From patchwork Tue Sep 10 18:41:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 13799238
X-Patchwork-Delegate: paul@paul-moore.com
Received: from sonic314-27.consmr.mail.ne1.yahoo.com
 (sonic314-27.consmr.mail.ne1.yahoo.com [66.163.189.153])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 750781A704B
	for <audit@vger.kernel.org>; Tue, 10 Sep 2024 18:53:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=66.163.189.153
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1725994406; cv=none;
 b=ZRnupHmYjwsCWF7k6RhoZ9FFyEV7VDq8VECUVph1GY4x9kPGIe62CUUdipdmleJK1FETmf8zvAx4Ph/PpYRpjL+rGLPFwRpxBGUiE775iIzbhnjPiPnQ9HkOxXFRXxsG/RsWveUMPMFtUwqW/O05E3hOByNnUH8N/BWyPD6bvSo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1725994406; c=relaxed/simple;
	bh=IoX9nQjI2oP0imTJJZDHPStaBUxY820d4vgsxZmjUYo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=JCcIumGipV0Kizvq8PfpUUR/eu64szIkYX/D3M8nQqb42cbXWi6kHSIuEx6/Vpzk0H89s1aEYoDSZMWMNwo65jHAVkA6Xq9r6mhDyO9ewKNP0cT05JbdF48gTlmJ+I7vfTsd6VUOuEWz2UgNrIRJBv0YX4rcWwTwLhS0YZGucrE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com;
 spf=none smtp.mailfrom=schaufler-ca.com;
 dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b=r+OUhHZX; arc=none smtp.client-ip=66.163.189.153
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b="r+OUhHZX"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725994403; bh=snRkCW1CoQhwTkFHaGmHmPb0/0EzthT9FmZrwfJIwtA=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=r+OUhHZX/WxM123FVmw/ZHYYNymeAiyA0IRkAlCfcnFJjHi3rAUZ0R324nRJRsX129Mxqzh0GGzdwMHqVp8wLpLbHqd0pOGdONR285maaRWUyImaTavtW+CwprulNF2z5Cz/MegevHLpu93g+F03OF8eMhaayUJIkOsBMUaJm5IMht+eA9NTn69Zfdo85JpErLP0mjhMU9ydxBC++WOZu4jk7c2DGe2xn9Yt+a/j791ROBFb7fG21JofIcoprZhMi86m/GmiobUtHf/GA10F8L0IQ2obFCHKQOtQbMgHLRj3JPHBmb5iAZt5rO0a78s5A9PzaKT9pLYN8myZJCtF3w==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725994403; bh=NU4EUUGqI+ei/Jh6Je/Skrx+VFcT/XPPu03VwEckuQh=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=E6rUvg0SnRZm8df3/MvWT2ctezYTB5NwG7kxeqBz6zB5/X/bsw7CoRKYZvdiOG0NATWfOGotcg4eL7oqcSXmIsX4tBxh313KyC05xvpoehIDVzBD3olZKgUgKz1oYtME7POchGnVV4ajiH3MZAnNFdp/FMDjIOuDt+YIXyqb8iZkY1wXVaRxgdd3VJFSw75e6uAYUeXQkvrPHM+Ak8TApdFyQ1jt0VZG7ujlTfiAZbfckurihtKIzVABBE3czzrOT9ans4LeFyrpd7nPIsQX7zmTEXGIfUtZpwQuEdBvjdxW/y1NYZ1Zqt/t/9n89LypQGrlElW+BaSjEVcJY6l1iw==
X-YMail-OSG: DWhATRMVM1newNlpUoJ0rvExXh0dXCALrF8_47tYcXZh0O22LarfIyporiWjKZq
 .P6J6WqLusmVB8kqPHBHoYzUN.gyl.IY4LJIMEnMi9xfy_HycMJTmEdY6jGDGpMK91cdtuJFqrOg
 .e2RxFgbip2LaZxQYN3vX22YqGd_qqBg7Y3Am3xo.MrFEHiC9EifgfCRrKhIKaVpwZ3C4H2isnE4
 xaJFmchs91.epl0eLiWgGmV0v5fVNeZdTFUSTqCcGakkhDpXeOSEb5U7bsN9kxxQD.rpYKMDacY7
 6RSk_rb457fqj1.1O9ho.Z_Sx1DZTo9XpZnngeS97_._5wmEVvks4N5x5OtmSwfLOjCXeAVk06rw
 Q9EpRguli_YpFbmiMsEaTC0jwVs.LIvPBpSoHCZNX8W9D1PfRUqfcHwa5ip9Al2ud0cvX..v3U4X
 2dBwcITtMHVu05Nq0Oofw6A8AA5v6sFwsCyfUf6NLlUIrDXw0aFv3SscZxGvLuhekGbvnGfozOnR
 fd2YW3webPo07WTzZfK3Sv9f6bOtdEgBEnoilMxy4cQUVXejVY4UA1889Aoe51CGVUjm9hotj92W
 5l3VOlMMXXc1QUn0kSVqHYGMG.7QJeivGKVBdi7CjQ2HPvsu9fRQLCCPkIbL2Cy8Yld4SK50bPpO
 4syF29ccgIJlfu.FMI48CL8KkZPuzlBxHJwbYbnrTK84lcma56Rg1437fMVCwjjnJOisLDUGehK3
 HcFoIm1x.ZkNnkFE84WzYwf9u5GsVyeiq0N9yygW7Vkof0K2FgHnJrNRYbxLCoG9uveYQvr.g4J_
 NE_OCe_wGKtNUf8tAc5rl379yvYBrvWZbzlE3HIXN79DMzv_2JgCN6KlftENlpyQa05r9VJh8qm5
 F2ATOzqGecpIjOWfTevTm.FNcsh.aYuHWmMsiJ4UOiYztLf12UMu0LacZP1Mq5LnUcbLJCvtyABh
 wYr2wvAlauuQJubLIuGZUykFg0_kPQiIL9wub5hPZjhgxmcpR1hCgJe0yQuZj3O.tAATf9W922FR
 eIp.HmSr78JvgNWODJksVC91a24Ui0CKDFNCGTP2G5QMqCOe4Kgj9C0tJSjnCD6oYBRO7X7NFvL3
 oDpBVVABomtydpLUT90jMHnl6LtvSau_U7Bx11pQ_zFcUfc6ReSIxy6KRIa_sPUOdNZ.n4NQptaU
 AmEEoZ4Y.95EW8KSwRpDtLZ4YKPo5FDzI0tJGtNTqorZLE2oSq8W8wgYLCvRurW09eA_p4ypilUR
 JAia2t1SwgL9SumsMaBInZfapqE7L9IU9sfhNAb9NYs5Q6y2vhBANZOqVoflJHirvpkmx3Qb3DCB
 9AhPMlO5OpCtjMku8ZIOJFb1wBw5K.r.NT06UNNjOuDeYEeimTrimUkJSjWAp7G0HlcFKyVTIrxY
 TjgPBa50w0d4dUolu7bZzIxfSBoDXmdal5HJEW_URfLXTXLddAg8cJdVlSj9ergBaYvFReCdP_Of
 YKj5T7K.gnK05iQdJA2uZ2sR_lKU3I9dYplmkLf.CHgy3PZUs6gFCD0rd6MPaboXlhnjgL73fUOe
 cUGb5XRs3qsav9Duk7Z6ctNEl9GKLHO6QXGokh1xJH4whdTZzaurkP8rW_f19dvT9jrJh581IGdB
 XmmGmdw9LTG1Z.ysSflhuSMAi9ibWRpJc2UX_9ZMtGw5sXYXaWrHcE0oVSzfGqXXYwWHmAempst6
 bP9n3I20LyN1RHUFqH751J8cPzT4nr8ARSh3DMy71jmsTmmfi6DCHHLVWLbb_Dn7FWnJ4kwt.._F
 0ZXUz6Kz6eB2RMED1YFe.DWbqU2fPArh37hkIY0VyJhAvUumY7MNQt8GqWCIjexayx9ddA.lJ0mG
 .TDuhucTPCx7CghYs5rU3ITGx_2hH5KpIms5aPEijaIO64rwWF0A8EE5WCSG1WYIVRxTl6IePq.9
 lGEJBNbumX6kFYVK.0wQvrtm9AkadhhyezbxYijXLySxI8rjoWc9Z15wqJ.BXntBSGbqc3R8Hr8u
 X1ctgvuD2.IxHzLAtVH2rCm8fr_2tgaqagNZPNxL08ZbErdj.rQrBuv9mSKcjOc_Nnj3aHdmotNM
 TTHuXhlBtoePVxdp_Tobz0t.F1_ziYINvid0Bz5sXPEg0KVu9KoML_QAEyyBCD8_zZt0_xIsIzcd
 BlcdP9U5KZmlQMMdf_jlHnsk3dDRyvp0Ok9JYmMftJzZsE1N8nYb1Lx5RmmBLpbmVoS4XsfW69Lq
 yBNr0nOxaf8X9HA8gnk7hgSbxtb2ixEzLOJHW0WrbS7nA5MsX8jKYSAxqAE77MHAaSwRzM7TISP9
 hVUlf5_UIuNopGkl3vHB61Bw_VTmHveOymXcuL1Q-
X-Sonic-MF: <casey@schaufler-ca.com>
X-Sonic-ID: 5dba500b-dbef-4d20-9d04-e54cd028f336
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic314.consmr.mail.ne1.yahoo.com with HTTP; Tue, 10 Sep 2024 18:53:23 +0000
Received: by hermes--production-gq1-5d95dc458-4tw7n (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID bfec55394db9c3ecf7e1196118de0a4c;
          Tue, 10 Sep 2024 18:43:10 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey@schaufler-ca.com,
	paul@paul-moore.com,
	linux-security-module@vger.kernel.org
Cc: jmorris@namei.org,
	serge@hallyn.com,
	keescook@chromium.org,
	john.johansen@canonical.com,
	penguin-kernel@i-love.sakura.ne.jp,
	stephen.smalley.work@gmail.com,
	linux-kernel@vger.kernel.org,
	selinux@vger.kernel.org,
	mic@digikod.net,
	audit@vger.kernel.org
Subject: [PATCH v3 05/13] LSM: Use lsm_prop in security_ipc_getsecid
Date: Tue, 10 Sep 2024 11:41:17 -0700
Message-ID: <20240910184125.224651-6-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240910184125.224651-1-casey@schaufler-ca.com>
References: <20240910184125.224651-1-casey@schaufler-ca.com>
Precedence: bulk
X-Mailing-List: audit@vger.kernel.org
List-Id: <audit.vger.kernel.org>
List-Subscribe: <mailto:audit+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:audit+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

There may be more than one LSM that provides IPC data for auditing.
Change security_ipc_getsecid() to fill in a lsm_prop structure instead
of the u32 secid.  Change the name to security_ipc_getlsmprop() to
reflect the change.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: audit@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
---
 include/linux/lsm_hook_defs.h |  4 ++--
 include/linux/security.h      | 22 +++++++++++++++++-----
 kernel/auditsc.c              |  5 ++---
 security/security.c           | 14 +++++++-------
 security/selinux/hooks.c      |  9 ++++++---
 security/smack/smack_lsm.c    | 16 +++++++++-------
 6 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index f53323e52fe1..315bbe1f63fc 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -253,8 +253,8 @@ LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p,
 	 struct inode *inode)
 LSM_HOOK(int, 0, userns_create, const struct cred *cred)
 LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag)
-LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp,
-	 u32 *secid)
+LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmprop, struct kern_ipc_perm *ipcp,
+	 struct lsm_prop *prop)
 LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
 LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
 LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
diff --git a/include/linux/security.h b/include/linux/security.h
index d739a4cf43d3..c8f020cf2a84 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -277,6 +277,17 @@ static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
 	return kernel_load_data_str[id];
 }
 
+/**
+ * lsmprop_init - initialize a lsm_prop structure
+ * @prop: Pointer to the data to initialize
+ *
+ * Set all secid for all modules to the specified value.
+ */
+static inline void lsmprop_init(struct lsm_prop *prop)
+{
+	memset(prop, 0, sizeof(*prop));
+}
+
 #ifdef CONFIG_SECURITY
 
 /**
@@ -285,7 +296,7 @@ static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
  *
  * Returns true if there is a value set, false otherwise
  */
-static inline bool lsm_prop_is_set(struct lsm_prop *prop)
+static inline bool lsmprop_is_set(struct lsm_prop *prop)
 {
 	const struct lsm_prop empty = {};
 
@@ -500,7 +511,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 void security_task_to_inode(struct task_struct *p, struct inode *inode);
 int security_create_user_ns(const struct cred *cred);
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
+void security_ipc_getlsmprop(struct kern_ipc_perm *ipcp, struct lsm_prop *prop);
 int security_msg_msg_alloc(struct msg_msg *msg);
 void security_msg_msg_free(struct msg_msg *msg);
 int security_msg_queue_alloc(struct kern_ipc_perm *msq);
@@ -551,7 +562,7 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
  *
  * Returns true if there is a value set, false otherwise
  */
-static inline bool lsm_prop_is_set(struct lsm_prop *prop)
+static inline bool lsmprop_is_set(struct lsm_prop *prop)
 {
 	return false;
 }
@@ -1350,9 +1361,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
 	return 0;
 }
 
-static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+static inline void security_ipc_getlsmprop(struct kern_ipc_perm *ipcp,
+					   struct lsm_prop *prop)
 {
-	*secid = 0;
+	lsmprop_init(prop);
 }
 
 static inline int security_msg_msg_alloc(struct msg_msg *msg)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 014d23370384..3e051014484c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1397,7 +1397,7 @@ static void show_special(struct audit_context *context, int *call_panic)
 				 from_kuid(&init_user_ns, context->ipc.uid),
 				 from_kgid(&init_user_ns, context->ipc.gid),
 				 context->ipc.mode);
-		if (lsm_prop_is_set(&context->ipc.oprop)) {
+		if (lsmprop_is_set(&context->ipc.oprop)) {
 			char *ctx = NULL;
 			u32 len;
 
@@ -2638,8 +2638,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
 	context->ipc.gid = ipcp->gid;
 	context->ipc.mode = ipcp->mode;
 	context->ipc.has_perm = 0;
-	/* scaffolding */
-	security_ipc_getsecid(ipcp, &context->ipc.oprop.scaffold.secid);
+	security_ipc_getlsmprop(ipcp, &context->ipc.oprop);
 	context->type = AUDIT_IPC;
 }
 
diff --git a/security/security.c b/security/security.c
index 859b37e51796..410bf69af427 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3611,17 +3611,17 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 }
 
 /**
- * security_ipc_getsecid() - Get the sysv ipc object's secid
+ * security_ipc_getlsmprop() - Get the sysv ipc object LSM data
  * @ipcp: ipc permission structure
- * @secid: secid pointer
+ * @prop: pointer to lsm information
  *
- * Get the secid associated with the ipc object.  In case of failure, @secid
- * will be set to zero.
+ * Get the lsm information associated with the ipc object.
  */
-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+
+void security_ipc_getlsmprop(struct kern_ipc_perm *ipcp, struct lsm_prop *prop)
 {
-	*secid = 0;
-	call_void_hook(ipc_getsecid, ipcp, secid);
+	lsmprop_init(prop);
+	call_void_hook(ipc_getlsmprop, ipcp, prop);
 }
 
 /**
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a2da81d0d5f5..10c7fc61a786 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6328,10 +6328,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 	return ipc_has_perm(ipcp, av);
 }
 
-static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+static void selinux_ipc_getlsmprop(struct kern_ipc_perm *ipcp,
+				   struct lsm_prop *prop)
 {
 	struct ipc_security_struct *isec = selinux_ipc(ipcp);
-	*secid = isec->sid;
+	prop->selinux.secid = isec->sid;
+	/* scaffolding */
+	prop->scaffold.secid = isec->sid;
 }
 
 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
@@ -7252,7 +7255,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(userns_create, selinux_userns_create),
 
 	LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
-	LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
+	LSM_HOOK_INIT(ipc_getlsmprop, selinux_ipc_getlsmprop),
 
 	LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
 	LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1f478bb08779..7926f40bc7db 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3442,16 +3442,18 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
 }
 
 /**
- * smack_ipc_getsecid - Extract smack security id
+ * smack_ipc_getlsmprop - Extract smack security data
  * @ipp: the object permissions
- * @secid: where result will be saved
+ * @prop: where result will be saved
  */
-static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
+static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
 {
-	struct smack_known **blob = smack_ipc(ipp);
-	struct smack_known *iskp = *blob;
+	struct smack_known **iskpp = smack_ipc(ipp);
+	struct smack_known *iskp = *iskpp;
 
-	*secid = iskp->smk_secid;
+	prop->smack.skp = iskp;
+	/* scaffolding */
+	prop->scaffold.secid = iskp->smk_secid;
 }
 
 /**
@@ -5157,7 +5159,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
 
 	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
-	LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
+	LSM_HOOK_INIT(ipc_getlsmprop, smack_ipc_getlsmprop),
 
 	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
 

From patchwork Tue Sep 10 18:41:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 13799237
X-Patchwork-Delegate: paul@paul-moore.com
Received: from sonic314-27.consmr.mail.ne1.yahoo.com
 (sonic314-27.consmr.mail.ne1.yahoo.com [66.163.189.153])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38C4C1A4F1A
	for <audit@vger.kernel.org>; Tue, 10 Sep 2024 18:53:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=66.163.189.153
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1725994405; cv=none;
 b=Ll8C3U2SA+84NR1kTpMoBLij4rTvF2Av+SmoKL8I8GHz1GoLJovAtIuofoK5nHYXmTte5GqjsmcqHY4zURyUK+wXHeQz1iHpa8emn9AUC60gpT6KI2NYoiYLLgAcVxvo8usvoIlcI1BHNNT49CM032qZ9Ki0yHg/3bUNZ2gbKtA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1725994405; c=relaxed/simple;
	bh=cLI3aKf+4jLGtNwJ6c6JZmiMRAyr0hjuM2LtPmh5hG8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=hk6hjHBvj0g49hGTbnyezBubOeJ65kAD0VYz7j6UqpJ8h29B/CKmfw61tOluQTcDxQrFPjiA6CxJrvNUw3rRQXXTveHy33AIHmbLGMZlPVmNTIccwd4xnlN8HNUUPf/PecLzf+SKxPx8Y+9vMqJ2IIzEhEjaLyEvFxJgV9JCbYg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com;
 spf=none smtp.mailfrom=schaufler-ca.com;
 dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b=qGZkc70Y; arc=none smtp.client-ip=66.163.189.153
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b="qGZkc70Y"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725994402; bh=roEXD5uoszGAHqWo6NbdEc1ATm+VzTvo0S9RDjTnkBM=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=qGZkc70Yi66Q0KYfWoiSE0Ujbtro4OGQgILoQBUxL6+QWZ/YN5CyiniXoEm0PANRTBWBoTmnRKZFdLr76B1yY7k81kf6IC4gF3lwaBRbmgAzLD4mg/i74p1crwj77fjJLYKNCADHJb8RJpHrl0vlK3P9DLLHtZHzBpU9l1acKPyzOOpcHgEfo6qx4DXSdDernU16GyxZ7uM2BfoArvsNLuJeSSiANYWq0vZCrQk3PsheqzW8/sFcL7P9tA5Lin/rufobzhx1EXOHKIhCae83WHfssLM5IJ/NrH2DBrEJGTUryZnUDZXLU4lPWNSPpdZ2ErEFtEFGusauZlwYD12A1Q==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725994402; bh=8yJMgy8WQkJsx3S6O+2ltUrn0Okqq6tDfcuhIul9GVD=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=sHphDVYuuU8BUpAHMXljSyWGCKJlp80HCnP4+M1jpWOxxCFFMO5FxCinoSEw+q7nw21WRk+/rAS/b3BZobjfEMMtUJolez1iOO5QttsoHBd2vgVzZh1eG9sBF89cyIj/mwWZ2bBeh1YRAzkFKw99hMVEZrR8OVfCLRsKUpw1i2utOydro3YYc9TQI21+IzF9yhGnbnKbu3M/59iiJQmNujjTaI3plRhhDCaCLw3tSND5wwA6/SFpoF1DgWivydD3k2si0EHMB/EI8o3tpq40cl7TxP1mGvhATnTessL8A5EKDYMluBQ7QsQTjcHHIHf5HMOr7fGQZR9omHmz6D0bqg==
X-YMail-OSG: 8BFFVDMVM1n12u7XppaBGidVuNG4bDRIoBvu8lwN9cpmWwR1.nLMKe5DHYLO247
 YG4AddTC01McK.S4uc3iefTpglrFyeAiqmwlRNWSo4NeYD8_1vEKXjKhRyIRsw8Aa8YshPTPg3d5
 hBpkjWOIrNg4N71WrGycoyCxXih_i574BGlDJ6OJZVz34SZmOnv3Dvjf0_50OghLrE100U6f8HrF
 OPXDcRHDMXm5x6MsthyUuDYOYxv2d5wD_cdCLe9AM5922xnhfJ6A8GiD14s4prnnLtGP90Jnpqhy
 JYDgxXri0Iv5RD91.ct1cdiyPc5VMHtwijdqcef4IhLzwEOb6bapNp2zsqZip5IeaN.KM4AebjGp
 MX.LIa0kUQmsfrzzLlePtljCUTP2gWQIvlRQAwjpA5dX3nBFgVsmR6.z5laaQITGwsJEKd4LEd9E
 BOreEYyF7WGXgz5llZmXTgF6yq9JieA9tXWMmYHvhmJz_jw6DpwZ0OZbv_kLJT3gXS96HyqjbYB9
 bttRn9bJSu5l8YG94hOBn7beYeyjG8.CdbSZN99LIPxg8jz8X8WZyC8YDfhEI2beDx.J1pDpeQ8.
 0klP2QRdo59hJgJTT3dTCtvRd.nllci6v2te_wuW3xt.KB68op5Yifh425DGvaFfkgRsCwMasdJj
 xQGxklvZx1DPjU3hyKB6RZy.nmo9ne96gPyJMNNlEXVgnTkRG3hr7a5oTMkDbGqHSVEmxgyGEE2O
 cnCS4Dbw08BrLq1Wzw12gUw5TFDOC90Uign7qxN29DcagVqvWMwj8jZJN.r5crOflV_sm8oL9l2i
 2.Du3xExRbtGVz5o7PvPMptL.MyIqVj00..04AJoq5Zc6gzjPpvu6LPaToNlOlrDT6mz6kdsDW7N
 hHiHUHNrmDUB1R6XKwk.lxD_ckyP7XNQ4M5aUG2oyTOk0gwwXz2eE61FdwwwvIY9zUsazOpNmhlz
 7OSjWVW2a2Fm.dxOKo4k.st1KK1r3e5UfyyyQDgK79aEXlJBkdcWZN9HJwP3FVuTX3vtK3xP3Ocy
 xjfcPJwFxFy6zdFSbx2hjJOtnEHOOlwesU2tH2BB.yZyY8SNJ0v61wbRlzRLyLlVux7OCXJefpST
 oo5zPWY7KtEF5z1cvTrug4bl__kCrIM3Ca_TkuuCzurRUMIskgfJku7Ce3_XCcYLIpkOzRKaL6rG
 419QN1Wgu0M5.lB6nvkU6Y2Xpy5ZwAatpvHg3EAUPbcU6hDY7lzHL0PPIHZpyNTEgBSYRt7Cq9CC
 GShBW1.iCBy8kavjw.m9sduv8DwP.mBeCUEch0C2tekFeuJNI5bekdSCStMHzZ1TInVXwfeQbxfo
 Mgnq9GxlBDXrCtVJjF2eH4eac4A9qg8D_knaH.usGMZEWxYK6Zie_X3x2byuwXZM8_hQPfwBs9Nh
 u_os2uTPmaMgAS9AwyB1Ww9gwHWwNcUNuCEUWcDeQGeiIWRR.TKG8fRO2VyCuUMvggvkIIdFyWTV
 4bWx.qYveE0QTRD6A3ysk_4oueC2pfRplMB.F9t6rP0NaBbfuoxj5LvrZBh6JRAOOEZ8hUGxzx_s
 _1GaPYRjkB9udEonLK9izFqyjqqDTKD.G7lyTGTao6CK1ZNJ.h9gjaXSAhJisuvkkr4CdUNNAMAE
 _d52ISN0oLPUgRH2sZp4o7kTpbHzggMJIEUgSybAVdh3nDUxIg2ESFdD61HwQ2yw4.r.fKUQPLfN
 6bXmbuup6xSnDL3pmqdkSpCq24zFShrThBGBy.B6ObIqXl8Q4AJ.IY_mS7l5OMHX2qSyQCZQDdRL
 vQQmRPYOSZpqHKhIY5p4BwLyHtCOgKbteOVxqjHe..j5KerKifbpw1DBTxpKqRx7jOWpae5_x5nr
 1yrWCYnqhV.y8ypk8PlS0fwVHEzuRRamMYJbTw3STx7EUSPUh_M8mh7WYwc9e_Qjwozeb95_EXLv
 T.rFws1Ad4kX8n4Q1oXUfivGbHkQUa5zoS9_IK11CRkLOgBHgq5EqKwAqy2l5_py7b8XsykWrj0i
 uUm5CdtdmE6wz3BH5.u40ZRxfyh0Pl7ww_CnGm4K.KnWdZGRoXHAAsrFNGrjkGiTK6H3KjAAad5v
 EpL.HmSFzT41FaxsJY9tsCiu5eDJ3KbNwLQCE0haRFX8iTBoUbua0DvsmQZo2YD2lfPl8KCrHqyU
 aw1YtI95ArN9JqEnKHk5n19am_jAwxpNchiKmShgnXPiKVLWLAeZeL_4VOPsMq7GQMpY4DY0ahfN
 WOh5w1RA5ggY.N5M7KgTtcxHdZ9w3BVhZiiU06npTw3ALA42.EhCGpxKGMGA-
X-Sonic-MF: <casey@schaufler-ca.com>
X-Sonic-ID: 06cbb0af-efb0-40b5-a83d-9fb6ea77838b
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic314.consmr.mail.ne1.yahoo.com with HTTP; Tue, 10 Sep 2024 18:53:22 +0000
Received: by hermes--production-gq1-5d95dc458-4tw7n (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID bfec55394db9c3ecf7e1196118de0a4c;
          Tue, 10 Sep 2024 18:43:13 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey@schaufler-ca.com,
	paul@paul-moore.com,
	linux-security-module@vger.kernel.org
Cc: jmorris@namei.org,
	serge@hallyn.com,
	keescook@chromium.org,
	john.johansen@canonical.com,
	penguin-kernel@i-love.sakura.ne.jp,
	stephen.smalley.work@gmail.com,
	linux-kernel@vger.kernel.org,
	selinux@vger.kernel.org,
	mic@digikod.net,
	linux-integrity@vger.kernel.org,
	audit@vger.kernel.org
Subject: [PATCH v3 07/13] LSM: Use lsm_prop in security_current_getsecid
Date: Tue, 10 Sep 2024 11:41:19 -0700
Message-ID: <20240910184125.224651-8-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240910184125.224651-1-casey@schaufler-ca.com>
References: <20240910184125.224651-1-casey@schaufler-ca.com>
Precedence: bulk
X-Mailing-List: audit@vger.kernel.org
List-Id: <audit.vger.kernel.org>
List-Subscribe: <mailto:audit+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:audit+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Change the security_current_getsecid_subj() and
security_task_getsecid_obj() interfaces to fill in a lsm_prop structure
instead of a u32 secid.  Audit interfaces will need to collect all
possible security data for possible reporting.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: selinux@vger.kernel.org
---
 include/linux/lsm_hook_defs.h         |  6 +--
 include/linux/security.h              | 13 +++---
 kernel/audit.c                        | 11 +++--
 kernel/auditfilter.c                  |  3 +-
 kernel/auditsc.c                      | 22 ++++++----
 net/netlabel/netlabel_unlabeled.c     |  5 ++-
 net/netlabel/netlabel_user.h          |  6 ++-
 security/apparmor/lsm.c               | 20 ++++++---
 security/integrity/ima/ima.h          |  6 +--
 security/integrity/ima/ima_api.c      |  6 +--
 security/integrity/ima/ima_appraise.c |  6 +--
 security/integrity/ima/ima_main.c     | 59 ++++++++++++++-------------
 security/integrity/ima/ima_policy.c   | 14 +++----
 security/security.c                   | 28 ++++++-------
 security/selinux/hooks.c              | 17 +++++---
 security/smack/smack_lsm.c            | 25 +++++++-----
 16 files changed, 139 insertions(+), 108 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 315bbe1f63fc..e53d29c3ca1c 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -232,9 +232,9 @@ LSM_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred * old)
 LSM_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid)
 LSM_HOOK(int, 0, task_getpgid, struct task_struct *p)
 LSM_HOOK(int, 0, task_getsid, struct task_struct *p)
-LSM_HOOK(void, LSM_RET_VOID, current_getsecid_subj, u32 *secid)
-LSM_HOOK(void, LSM_RET_VOID, task_getsecid_obj,
-	 struct task_struct *p, u32 *secid)
+LSM_HOOK(void, LSM_RET_VOID, current_getlsmprop_subj, struct lsm_prop *prop)
+LSM_HOOK(void, LSM_RET_VOID, task_getlsmprop_obj,
+	 struct task_struct *p, struct lsm_prop *prop)
 LSM_HOOK(int, 0, task_setnice, struct task_struct *p, int nice)
 LSM_HOOK(int, 0, task_setioprio, struct task_struct *p, int ioprio)
 LSM_HOOK(int, 0, task_getioprio, struct task_struct *p)
diff --git a/include/linux/security.h b/include/linux/security.h
index c8f020cf2a84..07c0e635f124 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -492,8 +492,8 @@ int security_task_fix_setgroups(struct cred *new, const struct cred *old);
 int security_task_setpgid(struct task_struct *p, pid_t pgid);
 int security_task_getpgid(struct task_struct *p);
 int security_task_getsid(struct task_struct *p);
-void security_current_getsecid_subj(u32 *secid);
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
+void security_current_getlsmprop_subj(struct lsm_prop *prop);
+void security_task_getlsmprop_obj(struct task_struct *p, struct lsm_prop *prop);
 int security_task_setnice(struct task_struct *p, int nice);
 int security_task_setioprio(struct task_struct *p, int ioprio);
 int security_task_getioprio(struct task_struct *p);
@@ -1278,14 +1278,15 @@ static inline int security_task_getsid(struct task_struct *p)
 	return 0;
 }
 
-static inline void security_current_getsecid_subj(u32 *secid)
+static inline void security_current_getlsmprop_subj(struct lsm_prop *prop)
 {
-	*secid = 0;
+	lsmprop_init(prop);
 }
 
-static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static inline void security_task_getlsmprop_obj(struct task_struct *p,
+						struct lsm_prop *prop)
 {
-	*secid = 0;
+	lsmprop_init(prop);
 }
 
 static inline int security_task_setnice(struct task_struct *p, int nice)
diff --git a/kernel/audit.c b/kernel/audit.c
index 70f76fed254b..399f66557dfa 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2179,16 +2179,16 @@ void audit_log_key(struct audit_buffer *ab, char *key)
 
 int audit_log_task_context(struct audit_buffer *ab)
 {
+	struct lsm_prop prop;
 	char *ctx = NULL;
 	unsigned len;
 	int error;
-	u32 sid;
 
-	security_current_getsecid_subj(&sid);
-	if (!sid)
+	security_current_getlsmprop_subj(&prop);
+	if (!lsmprop_is_set(&prop))
 		return 0;
 
-	error = security_secid_to_secctx(sid, &ctx, &len);
+	error = security_lsmprop_to_secctx(&prop, &ctx, &len);
 	if (error) {
 		if (error != -EINVAL)
 			goto error_path;
@@ -2405,8 +2405,7 @@ int audit_signal_info(int sig, struct task_struct *t)
 			audit_sig_uid = auid;
 		else
 			audit_sig_uid = uid;
-		/* scaffolding */
-		security_current_getsecid_subj(&audit_sig_lsm.scaffold.secid);
+		security_current_getlsmprop_subj(&audit_sig_lsm);
 	}
 
 	return audit_signal_info_syscall(t);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 5b47571ae4ee..7589845cb9ee 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1371,8 +1371,7 @@ int audit_filter(int msgtype, unsigned int listtype)
 			case AUDIT_SUBJ_CLR:
 				if (f->lsm_rule) {
 					/* scaffolding */
-					security_current_getsecid_subj(
-							&prop.scaffold.secid);
+					security_current_getlsmprop_subj(&prop);
 					result = security_audit_rule_match(
 						   &prop, f->type, f->op,
 						   f->lsm_rule);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3e051014484c..b976b88c19c3 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -470,7 +470,6 @@ static int audit_filter_rules(struct task_struct *tsk,
 {
 	const struct cred *cred;
 	int i, need_sid = 1;
-	u32 sid;
 	struct lsm_prop prop = { };
 	unsigned int sessionid;
 
@@ -675,15 +674,14 @@ static int audit_filter_rules(struct task_struct *tsk,
 					 * fork()/copy_process() in which case
 					 * the new @tsk creds are still a dup
 					 * of @current's creds so we can still
-					 * use security_current_getsecid_subj()
+					 * use
+					 * security_current_getlsmprop_subj()
 					 * here even though it always refs
 					 * @current's creds
 					 */
-					security_current_getsecid_subj(&sid);
+					security_current_getlsmprop_subj(&prop);
 					need_sid = 0;
 				}
-				/* scaffolding */
-				prop.scaffold.secid = sid;
 				result = security_audit_rule_match(&prop,
 								   f->type,
 								   f->op,
@@ -2730,12 +2728,15 @@ int __audit_sockaddr(int len, void *a)
 void __audit_ptrace(struct task_struct *t)
 {
 	struct audit_context *context = audit_context();
+	struct lsm_prop prop;
 
 	context->target_pid = task_tgid_nr(t);
 	context->target_auid = audit_get_loginuid(t);
 	context->target_uid = task_uid(t);
 	context->target_sessionid = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &context->target_sid);
+	security_task_getlsmprop_obj(t, &prop);
+	/* scaffolding */
+	context->target_sid = prop.scaffold.secid;
 	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
 }
 
@@ -2751,6 +2752,7 @@ int audit_signal_info_syscall(struct task_struct *t)
 	struct audit_aux_data_pids *axp;
 	struct audit_context *ctx = audit_context();
 	kuid_t t_uid = task_uid(t);
+	struct lsm_prop prop;
 
 	if (!audit_signals || audit_dummy_context())
 		return 0;
@@ -2762,7 +2764,9 @@ int audit_signal_info_syscall(struct task_struct *t)
 		ctx->target_auid = audit_get_loginuid(t);
 		ctx->target_uid = t_uid;
 		ctx->target_sessionid = audit_get_sessionid(t);
-		security_task_getsecid_obj(t, &ctx->target_sid);
+		security_task_getlsmprop_obj(t, &prop);
+		/* scaffolding */
+		ctx->target_sid = prop.scaffold.secid;
 		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
 		return 0;
 	}
@@ -2783,7 +2787,9 @@ int audit_signal_info_syscall(struct task_struct *t)
 	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
 	axp->target_uid[axp->pid_count] = t_uid;
 	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
-	security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]);
+	security_task_getlsmprop_obj(t, &prop);
+	/* scaffolding */
+	axp->target_sid[axp->pid_count] = prop.scaffold.secid;
 	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
 	axp->pid_count++;
 
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 9996883bf2b7..5925f48a3ade 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1534,11 +1534,14 @@ int __init netlbl_unlabel_defconf(void)
 	int ret_val;
 	struct netlbl_dom_map *entry;
 	struct netlbl_audit audit_info;
+	struct lsm_prop prop;
 
 	/* Only the kernel is allowed to call this function and the only time
 	 * it is called is at bootup before the audit subsystem is reporting
 	 * messages so don't worry to much about these values. */
-	security_current_getsecid_subj(&audit_info.secid);
+	security_current_getlsmprop_subj(&prop);
+	/* scaffolding */
+	audit_info.secid = prop.scaffold.secid;
 	audit_info.loginuid = GLOBAL_ROOT_UID;
 	audit_info.sessionid = 0;
 
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index d6c5b31eb4eb..39f4f6df5f51 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,7 +32,11 @@
  */
 static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
 {
-	security_current_getsecid_subj(&audit_info->secid);
+	struct lsm_prop prop;
+
+	security_current_getlsmprop_subj(&prop);
+	/* scaffolding */
+	audit_info->secid = prop.scaffold.secid;
 	audit_info->loginuid = audit_get_loginuid(current);
 	audit_info->sessionid = audit_get_sessionid(current);
 }
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ad2499bff591..824a85d2ee85 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -982,17 +982,24 @@ static void apparmor_bprm_committed_creds(const struct linux_binprm *bprm)
 	return;
 }
 
-static void apparmor_current_getsecid_subj(u32 *secid)
+static void apparmor_current_getlsmprop_subj(struct lsm_prop *prop)
 {
 	struct aa_label *label = __begin_current_label_crit_section();
-	*secid = label->secid;
+
+	prop->apparmor.label = label;
+	/* scaffolding */
+	prop->scaffold.secid = label->secid;
 	__end_current_label_crit_section(label);
 }
 
-static void apparmor_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static void apparmor_task_getlsmprop_obj(struct task_struct *p,
+					  struct lsm_prop *prop)
 {
 	struct aa_label *label = aa_get_task_label(p);
-	*secid = label->secid;
+
+	prop->apparmor.label = label;
+	/* scaffolding */
+	prop->scaffold.secid = label->secid;
 	aa_put_label(label);
 }
 
@@ -1518,8 +1525,9 @@ static struct security_hook_list apparmor_hooks[] __ro_after_init = {
 
 	LSM_HOOK_INIT(task_free, apparmor_task_free),
 	LSM_HOOK_INIT(task_alloc, apparmor_task_alloc),
-	LSM_HOOK_INIT(current_getsecid_subj, apparmor_current_getsecid_subj),
-	LSM_HOOK_INIT(task_getsecid_obj, apparmor_task_getsecid_obj),
+	LSM_HOOK_INIT(current_getlsmprop_subj,
+		      apparmor_current_getlsmprop_subj),
+	LSM_HOOK_INIT(task_getlsmprop_obj, apparmor_task_getlsmprop_obj),
 	LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
 	LSM_HOOK_INIT(task_kill, apparmor_task_kill),
 	LSM_HOOK_INIT(userns_create, apparmor_userns_create),
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index f17213520c36..791f71036893 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -369,7 +369,7 @@ static inline void ima_process_queued_keys(void) {}
 
 /* LIM API function definitions */
 int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
-		   const struct cred *cred, u32 secid, int mask,
+		   const struct cred *cred, struct lsm_prop *prop, int mask,
 		   enum ima_hooks func, int *pcr,
 		   struct ima_template_desc **template_desc,
 		   const char *func_data, unsigned int *allowed_algos);
@@ -400,8 +400,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
 
 /* IMA policy related functions */
 int ima_match_policy(struct mnt_idmap *idmap, struct inode *inode,
-		     const struct cred *cred, u32 secid, enum ima_hooks func,
-		     int mask, int flags, int *pcr,
+		     const struct cred *cred, struct lsm_prop *prop,
+		     enum ima_hooks func, int mask, int flags, int *pcr,
 		     struct ima_template_desc **template_desc,
 		     const char *func_data, unsigned int *allowed_algos);
 void ima_init_policy(void);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 984e861f6e33..c35ea613c9f8 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
  * @idmap: idmap of the mount the inode was found from
  * @inode: pointer to the inode associated with the object being validated
  * @cred: pointer to credentials structure to validate
- * @secid: secid of the task being validated
+ * @prop: properties of the task being validated
  * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,
  *        MAY_APPEND)
  * @func: caller identifier
@@ -187,7 +187,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
  *
  */
 int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
-		   const struct cred *cred, u32 secid, int mask,
+		   const struct cred *cred, struct lsm_prop *prop, int mask,
 		   enum ima_hooks func, int *pcr,
 		   struct ima_template_desc **template_desc,
 		   const char *func_data, unsigned int *allowed_algos)
@@ -196,7 +196,7 @@ int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
 
 	flags &= ima_policy_flag;
 
-	return ima_match_policy(idmap, inode, cred, secid, func, mask,
+	return ima_match_policy(idmap, inode, cred, prop, func, mask,
 				flags, pcr, template_desc, func_data,
 				allowed_algos);
 }
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 656c709b974f..884a3533f7af 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -73,13 +73,13 @@ bool is_ima_appraise_enabled(void)
 int ima_must_appraise(struct mnt_idmap *idmap, struct inode *inode,
 		      int mask, enum ima_hooks func)
 {
-	u32 secid;
+	struct lsm_prop prop;
 
 	if (!ima_appraise)
 		return 0;
 
-	security_current_getsecid_subj(&secid);
-	return ima_match_policy(idmap, inode, current_cred(), secid,
+	security_current_getlsmprop_subj(&prop);
+	return ima_match_policy(idmap, inode, current_cred(), &prop,
 				func, mask, IMA_APPRAISE | IMA_HASH, NULL,
 				NULL, NULL, NULL);
 }
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index f04f43af651c..254ab465a4a6 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -206,8 +206,8 @@ static void ima_file_free(struct file *file)
 }
 
 static int process_measurement(struct file *file, const struct cred *cred,
-			       u32 secid, char *buf, loff_t size, int mask,
-			       enum ima_hooks func)
+			       struct lsm_prop *prop, char *buf, loff_t size,
+			       int mask, enum ima_hooks func)
 {
 	struct inode *real_inode, *inode = file_inode(file);
 	struct ima_iint_cache *iint = NULL;
@@ -232,7 +232,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
 	 * bitmask based on the appraise/audit/measurement policy.
 	 * Included is the appraise submask.
 	 */
-	action = ima_get_action(file_mnt_idmap(file), inode, cred, secid,
+	action = ima_get_action(file_mnt_idmap(file), inode, cred, prop,
 				mask, func, &pcr, &template_desc, NULL,
 				&allowed_algos);
 	violation_check = ((func == FILE_CHECK || func == MMAP_CHECK ||
@@ -443,23 +443,23 @@ static int process_measurement(struct file *file, const struct cred *cred,
 static int ima_file_mmap(struct file *file, unsigned long reqprot,
 			 unsigned long prot, unsigned long flags)
 {
-	u32 secid;
+	struct lsm_prop prop;
 	int ret;
 
 	if (!file)
 		return 0;
 
-	security_current_getsecid_subj(&secid);
+	security_current_getlsmprop_subj(&prop);
 
 	if (reqprot & PROT_EXEC) {
-		ret = process_measurement(file, current_cred(), secid, NULL,
+		ret = process_measurement(file, current_cred(), &prop, NULL,
 					  0, MAY_EXEC, MMAP_CHECK_REQPROT);
 		if (ret)
 			return ret;
 	}
 
 	if (prot & PROT_EXEC)
-		return process_measurement(file, current_cred(), secid, NULL,
+		return process_measurement(file, current_cred(), &prop, NULL,
 					   0, MAY_EXEC, MMAP_CHECK);
 
 	return 0;
@@ -488,9 +488,9 @@ static int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 	char *pathbuf = NULL;
 	const char *pathname = NULL;
 	struct inode *inode;
+	struct lsm_prop prop;
 	int result = 0;
 	int action;
-	u32 secid;
 	int pcr;
 
 	/* Is mprotect making an mmap'ed file executable? */
@@ -498,13 +498,13 @@ static int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 	    !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
 		return 0;
 
-	security_current_getsecid_subj(&secid);
+	security_current_getlsmprop_subj(&prop);
 	inode = file_inode(vma->vm_file);
 	action = ima_get_action(file_mnt_idmap(vma->vm_file), inode,
-				current_cred(), secid, MAY_EXEC, MMAP_CHECK,
+				current_cred(), &prop, MAY_EXEC, MMAP_CHECK,
 				&pcr, &template, NULL, NULL);
 	action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode,
-				 current_cred(), secid, MAY_EXEC,
+				 current_cred(), &prop, MAY_EXEC,
 				 MMAP_CHECK_REQPROT, &pcr, &template, NULL,
 				 NULL);
 
@@ -542,15 +542,18 @@ static int ima_bprm_check(struct linux_binprm *bprm)
 {
 	int ret;
 	u32 secid;
+	struct lsm_prop prop = { };
 
-	security_current_getsecid_subj(&secid);
-	ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
-				  MAY_EXEC, BPRM_CHECK);
+	security_current_getlsmprop_subj(&prop);
+	ret = process_measurement(bprm->file, current_cred(),
+				  &prop, NULL, 0, MAY_EXEC, BPRM_CHECK);
 	if (ret)
 		return ret;
 
 	security_cred_getsecid(bprm->cred, &secid);
-	return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
+	/* scaffolding */
+	prop.scaffold.secid = secid;
+	return process_measurement(bprm->file, bprm->cred, &prop, NULL, 0,
 				   MAY_EXEC, CREDS_CHECK);
 }
 
@@ -566,10 +569,10 @@ static int ima_bprm_check(struct linux_binprm *bprm)
  */
 static int ima_file_check(struct file *file, int mask)
 {
-	u32 secid;
+	struct lsm_prop prop;
 
-	security_current_getsecid_subj(&secid);
-	return process_measurement(file, current_cred(), secid, NULL, 0,
+	security_current_getlsmprop_subj(&prop);
+	return process_measurement(file, current_cred(), &prop, NULL, 0,
 				   mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
 					   MAY_APPEND), FILE_CHECK);
 }
@@ -768,7 +771,7 @@ static int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
 			 bool contents)
 {
 	enum ima_hooks func;
-	u32 secid;
+	struct lsm_prop prop;
 
 	/*
 	 * Do devices using pre-allocated memory run the risk of the
@@ -788,9 +791,9 @@ static int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
 
 	/* Read entire file for all partial reads. */
 	func = read_idmap[read_id] ?: FILE_CHECK;
-	security_current_getsecid_subj(&secid);
-	return process_measurement(file, current_cred(), secid, NULL,
-				   0, MAY_READ, func);
+	security_current_getlsmprop_subj(&prop);
+	return process_measurement(file, current_cred(), &prop, NULL, 0,
+				   MAY_READ, func);
 }
 
 const int read_idmap[READING_MAX_ID] = {
@@ -818,7 +821,7 @@ static int ima_post_read_file(struct file *file, char *buf, loff_t size,
 			      enum kernel_read_file_id read_id)
 {
 	enum ima_hooks func;
-	u32 secid;
+	struct lsm_prop prop;
 
 	/* permit signed certs */
 	if (!file && read_id == READING_X509_CERTIFICATE)
@@ -831,8 +834,8 @@ static int ima_post_read_file(struct file *file, char *buf, loff_t size,
 	}
 
 	func = read_idmap[read_id] ?: FILE_CHECK;
-	security_current_getsecid_subj(&secid);
-	return process_measurement(file, current_cred(), secid, buf, size,
+	security_current_getlsmprop_subj(&prop);
+	return process_measurement(file, current_cred(), &prop, buf, size,
 				   MAY_READ, func);
 }
 
@@ -967,7 +970,7 @@ int process_buffer_measurement(struct mnt_idmap *idmap,
 	int digest_hash_len = hash_digest_size[ima_hash_algo];
 	int violation = 0;
 	int action = 0;
-	u32 secid;
+	struct lsm_prop prop;
 
 	if (digest && digest_len < digest_hash_len)
 		return -EINVAL;
@@ -990,9 +993,9 @@ int process_buffer_measurement(struct mnt_idmap *idmap,
 	 * buffer measurements.
 	 */
 	if (func) {
-		security_current_getsecid_subj(&secid);
+		security_current_getlsmprop_subj(&prop);
 		action = ima_get_action(idmap, inode, current_cred(),
-					secid, 0, func, &pcr, &template,
+					&prop, 0, func, &pcr, &template,
 					func_data, NULL);
 		if (!(action & IMA_MEASURE) && !digest)
 			return -ENOENT;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 22a62e675ebc..a96dc3ff6aa0 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -557,7 +557,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule,
  * @idmap: idmap of the mount the inode was found from
  * @inode: a pointer to an inode
  * @cred: a pointer to a credentials structure for user validation
- * @secid: the secid of the task to be validated
+ * @prop: LSM properties of the task to be validated
  * @func: LIM hook identifier
  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
  * @func_data: func specific data, may be NULL
@@ -567,7 +567,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule,
 static bool ima_match_rules(struct ima_rule_entry *rule,
 			    struct mnt_idmap *idmap,
 			    struct inode *inode, const struct cred *cred,
-			    u32 secid, enum ima_hooks func, int mask,
+			    struct lsm_prop *prop, enum ima_hooks func, int mask,
 			    const char *func_data)
 {
 	int i;
@@ -658,8 +658,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
 		case LSM_SUBJ_USER:
 		case LSM_SUBJ_ROLE:
 		case LSM_SUBJ_TYPE:
-			/* scaffolding */
-			prop.scaffold.secid = secid;
 			rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,
 						   Audit_equal,
 						   lsm_rule->lsm[i].rule);
@@ -723,7 +721,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
  * @inode: pointer to an inode for which the policy decision is being made
  * @cred: pointer to a credentials structure for which the policy decision is
  *        being made
- * @secid: LSM secid of the task to be validated
+ * @prop: LSM properties of the task to be validated
  * @func: IMA hook identifier
  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
  * @flags: IMA actions to consider (e.g. IMA_MEASURE | IMA_APPRAISE)
@@ -740,8 +738,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
  * than writes so ima_match_policy() is classical RCU candidate.
  */
 int ima_match_policy(struct mnt_idmap *idmap, struct inode *inode,
-		     const struct cred *cred, u32 secid, enum ima_hooks func,
-		     int mask, int flags, int *pcr,
+		     const struct cred *cred, struct lsm_prop *prop,
+		     enum ima_hooks func, int mask, int flags, int *pcr,
 		     struct ima_template_desc **template_desc,
 		     const char *func_data, unsigned int *allowed_algos)
 {
@@ -759,7 +757,7 @@ int ima_match_policy(struct mnt_idmap *idmap, struct inode *inode,
 		if (!(entry->action & actmask))
 			continue;
 
-		if (!ima_match_rules(entry, idmap, inode, cred, secid,
+		if (!ima_match_rules(entry, idmap, inode, cred, prop,
 				     func, mask, func_data))
 			continue;
 
diff --git a/security/security.c b/security/security.c
index 410bf69af427..1e603e055c9f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3373,33 +3373,33 @@ int security_task_getsid(struct task_struct *p)
 }
 
 /**
- * security_current_getsecid_subj() - Get the current task's subjective secid
- * @secid: secid value
+ * security_current_getlsmprop_subj() - Current task's subjective LSM data
+ * @prop: lsm specific information
  *
  * Retrieve the subjective security identifier of the current task and return
- * it in @secid.  In case of failure, @secid will be set to zero.
+ * it in @prop.
  */
-void security_current_getsecid_subj(u32 *secid)
+void security_current_getlsmprop_subj(struct lsm_prop *prop)
 {
-	*secid = 0;
-	call_void_hook(current_getsecid_subj, secid);
+	lsmprop_init(prop);
+	call_void_hook(current_getlsmprop_subj, prop);
 }
-EXPORT_SYMBOL(security_current_getsecid_subj);
+EXPORT_SYMBOL(security_current_getlsmprop_subj);
 
 /**
- * security_task_getsecid_obj() - Get a task's objective secid
+ * security_task_getlsmprop_obj() - Get a task's objective LSM data
  * @p: target task
- * @secid: secid value
+ * @prop: lsm specific information
  *
  * Retrieve the objective security identifier of the task_struct in @p and
- * return it in @secid. In case of failure, @secid will be set to zero.
+ * return it in @prop.
  */
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+void security_task_getlsmprop_obj(struct task_struct *p, struct lsm_prop *prop)
 {
-	*secid = 0;
-	call_void_hook(task_getsecid_obj, p, secid);
+	lsmprop_init(prop);
+	call_void_hook(task_getlsmprop_obj, p, prop);
 }
-EXPORT_SYMBOL(security_task_getsecid_obj);
+EXPORT_SYMBOL(security_task_getlsmprop_obj);
 
 /**
  * security_task_setnice() - Check if setting a task's nice value is allowed
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 10c7fc61a786..ebab856c8748 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4161,14 +4161,19 @@ static int selinux_task_getsid(struct task_struct *p)
 			    PROCESS__GETSESSION, NULL);
 }
 
-static void selinux_current_getsecid_subj(u32 *secid)
+static void selinux_current_getlsmprop_subj(struct lsm_prop *prop)
 {
-	*secid = current_sid();
+	prop->selinux.secid = current_sid();
+	/* scaffolding */
+	prop->scaffold.secid = prop->selinux.secid;
 }
 
-static void selinux_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static void selinux_task_getlsmprop_obj(struct task_struct *p,
+					struct lsm_prop *prop)
 {
-	*secid = task_sid_obj(p);
+	prop->selinux.secid = task_sid_obj(p);
+	/* scaffolding */
+	prop->scaffold.secid = prop->selinux.secid;
 }
 
 static int selinux_task_setnice(struct task_struct *p, int nice)
@@ -7240,8 +7245,8 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
 	LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
 	LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
-	LSM_HOOK_INIT(current_getsecid_subj, selinux_current_getsecid_subj),
-	LSM_HOOK_INIT(task_getsecid_obj, selinux_task_getsecid_obj),
+	LSM_HOOK_INIT(current_getlsmprop_subj, selinux_current_getlsmprop_subj),
+	LSM_HOOK_INIT(task_getlsmprop_obj, selinux_task_getlsmprop_obj),
 	LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
 	LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
 	LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7926f40bc7db..03d0ac37b210 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2239,30 +2239,35 @@ static int smack_task_getsid(struct task_struct *p)
 }
 
 /**
- * smack_current_getsecid_subj - get the subjective secid of the current task
- * @secid: where to put the result
+ * smack_current_getlsmprop_subj - get the subjective secid of the current task
+ * @prop: where to put the result
  *
  * Sets the secid to contain a u32 version of the task's subjective smack label.
  */
-static void smack_current_getsecid_subj(u32 *secid)
+static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
 {
 	struct smack_known *skp = smk_of_current();
 
-	*secid = skp->smk_secid;
+	prop->smack.skp = skp;
+	/* scaffolding */
+	prop->scaffold.secid = skp->smk_secid;
 }
 
 /**
- * smack_task_getsecid_obj - get the objective secid of the task
+ * smack_task_getlsmprop_obj - get the objective data of the task
  * @p: the task
- * @secid: where to put the result
+ * @prop: where to put the result
  *
  * Sets the secid to contain a u32 version of the task's objective smack label.
  */
-static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static void smack_task_getlsmprop_obj(struct task_struct *p,
+				      struct lsm_prop *prop)
 {
 	struct smack_known *skp = smk_of_task_struct_obj(p);
 
-	*secid = skp->smk_secid;
+	prop->smack.skp = skp;
+	/* scaffolding */
+	prop->scaffold.secid = skp->smk_secid;
 }
 
 /**
@@ -5147,8 +5152,8 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
 	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
 	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
-	LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
-	LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
+	LSM_HOOK_INIT(current_getlsmprop_subj, smack_current_getlsmprop_subj),
+	LSM_HOOK_INIT(task_getlsmprop_obj, smack_task_getlsmprop_obj),
 	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
 	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
 	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),

From patchwork Tue Sep 10 18:41:22 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 13799217
X-Patchwork-Delegate: paul@paul-moore.com
Received: from sonic309-27.consmr.mail.ne1.yahoo.com
 (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 753CC1A76AD
	for <audit@vger.kernel.org>; Tue, 10 Sep 2024 18:44:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=66.163.184.153
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1725993898; cv=none;
 b=D44dnEcksS/cdxKnHenkjF+w0DgYuyTCYAc8XfpQ7WyZVhnsK+5n48FXq2V1xNMDVpntc0svp2Yd3nr33r8WyVNRATrmsATvuubvsyMS5FP/PU/tujBL+5P+whOjdmRreYMDajQfGUiRPjWHQXphfD06TdeYJV/cUE5Lqa9R6qE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1725993898; c=relaxed/simple;
	bh=JBK1O7fXK6QgQ/VoAl2pmxxHL+v5oNMWDFuZVFUUO44=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=QnDZGdW+Ned56WEdGWShIx8jy3V9pznQdqY6EhhRTnC8V80j9+pzwY6sc/gAPu4QvyC0MbUt9lw+HtXeLD31UQ3UdPD8+JOIGaEZHvCg1HmP1Sny5oFsv796ZLxKh+p+uGbonf3fpY+ndLgpi7doygOUnS8vGhsaLxGx+v104JI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com;
 spf=none smtp.mailfrom=schaufler-ca.com;
 dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b=tDEDDjrz; arc=none smtp.client-ip=66.163.184.153
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=schaufler-ca.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com
 header.b="tDEDDjrz"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725993895; bh=vy7GpGeQRSJudL4lBO0JXn1r1cbYVq1uqkvmngtU074=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=tDEDDjrzaAtVae8I0cDm2WOaCFdiIXDzY9QtveTX2uBtgXC53v3hhtK2FHMqlUH/BZrjDqmdL6BS7fTx2qVIRyqN48X62hFWtf4PY80vrYUgdTHJ9vDw73GW7BPZiDt7b4WeXcha/HJXHt6q02XXvxXBM6QbmvX0ELr4kTOiTbfrD0CotjPDnMkBjE1kpe7D4eDAEEDmDSmV9rIfG7yRvZF5Q2VvCPI2C/clTPfwfAkzolUUXWc/SKLOTYeOs4YAx0DuE5CUInX/4Se7IDYABrZp6BJnjpD4pJlVJuMrP3HibWeQCgvtzIqWY8RCqZiyGWCqNMI2AuxEyfdL99iPpg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1725993895; bh=JKtPrtR1XRhAJr8PvnPXMY0cEAVMwyqQ4u2FSD1pVms=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=SWt+cV4LieYrJXmG0aESHk2YKm8BJOne0CoMjTrtjH1nZgmkaJPSxKYcE43ndFiH5mbYMFZtvsZaP7UyPpQqAXhujIId/+ovNWNejkhsXDPvzvtAKvvlHwjRRyZ0PRGwHnwr0e7qcNwAN4fSmbhQ21qCHJ49nvsLE7Bm6tClaX2XYShAmfm+QAl+GEV+S1CbZczoyQprDKNH8lpreFov2tZqW9nvCBVpkUGcFCMI6uLQwCR2Q7OAE7WjQ9IFrLkuUvLpTtsht3rHJt7ulRbmh1tbrS/93w/6uQBtLOTECu0A1tT19yLqgxFY6sPgsjv0OBfGy1W7aDj/M2VzJNcSXw==
X-YMail-OSG: VaM3YXQVM1kY4DlBhIKQOh0niUSKSy22PJ9eUHTc9OCl0lNw3xjABJd8bdIePRT
 W3RBCMOQwFP1ryodHtdplyUhZy5EKCBDN2Gwdk1b67pERq6OfwhOliL4tBggjvMDzzBNR38QjdFd
 82RFvEUMe9ezoWrVeH2VfK4Gs_SVuEGe_jCusLG2wChSFpTLXtyzOPRI4nb.w7XtSWDniFxmtQYZ
 qV.CbM8_VLrsv38Q8PwM89pfF0pgYmwHJRbc4CEdzlg2iKsCym2cW__00LNLJhJJCcbB5XQ1o9iA
 cuug.xz2xxNRpy_dnj5dkvV9DDyZCBFez5xq915I2aFI4nfjIrxMi.0OOnWCDG_kML9cwvXgcBs.
 Rb8gVCaqAt7KL1besrQkZ3kChm9rvoFJl9peJqE2UYYvSLOvZaYRVvCbRcVPliggTlCuqnLqLUCQ
 OOuStl850FjYeb_4FAQOkjuHubkg.JTXjJmiKypJhuVqQE.ROh36VNbW5WIuTI7sjosGKAVyuxfD
 btfFPggU16vYjmgPXGIYh1WCZO4o9OBwGGoZoZe6E8vrs.NflNlrVgcTqXsUyJKmmAnP6MtpIAax
 MqeGgmJK81qtGGLXeGUToDLnH8cWUsMOR8he27c1BEI_4gza43FOKNM.bZODqk1Ww5GYxMWJdfM0
 IFdYMMKYmX9PaeLwhf1TOQlhB6797bosWvQJokXcCceLwSfn167RnyFcdhpNw_eVVGMYikKFAAoc
 hH8yppcF5yxEpTOomirJ1ho2tfDPAj9IyD_LTRKln_utXOaaXcWhivOJ3dM0DTMj77soxEp.gvlS
 wa0ui7gGyu7SVjvhw3IbmH2eSIAQ_qc0ITnvZCvyDIR3UaAAw00bCuihgSAK8bFA8JsUXW7vObLM
 yh7BADJdtjMWHAmNFbncWj1LSOJFJ0.bcKFgEnQoxnIYjKb5Wt73GivVKX2rBfFBUBlJZmTCqus3
 HfRjkQq6PE5r6PjiJlhDub04f7RK9lZlTltG.IxXvFMFwpgfabmUyGN0e8laJY3ld8j1BxRNb0eo
 0NabZY0JdJS_ywmcE_qcZbmgDRVCk3E_tQSfhtBJUcCPt3K7l8Ms7tLaZR6zKSK_sQfWjkxcnAeU
 XAt.Uyu9Bno.lGda2TIJZ7DfF8xYGDkRoDSPrtcNaJb4.ZG.5wXtkKd8uvjHaI2gZUffFmcr0cWd
 FjPHDszApEFv1NPQVh.0IuqcjMcJMdzNbXm2MSIyUqVWNo7MBTYShW15JKl63S_x8vBQG1ANXzZ2
 N4IYawDysmun6kYY4quc3tMjIlxoLY675IZhlYqGKO0bRmmMsTqilWqBKWiaSAXG2HH57r.xFK13
 gEe4AAcYsVts8xv5l_Oh1NQTz6hG54ZhHFUyepdcx_wXy0sm7MdLaJSeCGmq9BE88pFDGP1BwL20
 f24KjwsET7Ad3F63qtFzBBrE87HYOYN3iaZ8YeNOpxbDPic.EJIjea6zy7urHUFvtTFH6MqarMKa
 ldjokJ.oW0EaNn9.M7hwPXj71szdMNz4nhXAUBDmVNsjJ57CtgKGYtZMpp6BT6upGfpdnqsqVqOq
 9CMm7L2cb6Kxw5TXGTdo9gF6figbjL1L2tE9tHMGxMzo1zDnCp.J_UGbgZ0AXHhXzSeJhKu85Ho3
 cE9LpOK6UuaKYVxl_8lht1bfxlRHUrVFr7_2AnpYwmjO_skhrIRGGAsEKS1BTc.g3V.k8MjeBEZE
 yMQ.FTkshmzp07F4DXqeVxmJU3g8eek2F2mPdqxuOvJPZJHAO8XI6cpOAeLO37ZZ89bUj3PlQIMe
 hRWUJq3VKbctDdt0DU1F7u2Umo6lsdNPOPkgsp9mU8pu6UB0XoF0CjgfU.eb81gLSuPsLHRzweM.
 AUa7QSbef8lAThbdU3QOQzY.dEgoOLN_byezO.uaLynj56So96qxBevQ01Dq6lJnWGPgc.3Awpf8
 iNfPbizRDwoQqjooZSNEPR3Z52Oj4uiPZ5jlg8S3trryvnkF3j4TTYJaEEwgxr2JbPdDVhzMaman
 3RMCWQveRe0zE75UfmZOPRAhFUzcow4fa0WksptBvPm1z0cwiKDmqdpv9nHUFZzh4TrKyZQBCVuf
 xfu7m49nRY1g1pf6avZgFjaVWShroG_pVrqQAzcu6kh23ZwX5pC6qYHrr1jl0eLBDqKG_7zEadvY
 XgRLaZhUV1_Bp0JidDrIoCHDzFSkY0MMRKAfSJYO3AG_58OMJKHyL_vsODqnXV1ovQw.CFgh5Eiu
 qmHmFaehmXCIHnmpY.8ATQxPcX8RKAF_FvFUG2Wo77pOWpFTLbnh1jhCkDg3r.1wvutO.Xwoy6ds
 YR1tlM7ve3nhNiq76v0Hx5zaRfXUfKuCaH4v4UIgi8J8b2Q--
X-Sonic-MF: <casey@schaufler-ca.com>
X-Sonic-ID: 26045f67-62b7-4c91-9a7e-f99aa3966052
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 10 Sep 2024 18:44:55 +0000
Received: by hermes--production-gq1-5d95dc458-s958r (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID 52d00b93a233ef9d46e84b01a7384b7d;
          Tue, 10 Sep 2024 18:44:50 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey@schaufler-ca.com,
	paul@paul-moore.com,
	linux-security-module@vger.kernel.org
Cc: jmorris@namei.org,
	serge@hallyn.com,
	keescook@chromium.org,
	john.johansen@canonical.com,
	penguin-kernel@i-love.sakura.ne.jp,
	stephen.smalley.work@gmail.com,
	linux-kernel@vger.kernel.org,
	selinux@vger.kernel.org,
	mic@digikod.net,
	linux-integrity@vger.kernel.org,
	audit@vger.kernel.org
Subject: [PATCH v3 10/13] LSM: Create new security_cred_getlsmprop LSM hook
Date: Tue, 10 Sep 2024 11:41:22 -0700
Message-ID: <20240910184125.224651-11-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240910184125.224651-1-casey@schaufler-ca.com>
References: <20240910184125.224651-1-casey@schaufler-ca.com>
Precedence: bulk
X-Mailing-List: audit@vger.kernel.org
List-Id: <audit.vger.kernel.org>
List-Subscribe: <mailto:audit+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:audit+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Create a new LSM hook security_cred_getlsmprop() which, like
security_cred_getsecid(), fetches LSM specific attributes from the
cred structure.  The associated data elements in the audit sub-system
are changed from a secid to a lsm_prop to accommodate multiple possible
LSM audit users.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: selinux@vger.kernel.org
---
 include/linux/lsm_hook_defs.h     |  2 ++
 include/linux/security.h          |  5 +++++
 security/integrity/ima/ima_main.c |  7 ++-----
 security/security.c               | 15 +++++++++++++++
 security/selinux/hooks.c          |  8 ++++++++
 security/smack/smack_lsm.c        | 18 ++++++++++++++++++
 6 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 75131153f89e..75b3f5c7cb6d 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -215,6 +215,8 @@ LSM_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old,
 LSM_HOOK(void, LSM_RET_VOID, cred_transfer, struct cred *new,
 	 const struct cred *old)
 LSM_HOOK(void, LSM_RET_VOID, cred_getsecid, const struct cred *c, u32 *secid)
+LSM_HOOK(void, LSM_RET_VOID, cred_getlsmprop, const struct cred *c,
+	 struct lsm_prop *prop)
 LSM_HOOK(int, 0, kernel_act_as, struct cred *new, u32 secid)
 LSM_HOOK(int, 0, kernel_create_files_as, struct cred *new, struct inode *inode)
 LSM_HOOK(int, 0, kernel_module_request, char *kmod_name)
diff --git a/include/linux/security.h b/include/linux/security.h
index 6c50dfd70e81..ed13cf5bbe1f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -473,6 +473,7 @@ void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 void security_cred_getsecid(const struct cred *c, u32 *secid);
+void security_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
@@ -1202,6 +1203,10 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
 	*secid = 0;
 }
 
+static inline void security_cred_getlsmprop(const struct cred *c,
+					    struct lsm_prop *prop)
+{ }
+
 static inline int security_kernel_act_as(struct cred *cred, u32 secid)
 {
 	return 0;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 254ab465a4a6..09ed06598805 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -541,8 +541,7 @@ static int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 static int ima_bprm_check(struct linux_binprm *bprm)
 {
 	int ret;
-	u32 secid;
-	struct lsm_prop prop = { };
+	struct lsm_prop prop;
 
 	security_current_getlsmprop_subj(&prop);
 	ret = process_measurement(bprm->file, current_cred(),
@@ -550,9 +549,7 @@ static int ima_bprm_check(struct linux_binprm *bprm)
 	if (ret)
 		return ret;
 
-	security_cred_getsecid(bprm->cred, &secid);
-	/* scaffolding */
-	prop.scaffold.secid = secid;
+	security_cred_getlsmprop(bprm->cred, &prop);
 	return process_measurement(bprm->file, bprm->cred, &prop, NULL, 0,
 				   MAY_EXEC, CREDS_CHECK);
 }
diff --git a/security/security.c b/security/security.c
index 2365626a3365..137ceea105a6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3153,6 +3153,21 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
 }
 EXPORT_SYMBOL(security_cred_getsecid);
 
+/**
+ * security_cred_getlsmprop() - Get the LSM data from a set of credentials
+ * @c: credentials
+ * @prop: destination for the LSM data
+ *
+ * Retrieve the security data of the cred structure @c.  In case of
+ * failure, @prop will be cleared.
+ */
+void security_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
+{
+	lsmprop_init(prop);
+	call_void_hook(cred_getlsmprop, c, prop);
+}
+EXPORT_SYMBOL(security_cred_getlsmprop);
+
 /**
  * security_kernel_act_as() - Set the kernel credentials to act as secid
  * @new: credentials
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1db4ecfea764..a523f38faca0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4029,6 +4029,13 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
 	*secid = cred_sid(c);
 }
 
+static void selinux_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
+{
+	prop->selinux.secid = cred_sid(c);
+	/* scaffolding */
+	prop->scaffold.secid = prop->selinux.secid;
+}
+
 /*
  * set the security data for a kernel service
  * - all the creation contexts are set to unlabelled
@@ -7240,6 +7247,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
 	LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
 	LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
+	LSM_HOOK_INIT(cred_getlsmprop, selinux_cred_getlsmprop),
 	LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
 	LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
 	LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8c362fe2871c..4d236a5ea5c6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2150,6 +2150,23 @@ static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
 	rcu_read_unlock();
 }
 
+/**
+ * smack_cred_getlsmprop - get the Smack label for a creds structure
+ * @cred: the object creds
+ * @prop: where to put the data
+ *
+ * Sets the Smack part of the ref
+ */
+static void smack_cred_getlsmprop(const struct cred *cred,
+				  struct lsm_prop *prop)
+{
+	rcu_read_lock();
+	prop->smack.skp = smk_of_task(smack_cred(cred));
+	/* scaffolding */
+	prop->scaffold.secid = prop->smack.skp->smk_secid;
+	rcu_read_unlock();
+}
+
 /**
  * smack_kernel_act_as - Set the subjective context in a set of credentials
  * @new: points to the set of credentials to be modified.
@@ -5149,6 +5166,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
 	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
 	LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
+	LSM_HOOK_INIT(cred_getlsmprop, smack_cred_getlsmprop),
 	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
 	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
 	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),