Message ID | 20190228221933.2551-12-casey@schaufler-ca.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | LSM: Complete module stacking | expand |
On Thursday, 2/28/2019 at 5:18 PM, Casey Schaufler <casey@schaufler-ca.com> wrote: > Convert the kernel_ask_as hooks to use the lsm_export Should be act_as, not? ^^ > structure instead of a u32 secid. There is some scaffolding > involved that will be removed when security_kernel_ask_as() > is updated. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/lsm_hooks.h | 4 ++-- > security/security.c | 15 ++++++++++++++- > security/selinux/hooks.c | 17 ++++++++++++++--- > security/smack/smack_lsm.c | 12 +++++++++++- > 4 files changed, 41 insertions(+), 7 deletions(-) > > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index 44597189fea4..796eb441be95 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -562,7 +562,7 @@ > * @kernel_act_as: > * Set the credentials for a kernel service to act as (subjective context). > * @new points to the credentials to be modified. > - * @secid specifies the security ID to be set > + * @l specifies the security data to be set > * The current task must be the one that nominated @secid. > * Return 0 if successful. > * @kernel_create_files_as: > @@ -1588,7 +1588,7 @@ union security_list_options { > gfp_t gfp); > void (*cred_transfer)(struct cred *new, const struct cred *old); > void (*cred_getsecid)(const struct cred *c, struct lsm_export *l); > - int (*kernel_act_as)(struct cred *new, u32 secid); > + int (*kernel_act_as)(struct cred *new, struct lsm_export *l); > int (*kernel_create_files_as)(struct cred *new, struct inode *inode); > int (*kernel_module_request)(char *kmod_name); > int (*kernel_load_data)(enum kernel_load_data_id id); > diff --git a/security/security.c b/security/security.c > index 909b6b8d1a50..1a29fe08a5d9 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -738,6 +738,15 @@ static inline void lsm_export_secid(struct lsm_export *data, u32 *secid) > } > } > > +static inline void lsm_export_to_all(struct lsm_export *data, u32 secid) > +{ > + data->selinux = secid; > + data->smack = secid; > + data->apparmor = secid; > + data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK | > + LSM_EXPORT_APPARMOR; > +} > + > /* Security operations */ > > int security_binder_set_context_mgr(struct task_struct *mgr) > @@ -1633,7 +1642,11 @@ EXPORT_SYMBOL(security_cred_getsecid); > > int security_kernel_act_as(struct cred *new, u32 secid) > { > - return call_int_hook(kernel_act_as, 0, new, secid); > + struct lsm_export data = { .flags = LSM_EXPORT_NONE }; > + > + lsm_export_to_all(&data, secid); > + > + return call_int_hook(kernel_act_as, 0, new, &data); > } > > int security_kernel_create_files_as(struct cred *new, struct inode *inode) > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 6f61a894f7c5..efcd905bdabf 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -220,6 +220,14 @@ static inline void selinux_export_secid(struct lsm_export *l, u32 secid) > l->flags |= LSM_EXPORT_SELINUX; > } > > +static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) > +{ > + if (l->flags | LSM_EXPORT_SELINUX) > + *secid = l->selinux; > + else > + *secid = SECSID_NULL; > +} > + > /* > * get the security ID of a set of credentials > */ > @@ -3669,19 +3677,22 @@ static void selinux_cred_getsecid(const struct cred *c, struct lsm_export *l) > * set the security data for a kernel service > * - all the creation contexts are set to unlabelled > */ > -static int selinux_kernel_act_as(struct cred *new, u32 secid) > +static int selinux_kernel_act_as(struct cred *new, struct lsm_export *l) > { > struct task_security_struct *tsec = selinux_cred(new); > + u32 nsid; > u32 sid = current_sid(); > int ret; > > + selinux_import_secid(l, &nsid); > + > ret = avc_has_perm(&selinux_state, > - sid, secid, > + sid, nsid, > SECCLASS_KERNEL_SERVICE, > KERNEL_SERVICE__USE_AS_OVERRIDE, > NULL); > if (ret == 0) { > - tsec->sid = secid; > + tsec->sid = nsid; > tsec->create_sid = 0; > tsec->keycreate_sid = 0; > tsec->sockcreate_sid = 0; > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index d5ff34a5803b..0e1f6ef25eb2 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -473,6 +473,14 @@ static inline void smack_export_secid(struct lsm_export *l, u32 secid) > l->flags |= LSM_EXPORT_SMACK; > } > > +static inline void smack_import_secid(struct lsm_export *l, u32 *secid) > +{ > + if (l->flags | LSM_EXPORT_SMACK) > + *secid = l->smack; > + else > + *secid = 0; > +} > + > /* > * LSM hooks. > * We he, that is fun! > @@ -1910,10 +1918,12 @@ static void smack_cred_getsecid(const struct cred *cred, struct lsm_export *l) > * > * Set the security data for a kernel service. > */ > -static int smack_kernel_act_as(struct cred *new, u32 secid) > +static int smack_kernel_act_as(struct cred *new, struct lsm_export *l) > { > + u32 secid; > struct task_smack *new_tsp = smack_cred(new); > > + smack_import_secid(l, &secid); > new_tsp->smk_task = smack_from_secid(secid); > return 0; > } > -- > 2.17.0
On 3/1/2019 6:59 AM, Edwin Zimmerman wrote: > On Thursday, 2/28/2019 at 5:18 PM, Casey Schaufler <casey@schaufler-ca.com> wrote: >> Convert the kernel_ask_as hooks to use the lsm_export > Should be act_as, not? ^^ You are correct.
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 44597189fea4..796eb441be95 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -562,7 +562,7 @@ * @kernel_act_as: * Set the credentials for a kernel service to act as (subjective context). * @new points to the credentials to be modified. - * @secid specifies the security ID to be set + * @l specifies the security data to be set * The current task must be the one that nominated @secid. * Return 0 if successful. * @kernel_create_files_as: @@ -1588,7 +1588,7 @@ union security_list_options { gfp_t gfp); void (*cred_transfer)(struct cred *new, const struct cred *old); void (*cred_getsecid)(const struct cred *c, struct lsm_export *l); - int (*kernel_act_as)(struct cred *new, u32 secid); + int (*kernel_act_as)(struct cred *new, struct lsm_export *l); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); int (*kernel_load_data)(enum kernel_load_data_id id); diff --git a/security/security.c b/security/security.c index 909b6b8d1a50..1a29fe08a5d9 100644 --- a/security/security.c +++ b/security/security.c @@ -738,6 +738,15 @@ static inline void lsm_export_secid(struct lsm_export *data, u32 *secid) } } +static inline void lsm_export_to_all(struct lsm_export *data, u32 secid) +{ + data->selinux = secid; + data->smack = secid; + data->apparmor = secid; + data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK | + LSM_EXPORT_APPARMOR; +} + /* Security operations */ int security_binder_set_context_mgr(struct task_struct *mgr) @@ -1633,7 +1642,11 @@ EXPORT_SYMBOL(security_cred_getsecid); int security_kernel_act_as(struct cred *new, u32 secid) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct lsm_export data = { .flags = LSM_EXPORT_NONE }; + + lsm_export_to_all(&data, secid); + + return call_int_hook(kernel_act_as, 0, new, &data); } int security_kernel_create_files_as(struct cred *new, struct inode *inode) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6f61a894f7c5..efcd905bdabf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -220,6 +220,14 @@ static inline void selinux_export_secid(struct lsm_export *l, u32 secid) l->flags |= LSM_EXPORT_SELINUX; } +static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) +{ + if (l->flags | LSM_EXPORT_SELINUX) + *secid = l->selinux; + else + *secid = SECSID_NULL; +} + /* * get the security ID of a set of credentials */ @@ -3669,19 +3677,22 @@ static void selinux_cred_getsecid(const struct cred *c, struct lsm_export *l) * set the security data for a kernel service * - all the creation contexts are set to unlabelled */ -static int selinux_kernel_act_as(struct cred *new, u32 secid) +static int selinux_kernel_act_as(struct cred *new, struct lsm_export *l) { struct task_security_struct *tsec = selinux_cred(new); + u32 nsid; u32 sid = current_sid(); int ret; + selinux_import_secid(l, &nsid); + ret = avc_has_perm(&selinux_state, - sid, secid, + sid, nsid, SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, NULL); if (ret == 0) { - tsec->sid = secid; + tsec->sid = nsid; tsec->create_sid = 0; tsec->keycreate_sid = 0; tsec->sockcreate_sid = 0; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d5ff34a5803b..0e1f6ef25eb2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -473,6 +473,14 @@ static inline void smack_export_secid(struct lsm_export *l, u32 secid) l->flags |= LSM_EXPORT_SMACK; } +static inline void smack_import_secid(struct lsm_export *l, u32 *secid) +{ + if (l->flags | LSM_EXPORT_SMACK) + *secid = l->smack; + else + *secid = 0; +} + /* * LSM hooks. * We he, that is fun! @@ -1910,10 +1918,12 @@ static void smack_cred_getsecid(const struct cred *cred, struct lsm_export *l) * * Set the security data for a kernel service. */ -static int smack_kernel_act_as(struct cred *new, u32 secid) +static int smack_kernel_act_as(struct cred *new, struct lsm_export *l) { + u32 secid; struct task_smack *new_tsp = smack_cred(new); + smack_import_secid(l, &secid); new_tsp->smk_task = smack_from_secid(secid); return 0; }
Convert the kernel_ask_as hooks to use the lsm_export structure instead of a u32 secid. There is some scaffolding involved that will be removed when security_kernel_ask_as() is updated. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- include/linux/lsm_hooks.h | 4 ++-- security/security.c | 15 ++++++++++++++- security/selinux/hooks.c | 17 ++++++++++++++--- security/smack/smack_lsm.c | 12 +++++++++++- 4 files changed, 41 insertions(+), 7 deletions(-)