From patchwork Fri May 11 20:25:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10395337 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 66BD460236 for ; Fri, 11 May 2018 20:25:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5372228DA1 for ; Fri, 11 May 2018 20:25:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 46F5628FA6; Fri, 11 May 2018 20:25:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9FD6328DA1 for ; Fri, 11 May 2018 20:25:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750798AbeEKUZW (ORCPT ); Fri, 11 May 2018 16:25:22 -0400 Received: from sonic313-17.consmr.mail.ne1.yahoo.com ([66.163.185.40]:46132 "EHLO sonic313-17.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750711AbeEKUZV (ORCPT ); Fri, 11 May 2018 16:25:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1526070321; bh=bxBeQBlYpmF7Bg1Hx988D9Yy6AJyqX3mG+o0QJJsauI=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=GvXonRu5zQIfoVL0Zq4lbnU1hThaxnl7o8Jdggx/V/CI//cJi/bcwr3XIIjcBNdwbrqBsc8XbJfTRA4ksPkNcYUY84GH9p+byymEavUESzaarR8ZzLKU5yU5XlYnotk1fq+Ofv+ix0qHbsozlJezRPQuxrZUId5nZSrVyY6DCH3vaYGeOThVGdbvAa1ZllrDiMuDSI0y62E4XOgUf0JMri6vZx1irB+eSb54II70elFoFfxvVujyjMvGzzmaJnRPl+xJ3C0QM853zQewytVW1a9eeBPj0ifu+e09NHswaHTzZDxCjcAkBuThABsarFADA4FPsr6pgncBmFNtjDc3Uw== X-YMail-OSG: nXVfdSkVM1lSVNUo.s04dM6x27bSGGgl69Nzh9ea6tlDM0NVHrDrbmnv8zMT9ou 7NSrIfmB5O6xOmBXad2rcenHptsdqNJuHYghwqOj.2iDi4Pm3XCPixGBYvzcepRXukNHL5MAGcs9 AXo.YgfAE.tfFB2vz_07939opsnPkBkUh3QTYZ9fBqWC2wNxAealFDO8KhX9JMfqgn6UbyvCoBiG YIcm9OLGonpi9NeLUp7iMHvaA4Hc6zA5b2.ZWjQZQKlk9KccKic88RwJTnWc4VKMcMTxHNMuEqv2 uUxK6azRswcrSb5ZJFvsZuDvWWQUHyTLIht6bkWO4ObxdeKUurdRuYDxfUhdqmT8_.kkqptPbe6T 4ZNd_Eur3PIqX9VjZZ4xK40X3g5M1_lrSXuYROgBd8oItv0isVRHCMxrPmc5k5CeSxWokBBONTlX uUX6wmfq3IaNtF.qx1P0ubiOpcjNmgn8S4qqk6Qa4RYOhLYlL9hQzgAeCxLxVShTcdXmX4cHPdo2 jYNNQsm.Ds4ZimwjLGKdBlq6Pno.DVELR0989gJiJnbYtfST6F.QHnaGVIEZneX71wlxo64fIwgs 0PfuZ0a08K._q55iZp1K41tyfUu3Oe0bD_io7unFwXz3418S3YXB1oDGyyYH5DQ0tms68gBptJmC fj1Y- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Fri, 11 May 2018 20:25:21 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp431.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 902bc9134b8f213491b78228e38c90a6; Fri, 11 May 2018 20:25:17 +0000 (UTC) Subject: [PATCH 24/23] LSM: Functions for dealing with struct secids To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> From: Casey Schaufler Message-ID: Date: Fri, 11 May 2018 13:25:16 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> Content-Language: en-US Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Casey Schaufler Date: Fri, 11 May 2018 13:18:11 -0700 Subject: [PATCH 24/23] LSM: Functions for deling with struct secids These are the functions that mainipulate the collection of secids. Signed-off-by: Casey Schaufler --- security/stacking.c | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 security/stacking.c diff --git a/security/stacking.c b/security/stacking.c new file mode 100644 index 000000000000..7c9643323a1e --- /dev/null +++ b/security/stacking.c @@ -0,0 +1,119 @@ +/* + * Security secid functions + * + * Copyright (C) 2018 Casey Schaufler + * Copyright (C) 2018 Intel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +#include +#include +#include +#include + +/* + * A secids structure contains all of the modules specific + * secids and the secmark used to represent the combination + * of module specific secids. Code that uses secmarks won't + * know or care about module specific secids, and won't have + * set them in the secids nor will it look at the module specific + * values. Modules won't care about the secmark. If there's only + * one module that uses secids the mapping is one-to-one. The + * general case is not so simple. + */ + +void secid_from_skb(struct secids *secid, const struct sk_buff *skb) +{ + struct secids *se; + + se = skb->sk->sk_security; + if (se) + *secid = *se; +} +EXPORT_SYMBOL(secid_from_skb); + +void secid_to_skb(struct secids *secid, struct sk_buff *skb) +{ + struct secids *se; + + se = skb->sk->sk_security; + if (se) + *se = *secid; +} +EXPORT_SYMBOL(secid_to_skb); + +bool secid_valid(const struct secids *secid) +{ +#ifdef CONFIG_SECURITY_SELINUX + if (secid->selinux) + return true; +#endif +#ifdef CONFIG_SECURITY_SMACK + if (secid->smack) + return true; +#endif + return false; +} + +#ifdef CONFIG_NETLABEL +/** + * lsm_sock_vet_attr - does the netlabel agree with what other LSMs want + * @sk: the socket in question + * @secattr: the desired netlabel security attributes + * @flags: which LSM is making the request + * + * Determine whether the calling LSM can set the security attributes + * on the socket without interferring with what has already been set + * by other LSMs. The first LSM calling will always be allowed. An + * LSM that resets itself will also be allowed. It will require careful + * configuration for any other case to succeed. + * + * If @secattr is NULL the check is for deleting the attribute. + * + * Returns 0 if there is agreement, -EACCES if there is conflict, + * and any error from the netlabel system. + */ +int lsm_sock_vet_attr(struct sock *sk, struct netlbl_lsm_secattr *secattr, + u32 flags) +{ + struct secids *se = sk->sk_security; + struct netlbl_lsm_secattr asis; + int rc; + + /* + * First in always shows as allowed. + * Changing what this module has set is OK, too. + */ + if (se->flags == 0 || se->flags == flags) { + se->flags = flags; + return 0; + } + + netlbl_secattr_init(&asis); + rc = netlbl_sock_getattr(sk, &asis); + + switch (rc) { + case 0: + /* + * Can't delete another modules's attributes or + * change them if they don't match well enough. + */ + if (secattr == NULL || !netlbl_secattr_equal(secattr, &asis)) + rc = -EACCES; + else + se->flags = flags; + break; + case -ENOMSG: + se->flags = flags; + rc = 0; + break; + default: + break; + } + netlbl_secattr_destroy(&asis); + return rc; +} +#endif /* CONFIG_NETLABEL */