNnBk6uzESwbSQ0vuCNFQcP FmoXRYeEbzsbfcgx.SwnnLp05Q1rfoqQSVkreRpGGtsDUgcr5lUknYfVWDsyv.jHtfLzv1qd.YI2 jIQ5pTc_PT4E9y4.yK6ziU555N09kyktVMMj5o6yX_GlDSt5LqFmsGTeeXjeQOvTShEQx5QKsTP0 hn33OYsr32ByTqVuw6hiefGJV5ov9gDREaDbX17_42CD.m1KnE2Ruh9zFJeAy6FvB3U3LYoO.2m7 B99D1oEfsqRw_LKzaQJiXpoBkyqXgecmlYb0HnPUkEhgnIvtm.KR8Vf96sdb9Gzemyh65RUfVNCE nsj4MQGYdMjXDxTqIT1U9F6ALPZCPm2QGhvGbGtSZaPLuzNadzbRlTjabVgDYhDee4kRSgac9L4v WRuJnJrujHGaMZH7c8GANvqihW2Ya5Ba8c.jL9cH1k1yKrwWe.tBG6JPNW_yXejxXYB3ZbA7PmnI RKec8JhWhtnznBU5yqpESGIKPiEjoxRx3TAYmT7iARBYXLT7OigrOt236uXj4_MqFHCp6_f7Qnap HfmcppkYwEZGVGkdtKoPLdKlE3kF8r51qdr5s9qx1vsLZH8AMrZKyZTF7bJRD0c36JFt8Y1Vj775 40N1nGix4Lq3tj0lOW7ijiN.IGviO1Xsepaz7zo8qSNb3BaVCuP87nR5KBcDaXbax8i.qVdJZV_A jSvzoGWBP6DXMkXQo3qwB00ycWBDIpgxdrT3qOf_lRGlULvFt8RcDZdnLWFfLGELs9kXLA.wkmMT nJp3lZdsj68B_ZgCo0g8rMqWCyvXrIOv5JU4PcjjcZMA4lDT51vbqsaCnatYcGkBFqf6mt2ltiuu EhLyrFui99KoEuB6AIEkohzkFVahpAEmxl13EczCifWDVHqhTnDnpSwgf4n2hM9RUtRLRDDWV3mp H1L4sjsk935wEtR9Xh6CxUXXePPStQFvcT681DgUFjZMLJcvnKInNcobGZrxjO8DjHcChJHCpsBZ PAbpM_snUdYa8Y0oxBdbdYwu_WFmZRS14sT92BMErf8KMABOEL_iRbwzbqAF8jRnB9GkxDhIgK3Y .gM2th1cZs_BlQJZ8TyNDNkTqqQtBKKU8csMQekPCUb20Uft5pUstd.rUpxkSvHsayxCUyL70ii3 c7FmbtXtuuGG_IkELs3vqvF3XgXO0VemVimWF4aiDLwrmhgPfHqT.dP8bUzP3fvrSGSTpZc6Tk2R DeAGkhRUIsEMziUvV3wvDflQ0pufGuIwNP8c281HRnQ2Cp4bDAfen0l7mKm8wz4MKpCN.0VGUF72 8Q0BE9dkRGLTcyGuKCu8LxXZhXYobGTcCf7HiFbH1K49Tz_iNr50ju5N86cTR.YhyFPXft5hss2u Lt3i6kjCahF1kVWjitUwLhoFPtRaQLK4ijL3uAhbcLH8n5JH0dZDVvKh6PE4Z5PGCwDWtEslhmiv 9W2jpljpzlsjG.T7Z1ZIADW.C79WP7VveW1b6mK7U.uLrlN7wSr1aCHH.vr.54tytIKYmIzWNZp_ AFNPMyOK7WPgp1snK0nlRCcUZYDGNAi7YBSFPd03iQBCKPYI2e2NDvL59IDmMJ794ap2NZJf5L0Y bfVEQiZVcei85t9LwwLetEBV53z6X5jh0LNEQ5OSnA6n3iXoJslrPm0N33WSO97Agr1td_HTrNh4 ocpgFGpEdrtAOQgZEegkicWMRMlXVjH3uyiSN0CJeMT7wFeAS8A3CzuavLutNTo3rRF_lwS4_e5o n6Zp6ZM1.LAf0RVBCedmLTfO1ni8rq2_LsX2XegxBsKeWmIV0Pg_siwIre1A64zL5L8JziTYmVs7 5u_TIKmAGSq3Byhk4xdWVXZsU9rg371dovlbxX25RptiUI0pt0Wro8wJuRtZ8QTilHHGd07_ZogR Yq6521dtg5Ws6ZQ3rz5Hk.7GsexSmYjc5xhJvV4400SYQGubEdi04V9qQXjvtVOmwLLhvK3wsmrH oHnIeFnydOQU0X3fI85uYTAMCq_1YruJ74jvLmDcbIapFapqtAu97_qL4XL98OaEvndIlhA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:05:39 +0000 Received: by hermes--canary-production-gq1-677bd878b7-pqb8m (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e262426b02cfbecf0124eb7a5c5aa81b; Tue, 28 Jun 2022 01:05:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 12/33] LSM: Use lsmblob in security_inode_getsecid Date: Mon, 27 Jun 2022 17:55:50 -0700 Message-Id: <20220628005611.13106-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 13 +++++++------ kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 9 +++++---- security/security.c | 19 +++++++++++++------ 4 files changed, 30 insertions(+), 17 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index ce4a4af362f3..a478faa6124e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -476,7 +476,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1022,9 +1022,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2034,8 +2035,8 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, int lsmslot); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot); +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot); void ima_filter_rule_free(void *lsmrule, int lsmslot); #else @@ -2046,7 +2047,7 @@ static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, return 0; } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, void *lsmrule, int lsmslot) { return 0; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e5530bbfc83b..1d223176285b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2306,13 +2306,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = lsmblob_first(&blob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 5c2bc6782e17..593b0ba51b6e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -636,7 +636,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -648,8 +648,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(&lsmdata, + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -657,7 +658,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(lsmblob_first(blob), + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, diff --git a/security/security.c b/security/security.c index 1a4741178944..ad1080e01ba8 100644 --- a/security/security.c +++ b/security/security.c @@ -1560,9 +1560,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2804,15 +2811,15 @@ void ima_filter_rule_free(void *lsmrule, int lsmslot) } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot) +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) if (hp->lsmid->slot == lsmslot) - return hp->hook.audit_rule_match(secid, field, op, - lsmrule); + return hp->hook.audit_rule_match(blob->secid[lsmslot], + field, op, lsmrule); return 0; } From patchwork Tue Jun 28 00:55:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897427 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1060C433EF for ; Tue, 28 Jun 2022 01:05:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242824AbiF1BFt (ORCPT ); Mon, 27 Jun 2022 21:05:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33924 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239149AbiF1BFn (ORCPT ); Mon, 27 Jun 2022 21:05:43 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9AA022BCB for ; Mon, 27 Jun 2022 18:05:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378341; bh=aUnTdpDgNfpHhclDAMeUWOwCLH0k3UygXUV58NHvsUA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=d017HsEMpayT3UqPUWaBrQz77Al/hEdlU0DiMBSaUsQPJA/jIdIkSdDGN8FIClyrjpSs4F4JmPVmzClgpDbjBV2v+8JBAR0gU+ddlINZKb4MVZgq83KB+f78t0v9U+0hoWsy9o5mU/BUgWbe88LS7Vz0fLrslQML6dr8ze3I5ex+B67jhD4cWM8XMRsBX8SS27sOgC3H86Fq+6sInrpuG3TnzDIeq2N18JmQYvJy5tVEk/IwHQPE66Di0Wutny7QVtV1rWyM5g+yrzq1zhCkBAE4BgRf22039pCIi1vN4ozmh+MQVKi4ZfA+p4I7Ed6835XiOCmsN1cUZabm0YBIMA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378341; bh=RCdaXJyOUa70W4/U9RPtLhEXmHwN2j2js3Byb72Y3Id=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EETdhhvYX50iIOnmOsiq2zhEafTHzYOPY013ugpB+b3CGIH4OFp2c2V0rKLEKZQDgw2gjK2eFQZGEnT6NhI5XsA7VXxmxiDgoO9zgaDBpM7oJzQchpyaiGXtx/VyUJUYGi3a2rok08RsHyfeYFwlCqit7AF/Ab1rI+VU1jm3nfmXwHi02pNvob3lYPRAjX28Jr07imBxF9dn02l8/Vgedm4QJfB+7inWrStIAPqUWC/MKC7698v2/uNtykMZ/Fw53yZxAtB1t4gDuSJxs21xRUdySJm3E+Ek0OY/vzsZzmduvMo45mgC3mZH6HEy8qEn3+AAvcwtETVmyy5w4NqU8Q== X-YMail-OSG: 0auG2OoVM1mqB9wdPVaRUoL0NiS3TajwBV.yATIAeenCY6h7vKdAfzyXOcElPx4 DufDh371j2U_wivoReF2zrc0RGVn._3QOXq3apu7ogqLKOOaJbv0di9xbcSD23VDjSDAPt2x3XXb XSaERb1AVr2tst0t7QQXxrG6ZjAlP_mQ6uPfFWLK2nU87IMfDlr2ySU0L7swKCPvnsTKEBIK_MMQ f8HvOx9khGcTW.iTrszE_dgE6H6glXcjdUJLWaUizS_NSctzb9hOMOHLkuG25JCGRUcQmRbXYXW2 QOy.wsd4tsWVvn1Ylbg4vp_Z7q4O_AGPBpv8gPT1G6DpSg0hwBwkSCUiGAQFrc6HLCEmB9ou5Zzf Qj6XSCHot5sdN5C7qH0UnqFMPbMI8dj5cRcIYjFhd__Uu86C7oJN_5AmUtL_ANbozTu5phY8O2km xYAh7tXuRHs7qZ57wcUSWEjSmq9ZF4zcZkfHwNVYNkWDbg1Xdb0vloWahCLkztCkSc9XOdUSVc9n DK.ajCm02.L9X62VSb1vJeVOEsYNbRwf3oh9mEwIngE_AWiU5a1.wDWjD0_D91U.jcZxkYKF50q1 rFy2OZmvi6mIgZ42YBvMj5hXqz6XrB22Re1VMZFRFoWTzn2xRkLMiH0quPL6G8dA6gx50oO7GimQ 1RtVBYpg26sKjYEQmNgRDMNwPFJyLU8w4CVdXZHoIfLEEp1siI5M35PQuMCJ6NYODi7VNgDQsKWo XuHx.bXPePYo9NV3T3nVgAu0_kd7SH.Q7M_kixKuTL4Gwgd8pYLsCgBgnWMTBvUnp4ZBgShCBY60 fBjmwYxJIJ.DBq1FWjhN5cW5RQnw01sBc6I1iCCOij2BVk3_nXb8g7gUwBuo.ZqGbFKENQq4J8EW nWNHbz0nkGXfQZS_G.dS5jj5meGEKyWJyS2v8ZoENegVHt9pmvBGgxUS83daHeRWy989uZYpXlQn KtRH3c86cK1vDlWzoBntwp9qUK1oftqrbGSmzEpK1GT4Z2eIztCKSEl7vQc33ZigrnPKq._3jK3S D6zNjDL5_P4BarFl479mZvCOmzU8FfH4HCuhpIy1tMXNPvOVvEtU9YMxt11tm_NMNUIn01._WhuU hN4nGUPhkK7I7SRGe5d1lkEG9QFafTp4wlbdPiu_J_kMT2Ds0NLVEIRbrNH2YoMIEB_8k_8eVDCe pdwKaN4_7rufxHfna.i9orPVEpld9LZmzi4BS_261mjUFnCF860nniAuP65LT4VejPxX4LqoAujV znSa.OmVH4RMJnzsKAiJfhkL3kpUjWVKabfCU.DXI5qiN839sgX1U1c.c7iqffBDR0IN9FPx20RM H34yNUEYJi1XI9qhfYkrlxnqjp3Xa8chdIg3SsnEd6Rt7KMdo9fefq.oxMGfClA57fmH_yEQO0Tj MDktYQwUuQQK2bvt5T7BOGwX1NqtBCs47atS_5BsjoyTjWpm9DIvArN7CsTmllSDKmNbtb5U_d2g jXtkg3LHVQ6jNoUt3DQeOiFqSLIx_lVHCnYI.6hLeMWxio926RpQX7.XUHSUS5ngs8I83f3HuI97 rcw0BosTKlCt9swzl_eSwAtB3OQb5vxQvv.Iq6t6JFdwzWugDjiVf.dH5_7.6Nx37Lw4b4A7gN3_ LjUIukVgQMfig2siMkyMuLWOD4QMB5TyNKBByKBH6H0hSPPkxCsDU.__Qw4IRGxFzhjHndOk9F.d y.APN6jlcPKQt7yZAMsehwF7f50Z7kIr8J.m.GlvD9WymQY0Oadwpq35ZMbO2uAxKjoaRObW0F2j WDhjTt3Scymbbf5..MaBzDvoKw13.MjwMZmWx1WQ2LlJX3OE29gd_0PwZZiHKFUZt6CmWTcRj0_W AGY1B.P7dlzcH9xmSrxFbp6p0OT0lBUePqfpL2d6sabbfqcNDsO4zd48mveiLvAdYX3uVfvAVV.V .0zhQkiml8647A2RoQlo_tQ08W8LMcnnlx_X.4kaMXxHbLKrVnZtIXCKtbrxdbg4.KBtUsVMEbs3 uIjt2ej84M3uDMehTC0aGNLP3WiICT26Xc8V1AYS3ieMvJisT8THD.SwtUZGU_48PsYEgA6VQq92 OvD1jZHz5.kGVZenVOZVKt8V5HI97yI46kWrtqXrP9YiLFjPxsOWZUILQYO8wv4LwM8HFEK6.eQX dhP3FDpgObqo98ElXdZW6h31QnyLUCG7yi0c2gsQGq0U_Y3D86x623ieF8TfBzWXoO9XXefOJxmN AO6ee1rWPMvMQdaVpGNAjwXgiknsOaor0UV8iv.Puh1bgM7gNP37OX.dIQLDvgbEXnmrkebTMH4_ 4Q5lGX0_bWGjcseyUBQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:05:41 +0000 Received: by hermes--canary-production-gq1-677bd878b7-pqb8m (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e262426b02cfbecf0124eb7a5c5aa81b; Tue, 28 Jun 2022 01:05:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 13/33] LSM: Use lsmblob in security_cred_getsecid Date: Mon, 27 Jun 2022 17:55:51 -0700 Message-Id: <20220628005611.13106-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 7 ++++--- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 5 ++--- security/security.c | 12 ++++++++--- 7 files changed, 37 insertions(+), 60 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f25a867063e5..c2f71c22a90e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3056,18 +3056,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { binder_txn_error("%d:%d failed to get security context\n", diff --git a/include/linux/security.h b/include/linux/security.h index a478faa6124e..61d5f23103b1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -503,7 +503,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1143,9 +1143,10 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_kernel_act_as(struct cred *cred, diff --git a/kernel/audit.c b/kernel/audit.c index 2834e55844db..f67f1eb7f4fa 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +static struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1d223176285b..fa3cfe569ce2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1814,7 +1813,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1823,7 +1822,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2765,15 +2764,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2789,7 +2785,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2801,9 +2796,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2824,9 +2817,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5d6029ac52f0..ecaa0b96bb26 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -488,7 +488,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -497,8 +496,8 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, + security_cred_getsecid(bprm->cred, &blob); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } diff --git a/security/security.c b/security/security.c index ad1080e01ba8..6df37398cfd8 100644 --- a/security/security.c +++ b/security/security.c @@ -1810,10 +1810,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Jun 28 00:55:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897428 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47160C43334 for ; Tue, 28 Jun 2022 01:05:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242805AbiF1BFu (ORCPT ); Mon, 27 Jun 2022 21:05:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242795AbiF1BFs (ORCPT ); Mon, 27 Jun 2022 21:05:48 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B32CB1EAE3 for ; Mon, 27 Jun 2022 18:05:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378342; bh=S04KBZBbi06nISEM7t0DlH+21YMkr3oLF/858ZnVtKw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=U6ew6INWWG7pG7DZyXh09NZJTq1aIMpL6mA0WTaVnb3FXKKnorowKqcqcS5GdWUtjy6PzUL1KwsXY13rDN8xylZjjOG95dFY8nFQdzu2TK+hCJPtZnuxBP5KdCBBV6z9v2VS7Fr7MliuP3W7mOxAtniqd+n4lUWDcIE6SuSwn5FchLSzIYz7CbCOPXSqBUosg/VUXs3df04+yFBKbNPRYNuV6cXmGoLGc8WBtBXiIQzqtWAcM3YJvIJzyPTtMk0OwtCqTGugjcLeqrlV4H7ObrWKecg0jc+os6VnUEoQ7MHt2lJGQ8bgFuFGhTp2Nzndnvx74aojjwxVCmzXZkjRjA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378342; bh=frobqKcXThgnwGiYwTMu9how3uEknFQhdUnPflCv6wd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QWRVFDdE3ffP7009Q2FNWGQmpimQ1n9w6bX7X0pNJU9IzLl8eOHFA2/7PVmfJY9dSqqAz2X1iuIFooUdvI6Zu6u4DDmzxj7AnYB/iuLntDwUgRbdieiUizpOhpHnCjNsDMDyTCmQS9LUCNG8r0rc3ZKYJBQRPJkt9WPB6zfUFuJ4TFsofNyF/f5J7afeZzSZRa9Xk1Fb6W2nppA2ldHjrcvHg//Vzx1gucny6bBIdRSt0eqYnaNMTzPZ451gpy3n7sGMEpGCNAhZ4P9VcgCIhkaX4C2Cp1MELrLsyZIqguXiWIcgcyKwnkjdOTv0B8DLmEIbhU7PpehIxeYXAJCPXw== X-YMail-OSG: 3X951KgVM1l7XYIk5EEJCDLoQJwT18xK3NouuNtkXj.T0J9GAjrOh_tku7o_geb oU1ehOuAK87JKEscGupxXQFQ2Cz469BOcRAlCtDbd14kVqcBuUlpIM_S6_smrN5GpLu3BQNIMJ23 eQnwBu4VK6IgRWTpjDsecpma0bq5uQxgpNPs8wNZTskcI5gLIo7CN029SbSmTPAOzggG_03bUxsH QhR3rL4OSZ9cE0GJ3SieYopJ9DxnQoZuoj3U4W35pqTDnqgsDjBYzzMr9MZDvXbCesj9BXXqycBQ d2bYKSpNR6ZRW4MhHsMv6TZbzAf87_JsxSgd7IzMLCHwpKUojPXauoFrnUJQ3iHWUjH0u_2AaeCQ g3lyUWPCir0SPrK1uHlKagzq8Hjrt48WRgy01N7WfNnbXspNAduV4M88SFIjv2ifpQhSinan7twa 1V3U2AFV9._oXp7WgVgUpOGvI7bBtlVZILcTkqof31oIcB8Wp5q0JwWDN.RCt8JV02QgarX_kLdu SkuR1ff75h9RX52tUozcN5zcLogirIOHLziuPOwVf0Wkf4SM7jFrXbdPW84cUxxdIeGr0F683O5A AEKrfAnRJRj5O45wmluh6ZZqETyIC.4CKrPxG_jpi7Jh99zIIQNEAH_0aqMR9.FHmNnZeB05zbry tX8vm0L8vmoRhbKq7Mi8DC7T5FaBCcmhmzD2UxzZtkhKUAIs0cW6IDoV_Dn_62HXmrkIyTlV032r GoBAxljjpupnVzmqkh3Y9GEP0kkIzKL9R.kv4nkFYqnserQLH89.mH2k_P1c8wktjY0E2qNKke02 85JyJs7TrM2aRkvZ6oLWyhTt8.8WNN7LEMSiC8PhaL1VdNjGxprj_Dre6lHldHYwpPPjFATeoMEI mbIYGKHUohTYXALBw.K.cymJ8eansh8Ff3LS5znWaYaB72YHaj7Po57K.3pGiPqtPJ9fABeiCD0K _Dbs4eQsVAnHthowHp99qUuCAepjGR1xsiEw7OvdhWKjBWO3O03rLgsE7zQ3P3q_eHGAEI6BxDCc JwWVnnbY2u2brBxKMM7rZ1hXFVX1zBwqXTzjvfU_sUqy28z9HalK8SsRxO7xNw7pkp4ClthvJ_ye VYUKRz_TeeGhW1Qb3TXsc6X6GIbdoIPENEENvIdaznuUsovvVikYLwT8Ytg_mvX0kDgAfaURukhr Wx.ApQ5Wje0Rdaw8DT3cd7yjHxjwzM2zyokdHnpvY8JpLQNKdfTipGaoGkLzAkx9Fep.mgULCK_N ahlCZ2tg7fdLA2mFA5uo_czBpoNEbAaGgrPMHY3mP6RRP2g833hs.so0L8jctj433ZaLpPC8EB86 6P1zdxoviFfneR5IIWLOkKbzTRuRs9yTIOFE2gE1BXyVMgIJ0XNfY6vZF9JcE4r5SfXsAE1Zypu. _ob83FGOeUpXLbFJU6tg.AZZPIIb5mYe0m.ZexqeVNsgF6CvxftKNNNkJCJnIeY9IaQk_skc8AJS szXFnmtSvU3DWt.eIG4vWQxdOoqWQkQf6.qEIoqsBeAI7_1hwGMXS7t1FILjs5AuY.MY.o9EOs8d vIfth7MYz4ziM.W4p2oMwtQArzvwHd1PSjh1PZ_8rNdSlYWLok8dGdghegrWi1L_LSWTtWn9yjwx MKUwwLSLqSxzgncWIBdJwafiXz1pGOTE_faFAVFRNwqfVVLyVX_PBVceacdXNKKBjEXzQ9AoIZVB WmXayNTe9NWD3eYOp_ADdes11y01PkykB1LKp67ICazRtpZleaRJaBcP1R.QKdopK1bsXYnH4JAF 6HU3D0BTwSZMzwOhwUzxYOEPR39LWdzDDYtqssa8xz.jqACaCrwuQH7LHo7p1njDZsdoEjj.wSt. otsghcvkBRrm5lYrqvQHNaL3MjwwVCPhv4uaacMBU4jx0fRi_aFJ4W5v7eWZZHI1p8UFtUC4x11L WNLUWxhN3VStnSyqdgZzg_0jcRYwzGOSrk2SRvFFA.shmUhmX37s2RhPgMyhSZP2_rzs_LVFS5Gw A116f7PAuDCHoqZHoF15gHDRdnvyd8G6DlFZ45vgLmqQ_PEANEhBaOfvkJC_SLwhC8W3Kg.5EDDv .TiUv2P6_7tKOxcC5o97YzQb_BiX6n6L.s9oE8h_HYCCvaxyHsAnkFjWNJ9gK6F1R4vOrEDxksXH ZVhSjVjafSHWJLCSeLLVxXebC2kZtCiJGx8KxCSLMA2y2Fi0ok7xg2qpvQ0xBnCPvpsALjFuuV5R _goJtEE6zLNtViLk5PChOizVl9QhU4bRO8Q5EX_.6DPCVl1IqkJUoV3EyA9Vw0nTNwAkNsKYiGFZ jCA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:05:42 +0000 Received: by hermes--canary-production-gq1-677bd878b7-pqb8m (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e262426b02cfbecf0124eb7a5c5aa81b; Tue, 28 Jun 2022 01:05:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v37 14/33] LSM: Specify which LSM to display Date: Mon, 27 Jun 2022 17:55:52 -0700 Message-Id: <20220628005611.13106-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/security.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 166 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 3 +- security/smack/smack_lsm.c | 7 + 10 files changed, 257 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..0f60005c235c --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index 8dfa36a99c74..085ef5f4109f 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2827,6 +2827,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/security.h b/include/linux/security.h index 61d5f23103b1..a7a445bac8ce 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -240,6 +240,23 @@ static inline u32 lsmblob_first(const struct lsmblob *blob) #endif } +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1aa6c56d79de..7f06f43d3bb0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -641,6 +641,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -652,6 +671,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index 6df37398cfd8..d60bc6abaa40 100644 --- a/security/security.c +++ b/security/security.c @@ -80,7 +80,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -673,6 +682,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -681,6 +692,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1746,14 +1766,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2185,23 +2217,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0 && rc != LSM_RET_DEFAULT(setprocattr)) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2221,15 +2340,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2240,16 +2359,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2257,7 +2375,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2398,8 +2523,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 68dcdc52f9aa..332214d17268 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6385,6 +6385,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETINTERFACE_LSM, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index ff757ae5f253..e419a0665b11 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,8 @@ const struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setinterface_lsm", + NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6e0eaecd8256..552c4d4d8fac 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3516,6 +3516,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Tue Jun 28 00:55:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897429 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D79E3CCA47F for ; Tue, 28 Jun 2022 01:07:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242837AbiF1BHU (ORCPT ); Mon, 27 Jun 2022 21:07:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242442AbiF1BHS (ORCPT ); Mon, 27 Jun 2022 21:07:18 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0283422B14 for ; Mon, 27 Jun 2022 18:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378434; bh=aw7sdlRZ8+yTH4ZutWyqDOvJ3351w3XteiZy62cDUVM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=YY3r3riZc5HbOfs1ic71Qou6blZT/88EC6ngwEPCvV9b9cpIUKvxLDXQ3QmD2Wr8pwUzrx8kLEzaVl942vQrjVqfFmwUSh91lR4MAZiBOJLITUDTIEq28dt91ghMiCDRLpuk4pkW8bDrDzTpMYqM5HN/S8ghvQks2pvikPlyYAJlz0TiDg4fscTB/YlbO84VYVdDX07go28lGNLhWGwBp3g4o6kGIhr+pQxIpLGGV1DQjUuReIgXoNgpENMQd5Fl6keA+LuvQ+sgIajg3C0V7PsoUnfBwR6edguomDAMtk1JFNkyfsXljcCmTU2nXXnR6JftzLVlClUCY2sSHbafkA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378434; bh=8a8JxfEKsl4hP/RPXhvPmjxxfyzvrLjdGGuivDs/i8j=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QzDolqyQvbaT/HFve69pyXUkioiPYQCRGyC0x4LRgAtay2osjmTpsW7TAyRcb9mYkAQAd1CfcmV4GLVKY6f56rngB8mAguVedevjbmW8Nf2otDppW/0RXjWGf8k8yJE2ubz8V2Xk1DEpdS2f1OjIJIvEiTcCuktZHsE/gOvwrnNBCi8Q2pk+0x8eOrUCxVB7SC9WXeN/PTG5gRq2YSs4i3pbF2jHG2WZyfEvECqEefeMP1TBi4mFtVHrF7VnPSF6czNL4O5lvHknandJcANHQWY2ENNQ5a6boDfT4J6l+rbsqcPLXH688zwbjxGYAwuChZ58/LwNdt4PckltadmXUQ== X-YMail-OSG: BbX5a8YVM1kl0nymA5_sb.E2emLuMr8Qnnz2kRiSToGaxeefgOUzTChJXMPlQTa yZPOd.IkJ3u7gJ_hul50fUbt38PtctvZL7cBgaAMDkRlyI81DEN8Px.LXoPfqEFbiorYyLpLUQri YmvKp3loecIEMnn4NEaywv.3bW4m1MXe_Zz19Y.R0oZbYH7CPXWU_dQ6U98TClQD.K8k4uD7NU_M a3pFSRbnYf9RbRzzjde3kZhepxVvbIGIwPsftbc_BA8BXvBhhpk7EYyvCKIdEzDEzkiFounJcdJP wtCksL7hyhK08v2o1.lAkh70162SyN3.S0eO5agnmsDk3HATjT5JNH4FOuDbMlwJrWrAm.4V8eZy uLdWkXWizImwt4FpwYLWiv43zEhbisVqNRkpIRbjj2guzlk1CVDqdTI9WcVHLhcK0Q7XUs8fUuO9 YTMbIGxQqlMrDHcQK6i5vBN4FiVYaNDoVlLkeQIquRa5YdOcUKRPRBLgrRCgBszBG8XgZbU1QbAH oErJS1wiHvxaknYKfJmIK6vPo_YR8B.ZOfblH7Lb3YhJn7lja3cg87DTVen65VVsMpCoWSM8o2.D ck_zkEFBnnTCI0DClKOt.delWEF8owamdYW_VHs7tmQzEDIWq6fFLywugjax9eQ2JxqFDR8g9040 MVanoYx0pjuaEJby94tqucTxp0i1PlHHcHkASVK4AkvGoISHfBWVjXN9ICp2oSwLkaqMwEZXPi5i m7KN0eNbf7fgINAnZax0PxTjoMdl2BDhAHlrWHDJdiKseoi28lgYZIHTvyNKqnL5qe8o6u7Xre7Z AXV6jnAy92s07tPXyTuYmm1nmglLdQg0E2YmQjYeti8ye8fm2fHgclTWiVDKyGvmoO2XaTpihgiA 87QQ42J5hatGyD9wCfwhQImN9BJ3BrR8xIB6UEhjlQRuMu3mjsZXYqRzvngjrIJND._D2jv0dMZF ZT4zMo_TrjrdNhvrKE7vbsJq7enyFfKgPZln2jWT_glfC3znc4RSROL6DRYyB5o65dKW.PbxEcw5 pqlhPu4u2uPk4feS4tR6od1tXc0km92QD98OVfxjAlMGLTD07JFfnwSqbvzFth91.rKHTNdTW9dM dgh6y8weZXojz8Ri3RkZijVgTYP1pwtlB3dkgHTGIyjUj8TW05anEq_ho0fdPAKcCZ2fH8kTPSf8 KbRKq10cSCmo_apxyz5uHYz1LJKj1vna4M2zhlmNNty3BoTdTZ_NFhwBqWd2xsgIRrpEfji_q0Dj 6_EJrWXll74C.5FvF_FevNDkVqGF9nTgDW_6B1Qt9IERoxdzHJOPIucqLOo5i0rXDKTZ6Jrivky7 _MyJAMOYAdzc67jglh.npV.4T94jKJZOD2aE.oHmQSX_VHYYlhuXJpvPLN0cn0LrbNfblTOFTHZS RXXILoStZM8GvxViETAvjHXQMKYLit31zIAaZ7UMlZscEXcunHSAUssXV6JGZP4JY4AVLNktvH2I HtfAAV4yTnkpe_rkZoUHnoxxcLdY.oRP_s7Q3zlzKfYVcmHxfEGfqbtyHcxRXOnyI.2BcVKZ9pMN 3jxvCGzKjN.nbDGSkCEOo9vjD.lI3EmQaRN5mTmb_ttULAR00dGQyOVHC8QsKb5yx41lJxwrkIjF fVtBw2HOKJ99sOEaNnLUwWLWPCkEP3qH6Iaif3Aoy0S_y5dCecJ1eqv7kmynwQFHvnNRPq2NRXfF UjXtqM9pt3SC36beAgV.gZV0TZCV_A9Wz5AcYRqGPl0i6rBcYLKgyx4hd_gbdwHbYNU3gKbxP6fP .mc.YtgJdrwXmwE51XCKaGYAPdJptwds5Qfuc5RTvciMWRujhpvx3FTvoyc1HvjB0yEBGKsrJ58u pxrhvs.FrQtsqnkXxdkqVwmiC9YanaSLkE.SsrT9gsbaStdoVC3SNmoiTqeIU87rnEd1vT8aNvaG dQ6_tZ4bpv5poWo.Vs3GWh_kE2yA9TQzl7hciRBUZYNLU9C7qVK528jg3MS34r1PxDgQ.20X5zZy NnckRrOv9f3e.IloOxFN_qeqPoL6VfDkNfaJr4iTpkM5tTbRZHKWjV58fKPR6QHWSQszZlPGhXTq 9bnX5IWL41MEYzwUjZ1EYyX1uMRlyGZhfuNQLIu32LlhuZHtg6m.w.JzWOwPrkFoIopU_ihPzviD oqRmcIWVhLkiJpihDVUKp84pkyn.SAtC.uicsz1e1avV52Vxsn4f.w.n5O7p1x_ar6ArW5vlZ1.b zzpDiFdTyHuYpCuqzxyErN_9tnYSoqLe6c7jXSqD1v34PagBtPepfNzpNUrIEbzdC7MJh_ekJazq Jv62nkJWb3S6kY4F6eDIhnHfL_x0dw_qdxHZENyMAhIGFiKpYbSsxWObm.O2XAueV X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:14 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b; Tue, 28 Jun 2022 01:07:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v37 15/33] LSM: Ensure the correct LSM context releaser Date: Mon, 27 Jun 2022 17:55:53 -0700 Message-Id: <20220628005611.13106-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index c2f71c22a90e..9c1ed7fbda87 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2783,6 +2783,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3116,7 +3117,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3532,8 +3534,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index f141f5246163..4c4dad4713b6 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1391,12 +1391,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index c0fdcf8c0032..d6bdb0868729 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 61b2aae81abb..512ad208d62a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index a7a445bac8ce..a20fc156c697 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -137,6 +137,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -589,7 +620,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1453,7 +1484,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index f67f1eb7f4fa..23c8f8cbe8a6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fa3cfe569ce2..9ed58db58965 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ddc8cd65ed12..da36301e2185 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 2c1f3280d56e..644dec6a8ef5 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6269fe122345..f69d5e997da2 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index bbb3b6a4f0d7..b3e3d920034d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index d60bc6abaa40..e434f085afab 100644 --- a/security/security.c +++ b/security/security.c @@ -2373,16 +2373,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Tue Jun 28 00:55:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897430 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE96BCCA486 for ; Tue, 28 Jun 2022 01:07:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242858AbiF1BHU (ORCPT ); Mon, 27 Jun 2022 21:07:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242856AbiF1BHT (ORCPT ); Mon, 27 Jun 2022 21:07:19 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B754A22BCB for ; Mon, 27 Jun 2022 18:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378436; bh=NiIy7QTRHRBgsiIQdXsX4B3Vyj7nqIbe7567Auk3J/c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qVH/ePa1/z8/2Vsga/biVeWphhZ90NZhQ1SJUC28DQlEP3L9UiJ1lEt3juzdHFvWG2kjpGNnSRi/BHLfuX2eupv8JTcV+ifsBJCTzPexSThSBIi4xL6j5nY1tDuMvPUX4prsaRSlO3X0x3M3BiMxh8ZvXdASW1kStMDyZZKkv40jj+P7lXTh5cj/9WL4dJTZWcNruk3AwAvNPAdL2AaRceTDxHOKPsut9pcwdHuiYHW2css+IBV0E/b855m59Btwo2WIl4prHZIjuKDb1yKoksYLvJ8bjmdt/GTluVvAmaIZru5wtHs+1O9fOSe8PMbyRvHtHf+q/0SS7XhIyZjlwg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378436; bh=3gU2HMZCIPTZiSHJ9otTH1fOOzaT2zwYSHaOITXlrog=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=iafgohqCG2zHGaMh+bZjuZ13VLtARkND+mPfXlt6mDxc55qViT9OafMkWUkPTfFqLA4BZiuL9amKtrV+zv5ZLeneU0hqQ9qCRddB95V5CTyABTxlrmmK11xjWBHxcgW7tONqFRuCJyXAL5WJlduhDNAdV/Fj9k2mT3hFu4BnFhlVZ6aH9NI6U/Yg9lB5bCkvu5cqeiHfyz0mnVvtZ9hy/6PFhqc+e6C5x6GJzePwF6BXR+NWcqw8l6XaPLxTVYQTpEKeom/Cg19Y0xPQJvm22yAFcF7oetCfgu/OP2NjKXA+d6ulGKUkUaGZoQe1N/k5ktDUKNoz5KK0aRnGDVtrTg== X-YMail-OSG: PnwVhmMVM1m6b.R0tG5V7YfW4k6wWmnw0bx8Yyi1KaPDkwQQigqgzcIf.8iUw0e kYa3koc6gIs0.088Nh1Z.KEHLhelAqFq9OztJM7Auu5.Q2YtfNg_aITFh2u.sHRdbT1SQ.4YvjIP POYkEFc9nawyeO.pjc9oG36pl0dmr4nj9DT8TaDufvSMIh9KtbKVcpJJeDnQ4uqZgcYqx0Uo4Em9 yhIGnB7Yen4ZJ55QNAUgnKk0HT0df79m.XBP33qzdClWGoYbzSdiFzsPCfcLz88O4L8i3oKVHhf6 .90lrnGQYA1_GK6sprq9UBdPRY3.fO6UCXQjbPhgodNu8Y509H9DCBqce3kVvtsTXTK94pnjt_SB ECX2IroD6S28QdjEm6BVnuP.c2AKZmQ1uqwCnMclMpR2qxk6tnWMUHwSGEwxQSc_PdL9vvtUclZ2 O.Yu7jC3bVGk.6P_YH0bKiDd5QSjbo.oOldP5mPFZayCoGO1ujQ3ZT8PHFKzuC6VQ9yNfCz6UbRH R_YJVY8HqAjonN5MOqD4gl5JEG6W5Iw38eEgOMgARONhWStfbZDqsGUlT_a6EvYb2pv556gwWAW7 upoq0GwyTbg04AQBYjjqaZuORoL_DBG6HahPSiIMEfUbPOjsaTRWavAHyRRaTk6ZnVL7_TcZfw59 jYPDss43gcefKKwUXmaMcGU.sHeby8dWvOQTWfBKhcdQ54yO5chvC4fUc5zg73QCPaQ95GPZjLpl hjBNDvdLLN1aX9BkqUNKTN3E9LLBEv.bSq_KRyCPJSPwkVVpG1O92QhUmQcD_OsOpw6vxuhEht_m zWvhpyJ4rx7b33ynjPeqQ704eMFz7nolVsz1PPBIGTJK30CnzqOBW5bSEk.F3LSVEiJ.JY5pHKO3 o3DSn52JYczlbPeFJ1VQF4vvZ2cBQatQjXV1Yrjp1QIMc2lYZP6UCg..lRBB2xfNf5msJqrK0AM. ZpNEkbAhID9GqhFiQlJH69cnTrbwZMqyBBNw_jIgkcV1CO__.iiTJxZinzNptwKL.5AVXBdQ7tJq xVXQK2viTR48cquk59OXnOq9lbXSnPc_WfgWZB0wqq2z4Icl7RTioaDGG93bM50fVpxZGFhJwALI yLHkcpKK0TjBBXNdssftDEW0R0IFsb7m3jmpphdmghIz3gQuUlcIJAE.PLBpJod2rTLnisOVP6Ar .gUXgA6U_gdacFh6EhHk__uj8.tPOSmfIslM0Oi6x1LjDcbSBGIkqNF5PtHWE2wZ9PBgsjOUaWtw SOaA0pBrVw6xLfbMJYElOtyFqrbCZbEJmpoS1COaql4P5LI2FmGBnR9EPaKBcdTkAeBu0SSO0cCS 9z_F2pSQamhDub2IZKgwyD6TvY3WxCHTMHuCDTwSdqm9Q.CPu5Q0KAEe8onOmANZuka.us_wTX3v le8.A6NQ129XVBnsxO0xnkogKWHuNoaaS0vMr9P3WabeFD.1fdgNjnZbrTEpDGcz3m.KJEvgbdSN uppUNu5DRvqIfVwS.3qb6x33X64x7oaE.sHDAf4.3wSJi.wCcefWTcxsUTPNCH1sbzN.NCGvWbN4 yjQrQc0KEEWm2QUBBYZAXVeYqvBUj4pYx8_4LYXt1NlCADNMnQNzb8_A8ew1H5M7.VOGn5uDBHTm zKpNiPWV.iV4GnMdF7CDF_SoWoDrdOFYCvGXLiCmHecFhnGKY_FG1_1H1uFfU1IADJHL4vN0myrr F.OOB8pvRGcjSriPBYjhdQv6D1nyYrLeG.BR0BqmIjW9kLLruE35iMsrchSjrToVCDRKHqgi6FDT jXaR5SDUPEkwhyPbqs8ZLzbmHYP4IvruRnw35ZL6as7L5UHy64zBIou5wrK5.v03Fs1K44D8BcJu .KZwqBcr5GDEm6OfWorPtevJ6qEYPQFNZaCZBweyNBukyPT3unSZJDRG_nwCeKxdADQCNobgk0mp hosTuSVgZiAC9CrHDNgY0P4bfbPkV_1s5pB.DCi2_Fn76XiHh5UeN0cWTJ_76i2hM3ytz587IKM1 M8WBhqoD7OFBvId7xcKtMS0esMR8pYWiQSRrWlZC.oG_MBWEM6bM8SG1gaNsErMI0B0WjYaWfkZW whj.O2ZXA_I9pi3EHkwRbqTYVLwIyGnpokJlEzIIBrX1Vxta61grYswvUqFGsjS9AT.ReUirNxy4 FPgFZCdH2j_qG0dsHTkCsa0OHpnX4OQ1cwsrBHGgVzCTAbJO4jsOG8pK1x4ZnH_uWD2f7KjpZhDD zuWCQj8L1zwh1lHBB2mM_xHV5LuMFx1eaqfqBoVrZUWxksZXcntkaQpfNByIWj_3sYHmacl93SvY N6BDnsIfk8Rac_3PdFHqMRNrPth8ZWSR75SjCJvflmTpzhUhyWHBThNydb6sD9C5q X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:16 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b; Tue, 28 Jun 2022 01:07:14 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v37 16/33] LSM: Use lsmcontext in security_secid_to_secctx Date: Mon, 27 Jun 2022 17:55:54 -0700 Message-Id: <20220628005611.13106-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() will now return the length value if the passed lsmcontext pointer is NULL. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 ++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 42 +++++++++++-------------- kernel/auditsc.c | 31 +++++++----------- net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 ++++------- net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 ++- net/netlabel/netlabel_unlabeled.c | 40 +++++++---------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 29 +++++++++++++++-- 12 files changed, 99 insertions(+), 127 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 9c1ed7fbda87..8ae1a624cd37 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2781,9 +2781,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3059,7 +3057,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { binder_txn_error("%d:%d failed to get security context\n", thread->pid, proc->pid); @@ -3068,7 +3066,7 @@ static void binder_transaction(struct binder_proc *proc, return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { binder_txn_error("%d:%d integer overflow of extra_buffers_size\n", @@ -3102,24 +3100,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -3163,7 +3159,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3534,10 +3530,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index a20fc156c697..5afd0148a1a5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -617,7 +617,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1472,7 +1472,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index 23c8f8cbe8a6..6500d97ce9ad 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1212,9 +1212,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1462,33 +1459,33 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); + sig_data = kmalloc(struct_size(sig_data, ctx, context.len), + GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + memcpy(sig_data->ctx, context.context, context.len); + security_release_secctx(&context); } - audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, - sig_data, struct_size(sig_data, ctx, len)); + audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, + struct_size(sig_data, ctx, context.len)); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2171,17 +2168,15 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) @@ -2189,9 +2184,8 @@ int audit_log_task_context(struct audit_buffer *ab) return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9ed58db58965..25a6c2a5b4b3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,9 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1134,13 +1132,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1400,7 +1397,6 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1425,17 +1421,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1595,20 +1589,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 70ca4510ea35..ad5be7707bca 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index da36301e2185..8bd6ce5f9e93 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -345,8 +345,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -354,7 +353,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -363,13 +362,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -662,15 +660,11 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct) static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK - int len, ret; + int len; struct lsmblob blob; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); - if (ret) + len = security_secid_to_secctx(&blob, NULL); + if (len <= 0) return 0; return nla_total_size(0) /* CTA_SECCTX */ diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 644dec6a8ef5..5003acf79794 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index f69d5e997da2..35c3cde6bacd 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index b3e3d920034d..12e5d508bd08 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index e434f085afab..b52c7c55a092 100644 --- a/security/security.c +++ b/security/security.c @@ -2337,18 +2337,41 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +/** + * security_secid_to_secctx - convert secid to secctx + * @blob: set of secids + * @cp: lsm context into which result is put + * + * Translate secid information into a secctx string. + * Return a negative value on error. + * If cp is NULL return the length of the string. + * Otherwise, return 0. + */ +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + if (cp) + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + if (!cp) { + int len; + int rc; + rc = hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + NULL, &len); + return rc ? rc : len; + } + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Tue Jun 28 00:55:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897431 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67038C43334 for ; Tue, 28 Jun 2022 01:08:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241856AbiF1BIE (ORCPT ); Mon, 27 Jun 2022 21:08:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242864AbiF1BHV (ORCPT ); Mon, 27 Jun 2022 21:07:21 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F07022B06 for ; Mon, 27 Jun 2022 18:07:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378440; bh=FN94LEWzwUDDYtALZrFGtv3Fq1k9e81NgNZU/g6SJyc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MANiyw22EhfLWbwhyqCW4KjrClAoFR8epQ/SBuw94qw/oQf6cVgxRhBC1NwswLY5Vz3qsLgY/yXu/tqE0DCetJMu2JdEuE/LWEhi30HHcFrxdlef0w48CoY2Da81ze/KHJp8OhAq/mb4wbdueUi3eIcpxUB3p+M7I7o8rYXnjsHJivvYpWw/4JlsZt/sRJHECz66NE54hzHubw1CIF0cXhgyXpXqB+gHK+bdKgMBGt/vNLgOWDMqW+Ec9VInCInZyOmgnYcljBNmSC6pXDMChPahg6WPAuzmK0aU2JyWGk5yPe8bAkuaPHxBm1b9Wl2xAA9xEigSUWZ6nMky9xp/Pg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378440; bh=PYmmTdTxxHW7kUJqiEbzlTal8wzsRZE9Hh+8i/+6owp=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=J8fZ7WJCb9Je4gkOv0PZMV4s4iIZLTQb49M7ir5EFhWYdtYQbSxdbNofOqFyc57CPTzQTuGfmZmU2McCpIvVea5IKqyZ2ItCIuF6n01j9yhoXtz4X41cNbosyryui1iPqjTsVTHTZiDQSDKN3LNMI+TFlMpNtOGSem2QRjlG2UZBj0ABpRnpiy45r5VLkRxxI1igJgeNvEsZPTzKYekx6nh9SYQNu475jViBx5ZSzyLrEDcxKR7s8euOqF2ws6l7gzOmvlaipPph16jx8TaaDkaB7F7x5JWllTSB9pp7m1InZIBc/6c6/rAfUqg59SfbsCsQuOhpUY3IKjpcsqycsA== X-YMail-OSG: 4qknKVYVM1lxC1E1LYGsrZ3EESCczJB2g4cY1QZQ0kOTanuzq4onJeFYSUgCBF3 dtmeZntkAWW_JPWYDE3oGeqyg27g2l99ffTr51lsYRNJ44JCctaMyxTdoTtKxYNR7EyjOnkoEHU6 vEqnZGKv7cn11HqDCapAcK82W1atxCV0uWAfr7cAcvNpYPZietC7lpJo6pCEZsRu3hhCPzm393gB QzWvIEhNK4XOXZk4yR_FAxNyMVGr.JT4BtoRgVFkML84NMhudvzmQ84Kxg9Cl0kSH7Y0hLCZ8mIw zIkoa5.nqfOmaAYZ5mSFDdeFq6BznNnwmObtlt_i43sCp_l1AIldRFt01AYoGk.PBavGXNlHkHPX QDhHhWQxZZyPaoQSUKSUW8oQVO5wWJVgqORIP1EEK0_.8COBKdXBfqeGEr7Bnt.5IuFK6WKjlP9l cVC1S0Xzt9QAQZgoFwU3L53ocOYbGI8XH5zK4HW1Ei4BG4mZs8ty3C3JxxfLlkmUFXB8P8lZSdDN HQZd.gnR_w8As8uIcWv6WaD2sbtdNgRpV.LZZ._lsqOnxY7f5zUIWeBlRhwTwK5Bi9GNIS7uTzUW f5OPqnd4aDk.JQ50YQtN5SBfYx7bvzGEL9FN_otkqjmsM.zK_bqHyo94_Kqr.90G5wm6NDdOgclS 8YDVm7Jvd9KpZuDhcpjdW0p2AXv8bO99xxdsRefQ4VdyZEuwoSCAUA9jhlTrqV2ijxZ8mqcqeTii FW0BGSz699U_45L62R4P_vibO5vfTB.O6mm..Q_quFAqJ9w7TYNBw1_KUWmwAo6Ib1_bD_0yXKKQ jww9t4JlOnxqc62lZx2k6PqzE6qbU6xPNCmFRJ77PzP7ufUTd.HiZcr_mE3Do128Z0J1jBDZ49wd F0OTWltgVC9AToWv9lyyEQtnmZn.Y2.o7FqzoCvpXcV4Ien69FKA1KVitWEI9gCdOAqsbZjEy3XO WIHBwikZ027xzhKv8vzt9X9vCmGHF6uk2YPasRpKfGC4ZN47gB76ufJRgaL6IDhdXtxD3NNbft4U YDFV_GscZbxhaeBikDF6kGxgACX0GlxLpz2TDKrCjv2alWxJTLvvXjaMozeAMfEHsT5zwsd0ED6a DzJ3NU81LxS9CgEjL2efSpcDejQ3FGP6szTXTLlE7EMEXm7YkfrjxJaXRg2WSFnYVEgzIYw.1t8G NY0uF58dhv0N2bXHR3gGFzlQBOjsLeInTPi98ZH0jvlQaS5jzmnck6azBUjMzd4zoEtk7vpe8Wwl 3GJ7NXZMAbxj0iE1BdiJerYsCZ9ZBlRZB2LGo351_4hPyLH_FZwTPs0Crv8mEbhq18zawP62K.LX wz9NJdklHngrAr150Q2KWnIzRHBWY_UBdXT5G0SdYxEHs77B.BaGq3NbF_pWhevfX6BjGdr4kaH8 HmOnm3K_eqLok_8b3FTj4AWAdaYfPzRWdVhf0cPYxJjaOP.NaZLefvzH5i7zR_3nji.J4FQ6nYQp KzOjNHUeC0.5vMz8LhcqaM01WqQE._StF9DB395FO1ne7E78GW.lf_ur0Sou70Gyx6LZR2B6Qh8Y nmUzv1YxBnX8hP.x6k1mH2xrqRPM0SmI7vlnAxMi05DQFmZhjRic7jUoQ0501rxfL_b6fuZ6FS7j x1qKs5dKDkW6LK3D3deM7UTNBIn.PSytJonQxXG8XPulOOM1SLYi.HQHnx8AzYQ1hl5cWT6G4iJg YPm3L1S1AC2CaEp93CwaH8PrgVOMLYXPUp3zLqTMcrMnDqvuHhpkr3WO0OflEwYJiqjae1NMMRKD OnAb7x2khsPBykTzmmjd.FJzryOeiJO4i7tHVLXJSR4LnfwdP_MurWwRclqjSJQezV.Wths6vZSH L9PB3laaHPzxUYk68K8Zr4T_m3mTZ1AxixymvJS6KzxHk3DEwXtjp0Vyq2N2dvOtvoWVUpWEePrH IhSYNf_McPc4nJtqKpoPiJ6G_kX_zBMQ1B56cWbQLR.jHsAB1PrVHPt36raAt_OuRwr.C_PRNNp0 HAXPLAZgOdmij0Qt4FDQqkpvsFGLsQCpi7s774x3zuxxnLQBkZs3lir_l_qdIZc9YHIQBevESJ.8 n4RhAab08WWM305VuthNurZC2CIqMFPaIl.7l9uJBKzFdQp6poCWYggCByhF8UD39AbIH25zLJo3 tevf7MazrKB_v2GxAywSJcmgc.oZeGriKgZ5cq60qg5yDsNXGdHULFrGwyR7uTJXxOkmBSTbeMk9 YDoBx.rXqV6A02.DR8hP0Eo3J2d9icYcIkIug5khMnK5TrGjkOFMFa70- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:20 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b; Tue, 28 Jun 2022 01:07:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-nfs@vger.kernel.org Subject: [PATCH v37 17/33] LSM: Use lsmcontext in security_inode_getsecctx Date: Mon, 27 Jun 2022 17:55:55 -0700 Message-Id: <20220628005611.13106-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: Chuck Lever Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 512ad208d62a..3e42738df71a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2713,11 +2713,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2727,13 +2727,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2830,9 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2893,7 +2891,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3320,8 +3318,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3342,10 +3339,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 5afd0148a1a5..ca2ed1909608 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -624,7 +624,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1500,7 +1500,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index b52c7c55a092..72df3d0cd233 100644 --- a/security/security.c +++ b/security/security.c @@ -2428,9 +2428,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Tue Jun 28 00:55:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897465 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CC0DC433EF for ; Tue, 28 Jun 2022 01:08:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241527AbiF1BI6 (ORCPT ); Mon, 27 Jun 2022 21:08:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241289AbiF1BI6 (ORCPT ); Mon, 27 Jun 2022 21:08:58 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2EC4220E8 for ; Mon, 27 Jun 2022 18:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378536; bh=2BLP2lKCc65T4YclFQ8fkaJyAWYAAdNnAEMDMhWmqR4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=G+0qbpzGjYje6U3hwo37dAUSuNMueAy82KWZOL8lXjuolmuX3gKT+SqnldskNgZYzVWH2FIQGphS4C2C4tdvn5dLg9y6PobYgtSpsoYmAGnw2sGFwTdTcS8jyqfLAFHJZgA6LHNdliMa25ZRjUU6TBc6XcalkRgiVqGUiQfteSAjNfiS16bBrD80KdMOvaJqaFYsr8euNtKNj3g/63wfsfLIyT/3rua7GSasvaH3FN+Aq0QBk3Of7RqJxVODp0RtyFRGZm6o0i4UVz2EoWCil0+mnXHNr8vAy+M4haEE/nk8Sde2/AwvvWsZdV1GUjP5YREPEmjii4tMh9cd0ILjtQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378536; bh=OvP9LME0ZZlm/rcZrVMZKCS1mxxf1EM/MpmHcB6JhcM=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cESsEISjyunUT7/Uo3Ajd8IPin5YRw+AQggOKGPNGpHnnKPV3TpsNJu2IttemFhMvJpQoXSekJiKNNbgug6MHiPBDCMCrGGx2aSy+hv4cb5f6hMN11P3QHMzv5RsgiGccPoWhDdNmQrWlsah+iOxI0ISeYQou/Ct39j15hZ0lLwdhLkH+swz4b0LKf9tsXpjt/oIpqUdIXu391yDBH9mqI1/O8TQxy/1zZSymiH0Puoz2yXO3LboiAhwd6xo8EBx9uyjJtGeOxaDxxwlVncJuAV8B2fTvkpqv09UtMWG79kKYUd5CcTbcRxj5MAhivknVG9/CoBNRy4Nxu9vUn7tJg== X-YMail-OSG: uvyxhgwVM1lTW7SNA_CSfK3ZBA7gE4fUlCoahqyuqMbo18mMZkt0AxoOlrj5Zmu td2GNaT_OREm2efGNMF5P9oXu2FCLXG6kPU_PU7.xYw4926WSAc6xktg5mIiPfmqzachdNZGGiZc 1kMIUm61DAtcCLa2zvCzB61QkJlRNEHRLvj02zw7lSz9F.HBn9Lk4j6y03rkJLIuN5xQ7_73st4Q s8kNt7u0WkQ0Nvu5qloLqkSj4eVHg.tywP6SgxWKpFMfNd.KNadBw4i9PRUWf15Ms7OQkGV.NAul EywSPbpAMYQxiKQAAgfMKDgwUPdkluueiAYdRfLwsZDM7r0M5i1pZDFG_JG9iN9OBVLGToHX93kc bEHdUlfL7FGHo.Bbg7a4dQ8O6_Jv2XhBmW37z_4vxXt1Li.yhpPpCHZK.2I2SfLKz9l1zJtjfTEC Dsv2NAXNc6RieNAzhV2g38AG39N_090eH9Vr58ttkPQscRwRm90d.lWBaRhlOZNw.TMUezSDUwnr tLujZvBbE7Lwzj3aF_VSySelr02EKGC0OMkIloGHk8nWQBJwfsRCnHPdO7lrVm3tAdvI3dp2RaZ1 bUmp6c3354hWtDQIsOyGZ7SKKaHqHdGbNeKYaIFclYd9wJAvqW6SFL8pNfsoJL6Uh_JUuBCcnzU0 BmJ6wsj0yz9aDD0cpHo7zIwes68HoxtzIDOFY9a2kk7c.ja9WzWJpsq4z64viU3gonfNdHytxRDS 0ZjFFt87G5_rOV_xTloE_CoCkH.c6MS7erNMGJYPH9wq8Lc0sZQxZIXbRt7RgCRLhuJUMH2j.7PV O.nWz8.qQpFWDbIs6ot3O1zcOfsETu2i1h12VjSjKSjOXSh36MaQL_eWcqih0oLJaffZD8cUDCU_ xPQOv3t6TtUVuMJnE7NzRUqB_nkydzvmj059vYIkQ2vE7U4eKjCReWc_um0P38t8a4HCxMGUdBC3 0WsRkuSaFc2Y8s3xlUCz5uSMz7JOPvifPbBC5r_Kasx2cV0QuV3scgUJwTNn.U0cBuU43bLtdtiK 7B6YupvrwrBhNOWqPMfmP4ILH72ArL.htpNsRHeYRmSlW9XksGu3_CMYzlYtlxAZFjzl5bfRzUjO bQG_CacgeDhkJEhwOZ3o_d3CdgfQCJWOb7WJYwId.ORrwqkjx4G7Eh.Hp6oBv5g.VDNLXW3UfJ2l mqzz6fOFk7LTYH_vQoflxpuS15SpzTlSTnD8bJi0mcni7gI4WzXprJqfQiVVfyl9Dm.17NPI4niK Xs3thWefglx5nP22fad_WdqbYjJ_hL3Y3kpLMLVH_kV2Biu3XjgTAVXvYJP8_Pw0YuU3dzYUvPuZ TJERBRoYVVHhXW.dfAkpD2dJdv2V5mBhUj0DPICq784NYdQiYShyUrtPhENqPTjAwnCcvrkly3Gj 8_cNkGBrLCzMrdReqqvSfWRXyWoffFe3ZnbtKGjpkaKHAU3mRgadMQV4nKhdWUYLC8TDjDrlFvQO gGVgsB5Ezb5w1JRsHOu4_xFnmfNTWK.gbZXGLNI77ItHyEIOyVw5o0FOuUzrBImOwsaEaYjlInou fzd6O4f_EJi5lM.whDRK2H1NOSOH0Dt0p7G5CXgCFImwzYJYk3ofhwj1fK.dcWpvGYTF0H2luYns 01ZDAI5gO7RDgSwok9d6tAK7JFjo0YNN78vNNpK_o6o_q5Zm8vekuwgIrr2fggJMDrVXKtqhquRh 9nCxu53nYPnP.zQyiyp65WMzLRNw16JIk4rPgSYNb3hp4ibDkuLUqGFJsxGwNpM8vp2NE.wA6qqn RRdxtXbWtHomxWHa5NxaGPtAIBNT5R_kHVz44Oo1NmGiEGUSx0sZs2iB.kKKknLbIliEgpMCMc3Q lEzDKQ21ZTo.6tqcfJqMdHq6cPdftCj1bNXuBEK9Y0M9F2nCVPU_C4FQH4ab9_O6i8MiQQx.oAER kD2LjcL6VkT8rAVchV00DvjpTcm65slW1vyhaHGUqZ.q6Rj47oP4RZTpY1j9zG3yRn6UYNRBtYtj jA5sWcqMt5jc.JU4aXqNCAZgdZfcs1qUgEpXFBQen_lQtMG1rN17pBQ8hS2cKLNIdp.aCsy.xyj0 jal86orAhotdkMzXrsMPb4_tp4UgssqIzZ5ry32NCZLoVtJ4cH_kp9u_4AdJ4j9vDNAp9CXD1C4W 0nEN6CK9PhSH8wBbTewrhhqt9jrBoajyuvGnUjuH7xuPxpp5H_ARaf.k_gPPEb5_JEu8j.j2f9vq dXVTqkRZWiSA8thmsaFUWk4VqhGJsK0kQMnvq_rkxLuLQ1eyuE6GSvqpX X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:08:56 +0000 Received: by hermes--production-bf1-7f5f59bd5b-fj9wt (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 05fbaa230dcbeea0318fe174d0a2d20b; Tue, 28 Jun 2022 01:08:50 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security Date: Mon, 27 Jun 2022 17:55:56 -0700 Message-Id: <20220628005611.13106-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. Special care is taken in the NFS code, which uses the same data structure for its own copied labels as it does for the data which comes from security_dentry_init_security(). In the case of copied labels the data has to be freed, not released. Signed-off-by: Casey Schaufler Reported-by: kernel test robot Reported-by: kernel test robot Reported-by: kernel test robot --- fs/ceph/super.h | 3 +-- fs/ceph/xattr.c | 19 ++++++------------- fs/fuse/dir.c | 35 ++++++++++++++++++----------------- fs/nfs/dir.c | 2 +- fs/nfs/inode.c | 17 ++++++++++------- fs/nfs/internal.h | 8 +++++--- fs/nfs/nfs4proc.c | 20 ++++++++------------ fs/nfs/nfs4xdr.c | 22 ++++++++++++---------- include/linux/nfs4.h | 8 ++++---- include/linux/nfs_fs.h | 2 +- include/linux/security.h | 18 ++++++++++++++---- security/security.c | 26 +++++++++++++++++++------- 12 files changed, 99 insertions(+), 81 deletions(-) diff --git a/fs/ceph/super.h b/fs/ceph/super.h index f59dac66955b..e76967c7b69c 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -1059,8 +1059,7 @@ struct ceph_acl_sec_ctx { void *acl; #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - void *sec_ctx; - u32 sec_ctxlen; + struct lsmcontext lsmctx; #endif struct ceph_pagelist *pagelist; }; diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 4c4dad4713b6..0068ee3bd13a 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1328,8 +1328,7 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, int err; err = security_dentry_init_security(dentry, mode, &dentry->d_name, - &name, &as_ctx->sec_ctx, - &as_ctx->sec_ctxlen); + &name, &as_ctx->lsmctx); if (err < 0) { WARN_ON_ONCE(err != -EOPNOTSUPP); err = 0; /* do nothing */ @@ -1354,7 +1353,7 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, */ name_len = strlen(name); err = ceph_pagelist_reserve(pagelist, - 4 * 2 + name_len + as_ctx->sec_ctxlen); + 4 * 2 + name_len + as_ctx->lsmctx.len); if (err) goto out; @@ -1374,11 +1373,9 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, as_ctx->pagelist = pagelist; } - ceph_pagelist_encode_32(pagelist, name_len); - ceph_pagelist_append(pagelist, name, name_len); - - ceph_pagelist_encode_32(pagelist, as_ctx->sec_ctxlen); - ceph_pagelist_append(pagelist, as_ctx->sec_ctx, as_ctx->sec_ctxlen); + ceph_pagelist_encode_32(pagelist, as_ctx->lsmctx.len); + ceph_pagelist_append(pagelist, as_ctx->lsmctx.context, + as_ctx->lsmctx.len); err = 0; out: @@ -1391,16 +1388,12 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { -#ifdef CONFIG_CEPH_FS_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ -#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); - security_release_secctx(&scaff); + security_release_secctx(&as_ctx->lsmctx); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 74303d6e987b..ede296af6898 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -464,29 +464,29 @@ static int get_security_context(struct dentry *entry, umode_t mode, { struct fuse_secctx *fctx; struct fuse_secctx_header *header; - void *ctx = NULL, *ptr; - u32 ctxlen, total_len = sizeof(*header); + struct lsmcontext lsmctx = { }; + void *ptr; + u32 total_len = sizeof(*header); int err, nr_ctx = 0; - const char *name; + const char *name = NULL; size_t namelen; err = security_dentry_init_security(entry, mode, &entry->d_name, - &name, &ctx, &ctxlen); - if (err) { - if (err != -EOPNOTSUPP) - goto out_err; - /* No LSM is supporting this security hook. Ignore error */ - ctxlen = 0; - ctx = NULL; - } + &name, &lsmctx); + + /* If no LSM is supporting this security hook ignore error */ + if (err && err != -EOPNOTSUPP) + goto out_err; - if (ctxlen) { + if (lsmctx.len) { nr_ctx = 1; namelen = strlen(name) + 1; err = -EIO; - if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX)) + if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || + lsmctx.len > S32_MAX)) goto out_err; - total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen); + total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + + lsmctx.len); } err = -ENOMEM; @@ -499,19 +499,20 @@ static int get_security_context(struct dentry *entry, umode_t mode, ptr += sizeof(*header); if (nr_ctx) { fctx = ptr; - fctx->size = ctxlen; + fctx->size = lsmctx.len; ptr += sizeof(*fctx); strcpy(ptr, name); ptr += namelen; - memcpy(ptr, ctx, ctxlen); + memcpy(ptr, lsmctx.context, lsmctx.len); } *security_ctxlen = total_len; *security_ctx = header; err = 0; out_err: - kfree(ctx); + if (nr_ctx) + security_release_secctx(&lsmctx); return err; } diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 0c4e8dd6aa96..861d23eeac6e 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -810,7 +810,7 @@ static int nfs_readdir_entry_decode(struct nfs_readdir_descriptor *desc, int ret; if (entry->fattr->label) - entry->fattr->label->len = NFS4_MAXLABELLEN; + entry->fattr->label->lsmctx.len = NFS4_MAXLABELLEN; ret = xdr_decode(desc, entry, stream); if (ret || !desc->plus) return ret; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index b4e46b0ffa2d..d3132f4626d0 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -361,14 +361,15 @@ void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr) return; if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) { - error = security_inode_notifysecctx(inode, fattr->label->label, - fattr->label->len); + error = security_inode_notifysecctx(inode, + fattr->label->lsmctx.context, + fattr->label->lsmctx.len); if (error) printk(KERN_ERR "%s() %s %d " "security_inode_notifysecctx() %d\n", __func__, - (char *)fattr->label->label, - fattr->label->len, error); + (char *)fattr->label->lsmctx.context, + fattr->label->lsmctx.len, error); nfs_clear_label_invalid(inode); } } @@ -384,12 +385,14 @@ struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) if (label == NULL) return ERR_PTR(-ENOMEM); - label->label = kzalloc(NFS4_MAXLABELLEN, flags); - if (label->label == NULL) { + label->lsmctx.context = kzalloc(NFS4_MAXLABELLEN, flags); + if (label->lsmctx.context == NULL) { kfree(label); return ERR_PTR(-ENOMEM); } - label->len = NFS4_MAXLABELLEN; + label->lsmctx.len = NFS4_MAXLABELLEN; + /* Use an invalid LSM slot as this should never be "released". */ + label->lsmctx.slot = -1; return label; } diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index 8f8cd6e2d4db..b97b66b8b7d0 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h @@ -342,13 +342,15 @@ nfs4_label_copy(struct nfs4_label *dst, struct nfs4_label *src) if (!dst || !src) return NULL; - if (src->len > NFS4_MAXLABELLEN) + if (src->lsmctx.len > NFS4_MAXLABELLEN) return NULL; dst->lfs = src->lfs; dst->pi = src->pi; - dst->len = src->len; - memcpy(dst->label, src->label, src->len); + /* Use an invalid LSM slot as lsmctx should never be "released" */ + dst->lsmctx.slot = -1; + dst->lsmctx.len = src->lsmctx.len; + memcpy(dst->lsmctx.context, src->lsmctx.context, src->lsmctx.len); return dst; } diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index d6bdb0868729..dca0d5c84337 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -123,8 +123,7 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, return NULL; err = security_dentry_init_security(dentry, sattr->ia_mode, - &dentry->d_name, NULL, - (void **)&label->label, &label->len); + &dentry->d_name, NULL, &label->lsmctx); if (err == 0) return label; @@ -133,12 +132,8 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - struct lsmcontext scaff; /* scaffolding */ - - if (label) { - lsmcontext_init(&scaff, label->label, label->len, 0); - security_release_secctx(&scaff); - } + if (label) + security_release_secctx(&label->lsmctx); } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { @@ -3800,7 +3795,7 @@ nfs4_atomic_open(struct inode *dir, struct nfs_open_context *ctx, int open_flags, struct iattr *attr, int *opened) { struct nfs4_state *state; - struct nfs4_label l = {0, 0, 0, NULL}, *label = NULL; + struct nfs4_label l = { }, *label = NULL; label = nfs4_label_init_security(dir, ctx->dentry, attr, &l); @@ -6108,7 +6103,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, size_t buflen) { struct nfs_server *server = NFS_SERVER(inode); - struct nfs4_label label = {0, 0, buflen, buf}; + struct nfs4_label label = {0, 0, {buf, buflen, -1} }; u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; struct nfs_fattr fattr = { @@ -6136,7 +6131,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, return ret; if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL)) return -ENOENT; - return label.len; + return label.lsmctx.len; } static int nfs4_get_security_label(struct inode *inode, void *buf, @@ -6213,7 +6208,8 @@ static int nfs4_do_set_security_label(struct inode *inode, static int nfs4_set_security_label(struct inode *inode, const void *buf, size_t buflen) { - struct nfs4_label ilabel = {0, 0, buflen, (char *)buf }; + struct nfs4_label ilabel = {0, 0, + {(char *)buf, buflen, -1}}; struct nfs_fattr *fattr; int status; diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index acfe5f4bda48..9f1a376fb92c 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -1154,7 +1154,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, } if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) { - len += 4 + 4 + 4 + (XDR_QUADLEN(label->len) << 2); + len += 4 + 4 + 4 + (XDR_QUADLEN(label->lsmctx.len) << 2); bmval[2] |= FATTR4_WORD2_SECURITY_LABEL; } @@ -1186,8 +1186,9 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, if (label && (bmval[2] & FATTR4_WORD2_SECURITY_LABEL)) { *p++ = cpu_to_be32(label->lfs); *p++ = cpu_to_be32(label->pi); - *p++ = cpu_to_be32(label->len); - p = xdr_encode_opaque_fixed(p, label->label, label->len); + *p++ = cpu_to_be32(label->lsmctx.len); + p = xdr_encode_opaque_fixed(p, label->lsmctx.context, + label->lsmctx.len); } if (bmval[2] & FATTR4_WORD2_MODE_UMASK) { *p++ = cpu_to_be32(iap->ia_mode & S_IALLUGO); @@ -4236,12 +4237,12 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap, return -EIO; if (len < NFS4_MAXLABELLEN) { if (label) { - if (label->len) { - if (label->len < len) + if (label->lsmctx.len) { + if (label->lsmctx.len < len) return -ERANGE; - memcpy(label->label, p, len); + memcpy(label->lsmctx.context, p, len); } - label->len = len; + label->lsmctx.len = len; label->pi = pi; label->lfs = lfs; status = NFS_ATTR_FATTR_V4_SECURITY_LABEL; @@ -4250,10 +4251,11 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap, } else printk(KERN_WARNING "%s: label too long (%u)!\n", __func__, len); - if (label && label->label) + if (label && label->lsmctx.context) dprintk("%s: label=%.*s, len=%d, PI=%d, LFS=%d\n", - __func__, label->len, (char *)label->label, - label->len, label->pi, label->lfs); + __func__, label->lsmctx.len, + (char *)label->lsmctx.context, + label->lsmctx.len, label->pi, label->lfs); } return status; } diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h index 8d04b6a5964c..5c2d69cf609a 100644 --- a/include/linux/nfs4.h +++ b/include/linux/nfs4.h @@ -15,6 +15,7 @@ #include #include +#include #include #include @@ -44,10 +45,9 @@ struct nfs4_acl { #define NFS4_MAXLABELLEN 2048 struct nfs4_label { - uint32_t lfs; - uint32_t pi; - u32 len; - char *label; + uint32_t lfs; + uint32_t pi; + struct lsmcontext lsmctx; }; typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier; diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h index a17c337dbdf1..a838d4a45c1b 100644 --- a/include/linux/nfs_fs.h +++ b/include/linux/nfs_fs.h @@ -428,7 +428,7 @@ static inline void nfs4_label_free(struct nfs4_label *label) { #ifdef CONFIG_NFS_V4_SECURITY_LABEL if (label) { - kfree(label->label); + kfree(label->lsmctx.context); kfree(label); } #endif diff --git a/include/linux/security.h b/include/linux/security.h index ca2ed1909608..a4d08b47cbc3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -229,8 +229,19 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba, } /* Map lsm names to blob slot numbers */ +#if LSMBLOB_ENTRIES > 0 extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +#else +static inline int lsm_name_to_slot(char *name) +{ + return LSMBLOB_INVALID; +} +static inline const char *lsm_slot_to_name(int slot) +{ + return NULL; +} +#endif /** * lsmblob_value - find the first non-zero value in an lsmblob structure. @@ -470,8 +481,8 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, int security_move_mount(const struct path *from_path, const struct path *to_path); int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, - const char **xattr_name, void **ctx, - u32 *ctxlen); + const char **xattr_name, + struct lsmcontext *lsmcxt); int security_dentry_create_files_as(struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, @@ -888,8 +899,7 @@ static inline int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, const char **xattr_name, - void **ctx, - u32 *ctxlen) + struct lsmcontext *lsmcxt) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index 72df3d0cd233..96a89fd5802b 100644 --- a/security/security.c +++ b/security/security.c @@ -487,6 +487,8 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; + +#if LSMBLOB_ENTRIES > 0 static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; /** @@ -531,6 +533,7 @@ const char *lsm_slot_to_name(int slot) return NULL; return lsm_slotlist[slot]->lsm; } +#endif /* LSMBLOB_ENTRIES > 0 */ /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -549,6 +552,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, WARN_ON(!lsmid->slot || !lsmid->lsm); +#if LSMBLOB_ENTRIES > 0 if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); @@ -557,6 +561,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); } +#endif /* LSMBLOB_ENTRIES > 0 */ for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; @@ -1167,8 +1172,8 @@ void security_inode_free(struct inode *inode) int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, - const char **xattr_name, void **ctx, - u32 *ctxlen) + const char **xattr_name, + struct lsmcontext *lsmctx) { struct security_hook_list *hp; int rc; @@ -1176,9 +1181,13 @@ int security_dentry_init_security(struct dentry *dentry, int mode, /* * Only one module will provide a security context. */ - hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security, list) { + hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security, + list) { rc = hp->hook.dentry_init_security(dentry, mode, name, - xattr_name, ctx, ctxlen); + xattr_name, + (void **)&lsmctx->context, + &lsmctx->len); + lsmctx->slot = hp->lsmid->slot; if (rc != LSM_RET_DEFAULT(dentry_init_security)) return rc; } @@ -2238,7 +2247,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, ilsm = lsm_task_ilsm(p); if (ilsm != LSMBLOB_INVALID) slot = ilsm; - *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + *value = kstrdup(lsm_slot_to_name(slot), GFP_KERNEL); if (*value) return strlen(*value); return -ENOMEM; @@ -2273,6 +2282,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + const char *slotname; char *termed; char *copy; int *ilsm = current->security; @@ -2304,12 +2314,14 @@ int security_setprocattr(const char *lsm, const char *name, void *value, termed = strsep(©, " \n"); - for (slot = 0; slot < lsm_slot; slot++) + for (slot = 0; slot < lsm_slot; slot++) { + slotname = lsm_slot_to_name(slot); if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { - *ilsm = lsm_slotlist[slot]->slot; + *ilsm = slot; rc = size; break; } + } kfree(termed); return rc; From patchwork Tue Jun 28 00:55:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897466 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B208DCCA47F for ; Tue, 28 Jun 2022 01:09:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242966AbiF1BJG (ORCPT ); Mon, 27 Jun 2022 21:09:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242935AbiF1BJB (ORCPT ); Mon, 27 Jun 2022 21:09:01 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3843E2252B for ; Mon, 27 Jun 2022 18:09:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378539; bh=WZac+aRC2uz0l+4S4NGEdN/ZurgpD1tHTTaIIPo8luY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MEg/maQSHSDdAcI9zGAkeKXDVjKIGt61Qd1Vic8eeD5uhfV33dNpkr1P/HByTB0zpeKi79f+rujd5kzVZDp40AebzMlOAFGaq0Fdm6aDIQ7fLUF65jjW80M6UXwl4PSYqyPIcs52P4NHWqo+vgLUJTHDPwOGAZfKxfpwcz/0y+4X7Qg+mKaxWlRNor9oemYXwx8ko0AXR3QZjPXyeLeQXAVAuVNkQZqwXz9wcbjZxam5s52WOM6KILcqcRIE1Q5zbpLf7RxA093twl+tFylgqFXekS8UekxJlndI746ZaCsw+Y3trfyzX+2COVP7XrjmYMvRPNaCHCA60bdCzAJxCA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378539; bh=tG6rYld6ccFoLx1nGWc2NfgcUdU9kaJjHLKNE4hYq58=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=h0rD2pl2xUd2jYdkli744YAHvjsUnppTWBQM7ymC6ZTtntz4v2EAobJBnF0VbIGm0IGOFSFpwdmRm0zDM114tigxM/Phe80nS07Nol1vzUL4K+IklR5WDjuBGPSq6VAMSQ+a0CssyrqqyK8aY2BNwY7dSne/wlT6FOpQb1mmRK4jAezs1pBpokpZXjRwlNoPOHjy82E3pf46xLs8Xoc7MrQsxkbtC5VscfqisY7gji7aBmeuCmuheTu49nARQgWvQ2+4+vnXi0vrfRpXV6VsPXEwwk0InUM8AYpXVDR0GQAuuVJXBuOc+lk2G86EuYkIEipjOGoMsKliNCUMGoyVHg== X-YMail-OSG: QRWirEgVM1l5I0DmvR10bTKnmlIF60OqpETy7C7c9cuK0C3bzInsf5agnbzChnI KkMPQGQltsdYQRbBU3hXqFKSI2dIG3aIKGM1y0M.Gvlajg5b0erGVqhrzz_.srypzCmoQ3F2ee7G WIZfF7feymV1Zn48kW0KedF1l1YBsn9pPJznY3UGLtpbAz6S0n9l9kUom2JzItAwAlWjVgawij4U K6LEQDW_YIcM4ECfvt6ZAhsPQGkBZmGwfbseKlfHuGPB_n8ygmmBGtAuA3qPH3wAUDXNDexCXl2l ck99dtg3gbFq1tmAMaTF7.ZGW9av3qacOtF.5dUY1n8Le7bBNtrn5ROE27vNxs7UnD7jNieQSgVw 6uY3B.M.huz6Vd._5_5FfqLljEOYtfCIuddiIJc0ueIlX9D81j8lmiXAFJCZPrc_mmkxBX.4sYoj Hd9VPRqLx8zzTZai_eJ5rZdV629KNRnZvNTD3OvIg9YzmiSdsSjdiXALTII2fR4a_47p.RtdFtva ho8DBZ3Sw8xmzyc7AUYvJma5lgz_BhuID.PPa4Lgy_2AC6jREXNoIJgTyWCxvYDGXSC3NqNKBCaq CFOTtUV3T4x3TtvQ537_IiW9VlPhQ81YX6m_vuch5rsThSxBKLNZ.lUP_uJhcCtQhbSa.Qj8qCVx .LsJjxqkmRwtWVwZXZLSy3AVHVbsmnoV3xbJArbcMWQqmvzeQX31NY0oUF3EWtz_xMhQqezxG1JB 8XWWUe5__rBT9R.oB9qbuPDnw6IoSwzEcRqHzElH_hPZ7JvyDOeatqtLwLI9pUDMk_C6l5wcsbT_ iAhNcx4szGeKmLSjRoPaHg0_RRLDQ1hYu9AaF8OmTaTU0SA5Pl11_mXufLO3Lf6Za3hTYw5LzdnG GREmM6azOJSg3xkYnVdXYe.5ZPbepuPzye8Ao8vYDPQkfaryOke2h7DK.IBlElHvoKXRwMWt.pJF oBxKLhK0HvyldAGGxbssQuSUnDi0F3ZHtNX_PkciCQOT8YWkbZMdZI77vw9J0DND_r_J_jLosWAW ZDeg.vK2pwMmbdWHtCiivFWAWOPAY.8BSXtPqsk.gXoTQIC4tgX6kBoioFDD5Ar9ZMYXn7kC4ETK n8UuqxW7OAgyCw1UNC.V_Ny3DYufDzEYl9BNMC0GrCbo6SnMGU_rS_SE6F5_NdF2Xt8pJ0KUKoWl XCXazn.rvXpBNoLakvGBqNcwySLNQ9mW8ad9r0f7BS5B3ErMdEhiLrsIj0ep4r4OnA3nuNdkrvKR AP0mUvfK6Hny01jvsWMhgfmDjAzxtpHxAk2js7uVq6saEyPEYTdCKnvIBEtE3IK16uSeLBeZLca5 y0BI_1joODZnAJGb5g.QYMRF3SiSsQ_uxXOO8ZvG22vh5B354VJC.ycyb3KUoYdyA67sQrw80Ym. 8QI2zHOGP87TaZUkOi8hXlQ2cfvV1m1NImxTs4silEnM9uH8eIavQZU8AV_Dh.6GjOVSV2CTJ3fE PElpQsjp4KhOZyfNcI7ywW1f_LPjSIx4KcJiBxrglIyxQBkdxvEA34HLi5ls2ftVtM0LMBmfgV.K 5Qi79FeE5Yjs.rEeS.kOSyGMVz1CXBzOsE8gh5Kv9LdSPqna90DgP4u2tqtJVoi8mJ6UBACLH0X4 e8ARht0w9i3Xo9JtAQnvkpkpZ7faRM4gkS714uYXhOcph8I7gNe2Tw2P1zl12aPlL42pTE1iSUEX m15COFGqV7JTaBk9kh_3nIgj5MErrvSmaPzRGyw3dsnurlJ9r21O_yG1C3qXZbOoeMciZd4H4foe 6JUrHZJ5tk6Udz9ieHI0SLmL4VK0R2Zps6Q8AOoFEmOK.rXShrO9T.zVp5Wf4pZHrvJiN4kNvqL5 gYz53lGLwgl3j14XHSV0d3WmtpV8P9Jw4cyIDqyZKicFqEV_AD0B.eVpjsi.kVWqMqBEq864GGvC Fj73ptuoBx2JwLmK2rmKINtGSsg107YZwpvg_yI10VzqwNzfsw1e2GSiRQp6RqZB1RoaDLLCPQR_ 5YhZkS4y.bE73VMlgQVH3yLUvpKfFXt6Mrr4ZEiym_L3dmoM2INwFTyo.tPN0ddw41xWs0COXip0 PF7wHhjFu3r3j9oR3X_Ox9DE7sAySPZ7GAA6zE3U8WBypjCcsnLOUUcgy3ezBlxHFVl1T12xgspQ iE60tQNBwAQCSZqi9Cyi_xvnrMSceufBXzU_tQzFuVgWtdRFw3yEugE_hOFPfSf2.DM6Z1N5ZIgp NB1uAawWQEhbnSTQWuBqvYyberh49yJh_8Yo7sqzQ2rMGybjfS5RYPconlI.1.ndi6cenMSkNFY3 mono- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:08:59 +0000 Received: by hermes--production-bf1-7f5f59bd5b-fj9wt (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 05fbaa230dcbeea0318fe174d0a2d20b; Tue, 28 Jun 2022 01:08:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v37 19/33] LSM: security_secid_to_secctx in netlink netfilter Date: Mon, 27 Jun 2022 17:55:57 -0700 Message-Id: <20220628005611.13106-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 35c3cde6bacd..f60a0b6240ff 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -397,12 +393,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; ktime_t tstamp; size = nlmsg_total_size(sizeof(struct nfgenmsg)) @@ -473,9 +467,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -610,7 +604,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -638,10 +633,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -649,10 +642,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Tue Jun 28 00:55:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897467 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4552ECCA480 for ; Tue, 28 Jun 2022 01:09:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242935AbiF1BJH (ORCPT ); Mon, 27 Jun 2022 21:09:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241654AbiF1BJE (ORCPT ); Mon, 27 Jun 2022 21:09:04 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F23F52229B for ; Mon, 27 Jun 2022 18:09:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378542; bh=D1JsPsnCVN0+jqrYq4LFS3OvZjCufzqNfNeCL92tKX8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=WriS1hX9aPFkg7+2hLWZC0zYRNl+FZabHbW89LdJl3qGKK8B3HIe+EBiRhW0yyq3tNdVQHWVH+1kJk/L9ReLge52mWKpLYxBzTeprfaWisjLp1SY5zSXs2isMSWYXXRfJq7Hi7U8VPKJscUBjEC6Llryl2GI1eGZHSux2TFkZqZVqJWVyGoLbH667g8MpxmKP1C0kprnC1o2SnsmeQROgMPlYjfK0Lckr0lfUM+Ppy6ME+OKUWqm92TVOvkd0TGefhsy1rAP+1UEnZergbVw/CyULY5svyFKMVhns+815s9u8GA5bNS4Z0mWv07l//8hn9mggg1jkfgGXswCTl+2Iw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378542; bh=tbOjgeAv4/DLNTiLg+E/EKrNcLq6lLIP/YSlvzCg3+N=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GyrIcxJ5VY+n7D33gA4Gv9FJVwXROpqGqvLCz34zJAiPn6g9DJLTLZKH/+uev6tAaVBZ85Jl2THgbKYJCsJQXCelYnCDWrku/z7/56SUnoOjG4zsh7H/2wZm2HdzxOZzT7K0TQHEqz9VBdS+fKGMKRCupv5I4p2x5I0zv/Jg+1vNxfKHGDe4ZOQWbtwgJ95ZigFKqg9k5Fx2vG/tmMz9S2jGnXixJYBS9IYXxNM5FpyAV1Yjcfn/QXYO6g1J3DK3HtIkgMioO0j+z4Rh6nRcTVj3g0TuayU/znejP42N1I9/iEiPbiIF0aWOtqY0bvV3/GTeTDEEZ31fs5zish0yUw== X-YMail-OSG: Uo0AqoIVM1mA6f015e5WJkK4ZGIfCskhQpQtmW6yQ9NQSRtGW3OnGjYBEwDT4iL r5xbMKuoNBhZ0ihRrvGvXyHIdQBV75iYzJvcpeZsm.zepjw_bw.UwwEZI58rReNGAAdTT7GpWo45 v4x8YgSBp5pV12hftXOFvlTgr9jJQFhy2S2v.hHa7KZzymQRidFJItqFpLCmq_zFZt.._zkOy1rc Mr7g5ANatpyNemrYmKEyUI7S0XcbYCQnYE_Ed4pzu31HKeoFKxrMH1MW_Qga7uFOfS2xGJBhTN4K bgtRENOZhgn8W_OcqhRrv9S57ZQgrOBNQofrQKUpd6EM.xZYXn3YdcKzvQHy3Vv2n4ga638hLzB6 xNqienqYagS6e0W.em5MLwgUyFMpwiZLiSdl.4XooX6QMrAN5Dj9v2xpH2RxWSk.s7BGnux9rLKS nFAZjZaG3hLOaHlaBIB_cqRMVS64E70CK3ddS._BVj3mJlboksQoLSwyiut9c2Oq5yNqbilgTXdk 5wX68eZQUJ87NvlcHtD0vrhDgDQzII_DQHwKXRE.6QyjM_Cn6vaz6RhMiqs1rYJAEC8TV1iQZL3. WgpPO57iBr8eHZXXy8S.XWBXw6f_M6ewDMtXg2lczCAioIBnBnl_Nz1sgE8UKLKiInRMm4f3ADzZ t2NjteqwaYpHnXcjaDA9dBPr_cUiptwL7uX6lgiFRgHZDU1hI5PC5DYW62PZE2c4QYYRljh9AouG a6CxoXyn8nl4aiTFeUfShSddFwCAfg9Hr5DNdjRIHFpJt6lcnIMomUjt1TfKlNxltsD7yek8V.wX ZIfXwLCoG97wVzhEQmQZYCKUYmcjwADeSa6yVIPRR1APpTKK_8rt778WU0US7YH3QXfYQsTTMU7g EfHH8fkID9ZDlPoP5z1GPKimk.JEiHnhgpKAeIelsvgfkBNdyKhx78F38hRxXYnJmsbGv2GBSqwK OZ1S3siymcNZrO5O44E9isXeAlNaE0QRylS5TYCwPpvrrqsExzn5F8ZI6XpOZ9HZVTxPw.nxBCDX hID0Juw5rUUJlidvBjOfP2aB8XiiNebZsi1KEO16WXWsDDfQbGOKt6nguQNvkyj8P71xd8uAJqJ6 Psn2bdrIq_Y4LaVAQ5OFtNeipdpwIMT0KABbwc35YnrLu6glszHTkXlkRNIIWwSp0U11.CVpPUUY 8FFntk18RQhlylbU_GJw6A.upVOUrH4nwHU539eov.pi7FVxpFnGlAcLp1MUOiybsMUazLvAJHq7 HztbO.zcAFtFYWamZVUw28fuxfAF5siGuEf7fgBvgNN3eTq5nPcwy32z2qVeVkiGnVlp4Pks89Rx FgC9b2DcIvNO6OUJLFzWElgT_Hv0PG634AILLt01cYbpFDW2_o7YwuDk7gAOdRgDA3NfYZ7aJXoS AKCEe8Ypy6Wn8HVuVj6K6_.rS_IsCClWe7sbi1W.pUILyOVSGjspNGxpddBosiTCBMjuQRHz7dPf VVrFusiHBB4roRmOi3e.BJFRDPk0LHnqv.UmFjh43E1Z7dFH0GRcl9klk2CgtJnmoZhvyI2pUHVN _dstJy_9d3IqPfhrrciGfrzWlEtZNShg4bU7Os1izEhabXGvJBDdYCAkrOE1JMAf3mzQo1oND5Gv c__QuiDWRD8rajxGTA7hkkzk9tIq.aht32I91Z4f_dCx3kxn5ZqtlqKHVl9BYiHZqpcRXn9BIoxJ r2LgD4W2U.vq2FSfLFm5Eb6ow_rs4xzonKMCgQh7XZKIWUy_Qkm_OFASl9ZLkhj0lO.FONDUdftR H4Wfs9fHqPHX_mMDNdA0zemwjzsLVmu289vzU9FrX9DaNuZ36pll.fwZ9kTRP4uWgaXymvHQ4wAK AO9dloOKLkah9XUOunUZLfaGtkvtp44X9k2sdq7QRxHIjyGm5oieaeE82avKlrEPUsILc5Y5zDC6 QEUjghh.ZlXYD76GVaoOBwwjd6kAfyE_CBTPs8.0IYk.ndDtgT3aTx68JsDVoZ0PfgcMwsYsE6LC sZz2X6rEVKyHMvKXenNHaT_LSzgeZmu3kFR8wkk5pquI.FoKZ35qlNr8etER0ZQBRrhZBbyFu06E dRDZnRv5jy9NM6KaIA5rBJsoai0rKdEiqr0wOyz3rOgFcbqm6lP43yip98ooItEzluITSgrnnqJ2 _HTaQeRGhF.XlCqBFDkcDVP.ykBhuhMUPQ7Q_eBJFzwWEGxq8HmFj0JOL0zJZPs1u6aWwBWlaW.c Ek_LB.yXJSB9o_BiqjPHtdTwOUgwUbw9h4cra96e1x.autKNOKxUUQvkLjOIr0wyUV2wJwL_4139 202K6ROB9D6DP5bqwlCJVNz47.WTa_ZmA_Og_5Q-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:09:02 +0000 Received: by hermes--production-bf1-7f5f59bd5b-fj9wt (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 05fbaa230dcbeea0318fe174d0a2d20b; Tue, 28 Jun 2022 01:08:56 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v37 20/33] NET: Store LSM netlabel data in a lsmblob Date: Mon, 27 Jun 2022 17:55:58 -0700 Message-Id: <20220628005611.13106-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 62d5f99760aa..bb9c900da6b0 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1460,7 +1462,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1480,7 +1486,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 54c083003947..14ebe0424811 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 12e5d508bd08..910a03f15b0d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -496,13 +490,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -543,7 +532,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -561,13 +549,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -921,14 +904,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -975,11 +952,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1091,8 +1065,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1130,7 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1144,14 +1117,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1510,7 +1479,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1523,7 +1492,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 332214d17268..aaf602d7daaf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6999,7 +6999,7 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 393aff41d3ef..cfd6c1075b16 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -75,6 +75,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 800ab4b4239e..0b8f99703462 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -109,7 +109,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 69b2734311a6..b4a0570b48bb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3896,7 +3896,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3974,7 +3974,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index ef9d0b7b1954..ac79313ea95d 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled __initdata; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index d2186e2757be..c6dcafe18912 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -524,7 +524,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 552c4d4d8fac..2190c03ae3d0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3728,11 +3728,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4751,7 +4752,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 4b58526450d4..314336463111 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1144,6 +1144,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1274,10 +1275,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Tue Jun 28 00:55:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897469 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5ED65CCA47B for ; Tue, 28 Jun 2022 01:10:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241727AbiF1BKj (ORCPT ); Mon, 27 Jun 2022 21:10:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37638 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241375AbiF1BKh (ORCPT ); Mon, 27 Jun 2022 21:10:37 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B8A122BDC for ; Mon, 27 Jun 2022 18:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378634; bh=d2AZFBkxP9+t+hI8o1br7sFS1euNhHyUWMYU7J/f0uI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=U8Xg/bdHp7SZgXnt8iiNX/e+8Yt/0XUO0uZSS7vKUeSTW65BsJhCQgxf9lOKtwEreJ4zMVlncm2q1Cwl8j5otvLWFiO7akAoecXhLN81TNw83ppamJ/6q1IiGxPaHWN73mjoGbsCzdywU+yg2f/mZJuj/wdHp+msnjUID5HC2TBqmenG11IECwofQGOedPawH/OtrNn4akCwmhMHe3kbrHcr+o5IRShWOCWhIjx3WhlGkNn89yJk4EvgOlVR9PZcQdyuLRJjsb0WtGhUhSJuBeSfyLWdhDwnD1/6WUl0hkFH/GVxz9pXRiU1JZwjaeJoaXYplVVM8qgobreg+Sb6Jg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378634; bh=7mR1+yjsZfiJOWVu7teps0jEx5GlJML0R8ndmJQmrk5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TQ8KDe4G0q1UyHhfHr79ILds9y9JUGSsJDWilqudG6VSDDRdVBbF0fS7954FwONvK7npDcRvgQMnnq10NrItj/7+i/sIBLaCjPJv2vsIm4ehTUEYLnm66JECI1T/OETlM0VLxFXdafsPTPHRo4SW35UGeySBiXoIHSiNv1bE3Eqa3tOITxyn5ALKu83reG16adqPRUe0jbwhRInj1tnp9ju/GE8lRSfYzhr2SC44tJ9Zl7s3lk6b6F/8UTQhDp+IY2DwV9aTYV84nuYu3jSYo7atrf1J7a1LxXhFlyWayP+PGNPkmU+JZ4y0GcCjEOKM/JKSY2uzRHBU8zBUcgWMAA== X-YMail-OSG: PWJKTvQVM1m0LaNnzeyV5SiZKnQe6p5ZH_o3JvdCR.UyeC5BxTqSQA6sFjav.jV TrLHy8uetLOAp5tVAwRgb.nX7RYxFKIUyAPagY1oF.EJMVRDEafesrpWVG5Mnz1FEym9DmujE68o 24HNxzxZBiQrCvdniwV9kc2Yypx2.WvwgYWqC_MmMXmMgoVLahHnYi616ezmdwDDt771AzTnk2eo IR6fRFSC1DA3wD9gWJYsWo_R02Yi5p1CmAWRyqTE5Cjynit1k8LQtn6_Tk4gKe0B_34LuoFWoJQ8 kiwR36bGk8I_KVCCiYeZt.4z0wInXRj67XvHHQ5TOcYG0jOJp2NjCAi0cS3j5p7D0pjFz7Zj57qS rzPtKy469MU_GMXN4VAhvt3PmiQHcg61g4rwZ5cN9S_3L8KK.vjBHvJmrIYwe5yFfAOTrS.Xr3TM IYQxzjh2qm6ZKX53zKagu4tZ2_xSvRBKPAAqAL_sPJgm4V.33ctHeBTjEg0Xm1E8.J2ilm5UoBYF ka1xhOnB0VSKXQCj3cxuecfQjJDtZe4qrXJQzxG_Tk9BmMiVOgxbm_3pU4tyULHO4ApEAEuNcLA8 eVDvpn1YnKrCMe6lCxPuMabgUOAUvblnF99veSpDzWkuN3PI_hiEtOXOmnJEcFpjfLVQrj7uVgOG Y2Jck6g7E5gUNqmIkzMNsLmnII2E9OnNhLNDwRo.dQ8PZdtlnbZoYskfPFUST8wucWjLZZw6B_1M Wa1nE3rh1DzHUpizodATnxqV94b1TZz01z2RZWV9q2AliCMFG9l2hsm458y17w_6MDjx2TZu_tQc 0kqohy1quon76XW4BEippfBEm_JIAp8gFZMu84T58MV0xBeaC1Dn2N.5n4kOcLAsb9uVgKpdfzM4 fswyviPDrtlBuRjiO1j_RO75h3BuJWc7PvpWCsoAQRg2HD.jfYOZzZOmwJjrr6BFxo4bZmiNkxKK 9z6JGI3C0o8tFbXj7i7qYDZwwaP0QJMP5Y51TmQ4fpohXQNJpg_F66yYIIJGbVCh1c0bTkwsam5o olfcqCwBmTtCHz5k3t0EcBgJ9UAztirVwXiO_EM.oNhW9cHLk_1pTOjlJEn0N5ZbuhLRe7Ngm810 PfR_TjAQhnfMKp7NyulcdpN5j4hMhGE0e3VqETwh0XjsoUo_1KxzNo5tZvycn5nwKESYVKO.qCna 3HOhitMLlI3PM6GB1MopKjVUjpvLORS7l_iHKLZ1zNXOxjhASd8AlcyZsavDshJypra6V7iwTl0I fto.Q_YI7IhZi6sr.bsFrm9WUKvIVmAIgZf9aQZ_jgas4CuTttwLhEl9Yk5Izg6KYgg8PnPnCcmt 8IRukGrxWrnkdvCcijPGWjmELdA3kZqvNClIjXsV5OOkhiER7.9ruh5x7aXVt.QG6Z0GHWRpm5hV OCqWJJ4ESF._.UKHH2T4X56QG5jevKrOV_a2xrwF_NnrTorcJ45N21OgtO1cbblk.EqQJwHw3qM1 HDNs0hsg.wQ00NSFgarAs_RnKhwIob5MwGHR2jwqV8Qj0YOpZUkR8hDriWLunKoa1l_tZfAP6VXd 3Jy1XMsIKYA0TWvULApi5N5e.431FQV1NK74QzHNvao2F.UGJoSlR10UP.LL1XjxfZ_10OzbIhdq FOKgCWOdmvn7MZWYlkYTpqTiMxig2qMbYR2u8xdYbt1SuKrg8tEXhT7p1nmfZwsRQ6vFg6S7oyjw 7PUucnWEnu52FNopY3uAGstu7aC3zEDXp7S4bB0UfuWVei1_kdpnXvhQB1RqtTmuugX7aEiD.xDw kmvRnJ_FRcrvgs3lykt5mmUlh56jgiml3f5p8PmI1fujo8laP0q6vsLlPmjI.cvmqe6PBarz7JBh TNfA2WnK5abn889WBEgj4APcw0EelCyi2rL6iozx3vLW.jWEGc3HTe.cE6asIivEwk1o.1QxMIjZ LXtWEcHNk.ZDG1qfd8zYMmNX8af1XM5XBlg0_IUxOA2Og_ZxE0In7HfN.Ooz7nIdtkNUj.DQmteg q3FIL4d9sFhbBXGCOBOl7UjQuvdL46Z6Xq9NO7mH.jnolOFlbDh0FzN.iS2KwhIuBoQExl42stEY jhJeOd2XCs8QxarZepemrkYplyXBSy4J7x_NPxyhsp3.0_Mq4V5DF0_qTuCLedByNTmjfom0Y1GQ 92sbzdelCasWG5svhaljNrThQUXMHRlhJslG_eRE2sU1MOHcENdM8tlvMljkSmRhHzLyhYYC6rOU mAQmi05S8hSLv7RxAtxgOs5QIgpU8eqgQ1kxPrvvz_2Ol01_s.VCHtxe8Kid0B9tegjtSoSQJXiQ mmxp2KWd_qFtLBlXUPpX7wnAGBiYGs9Jdd0E41BHdAaaS X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:10:34 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e584f9a769c6d1ee8a468863bbdfebe6; Tue, 28 Jun 2022 01:10:30 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 21/33] binder: Pass LSM identifier for confirmation Date: Mon, 27 Jun 2022 17:55:59 -0700 Message-Id: <20220628005611.13106-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Send an identifier for the security module interface_lsm along with the security context. This allows the receiver to verify that the receiver and the sender agree on which security module's context is being used. If they don't agree the message is rejected. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 21 +++++++++++++++++++++ drivers/android/binder_internal.h | 1 + 2 files changed, 22 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 8ae1a624cd37..f2a0faf6d9c6 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3107,6 +3107,7 @@ static void binder_transaction(struct binder_proc *proc, ALIGN(extra_buffers_size, sizeof(void *)) - ALIGN(lsmctx.len, sizeof(u64)); + t->security_interface = lsm_task_ilsm(current); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, @@ -4552,6 +4553,26 @@ static int binder_thread_read(struct binder_proc *proc, tr.secctx = t->security_ctx; if (t->security_ctx) { + int to_ilsm = lsm_task_ilsm(current); + int from_ilsm = t->security_interface; + + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + /* + * The sender provided a security context from + * a different security module than the one this + * process wants to report if these don't match. + */ + if (from_ilsm != to_ilsm) { + if (t_from) + binder_thread_dec_tmpref(t_from); + + binder_cleanup_transaction(t, "security context mismatch", + BR_FAILED_REPLY); + return -EINVAL; + } cmd = BR_TRANSACTION_SEC_CTX; trsize = sizeof(tr); } diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 8dc0bccf8513..7233bfdb72db 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -550,6 +550,7 @@ struct binder_transaction { long saved_priority; kuid_t sender_euid; struct list_head fd_fixups; + int security_interface; binder_uintptr_t security_ctx; /** * @lock: protects @from, @to_proc, and @to_thread From patchwork Tue Jun 28 00:56:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897468 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EB34C43334 for ; Tue, 28 Jun 2022 01:10:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241607AbiF1BKi (ORCPT ); Mon, 27 Jun 2022 21:10:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241406AbiF1BKh (ORCPT ); Mon, 27 Jun 2022 21:10:37 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44BCF22539 for ; Mon, 27 Jun 2022 18:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378634; bh=cINYRIEm7On8a/CVsfa2sypfglBPAmRHsjL+mt7OzHw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=QTYyxbOice5Q9QrLwoX//ofHsE9ql+8UyM40QV8eSJgCxn91TNzcL3fARgT24W+HEZHkTj0rVoDG/DgJcnhePhhZT8oh9ilw2MF1nKXfp4I/BRtPv8TRp7mijMJSj0mcKbcG+97HvLuBCGwvbIdtmrpPynjtXqiPM7F575o+wK1rB62teetYBtdZWF7+Jm38Dkk9OP2SCVJjHyWay7OWivxGNUwn8jWC0+ypju06k9QXSmPAM280jBMyLDaD3kjb67KzUM06qFMfWx/kogC6WctlGYKPhv0cXZw1+RhRICD5ZpHQTF9Q4jDjG+YwJzdWiJjdt8wV4g+J0IlJIx9zrw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378634; bh=XW5arIOQpcEVsR6FPsPxLYNFd1bwug/EMIEBUP6CWDD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Bcs9rk9jwFpb8Nd7lmiugrX3cF6XbspH3oqfmC/z125bP3tQ67TMuWn+Btmv28HbH43I1gzWWupfQ1sUHaevUqw5RNNOtCvJ5slS+lNcndXFsgkTT+wK542h9Pa3l72apGPrAbdJyxmMCYqM6u6ZBT5mLvWSDGHoYM5cB7Oaz7QsID3whlbsTKmmQeb6a2HA3wq//fPWwIkSEkqdvW9IwAFF/JfcFo4YDCskW6RtkhjYT4QzPINLdeLTVcZllKh3Nq3Zc4RhI+ZprV6yTgR9y6teRC0H1vb66GXxAMCzPnz8A5W1j/YXuGw6fF/MlHQI5VnLGGKesqlei52UQc79WQ== X-YMail-OSG: cHQImXQVM1kbQ5.tLs87ZO2O_NJMWfEj7LI.CJbJzcya9xwIcXaq8OdM8ho9aqX i1Ljq7Th7FMSWhEccALz1KkSVJ_UvfJ6UWMlz5OOHsCKECj7owx7KmnOV3qjBuuqC9AegC9Gk3wr j.0Q82XgX07.2_q7ji1.trTB6brkWUcAC0p2cat5LWn7s2d5.8Id_HTRSFSbJCS7PGzue6GR7vcb D_AKvPp72znzkPNwIQ.pW4Nmn6dGbOp1zuPyiGmhJewwyQRhmK3W_93R_yytUBdCzcOavR9ZIVSB AmkBXIbsFrWDX1ahIDd09_iynHEhYOheChGcd4I.cY48jkJeG.MSTgUqBTl2I4t7_wCinm2u1Wux 5p2PiYJ6syYmnrtqsy2FYMJehSgJFzr3kXaP3gADCiCB5rnyHvKolkaC3WJtrC7dN3QmS9sWoi_E ibklKOBEZ.x9sz6z4V5BjhIC4EdfcAzPbe1wI7vudkfAWyQPEuBec0dvU.Y25uonQU2jT96uz9nK 7tm4BO6jAlflDC1s5DLl9gJIQJckJrlvvM_Lm7KPBVypk1.PjUmzKI_hALjZ9dv3KsBjBvwRns8N C7KBmcuQFOX4tt7GGdEXsI8DbLdurFWq0mnWvr.JS3xhQLhXpgN5IEOVsAmyfeOz8I.gDgpF.nMp ETBKeSswKd4APJ0rWFv4Sg.fWGLmxx0QPmqWDq8TvXYmqB9AMVgxF8bek6OnO8UTSo1FuA1f8MrN o1wgO..krchXC8JgqcFRv4YXOuvyp0sSGZ6aqBG4wkEp0BHt.lpNN5y7.tiVANyrUoAQsiiNQRX_ Ul6QXsVaNYWsm59CJ7kxiJszQt7phHzkiDp9OtM1y8ZGxrE.IZzZqAXw.Mdt917ziDmo68qwT4Y3 3u65ari81a90wfhgCiFjZk2leKljA2S.g_9fq44JlZDMWADjlorc5SGP937wfdeaHxX5KANLII82 xoJeHCzSecODCRfD.rN_KztiGYy_T3bhATypd35sBLesEnSbkgkxTFCfqo6dhx6DzZIEjr0d2ylP h72eqT2wL3MGiqC.O1P3fV0eJYPEcB.8h0O3cUcKSXIh0n_8_Dh1MmthOMSB13q22XVHLHotGNSk kLMxtXYDben.bmCQleLMzAdZ0ddgWK9xrFBdZIH42oPf0sYGCszdafFpCDlmmpHoEPKvKJQvmAAm xCcDD.3r8wdG4Ex5IXbwKHLQokFqytJ6wBSJcCXjxIcZIB3aqaOG7R5FtWzBaeerW_phGoyOclYZ LPH4szmG30Dr5tP87zKdhnEyjvmW3va0yaeDrBUWaRqYTRJoPqR3OU1q8e9e5GWLe1WnGvL.tsW_ TQNS4jy1PXf5SGK.Np1VhhZk0Jh1PUg_FBz8sTq3J5jym.NhA0FKv6ZjHZC3SXIMhR9nWFYOicUh qvki1K6zi1Cuip.6MceJ3ROgUk2oICDMcNUAATzy_TT9zqPKs85tkK86bI_z2ZnHbQUuvfeCXSb. XwrX7Xmwmj4.fAgd22T.hjQ22jU_wJgPyD76oaDmGj_gf_OTrgoZqW20UVKlnouZ8zM1FECvgj.I hWmJX2YTOBZVVPIUDAJxJV0H07BhMhtQYEEbHx18Dt0aFs6zc5Y3__rOPYDqZO7H8tDL2yUXkeRV t.LRuS8uZPEJF9B9k.5p.7NHrR_mEjTM4e36eqX6rVNZKGlmrj.oMj5iCHD7Ibn.4D7obXfSbYE1 ftC_CkhSjhA2Dp6k7EVfiP21oI9_339yhxgvCAcPpsKE.MHZdXIFzLiYpIXfNrJ5zEJ6McTO2oZF QCBVr6F6a.A48pM8HN82KGZX1Z5GDcvN_1O8uq2GDFUwXMHdM.j0d9l2iz344hRh_ZWfYuKIh9K8 65i9b0QaYanqJPqMYBOQ90.p_ASQdWC7Y_aYUXsmFk4A5_HKzWvbNr7D0KfkKi.yeVBZogLuDaXS _p4t7Gpo0N9PCg1aI58JdGS4N2PG5Ol7TYIEtLQQkXESPkay5Yif59ihSHqh_jpIsPubQkNxq_qt s28bIcldeY9618KREoAvrjVzG7D9w31TD7nO_oayoZX1Vf9_CTHZ8UDzEzwH0ELliHmofYWyW9SY grvcdfh1_iTvLNzz2BpMfc5X6cRaPPqBNyaqgYqHwVJcUWWtWlPiBWvkKFaVzyWqj2qwEa69AEWn v2fDp0VdS2GYee__UFYx.sQyo2tf26zTwP07B2IYI63k9d04eJt9G9V4Wgq8OqJcUvtpIMho5_T_ ymjsYO9oQdlKVFSqo6S3LkSPkn8CESODJaBIYYfSLK3FfNHJpf2YZaQQZBaj0iJazgqo- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:10:34 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e584f9a769c6d1ee8a468863bbdfebe6; Tue, 28 Jun 2022 01:10:31 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 22/33] LSM: security_secid_to_secctx module selection Date: Mon, 27 Jun 2022 17:56:00 -0700 Message-Id: <20220628005611.13106-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a parameter to security_secid_to_secctx() to identify which of the security modules that may be active should provide the security context. If the parameter is greater than or equal to zero, the security module associated with that LSM "slot" is used. If the value is LSMBLOB_DISPLAY the "interface lsm" is used. If the value is LSMBLOB_FIRST the first security module providing a hook is used. The integrity IMA subsystem has chosen to always use the LSMBLOB_FIRST behavior, regardless of the lsm_display values. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 2 +- include/linux/security.h | 7 +++++-- include/net/scm.h | 2 +- kernel/audit.c | 4 ++-- kernel/auditsc.c | 7 ++++--- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 ++-- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_unlabeled.c | 11 +++++++---- net/netlabel/netlabel_user.c | 2 +- security/security.c | 20 ++++++++++++++++++-- 12 files changed, 44 insertions(+), 21 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f2a0faf6d9c6..06c9263108a8 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3057,7 +3057,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { binder_txn_error("%d:%d failed to get security context\n", thread->pid, proc->pid); diff --git a/include/linux/security.h b/include/linux/security.h index a4d08b47cbc3..5ebc3ec6948c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -186,6 +186,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "interface_lsm" slot */ +#define LSMBLOB_FIRST -5 /* Use the first slot */ /** * lsmblob_init - initialize a lsmblob structure @@ -628,7 +630,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1482,7 +1485,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int ilsm) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/kernel/audit.c b/kernel/audit.c index 6500d97ce9ad..99439dcc75fc 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1464,7 +1464,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -2176,7 +2176,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 25a6c2a5b4b3..318529b1f930 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1132,7 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1425,7 +1425,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1593,7 +1594,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ad5be7707bca..9b5c44dec1e9 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 8bd6ce5f9e93..14d0d4f705eb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -353,7 +353,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -663,7 +663,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) int len; struct lsmblob blob; - len = security_secid_to_secctx(&blob, NULL); + len = security_secid_to_secctx(&blob, NULL, LSMBLOB_DISPLAY); if (len <= 0) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 5003acf79794..8921e269c381 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -180,7 +180,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index f60a0b6240ff..844955b2e163 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 910a03f15b0d..8deee7e176a9 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,7 +437,8 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -550,7 +552,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1120,7 +1123,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..1941877fd16f 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 96a89fd5802b..a9a56be58e73 100644 --- a/security/security.c +++ b/security/security.c @@ -2353,20 +2353,36 @@ EXPORT_SYMBOL(security_ismaclabel); * security_secid_to_secctx - convert secid to secctx * @blob: set of secids * @cp: lsm context into which result is put + * @ilsm: which security module to report * * Translate secid information into a secctx string. * Return a negative value on error. * If cp is NULL return the length of the string. * Otherwise, return 0. */ -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); if (cp) memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; From patchwork Tue Jun 28 00:56:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897470 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC0AEC43334 for ; Tue, 28 Jun 2022 01:10:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241752AbiF1BKj (ORCPT ); Mon, 27 Jun 2022 21:10:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241636AbiF1BKi (ORCPT ); Mon, 27 Jun 2022 21:10:38 -0400 Received: from sonic316-27.consmr.mail.ne1.yahoo.com (sonic316-27.consmr.mail.ne1.yahoo.com [66.163.187.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E44B237D4 for ; Mon, 27 Jun 2022 18:10:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378636; bh=BPhMUhQdQqXWBnr2/wS0HlsrVSNQU5rfnCK53B9aoW8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=byNoP1G/cvobMsrA33k/OMed/JUoo9muJuUJRjKws0H1EF1zVzaVjaDEQnrugZUPFLP9hmcGekVCcfr2cs7d6aBCHVhTNkoK7RQUnkd2zEsUTfnCmU9rl8R3wc9+njh/VJPW9i2SnL2ZQddqYFWqhwFhuhMZb5hWlDt8IkKooZdgc0Zfl3pA57V6sODOZdX7C5JGLLhIvt9/Z8turl314/7lrYL1gjKG5/to1AwypheVSQXRJAUz4rVEMR0obj9TfiXlm3VKrsHJwqLD5/mRU1cB0iiJj9Aa1bsf7npiZWdSpeObjModU3t1cVf54WlqIKAw5hyB9XD1K0NAOHl+ew== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378636; bh=uEFw0lf7JDnug4vhMYc7Kph0lryGz6Bk0Vc/VsEc6+Y=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=qERoDO1BJ/QQCck4gGee/t+Y2Np1lv3wzfW65uI1QTSFo+OVUgD+nn8zio24X1hVEX7eZo/EAtqcRFlFudRlPR7/mHmYB4LiirHGkktPRiahhQ39woXN82U0QrieAB1Snkgc6ZtEuSIYawGQhevMjtMCKoiHAdaMWd9uGPyQGNG3wpNN14LMGgA/YKtoE39w2+FR9mJq2EpTWBMHetZdi1S/YXPudAvFAD6A0+IYZSA9QebiKP8QOUMzIYItX76Rv5FOBMN/zsZ7j1EOKq6A+MfiHH7Ubz0uqKCf7VfnEyaEugWpUyqp/1WcvH+KtvNy4SByNfLONSvpbMKlBEmadg== X-YMail-OSG: DxY_U5AVM1kExmWdyB1hqH9IgrYG50hP5Psn5DEBurKVDtB2U4uhNuDEuXNFwjW ymAJBGtmpFW0c3Au.c_IuP01C0rpghYpZk4QvHW1vlVLkFNpjK.cHvaXOKNqs55O9XOgOX3mP5_K Ks60SfekHDsj5Hl1hC6rp4oWefw0f1CjKF0fPK6BpGjkq_Kgxs7SKdAV25zWmvWdcnf2FAmD2Rxy 9yBH81XP3ltOiN5jWWjNEQM04EVXE1p7R1tzO2gOTjPUahMZvGvY7fnTzG0aj3i.RQIv4sM7L7eY 8O1X9Jhs7e26BFZXAQ7dKvcHxuPYAq32Spb7Nrqry2OB8oHWDheP_MGiPfcc05SpVURFTjYFoqso _.TM9n8nfIHEmSlnKmMsOzJk1DjqDd6O1cwxpe7Z3xjm59aHdndEWMDQObiH.Vad_HPj8JzSSVs1 jMv68sKUqlKF9_AHghQWWCu6JFbk01mCOlf2739A7N9bdW8DCL3DEUi7jXzxtzwCve_SYYvH8y3r dXLwDxxI.RugiTL_3rEfaxPT3uHlhsCl8s2i4WZ31TGG6a.IUz8XfkkEEx0Cx7osU_Atmvwkf4tt sgDPPlgHHVyxyA0PiCoe5HGp.Qke9uY.I0SyysueSiWtGMNVRzlkGJHaJJ26Z9hz5dNZJ6UNZmso wpI_Ml_M2bWzfPwd5FNa_tZ0M6FVlXUfYS9aOUpgijoeXgRs8orfhv5Z8g539VU4nbJHtPX.u6z4 R6tgMhHbUDBhupvDIyK1s7lvxnbgfugTHRDEJMqtBQKHeT9rY0cbarDxOBK53nLJ6ybRb4ER1IlD bbSAxm8EEUpC6ZPpDLmWgx2lrpU8EM4V0AITYbP59PIExuUGs3ync6xH4H0h7ANoqVNhQrRNrphG 1xWk2ZZxNScNOQCG1FHA9tP_8yG4OLgGA.TC9rgQ7pdgGw5Cj2umqhutXQTcgJfuwPmfvPqalbNq TbNDr5mw9iDYnzB6JQcYcptwvRElyy1vo0EGgsOpyQxGsDTQlmNs5b6jjm4Y0v0qDY1rPaDxsSmc HdcPJd_RH.JIGUBlAPKX7.dXIvDKQo5mg8BaVkqqpFmWPq8A0nfzqG989SJGDnrJkoL_GrHo36gT ugH5._ebiACysHa028tfzsMBlfwz26IpEBUtaybJ6iTaL8PCGiyXIaGFJ5uH2yQJp8EgrhKle8CG 1GEYK8JXYzJiJ_ZKsHB4RrPLLZN0wcto9eLBeC9iyrEKggAqR3mKMXOuBKkQJ32giwSnFQzIZttg T3hv2r8ZHQZPrTDtY4dHqIku9pWaCGRuEBjemf5oZ9x9aL4AbEe2n4J.D6SZshj4_Q5fhB4b18bt dANFoYdimhKlRm_GwRAFfUvBa1lPLgFbir_8Tb06a0FiQZvOo8a3pXxYb9nqmUn9KnE1xveXTadi e0QFxXpeJHcTHAVEO3IUx5PZ9sPmMlQYlryhK.nUrWTGZuaFcPtFmAt0NSelNXNS8zBPHdIPm6jn bqag2AZVRP79MKNcA7vMQ._buIZ6N22ShOyrw2WH76u4CT9tKW_f0UIbFpzbXNDmHE1D3mC0TxXD SPjMqaXe6BBZAdwbdoV9QZ31WcVlmZZeNWgkil.BLLK745xZ514ExLTAL00D8o7GgMQ71M.vpDTl ghhgq7s85qpwpr8OdfcVDY37rLPL7idfNCI1aeZMmd25EMkhAfdHHeTC4o6wAlLWwaU2UHGp3ldf oTxHc3vvO8jK3E1dXcygcBtTDh8HS83wO4TKQmB1yT_URymI6iCrWXJVjtCXh7GwLlXSo8hGXZyk 0xZA90T6Dg.K_0nCCIvnkSZJzsR.mMsABfqXi5RbbvCUqpI.GLfYt54B62hkJSpJLVCP6gAsTEr4 gzarlQU6ng_uy0m__RiQJqswA3hWqRkiPx5S7ojQM6IKiNvpy88m1qu5H9i20GISDBOz2uNzE.m2 XfettuRkiDz41vAa0.lBZqSG4TD4IQEwjuDLVQW8AwHhkNXo3GT6kRIobdom0TNynfHGjvgv.6U4 rztDMSQhzhPdGQgoK7aZ93ddSbfEDlN_V.nPSoSzkQSxKAo2.dKhxh4GIA6xgywjF0atoST4SZOZ y16cUSA4HPeDrXvNJ4IAWVlznslVZCuj.QvTHnyvo25E43JS9Kahy41os0ayMqz3rnMswBpeE8ZC zcnPe318tflzEkQ.ZA6rG4aXuQrjG42CLDk3_yuWM7vG3AgIPenyky_tMQ_6P96jAUioIWcNi4z_ ou20RY9TaGlJGFyQvPjYjul6yhRc5e.BO_WF6ffPj8JapVbiiNHmgEC0kjH9fbVkauFs- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:10:36 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e584f9a769c6d1ee8a468863bbdfebe6; Tue, 28 Jun 2022 01:10:33 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 23/33] Audit: Keep multiple LSM data in audit_names Date: Mon, 27 Jun 2022 17:56:01 -0700 Message-Id: <20220628005611.13106-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the osid field in the audit_names structure with a lsmblob structure. This accommodates the use of an lsmblob in security_audit_rule_match() and security_inode_getsecid(). Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.h | 2 +- kernel/auditsc.c | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index 316fac62d5f7..4af63e7dde17 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -82,7 +82,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob lsmblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 318529b1f930..4f141655ac0b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -700,17 +700,16 @@ static int audit_filter_rules(struct task_struct *tsk, * lsmblob, which happens later in * this patch set. */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->lsmblob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - &blob, f->type, f->op, + &n->lsmblob, + f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -1589,13 +1588,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; + if (lsmblob_is_set(&n->lsmblob)) { struct lsmcontext lsmctx; - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_secid_to_secctx(&n->lsmblob, &lsmctx, + LSMBLOB_FIRST)) { + audit_log_format(ab, " osid=?"); if (call_panic) *call_panic = 2; } else { @@ -2303,17 +2301,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = lsmblob_first(&blob); + security_inode_getsecid(inode, &name->lsmblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; From patchwork Tue Jun 28 00:56:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897471 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46A58C433EF for ; Tue, 28 Jun 2022 01:12:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242919AbiF1BMM (ORCPT ); Mon, 27 Jun 2022 21:12:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242922AbiF1BML (ORCPT ); Mon, 27 Jun 2022 21:12:11 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A03EC22BDC for ; Mon, 27 Jun 2022 18:12:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378729; bh=InEC/Dlj45Rmt1XgQ4CVXncaUv/yIXFfOXA+eTyZaUQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ZMOq+jHSUdRNYds2/BA5q5obYOGJAreOTi/LuFy5W4VM+SfsTIwx1+HSJK5Z3ULKIoh5Kfj7mDJis/LVog4IYKgawfKeaC6eVmt/9iT64k8zHiDbps1af3YoDKP4VSx5Kn6YYHkqSmTP/ou7xeIbvYsR+dvGVSj0V2herWlKVTdTStqeAfczuyTFxILu0lYaleATsaKfMZO8Abdn2D5ea650RiaBYUIOHYo5//vO/M6qMFMPykslXJ7VpddaDjHaPxxEj+Rat5hk32S55f/aGFkG5oqPgGRWzaAfTJIu6DJMvlXRChjbShkUcoIDLwdU2lWgpnZ33iVHJrI5g5CGkg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378730; bh=CMbH4bupjS3KFjR/bKuDxNAngRvRhOLHNzqnfa84occ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=CYUNHFN38GB4znmab+qxSG7uNlV3xaXRB8RJddxD0Ps3bp208IeR0AvlR4TIRDNWZ2X+6JDyGo7wOI9eYoi8CJSiELGQKpeI1mt0HLPJEtnCwUFGJ/J51QyUsu0Yi84olafHQbG9VfnhbfCRC4sgDl8MshCcRJSrAbgvsJ+cxuKArVO8Li/sk/k5fxcO8kHoOe373z9keo5LpQmsKUQcJRaeyIx79Qm3rglK1KdNKYAGV/L9+XWOVJ+0D9gp0QqqA7s+4+JpLF2LRYqyqZPd3I/IcO69xAjEDW7rA/UYZdGnK4RAAuoXddWBZu313o5ncS/LdhZmnNa+Jvq/uwibNg== X-YMail-OSG: 2ZZFllAVM1naRVlhfjcm3GF6Sbx9OPnb68kixcLfB8gXMxaMxbY6jVHxqgaOpYZ b9nN31DNxYx6eu8PjcAj3vjhbdZ2nzMnUC_2TvfoovV5OOI4pR.jMSi2rOtSd.ll.MVR1RhZdYm5 ruFjhwPzIfu2z__MVoy2WZtNP1tePEVnym6n1uZ3IiinjRIOWSkwjV2q563Cs9Zo6I6xC7uLA0Yy m_Kvw0NXf_9u9SxjfE6eJCO5h0jFBCDNm4dJuQkq.gmrNCnm_XgVnqGPCEEIWPTY7KyC_kF8NogG nEMX6a1IUPA2LBFGMTwT1SOKAl9vzLKn37ERh3N7lCO97aLWAKOy_b7VhbSV3TTU9f0F_5IJll0C w4ZzbVlB78_l9lSZll9bxr3SyhCIRdiDMsWNh_nszM_OhZqoad9ymKTEzUjYxjReTCSLahhfXCxv jJ_8tiRY2_Njh4lTlgQyyrUZtP12gI7cZLfLpfqD7Ny.LHKnOmO6DHKzp.PrtQ61nQocF0LWmSCD tBhCXDQM2YEk1pejzxOHw0k1bN3CQ5fH749o3BRmhBg3sQnbvIiaix6ILo5MAXFm.hnPynRENeZ5 9CcHvPQCz2j6roZFJZuQpjWXBx7Eu9QiyIb9PjyudkSAnu93l7hIel9WFX7AgnPuxkC1ijAgzpUr S1ntY2v0q2nfqO1iZ3n8Bi0BZAvZpESE.J3kpEsK73Gboqkccbjc3b_KzHkU9fHTMydUS8izc0WB FpyNbJTacPBRaE62rFzvu7sXfQN60ttz4NLUowV4KevzjrbQxyGzpYwsNi06uN_TYn6vvVZB8Lx3 IX5kGjM2zKAQvko5Aueel0Q.2S5lCgfJ.3bFdiKJpkcktS2Nf_7C7KLin2rfEoi7KkqMBxbJO9Yt boxMptRChTuQ99Oac5xUAV_YEI0PhQ2b2kf4.sS17Wt33sdW2LkknWaGR6idMSLlhuDCiQ9SBA1e DK2DQ50uaw0dKKC0UZs70XXGQiQomKOSZ4P.ul5iOIWOLH6zAaovOFJSqSAacsPmljy1i5SAhQqn dhSIskyhaWlG2VSXaDD3tWWrrMDJpGd.2bYl2ik0cdcf57PHpfYba9plaKN5vOduuOugB8R5oP2W jTF7yAQx8yOg60HOMPamIsNDeXlKFaLHjVyfYdRiA2NYj3loi14E2jqR3lEDB7djGAgihuiJ.Xgs snQcM9EPlG6BgLGUajKUByRGGj8ZuXraVSjfWDJbsotV._jY3fDpZj3UK0XTKuryIILajkT15zpN e7fIF7xTz1JA5UHSnLFiPBRl6FvOFytp4KycGxLDyFd.kzeehTNsdtn4H5ZXu2NJYeR_oNBoNAAq c_31VsM.4XL9JVEY6e1d0CKLlFeJpk1CpCPaZ33PaZovgFaExOlS9wvFjO9Dlw0DZWivILdvN6y7 j6CBRi_GAibSAnRSDVQvdUvTRHSPbSKJf7.mTB5QUjCHGzAFIaLZ.PpF17KN8mioE_CH5cZ4HrPE .BtRQRJRtHcg2lPE7iNagGGiyCGmiaBO.F38I7hRt6FZjZNHiIM3MOMcUaOXA2hS6Ot4xIIVnAeE Jcvt.R2aE4tIfR2Kf2RAKXZcbrVqcC6n.I19bK7VZ5FJ7CRuVQgVcP8y7kTTgfRGdQAe896Rdid_ aAhlS8JXrY0rk_FRvqvgKHxaM8OcgscyrifccgzKNOWqX1_nWdMY7XntFuxZQ0gSrVYhPmMLLHZv IP3mjC5V_ZtyNXqcOO4RQvuMHi7viR9yV5TRz3xoKIJDUXlz0LZADrWPRP_XaSi4Csv8zBo.jd4H cOUgfMM82RHcdhXgQ26KgF3ZA10zTWbctET5UaKAo4O.65PlLVfCUbodLBLwd2mrZwiDRzR4K5v4 srUD702.dQe8aKXugFiOmX4BkuhhUm5jiwp4C2OTQ8XqoT8OP8LDpLW60_8.oXW9NLwYOFYR3MiI h71qCrrk4q4fg.Wj3hoofHGOeiHMn4fEqoLlLSjnuqzQq4uex9VgXn913VMasvvFJHBY_vA6hoOw 2Bct90NP7au.RMp6OtEfXFgyQPODiAWvRS4EnqDsTcnuMdFMfDmWm.TQLZxhQnsvszbNA0zqWaOz TEk14gOGs7fHBaAY1hQksqNXACKmVfWUtQpl1PB_Rs3_0k6g9DX5vBV5Eqf7fRb4IgnP_FdSeQiO qIi_JAWw.e5Rg7U77JqYpcKR.A6zgDkggZslFHpztoiVqGCjeaqtYZE0Py93w86GZlVWGD58C6r8 1C5Ac7lTgAQUoo8RilOCKHKOVWUe58eTityeYpcptVTf2Ah8KRPpMU17yew-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:12:09 +0000 Received: by hermes--production-bf1-7f5f59bd5b-zv7ms (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f1d422e5118ed4ad306a52cf19212beb; Tue, 28 Jun 2022 01:12:07 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 24/33] Audit: Create audit_stamp structure Date: Mon, 27 Jun 2022 17:56:02 -0700 Message-Id: <20220628005611.13106-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 13 +++++++++---- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 99439dcc75fc..e4ee8ee63484 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1822,11 +1822,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial = audit_serial(); } } @@ -1849,8 +1849,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1905,12 +1904,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index 4af63e7dde17..44cabf7ea660 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,9 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; - unsigned int serial; /* serial number for record */ + struct audit_stamp stamp; /* event identifier */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -265,7 +270,7 @@ extern void audit_put_tty(struct tty_struct *tty); #ifdef CONFIG_AUDITSYSCALL extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -306,7 +311,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4f141655ac0b..539469bf1aa3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -992,10 +992,10 @@ static void audit_reset_context(struct audit_context *ctx) */ ctx->current_state = ctx->state; - ctx->serial = 0; + ctx->stamp.serial = 0; ctx->major = 0; ctx->uring_op = 0; - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code = 0; ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1950,7 +1950,7 @@ void __audit_uring_entry(u8 op) ctx->context = AUDIT_CTX_URING; ctx->current_state = ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } /** @@ -2072,7 +2072,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, context->argv[3] = a4; context->context = AUDIT_CTX_SYSCALL; context->current_state = state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } /** @@ -2541,21 +2541,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context == AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial = audit_serial(); + *stamp = ctx->stamp; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD; From patchwork Tue Jun 28 00:56:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897472 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A524BCCA47B for ; Tue, 28 Jun 2022 01:12:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242973AbiF1BMX (ORCPT ); Mon, 27 Jun 2022 21:12:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242955AbiF1BMS (ORCPT ); Mon, 27 Jun 2022 21:12:18 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49D3222BDC for ; Mon, 27 Jun 2022 18:12:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378736; bh=+syZOcwBmdwGcbnbdg8y7i9ieTrX0HVN3F2iD0fUTrI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=JVwzARAgeFTzRBUF/GDuQz73czbNdmQkD3f+9DRhWCN7Q/yhzXxE9zVUOv6yfneXY4whZRmfjfy/satz2b/X1AY7f+yB0kRU9HOX+RGVXgv21Umgsa3JAYnrVyGjY9xYmo2+jwFvBpv85K1rHEBsnu0F9wuL9GOdTaRz/qWkEXtzIyA378buBe18WxAYr7oXIaSKJdiEH7XVh2a+rmc0lUHKGzzlgR5g7jEMmhLRJmLtTlXTBiOd0b5OAYj/dLntv76bNJb5D4owTH4wdTl0VbDaJJc6idOB4UjZIWsL7ZT/y5fWYa0PDnOdbYJqPYIdWu5DZWo7x2AKYTGKFPeogw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378736; bh=4ft9wGTnxjutl7x1hW89b2sMH+5gk4GzLBbv25534D6=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Xk2Pe3it55U0fq9bDFLYxw4kedCA6u7lSUCIRNqFbWRKrIFN2ZnFS+HRanKE+w1FOOhWYSw1HjegT8w3Ks9IAnTzurKNSatySWgLSR2I/LJyJFJHlpA/D0BoDoZOHNIbRs5G5Z7VCC+1WVfeAK5JFoqJehXM0DvU+nDiGSwuX02+M3TWAFf3PH5mfTPP3F50npg0tnTLlcaI1Xf+W63Y/VJt2+07lwnuQmaifIky3RNXRVT1wa5ldY2GLS+OHMad1htvkgeAiCXUECMaE1PU/Ox+sT8QYR8+KU0x9tqWp/wgHvVa8nLqXQ76zjH3XdPZDq/Vayq+CwKQH7yiFDtYBA== X-YMail-OSG: s_Z1mJwVM1kAy3THo1Q3IaxjEunDl3yVjgDK7jS7KFd5EMyO9eE73AO__PmWlQk yIQKPrpn2ovobBOoDDp0GreFqh7jGXJnPCOXdGCd0m3a1eqGxP0Pw6hNhPZfBi9FJ2PIEd4mSMcH eDdUJc23qt3hFtIm430V6GLz6nrWYrUP5xh5LLCO4rjDCyAtvp3PJlzCktcO8vPrMXpo6XSyefcq TXRP6kp0SS_SG2zvbNhXcaYB42Ygs.vNfGGUhK2ECL2WfmiSSPRU6HMo0NYDq2QERM0Ahea9k3jA 8YdOqqvvMF8e8kg04T6rI6s3SZxTi8gxBKEmKki83fT5R_smcFr2isKwtNElMtcb.S2ZGbail2l0 qdpGB2GeKTEXenTZgJqmWIzm0XoGVV9GyEQlLx4E_eOURLLb5e7OuFRM7VX1fiTSosnxNQDeASdB 5sp9SFG51kDimsgbKv2Mu62D0dJ.f2F0r1gIu.d1fMIy.K.XdZ1fvty9wgsZgTqaF4kRJ4v1PhNt 8nm.s5CV1bUvHlVWJBbnDeYQZzMB9zm6z9bo8FGCAc0.l4gucN.nrCSa25Jna9acLbu6aj_06lqh Ltg5e8MQJuJxdbapDHpwK4onhQfMfMKYM7EuGNVeKSox_iaHnPemQxJUbw3U8QvDuQ5mYewgEeJI D2k_nOh5TWbJz3NNxnmDAGCypmtCuWGNs.b8adByV.EcL4a9m8gbuE4DdOhaH5aOx9UQrbIlbQop 2JP2VQK_jcg2hsv3vY_WJMYp3zY5mAndKNOldGKMIjz.VTSiEaMAvfl9zS5aOVIKlDLBpA07MCuO Zilq4FF27ZZGrHmt8z2vh5cEMJawmz31pyMq0qC8QtQV5ykoC2P6H6KipdsQ.kw3tdUOYDUkaVJ4 E1KC8v9Tbui2drD6xcitoc5RQuY4Q1SG5Ip0vReuaUqvfi9LBLjI2SyoDGyL9Jj2PH2Pb2paUpUQ kuL2XNJoTcHIH3.q.6g7JSTQrChog9_K4WjTC1Igd0Eo..ryFDtktyttdHIsXhMoeIfg.SeDgOsz 8DsNL_jwno.XxVl_VY3or2XRpsbejyVil2pCMw.j0k68pKQ_CqRDvXX6QTYzVwZKKmUWLmJsufRu Sq7bEa8kG_VJBOdqKwZ5xVobk.ob_Z3zgFheRQ6H4lUP8v_OKGWb.1SwVElgYMkyxxCG3y8rKa9k vb2hh2rfH2ti4orvx5BmifrmJnwdi290PztYA8EvjQv9IRvW3CE6wG.5WBAt6ufeqR3MQaZKwC1f dMuqvoL.x9omxHZD.DMotZ1gXvlQoO_VWkwG.YZgrFyx49EXaNU63PazqqMeY2Co_7c4IU4KCX79 4CqDzQmpl_z8o34B8R3lgYHjipNcaWNWKILKT9lSA7BIg.bbL2hXuw.XNB9sysAGDIJlll.tshSl u7TEeSfyyiqjLZ04XblryfiAl1TcYvlEEimvzfVY0pBuebdig9xBE7e8WsTsFK_bL0CfqnulTSGX cIIy.dj73uKgJCI8FKq75C9Peqdnv1Bb_HjHOsfLQb4RkNAiAuFBY2SYcptU7lAUNJ99xuMXmdur 2zrsz0B4bDmm94ppQL7DkuEU4BdEz4ND1HlpDiWx.ynsfSLE_rfx6OOsg3oNLPn2QVLeMEwXhiLp .4at1SCctPS1U0wDBWcB4qBJci33HziMaVA0XirgiiMVpEaWa6MNt7hPHXQ25ps8fOw.sHy9Kc7J aGDEuzIC9gL3SfNO4Vjkf2hJYxEUKEs8b01UZH5LCv3jl7MZNGYmV_OUp3Yb0.il._mkwNCfizH9 IrazX8VSDmX4.ay6qZB.O_WLcm3c9iNztelrgUt.YDHMp1DiKJ6LX6au1206.8zoAwtKTZK60HHi Z9sqXRJdXs66EEHO9H0mMPSwYIc3IDy3Iwka8b3Ktal2_L72mpq2zzXObOs9E1EDuuXYhWBsEohb isZ6eK.WCfydYKljuiBhQCPr_sGMBDfwoj4lAlJiIM8kSflfSMxGyoqdyDu_j0LRyE59NH5YiJ2e 7yHkMA9w1RHQndvVhOQYmA5HnavDDUD.3YE0f5gtCM0Z69cAXLU9npkUH1kGJNbb6Kz_P4TqTCrH 9gZi67mtAA1xQyd8bA2AzYM7rsRfezWVXlqr8_sRFu4Oxqi2lRmHGAlKJ91MMYNZcrXdTbsB.95g 7PWcReM0A7TJYZcETE63ezk4LHue9i3cwVBy9RyRrL2tfgC0MCp3qM1.WTkkgkk4FbMBL5tDkRcb bevmr_hL_70nKvQ_SVwvh3OFkL2UFyWx9qpoJ1wWkPC1EZntGhDJFEnOFzA5gOhxY53ltTzMJnOs 3X62pHQxerKtPl41sGaTTpl7XK_ATyPX5NgH5 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:12:16 +0000 Received: by hermes--production-bf1-7f5f59bd5b-zv7ms (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f1d422e5118ed4ad306a52cf19212beb; Tue, 28 Jun 2022 01:12:10 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 25/33] LSM: Add a function to report multiple LSMs Date: Mon, 27 Jun 2022 17:56:03 -0700 Message-Id: <20220628005611.13106-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new boolean function lsm_multiple_contexts() to identify when multiple security modules provide security context strings. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Reviewed-by: John Johansen --- include/linux/security.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 5ebc3ec6948c..890a5f9f043c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -245,6 +245,15 @@ static inline const char *lsm_slot_to_name(int slot) } #endif +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return lsm_slot_to_name(1) != NULL; +#else + return false; +#endif +} + /** * lsmblob_value - find the first non-zero value in an lsmblob structure. * @blob: Pointer to the data From patchwork Tue Jun 28 00:56:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897473 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF9D1CCA47F for ; Tue, 28 Jun 2022 01:12:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242926AbiF1BMr (ORCPT ); Mon, 27 Jun 2022 21:12:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242914AbiF1BMS (ORCPT ); Mon, 27 Jun 2022 21:12:18 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49F3A237F3 for ; Mon, 27 Jun 2022 18:12:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378736; bh=/hWrEJoPbYDBQy6DZ9HC/kYn/Pts2PMigLiTulWyLd8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=YcuLwxaWthwf270MteCN1LPtVoDatHuUyWrffx12p+G3l0wLhMRK7ZrB7ezIgusGCzMG0WIRl3IuFZLIMyd8vRQ24K8Zlbofzyu9jPxxIBwkYw8wJGgKoAVt4iD18AmjE4ojzBGJWhYBU44+Supg/oWoPB7KB1Oo3m97ECVWVwGlS5rU3qcLPSAevuw5oAg2Xm9nYP1+7U3bELab6cxlJV+JbTvnwxpPTKE+T36JdWuM1GrXB6UQoimMKa5kM1UMMj1AolcxSMDX75BRbtXkXlzyIXtPMjNVZ/7OUtdIg8ENpJ7TkMj1F7/T+hUklXF0L8rZOVDzyImsmKxhfAdjJg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378736; bh=hIbOsw4vOQKcIQ893RUZxv/lsbLbpVmDHry2DF/UnRy=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=JKz66iNpWpzWM+8o1W6M+Tcx8pZJymb6bD0jvYXiLp+h19K1UrwlgZZDwgANoDaVcsP/hqrFx5wd3VUL96MQJtfnIC0OKLt3alAQXTnyZdlOH3U+39uUcaOvwMNVljbFJhIlVDeJJCwUhlgITd33BIpJ2I9vpCM9/POpR049OnFqdEvRbnc6nw3b3D8zVrgCMBotxFg7t5CQy72jB/HrHmnQQsGbF8Ee/6XXbCSGLRMaViHFvFZilW5Phzuj8ZZOI8h3q18nZJLvgdUbwfqYTYwXqdmu1pZ9VKLz1gIN1JF1oQsQ7EoHwSfXaOPXgf3xw1xlGluh4UI0kJ/oAgyF7A== X-YMail-OSG: brAVF54VM1lGAnwua.sfNfX2RnO2uSH2dJV5XgNb_ONeH3A9gYjZ2L11qekqpCw QK8J5OgSy1iR_GL3WZ3hLs_bm9.Ef1uc4lODpaJMpuMZQ82O_zjlkIjn1Uxgl1tw4lrfpc6Tg7gW FHuHFkc1GgG3bRJb6Roaooy2QX.Vl__typ7feNHATpOrh2hkZK_H8iX1MTkkQmbNWmPDqhB_seie v3STh8OX5NPknPlIQBCETUrtypoOHFqXcwdiYyADOFlGieVED8ho3KDlasbIDA8_Ems9I9LJNpHT NdNMWWq6nb5TgPHxMusjlY3ww6tIRrtHpf_eWG0CsMI6RaMSWEe4U4rQRRV3pQ32FqpqFjNT6bIy 3otJ394VPzgU5u61P8Gc5c3pbOAwOSFz0rkM2zwXwBYNbk_X5_3Z6ap0rBTDfu4Pw15uuzSFlzxd 3W5elhA4.kR_k8b4gnUNKifUo1.F5fVrmcaJq4hrJe4bGdOyKm_IgZkSneCu_h_n3nAKTecacW4D YwvRlT5dMinUBmvHpFFy_D9i83T9BVVCpFeUVKYb9QTk.rKP.U61bYZM8zl0ciMZwudmnDb0OlVw Z0h9EHsbG7KdClBkLQctZjTUuskbtHnFRc2mF7mMmDplKboj.wBmclZHDBXqMGESfXD3fh3T2Onz 9iZOrMzk73HjwZVH.5QwD8Zvv2JllzwBU_NJdYiJnI3sDK6B1vCsB0EXBzW87ytpXptAWsayiMAm 12u4mSLPqRv63Blysm5uqLrh6QEAieASkeXCR4vgoXeA.5FUA7KcuHfYiSLn_McnBxSl.KlfhR.1 qUpbcoxcpevGNYNrwTq0KfoxH1T5Ufo1b6sH4K8VunTm_vTSzda9pH22ycIVhONdc3kQyUJJiK69 Hz5ULmhZVDQqU291EBUlSk.p_R0OdHzlXWKsslgxb1kQaShtggbHB07xBKXThBrgJrefR2U0CIBJ bmtHbA9RLEyuUqE98RNMH0Fxib5TfpBnM_ppRyfcwGOv_pbM6stk2novtCqIZsEbssaGxxk1XLZm uJ38qn5tezDYi2VL9IL6o9sxwxvl1qke77aMStK4x49jJcyAwI3F4r8ydKve9lIA7imihHBYsq2Y MdujZotOCiZgFC986pSjOvcuFa36rFGXIcRIy_LSqbGYFpjitrVSvoY9siPfc83V6MXblX2I_tVw nKlr5RV_Gw_.ymAAi3fRozv.hAYIhFWCQ6USOkbxS66N8YnXbjb6r_QVvEACyPEZGcsSS5AtERIk JbLUdzGnBNm5TEgEtwVQXoj8z0IK4s.Vzc5AWQYvJ_pXZ2T8wwoP_5xl2EqcwJgWHo_1QfqWGVfP W3GdH6CUsxZ136rB0iMK5mrPKKVmRaQwSyfZaZoY1ftKyG8G9pugughsuNNEzIgoqVvb2Rcm4Fdp 4emasNUWE1P2_57Ec_2_l57ZeCDiDpx1_u7ATeXsqSxg3Hdd2ZGIvsrNCiAQlBqJ_IPA4m8l7Arw oDdSc9O87o_AGgKthzCAQC2Xei9XemC5QI1Sbwwu1gZNKuqXfMj1iDrdTxBXnXkW7Bu6fss98Bdq sZJjNMGF1eOrVGdergmOCSqQta8WyptfRYN4dTYDxdzhC_fvj4LvfNixTLaAP_OVKyFBpXw4JB.C qmQJX0JIIf_5DFJAAD_K_pQSzNMrQIsiScrVD9CmD6_Pjx2OTtA1thS5ytetG7q_WMV03ScfAGYk __AF3XMfw_ghs58wZbJ_R1sdpLW_UTIurC.mpFTpfrHaIWUGDwBsx3xPdJK3yJlA9Bk1dBhXLsY5 1opdEZ0kJFowT5vDAW4c4vnZugIXvuLjN0OYy1pR73KHf_bJPvH4hL03dRubAHlt0Hv_AK81D0hK 5ONbEsoO0OuFTh2Nc4ghGgaUVhId3i_9KEx_bqN1qeHcHNtAJFMBtNq6bU004SQuXVp8c61wGkKs vVYqvk8oCMAKv8CosJm7IE6z7o170aOkeCcX_RNPrfn5bnNp5jrI2l4jqegzeXeApo8pTG0siHol 1iLDBstMhSPiqOKiYpfMCJBViNt1YuwTV8ySILYdhG8ekl65Taht_QdXTa2oDvVRzCorez_bn_Un rGIU2zIn.u1yfRriUUmFXcuwE9i3zBj._S5EfqheopG.18KABOb3qOl9tBkZQlEhVHx4gX02VJn9 N.RjpkxDatzuzrQuGXT4p3h2DEpETIL1YDSkpVfLv2O50nut0Zvd3REwEHOJdRqkYw3uai3_Sl0s f.CLfuwaqaulZoSe.SPndMgTzppPJm1VCeMZVjbbi5JeYPROFGuR30OmIMvY- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:12:16 +0000 Received: by hermes--production-bf1-7f5f59bd5b-zv7ms (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f1d422e5118ed4ad306a52cf19212beb; Tue, 28 Jun 2022 01:12:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 26/33] Audit: Allow multiple records in an audit_buffer Date: Mon, 27 Jun 2022 17:56:04 -0700 Message-Id: <20220628005611.13106-27-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Functions are created to manage the skb list in the audit_buffer. Suggested-by: Paul Moore Signed-off-by: Casey Schaufler --- kernel/audit.c | 111 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 89 insertions(+), 22 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index e4ee8ee63484..e4cd2cdda7f5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -197,8 +197,10 @@ static struct audit_ctl_mutex { * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ + struct sk_buff *skb; /* the skb for audit_log functions */ + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ struct audit_context *ctx; /* NULL or associated context */ + struct audit_stamp stamp; /* audit stamp for these records */ gfp_t gfp_mask; }; @@ -1765,10 +1767,13 @@ __setup("audit_backlog_limit=", audit_backlog_limit_set); static void audit_buffer_free(struct audit_buffer *ab) { + struct sk_buff *skb; + if (!ab) return; - kfree_skb(ab->skb); + while ((skb = skb_dequeue(&ab->skb_list))) + kfree_skb(skb); kmem_cache_free(audit_buffer_cache, ab); } @@ -1784,6 +1789,10 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); if (!ab->skb) goto err; + + skb_queue_head_init(&ab->skb_list); + skb_queue_tail(&ab->skb_list, ab->skb); + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) goto err; @@ -1849,7 +1858,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1904,14 +1912,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); return ab; } @@ -2167,6 +2175,57 @@ void audit_log_key(struct audit_buffer *ab, char *key) audit_log_format(ab, "(null)"); } +/** + * audit_buffer_aux_new - Add an aux record buffer to the skb list + * @ab: audit_buffer + * @type: message type + * + * Aux records are allocated and added to the skb list of + * the "main" record. The ab->skb is reset to point to the + * aux record on its creation. When the aux record in complete + * ab->skb has to be reset to point to the "main" record. + * This allows the audit_log_ functions to be ignorant of + * which kind of record it is logging to. It also avoids adding + * special data for aux records. + * + * On success ab->skb will point to the new aux record. + * Returns 0 on success, -ENOMEM should allocation fail. + */ +static int audit_buffer_aux_new(struct audit_buffer *ab, int type) +{ + WARN_ON(ab->skb != skb_peek(&ab->skb_list)); + + ab->skb = nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); + if (!ab->skb) + goto err; + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) + goto err; + skb_queue_tail(&ab->skb_list, ab->skb); + + audit_log_format(ab, "audit(%llu.%03lu:%u): ", + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); + + return 0; + +err: + kfree_skb(ab->skb); + ab->skb = skb_peek(&ab->skb_list); + return -ENOMEM; +} + +/** + * audit_buffer_aux_end - Switch back to the "main" record from an aux record + * @ab: audit_buffer + * + * Restores the "main" audit record to ab->skb. + */ +static void audit_buffer_aux_end(struct audit_buffer *ab) +{ + ab->skb = skb_peek(&ab->skb_list); +} + int audit_log_task_context(struct audit_buffer *ab) { int error; @@ -2402,26 +2461,14 @@ int audit_signal_info(int sig, struct task_struct *t) } /** - * audit_log_end - end one audit record - * @ab: the audit_buffer - * - * We can not do a netlink send inside an irq context because it blocks (last - * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a - * queue and a kthread is scheduled to remove them from the queue outside the - * irq context. May be called in any context. + * __audit_log_end - enqueue one audit record + * @skb: the buffer to send */ -void audit_log_end(struct audit_buffer *ab) +static void __audit_log_end(struct sk_buff *skb) { - struct sk_buff *skb; struct nlmsghdr *nlh; - if (!ab) - return; - if (audit_rate_check()) { - skb = ab->skb; - ab->skb = NULL; - /* setup the netlink header, see the comments in * kauditd_send_multicast_skb() for length quirks */ nlh = nlmsg_hdr(skb); @@ -2432,6 +2479,26 @@ void audit_log_end(struct audit_buffer *ab) wake_up_interruptible(&kauditd_wait); } else audit_log_lost("rate limit exceeded"); +} + +/** + * audit_log_end - end one audit record + * @ab: the audit_buffer + * + * We can not do a netlink send inside an irq context because it blocks (last + * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a + * queue and a kthread is scheduled to remove them from the queue outside the + * irq context. May be called in any context. + */ +void audit_log_end(struct audit_buffer *ab) +{ + struct sk_buff *skb; + + if (!ab) + return; + + while ((skb = skb_dequeue(&ab->skb_list))) + __audit_log_end(skb); audit_buffer_free(ab); } From patchwork Tue Jun 28 00:56:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897490 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39CD8C433EF for ; Tue, 28 Jun 2022 01:13:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242955AbiF1BNx (ORCPT ); Mon, 27 Jun 2022 21:13:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241624AbiF1BNw (ORCPT ); Mon, 27 Jun 2022 21:13:52 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BF931EAE3 for ; Mon, 27 Jun 2022 18:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378831; bh=KWpA26gtlvWO/il7xoaxAGnTtkd69RoCWupkmUBZbjo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=d9+itOcYdE8vK1eCZ8O0VHKKhHTMJjnUECqaFcQIz3hQ6eEm83z7BLFZnWBiy31jgSAhHsrqAwDuYo5lwfjw/YwUQV1DUY5YxPJWotTGMCUiEE5he1LhteaTw+vDcd8H31ILpqKffV+fSMKsunmC0NygraIHnvBGaWpaC6BoQaaQgpMwu8iqtqonB6Ny7sYHHy+xykmp8cnYiVWzBms7y51O6prBd2ePNDsJdJ4iCTQItQu7lGmyKmqwWTox7KzhoiiRH4/yvEtp4N9LHTh2fO2VX8oWtkKmmnkxiVb0o4Ru4TYjLI01zsBLt7eR8k4/o8MWxQR5gaTl7szrT78yEw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378831; bh=FIPNMHPn7hBoLTKGS/sXbwDciJnpgpLeDpiotzCLv9R=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UTCSawZ/a83Icp31HeZe/imPRCUVqVNz5tunKrdy5ihu3hsZP+VkFKtfhJKdaq7SPuJGj6o2EV7XPGPgdpvYxhwBtu4oi0LakJaECHt1hYwP7UY33QLnf6pdztKmusGzAbQ923sIco/zloZ1dpb5/6XkzTclDBeysuknf17vMgJXNyJnbd3o2FYFRKPo839aXDUkZgORtsLTqSCpbsUhecoJJ0+lVCHOAcZFuNHty78bSeVczAEKsx/8Pe4QhPtlfwHbxqaGA3N2aV77ydlKtswEnDYsLYBvfceqNXLYOJ//Us1KGI1JEaGZAn706HXpT2vG6wnHCVQ/bnqf5IUHcQ== X-YMail-OSG: v7kuU80VM1kIRGekmPbtvh6fQ7Imje1K.5vzNc4O9MCzfrBIr1.ONOk64nV3NHW i_BAWzMebniw_M2VHjF2zBi_TNvGNUZ.xUPvmQ4aJfBrmJOLTepjZqGJ20oVvJ.YO3Kx9x4VNr.C Kyi02e3vuHyZpNaJxJQxRZAXnUKpG1yGQQMQxUmzQmC1df7aNrR8JNq7BDIC34p3GbIgVCUicn6Q veA6sonRE6I.XrPklc4Rv4iaCMHuN4FheSBGs_4gGjyavti2o.7JUqUywrwS7pgRAy5Hh0R5HIT6 WthNv8gRwpRCktAmoAXvhVe6qH8fQknp6mFibRxSbuuf4z0SU4FaBHYioatl4v30a2c5IL49kC35 cr070i4UdQdRbPQosdGHKbgIVOKX.FhfT3tUo0LiTAgxxuAeVjls9bEvLrvW9Cy6e3NewceshHE4 oHSCXlzN5HXFUxkJkcCVKzj5eBv4jZJgsZpI_7Ao.4R2SxhZ7Jl7XMYDMDH0MRzYVEnz5RU.Xetw 7lyXRQU0Dd7j7nJrzE9w8KbJ.ijfY_0Jx_K_q1DSSEaYsZUo1VwuY5SJVJLxnjsNKozsX23M3nnE lpjJENlAdtCMobG1Jbi1g0SDnC7uy5ClZrf1PxhnwANw03rJ_9eph_MRHHPFY5HB8EobOUrspYk7 hOTROQtHI5FYfGthOuNykqgIfBsmC5KGL.cf3dflDra8NEZ1WEs9Era2k2lfXY91B9pRDNYGU8GS Io5l_2FbMYSUe.1yDDh4vLjHKWWvODQAaQvfNJYtRMVznAssaJ4Ai7HH7jDbD9TGZ8ZabgvXVhPK o2YU6j54bshwgvqlzJFQcYX1W1BfNDj555Z.1bkqO2PFiAV7IIs2oci6bA5ZFftk6aipHwEyw5lj hTgjEwA1.VnDzk6qb3DUCDNynD5KJWVnVjkkD9hm29VewOl51dfA7TZ8LO4bA1obgBF_lOGWwJmH PQEr3CsDFwZi9cb1taDDbvE8cXqX3Hj7T7L38UtVBuy90gFZnqsTBRQopT2l9LiDzI4T0BQcJrNx iV5WegC4xC9YmklShYk0u4vBUZ1qdLtXAPg4v3fVTIT2s2F2PiAM7mdzek3hRkStxSY1j2hKOTMh txttW9uUd4.b2aSPNsnOSN8QCjve4bCSHeL1DCqOz5nNWYo6.DAVc66RrUivCScsCNbtU2O3dY7y .FzMhdPNjEoc6I18BAJQ6SQaYElyBfkRa7A8MJwCwsFoBZGfklO01AcS90ZH9TFQscolUOhX0Dvp 5WbNoUELlMDr99TSTtV8_DakFdvuW_MM1ZrYNDsMTxh90gRPPkTdYkmneRemXGZpuPvh65fW2X1C ER8W3pJncpavIvxDigT6DZhBJ7bnoI8OuMY.O7zEMn1wWzWJGIgr9VUGKmyDOSVP8N76.6TTn9PH Z1HBu9nEPGBuoGBTfn_OH1pS_e1q9pARslAHzbn308KPTZfpKE65U8tdlnwpC5eOyRvX0I.D9GEr Dl7hpGhYNa9Pbj.KSOfQni3EYYUA_wqaLkbOjx11FzuhciPS_NIKN02AOhBAzTc4nfF56WrSbZwS jIbABtGcrSdAnEiRAfzuhqJt91PAjjBeD2UFcIX3D9qJOUmnzaJOPo6AqDBxB3VzjIfend.5qp1j 3.FkRh222QT6nszPmS049S1KvLLVIXRaoSDtqsk0Tpu5NY1avcXgKG2.Pb86Oiob1YehjBZnETJW j4tIl943MOVOuOtpEvdYceLXUBMlF45fMoXsZTkN6Mn2O1kbfpWzRfnd2giy04d26Ip.kOTHFUeJ SYKtr.iK.oAU9GtENOwFVhtnbNBZdRa_2itqQe6rFeYn0.QdlQLkx4K8dLUeIz96GC6W7chdgacs NYa4A6fvQuvGH2hDxOmSwa3XaJDc0ZJm4Cq3o4GtmLahB0YFi4H2f4vxIDjvKqgYhkkQ8Cp_7Bw1 bP6iT2g6xs4eSLOUVuZO3N11oi0E66PVNDMUhJHSvXrCWHrpwy3SOilL12I52krC7E4I65scNYfe K2lfq4ZZHCDi72_Sc1dkkNY3rWByW5JMUDM_I42q96vI5alkVX9r8Ua4UOFAeR4ewOXfAZuuobN6 GarqZhRCFC3mkJBO1yv0ng33fUjQwpoP45vJr22t3sHUhPN17NqgBm78qArDYOgVRArAEQyhQrcH Q_XHcbtpvnBhCjFVnffCbyHlLE27pyk1a4dxmAbumKDDGFsO4kHXpKKVwTfrx0OZx7yQr.QU8GqJ d8B895urQKyavAlqFI0r.JOX0OBX360RFcwvZqtRL4MUPMzle6fPjtYGnSYYvBB4BJGzkZJSoDDr jS3Z2CdZRUSRCLgCN0o_8mMJHEWcc9DN.ilyqvG82zAxX X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:13:51 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 10aa32686a323c4cda69b8a84be5c273; Tue, 28 Jun 2022 01:13:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 27/33] Audit: Add record for multiple task security contexts Date: Mon, 27 Jun 2022 17:56:05 -0700 Message-Id: <20220628005611.13106-28-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS (1420) record is: type=MAC_TASK_CONTEXTS[1420] msg=audit(1600880931.832:113) subj_apparmor=unconfined subj_smack=_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=" field in other records in the event will be "subj=?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- include/uapi/linux/audit.h | 1 + kernel/audit.c | 42 +++++++++++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 7c1dc818b1d5..7a5966b46f38 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -143,6 +143,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index e4cd2cdda7f5..cee5ee02abc6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2228,6 +2228,7 @@ static void audit_buffer_aux_end(struct audit_buffer *ab) int audit_log_task_context(struct audit_buffer *ab) { + int i; int error; struct lsmblob blob; struct lsmcontext context; @@ -2236,16 +2237,43 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); - - if (error) { - if (error != -EINVAL) + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(&blob, &context, + LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return 0; + } + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); + } else { + /* Multiple LSMs provide contexts. Include an aux record. */ + audit_log_format(ab, " subj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); + if (error) goto error_path; - return 0; + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob.secid[i] == 0) + continue; + error = security_secid_to_secctx(&blob, &context, i); + if (error) { + audit_log_format(ab, "%ssubj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + if (error != -EINVAL) + audit_panic("error in audit_log_task_context"); + } else { + audit_log_format(ab, "%ssubj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + context.context); + security_release_secctx(&context); + } + } + audit_buffer_aux_end(ab); } - audit_log_format(ab, " subj=%s", context.context); - security_release_secctx(&context); return 0; error_path: From patchwork Tue Jun 28 00:56:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897491 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18BD7C43334 for ; Tue, 28 Jun 2022 01:13:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242964AbiF1BNz (ORCPT ); Mon, 27 Jun 2022 21:13:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242958AbiF1BNy (ORCPT ); Mon, 27 Jun 2022 21:13:54 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3EE411EAE3 for ; Mon, 27 Jun 2022 18:13:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378832; bh=kRWyRnOcPJqVHyLojm6fH1oM0GqptpqLobTc//xz+3Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ZXNUjvGELhPo3sghoV+2ggEy/1XYOvkVJjSZyZcsfFp/PXCgqL5Tn6aNeAbD2ND8gl+4iiakC61ce00aTdxlUuJmI2VeYF8ZUKngmSSivudni9sl4aX9/J9Nc4AYsy31W1FsP9gFfsAGblC1vZB9wqKzr1gWgfmpyo1CuxSf9/jSdemc1xcwDBinQMtFiZe6n5Ckf2vyMc4GXi6peGwZ7j/vkMZr5cs1fxE0U+zQTn8p6r0COsz1m1NRFVXOUYi0Ci1IABZ8bzQv9bs/SP+jE4dgqFbfBtJ+DB/1xG0xy9OVVHYXyccOVufZ7gyrgCHnpjGwJ6U2cHIO3PYVI1P5Sw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378832; bh=4R4GAfGBvujRgioO0YE4JS8Op/wynGvIty7qAcDPwyy=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=gaRkcciTRXP0IPSkq5jMk5G4QDYNJHBdy5wGYmeI3tAPxS98PI05CAu+U8+BHqHu2enuE5dG0W3r7WLtiEL9bPR14Gsd4nEjyjd2eSBoIRZkheB6RUFUaDq7vUsGJIC4ab1ZXQiMwpZzKfd9qrpANBS/FWbQYO+ptra6eWdmttnrukk3hcICVdsu5lUreH+RjMpO6VTbRZLNkSKzfyuWRju2E+LKPBgAhov6tSVeO//NQU2d3BHxrSc/iYDYSxlQX17AuOlSJKuXDAhTZx/DT9KYZ4f4WG3v+6zVocHw6NaW/hzgTUFIquXSuwND8FyYEMVQDK/w8oBYkqYxEmuw+w== X-YMail-OSG: rg6XsO0VM1m7BaPQXoJwCjGMIntvuIADTFa43ynvu3oxCbuUIvFFCUkx8nb5BZG iToqhRq8DWBJGGVlJqlgQdirxM.jd9kNoSa98k0lFEFNcGxo53ia4ZmdVS15zs3sED0LA8QARbvq 4lQSSlS2JMHGaJ6REgX2beNjzeYTQ2QvuhCtfSiAGFlZilKTw65bgXJmN1jihLKtIvQ1uJFZTPSI 454gLHEGMa42.MVbSVAC9y7Xgrux4VDHlWkno_0qWULTQu4M9e966CMtNacgJIJCg2l1BKAmkpan M40TfjixCC8LUlPCVzI7xel1FMO_igJnj.8vsSxdpnsnN6kT0xe7SJVOBHVZv4PiAaMzE0vZ1jax .29Wh6jHFQLD.vvaI0cH4C0rIcON7Qu1n5qYKngxf_Zdfv_g_5_VhjAzZGFGvz0YY54JyjboAVtZ TdtMgKHRiL7GV8vKA8NENZKRdG.9aGTSCATENJz0kb64akOljDd0NnL8XdhsUn.z3KRwfAKoVaA0 iyypvlLbsyeaF11rcZbBQdydctvoCZCJ95iUKBWSpF90cIouQUc5ciJxmcl2L1ggW4iGbm_L5vnr e8YseB0BUHHlp8am1akU7He087xGneGZaz7kZDqkVn0Zu3ADyau6BqtJ2tZSG4mXgbZPJ5Rw3GVu s4EfY8HvqlGLEMIasUamzp2R5KsHD19ZWY3zSDjU5_UJl40CwPe4AZ70Mov24JIXMRms7hDt94Oq T.Qcox2BTuDdRKkzwQNkKVbgr0RNwbdVc8M6tAw5X44rk4VvLXcJoS0LMd0P6E8QB_dhusUohW_4 U_8XoOysuehwbX7kdxpRTuVg8gbXUJ1Fdt1Ce3vrXJWteTlAmFfZz6rgGcCoYxixAhyNwc.T.Bq0 LEYSIv5NGjYNjdZdAUjwZiKZmqorAchI2Ht._G4g1vKIi4yFi1fE.zfwOtwjuAMP9a11zfYXavBy 5zOxL.KAuNauiswAzN7Qv8IrRrU80DUtwclA0fR6fl45mkG0QmKtX7m_ZCpl.8bxe8MR6pztPtlw 87_0mufhMAY3DGAUXsa7Ufn2MXR9q8pqGdV_qYSk.5S.n77HozKwvqgCe6pGo4fnXSPWaEK6KGuv Eqyad1bsGVe7MguuvQ2DWRHkraxoG8lWFjSArp6ZptVacyju7lejny8PWHb20lQskhCC7yt4cakI lq8U1LKridE9fvIiZuuQeab2prpakTj9jmp8225YLGRq4xOfW00rfvrQwcgW.EpAD8chBgYtHjLv stbfibgk6DOiDfBE9S9uzEAmvfbAgFWQ.Izqvs9Fu47at8tBdBrmgdJxpPvwVWU7qtq_eT6yiAIf yOyEK6UY2v6uYyD1za_.Si2Is1cmIJb.ZIM952E3Ovkf_AFNEdKQx.tpzjphJ7R.s4mpSFbhZrCj tib0117LtPsT2FCgzGDjiUOSWTQ2_foCIBG6dek028EZG0vaJ_n99b46JQdnPs3YApEqdzPwZ6H8 oj1WG6dOXtl3k09WQXev1PhKrFWMyDeZ9w1GlfQmP5g7Jjj2qN7a7eLLBvNkdV5tzImkduae1Auh ZNHaUDRibusjfnsyH.lsYdKtK4QHwotQ2MvVK3uFY3bHafZ9zniovI5sjjsTvWxwJfe8ghsA0y9i c8Jk3vjJH92G0HFaWG2wU_y8HSE58juX4I6lujD0VNkXDcQdywJevsif0ykjiyBPdHH0GYEuXs7J iXjOcmE.fFBnSpWlOXz0vpExcHf10RaPjQujf.RHBp5u0tEdNPoK.gaHvqKyzCNPgR6.FghXXgUL CtIb8RElS3q19KbmMpWFyuFP48APBXII5F2.w5fUKfmXfMet8qYA0WDzQkcyNNjkGNxSzgVAOt22 EFCx6A53SVmBAiStqiRnC0siJcXtUfDd.HSdxqRqisq.fx7M38mdDECdvb9t2uA6aa5snRsIHGx7 gpNRyGBa0QdWepf0eG5pxe0Yv.mOFWCEDCI4L88ekIl4LF_trZT1QQQXk1oL18A9WLhoWhIa.WX4 F3YlGD8dkQTBXyU0yPwuvFF3cvuPCtUfa3ep0q4M0pks5eMlKYP9US1SOrdGSs7yAUUu.WkuYXKg 23UiZR0CuPtAflg1bPnNtxaC.bIbZtCK8u1iv.DLLMKYd22WQ3M0guWwJKWoBuTF3XhohTQoLpnc sIqpDnOzBvKqOVrcyPelMuVgHO3wNiY_JNsqTL2OiHDEH6ybdU8HUY9rsLk.ZYNJNGe_3MLzyzfT hf0eSQRX29Y6AHPP2m8bbrgPwRIuvUtLQ6gpT5wrLYqpeFXRirzAaTNEeyZcMGSdsagdS X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:13:52 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 10aa32686a323c4cda69b8a84be5c273; Tue, 28 Jun 2022 01:13:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 28/33] audit: multiple subject lsm values for netlabel Date: Mon, 27 Jun 2022 17:56:06 -0700 Message-Id: <20220628005611.13106-29-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Refactor audit_log_task_context(), creating a new audit_log_subject_context(). This is used in netlabel auditing to provide multiple subject security contexts as necessary. Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- include/linux/audit.h | 7 +++++++ kernel/audit.c | 26 ++++++++++++++++---------- net/netlabel/netlabel_user.c | 7 +------ 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index a7226989d77e..de661c571401 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -190,6 +190,8 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); +extern int audit_log_subject_context(struct audit_buffer *ab, + struct lsmblob *blob); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); @@ -250,6 +252,11 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline int audit_log_subject_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; diff --git a/kernel/audit.c b/kernel/audit.c index cee5ee02abc6..e66cc96db62f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2226,20 +2226,17 @@ static void audit_buffer_aux_end(struct audit_buffer *ab) ab->skb = skb_peek(&ab->skb_list); } -int audit_log_task_context(struct audit_buffer *ab) +int audit_log_subject_context(struct audit_buffer *ab, struct lsmblob *blob) { int i; int error; - struct lsmblob blob; struct lsmcontext context; - security_current_getsecid_subj(&blob); - if (!lsmblob_is_set(&blob)) + if (!lsmblob_is_set(blob)) return 0; if (!lsm_multiple_contexts()) { - error = security_secid_to_secctx(&blob, &context, - LSMBLOB_FIRST); + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) goto error_path; @@ -2254,15 +2251,15 @@ int audit_log_task_context(struct audit_buffer *ab) if (error) goto error_path; for (i = 0; i < LSMBLOB_ENTRIES; i++) { - if (blob.secid[i] == 0) + if (blob->secid[i] == 0) continue; - error = security_secid_to_secctx(&blob, &context, i); + error = security_secid_to_secctx(blob, &context, i); if (error) { audit_log_format(ab, "%ssubj_%s=?", i ? " " : "", lsm_slot_to_name(i)); if (error != -EINVAL) - audit_panic("error in audit_log_task_context"); + audit_panic("error in audit_log_subject_context"); } else { audit_log_format(ab, "%ssubj_%s=%s", i ? " " : "", @@ -2277,9 +2274,18 @@ int audit_log_task_context(struct audit_buffer *ab) return 0; error_path: - audit_panic("error in audit_log_task_context"); + audit_panic("error in audit_log_subject_context"); return error; } +EXPORT_SYMBOL(audit_log_subject_context); + +int audit_log_task_context(struct audit_buffer *ab) +{ + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + return audit_log_subject_context(ab, &blob); +} EXPORT_SYMBOL(audit_log_task_context); void audit_log_d_path_exe(struct audit_buffer *ab, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 1941877fd16f..42812bdfc31a 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - struct lsmcontext context; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -99,11 +98,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); lsmblob_init(&blob, audit_info->secid); - if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { - audit_log_format(audit_buf, " subj=%s", context.context); - security_release_secctx(&context); - } + audit_log_subject_context(audit_buf, &blob); return audit_buf; } From patchwork Tue Jun 28 00:56:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897492 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FB05C433EF for ; Tue, 28 Jun 2022 01:13:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242993AbiF1BN6 (ORCPT ); Mon, 27 Jun 2022 21:13:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242253AbiF1BN4 (ORCPT ); Mon, 27 Jun 2022 21:13:56 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0122E1EAFF for ; Mon, 27 Jun 2022 18:13:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378835; bh=1IU2J7EU930F0Q9lqPxlXd03lktbo4Qzuo+aIUWpieA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=TWBvZmwYfIU3ZeapWOtAkl/Xfg3rYRWsLq9WFMVb4brD2bvRoExlPLYwPZ6TDISY8W57bSj/J+5ZLHsok4rlM3/BPZRll9J2Vrtad0XOFEkHeMS6+r7Q9xrD1slIFH3S4Q20m+NctNf1+TSzMHmVCk8jR8ui7FiAWMWDOdM4VWCqly/jnOH8nrlPURRANbwlgApFnbUwdb3Cpy936Wme3dAoF7EkNwkJ/oASmm6etmKqLcbFQhqFXzGsXGoEAw60J7BuXaMyPu7XaKlQpKQLHnQmFfC1JvUJZbYrFQyRlNwc78DH6TIjqXJNfgKoyi6FIcqQ4u/v4pwtcNWMqAnkIQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378835; bh=IKtgOcluzS8jLN9CK/zAxw5lDaneQgTY11+6h/VmHqk=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=W3Ew4LUO17n57c+ZBU/CFXONVJtpSbvf6/6d54Y29caOumD0MR0uF8OSU8SQOC9yMJGRLFFhj8Lmh9xT9MuNq1dZUf9a0NY2Y+CY+j/CPZEEDmgwgAozbHqeqbeji2dZ9kgLK2tF3YFksoYqn2ra2LH5Mllvuy85Dab96CO6dXRw1vUi2qhiQ+e1mqh5J2sPHSXxQ5VTU8/7W/GQKaSZ4tpXMrRpihJMSpFvfSaetrpmgLNVSeuW+ptySl24vXHmbPRtnjtcC4Lo4OxDd+claU6jXqs29jDA8MgsQCG0WAKXpvdV4LNjg1wDXeppcKfiifn97KlGkTTfI8DS0026BQ== X-YMail-OSG: x040Z1IVM1mPyCczeQqnAF7c6JeZFMLs5CxukebdAxKX2yLIdzwcRz2cpYYqRtS 2J02hP30jPnyDXVNr7H1yK0vH_lqxHegpgVDqIH_iZ.oeWZF1yQVPY2K6WhsmLolYP18fNlcXxPv Q.UaGbT2SaJjkg1a2rXigorCOLzYQctL16fa2znWAoP1m5zc_dQ4L9DFofpsn4xNMtOZSNzEJRR. BEkqzkH_bh6hFonGmUSrmYkAgcvOqkzLQ.Dt.rjOG9fPZVGkzDYphu__bjAwW8R1lI.fYScC_y8A vgXSoLItHiR_ywH2GbUAJEsZRGjXagqPrZg_O55QIRMxM5kDbTk..tys3h4L0qO3PAMWkAp.Y892 A5Vf5R2d_Obe80nGLVptV8jl.mQtdAjLSAIqB2kGZUljX1h6.7rSN1PSpAJEsh1ooUc3BcoExlHu CgMGjatJT_RSdQ5dl6Ky__W6MYzV6vO4UqMaSOPqERVtHuvHV_IVN7Dkpt9Y07mTtCdzmrWHEt2p EqwkhKqUJRxgwNqS2Jr_HggFQ91HCapDfwvC5rzOlZwXGFl4gzjlHsu5NbE7darTQffzF_SaKYPL 8pOWceb12TrD4reXmZaGnC2Ng7gzHQ3XQ4VWaLOUCjbZNY92nTZf0E5UMh5s1qz17Ax2owkjgxYG ld7_7N3tSX.da1ElkatCfMteh5atfS.Mx_9L7gIJbXrAAYiLKZAtSGbz1moxhOizhgnufCNqSJbK 8yOCjONUcPk47HIFVqkbOLSu0VFmNIg1_5jCpaHnrt2N7Twps.blhxI32s73WHd8rnfnnyxNwpGx mI1uklhg37b9lZNAK7NDUnCe5J3r5zcR15eudiaJMgBWBM6bHV.yZPZJH3vj._uIMPMYh2qLnEBl LDX2MiMisoojr_btSGB9ucVgBpnF_2XHqaq5oXK__KoWXpZHvxc7TSzVUMj2uFPi1OIpNVYgGLX4 fhIrqI4wt9SPROUJt01jdj2v1TmZXssGyLivBGZv89.ps1CQBSVP2JoEJO86BuUxvi9T_Tw5FwXq 29BWZXJxbYBotJPBGbAIohiAedMdefQOaND3P1WHgfv_d._OfcWJrSJ0SZWT3vHgxfChKhIS2zbE P2ymAMXE_7PSmIJe_hY4xn4q5CfF3NV5p5cHEWfNnQya3Gz.x4GsMq13WJ1fWiAJbUF7V.6zfw3X 9L.hHV9UXqDEhFsMBzquqOOruLjuOVM98Kn1Qk1_NPn_dk_a1QJTQcOY3qrilUWKwhzL8WpekMU5 l2vU8aMxvyvs8gRIDc9Qvl9A6Q5VE.eHydaSlJaXh5mFlsRWLiUx7VJNeto9XExIpE4tt35tlErD qp64njHg9IPWkPiRjYVUMtrblo13Gh5cZ52KKVqDf4RKJFkFEbFHhbSp39fhFDY.PRjRc4GT5T0R iLiJ0qfb8dMuxxCgtGZ0nuFuqZl48a0K8F_Jbpv.uhEKfy6LFb0Pq4LdqFZMGKPTkKETJXS.Ou7E 7QJ3bow8hBbqO7.YuNwmp3fS_E867VRd5dDWiPgz6cFNt6kJbbKZj_lUoDf289_137uwl72FKQdC Y1zwOq1Q.mB4QeOK0yGD3JFBsrD0MbcFsnlT82PsT0gIdd.DKXSZ5dm_amQDGAASYBQqpArLAABM WoxEzmUaGvGiaeuUdb9Exb4GohLWD2lIwPRKL.qOJ4lvrYCV4sxL_wfH4GYKBJnF2NuntAqs7uXI HzH.KY0i8AE6orvGgIFzJrnzTH4h4yrm2vPldxkxMJCmAjo5t5cw2serOoUaWIpPzt1Ni7AOHWTI 1z2q686WY0027bT.BKhpREvkwuWLh.v0oxR1LhN9no74hB42j2Z.qeZ63KkMSEFBNHNplHtIQZu8 iGKy2IKc4NckktpCbEhkcSJIY_296I5_GeufVfXB948rCcnEl_OxpVjqubAJMnxfYceirL1F6VFS Ku_n6ROneqEcX0pg2V_hfqX4HEL8HE_Lns1Dm6ax6aHDmOPzpSOV1PCGUjVT4tepRLZ8dWsGagr3 dCJ0p5Qzw6hrlAva4DnTj8yM.PJ7zUDZI4qFVts_h1JPUwCYhBHU7mef_WthkFbICiXRzWaEBY90 aB8MU5Cr4SUHrwpbtuawJIsbH4zUkuO4NxhgrMBvkvoAO6WJFYa_BxILeEXtpIkGXpCjuTIr5m4T 9vUpRBc7eKLySIN4zc_YUiMzhM_5eTaVMcSIRzM8LUQ1N6gg0lO8CiC6u5cP72Fsc.MLQ590JeZU qwRllMm9AVeHdUCw2kng3e4L_ejcjnnfukY22KoGpreSm2.MUFmfSpiFADI5UMsuxqnP2Jw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:13:55 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 10aa32686a323c4cda69b8a84be5c273; Tue, 28 Jun 2022 01:13:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 29/33] Audit: Add record for multiple object contexts Date: Mon, 27 Jun 2022 17:56:07 -0700 Message-Id: <20220628005611.13106-30-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=MAC_OBJ_CONTEXTS[1421] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=" field in other records in the event will be "obj=?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- include/linux/audit.h | 5 +++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 49 ++++++++++++++++++++++- kernel/auditsc.c | 79 ++++++++++++-------------------------- 4 files changed, 78 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index de661c571401..4f4ef63df52b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -190,6 +190,8 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); +extern void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern int audit_log_subject_context(struct audit_buffer *ab, struct lsmblob *blob); extern int audit_log_task_context(struct audit_buffer *ab); @@ -252,6 +254,9 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ } static inline int audit_log_subject_context(struct audit_buffer *ab, struct lsmblob *blob) { diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 7a5966b46f38..e5fae08982ca 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -144,6 +144,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM objext contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index e66cc96db62f..98a50c150dc4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1107,7 +1107,6 @@ int is_audit_feature_set(int i) return af.features & AUDIT_FEATURE_TO_MASK(i); } - static int audit_get_feature(struct sk_buff *skb) { u32 seq; @@ -2288,6 +2287,54 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) +{ + int i; + int error; + struct lsmcontext context; + + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + } else { + audit_log_format(ab, " obj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); + if (error) + goto error_path; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob->secid[i] == 0) + continue; + error = security_secid_to_secctx(blob, &context, i); + if (error) { + audit_log_format(ab, "%sobj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + if (error != -EINVAL) + audit_panic("error in audit_log_object_context"); + } else { + audit_log_format(ab, "%sobj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + context.context); + security_release_secctx(&context); + } + } + + audit_buffer_aux_end(ab); + } + return; + +error_path: + audit_panic("error in audit_log_object_context"); +} + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 539469bf1aa3..d84400f1ee47 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1114,36 +1114,25 @@ static inline void audit_free_context(struct audit_context *context) kfree(context); } -static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, - unsigned int sessionid, - struct lsmblob *blob, char *comm) +static void audit_log_pid_context(struct audit_context *context, pid_t pid, + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; - int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) - return rc; + return; audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); - - return rc; } static void audit_log_execve_info(struct audit_context *context, @@ -1420,18 +1409,10 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } + audit_log_object_context(ab, &blob); } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1588,19 +1569,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmblob_is_set(&n->lsmblob)) { - struct lsmcontext lsmctx; - - if (security_secid_to_secctx(&n->lsmblob, &lsmctx, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=?"); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->lsmblob)) + audit_log_object_context(ab, &n->lsmblob); /* log the audit_names record type */ switch (n->type) { @@ -1805,21 +1775,20 @@ static void audit_log_exit(void) struct audit_aux_data_pids *axs = (void *)aux; for (i = 0; i < axs->pid_count; i++) - if (audit_log_pid_context(context, axs->target_pid[i], - axs->target_auid[i], - axs->target_uid[i], - axs->target_sessionid[i], - &axs->target_lsm[i], - axs->target_comm[i])) - call_panic = 1; - } - - if (context->target_pid && - audit_log_pid_context(context, context->target_pid, - context->target_auid, context->target_uid, - context->target_sessionid, - &context->target_lsm, context->target_comm)) - call_panic = 1; + audit_log_pid_context(context, axs->target_pid[i], + axs->target_auid[i], + axs->target_uid[i], + axs->target_sessionid[i], + &axs->target_lsm[i], + axs->target_comm[i]); + } + + if (context->target_pid) + audit_log_pid_context(context, context->target_pid, + context->target_auid, context->target_uid, + context->target_sessionid, + &context->target_lsm, + context->target_comm); if (context->pwd.dentry && context->pwd.mnt) { ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); From patchwork Tue Jun 28 00:56:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897494 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A61ECCA480 for ; Tue, 28 Jun 2022 01:15:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241543AbiF1BPg (ORCPT ); Mon, 27 Jun 2022 21:15:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242985AbiF1BP3 (ORCPT ); Mon, 27 Jun 2022 21:15:29 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 686FC22BCA for ; Mon, 27 Jun 2022 18:15:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378927; bh=6WnjASuwRDLCl3bp9LPJxgHa4Fn6SO2x9sYEz6xz6ME=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=KzXGIeAXsc52zxO1wt2+ON3FCmKX653EzOh3NQkbDbvXelU6WgZyLP9S3SrSO92Q31SmHL5lQZBnQuio6JzmjCFU0GR696K28/9Z/fr4F98o39cjI+4Xj5v3cWxhkn/fL6JgWicaHUI/m0nuB0BjD0qov+LSyarR4aAXVCLtyMSQ/pi70mkTejSNGinbOQDdM4VKQ8Ccg5HeVAWoga/jcbyy2f7TVOdykvBbqJHtStfiXWCgw1anJyZxCgSu7hBxd+GhvGPPYqp0yNzJ5ABfaSkWkVjP4aorpa7zxeCpUDwzLhW5OvKhoJLnoW5d+bSN1B/QKKcRN8j+8jSUNfvpWw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378927; bh=Kee1lpu7boXS5ffDKR2+tNCzYCwaWd7jJTYwZGNShRk=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=HntXb+CieUBWx/urEkrDh6epQu9t1wOoSPR2+1+yPKo+qcszvCBa7JnVxDL+WkcbdG+emZR5D8zes1XuDteWHcXaaRH4xfhYT2jkwFz07XVA3ctLC0aH/aiORXdzJTS+MWQbRv7A/FE/7dzRFVyZCbdGieDBiJkFAT+oirvt1lRcHVS7gNcrq946M9OoQ4amQH9aQaSw3HPxWqUNI2e0yXs2sWC72h3398gd8rds/f6BG3fm98q8I4CctAbuCzTlAItzWEohwU3VjjfmSaYObDoCu49GMXqkIDzZ0l9ma2Gs5boYNWHJfeU8FVtlyicaLqUSnH5woPUhsOPo9BI53A== X-YMail-OSG: 34I53hsVM1mRnO8GRdqLigtuy5woFJy5tVw6JMTqGphkuVEQ55mu.KFtTFPaTh5 RKPC5LwJ2gbvphfQAIDVvuakvIaP7..YjtWB3Q9XMA2h0Ox6coKIfKFo0EYSDVKYFYxC.xtLMwUY P9b7DSc8OQLOz6jnhksAaEikR3McBOsOoLLaOX0Tlm8D.uLfdnh854li2L0BiNZpHFmCXkiS91T_ O9dzDfxIJV2M1uOsFq8KH3.VTTDuRgyRy_d.xSkCLhxwcvcfVt9MwwQNNOQtdA3QP6t5kQ.mcQ4M kn2UqE76S4IStY7u_6Mf_5jfRBwqHaqK_54sTq6Gwvcb7ssNKzpxSbGI6CZ2JdkgrkZwBWG.h1H8 nT0v._IkzwW94YoqVvCODxI6NDLKLmMJ8pwhsO4LnYOburhzI2xo3k0QeFqPvegmxwWQTwuZlHFV v6O.xY4qGUKjt73aSyNb1iaynzCfDse1h7ymEELKlLYOcDYCCjSimsx8cPJc8yTYUOk6h1VAlUkn kWLDibz7vqAg_oxtIKhzprLF1q7wJ7y798cDhyytnoRIoBSP8k42lFFkVi4KQRNiZi3MV2yULjjw nOtmBdmgqddLu1RSQ6IEuSy5EZhInYy5OLGgg6vhTcxIOGnW8oaoZXAoHsqkMCCGgGjCDTl7yilp ZeWLlaJdZMmgc_90aaItpSLKoZ1paNUasDSD9IWGLfkST2dU7yLp2rYQzdzkH6qgjLO3HSZ0O0Zw AfQFh_jslnjcc3nhinx8rU1mUantSIEBmPuD48iUM63lYxrWsawk0ZB8vVH3jyw5VO7HHCjR8BFT hUm.aSTrnkg6K8E84BJ_bb6Gfw11n3aF.QK8Gvvi1u.OsYnrFK4S9dRq7WFUdc51dUuDslqAzQgi zWeO9sRjDKcIzqSjcUw4VcXb_s_oEfV5uAbox2AqkrBC.WjDBPKzrHSHDelQm5L5KeWY62.n37Ml y3VKGXt24GOPE65L_rF5oE2m1KWWPw1CXyHpUiiS5cEEJgF6YolI3wUgsitGzJ.NjoQ3paP.rg2Q yV3JTIFfWcWUuSvj0shuxQV7I64xOEKRHNFaoZSqcXHHelKJykq6EKaaAbgxtqjI0V55B4H5zrKc h7B7eaA98q2cfTVlHHc7.LtaYYyvx1ixbOc7kIicfnEei133D.v2nGFp2gQfjap3P0U9Qv7lnFwo ybSluqv.oo0f3cRtxBhyKRJO3f3j622fOF.XGNuqOhY9I5U_oTm2UTC__FTzQ1NxyoIP_05amFNc _WLWPYwXm5MUg.yervr3meGhIGU0BhdqfgBZGqYjv2YcBkmv_Gj46aa7B.0ihiLvYjlSSypbMVih topODSSvKsBS3lvyHTNWLPykKmf3tiktbvSnC_DFtCUNQ2IKBAhWTnWczRa9mNYogKgDiCVuQzkB 4Nfaq13R0MTDFxZSWvp2TC2x7Xds1.g1ioRXWLMDt5rmu_DMXKqjNFWixkqrH6LbjfTnjKuWHzEs KlCQV8g8V5AWn7SQWn4cGC_wx4hc.KzQDjsjkerL.0jzYmL4ddJVw9plcFQvOqdsIrbgonwtnSX0 5ATSbyWMu9GtnzqQ_tBPK4HckDYtN6UmpjfuaAVztjWpuj.xWMJ.m3sETN_v1GWsDVfENqvHJkb6 AAywc9bYUmsFPgkOyflO6dXSqAMV1yA48FfeLlK0pmMXPM0FiKYn17MThfsVXdjJjSWuWBbmvNv1 u9CGEzGSaP0vYCAOWGhPnO57N.slHjG6CU6auiOscmie9t9BrxNLtoFkmVN5GV.rwtslQ2DXE.aH yOoRQyCc7EqP4oY6pytokhctUQwUk8mNHtedEuZDWB_iZOIqRJ5VshSZ.wUgDpkqv4C4U2SZjqlA 3BPUp9elLO2sHh_lCzE2WVKREbuJN_krYMeb5U4GH.BExvslg66omlXN0.MgnqqEBxLKwSTrpin5 bZpPnFax0zdqH71lR57ffDaJvX8gb3hn_Y9.hBCk9UVPsQAQ2L5DNBnxxIWqO6VLEcuSlDExpvDp IJA9my856Czp.HacpX3nnRWip5H5bQ98Dld1iyq3pJp33KX64R9AmxCGf8oMALnsXBa2HYkIjai2 IqMDD15GkLMs5jqIO7eoFUZOy4L2AYwSBKY.8CyB1KN.a5s9BFtFgngMLxJEv4eLBt4g7nB4RWkJ zK_MPhSi5rachc6dUIiMmy382mmYlWnPECRt6yy0BxtZaVO1iIx0e8XlB8.cduJHFC2noDVYTMQh 2LEwgsjhOzJFt5U_MAGXPqv8zVEadbQ5hdYmbRCg9AM.GXYi1SIZs_ZX3VVn6xZEMibys.DSIPLy pQ6J1EAhgvAOuAsXecMZ5SLe9L.0bk7cSq2tj4NYz4hXqg_sH X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:15:27 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6ec536e7148195aee3798b7fdeda5831; Tue, 28 Jun 2022 01:15:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 30/33] netlabel: Use a struct lsmblob in audit data Date: Mon, 27 Jun 2022 17:56:08 -0700 Message-Id: <20220628005611.13106-31-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Remove scaffolding in netlabel audit by keeping subject lsm information in an lsmblob structure instead of a secid. Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- include/net/netlabel.h | 2 +- net/netlabel/netlabel_unlabeled.c | 4 +--- net/netlabel/netlabel_user.c | 4 +--- net/netlabel/netlabel_user.h | 6 +----- security/smack/smackfs.c | 2 +- 5 files changed, 5 insertions(+), 13 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 73fc25b4042b..d9aaa264e29c 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -97,7 +97,7 @@ struct calipso_doi; /* NetLabel audit information */ struct netlbl_audit { - u32 secid; + struct lsmblob lsmblob; kuid_t loginuid; unsigned int sessionid; }; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 8deee7e176a9..9277c6dd79f5 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1529,13 +1529,11 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; - struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&blob); - audit_info.secid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_info.lsmblob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 42812bdfc31a..e72dfe2da77a 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -97,8 +96,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - lsmblob_init(&blob, audit_info->secid); - audit_log_subject_context(audit_buf, &blob); + audit_log_subject_context(audit_buf, &audit_info->lsmblob); return audit_buf; } diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 34bb6572f33b..56a634244a6e 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,11 +32,7 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - struct lsmblob blob; - - security_current_getsecid_subj(&blob); - /* scaffolding until secid is converted */ - audit_info->secid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_info->lsmblob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 314336463111..f74207f6c71e 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -186,7 +186,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = skp->smk_secid; + nap->lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; } /* From patchwork Tue Jun 28 00:56:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897493 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB0CFCCA47B for ; Tue, 28 Jun 2022 01:15:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242991AbiF1BPa (ORCPT ); Mon, 27 Jun 2022 21:15:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241285AbiF1BP1 (ORCPT ); Mon, 27 Jun 2022 21:15:27 -0400 Received: from sonic313-10.consmr.mail.ne1.yahoo.com (sonic313-10.consmr.mail.ne1.yahoo.com [66.163.185.33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0A1422B1F for ; Mon, 27 Jun 2022 18:15:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378926; bh=Hk0WBtK4D3OqOZvCSB9KeYrgeUYKdkB15gwFKpd8t2g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Ve7AZaXKqeCWtxPunpmuFqlVy+L1WAnq4ALGZkALTWt8FrO4sQ+lnnghPC4YUo2JnTmu/xaj9FJJN6MAAGmVKWklChYli3h2Sr9RPMY50lHTkhGGNwIRQdWPj0SHJXuXzDvMiWI9hUWvv2wONhOCdUhrmkxMuvDZb86bpNGvFRtc9PAUBul5BPfv2ihARPgG3dj1rvwc8yVpMIMu6a9fkOh5/k4py7DS4S7TJYly8yPetTPFEXWi+JRZHyIW8aoJvXBYgW9DIpBuG+tAHGmiD9OeIJFmcLHGtS4ETgi7+LGMa+v6+WIy/8m5cdXLOUXDO5T0F5pCA0kKUz/xGhcR2g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378926; bh=RBKna2kxczitdZlkaBiQb+Of1DJWN0RQfMBfHrJ4vEG=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=OL4jLjiHae9lFIzhr2JIrbfmk7X+/fjI9ph4pi8Ta18XhUnPJECJMbpD/mIPMblwl4p6jOJjQfDG6PC3Wb0/uQKE06B7oQ8NnlZRCQ22GL/ST0ycXvaygzq6kbO57Liim7ivdBFZMSQZoAHgzcJ7p8EAtRzPFvCXVIpeaphKZ3yPzyXFcpS367eeXxpe9aUAg4dXF6xcgJSBiSYgLvMMVf4ltBq7KWWYlGaJVwpiX290SqRJiLM070XeWVENWC9/jIG40d/VDcVIetVeW5mHH+gwy0Gfx8Joi8ApJffugxPciNQRF2CGbF37ee+dgarviPdqeCVippyzBGfXvLSa0g== X-YMail-OSG: pSBUOE4VM1kDLbWf.pYtrweVKEBdxTO9vT7wGj5_e2miRYjEyRk.uAzC5lVCP6R KWXmjHQKyt5C.UmWN2XphFjdKZNogYoOZ0VDsD7cbi51K3Fj4UYV0zNBFYI75TKavqUPyWyNV1Sz j25LRr_Z_izP1MqUzXwe9OlwtT9iBkBgfwIdPmz2vyEuDnG76Fjs2zO.d.4GzbCB38OEYUYoX3_v BmeUnefyvAijwvExGIP5iuaKDrKGVhcsladNnkVXR_jzczoh2G2jfX._KiV2.0mojqy9cNWtE95x UKvlpjDazla0Faj4t1wKR7M_m2vYr4mE_4frKmzu5gTFzKRnNH7mIreX6Sahyb0Y2saY76XWThId dzkUcnK7NLyvK4LT9yyxhSU1JXg8bNzljC_KOIwMbGCni95XoNEiXioy4iUW87Spzk5gHlJIHd52 Z5FrBIsvHvH4asFGpXFC_PuzFndX4p6gsFanxjxHcJgYgpEXB7sQrm38IIiUoPFznTyeccVuZG8M ZzeEKn8nXQZHZlPN7_rrGPWLrCtIfJirhnNYj_rwWAAVUcvfDI6Fz9G2NFnCaK4Je5_P6cCse8R1 6Ei4eDVklqkbQfbuVKwS48pQRV4JZQWnyFnRFK4TuZlXv8YxLRJI5xgmMX0wej5kKrZUaJSqZt2n f_W6DqBwcRQcp5e517eyBuDK_Sa9DhGG3o1WAOrOAF1wNE_nYMIdnry8dpeQh1N8BJkDBDWPBVnM CkmY2gN0n7ljlYdKV96ICf145Ok3Vo.WYLLXxNxWBJuHkQ05BW17i3GlurJvGZsZHcf.h4LSn4c0 0UgMBC380NisyTCuzhfMbPga2rOzuOVcOP3cSAo_xxXNPe2Xj8FLXPDDIxhnU559HTnG_O6lU6FB 4qTTOkGqGz53uRnP6f34FJcx_S.DfKwqXi4VKgZVe3AVpn0LVeLb8WlNxxXWfwsh73TpGeEYFHew qGIn.YkzOBbavXnE7bCe2U_Lmcrvec11Z85Y1WI.bRr.IGeoxtVd4QTxiUkvr_0k.3fIrhk6gwu2 gpoUX9_O48mWt4S1HtYKaIytEXQg.sV10QavQ926HAO2gTeTRjtwNUHTyv8Usz6kwlXDgE96c29p jtW2wReTob5Sjh4Yi3o31mjzw05tkkcEorGSLnSJJz1.VTh_x0.SFfN6XdK5t.sAK.mvW06Bfkn6 8QBR.11qCQTw3IK5rxgEB0kZko8ILN.sM5u_0dPZH7RKh8p10yyM8OKq_r3YYZm5_1TubhnakUhX UpjCP78orshaNgF2G13..lLy1AsfUFAdKTQohzHYCw7FOTnUROEhMGTN8CUWeyAoAY.Z_5ac5IA0 ve0ijIn1APZndajEWFbg46GCBkfyixHTU_NAYO2ulzjvvUZEW8UPSS3JYYtdUoRw_Bl4sQwEKLmN f99MJI2CcvHeulZEPoosMNBfG5Y8ybuuEUSK_1NiT7YIWFh5veGMiVZ6NeAqEtxBuGyMI6MeaY5z XNm2kLDs5wpV68dxiO2dLHwlRAwqa1nxRi3XJ5SSmocStJwiSz0ZPOHUeUt1rFZKBtHDn5aLhA5D io4jRXmb_2c0ntRd8O2SnTUSpMJ_.Eyff1x6GQZToStLAnsNjw3D9ZflWqpJMGUC781KEoRvvdqH lOlmUN64K5BcPA24F7LnmpX3QpRy_sBopr39Xx1FOPC8PBQg72QWo_vQdkjG7sBrUA0dGwl2ZF2n FuQHdvcrmtdHACYeFSMymhnkE2EYNEaK4hUhKKI2nyMW9zhZTLCoUA.VRFzLVLetMSdw2T9R4ITH fg90n6bHklOFpU6OcfmYAoqNeSL3LgJYAc5oEl6vmHYlnWnK_dOAg.UQugzBSAinEj9dmcV.hyQN F9.Dez6EFnR3VQXpO9BpLQRAq.1ux3BGFCm6UGYnYSP4u2RQ00WBVvr7aaqHbxP82TgCYajyqm2w EAHdkeQiexN2H5mRvP1NbMvAvnw7xI2GyAHeaVbGyAXKX.zSdj3EpPxjtsBZlMneG9g3vu0i.OdZ Em3_GRyvGzOjy.aj6lZQApi7Z86bm2F5j4vtHzyPDG6ZibFg- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:15:26 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6ec536e7148195aee3798b7fdeda5831; Tue, 28 Jun 2022 01:15:24 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 31/33] LSM: Removed scaffolding function lsmcontext_init Date: Mon, 27 Jun 2022 17:56:09 -0700 Message-Id: <20220628005611.13106-32-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The scaffolding function lsmcontext_init() is no longer used. Remove it. Signed-off-by: Casey Schaufler --- include/linux/security.h | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 890a5f9f043c..a7154cc3ffd1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -149,25 +149,6 @@ struct lsmcontext { int slot; /* Identifies the module */ }; -/** - * lsmcontext_init - initialize an lsmcontext structure. - * @cp: Pointer to the context to initialize - * @context: Initial context, or NULL - * @size: Size of context, or 0 - * @slot: Which LSM provided the context - * - * Fill in the lsmcontext from the provided information. - * This is a scaffolding function that will be removed when - * lsmcontext integration is complete. - */ -static inline void lsmcontext_init(struct lsmcontext *cp, char *context, - u32 size, int slot) -{ - cp->slot = slot; - cp->context = context; - cp->len = size; -} - /* * Data exported by the security modules * From patchwork Tue Jun 28 00:56:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897495 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F26D4C433EF for ; Tue, 28 Jun 2022 01:15:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243029AbiF1BPh (ORCPT ); Mon, 27 Jun 2022 21:15:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243018AbiF1BPb (ORCPT ); Mon, 27 Jun 2022 21:15:31 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 869E222B1F for ; Mon, 27 Jun 2022 18:15:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378930; bh=DTAI/9xviH+bkMNtXgDq3LVf2k6deU8gUjXsDZleOHg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=GogV1PhIpFQ5noZ9NvlEr5i1i7CQZLEOMIhVmpxchWt/e9LKMaacbQ2ob6g/SIvwhyE4eLZ6yKhq+T5nKfRCRhOlDG4nM91wYi9D6peT+yAHEOH/QEWQJUaFtXcp2nI/QpIrddMvaDv1I+IYI7SfUS+5ch38/E5X64IWauve/fWN13otX2TTLMi8XateJz9IAnH1p62BshH4hSRklURavYbNy/gP/jTa75OU+d8JMl23GaZKTpDBkLfS27TCIKIeqp5JeYj5mXaRvvlaEwWIVldCNmyoNPoabX6J2Ahe1J0f6ocWAwQVuPlTA6AIEP/j/0Q4s9L4bYzDLgXgwxVOjA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378930; bh=3Iw43IJpRr+QAVpYo1fukPLwO9UouEPl9SsAweeI52r=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=V01wPgPEidZ9gAE4AAhE/bC86P2uBIA6AdWtM3NVQd9I8+7DtfWrFvvm84mLP6L1stAhZjUjsT9HrnuWa9wzCS/ezszmf8quO5X2mcEirn/+a5GqAA22lJmhkOXU8RLE2QpgKruQc2t13/1aOHfxB4KdixAM4hH2a7Tgy1VINSj0QeNlVMY10WQawdj6xUrHEq4P0JYxTqd8uRyhMDk0xq6BadKnUiMq+EXCoHjaMfiRml7gF4E4IjgZOFNBIfZea/Y8V8GIPj1dHooZ9x//XVeEK0EXhPb7Bkhj04dAfrJOkQZ/uYmRBnMouIPPyU5hrjHkBW65aSOku+t+gzSjYg== X-YMail-OSG: ebgZvQsVM1nlQoXj1J09M6YT2RWLcEVyGTfVdxIhouVZBTSPt0Ds8wdMQ96_maz MOzuI8tmHcoioMQ8rD7erKLkXh66dqa39xwxqiuxDCfMkZ5kSzogWrSb818alklnaPJ4Xl0n42xA x1Rd5Kk2CwLWtKkYgrNJA89hkYZGjXjYMXd0.hS1pKSu8sl9dn97XF84Tzai0dIDKN_CCwrH6yhJ Ai4jyoR.dJnIng6lVe00SRhqZKeBcARdcFjcdMHBXVm9ZdrSISqJL_Tl5nKOq25bJT.GjOS7ll_b VPMWP9cHVhoUjgNeJ361ntTBnJxdiIE5Q_7jVxTIQ2hCmjzLdsNwM8PxXr1avUIh6A1lHoTTxVwB 6h6IFHEa3W0vqHiXP_Q_YXhYR0wxppOSiuninSaTJp_0N1QccqkBK5Le3pof2tj4keoy7oL6Y8eF 8pnh4gpLzstvkfleqxO2IXSwnZR.2FmWBHy5tkmCFejqNAPmFgOToS8_6JiVbcS7XjEHiUs9vrm4 FSNfiB0aNIp5LCXh7zB4k8hZN9R6x2RQV8RHhVFgB9BjwU_wmdHYM3WW8Hh9rETPz0UaFTfBpIC5 7b7PFbgdvcVVZ4_HsdFQ4fBeyl8ZclEo2Qmd5TRAdP3vC7_.yo8wjc9rs4DqFWi6fXVyvDuEwu7Q Dq9RMWrSoeVuELgQ31zfpY7y2ZhxQKD.7JpDRA0DmVRjOU_IHt3jmdb.JaoGZF4B2o0RInM7eMXv PnUk0kSFlANzfiD1eIBpA4UYTPD_Q8tb9TDELi1Sd._oSR0RYnBBnNqLCU6_7lHDULScW9j68vnp YbaPDJ7DsxWMznXxx6hMp99u5PkeEUoK.18uw5NYtcXBZ2u3mWTOwUW4Zy_.nEKtCLw0_wRhBaoI PC0RCzRyhmoR5wMUR13YyqZxw74GlnlAKWfe6w7qFvbFnauUzXVBed8rvs3GjL_ATKfE.hcifcCP 4.qsquDOkVu6dh6dL5VEKQj74fRIVUIFxFB5X.EHMPPZUi5ziO.wH0qvnmHSMwZBtBES5D_cml94 phZLeEHvvYixicDTQKuQes5.XwnchcCrFEZPpTCJnnyEyEAfBIDWmEykmR6ZF40YBV7zzgzkHhl0 67_frmTn8j5SsedHSpi_ETdzkBt_JZ8d4S35J6cNsMsAaI1evxLsg.lSIysGJdpV4Kr90sCmA0kj dzb29DIvt22xfrNGs4OjaovH4W1cTqyNR9NdJAdd3LpcqqgD.deku6v_FVbGMW0ebfFLgOIsUrRx 5OK6flmd0gaI0jZPOaoW4Cm8WCQL_CEmi_CLHh2nmZMaLS9aBmkPuvDxfl7lqsbqv1dnOdjScvyO zV4ZVVUQEYZcnR461dyb.s8iZdR4X.WAVhTxHzRZQgjYIyLzto0c7Q4vgsh.vMcL0B9RamxGYnL9 .itvdHaVccGHFiusYld9WLlpt.gIE7NdvA0oKxKdzTfYg2XKx.M3HIGBqTcyc.5wdPYSroR4zIpG l2nPkIhw8Tt7.qZPuwzbfpALjGvjjtS7w3QNySOnfT9fV.YS.2RC8KLsCPpwTw..FVNfn1r6ZtVE 3s2ZP_EFb21rVh1C4xgGviVLc1TrdZ_TDHKlIz22pgTzlJVi0WOWU2Rxj6tFu.84O3cDH1.wnqPi QosPXaqrvMZpWoMcGotQnAPHmNxb6ZzyDyi.lI1qTvLvttwQgCxu3vzjiloF2uFmdL5__X0Bj.sz nVNvLODqQplG87JG2Z7C1OBSGLhjoMf3HnZZwI3ShrrN1QM4093ZJvv28a8mQy84E_W1S6ucsD6i FTtlP64Cd4RyCMPrfMVC72j64F0iMIF1shiYb60rRm.G1y0CMzFqnbiJNCDhm3OR2BijskUf_lZg 1MNyGTT3VwvGkco179CmCKsXYGZSRfsY5g1JUyaH_Tz5qW983FIA5of_hl2vxVYOVw7J9YLUBU6w zaHL3JHIsI63Dnb837Qac4OAxNJ1IeTC790HG467rhwhdxbpggQEYNVAoPklmhVQEqADjAjE09z9 yu7tqUpoviingaO3P9ZX9w2pJAXXvlAX90MWJbDXpAugOtHd9srU2tL13AXjWhFffN5eJNH7tdKc anm0l4uvJPjjB1.L_i6zw_QO4G6XlKrsqKn4WUDg4SUho9p96oVLInGm8GSjHCUu4AuQwIiVJPNh vIguVNdyrY_CKGkZjZIpGzenUudDvLRkzqeCHjUsTr.DC6zea3nzBf5FTZK_ykMS.ytX0KdX6Go2 SlUedWTfZ9UAeppfbfegvoG58LnoNPYGrneGA_0SVj4fi8PX21knXNXDvrhN3gc0XDtG4K17_wGX KhhrSLvyvvrECZ7dNlSwGF74Wsm838NL9WqUo12GsJiqmaa0- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:15:30 +0000 Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6ec536e7148195aee3798b7fdeda5831; Tue, 28 Jun 2022 01:15:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v37 32/33] LSM: Add /proc attr entry for full LSM context Date: Mon, 27 Jun 2022 17:56:10 -0700 Message-Id: <20220628005611.13106-33-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Acked-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- Documentation/security/lsm.rst | 14 +++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 +++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 ++- security/apparmor/procattr.c | 22 ++++---- security/security.c | 79 ++++++++++++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 9 files changed, 121 insertions(+), 15 deletions(-) diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index 085ef5f4109f..d7f98395fe05 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2828,6 +2828,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 0496a8d77ca5..dffb3e7dce7c 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1402,6 +1402,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7f06f43d3bb0..1fdb885facbb 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -622,6 +622,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -629,11 +630,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index fde332e0ea7d..172550f67fc0 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Requires: profile != NULL * @@ -28,20 +29,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -50,19 +52,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index a9a56be58e73..b6b83a07405f 100644 --- a/security/security.c +++ b/security/security.c @@ -808,6 +808,57 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2226,6 +2277,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2253,6 +2308,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aaf602d7daaf..12b33d324cb3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6343,7 +6343,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2190c03ae3d0..9e442c4495bf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3485,7 +3485,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Tue Jun 28 00:56:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897496 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BE16C433EF for ; Tue, 28 Jun 2022 01:17:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242984AbiF1BRI (ORCPT ); Mon, 27 Jun 2022 21:17:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236328AbiF1BRH (ORCPT ); Mon, 27 Jun 2022 21:17:07 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2696322BCF for ; Mon, 27 Jun 2022 18:17:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656379025; bh=ZdG4xpFqsU+bajALxcF2VlnWGR52G82iCMkdVTc2osE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=aQqENFqDKiIjusmJdO1dPjKaNLnGBnUwe49kFxwaFK6ffWAElWmFS9Ltb8glOEyerFNMmWqxQT8RLwQioV4XVddc0YYisckcKkSZFpTabpgPPt5iXvTj/hIbe7f5CKHUudTK+mZysfHZAn1Hh/ZZPUjPAs5YKwgVnVhrxsKOmokjz6KHxT/so7j9v5xI2PYDR/u4BhEfg3SOe4yWVQsngBAnq/LT+VHm4oz579DrE+C8ryLBZULybnpwQPfhesoTyVOAaa2d01r2gmP9wXb0Hc0kMc8f8bMX9LVe5p3uE7CYGrVIeZvjxkvssKMrynfeT0NF1JA/FWzt8JnhlIzNZQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656379025; bh=BnocZkrCMlnPpcI7bRWVONAkAFgvhD00MmVMzPoMYx2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UCo8YMjCI1hzPwCZdrJMCos57//QRTY9pBOfovM9eq13EDMDOT3fK+YjkmvOWaiBprgwQVLfeatf7mg9tgmHC8Z406r1Ow8va9q1LAjUxeMh7JNwoN/ZYRS+6AdMjIyLgirRNvuQk4FtHwrGqbkIz0D9fLi0aedg6v4LcbEaWGExE8ocrZoAqt6yqCLY59hTzcEvBmLqMkWL3S8ocww2ejfJdkoO/+MMPswajXZsFLJetbOn5MscIHTdVvtlGEyMtlnpB3NKSYoOewF5Or+0c8ks5ALQ0wqzENj3ihK5CkN0DuV5ONU3mj4loyeEsbuAVWFjdUg/vrWmz0riKHUB0g== X-YMail-OSG: 6j1tcUcVM1mY2pNz0kc_UTsA6EKFHKdzu_9v.DMblyd0JwQA4uua4O37jDB_3yy ATeycsio_CKScXnjbPqwxNIQ3__ihPR74kRXInix43UqGeNZO2gC0H7sI530PkdCpYBCvdM5yuIK f4fdCnOyZMyHqLV7RKm2w9mYY7CRN06uTomOnP38BrpqJr4T16g0eGrHdU2yWAeQm47vEI6tvuDm tmsjW9zLYPNvtcFSP2RXu4zdaJ3YyE8kJaO6gGE2QbnJ1_gWOB_h39PWUum_7GrlxMZk37eYCfz9 UEeeidfvGSDJneVDTA7Z4v98e9qZyM1z6qceJ0YOYcpxw4XMKnJY.KGq_jCFwEACR17FPA_4IeFE EUeC4F13p5HscqkpsA0jImYJSu_ELaPEFuvOMWP0h68eIHjWN1SSL1dDo4DIssIoblVmOT2A4VMx dCsUIjBgyUBQcspekNYJjleJM90xXfmt5qWUWEDsEyZ40whVka9bk8L2WjA7Vo.iJjZExosssV96 ESnP_NsxxB4FVziVhWtS4w5Q8DqLmslmXHfV9O8wA4c1DcybhZhg26aK57c0rvPnkOf4pJ3pJ29S C8XBiO2C_YZxJ5k.IvPUEMmVibsNNB9KlSwleER2zjQbtnAgfBvGFXckvqQYYfFk2pLIRkyjYl23 MbOZvigxoWfoX.OsRz24EEr3gnvElahfvWKMgVvk1bfIQVndOgJrFQJDduToYyPqyC7nzXWHxPHD czXsmAWMNAI7CAlFcZEzsBgLh6c7xcQe.MTCkAWryzHW5OZrSzATA3x9Dq.CH0nI_0TXy8zWCvv6 GpC8KEkz2BajPVcIc.rGvOqXp5f0KJBL4ppw9MIL0wSX._CUq2nG0DhSzeakbOzMf2VQwp8Mo.oD sDZ6mjNPzLnq7b_0NuUDynVOeFugRkcvrIp4n0yuEtRklIw7tGddRu8A8hVJJMPlV6Z2GHrh8UnK rTV6lioHGMpG0CL7cFWAtu8akMiDJ4BjYiREW0jMHMisQGGVw6.MpWHy3A2JrLpT0.jOOi2kZG3S O6kBleAfb13cTuUT66N.Z_5DIhKhWpEp.jlBe6m6xvtp62gzULlldwax_kSFMvCnpFiyF3W11JCs h.FC.rDaiT58olhbuwc00hUJ6rusKLyCU0b2P5dTRnRREUzvt.vr..jMApU.Mp9suDVYMjDnR3oi 52GKHddLGQQsxI8tDwVFR_TTE5iwaBdk8W0T_baeRVzSWsca1eclrpXNfY_Fydjnu5H.ALE1_MnD Caz74gAdJBGOR6QDz65G9gCRWQulpC0F_x9H0tjnPTKbyOaWUtgMnvG.Ww1umbnZDrQia1TCwe45 VDPbmt5kePhEPu7MYlCgIpeqKMnl3JxAwUOM1lwpzygZbOqRBNPy0LEycGYS7mbOAPmTh8N3QSpQ 8tqY9GvpLNCT7PRvRGhAPiYhYHaGH6ISohRsjd1mpS9zzYWtyvVEOjnoZhox482m3dZzpb3pvO1V mOdKlELV6GIvBC_ryxbooMMFGueLdIsJiOivAr71hjQE8Qdj73FCqoUsnSU45XbbZwCvYhVKtg4Y rCHNx56ahlxJWQc9C1gZYfr0XNAFHa9FBeWD6RYljhXlnV7Ycp9oxHW4zLVjC2udolfbOGy5wXen 5TcyLzy4VDN7vw8YwwOmkELvHNncgU0O3y9OZs.9syGQRW050us7wSwKLzygc3Fz.M8aUv7MJ6y0 5r1KUkR8kKVsM64KigKPwLeK7nNoMayg4svzeovGzf0Mi3EfsrOwADWBAgDyRzOk39HCBELFp9mK q8fMZsu_xQBL.5DAnuXEvpVzyh18h.1.jMsh27.J8UX7i3Rlp3luG60KuphuhoTOsA34kWzKWrIC SJFD0tYYBkKlXiDri9KGsgYqjkKdBxdHHM7vzKN9riRU85qRF2df.zWv59xDlvl6Tp8uXQ3jS._D 6ZHlwjML6K16hglU7S.ZZtSU4FduUMdtmEQG72bwJePibT9DWq0jgnGd0mzhbsGGDEc9FT8ETu.U 2tOidP.nkyQaCtjgQXwpi.q3.RRmjLlvcJTscWSv2ZqGHzaSnTB4JJp6UPVLTAUgewHawWiXzW89 Z0Wfa1FAid.P3zOKpLqk3PjLJTTZawCf0iUBC1iHFCxFZ2gCCsfnPflohCvBlULRNO9.5zTPA6a7 xwlYPaB4r4cCmUDubRJ9X0HEH3HjBirzJmTzVjOeHVFMFoiFYrHC.MRUs8hr822jjqVYQfc7B9G0 3BkEY1drcIIP03opXGTAKJTHZiF_0zMjx.vJdrQ0rNsaG2GuCqkWVp85xwuM- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:17:05 +0000 Received: by hermes--production-bf1-7f5f59bd5b-9k855 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9cbde2a328acbc97554c754593bf0b6d; Tue, 28 Jun 2022 01:17:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v37 33/33] AppArmor: Remove the exclusive flag Date: Mon, 27 Jun 2022 17:56:11 -0700 Message-Id: <20220628005611.13106-34-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1fdb885facbb..1d742d864e0b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1165,22 +1165,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1284,8 +1268,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1939,7 +1921,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,