| Message ID | 20240825190048.13289-6-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | LSM: Move away from secids | expand |
On Sun, Aug 25, 2024 at 3:02 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > There may be more than one LSM that provides IPC data for auditing. > Change security_ipc_getsecid() to fill in a lsmblob structure instead > of the u32 secid. Change the name to security_ipc_getlsmblob() to > reflect the change. The audit data structure containing the secid > will be updated later, so there is a bit of scaffolding here. > > Reviewed-by: Kees Cook <keescook@chromium.org> > Reviewed-by: John Johansen <john.johansen@canonical.com> > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> > Acked-by: Paul Moore <paul@paul-moore.com> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > Cc: linux-audit@redhat.com > Cc: audit@vger.kernel.org 1. Need to cc selinux list on patches that modify it. 2. Can't retain Acked-by or Reviewed-by lines if the patch has changed since the review. > --- > include/linux/lsm_hook_defs.h | 4 ++-- > include/linux/security.h | 18 +++++++++++++++--- > kernel/auditsc.c | 3 +-- > security/security.c | 14 +++++++------- > security/selinux/hooks.c | 9 ++++++--- > security/smack/smack_lsm.c | 17 ++++++++++------- > 6 files changed, 41 insertions(+), 24 deletions(-) > > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index 3e5f6baa7b9f..c3ffc3f98343 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -253,8 +253,8 @@ LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p, > struct inode *inode) > LSM_HOOK(int, 0, userns_create, const struct cred *cred) > LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag) > -LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp, > - u32 *secid) > +LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmblob, struct kern_ipc_perm *ipcp, > + struct lsmblob *blob) > LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg) > LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg) > LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm) > diff --git a/include/linux/security.h b/include/linux/security.h > index a0b23b6e8734..ebe8edaae953 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -290,6 +290,17 @@ static inline bool lsmblob_is_set(struct lsmblob *blob) > return !!memcmp(blob, &empty, sizeof(*blob)); > } > > +/** > + * lsmblob_init - initialize a lsmblob structure > + * @blob: Pointer to the data to initialize > + * > + * Set all secid for all modules to the specified value. > + */ > +static inline void lsmblob_init(struct lsmblob *blob) > +{ > + memset(blob, 0, sizeof(*blob)); > +} > + > #ifdef CONFIG_SECURITY > > int call_blocking_lsm_notifier(enum lsm_event event, void *data); > @@ -500,7 +511,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, > void security_task_to_inode(struct task_struct *p, struct inode *inode); > int security_create_user_ns(const struct cred *cred); > int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); > -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); > +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob); > int security_msg_msg_alloc(struct msg_msg *msg); > void security_msg_msg_free(struct msg_msg *msg); > int security_msg_queue_alloc(struct kern_ipc_perm *msq); > @@ -1340,9 +1351,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, > return 0; > } > > -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) > +static inline void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, > + struct lsmblob *blob) > { > - *secid = 0; > + lsmblob_init(blob); > } > > static inline int security_msg_msg_alloc(struct msg_msg *msg) > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 84f6e9356b8f..94b7ef89da2e 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2638,8 +2638,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) > context->ipc.gid = ipcp->gid; > context->ipc.mode = ipcp->mode; > context->ipc.has_perm = 0; > - /* scaffolding */ > - security_ipc_getsecid(ipcp, &context->ipc.oblob.scaffold.secid); > + security_ipc_getlsmblob(ipcp, &context->ipc.oblob); > context->type = AUDIT_IPC; > } > > diff --git a/security/security.c b/security/security.c > index bb541a3be410..6e72e678b5b4 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -3611,17 +3611,17 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) > } > > /** > - * security_ipc_getsecid() - Get the sysv ipc object's secid > + * security_ipc_getlsmblob() - Get the sysv ipc object LSM data > * @ipcp: ipc permission structure > - * @secid: secid pointer > + * @blob: pointer to lsm information > * > - * Get the secid associated with the ipc object. In case of failure, @secid > - * will be set to zero. > + * Get the lsm information associated with the ipc object. > */ > -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) > + > +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob) > { > - *secid = 0; > - call_void_hook(ipc_getsecid, ipcp, secid); > + lsmblob_init(blob); > + call_void_hook(ipc_getlsmblob, ipcp, blob); > } > > /** > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 102489e6d579..1b34b86426e8 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -6328,10 +6328,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) > return ipc_has_perm(ipcp, av); > } > > -static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) > +static void selinux_ipc_getlsmblob(struct kern_ipc_perm *ipcp, > + struct lsmblob *blob) > { > struct ipc_security_struct *isec = selinux_ipc(ipcp); > - *secid = isec->sid; > + blob->selinux.secid = isec->sid; > + /* scaffolding */ > + blob->scaffold.secid = isec->sid; > } > > static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) > @@ -7252,7 +7255,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { > LSM_HOOK_INIT(userns_create, selinux_userns_create), > > LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), > - LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), > + LSM_HOOK_INIT(ipc_getlsmblob, selinux_ipc_getlsmblob), > > LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), > LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 5d74d8590862..370ca7fb1843 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -3442,16 +3442,19 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) > } > > /** > - * smack_ipc_getsecid - Extract smack security id > + * smack_ipc_getlsmblob - Extract smack security data > * @ipp: the object permissions > - * @secid: where result will be saved > + * @blob: where result will be saved > */ > -static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) > +static void smack_ipc_getlsmblob(struct kern_ipc_perm *ipp, > + struct lsmblob *blob) > { > - struct smack_known **blob = smack_ipc(ipp); > - struct smack_known *iskp = *blob; > + struct smack_known **iskpp = smack_ipc(ipp); > + struct smack_known *iskp = *iskpp; > > - *secid = iskp->smk_secid; > + blob->smack.skp = iskp; > + /* scaffolding */ > + blob->scaffold.secid = iskp->smk_secid; > } > > /** > @@ -5157,7 +5160,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { > LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), > > LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), > - LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), > + LSM_HOOK_INIT(ipc_getlsmblob, smack_ipc_getlsmblob), > > LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), > > -- > 2.41.0 >
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 3e5f6baa7b9f..c3ffc3f98343 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -253,8 +253,8 @@ LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p, struct inode *inode) LSM_HOOK(int, 0, userns_create, const struct cred *cred) LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag) -LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp, - u32 *secid) +LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmblob, struct kern_ipc_perm *ipcp, + struct lsmblob *blob) LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg) LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg) LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm) diff --git a/include/linux/security.h b/include/linux/security.h index a0b23b6e8734..ebe8edaae953 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -290,6 +290,17 @@ static inline bool lsmblob_is_set(struct lsmblob *blob) return !!memcmp(blob, &empty, sizeof(*blob)); } +/** + * lsmblob_init - initialize a lsmblob structure + * @blob: Pointer to the data to initialize + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob) +{ + memset(blob, 0, sizeof(*blob)); +} + #ifdef CONFIG_SECURITY int call_blocking_lsm_notifier(enum lsm_event event, void *data); @@ -500,7 +511,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_create_user_ns(const struct cred *cred); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1340,9 +1351,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 84f6e9356b8f..94b7ef89da2e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2638,8 +2638,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - /* scaffolding */ - security_ipc_getsecid(ipcp, &context->ipc.oblob.scaffold.secid); + security_ipc_getlsmblob(ipcp, &context->ipc.oblob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index bb541a3be410..6e72e678b5b4 100644 --- a/security/security.c +++ b/security/security.c @@ -3611,17 +3611,17 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) } /** - * security_ipc_getsecid() - Get the sysv ipc object's secid + * security_ipc_getlsmblob() - Get the sysv ipc object LSM data * @ipcp: ipc permission structure - * @secid: secid pointer + * @blob: pointer to lsm information * - * Get the secid associated with the ipc object. In case of failure, @secid - * will be set to zero. + * Get the lsm information associated with the ipc object. */ -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) + +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + lsmblob_init(blob); + call_void_hook(ipc_getlsmblob, ipcp, blob); } /** diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 102489e6d579..1b34b86426e8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6328,10 +6328,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return ipc_has_perm(ipcp, av); } -static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static void selinux_ipc_getlsmblob(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { struct ipc_security_struct *isec = selinux_ipc(ipcp); - *secid = isec->sid; + blob->selinux.secid = isec->sid; + /* scaffolding */ + blob->scaffold.secid = isec->sid; } static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) @@ -7252,7 +7255,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(userns_create, selinux_userns_create), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), - LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), + LSM_HOOK_INIT(ipc_getlsmblob, selinux_ipc_getlsmblob), LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5d74d8590862..370ca7fb1843 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3442,16 +3442,19 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) } /** - * smack_ipc_getsecid - Extract smack security id + * smack_ipc_getlsmblob - Extract smack security data * @ipp: the object permissions - * @secid: where result will be saved + * @blob: where result will be saved */ -static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) +static void smack_ipc_getlsmblob(struct kern_ipc_perm *ipp, + struct lsmblob *blob) { - struct smack_known **blob = smack_ipc(ipp); - struct smack_known *iskp = *blob; + struct smack_known **iskpp = smack_ipc(ipp); + struct smack_known *iskp = *iskpp; - *secid = iskp->smk_secid; + blob->smack.skp = iskp; + /* scaffolding */ + blob->scaffold.secid = iskp->smk_secid; } /** @@ -5157,7 +5160,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), - LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), + LSM_HOOK_INIT(ipc_getlsmblob, smack_ipc_getlsmblob), LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),