From patchwork Thu Nov 3 18:11:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Graziano X-Patchwork-Id: 9411323 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 34F0B6022E for ; Thu, 3 Nov 2016 18:12:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 33E752AEA6 for ; Thu, 3 Nov 2016 18:12:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 285C02AEA8; Thu, 3 Nov 2016 18:12:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C08A12AEA6 for ; Thu, 3 Nov 2016 18:12:35 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,587,1473120000"; d="scan'208";a="592030" IronPort-PHdr: =?us-ascii?q?9a23=3AXtkOkxSo5KhPQ/3rVXx5r9GiVNpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64YhGN2/xhgRfzUJnB7Loc0qyN4vqmCTNLsM/JmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/mjabipNaCOk1hv3mUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?= =?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FhFf0LRAghZns44MztqAnr?= =?us-ascii?q?URqE5nxaVH4f1BVPHVvr9hb/C7v4rCr2/sVn0TubNMvxBeQ4UCqj4+FkUhb6iS?= =?us-ascii?q?4BMBYj92rUlcF0iKlcpBagoQc5yInRNtLGfMFid7/QKItJDVFKWdxcAmkYWo4?= =?us-ascii?q?=3D?= X-IPAS-Result: =?us-ascii?q?A2ELBQCSfRtY/wHyM5BeHQEFAQsBGQYMgwUBAQEBAR+BVLp?= =?us-ascii?q?+JogKUwEBAQEBAQEBAgECXyiCMwQDEwWCFwIkExQgCwMDCQIXIAcCCAgDAS0VH?= =?us-ascii?q?wsFGASINQW8G4Y/iG4RAVsNhRQFjlF5ilaBa45UigqFfAKRIVWEERyBe1SFTni?= =?us-ascii?q?BNAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 03 Nov 2016 18:12:16 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA3IBspb032590; Thu, 3 Nov 2016 14:12:00 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uA3IBrOf116764 for ; Thu, 3 Nov 2016 14:11:53 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA3IBrv0032586 for ; Thu, 3 Nov 2016 14:11:53 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CIAABLfRtYhx3ir81eHgYMgzABAQEBAYFztnCEFxiGCoIFUwECAQEBAQECEwEBAQoLCQkdhT9SSAeBAohWBbtpMYY/iVsNggALgwkFjlF5ilaBa45UkAYCkSGEFFIRC4F7VId6AQEB X-IPAS-Result: A1CIAABLfRtYhx3ir81eHgYMgzABAQEBAYFztnCEFxiGCoIFUwECAQEBAQECEwEBAQoLCQkdhT9SSAeBAohWBbtpMYY/iVsNggALgwkFjlF5ilaBa45UkAYCkSGEFFIRC4F7VId6AQEB X-IronPort-AV: E=Sophos;i="5.31,587,1473134400"; d="scan'208";a="5803659" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 03 Nov 2016 14:11:51 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AsrTrtRF6N+WUrMdycs2+fJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75osywAkXT6L1XgUPTWs2DsrQf2rCQ4/+rCDVIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD1YLniKvjotX6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?= =?us-ascii?q?5blitCLFOXmAvgtI/rpMYwu3cYh/V07MNEUKPnb4wkXLdYC3IgKGlz68r15jfZ?= =?us-ascii?q?Sg7aynICU2levQBBEQnM6hayCpv4rCr28OVn0TubNMvxZaozUje94qNvQxjsjC?= =?us-ascii?q?YBLHgy92SB2Z84t75SvB/0/083+IXTeozAbPc=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HRAACSfRtYhx3ir81eHgYMGQYMgwUBA?= =?us-ascii?q?QEBAYFztnCEFxiGCoIFUwEBAQEBAQEBAgECEAEBAQoLCQkdMIIzGIJEUkgHgQK?= =?us-ascii?q?IVgW7ajGGP4lbDYUUBY5ReYpWgWuOVJAGApEhhBRSEQuBe1SHegEBAQ?= X-IPAS-Result: =?us-ascii?q?A0HRAACSfRtYhx3ir81eHgYMGQYMgwUBAQEBAYFztnCEFxi?= =?us-ascii?q?GCoIFUwEBAQEBAQEBAgECEAEBAQoLCQkdMIIzGIJEUkgHgQKIVgW7ajGGP4lbD?= =?us-ascii?q?YUUBY5ReYpWgWuOVJAGApEhhBRSEQuBe1SHegEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,587,1473120000"; d="scan'208";a="591974" Received: from ch3vs02.rockwellcollins.com ([205.175.226.29]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-CAMELLIA256-SHA; 03 Nov 2016 18:11:42 +0000 Received: from ofwch3n02.rockwellcollins.com (HELO ciulimr01.rockwellcollins.com) ([205.175.226.14]) by ch3vs02.rockwellcollins.com with ESMTP; 03 Nov 2016 13:11:42 -0500 X-Received: from thehammer.rockwellcollins.com (unknown [192.168.141.197]) by ciulimr01.rockwellcollins.com (Postfix) with ESMTP id 9CA2860116; Thu, 3 Nov 2016 13:11:41 -0500 (CDT) From: David Graziano To: selinux@tycho.nsa.gov Subject: [PATCH] mqueue: security xattr setting on inode creation Date: Thu, 3 Nov 2016 13:11:08 -0500 Message-Id: <1478196668-37231-1-git-send-email-david.graziano@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: seth.forshee@canonical.com MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Adds generic xattr support by implementing initxattrs callback. This enables setting of security attributes from LSM and EVM when inode is created. Implementation based off tmpfs/shmem. Signed-off-by: David Graziano --- ipc/mqueue.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 0b13ace..512a546 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include "util.h" @@ -70,6 +71,7 @@ struct mqueue_inode_info { struct rb_root msg_tree; struct posix_msg_tree_node *node_cache; struct mq_attr attr; + struct simple_xattrs xattrs; /* list of xattrs */ struct sigevent notify; struct pid *notify_owner; @@ -254,6 +256,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, info->attr.mq_maxmsg = attr->mq_maxmsg; info->attr.mq_msgsize = attr->mq_msgsize; } + simple_xattrs_init(&info->xattrs); /* * We used to allocate a static array of pointers and account * the size of that array as well as one msg_msg struct per @@ -413,6 +416,41 @@ static void mqueue_evict_inode(struct inode *inode) put_ipc_ns(ipc_ns); } +/* + * Callback for security_inode_init_security() for acquiring xattrs. + */ +static int mqueue_initxattrs(struct inode *inode, + const struct xattr *xattr_array, + void *fs_info) +{ + struct mqueue_inode_info *info = MQUEUE_I(inode); + const struct xattr *xattr; + struct simple_xattr *new_xattr; + size_t len; + + for (xattr = xattr_array; xattr->name != NULL; xattr++) { + new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len); + if (!new_xattr) + return -ENOMEM; + len = strlen(xattr->name) + 1; + new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len, + GFP_KERNEL); + if (!new_xattr->name) { + kfree(new_xattr); + return -ENOMEM; + } + + memcpy(new_xattr->name, XATTR_SECURITY_PREFIX, + XATTR_SECURITY_PREFIX_LEN); + memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN, + xattr->name, len); + + simple_xattr_list_add(&info->xattrs, new_xattr); + } + + return 0; +} + static int mqueue_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool excl) { @@ -443,6 +481,14 @@ static int mqueue_create(struct inode *dir, struct dentry *dentry, ipc_ns->mq_queues_count--; goto out_unlock; } + error = security_inode_init_security(inode, dir, + &dentry->d_name, + mqueue_initxattrs, NULL); + if (error && error != -EOPNOTSUPP) { + spin_lock(&mq_lock); + ipc_ns->mq_queues_count--; + goto out_unlock; + } put_ipc_ns(ipc_ns); dir->i_size += DIRENT_SIZE;