From patchwork Fri Dec 15 22:16:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495121 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic306-28.consmr.mail.ne1.yahoo.com (sonic306-28.consmr.mail.ne1.yahoo.com [66.163.189.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4B1A18EA9 for ; Fri, 15 Dec 2023 22:23:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="DKhPVw4U" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702678985; bh=3K2HpHNKhJjYC/jlHqs8c4QospmLiwGAijJoid6Lhnc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DKhPVw4UDyUBJVlvdOCbp4QubI/rR98eR1dqQde7ANvmLh1KkmxNjMqzTAhO1tw/ZFV64fXnB9vCHMd2NPL94Dll8OdPOgOsZ5+wZ4nGzhNQ71Oo2xXoD1aBkkn1O/eOHigxp+IeiC6UW3FWKNu5hjWC7dNieXy7cs1ZjrA1vi3lisfv4zEjEjFEu+v319rn+pv595OEedznkehTNmi4QA5AoPnOyzPRdWrEWPZS2Z0oIguG/F1qmglG3HEBVe+AKTCvKvG2OgKBeI7pJlfXxEIfpQMRozLJr+as4jxHzsjYPR0xs6cPf2/QZ2nJiM/hk8mdggwl29j59Mf6YPhdkg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702678985; bh=MZlb38rYf8W/vHI2h+PHatLwwFEtf+RcJsUCjZNVPSg=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UGEnKkw9Wxb1IltArVG+6nPj8eZ3iJn1NlS1mayB9y8lLNKwE/sw+HkhHHTfyAT4OBsZb8s9AGw7oSH7dM2sxP4XzHINCzVK5ERj9ySS+XQBPlhxfIQcLIEkXzXx27dWlSTW9dMJfED0JvpWMvC/y5ZPvGdOSFgS5vThWOEEdWM4vlw71/Fb7H+5yA/MY34JARWPz79BSzBkQRgA/i7ol2Oq4xRmAN/TJT1jbMkbBKpGHF1cUXHlAZNn8P5ZbW0e0roNljIgFwTXnDIwYKL779Vd0Ll2DDFumqTIU/Y6/iiHQt2L6Kf+zq2X5bjjIGhbRTg4jXvBSxLeItCgJ2rxyg== X-YMail-OSG: MqD1QvEVM1mzRvOFxVeJteBxh.3_0ejux3rZfLw1NuBTZFSCG0SXigzMUQJMboc OUVHg1hLd59R97LEs.5KR.eUsCKGFr0BYlMTEl8Acj5mfP4JoNrLgjbC34XZ0q1mNT1oLSC7RJ9V dnAqdS8hYP5t6OMYvQFJ7EOJ9oL29wwC3K4vKfOzL5oIZ.WyHtfzPpORDBI9QM3um47BynpPgaPs T_rlkZ3QqGx9ngV1VuYzVQ3Ay2lRvySSOXF3dtwk6z1UQH_nLffChyoHzRqJo54y7oe9eU74bRnz LJ25Jsu1W_X1pTyOF90D_3t9MfsvyJmQT75IKgrvLhACJXIHt6XYltNdprXtT.GPPFt99XOtsa6N iHqFXeKXNaBpZTebUb6Dyae8QFyIjxc0CHq2dl1EcTfhTGmhnP3EyW1qAxSJXaTIRszsIPkKyjda 51kpT34xH43GHRQ9cAtvvTKK4g83DFNf3YanvKs42ZxgLUCi9qFgmqvYsAsv_HHD17qVvurV3n4o Hwmovc4Ngbu3N_LdHB_Ls8KWCc8qMDODDMxdGdOSqR3gQj7hMl1yU3UbXUJ5zi_tTssOv8jdjLdi LnGUOyEBGpx5ye3cUTvlShTrwkBkHiWlDtyIb9D5EzbwnvjGA99.FRNaYn_mK1PsgSr5s1EAD1r3 tNwzMjtjLLyOW1qXtELIb8VrpAv_5_RXdw761kvuliPR.hjbEalLKFAxStLaAZLNeMbmjOhuXjE_ PJNitrxarnaIgXrvBFsGAeEucedvHtxEKCvmk_whTtCeW4Dk2uJG80xLEvaAdGD8Q.mAPPTlZmhf 7G29OMa9HHoFqrgtqKD5MJhqUuNSViwhJ3YroD05iuf9nJxkhLJW5zqBrKLlvUEENzRRkJq9z.kG KRLGFrtzl1.tVXaHHkNLhG8.nMoADpuSD0ymoo_6_Mt7Bt.6rLMvhr0NKmZOMMRRGPq2Jxv1hMal kgELtulFLV3ACpFUL5JDNuYtlEBJsIY7jgR8I9R3xV60uy4F88mgnz2ILSfEWr1V1IgX7Fgu3Quk RApobblUPf1YjF.g8cwbuqxR22b.8sHtFhLj9Nvv_qwN_jd9FJ3ZmJVvoVCvcJMcRHwVTV_dqYAp 3DqIj3SHphJjsHRvCPN2IzfUE26DOzLvdbzkQZ7WJhdGhC1DEZpK06mzB4NiE2CxcWG1t.kDpgME 0cue3FJYDeM8Q6Hj1QGCNAzRV2.e8_yEVWFF_OyTtNkO0_m7MDY_wjCzCub3ZeVwXZ4nBT.fWjlO UCiYJPPsbfmqehehvLLekQt3Pd9W4hKBnBuFSAQcvTauJGmeC9CbJJXYUq1SdNfzQWaQgwuhb4E5 k9j4v_TrMMt4E7IkOYUhmumtEy87IWPMoXoirfr00zX55RsiytnIomHo2QHYx6mLBhsYYUaru_HK 3eZA6A_01w.8_7LiGB9ca.87rgF0spMslLBcB4XBLzFPI2mEPp2y6Q8.cuAgFUiJ.UppriKpiBuO vxhIIUNqSMHO8R866MfhqgZDzHzLQhP_RuzfhbNXsh500RuFyUdgAAgINRnvA7wMV0GEnI30QjIn _MTsRKVjLMiwX1xyuExwjtTHWS4wp_w1ASnTu0xt6etpuv.bolC5yF9TH9Yn9_o_bcbak4.h_b2z N109owM.GaAo1APZ5xySnl.v_0cWCAgPl3F4BPYkC1WnFZ.gYknQ6F1NBRlfLk1X5CyKq7J8G0C5 XONELvaHVWOOKUe2Ef5E8Lt6ZB2KdX858PYpdyzSUvS6RmsVG6polN_09YQlfSgrihrIV2N8gLzj qtQmsNtuN5i70.jsi9uRDqivxmATWbIVn6wAsnyiRLrh2dzJ9kZJWeO.Y0Tr5kudaDM8tdaaqROq vpyDzP9GY93K9ernnYW7jtqVfEv58V1CBYXo4U3ByyzvsM.dbYKQKFKxoXtVcY6SNTlf5muMuMgM EsU7STc.R7yObS820_O8FQBvZAlHi4bB3PpO2SfOFR3kn5PIaZn0yz1AlcCNeSe0ZzJtoDxOTInW 3Z_i3NNOUkw78ilppG7QujhJL1MD8jeuaTq1zVWAefOrhe88C3n64FUVzsKqlpKV7rkRNLfSxJLj ochBEVe8BRXat.9uSD7BnVETt3mPh3or8nt07zFIVAyDs.yaTspJX_3kgBnBSOqxe.D7RMMiF3S5 DICrfg6Hnhzm8PWdNfGPq1T9F.hHasoeDqVqIIVFfWQR0w0c1ify7LHdBvt9HN_JtlZGRfPXwf1D fZ4szefntB0PgfrdjBcjCGQR6.yXuZp7w98Hibjug2gMeivCnDlL13LEGwszQinxpJpO_DmqD3Np ANpmaJqSYJJs1YwqjqXZS7KfC X-Sonic-MF: X-Sonic-ID: fa0799ff-e34b-4ec5-bfc7-8fc06b8687f9 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:23:05 +0000 Received: by hermes--production-gq1-6949d6d8f9-q7525 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7388d6c7a490bc7dfaae35982f4a3b58; Fri, 15 Dec 2023 22:23:03 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, linux-audit@redhat.com, audit@vger.kernel.org Subject: [PATCH v39 08/42] LSM: Use lsmblob in security_ipc_getsecid Date: Fri, 15 Dec 2023 14:16:02 -0800 Message-ID: <20231215221636.105680-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. Change the name to security_ipc_getlsmblob() to reflect the change. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: audit@vger.kernel.org --- include/linux/lsm_hook_defs.h | 4 ++-- include/linux/security.h | 18 +++++++++++++++--- kernel/auditsc.c | 3 +-- security/security.c | 14 +++++++------- security/selinux/hooks.c | 9 ++++++--- security/smack/smack_lsm.c | 17 ++++++++++------- 6 files changed, 41 insertions(+), 24 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 52d090d1957c..d69332031270 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -234,8 +234,8 @@ LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p, struct inode *inode) LSM_HOOK(int, 0, userns_create, const struct cred *cred) LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag) -LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp, - u32 *secid) +LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmblob, struct kern_ipc_perm *ipcp, + struct lsmblob *blob) LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg) LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg) LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm) diff --git a/include/linux/security.h b/include/linux/security.h index 029cf071148b..2ca118960234 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -289,6 +289,17 @@ static inline bool lsmblob_is_set(struct lsmblob *blob) return !!memcmp(blob, &empty, sizeof(*blob)); } +/** + * lsmblob_init - initialize a lsmblob structure + * @blob: Pointer to the data to initialize + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob) +{ + memset(blob, 0, sizeof(*blob)); +} + #ifdef CONFIG_SECURITY int call_blocking_lsm_notifier(enum lsm_event event, void *data); @@ -487,7 +498,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_create_user_ns(const struct cred *cred); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1299,9 +1310,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 52b4697d938c..89d490db0494 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2638,8 +2638,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - /* stacking scaffolding */ - security_ipc_getsecid(ipcp, &context->ipc.oblob.scaffold.secid); + security_ipc_getlsmblob(ipcp, &context->ipc.oblob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index 4b78bface040..b82245d55f66 100644 --- a/security/security.c +++ b/security/security.c @@ -3595,17 +3595,17 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) } /** - * security_ipc_getsecid() - Get the sysv ipc object's secid + * security_ipc_getlsmblob() - Get the sysv ipc object LSM data * @ipcp: ipc permission structure - * @secid: secid pointer + * @blob: pointer to lsm information * - * Get the secid associated with the ipc object. In case of failure, @secid - * will be set to zero. + * Get the lsm information associated with the ipc object. */ -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) + +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + lsmblob_init(blob); + call_void_hook(ipc_getlsmblob, ipcp, blob); } /** diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 83ce496e8ef6..f15991ef6ca8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6266,10 +6266,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return ipc_has_perm(ipcp, av); } -static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static void selinux_ipc_getlsmblob(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { struct ipc_security_struct *isec = selinux_ipc(ipcp); - *secid = isec->sid; + blob->selinux.secid = isec->sid; + /* stacking scaffolding */ + blob->scaffold.secid = isec->sid; } static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) @@ -7165,7 +7168,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(userns_create, selinux_userns_create), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), - LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), + LSM_HOOK_INIT(ipc_getlsmblob, selinux_ipc_getlsmblob), LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a4ace6ea2ab0..b00f4f44f9c5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3396,16 +3396,19 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) } /** - * smack_ipc_getsecid - Extract smack security id + * smack_ipc_getlsmblob - Extract smack security data * @ipp: the object permissions - * @secid: where result will be saved + * @blob: where result will be saved */ -static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) +static void smack_ipc_getlsmblob(struct kern_ipc_perm *ipp, + struct lsmblob *blob) { - struct smack_known **blob = smack_ipc(ipp); - struct smack_known *iskp = *blob; + struct smack_known **iskpp = smack_ipc(ipp); + struct smack_known *iskp = *iskpp; - *secid = iskp->smk_secid; + blob->smack.skp = iskp; + /* stacking scaffolding */ + blob->scaffold.secid = iskp->smk_secid; } /** @@ -5109,7 +5112,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), - LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), + LSM_HOOK_INIT(ipc_getlsmblob, smack_ipc_getlsmblob), LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), From patchwork Fri Dec 15 22:16:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495122 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic306-28.consmr.mail.ne1.yahoo.com (sonic306-28.consmr.mail.ne1.yahoo.com [66.163.189.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9508313B13F for ; Fri, 15 Dec 2023 22:24:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="XgA2Ul+H" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679085; bh=gM+LsHgIihuJigplOYZBWLpN1B0KNpUXeKsws5Epi88=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XgA2Ul+HkuBJmXYTuZHKX1hJeapIjvKzGgy1If/1zQPoA09oh0IUw7tlw8uGEafQstODmnb2UiJE8++jD78zu/7+w7c1nme8zDx9WdjK5KxSBKd81Pat70qhWDtIjtxDG7NHcAsa64CFjl+FcFefmHbPD9FIU/oFPEXutX7Tq3c9mYe3X0R1vDw6AeKEOpB2Eg7RqhyJChH/wtaq8wVyhu/ezXeYPxzk0rE7E4sLcPUHLAjmk8quJ5hKwj0ojOVcI1tt4m5t2Z2iNbk7TaxZroigqFv/2MpYTCHy4C5+2S0AUz0YLB9dRCI29A7h0SwjFPumA0Grq6m1QnMfHXjlHA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679085; bh=sJisvyEaiEIDTvHJoCBm959AQyUp2ajfAaIoeslpkEv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=RJdVqm7YtTgRmgYS5OaT3Bryze+oouKK2KdpPldhLKp9cbDdVEDK8bztfNk+MezcYi31bZU409oSrJNmZMuYxugJnW5OGPnO3ASrZzmc6S0CAKU26BadtZ+Ik9Gz01+tZGVfyEkkggmzfXgGjqfkqg+k1JCl7IhOsMREGTU7p7I61Y/vkRqygy5HWKWoYe+RDU7sGDIrJaNE97XR/i+orWnL/R4RoX3dCwj1kIwIw1SYN4CZjDLzVoq0XJw4bz3FlKjPUe1iHHGPdXDBBpAf8xu2UWenE7RVGSN/4+u7GMM4sVVOb7nwXy0ytGFQz3V52vKZRz0WjWxDTvwbpirgtA== X-YMail-OSG: j48yVbgVM1lH6smcB8G24yK2ZUW8_4Tx.H1cT_wnooEsxERehzA1g23E6RTyf2O MDwKYLO2CUnNmWrSxmsuzTkHtI3Mxsc.t01dcVNxm.FWE4c353ZaB1JiW0I3._3u6oaHyCRBM_KN UT6_uQAiEeXS3RDJIaFexpxaNITUfrPq2LhrKWJoB4kUDV.oyMkZrhI_w4tdWwpWuY3zVPKiGNFT mHmwysM_gvg05lTAzAmMMOwpQI6VjC8LQBS.6JzBx25GurMamU6wOST28Ma7U4.zU2fBF9ZLYhm_ Wbb84U_Gv9FXwd.f_cPlUuIl4X7CC.KJaRBm1RIj8DlYdk4EcsKS.lMxBPkudmsnvj7tLe10_JRh j3jh11y_MEDK4U2FpQJ2fltsSLOUpCVq80yza2RnRA5fD04UkztusJXKnBC7vW9fl90bBTFEybz4 FUxbuMDQQ_g43vKDIg2iv8h9pRBDB1tKejzCmSn.oLkk6nx7puZpdT11AvAyeqcZK9fYk49QFxdJ tViNue4SHIF7GKIOUvtlCWCrQBDprfvFMiqF07YFpkRvhs6J0J0CQsjUepojTDDBGb5RxiyBH2rh kQgaijESZmr3kAFbuXRzA.h9VijSzf7M2S4Zzu9ytoHlJoSjLI38yyxhcOKaaNWYVRHtovjJQyFy hzbRusjA3zUl5Xk_FbUuHKhok.IReyv8vHM7vEjWwI82I88NNpfTczMbENmH9qGcHjUMynh17kbY NTNF9GzDdGU2hP.pijNn3aBifQlUiepdjsWzjf7tO58Wf8iCLnRen3oNQ_oS17JgkEe065IWTs.0 OJX9BcswXqh8FAd_x5cGKVxsnuHgUntG5Y6qhB7C13l.FrwscKb4CFveymrC2uI3BjHaTbykLIV1 Eneb2lRBqid_gW7FZaoObm6I6bx8KV.PaKqR6.qTxjbiF6iYfHZOLbchBnfaFuW0xittxSwBLciq 9utwt6abGB46dM94i7Jwj70lrfs7iDxP2ftg9WlG40pdtURtzq4l8FqnjWzeETPkUVdDs.Up5A0e fL_ahGvMeimta9j8hrzf1JUhCbcwa59gL7YWsN.e0VQ2o.fxls_zH4grab6nLJtnSJXPZieCZrqC MGtBfa0wiF5DA0SLLO2K5iXCSKzbOZJg6P8LKKMtCozJD3SA.qIrDMuprXEmggNYuorrrV.4nld8 qvhKamGz_Sd0oipW8iX8rvkBAT3yrmQqEsXu2YziOJvOLnBRnelfqrHqurFiqp3VW3bfQ1S8F8nl ZfElLDytX20xedow_VxV7WfCIJkWK3e8iALigBHZWqTnooS3zMo8xXVTKKzMaFrCKpFdTfYoB0qA E4kZn1KohYWFKzD9l.eQBAEIaGTfDCc_q.2wXf.1w9FjteF7rPsSjn40NpK5MkRyhYH4fEgrrAnZ E5_0Vc_unRUgwQj5RZDoLVaFn9.FkwVpI1TWENKg_sazL_uowz5wACkC1U2L2szbieGdHKs3cISk GRw1GiYeFLQzMi8sTJTx7KZEgxTk3OcNouGZwftvlmef_ZONSPC6kXTi3NkjlUnoteNBiKU9FnJJ qq_ZGIDTGZFw6L4LUgTk6qWc1tHbdRlonyhr90P3DoXGibsJ8VL78mnlHRw5hn9BV9_VV.xFbyZ. aFkrn4ywD1RglF5QODebrwsUFt3Tmf1IGF13KBLSGAay42aHLoNHtfJGSwznD1QFldDqXI3.kCgC 0dU0aVG6R62E4z2_1UZpX7AuC5.T5hVGqKhmlzR.QGmrl0gtWgSl4DJ6k0vi6lYFKQzWv34QRzWC Kn6uHA4kAGKF55MqG1m5H9h..vRaT7dxIhZDLj9ATyU4wtWDlnrossSjMICt7rvqsAgH2zvV472y c0ODctFnljLdbviqpo28vHUB0x0BX5bA9iMvH.e39ZRLhxR54uYS2Ks7pEKXjhCqz4Ytzo5YKIBz fh3IqH_o1FpVw8Mhm8.9J44xEKN6J.MyZXOySMsrPXu_lKQVizf4QIAt1yJnjIo3.SUIdi3tDU60 6EfVFLoBCDdHT075LeSBfL9tp_ZTZJDTLo0VzGGTsEH9HyTAKQOdpSwjI3CyowFr55HEIgzabwPQ ZRZB10YG_Ex_CB3L_D2eExZ0o4IM90kxR71f7c9x5Mc0U_eIW2pN9UrcBKyBchMd1Zsv.wq8HmFX 0cGYrsZYG7hV5O7XjDsY.GsFpBreidrfYmqnvjFHpNLo95q8hH2hO1nTNOqE7MjODUPMtJbyPal. AQYraiuH8uSlHH1ZHh1y1MS8HQZw9MaVpJT.1tj4fquaZyCZ5mCD8Jk.z75mSFhbrZr6ZUGwAA3d kNhaH_yAdZGl8f8cykucwMO9dre9zpho- X-Sonic-MF: X-Sonic-ID: 830ae4f8-7df5-44b1-a4f9-bcff6dbf4917 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:24:45 +0000 Received: by hermes--production-gq1-6949d6d8f9-ghhkt (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID aee9c1d49ff512a4183bc9eedbd8cede; Fri, 15 Dec 2023 22:24:40 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, linux-integrity@vger.kernel.org, audit@vger.kernel.org Subject: [PATCH v39 11/42] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 15 Dec 2023 14:16:05 -0800 Message-ID: <20231215221636.105680-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Change the name to security_inode_getlsmblob(). Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: audit@vger.kernel.org --- include/linux/lsm_hook_defs.h | 3 ++- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 3 +-- security/security.c | 11 +++++------ security/selinux/hooks.c | 15 +++++++++------ security/smack/smack_lsm.c | 12 +++++++----- 7 files changed, 33 insertions(+), 24 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 2db7320a1e05..3c51ee8e3d6c 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -161,7 +161,8 @@ LSM_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode, const char *name, const void *value, size_t size, int flags) LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer, size_t buffer_size) -LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid) +LSM_HOOK(void, LSM_RET_VOID, inode_getlsmblob, struct inode *inode, + struct lsmblob *blob) LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new) LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name) LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, diff --git a/include/linux/security.h b/include/linux/security.h index 6306e8ab0cf6..e8b7f858de04 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -431,7 +431,7 @@ int security_inode_getsecurity(struct mnt_idmap *idmap, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getlsmblob(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1020,9 +1020,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getlsmblob(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7afeae468745..b15e44e56409 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2276,13 +2276,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getlsmblob(inode, &blob); + /* stacking scaffolding */ + name->osid = blob.scaffold.secid; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 48287b75fe77..8edf7a0ef9f6 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -671,8 +671,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - /* stacking scaffolding */ - security_inode_getsecid(inode, &blob.scaffold.secid); + security_inode_getlsmblob(inode, &blob); rc = ima_filter_rule_match(&blob, lsm_rule->lsm[i].type, Audit_equal, lsm_rule->lsm[i].rule, diff --git a/security/security.c b/security/security.c index 58387e1f0c04..ed4e9b5fdf70 100644 --- a/security/security.c +++ b/security/security.c @@ -2607,16 +2607,15 @@ int security_inode_listsecurity(struct inode *inode, EXPORT_SYMBOL(security_inode_listsecurity); /** - * security_inode_getsecid() - Get an inode's secid + * security_inode_getlsmblob() - Get an inode's LSM data * @inode: inode - * @secid: secid to return + * @blob: lsm specific information to return * - * Get the secid associated with the node. In case of failure, @secid will be - * set to zero. + * Get the lsm specific information associated with the node. */ -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getlsmblob(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + call_void_hook(inode_getlsmblob, inode, blob); } /** diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d70000363b7a..4ab923698da9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3496,15 +3496,18 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t return len; } -static void selinux_inode_getsecid(struct inode *inode, u32 *secid) +static void selinux_inode_getlsmblob(struct inode *inode, struct lsmblob *blob) { struct inode_security_struct *isec = inode_security_novalidate(inode); - *secid = isec->sid; + + blob->selinux.secid = isec->sid; + /* stacking scaffolding */ + blob->scaffold.secid = isec->sid; } static int selinux_inode_copy_up(struct dentry *src, struct cred **new) { - u32 sid; + struct lsmblob blob; struct task_security_struct *tsec; struct cred *new_creds = *new; @@ -3516,8 +3519,8 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) tsec = selinux_cred(new_creds); /* Get label from overlay inode and set it in create_sid */ - selinux_inode_getsecid(d_inode(src), &sid); - tsec->create_sid = sid; + selinux_inode_getlsmblob(d_inode(src), &blob); + tsec->create_sid = blob.selinux.secid; *new = new_creds; return 0; } @@ -7125,7 +7128,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity), LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity), LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity), - LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid), + LSM_HOOK_INIT(inode_getlsmblob, selinux_inode_getlsmblob), LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr), LSM_HOOK_INIT(path_notify, selinux_path_notify), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 46cc79eb1200..e6d49e59a0c0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1615,15 +1615,17 @@ static int smack_inode_listsecurity(struct inode *inode, char *buffer, } /** - * smack_inode_getsecid - Extract inode's security id + * smack_inode_getlsmblob - Extract inode's security id * @inode: inode to extract the info from - * @secid: where result will be saved + * @blob: where result will be saved */ -static void smack_inode_getsecid(struct inode *inode, u32 *secid) +static void smack_inode_getlsmblob(struct inode *inode, struct lsmblob *blob) { struct smack_known *skp = smk_of_inode(inode); - *secid = skp->smk_secid; + blob->smack.skp = skp; + /* stacking scaffolding */ + blob->scaffold.secid = skp->smk_secid; } /* @@ -5081,7 +5083,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), - LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), + LSM_HOOK_INIT(inode_getlsmblob, smack_inode_getlsmblob), LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), From patchwork Fri Dec 15 22:16:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495123 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic306-28.consmr.mail.ne1.yahoo.com (sonic306-28.consmr.mail.ne1.yahoo.com [66.163.189.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D44FB18EA9 for ; Fri, 15 Dec 2023 22:26:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="q6TncGL0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679180; bh=9ZcTX73QaNIO/8jzBGKXu9xrcBn+sNqoh3q8BtNK3z0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=q6TncGL0o5mRPp1DFh7rcom3F97s9xEtBJUdPI1GMBbbWkf3ZiOMYOJj8X6Ywi3wu7buSahEB0OO6C4YSWLt6uKeLkExZmjMeSB/Hr6gXJGxpPhbBUi0Hykn5DYXV8sFu79gWRJgZJzPvOM34mlgm8gvzjY+k9PbknlO7PiNAWr6YLrlRmwQtCKzJXvN2EudnUoAKVYmVTqEEI0STRNvymSbozC7O9zWz7ieU5LPdcoV0YkrshNPt0fI0SxxxPyRqc+qHGJ31gBz+h0Rk+Lp3r4le7xyJphNpKXxZyTVsxRy+cniG3ehp2IWQHZUzMs4NmbvsMGYcSBchvy9TCwmBw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679180; bh=b5BBXITdN5mFkMToNi9u7QnrGy45/Mii05J4BSlJ/fk=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rq6OzAwTLj2BVTjfsrPHzM+CAHoOTDC3B/yPI+JkNpeMoiVh0Bi21x9jwN4GEM3XdcDnIYLmBcGNCAksTDz5UeRuEJrvV4J9C5JDE/QjcQWxvi5Htl6+AB9n63WUvh1zGqbP4d6iYjz1bvIWag8zNhxCi+JYXf23rHrhljx/710QcDcvi+AalkvK/hHq72uhF1Dk4gTwEpuLc/nTAf5RO01caZFhIfUEaMTvPPhuJhHYnCUCeWx0NBuUdRCJ0aTbB8wSwyiEc/NtEXEQhP48xu5zi/yiRUG4w2fbUPkYdjl4m76wk/tdGchibvY15WYzYkif5WnqGu1CankE2hEU6w== X-YMail-OSG: 9Uq_wqsVM1nsNmlQkGIjPQshXW_e3Tk6keFl7P6HDOPFhqJ284oEQptFiXV6W4m lF1OOt4bFL4amsHwHSXv5J1Y_t6r3dgpWxieSzYOaBg4vc7fqYRARNpezgv1l0js1EjDdzX4Aavx xJAKW7AaXwfYSZKRkfYCeH3Mb0rr4Wjwmj0ES80NRk8bW2oiNdy_6_dYnirwbKqSe.25Tz3bNdZ1 moF5.On4t8XvSRY4pCl8K_KnB_3aGv5Yzgh59xvj2yxfmWPq3y1rMYMl1y78rW1Qyq_zjoDeyQ_9 Iw7VHU9EorgG5DnDoTQ253p7p5NoxI7JiUlh_hFIT2LAyTDVSGHC25Ic0QoEiDB_hN.03Iuf85sh QUaz2fqTz3Gm0vTY3HlVgaKOt2FB5EkOnW.eshlzhlKBAK524LTXPduufEcy2upEGXgGjexd0nej zmSIt1U_O8zM8_BhW0Mxutr7OeDCVmm4X_Pj7pTlVrOSnMALYXDFfHoPSukmyLaDEQGGL2T2KWtp FhjHHSzYbrJ34osF10NC.z99mojsHlnEI2iL5z3wbGwaAnif2WC_3FbfrAvTRHiCFcQaySoYMlXq 2t6JJ3NznZVQtxmDvbGWhh3aUDxY6cd5huKTzyHyZ4dY5K2MH30mwTWYZ5u2NcEZBRC4OiEQKaCQ YEuNKn3zlfjFSmEjKE8kyUubbFx7zwNlIB55N8a_3aKd8.IOJA4qlp6ztBv5SInWJzHiLfIbITBn uC1hak85Wgl_rsYYGVACq3rMlrTZCTHVRjCMrxveNEzc1zuDyXbj6pxANrvGMcdpvuU.yEutkVNQ J0kGjgNjBeKs9djrDr0dgg4i5nbGeGKTz8UA9c_aLdRfiH8eQtn9p3phEqSnfh6ejgsZn4MByjJJ yLytgGxxgEbp2CFa0u18a9Vw1UHJ.I404NDqMwBghD75phsSIPnQNPizIZmIffJW41hy4Thox9U9 umv55xn8MzncshrzNO_f6Wyb6FMMjxbQVZfqdbJ5UzyMa_N.mKvd33UKjShhVbjAvahzmOBnkgn_ Kneq2nNEFhvoEoHW2hIggx_E8N9tplGOtsmEzlkOXa8sfX.qO7yH99bc6gvd4EuFya2FXKsI6SZV lk6DxAqGlwtyn.G5FIJUCrsIMe3C.kH_4FtuEiXXimJMNArQqngNWGnZm9m__bBUrr5gnpgSum09 Ek1i19n_SN03gnejfzqLD8YgRqFyh7XP22yKz65pFufbtnYAf4Y.Q_kcqJrkdb9rznBk4No9T6h0 MGdIzCEmtIRRuDLX4TB9HikpOnlLJ3KwVSRwZi78pp89F5pUQXff64OyLxvvsyAqX6O3PpuP1wsW Js7yylf3anQNuxI8_jQy.13aGSEWCA4CuIQdajVLjKdOSbBgNxCUO_HLk_8IDgyF.SA3F3kMxFm_ n8q2IRbzAAHOR4mhpR5nuRdJbz6FCeEUxtmekoK8ToMRVel4QvSCJlgaGSeNnYRmSljBIeJrpZp1 5VkayYarMtr6OyoSWZF9bUm9o8o0ku5X5E3CCavUXSJMQI4p4tRkY9DvCwYONeRoOegpDknpQ8ps HEq8MscOMjuaTh4TQIWZWMnMCWzL_uVX5uGuc.gX8iwj6wDJoe8QGXO_Hslb9ovBDOpIdeQy2peJ 39eecZm7TWEL67A2.IQOGbV0saf0c8w5F8JL5Pn1TlgiwmhpZeD3sWpeNzAb0f0aJ.vnrC27NKnn pTkbehBdD5IJFQrthx3i4Dh5D.16XuRlk1NLJuSk6_RefvvnwnFrRZWQPVxoW6.DcgRLipEvkgX_ E_KiizjnbRbNGobrUS_nN8XuXsCCZ2EeOt5F54964ucQXVlPAR6ym8jEuZahFbxCmuAuVEZp2GUt O_0eej8ni7zOo9Wi.5Sd1xWcUpClz1Ek.r6lbyAmmObMDtJcU1rrzpcTW4Z7kplCU6VMrN5Zu13A nt0JDGjvelP5YvQRxEtjDuaj0TcT7AfijDjkt372.h.TNTihJJ2ScfJnLG5cL66LxeAct8ATEIWd nQagK_eUA5GyF27_ILDzUxE1TlRB6wOUgWnwlebvEEyOQv8PY2HxucE42wtlO2t6WwLwPHjHTgKS s1JBoeCor4t4huR1lpX2GSZfITTC3yHeMSUEPWimn3v.ITLu_dobsmsHCj8ux4PlJuAbYyBY5DGO WvATeJdE8y3kRcua4yWLf2JkKC4WXTd1rYGLKuh6X_zODv4lvUHRdDqBC.0fD3F2_3.5RPft6_XX .WPFh8ZcAMdG5ZtP7Fl1muK__u.jnE.f9JNVlwFnKKhcZMBt2uRqj X-Sonic-MF: X-Sonic-ID: 99d984fe-a30e-482e-9dbf-fc3592ae0374 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:26:20 +0000 Received: by hermes--production-gq1-6949d6d8f9-pmzmd (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 82d6a093b466d43a3aa36e3491ebb0ec; Fri, 15 Dec 2023 22:26:16 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, linux-integrity@vger.kernel.org, audit@vger.kernel.org, Todd Kjos Subject: [PATCH v39 13/42] LSM: Create new security_cred_getlsmblob LSM hook Date: Fri, 15 Dec 2023 14:16:07 -0800 Message-ID: <20231215221636.105680-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Create a new LSM hook security_cred_getlsmblob() which, like security_cred_getsecid(), fetches LSM specific attributes from the cred structure. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: audit@vger.kernel.org Cc: Todd Kjos --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 7 +++++++ security/integrity/ima/ima_main.c | 7 ++----- security/security.c | 15 +++++++++++++++ security/selinux/hooks.c | 8 ++++++++ security/smack/smack_lsm.c | 18 ++++++++++++++++++ 6 files changed, 52 insertions(+), 5 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 3c51ee8e3d6c..fe9c1d89dc66 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -196,6 +196,8 @@ LSM_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old, LSM_HOOK(void, LSM_RET_VOID, cred_transfer, struct cred *new, const struct cred *old) LSM_HOOK(void, LSM_RET_VOID, cred_getsecid, const struct cred *c, u32 *secid) +LSM_HOOK(void, LSM_RET_VOID, cred_getlsmblob, const struct cred *c, + struct lsmblob *blob) LSM_HOOK(int, 0, kernel_act_as, struct cred *new, u32 secid) LSM_HOOK(int, 0, kernel_create_files_as, struct cred *new, struct inode *inode) LSM_HOOK(int, 0, kernel_module_request, char *kmod_name) diff --git a/include/linux/security.h b/include/linux/security.h index e8b7f858de04..67ecf8588c90 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -460,6 +460,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getlsmblob(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1151,6 +1152,12 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid) *secid = 0; } +static inline void security_cred_getlsmblob(const struct cred *c, + struct lsmblob *blob) +{ + *secid = 0; +} + static inline int security_kernel_act_as(struct cred *cred, u32 secid) { return 0; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 657143fe558d..c69eb9665cc1 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -526,8 +526,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; - struct lsmblob blob = { }; + struct lsmblob blob; security_current_getlsmblob_subj(&blob); ret = process_measurement(bprm->file, current_cred(), @@ -535,9 +534,7 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - /* stacking scaffolding */ - blob.scaffold.secid = secid; + security_cred_getlsmblob(bprm->cred, &blob); return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } diff --git a/security/security.c b/security/security.c index ed4e9b5fdf70..1cbd45310f63 100644 --- a/security/security.c +++ b/security/security.c @@ -3111,6 +3111,21 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); +/** + * security_cred_getlsmblob() - Get the LSM data from a set of credentials + * @c: credentials + * @blob: destination for the LSM data + * + * Retrieve the security data of the cred structure @c. In case of + * failure, @blob will be cleared. + */ +void security_cred_getlsmblob(const struct cred *c, struct lsmblob *blob) +{ + lsmblob_init(blob); + call_void_hook(cred_getlsmblob, c, blob); +} +EXPORT_SYMBOL(security_cred_getlsmblob); + /** * security_kernel_act_as() - Set the kernel credentials to act as secid * @new: credentials diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4ab923698da9..1bc28f5f6870 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3992,6 +3992,13 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) *secid = cred_sid(c); } +static void selinux_cred_getlsmblob(const struct cred *c, struct lsmblob *blob) +{ + blob->selinux.secid = cred_sid(c); + /* stacking scaffolding */ + blob->scaffold.secid = blob->selinux.secid; +} + /* * set the security data for a kernel service * - all the creation contexts are set to unlabelled @@ -7153,6 +7160,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), + LSM_HOOK_INIT(cred_getlsmblob, selinux_cred_getlsmblob), LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e6d49e59a0c0..7dab00bbd0ed 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2121,6 +2121,23 @@ static void smack_cred_getsecid(const struct cred *cred, u32 *secid) rcu_read_unlock(); } +/** + * smack_cred_getlsmblob - get the Smack label for a creds structure + * @cred: the object creds + * @blob: where to put the data + * + * Sets the Smack part of the blob + */ +static void smack_cred_getlsmblob(const struct cred *cred, + struct lsmblob *blob) +{ + rcu_read_lock(); + blob->smack.skp = smk_of_task(smack_cred(cred)); + /* stacking scaffolding */ + blob->scaffold.secid = blob->smack.skp->smk_secid; + rcu_read_unlock(); +} + /** * smack_kernel_act_as - Set the subjective context in a set of credentials * @new: points to the set of credentials to be modified. @@ -5102,6 +5119,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), + LSM_HOOK_INIT(cred_getlsmblob, smack_cred_getlsmblob), LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), From patchwork Fri Dec 15 22:16:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495134 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic315-27.consmr.mail.ne1.yahoo.com (sonic315-27.consmr.mail.ne1.yahoo.com [66.163.190.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB5FB18EAC for ; Fri, 15 Dec 2023 22:29:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="sVo+2tTQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679370; bh=ijG5KPhLf8WT9NPh/OPeKCb8y6uCh4mFGx52DZt41Xw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=sVo+2tTQ9ZU/YywgcLnwVdW7tbsVuhWTZUsJnzTBvYQhZBW9MDHgXQDdeYkGx25McXhVBTebIdUXLoP/hFvUNi1pO5mwtRtvxmcNh7oWLHvztnJYqa9o37T6FYAJXci3ImvAeGweY7MMM9IXh3pj43qRaJhaMj8fKbTiC/em4Yo/2tPrkBwRwJxQH1PQAjJGBBAYvqW82iN5d3ckona1zruu3S//JhMjqFl3V+pB5l2HqeNw+u8UZ0q9rXXAqC8H08FHuYy1Qlt3hWsTIzPomyL9ILIT+yRpBS3Ex/u/AvfwJHexTxzhn43B27H3g3/by6AtdBR1/xwkKJsiaVAezw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679370; bh=n1hH47rWY9fgnuQ/rz4Sv5DTPAPyyO3vRCiHHcVesHU=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Peo3mDFvjl7iEq5fQQ3A1FoORcw4KsEhDrkb4vcs1WRidJL0N2iZ0NvHzil7v3sa72CEz0Ic83Pvkfq2YVUHRkg7FPYe6YHzars83frips2xdt6CXv+7UUXhosUo5OCNs8nCcQQHQfN0cdmnBZRfX9OEYqepDhLYrq3IavrQn4FnX44oi9wznqYWyFErvddV/4gDlv638ysL5pcf9MV63Mazu/V54z+0q0IwQINb+eLvIcBnFDrcMWen1bFS4jxibArX0IYWYIw8voMTANC5cdYE8HJerlcETlfobkuehbNbbdSwwvsoeuycvud60AuhZLptHwKYutl94kBzcmI3xA== X-YMail-OSG: OUAxtq8VM1nN_jBvRUPGfj4Ygg1sHkG551Je8uio1spMIuN1W.BOGm7G5iQvCVG 08Gbha7YCzyM1ezfvemA3mzZejxatEuvdfxiH2XklWCvzMsgT9dMnXXZ_KzVadeRNB6NXbs4YvUc 919GZc8IkYKQHkwWE9LKfqrvjOhI18wOXJup664b3M4Lm6n0FPq15Z39MsUpIdvU299QGbiMGU_t lBIsSBhgrGYmAKC2rfbsVkKPTw_4DzN4ddQf4qwvbXT60CaviIBBGXP7j7pdGbEJ1L232tVKdG3U .W_MxY3HOZKq52V7DveaEnzlqIAinUZAtgYe94Mi7BG7qBcZrrjwiDbQ0PB2hHK93tciFpyPG00I KJFd8Y0lyYMnQS53tDz0yNsIiJ1dx52H0Wd5snHefb2uXNNQGf3U66ZaNqBDyXw4PwZroTWkzaeZ 8a0yELOyVBoewY38Z3gZjwr_6vhof3WGAcGcx4yoCEa6a.h.pG.wRaIMAloorbGKJ_egMEDKAyB5 DpVzQKZH2D.uiM9dFAdKePaNcHBrRg2o6MOkQUFair9z7wXPVzSf3HUxNB9OJO3pwS3rXqRPKffd 1PjE0URlNE2b5W.PMYI6CZRj7qEHazIkUUysaE60kGgU5bDiahxDilYWqbi5KZBo16c8jpjt2jye 3BQ2Rqgv5AI5Bgo.HX0YGaAhSzX6wnlygqDtQRpbCgDTq4v8mIFl05avOpasYn8A6BX5DpwMkJW8 dn2pXc56Mu2a6Ezpd6bF2rEb0uFuC_exbUTb_CPpqf0IiGaPD14Z6GLDG37.Lbk4QikgI453CPk1 5hy.h8VIipGsFM6pgZ04igLGrYHPvtf0G4y_UWeDO3UfeTJlVGSVQn2.hUSE2GxKZ2lzSoKS3at9 avzRQBiceShB1S7eKWMH64tHTQeZQH7j.VoweRptdp5yMc0bRBphe1tPcJmJqXF0UPKJckqIiACn kn6YNp5t.1Ob2JLV2LUeXZ.8H5HgyBW1on0a_ZysnFkK.LOuMTTnvQP.TVElBL9AMSDav.RjIsyD 8orC7i7YHarwWpO2Z1sENvcfPp6i4.Orn3NnQHsLrthapFBERJtuC4DqJJ.H3ZValpg0jf0jIO7h c4otp7HHhNfbovB3b8KDHWB4_SAgz88naG5jFJQka3Rgts627boFx31Y0C.Wn9XNg2Onj28dVc2A lgz5fJWLnrCosyXYYCwxANt2m8czuHeSBY0cGplAlZg0qjoFnUmglPdBDTp5salR0vPdrBOA_pyK gPf.AShcwTMIbg7Q3z5NMeyhSlIPSCUrPXGYIyEmmB_hSrx8oZA1TeVfsFS0w2GQmqePgBGM7pjU xB_2VwhrkW_b1vrTLTPt9wGkFS6wQ2elS3n6zC8HkFpcpL57WB1yw3GvCTLtNpNVNiFnMaVGfXZr 3Mq3fSzR_ctLp.OMAlPgGV0xDW4LbdbHudLYVvzinABBZYVnvhpl6naUWROZgw.APNZbj9nDHVTx PrdfE.p5MpCVVO324RWqW0fo8t_9hRBotct3ww2pmcV_ege9.rTCMlOk96qYwpLPhavQ1LpmaJy0 gdBFmTOLbG9taQ8mSHPBwv3vCU0HPWrB7gwEarAdSMviGAPpGjcYBeR.1SPFd9bwLGp7VJVyLydH .Lsz9fqr.Jn9jJUc9IZWF6sTm.LQEEQ5nyL8BtKVWLn8mHwnyuHrXxSdGLdhzE6y7xGb50G9o2BG XVURd5AzrtM4AGiyMVgop0pgTcWyz.V1lNU_UvKQBb0pBPBRJlnES20GMC.4qE7K9mq1WdZqW0kW 3fD8RtBm5SmdD4qxkP9Cn7gGZEvjOnbOb4Blirph9SUI2_jYo5WHmA8HJAWLdwWM1sA8Tv.49r_e CKBtqPiFPHTqEO2uq_IaF8PQ2l2.LdhK.GvxRQniJY4RtyhfI58db46iXlomOYbBMTCei1GBIOk7 jjX4XoKpWopf7m6FhdQEYV3DInl2g7H5DRE8mcK3e2g_urZzGN9Y5xA4.FRnAc7290ZCTERDjMl2 yIkldk0XdM1K22TYWIoBMcf.1dVgFj1PRegFaa.L5n4W0z85PZ8OjuleevBFVSs4kK9R1GYwjXlX Y1S6s6d6C61gBNibAvHoc6jsC1Y98rQaLZ4dpOYb4BH2a78GjJPXOGhW0i7CRIX08QDiZQUrtqTy H.WGSPSldKJkJ64ht2giwCmH6JCeIB3WRAsjuqDnrWQtOWygHa.5Im3NJ64JwaxUq2SSv8Ha0u6_ yDTnvjI3p9YXp0Ut5n668uXc8op8PvUSTLkvm7XqNE_uVHYEGMGT_OtbyTjLJB9.Ri8uQeAgLMAq q6BA.S3rXIyE60eIzkzwMwO0zv7uiBg-- X-Sonic-MF: X-Sonic-ID: 80a7ca31-8c66-42a1-9e3d-01cace7e99be Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:29:30 +0000 Received: by hermes--production-gq1-6949d6d8f9-nsbdm (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d22b1f6ad07bda71c6e1d3c51ac27d9d; Fri, 15 Dec 2023 22:29:23 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, audit@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org, Todd Kjos Subject: [PATCH v39 16/42] LSM: Ensure the correct LSM context releaser Date: Fri, 15 Dec 2023 14:16:10 -0800 Message-ID: <20231215221636.105680-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Update security_release_secctx() to use the lsmcontext instead of a (char *, len) pair. Change its callers to do likewise. The LSMs supporting this hook have had comments added to remind the developer that there is more work to be done. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org Cc: Todd Kjos --- drivers/android/binder.c | 24 ++++++------- fs/ceph/xattr.c | 6 +++- fs/nfs/nfs4proc.c | 8 +++-- fs/nfsd/nfs4xdr.c | 8 +++-- include/linux/lsm_hook_defs.h | 2 +- include/linux/security.h | 35 +++++++++++++++++-- include/net/scm.h | 11 +++--- kernel/audit.c | 34 ++++++++++--------- kernel/auditsc.c | 23 +++++++------ net/ipv4/ip_sockglue.c | 10 +++--- net/netfilter/nf_conntrack_netlink.c | 10 +++--- net/netfilter/nf_conntrack_standalone.c | 9 +++-- net/netfilter/nfnetlink_queue.c | 13 ++++--- net/netlabel/netlabel_unlabeled.c | 45 +++++++++++-------------- net/netlabel/netlabel_user.c | 11 +++--- security/apparmor/include/secid.h | 2 +- security/apparmor/secid.c | 11 ++++-- security/security.c | 8 ++--- security/selinux/hooks.c | 11 ++++-- 19 files changed, 170 insertions(+), 111 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 92128aae2d06..58bdb5b75131 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2920,8 +2920,7 @@ static void binder_transaction(struct binder_proc *proc, struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); ktime_t t_start_time = ktime_get(); - char *secctx = NULL; - u32 secctx_sz = 0; + struct lsmcontext lsmctx; struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3200,7 +3199,8 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + ret = security_secid_to_secctx(secid, &lsmctx.context, + &lsmctx.len); if (ret) { binder_txn_error("%d:%d failed to get security context\n", thread->pid, proc->pid); @@ -3209,7 +3209,7 @@ static void binder_transaction(struct binder_proc *proc, return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { binder_txn_error("%d:%d integer overflow of extra_buffers_size\n", @@ -3243,23 +3243,23 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); - secctx = NULL; + security_release_secctx(&lsmctx); + lsmctx.context = NULL; } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -3303,7 +3303,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3682,8 +3682,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index e066a556eccb..113956d386c0 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1446,12 +1446,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif #ifdef CONFIG_FS_ENCRYPTION kfree(as_ctx->fscrypt_auth); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 8a943fffaad5..6ea99e2aabf3 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -138,8 +138,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index ec4ed6206df1..9cade754356a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -3627,8 +3627,12 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (args.context) - security_release_secctx(args.context, args.contextlen); + if (args.context) { + struct lsmcontext scaff; /* scaffolding */ + + lsmcontext_init(&scaff, args.context, args.contextlen, 0); + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(args.acl); if (tempfh) { diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index fe9c1d89dc66..c5e5a32f5e07 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -278,7 +278,7 @@ LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata, LSM_HOOK(int, -EOPNOTSUPP, lsmblob_to_secctx, struct lsmblob *blob, char **secdata, u32 *seclen) LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid) -LSM_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen) +LSM_HOOK(void, LSM_RET_VOID, release_secctx, struct lsmcontext *cp) LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode) LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) diff --git a/include/linux/security.h b/include/linux/security.h index 67ecf8588c90..9712056d71a0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -148,6 +148,37 @@ struct lsmblob_scaffold { u32 secid; }; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int id; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @id: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int id) +{ + cp->id = id; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules */ @@ -535,7 +566,7 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); int security_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1475,7 +1506,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index e8c76b4be2fe..6e1add51d4c2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -93,16 +93,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { - char *secdata; - u32 seclen; + struct lsmcontext ctx; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + err = security_secid_to_secctx(scm->secid, &ctx.context, + &ctx.len); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len, + ctx.context); + security_release_secctx(&ctx); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 54dfe339e341..47cfb6b20c3c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1209,8 +1209,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; err = audit_netlink_ok(skb, msg_type); if (err) @@ -1458,30 +1457,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + size_t sig_data_size; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_lsmblob_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_lsmblob_to_secctx(&audit_sig_lsm, + &lsmctx.context, + &lsmctx.len); if (err) return err; } - sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); + sig_data_size = struct_size(sig_data, ctx, lsmctx.len); + sig_data = kmalloc(sig_data_size, GFP_KERNEL); if (!sig_data) { if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + security_release_secctx(&lsmctx); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + memcpy(sig_data->ctx, lsmctx.context, lsmctx.len); + security_release_secctx(&lsmctx); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, - sig_data, struct_size(sig_data, ctx, len)); + sig_data, sig_data_size); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2164,24 +2167,23 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { + struct lsmcontext ctx; struct lsmblob blob; - char *ctx = NULL; - unsigned len; int error; security_current_getlsmblob_subj(&blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_lsmblob_to_secctx(&blob, &ctx, &len); + error = security_lsmblob_to_secctx(&blob, &ctx.context, &ctx.len); if (error) { if (error != -EINVAL) goto error_path; return 0; } - audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + audit_log_format(ab, " subj=%s", ctx.context); + security_release_secctx(&ctx); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index bfe2ee3ccbe6..2874255f5f25 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1098,8 +1098,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *comm) { struct audit_buffer *ab; - char *ctx = NULL; - u32 len; + struct lsmcontext ctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1110,12 +1109,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_lsmblob_to_secctx(blob, &ctx, &len)) { + if (security_lsmblob_to_secctx(blob, &ctx.context, &ctx.len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + audit_log_format(ab, " obj=%s", ctx.context); + security_release_secctx(&ctx); } } audit_log_format(ab, " ocomm="); @@ -1371,6 +1370,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1401,7 +1401,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1560,15 +1561,15 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (lsmblob_is_set(&n->oblob)) { - char *ctx = NULL; - u32 len; + struct lsmcontext ctx; - if (security_lsmblob_to_secctx(&n->oblob, &ctx, &len)) { + if (security_lsmblob_to_secctx(&n->oblob, &ctx.context, + &ctx.len)) { if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + audit_log_format(ab, " obj=%s", ctx.context); + security_release_secctx(&ctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2efc53526a38..3bf8ff9d4434 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,20 +130,20 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { - char *secdata; - u32 seclen, secid; + struct lsmcontext ctx; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + err = security_secid_to_secctx(secid, &ctx.context, &ctx.len); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + put_cmsg(msg, SOL_IP, SCM_SECURITY, ctx.len, ctx.context); + security_release_secctx(&ctx); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index fb0ae15e96df..3e79b339a1bc 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -357,10 +357,10 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct, static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + struct lsmcontext ctx; + int ret; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len); if (ret) return 0; @@ -369,13 +369,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, ctx.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + security_release_secctx(&ctx); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 0ee98ce5b816..23949d233375 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -175,17 +175,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) #ifdef CONFIG_NF_CONNTRACK_SECMARK static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { + struct lsmcontext ctx; int ret; - u32 len; - char *secctx; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", ctx.context); - security_release_secctx(secctx, len); + security_release_secctx(&ctx); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 171d1f52d3dd..8b4c5c08daa7 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -408,6 +408,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -651,8 +652,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -660,8 +663,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 7bac13ae07a3..464105080245 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,8 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; - char *secctx = NULL; - u32 secctx_len; + struct lsmcontext ctx; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,11 +437,10 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + if (security_secid_to_secctx(secid, &ctx.context, + &ctx.len) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", ctx.context); + security_release_secctx(&ctx); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -473,8 +471,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; - char *secctx; - u32 secctx_len; + struct lsmcontext ctx; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -494,10 +491,10 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(entry->secid, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + security_secid_to_secctx(entry->secid, &ctx.context, + &ctx.len) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", ctx.context); + security_release_secctx(&ctx); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -534,8 +531,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; - char *secctx; - u32 secctx_len; + struct lsmcontext ctx; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -554,10 +550,10 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(entry->secid, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + security_secid_to_secctx(entry->secid, &ctx.context, + &ctx.len) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", ctx.context); + security_release_secctx(&ctx); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1069,10 +1065,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext ctx; void *data; u32 secid; - char *secctx; - u32 secctx_len; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1127,14 +1122,14 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(secid, &ctx.context, &ctx.len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - security_release_secctx(secctx, secctx_len); + ctx.len, + ctx.context); + security_release_secctx(&ctx); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 6cd1fcb3902b..b9289a22b363 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,8 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - char *secctx; - u32 secctx_len; + struct lsmcontext ctx; if (audit_enabled == AUDIT_OFF) return NULL; @@ -99,10 +98,10 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); if (lsmblob_is_set(&audit_info->blob) && - security_lsmblob_to_secctx(&audit_info->blob, &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + security_lsmblob_to_secctx(&audit_info->blob, &ctx.context, + &ctx.len) == 0) { + audit_log_format(audit_buf, " subj=%s", ctx.context); + security_release_secctx(&ctx); } return audit_buf; diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index 816a425e2023..e47c37c1beda 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -29,7 +29,7 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); -void apparmor_release_secctx(char *secdata, u32 seclen); +void apparmor_release_secctx(struct lsmcontext *cp); int aa_alloc_secid(struct aa_label *label, gfp_t gfp); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index a7c6f5061882..e9f655f54a42 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -139,9 +139,16 @@ int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) return 0; } -void apparmor_release_secctx(char *secdata, u32 seclen) +void apparmor_release_secctx(struct lsmcontext *cp) { - kfree(secdata); + /* + * stacking scaffolding: + * When it is possible for more than one LSM to provide a + * release hook, do this check: + * if (cp->id == LSM_ID_APPARMOR || cp->id == LSM_ID_UNDEF) + */ + + kfree(cp->context); } /** diff --git a/security/security.c b/security/security.c index 1cbd45310f63..063a209ac17f 100644 --- a/security/security.c +++ b/security/security.c @@ -4250,14 +4250,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); /** * security_release_secctx() - Free a secctx buffer - * @secdata: secctx - * @seclen: length of secctx + * @cp: the security context * * Release the security context. */ -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { - call_void_hook(release_secctx, secdata, seclen); + call_void_hook(release_secctx, cp); + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1bc28f5f6870..1a428a6964a0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6588,9 +6588,16 @@ static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) secid, GFP_KERNEL); } -static void selinux_release_secctx(char *secdata, u32 seclen) +static void selinux_release_secctx(struct lsmcontext *cp) { - kfree(secdata); + /* + * stacking scaffolding: + * When it is possible for more than one LSM to provide a + * release hook, do this check: + * if (cp->id == LSM_ID_SELINUX || cp->id == LSM_ID_UNDEF) + */ + + kfree(cp->context); } static void selinux_inode_invalidate_secctx(struct inode *inode) From patchwork Fri Dec 15 22:16:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495135 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic312-30.consmr.mail.ne1.yahoo.com (sonic312-30.consmr.mail.ne1.yahoo.com [66.163.191.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0D9B18EA1 for ; Fri, 15 Dec 2023 22:29:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="a1FP82km" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679372; bh=4LhKS1dSp6/aRhZhVxxpOMfzUTMlpn6YH3k+S376Occ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=a1FP82km1z3caVooNt2FMFfdMyUTRZf13iMB7SZ32fNGIYKmddGWgfP1LXxdBL+gqcTZArkfrPWp4+nuTpiUUki483X10m9YsQhOVMeve0qNRliHWbH6yKbG5NJcbKZIZ6D2FkrNOwObRVfB5bYBGXFVIWmhgQzswsDGdAkTEE6KtFpf3a/1m6zMe9Zd9tw5hFU/ibeTu1HLqk2Sa7nHg7l30e6H2hmCznugfd/Gj3qQJN1NcYyAHeT6oy4TZfk+961aeL+tAtz3yPOcJJtRDl8LEgl9et0Pav7jW0rdBlwjRr3nMeM7rsXOK1pI+iFvDcqZtlgMubVLnuhDpz9x1g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679372; bh=SWHPnTAgjCxjL/NgCROjTqbzvJAgirvRVZRe2R0YNuZ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ep+F8MyeHyJxwgAdiJNfEVAbaNccUQnTqLD5wV+Nk6gBUtNw5AZ/QlDOaUfA0UEHAbSQf0XVWt/29Upkc16qxOSDKGmaughOd94OwxbJsULRjtqaCSXu+dsh09Q9yGs7yPSE1UjXO3Ddwz+kE3QaVmwLr3lv2uBhR6RBJu6ZHGKXgyKWPOPzIf1NNr0SZY3AB8kk08YhEdR8iKfwSHJ85kde3SqHvqNNdMxzyhkLznvjEaBjllMnWT33OrTeMzN7JYtigpur0HAHwjZuuRC3FqQPHD+LDtC7doLsDxK8Y8xheybMDQEdfzSrlhwGbNltS8KNb93HVNfBo45NpH/97g== X-YMail-OSG: C8R6ojoVM1mPBBe.JlbfoPhuIHkgWruFpgJ4Hn17_b1pXpagOzp7CBzGvQ3uNn7 SkcHMzRAkFR7eViuX5pA08G5fyCE3FR_G2BpL3lZa7UkFVVHMZazSrq0t2Qr.87IxVL50Vw2FRj5 tVxjM4R_K1kJw9j3fz_R0XDfWe9H_F_sTi2qyIDJvaClGFLI8EVZPVDQF0XkUMqZO7TSlao1F58G zr30IPBJa1SlLO43qe4FFk8r_PF6l7lHaLf6K28fEupXIMN9EfB1_fxteiEXE_4YbwrP3rMIf03J Ko7LyxZOQvXS5zawzcGXjOSRH9WVq9udz27E9JkyHfQ36r44tr4eY9FWcT7e2wXcULnAc66Wjoyv W7Pupt_jEJdivoVw52PZJcXTLCwWP2dn7IhZ2iEoMcIESswE61nXXgKXhrYhKo8BzR8Ywu2Plduh nq9O2yQUVdPS4UhwdrexBnshbpuphhX8d1psBptqxmPoff0hJfqolIgClfJdUxjTvr8LEHynkjTZ P_XCw.IOvAPMoAfrL7E8leouoMQ8HPnwIcCG8Ofj93WEPDRTbZksXmFgvPM1zqtmum7dhIvtQX_1 CE8tvuormyCF5mMF2OWVXYMJA5bg3yWr_p4D1hCfhpOw2sa9h31NbCRiUaPbvqAlA6vMKdvGwxc4 OpK9HUxkHenqH01cs2_rAz0FH0n06N98lxc57X4TamrPoPkc7eppQ4nlcntTtf_9wXFZuApawG9E uuW3hKj95XOG1EUCoOkCebeaZeJ8JgOautXNToppumAlBtxrptzUUHXBXE7Ap8qEfLqqFWeZTmoC tzJZBTUNxgO95UFgWLttQg610F6CNCSNRzjjOokWGQUqLNiqTGoo1H6NZEzxVA.HWsmMAffffGQW dA3nY1YyFraZ4b4YdLG7Wq79PumAeqUhZurRwIiaruulMry2qibAQ6GAo4gYwcyMXdePNDm4Rgnc tUnfVvXluV_zS5s5msLSL7iSrKPpBrJJolepg_kmJlL3kzbxAs5IGJsLuWLiGTftC7WIyIffU_JZ 0qou4.oxbrpO4Taa5OcyiGVICwlVFF2AS6sTo6ZjkaA12gg5.WAGwLhx1UW4SClQVDnT2eTkJAQE E1hiDd9Jv0tQ3Q.FXmuvRW4qAbzKbDXCoYqLrf0.FGz7GoGBHo9sDQm4gRJnSwb4ZHODQrvhaKcS rZ9t9RjaDA43wZCER7ZRRhDqRlTIgLN2CCg5v1CdJhbkSmPRlfdLmqxuET9ODnMKJjnNqQd04.Yp DDv8pL9s69OMTlhJA0j_IL.CGx2Ct81a.lHM.8ZTc2dL51LV.OD4TIJujNqfNZEw4hKvSuJo0VJ5 dxSL9xtNtqK2Msw1GotWT8LkZNOA1.aDjGcio0McktvuIRp6vSa7RcaM2MTbLR2N27jqgHLlGn3h MsF3uH7UGxgJAaMJOixMqJOx_JocELXtU05Dh10Ar5RLq68x_bGjiI3Te2J20tC_NWCXgLsmIecb gkKRIXijM91xjh6yt_wj2x7ykimH1gHK_4raATXAvazMIi8wdV4TFVgiE33jqnVyW9R645iRdzKC cJMcQyV0dkPwyKB00Qwt5tC0qnAbRdxv5LJ1_ddMnPxEJ7UFHwHlsYPteBr5jHOXSrmtx8tQvugE YpVzRiCHjOh2akeOjnB9Zx1DO7HXu8rr5qZbzjVLmAhHXJmXIm_Nf._1Jp29RMqwFpkQzcC1XLb_ H9PlhApTE6SkjF5Sqdkbh8O2aB0.mShLUqT9DcxoGPUpm8hf0CmADwUyrcRjqsMgMlyaUmBFaDUj hKAbInucH74TUwpOCrn3FBFsgLCFURekrLP4yA_xJ9u_XPsQhcDVcuLgNp8..U_VWB.vg_.d1UaD u5GG5KULZLcNQM485jKSqsPnpZEV_TgsHmT4k7yCtChnIT1GQWD8UsLOo5GGhB2N.ftkYLRxFC0L cZ5wXjmnTCWU1nSTAinKxQ_Wd6hJ4cJ.z3oi_JFRRlDMmU4y2SiP_XBMRxQzrat80WBAJ3Olg2j2 v2Hs8DHGEaGpDHpowP.tHOamXfszDPi72ffs6aebZSbQIZNDmeK7CS8I4hSgQgGdMB7OGatyADKf ZgqTfoVspwMQ7Ek1FiP4_PG8qHvJipG7VsvecLMOGJbzkB1iYao1BNfy4wTJ1sQe68dYEmc8qlef A8CP4QZCZvdT1UaTgX5lcy3HyroaqXXTtDbslwl2lQ6BJpyvenbGUOTKkPxRJK16nQg8Dj7.5XOQ WrfT7vYAe9xyAlMBvXoYPEBFu2ZAIwg9Bjz_9duoclK9FPTO5xzLTaxPiwTXVivIUciLVu_IwWnB CiQVEUthhMM7WXReuwIfAaLBMvE68cw-- X-Sonic-MF: X-Sonic-ID: 78e8c0bb-cb01-438b-ab26-b82b1d5134d3 Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:29:32 +0000 Received: by hermes--production-gq1-6949d6d8f9-nsbdm (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d22b1f6ad07bda71c6e1d3c51ac27d9d; Fri, 15 Dec 2023 22:29:26 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, netdev@vger.kernel.org, audit@vger.kernel.org, netfilter-devel@vger.kernel.org, Todd Kjos Subject: [PATCH v39 17/42] LSM: Use lsmcontext in security_secid_to_secctx Date: Fri, 15 Dec 2023 14:16:11 -0800 Message-ID: <20231215221636.105680-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() will now return the length value on success instead of 0. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org Cc: Todd Kjos --- drivers/android/binder.c | 5 ++--- include/linux/lsm_hook_defs.h | 3 +-- include/linux/security.h | 5 ++--- include/net/scm.h | 5 ++--- net/ipv4/ip_sockglue.c | 4 ++-- net/netfilter/nf_conntrack_netlink.c | 8 ++++---- net/netfilter/nf_conntrack_standalone.c | 4 ++-- net/netfilter/nfnetlink_queue.c | 27 ++++++++++--------------- net/netlabel/netlabel_unlabeled.c | 13 +++++------- security/apparmor/include/secid.h | 2 +- security/apparmor/secid.c | 13 +++++++----- security/security.c | 17 ++++++++-------- security/selinux/hooks.c | 17 ++++++++++++++-- security/smack/smack_lsm.c | 16 ++++++++------- 14 files changed, 72 insertions(+), 67 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 58bdb5b75131..c0fa95e64e7c 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3199,9 +3199,8 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &secid); - ret = security_secid_to_secctx(secid, &lsmctx.context, - &lsmctx.len); - if (ret) { + ret = security_secid_to_secctx(secid, &lsmctx); + if (ret < 0) { binder_txn_error("%d:%d failed to get security context\n", thread->pid, proc->pid); return_error = BR_FAILED_REPLY; diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index c5e5a32f5e07..8e0155ac6697 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -273,8 +273,7 @@ LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name, char **value) LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) LSM_HOOK(int, 0, ismaclabel, const char *name) -LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata, - u32 *seclen) +LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, struct lsmcontext *cp) LSM_HOOK(int, -EOPNOTSUPP, lsmblob_to_secctx, struct lsmblob *blob, char **secdata, u32 *seclen) LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid) diff --git a/include/linux/security.h b/include/linux/security.h index 9712056d71a0..03b79089eaf7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -562,7 +562,7 @@ int security_getprocattr(struct task_struct *p, int lsmid, const char *name, int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(u32 secid, struct lsmcontext *cp); int security_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); @@ -1487,8 +1487,7 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, - u32 *seclen) +static inline int security_secid_to_secctx(u32 secid, struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 6e1add51d4c2..91452b36b5bf 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -97,10 +97,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &ctx.context, - &ctx.len); + err = security_secid_to_secctx(scm->secid, &ctx); - if (!err) { + if (err >= 0) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len, ctx.context); security_release_secctx(&ctx); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 3bf8ff9d4434..38b9f822a70d 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -138,8 +138,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &ctx.context, &ctx.len); - if (err) + err = security_secid_to_secctx(secid, &ctx); + if (err < 0) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, ctx.len, ctx.context); diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 3e79b339a1bc..a7dfc39bfbf3 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -360,8 +360,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct lsmcontext ctx; int ret; - ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len); - if (ret) + ret = security_secid_to_secctx(ct->secmark, &ctx); + if (ret < 0) return 0; ret = -1; @@ -669,8 +669,8 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); - if (ret) + ret = security_secid_to_secctx(ct->secmark, NULL); + if (ret < 0) return 0; return nla_total_size(0) /* CTA_SECCTX */ diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 23949d233375..a1d8952db1c1 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -178,8 +178,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext ctx; int ret; - ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len); - if (ret) + ret = security_secid_to_secctx(ct->secmark, &ctx); + if (ret < 0) return; seq_printf(s, "secctx=%s ", ctx.context); diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 8b4c5c08daa7..f7918b21672d 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -319,18 +319,18 @@ static int nfqnl_put_sk_classid(struct sk_buff *skb, struct sock *sk) return 0; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *ctx) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); - + seclen = security_secid_to_secctx(skb->secmark, ctx); read_unlock_bh(&skb->sk->sk_callback_lock); #endif return seclen; @@ -408,8 +408,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; + struct lsmcontext ctx; u32 seclen = 0; ktime_t tstamp; @@ -484,8 +483,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) + seclen = nfqnl_get_sk_secctx(entskb, &ctx); + if (seclen >= 0) size += nla_total_size(seclen); } @@ -624,7 +623,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, if (nfqnl_put_sk_classid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (seclen && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -652,10 +651,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (seclen >= 0) + security_release_secctx(&ctx); return skb; nla_put_failure: @@ -663,10 +660,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (seclen >= 0) + security_release_secctx(&ctx); return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 464105080245..b43cfb4fe4f1 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,8 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, &ctx.context, - &ctx.len) == 0) { + if (security_secid_to_secctx(secid, &ctx) >= 0) { audit_log_format(audit_buf, " sec_obj=%s", ctx.context); security_release_secctx(&ctx); } @@ -491,8 +490,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(entry->secid, &ctx.context, - &ctx.len) == 0) { + security_secid_to_secctx(entry->secid, &ctx) >= 0) { audit_log_format(audit_buf, " sec_obj=%s", ctx.context); security_release_secctx(&ctx); } @@ -550,8 +548,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(entry->secid, &ctx.context, - &ctx.len) == 0) { + security_secid_to_secctx(entry->secid, &ctx) >= 0) { audit_log_format(audit_buf, " sec_obj=%s", ctx.context); security_release_secctx(&ctx); } @@ -1122,8 +1119,8 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &ctx.context, &ctx.len); - if (ret_val != 0) + ret_val = security_secid_to_secctx(secid, &ctx); + if (ret_val < 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index e47c37c1beda..b66c2d043a02 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -25,7 +25,7 @@ struct aa_label; extern int apparmor_display_secid_mode; struct aa_label *aa_secid_to_label(u32 secid); -int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int apparmor_secid_to_secctx(u32 secid, struct lsmcontext *cp); int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index e9f655f54a42..55d6c54fe90e 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -61,7 +61,7 @@ struct aa_label *aa_secid_to_label(u32 secid) return xa_load(&aa_secids, secid); } -int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int apparmor_secid_to_secctx(u32 secid, struct lsmcontext *cp) { /* TODO: cache secctx and ref count so we don't have to recreate */ struct aa_label *label = aa_secid_to_label(secid); @@ -76,8 +76,8 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) if (apparmor_display_secid_mode) flags |= FLAG_SHOW_MODE; - if (secdata) - len = aa_label_asxprint(secdata, root_ns, label, + if (cp) + len = aa_label_asxprint(&cp->context, root_ns, label, flags, GFP_ATOMIC); else len = aa_label_snxprint(NULL, 0, root_ns, label, flags); @@ -85,9 +85,12 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) if (len < 0) return -ENOMEM; - *seclen = len; + if (cp) { + cp->len = len; + cp->id = LSM_ID_APPARMOR; + } - return 0; + return len; } int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, diff --git a/security/security.c b/security/security.c index 063a209ac17f..708a26a88447 100644 --- a/security/security.c +++ b/security/security.c @@ -4172,17 +4172,16 @@ EXPORT_SYMBOL(security_ismaclabel); /** * security_secid_to_secctx() - Convert a secid to a secctx * @secid: secid - * @secdata: secctx - * @seclen: secctx length + * @cp: the LSM context * - * Convert secid to security context. If @secdata is NULL the length of the - * result will be returned in @seclen, but no @secdata will be returned. This + * Convert secid to security context. If @cp is NULL the length of the + * result will be returned, but no data will be returned. This * does mean that the length could change between calls to check the length and - * the next call which actually allocates and returns the @secdata. + * the next call which actually allocates and returns the data. * - * Return: Return 0 on success, error on failure. + * Return: Return length of data on success, error on failure. */ -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(u32 secid, struct lsmcontext *cp) { struct security_hook_list *hp; int rc; @@ -4192,7 +4191,7 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) * LSM hook is not "stackable"). */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + rc = hp->hook.secid_to_secctx(secid, cp); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } @@ -4221,7 +4220,7 @@ int security_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, struct security_hook_list *hp; int rc; - hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { + hlist_for_each_entry(hp, &security_hook_heads.lsmblob_to_secctx, list) { rc = hp->hook.lsmblob_to_secctx(blob, secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1a428a6964a0..37b97cf81da1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6565,9 +6565,22 @@ static int selinux_ismaclabel(const char *name) return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); } -static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static int selinux_secid_to_secctx(u32 secid, struct lsmcontext *cp) { - return security_sid_to_context(secid, secdata, seclen); + u32 seclen; + u32 ret; + + if (cp) { + cp->id = LSM_ID_SELINUX; + ret = security_sid_to_context(secid, &cp->context, &cp->len); + if (ret < 0) + return ret; + return cp->len; + } + ret = security_sid_to_context(secid, NULL, &seclen); + if (ret < 0) + return ret; + return seclen; } static int selinux_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7dab00bbd0ed..d82753bc52ab 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4814,19 +4814,21 @@ static int smack_ismaclabel(const char *name) /** * smack_secid_to_secctx - return the smack label for a secid * @secid: incoming integer - * @secdata: destination - * @seclen: how long it is + * @cp: destination * * Exists for networking code. */ -static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static int smack_secid_to_secctx(u32 secid, struct lsmcontext *cp) { struct smack_known *skp = smack_from_secid(secid); + int len = strlen(skp->smk_known); - if (secdata) - *secdata = skp->smk_known; - *seclen = strlen(skp->smk_known); - return 0; + if (cp) { + cp->context = skp->smk_known; + cp->len = len; + cp->id = LSM_ID_SMACK; + } + return len; } /** From patchwork Fri Dec 15 22:16:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13495136 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1100918EA7 for ; Fri, 15 Dec 2023 22:31:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="B8WXlYQr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679462; bh=tvjpqyt0BcyonO3ugUYGc4el/VCR47tpN/rANrjzTAc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=B8WXlYQrZfgt6RefCIoEB/5GKWJuNMD+0Hh4axrMtbk2WHtNsJ1ccCn91LqTlGGc2oyLohn2Pa+P2Vgyj/evMdowV803vIs3YOnNIChPr2jl4bsk5Rmoii9M24FoDzJqlFRNxu7NME8CiFrheF53bpTote2B0EiVMVg3gCNn4lB4SkZPU6wi4MuRT3YuNBHSto2uW2iAuRjmE/rqyWsPOi4SCyDmfBaTIEO+KI6XnVZF1hM5QwEVb3AyJFSEp3Xf0a2mJvFn3amuxEVpbZkln2LKfCUyVYtijA6UCb2bld7dZ4aIkx7GPD32k2wswqvpF+XmlOfXVssXDl99xaR/aw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702679462; bh=bPByZF8rLBiGTktlsL90nGtynZWnHPGEnlWUsFGMw7Y=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=umMoMCO/tUrPh6OHT/boS359m0VX7LFdo+Z2cseYI/mF2GS9ReSYkFiIjjNi2tOeO3xT3lgeK3EVSiEV0V0X2TK7Zl1n5l/yKTSQ6pbwodBs/qsiEphDt6Zy2w9jtS0oupbSCVcmAW9AjH46jyNkiwHgyNktUREJSjukXovubEKkJtzR5y0oZQssGQDIujDY4dS8AdblsPKtem5ul70D5ZyRVZjO/7/y9nLN+osvYmMvByWYClc6Iys6Yv3u6aFaOZ3hRG6whP6gddDPGT5mWuSCygsy8+IUOU0qBmw1/VFmRzh4P2061laL5eH6mkuD/9n6HNceJKHBhp0IaV65lA== X-YMail-OSG: 0QMuOSUVM1kw95lhlQabvIQO0DmMjM8MwkYIHISkR6S1Zmjjqgmd1I6VG9HAu9s UW_uEKG_0Sp2XDyGA8934o315tAC5keTiNrHG4JDyzYck7hndZAP2PKyyU.rMNQod_U4kmOCZ2Wy sk0UCaY2pordIKX_5L1ekzeOZPv9vbia0vs1N3RCDWYDz4nR99LHvCK46d1sRncAMHUEoMCgyDGI rDVzrGFezs0uQUf5u52Nn_tqwPWsLfqDetUoR.a09FEcPpncIKnnbaRtWDBgr9rghbIeuF8jga8k p8Dv_UZ25sQ80OBNe2VwH7v9n23d.2KJcKHL5zUai9R7_gvHxf3ks.dxANjdLElKXcpsQ6NOo55s VtkKTiwmi25mcyw5ACbwDvT6d5_dGBz7Eo6uezZ6Ex7lzgs8ebTQlyY.AwJFQncxUmo1NEapx_66 147cq_gkS2CnK3obiy5CPAdB6C3PwtLHBQWgMabf_HxZkRflxck93UGi3btsFVzuyzxe4opbUswu XB7PQvQSlD4mI4KKnB962k0BG1ro.yP6kA2rjSxqL7MKYSNxSpQVi6_KMRFHO2DRVBlMyT7uafLN EwVdf1uC7HRwzhg0UXDNXdZpRJcARWJsNHU0rlMuo0M9CJFXBmENC.mvRmUxIxTRmCUK1aacyELh xqRWgCysYoNjpTn1xwseyTIbRLh8KhLxrgns.gmAOQafuZvycSaVl8FOg4SnRPdePmqYGsEnDl0T fwaF.CB8PwrC472JhGTBKpN7fqwTrC.FfF3py5LcoQ.dwu5aYdOQDvdW31bfcbk9_bjtbH8XZ57Y qCXZnnPzYaPl2d1zDRduFapJ970p39_0g1m6Me5Yt5lAfvUF.lqtkC5RDUopAQxzBd18z.3pJtIL pYhLKV94ukFJI6p2fwozXbtcBJQgjTtYXNAM42vFADlk7EA6iUgJqsLYgKvP90gnwd5nazaLAER5 yCNIMKkHtO2mROFmSyLJrJv6CDjiAgzjQJVoFFW5L4jQZlSSn5waamtljUN2QDnwCeTuic_LXa3f ST5sfLa7HslBpNW6SSLmWCAtRnbvy9cX_GUtNb5JMgJ2G4NAlkWhrLyyT7ZWb6R38uq.Ei14C88s nKSR_cSjjU1Tox49cnA8q7hSZz2udJgOuAnczrR5uyBfreTyGmnScVDpI3xOnrmOBTFzBS8cNdwn DMKeeIroFaIChJ_vxV2w5vfdsrn8bT.q_PdtP7M6uzzPPLVADt.v.Iyrjr.2t56a7InX6O7qfr_u ol0V2GSaG2oASl9Gb.J2NO0qrAgE6ouzkd1rU_UhtQoed.R.kD_2uWciajUzhEjBuzbs8PEqMbFK xOSIkVnq5vY02CJ.o6xVOMoPNaKP.1B_z9mW4yieW.8NKU4YMUqc296NpnD_GGTrPrqYkEFlxwq4 U_ReCyYwjl_gb2HwHloap6jXnS0IyjpN8qyfKX3aFeXpFkbUEbYPjD8cgZMfLhZJ2jn0Cnz2Dnmu LSN.oaX0KmrVvaHu9n93HGn6HHAksFV9xiY2wEC52FjlJU5xLW5Sj17RDeU7WxD8E3QDjHyogf6K gKRBDwKBeR7IduSAT4jHgA1D2ics.zwF.6db9CW0Py3Gy0xGdfsryGqI8KeOcOhQyUO.GQQ6umr4 ShEZ11ygArhdvo2fJ9E2bSBp7YiXYwPQF_JD45e3WO96Yif2tyzEkJHSudpdbW4BTEcmroRgMJ.v _HXeBO1m8QOPZQhy8GUYJiTR0fVsVSABNm1VzCPIDBm_JoO.OHAsEvOdVuKN0Yj0eWx1Wxw3U9k1 xfem9cUF5HFh30J2ZEyreqhN50EDCWZyoAPyA1DImbDQdzzpZhMuET5UD46x.AK05l_.eo0YhQIz tRpW8YXXkkZ12lXvrL7ZU9AttkuqsmWBCKkbevy2N9fL5SP9BclDCnN1NMjasmbeVLz52AtjYqwr uPXbHb369j405k_wSvySYVBX5.IQ_mFgApi_lry5zETXKdvq9LjfQ2Lpij83x3nRPV34c5jKVekn QgTd0C7.hHSE3jb7nM..1QjQteixOmzz7ASD3lNPDVQ_xU16DU0bG0TlTkCLK0ZGdIpaUAH7zVTF JYMHRMnX9B0CYvSjRknVXjOXrclpQSXVYXKd.3qE9kj2VxL6Zdo15w5FSnBuSdBwjnSfYHLwz1jo gF1hWSQkoIwTnqHcvY3.WjOQXmyBDnpeuzZJm6TG78cGkcd8uAHJm4EOCI1yhtVuvd1dJn3AOidd Fqlu.EKQa7ylT0xaXILS2UaSSlDS2Ryb4J5BmzPN8IG9Gpf.jOz8LNLkIALkbInS6Om4ZWoVMtFj FkeKGSl8JYvVJCZ1vJ6X6H9K7H5Fk8w-- X-Sonic-MF: X-Sonic-ID: 47bdd27c-92f1-4436-8090-65bda4506aeb Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 15 Dec 2023 22:31:02 +0000 Received: by hermes--production-gq1-6949d6d8f9-bvfr7 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 4f41d5d0227d5bac936de484a6531ff5; Fri, 15 Dec 2023 22:31:00 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, mic@digikod.net, netdev@vger.kernel.org, audit@vger.kernel.org, netfilter-devel@vger.kernel.org, Todd Kjos Subject: [PATCH v39 18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx Date: Fri, 15 Dec 2023 14:16:12 -0800 Message-ID: <20231215221636.105680-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231215221636.105680-1-casey@schaufler-ca.com> References: <20231215221636.105680-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: audit@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_lsmblob_to_secctx() will now return the length value on success instead of 0. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org Cc: Todd Kjos --- include/linux/lsm_hook_defs.h | 2 +- include/linux/security.h | 5 ++--- kernel/audit.c | 9 ++++----- kernel/auditsc.c | 17 ++++++----------- net/netlabel/netlabel_user.c | 3 +-- security/apparmor/include/secid.h | 3 +-- security/apparmor/secid.c | 14 ++++++++------ security/security.c | 24 +++++++++++------------- security/selinux/hooks.c | 18 +++++++++++++++--- security/smack/smack_lsm.c | 16 ++++++++++------ 10 files changed, 59 insertions(+), 52 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 8e0155ac6697..339a4559daf8 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -275,7 +275,7 @@ LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) LSM_HOOK(int, 0, ismaclabel, const char *name) LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, struct lsmcontext *cp) LSM_HOOK(int, -EOPNOTSUPP, lsmblob_to_secctx, struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid) LSM_HOOK(void, LSM_RET_VOID, release_secctx, struct lsmcontext *cp) LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode) diff --git a/include/linux/security.h b/include/linux/security.h index 03b79089eaf7..2a0615a62125 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -563,8 +563,7 @@ int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, struct lsmcontext *cp); -int security_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen); +int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); @@ -1493,7 +1492,7 @@ static inline int security_secid_to_secctx(u32 secid, struct lsmcontext *cp) } static inline int security_lsmblob_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/kernel/audit.c b/kernel/audit.c index 47cfb6b20c3c..a93a710c980e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1462,9 +1462,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_lsmblob_to_secctx(&audit_sig_lsm, - &lsmctx.context, - &lsmctx.len); - if (err) + &lsmctx); + if (err < 0) return err; } sig_data_size = struct_size(sig_data, ctx, lsmctx.len); @@ -2175,8 +2174,8 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_lsmblob_to_secctx(&blob, &ctx.context, &ctx.len); - if (error) { + error = security_lsmblob_to_secctx(&blob, &ctx); + if (error < 0) { if (error != -EINVAL) goto error_path; return 0; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2874255f5f25..c37cc02ea4cc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1109,7 +1109,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_lsmblob_to_secctx(blob, &ctx.context, &ctx.len)) { + if (security_lsmblob_to_secctx(blob, &ctx) < 0) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1370,7 +1370,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; struct audit_buffer *ab; int i; @@ -1393,16 +1393,12 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (lsmblob_is_set(&context->ipc.oblob)) { - char *ctx = NULL; - u32 len; - if (security_lsmblob_to_secctx(&context->ipc.oblob, - &ctx, &len)) { + &lsmctx) < 0) { *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } if (context->ipc.has_perm) { @@ -1563,8 +1559,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (lsmblob_is_set(&n->oblob)) { struct lsmcontext ctx; - if (security_lsmblob_to_secctx(&n->oblob, &ctx.context, - &ctx.len)) { + if (security_lsmblob_to_secctx(&n->oblob, &ctx) < 0) { if (call_panic) *call_panic = 2; } else { diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index b9289a22b363..561e1e476a49 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -98,8 +98,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); if (lsmblob_is_set(&audit_info->blob) && - security_lsmblob_to_secctx(&audit_info->blob, &ctx.context, - &ctx.len) == 0) { + security_lsmblob_to_secctx(&audit_info->blob, &ctx) >= 0) { audit_log_format(audit_buf, " subj=%s", ctx.context); security_release_secctx(&ctx); } diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index b66c2d043a02..568820a11efc 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -26,8 +26,7 @@ extern int apparmor_display_secid_mode; struct aa_label *aa_secid_to_label(u32 secid); int apparmor_secid_to_secctx(u32 secid, struct lsmcontext *cp); -int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen); +int apparmor_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void apparmor_release_secctx(struct lsmcontext *cp); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index 55d6c54fe90e..c9b9a8d90afa 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -93,8 +93,7 @@ int apparmor_secid_to_secctx(u32 secid, struct lsmcontext *cp) return len; } -int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen) +int apparmor_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { /* TODO: cache secctx and ref count so we don't have to recreate */ struct aa_label *label; @@ -115,8 +114,8 @@ int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, if (apparmor_display_secid_mode) flags |= FLAG_SHOW_MODE; - if (secdata) - len = aa_label_asxprint(secdata, root_ns, label, + if (cp) + len = aa_label_asxprint(&cp->context, root_ns, label, flags, GFP_ATOMIC); else len = aa_label_snxprint(NULL, 0, root_ns, label, flags); @@ -124,9 +123,12 @@ int apparmor_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, if (len < 0) return -ENOMEM; - *seclen = len; + if (cp) { + cp->len = len; + cp->id = LSM_ID_APPARMOR; + } - return 0; + return len; } int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) diff --git a/security/security.c b/security/security.c index 708a26a88447..e070a6cd4089 100644 --- a/security/security.c +++ b/security/security.c @@ -4203,30 +4203,28 @@ EXPORT_SYMBOL(security_secid_to_secctx); /** * security_lsmblob_to_secctx() - Convert a lsmblob to a secctx * @blob: lsm specific information - * @secdata: secctx - * @seclen: secctx length + * @cp: the LSM context * - * Convert a @blob entry to security context. If @secdata is NULL the - * length of the result will be returned in @seclen, but no @secdata - * will be returned. This does mean that the length could change between - * calls to check the length and the next call which actually allocates - * and returns the @secdata. + * Convert a @blob entry to security context. If @cp is NULL the + * length of the result will be returned, but no data will be returned. + * This does mean that the length could change between calls to check + * the length and the next call which actually allocates and returns + * the data. * - * Return: Return 0 on success, error on failure. + * Return: Return length of data on success, error on failure. */ -int security_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen) +int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int rc; hlist_for_each_entry(hp, &security_hook_heads.lsmblob_to_secctx, list) { - rc = hp->hook.lsmblob_to_secctx(blob, secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) + rc = hp->hook.lsmblob_to_secctx(blob, cp); + if (rc != LSM_RET_DEFAULT(lsmblob_to_secctx)) return rc; } - return LSM_RET_DEFAULT(secid_to_secctx); + return LSM_RET_DEFAULT(lsmblob_to_secctx); } EXPORT_SYMBOL(security_lsmblob_to_secctx); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 37b97cf81da1..d138aa692abd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6583,16 +6583,28 @@ static int selinux_secid_to_secctx(u32 secid, struct lsmcontext *cp) return seclen; } -static int selinux_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen) +static int selinux_lsmblob_to_secctx(struct lsmblob *blob, + struct lsmcontext *cp) { u32 secid = blob->selinux.secid; + u32 seclen; + u32 ret; /* stacking scaffolding */ if (!secid) secid = blob->scaffold.secid; - return security_sid_to_context(secid, secdata, seclen); + if (cp) { + cp->id = LSM_ID_SELINUX; + ret = security_sid_to_context(secid, &cp->context, &cp->len); + if (ret < 0) + return ret; + return cp->len; + } + ret = security_sid_to_context(secid, NULL, &seclen); + if (ret < 0) + return ret; + return seclen; } static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d82753bc52ab..1fdd4233a9b3 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4839,19 +4839,23 @@ static int smack_secid_to_secctx(u32 secid, struct lsmcontext *cp) * * Exists for audit code. */ -static int smack_lsmblob_to_secctx(struct lsmblob *blob, char **secdata, - u32 *seclen) +static int smack_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct smack_known *skp = blob->smack.skp; + int len; /* stacking scaffolding */ if (!skp && blob->scaffold.secid) skp = smack_from_secid(blob->scaffold.secid); - if (secdata) - *secdata = skp->smk_known; - *seclen = strlen(skp->smk_known); - return 0; + len = strlen(skp->smk_known); + + if (cp) { + cp->context = skp->smk_known; + cp->len = len; + cp->id = LSM_ID_SMACK; + } + return len; } /**