From patchwork Thu Jul 9 00:12:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11653037 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7917F739 for ; Thu, 9 Jul 2020 00:27:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 62CC52078A for ; Thu, 9 Jul 2020 00:27:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="pLXwVCJ5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725848AbgGIA1s (ORCPT ); Wed, 8 Jul 2020 20:27:48 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:35906 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726122AbgGIA1r (ORCPT ); Wed, 8 Jul 2020 20:27:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1594254464; bh=OYrS/3GcKrN/irwmkvv7GUMeAx684kV7bbMXucTh62A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=pLXwVCJ5uRAqr6/Cg+fMFdPWVYSImT73hix8AoAGZ/FSrh6vgDKQTXCOul5sREUtiYeC9RY7hAAVrQxwD0AH967AhpCvHlwrrI/Bf9/QwBbMBOJqez86+XRA2GK+TEJqXjKUKLTq1TtH/igB6qGEE2jGMmRzzbKeVwp+Ekw9EMraM3aQyOWevGKzQ0bjcI31Rg5+o0gfp+XepQsFQWMiwRxM78k6JfbVmwab+wMKtSDXfL8RBv9Nn8OXP77jTJIDt56OMv2F/S4i3vjjU+5+G015Rotq5cNKSXULmUiBQn4BUGUn0NCPzsc492h7usrUh/d951mQPKm7dmrEyWZtlg== X-YMail-OSG: Ruofi2oVM1nBNYv.YHqYx4GjyLx4_bH2hy7YjqKwo.97SgiDfJmG9YCzVrrnKp9 cVqpfmDV9bwMwuSu37gzqDHKfUZVwhNVHKn544LZz36XfXGPIEH.B2tcLjJ6K1EizdIC1QHmToCz M0736nUQUXBjA_Eq7qYzj4BSKRlq4wC7PpP7XmkQF5JBxi5BTizVytiVWsFvyf5RUfu4e76F6UTN l0t7cJyMigtfZ.csnko_cqfha9SDKQaXERIopQmCSe4lI_wqbVjIXB_zN5Iv8X2LWOFZSoYXeAGp F0HFC7Tlk6_GuIHjvumyhXUaXOgCie28IFzxbgKSPD_E1sbN5xgY5.5vUARkTTGvVJF0j4QU_blO iIvde7GKpcuHrkYUSoKXuPLOxNsVvJnpvF.NnpRQ2GEZJ1b33NrkXgkosPYO8e6GKbRoZHG.ts_W m1NExXIk0JUeFoI734_B_OZiGJ5tAAXDGZ.m.AX9RV6Xq7T_wmEoTVH6grVOTaFxN3J84d_.vjfq DRCxoZWxQqFO_OxY6vJG7HZzP0GANQcllywWbQDdnRSkPDrjrGkB2WGtT9cppvhRtu_y3.tnMaba zMWCxqLtrC3A0fKArFKi.HLzpnwJjcCvwP0lFOeomYuPOOznxYC7wBOjERAoqGIHVEADUqGWQKo9 m9f4JPwJP5RRlDsDwXnx95Ag3DGbmFe5_JVEHHj6tBmHHU0dJsTc2Pi_WUBZAtgOm4GsHaMKOLBM hbLBEf6xeWF9an0uWaF4hnspmrQtLx90UWT1GuMmN5urzgR_MtkW9gt2nR.Flu287GkV9Vwvy7Vf _3.IgW7U_m0vsqLi4s7TotUWxHLqGDKvHU.cWE5shvK1hrlRQvD0_gzCQ6IWNRkvnWS7Ir4hsHuO fRV4fNLcKolfyUlUgWWECBm9Cye.8cEfie0WdDcfGDScJqy4uBEtfsP57leOaIkdZmDoABbm9n2I IAo3xTRQgU_UTPIq9Oq89nldPi_Yig3XY.JdeEV80VD2YIG3zqsspVLfkL7OqV7zL.3R7fzQcT35 9eVENP61GishJM.XsRcq58XuTbQLzzHtMf9.CtQSBssSrtY0_4mf73aY3xF66rLsOvRdawlDTeSe .Imga_snvrdHv9c3EWivLFKqFQanHjerMJZPeTSTRfqkUrKaM3AuIl9.Smsb6yRCcpiy.kVgNQV1 b3xWUfXIdo3gbOqZqmp6RysciAx6qBrZrgXfTVtXhwL.aggWliBqRPWbrtbNYjC8b6LmJkUnjFOH bYRmXo015sEEivcFkLHhBbOkrtCEMyG7mobdSwbcGrHODyWmFxtsa7RxdEFl6P1Dn3JYLjljyT6g xS4U5aygtN02puj6QZVieL1Hz0Po_DE10VkyFntbPowPI7Tk8Nlv_wPnmU_AI79JkGILdzV9BZqv YQxWqbgPOPP16HkMA93KRpnimxR0ISA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Jul 2020 00:27:44 +0000 Received: by smtp427.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a3376c7c336bc12afb4d5cc128925b81; Thu, 09 Jul 2020 00:27:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v18 09/23] LSM: Use lsmblob in security_task_getsecid Date: Wed, 8 Jul 2020 17:12:20 -0700 Message-Id: <20200709001234.9719-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200709001234.9719-1-casey@schaufler-ca.com> References: <20200709001234.9719-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- drivers/android/binder.c | 12 +------ include/linux/security.h | 7 ++-- kernel/audit.c | 16 ++++----- kernel/auditfilter.c | 4 +-- kernel/auditsc.c | 25 +++++++------- net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 +++- security/integrity/ima/ima_appraise.c | 10 +++--- security/integrity/ima/ima_main.c | 49 +++++++++++++++------------ security/security.c | 12 +++++-- 10 files changed, 76 insertions(+), 70 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 41f89bb3c7f1..46e2a26089cc 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3106,20 +3106,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 7883975ea6b0..4037391a29b8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -476,7 +476,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1141,9 +1141,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 70f331825401..9861e1e11a4d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2123,19 +2123,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2343,6 +2336,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2353,7 +2347,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15a7fb80d6a7..31732023b689 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ff30714c89dc..4928159d1ce2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -455,7 +455,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -652,17 +651,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2406,12 +2397,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2427,6 +2421,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2438,7 +2433,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2459,7 +2456,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 2ebe29ddf05e..f4a6204f4205 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1557,11 +1557,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a9649b04b9f1..3dfb573c7171 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -48,14 +48,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c1583d98c5e5..772d9f20ab5f 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -382,12 +382,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -413,9 +414,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -423,9 +424,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -462,10 +464,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -486,10 +490,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -647,7 +652,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; if (!file && read_id == READING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -669,9 +674,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -753,7 +759,7 @@ void process_buffer_measurement(const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -766,9 +772,10 @@ void process_buffer_measurement(const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(NULL, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index b52d8f87f8e7..60a5b38e2708 100644 --- a/security/security.c +++ b/security/security.c @@ -1768,10 +1768,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Thu Jul 9 00:12:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11653043 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A29AB739 for ; Thu, 9 Jul 2020 00:28:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8B9C32078A for ; Thu, 9 Jul 2020 00:28:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="tuLJnhgi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726208AbgGIA2v (ORCPT ); Wed, 8 Jul 2020 20:28:51 -0400 Received: from sonic312-28.consmr.mail.bf2.yahoo.com ([74.6.128.90]:44891 "EHLO sonic312-28.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726100AbgGIA2v (ORCPT ); Wed, 8 Jul 2020 20:28:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1594254530; bh=497lsDzuZDCS2lf/A4kSZznXxW5D8v/MqowPRO04QUo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=tuLJnhgiSkqVLKHp1sq5023FHMsWwlNUDlx4RQYW/rKXhg68vFD0suzg68y+lXQU/NeqjglM+0K8ogRj89GEQo/m2Mm0J/ADyCUbHWVL3GYEIykEvvs4QrqmhEM3RMgmn8Rr4QI0tk9PtYmLOqm+yGkBK5iHGnXmdk/dKXtVGx+qkW5g9qAixRo18/x+mhVyBBaGG7hHvgy+1ek7aPnBGNrTOhlfKiJ6fQEK3rw0XnT6JNnVesGBbe2CamwjjGMjEeJFHs7Y884LcAW3e5ktqw8oZRraL41A1lDlBD54lj8+PciWYkh8fO5m4JMAiDO+GYiH2TZQR1xcZ7YaidEMdw== X-YMail-OSG: ojqEwYQVM1mkj7nxgQfFxKauynEgrXKTEmehOCy1es6L6vImwbhjNRaxU6tzsC4 yWKWW0zFjvZejCXXvuBTMoLjGw2XY033sSPzd9U3WR.v8Fxicpy4e6WGwIc1Suy5xZEzCCxDs6at keTznB2TTvV9fwGXP5UaXtO2OEVfngvOR3Yfu9UzyOvi4umQqKzPdQYbhkIFumHtjsOyWPDStOqu tldXmIDb0_ilQdGlFaKoPwmUtNevfEuNyBX5H.XBDKxVd91Xd0kAgiQIhfE9PL.1Tt6eWLEisSE6 H6GifzlqGBmQC98zIuYtMmCFad7mU5bv5iYCvzV9qy0mebX.vLNv67M8dhRriCMDy0pMVe65EMM2 u.OpSFgDHktSTUHzhaWDxsH6vixopf.hQppL1LIFX3.1DOukTVAouSiO93LEyfcljtoTg9It8oL9 SRJmgDfLjROr6pPEl_rqbJN2UFEKtc9A68E63RhueCBit5sBzFpaDWzmRStbByZ.GFTjBBxof85u OMLpl.biikSiqxJyx5_bD3DxojMfaJeWg9DCdcua3uYWSgM28CIE9jETXgnlFsXikx_IH1NJbynG qKvk4Wiev68dHcPrGTmIMn7Hm3SMvr2l0IJt6iJ8cUbeF9rlnMX_j.KYZjX9xi29a3XH7Zyr1M5R _o33L2ocGBDs1B0s8N_teOrl8eN.tc6V9G.iqbaQepBW6AFcirnFUzucGI500WhbKhtTGF.NX.Le kTGIVqeNYV.0nfmQtmTkTjE.nqXHcdodGbE3iObsjUMdYJg5PCM5A6Z6zlkR24iWzsN.0Jm9LFlI 3zV7O5Q3D8W1CnfyJgm.vtXXxiOEVpdNLiTu0c04qKAkq.YQMe3xtlMH9zcnyoILCz1ueiQPdkEu LRiCwMC.2bvOrLuG1wpqU_l7SztCYEw0DKA6glmYvA6dMlw1BCxG0SOVCfP8yI5hUCj6_BS.VW72 212NOuwnlWwZGI3YCUw1AtpciWkvvduOP6rLZshCCbNhUfwn1CR0JHQaGothXeskuuyBMd.Pt5IE K7lYDUU9Uy7W2fnYxoDlskm6tTIUSKbyO3CG5Z02M9cw3BEmF5xdfYqvaxPldaCm8FIedLVZuh5O 4Vuxaa4vhRGd794pQ2nxSxoc0Ojxyqgs9KYECt56KzfS07z5zNjt6cKOoMKTIz5I67l2BDwj4W__ Fe9rpe7bZx5SRIjj5snuvFo_ZfQRCvGrn2OtHivuZl1Y1VzHcr5V5MWm1EYGeLpcIgr9e2WJNUKp HemdKFsCFSGPi33ZncPpYrs0PKWwwIQbvhvr9VtI1j9cmVJtsa7ZgDvnQlqhfBugIs7tc0jC1KBm 3vlS8n1tewpa5FivwmYyhN570HNtXIShwXlIGxi3_pgvTJfeitCx59ClvDcmuhpUgii.UJXyFPoa cyFRr4OANa5dTxUPXe.rdbmxHHwK5AJE.K5P7c.9Y Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Jul 2020 00:28:50 +0000 Received: by smtp417.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 506795308ba93e7d63e1eb32e098eb65; Thu, 09 Jul 2020 00:28:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v18 10/23] LSM: Use lsmblob in security_inode_getsecid Date: Wed, 8 Jul 2020 17:12:21 -0700 Message-Id: <20200709001234.9719-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200709001234.9719-1-casey@schaufler-ca.com> References: <20200709001234.9719-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Acked-by: Stephen Smalley cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 4037391a29b8..b804bf896552 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -434,7 +434,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -957,9 +957,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4928159d1ce2..d3e1bea08da0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1946,13 +1946,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 9a0f462e8891..8f9c66a0a612 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -479,7 +479,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -492,8 +491,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, diff --git a/security/security.c b/security/security.c index 60a5b38e2708..e6121eac138a 100644 --- a/security/security.c +++ b/security/security.c @@ -1442,9 +1442,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu Jul 9 00:12:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11653045 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 32F2D739 for ; Thu, 9 Jul 2020 00:29:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 04B2B2078B for ; Thu, 9 Jul 2020 00:29:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="ZoiStpYl" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726100AbgGIA36 (ORCPT ); Wed, 8 Jul 2020 20:29:58 -0400 Received: from sonic311-23.consmr.mail.bf2.yahoo.com ([74.6.131.197]:32837 "EHLO sonic311-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725848AbgGIA36 (ORCPT ); Wed, 8 Jul 2020 20:29:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1594254595; bh=ZlBFPeu5wVE6resxT6H5YEyWB23kg44YVcW9YXGNix0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ZoiStpYlthR2Zd5YerLCNPCcqRF39WczJMSo2UBcHdRaRwee7ZyMEMHz8IaZ3vV8r5TceynpCLkm+BJ6JHkuRSk02iD4R0G+jMlImgog0HnoTm2kdsHL0JhHmo68BY1+HaJXXcrKQC58ImcfIbQLrf8O9vRwYGl9fwIscUYiNP0YCGXpHkm7fV54uhjRAe2yxIDy4oJKfzYm6QXUpPC7ZXZ/eATIxIJ6kt8hV2cmWv+hgmHy+z5lh9yYd5iJeNcAT0ZjfB6dAVLLC/bQakw93/Uxil07ONNea3p4AHBzI7rVr6zXyaCLQ/MSVzwtJu+Nqwj5IUP5arbOKLomP0sJXA== X-YMail-OSG: HQPPjhgVM1lRb5HMtCJNfdus4RNCb5lxYUWPDNg0Pxnu9LgV7n3h0A5_ToM4ugp 3ynNf97xL_aOy0VLRx2kDoUxzjx2G89DtWxINFdIlg9cu.AsHI754OfLtvBlr4R2bZtGJKhieA_R LOHc85CHw2WS40rj_QdCgjQR7u9FpBT7_bV2arFgN4vsfxGc0J5YPpZFHtsCmOCPo6Thq9XYnl_C podxl4D9iCDdW6luRbHzcPc3ZfO9MqPyxDPjSqiOEuBumsGSSKtiD7tX2ulfSWjxVx6YJaPcvLaJ nE0N9r9t8x7NnctVwNnNuwe3v9XekhED5QzurFey9wZCZlOfIskR85LBFl6560xe1tayDG.D9NJv k2M303uLqEOMkUaJtINGfz2ficHWdTJtp48Lfw_P4BAJrzSYwS_.ZZA.9tE_vgObnZWz9FtnED9V CMtJyzUucAUGYT4UCpqlM7FUnsd1U.1q_zHWFCgLmPfShya_H8IDwdYxg5rgfrnUn0hbDXEctLr2 6B9LRyi1W3NgUJhcHF.CVq5sxW69o8iQWSEBz2vP.6pPiZX3GQqM5h365lqQ75h9jhCXudYMsbQH JK72XG96fdsGMk9nF6RvsKQHJdAzgpckFnZY63r66Kh34skI6HB5dDmm42iU7L2mHnj94WhMC68K o1e7jVHoTO7SH8QSWqR5e3X7nMkOElxco1OSZDJ_K7VKF9wmXt01pgNGnZF8o.NlRFbfwMpp4T.m DRiSfvuwbfUOd6Zb3xGgHc0tbWXqmSAmaMMJKcbQ1ir6oT6_oD9kJXLpc54WQQqZC9NtuyLF4LLG O9Ys7Qo7dzuZEkH3tRSyvzu39NPiUA6cwNy1Nk4HkGpukdpPz1H.s7teGCiE77IA3sgE5OxCNkH. APrUdPeIwc4zl8laSrXvGe90S.ZSekE1OBVJFIjnXUrpNokMm8WeLRwmHHMFadXd98NuWjKdjVjL uts1LJ6k6lKj_CJQsFVh5W39TG4Rh60Hb9Fg70mQ_JNUpTDh1P0pxzVlJX2SUrsr2SLtnGaruzQK jwnRHaig24AcPXaxhZlCEslKPlIZE2cE7ubVVfjEaVJtI3pL.rcXzM5iK4Ja3ShUG_H0kdx3Jvti 026BOqK8CiVRvsrkm0WDMYn_SE9TjA49fLfas4eRTdWQcj26wPk0OG2y0gJGCWFfWy.bQMIo1VMc f72czdbM.UNUnhTeslcUiLNqF_r1QU9yTGh2g.CnP4v4VmNQSIxGgeNhrRDhSO9lmu8eAAeBsQkG Ep_atEmqRv1qcMgZ2bmvfJuTTNUyxiclhccgVBDuhKSsCzjYt.o6AmBUFMIcKVAS3ruJ8ZbW7WcW zXesQ1GhT.QKIXCZXUHJ7LNpo.9Bkfe8saYVA0NLoEhQd0.5xfqENvGI5H1Uz06k7Q7e0Pb5JxKI gyIgAS32uYjhzUZ2Jdk.CEJ6PdQWRzwgPgg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Jul 2020 00:29:55 +0000 Received: by smtp430.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 47705178d6378453aa2757a44f144c61; Thu, 09 Jul 2020 00:29:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v18 11/23] LSM: Use lsmblob in security_cred_getsecid Date: Wed, 8 Jul 2020 17:12:22 -0700 Message-Id: <20200709001234.9719-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200709001234.9719-1-casey@schaufler-ca.com> References: <20200709001234.9719-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 49 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b804bf896552..84ad4404f7c1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -461,7 +461,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 9861e1e11a4d..ff381344f950 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1430,29 +1430,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2336,7 +2328,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2347,9 +2338,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index f0233dc40b17..6ab012e5fe98 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -337,7 +338,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d3e1bea08da0..82d60474098d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -112,7 +112,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -975,14 +975,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -991,9 +991,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1561,7 +1560,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1570,7 +1569,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1748,7 +1747,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2401,15 +2400,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2425,7 +2421,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2437,9 +2432,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2460,9 +2453,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 772d9f20ab5f..e70d8626208c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -463,7 +463,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -473,9 +472,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index e6121eac138a..6ba3990a455b 100644 --- a/security/security.c +++ b/security/security.c @@ -1677,10 +1677,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu Jul 9 00:12:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11653051 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E533160D for ; Thu, 9 Jul 2020 00:31:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C8A9420772 for ; Thu, 9 Jul 2020 00:31:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="fe/2kW0H" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726122AbgGIAbI (ORCPT ); Wed, 8 Jul 2020 20:31:08 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:41256 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbgGIAbI (ORCPT ); Wed, 8 Jul 2020 20:31:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1594254665; bh=8Xj9Lax9lenKkxM8g2QwiadQG1SiC0sJyjF6lj6tgYM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=fe/2kW0HHqGGLUJ360nOTUgHbWKHvIwqOtUiuUYqUQ5F/m83hs+Y8LJw6i5wvoYaO6N492baAXLFnfADFKLsE26jctjBeoQOXch++BhTpUktwIdSi9DKRkPpVvTVZXOE8Hy77h5QnKIGhQDO0HR7Fmvckw7N1xlCe63FkC/lNRqVOhagMjmoLHq0zLbtRRg1JRBYl3jqucUwD7dJes7aZGAN11u7VbvIllf21s/Td1vfZBDrxw72A/ugoOXwzfaQhpR/jr+ig6B5oNy8IAhJRAqKVQw4NWFXU3AfRi5gkBzOqog7YsTl8e91TfPRVa6FVBhhnV423JI9FZMqs/Vr+w== X-YMail-OSG: jWxwphoVM1mMc8xuUraeUG54C4NSJbwAtTsBGN3iiVJ7P88UOC9IHnerU4Vl7.D qR.OiLttYpukCZooXgJH_dGxqZy3Yik23PzGB0JjJS5wze95wDkyyH8FCHCzpVVQITevLxahaLIM iCddmMtO253zDE7CQ4klR2kvTk6rqbCbTyQoKhf11Yljq1KJDjwJjJQl0qlW1Ljv0B.FkSO15ZPZ .OUcNu28H6rx_n2Hqahl.Qg4.0.SMAHaBwdJw.LFtxkdM65_DZDj01VLLZ0.YJJR7jJA2pDI5Iji iJyfVcXAfwjjIR2kJxgmSX.5ihvW5fAXWfaLevn.UTaL2KGTJSVeQynQI7e7cXlgDM3wxEjOEBfW hjVkyWrn4Wzjveb_pi_QIehzphTVrYaXpC_clVlW8SiRE33k32utNB29o_UM07aKPbXlyEeCvNXU jV7raAKqt0f_Vi3XVBoSoKF9x2P1VkDU783Wgd1nu8wy6y3iBg5yAQalRTHYQDzCVkOEIsUFD1Wj mrMSJrgv.OiP2ShJqfAFD4Ze2_abRjrcZWbLJ.JVnfaBot_US.0IAafw7TOObEeQqj0ADRp0Unx. DRLG_NOZb4f.fG_QOrkm3CfNWt76vfdyqekDXIpCn8rn1WvbFKN2AUplJXIO1LDNGvipDTHYli_A DliXtVZCJcnUTN622HT5FlKulZeGebLq7FQh2Y32EIc0P1a2FOvFDszbc3QTmwato54Si8.vyIT8 A1tsd6Hec4Oxavr8DWj7JxDrLu3eF3fI_3oWgi7U3qaeFCRFCMNzjDQIUF5p7v2kSCSpkC8vda44 RIgggeVIu2YvAAaWWbRv4XIAzhRVe3StppcVXEI0Gz2zyPo3WEQyjox7JNhekRSszn_SQ.t0UyJv 5yu1gx6kCBJK7fr_EPemp1Pzze7kp7bc6whH6wKNiZz5R1iKRb7qwJfjB579CN72nATIFNhpQyYR kQpiTj3eMyoa3vECHrYfp1W6l64g_fp5p0UcykaWc2ikT8FnNNJRckvHErZhrOrYrAU3q7xRT0rf S04tUdYVadr7Ml_BXbUu2B8j1MHlZNgr6m.i0qZsM.tKB6P2ylagJ4gUiByKOAjaoOaq4KmW9u4R M1HSGkvIYI_b2rG.ku5DldcUwvxLyviJERKArjynCphCUNaZnxO0f4a7T9napteatzrxwZDC.J5q F2zmFxXDr.x0d4u7iL8NYKbx_3SW0vvDBLTNRRJVKplMTS8QEX6pyn5EwPv_4zIU7Drf0ZCGPHD8 KTGfhcmcjo9ldCh0aVNsMENHF9UnirvQagowJNzQaVggKp4PoDq709bwvt0pI5U9zAwjE3KdgpBh 3uQKHAvDsueg7VzKVhmvXbnYyv22I_QVPrfeGE_dTY7FpGrDKA9rj..KYvSAKK8pX9S.Knlfa3wk 78rrjWjBADqdoa8l0ht._MZuy37alWcreWPCA Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Jul 2020 00:31:05 +0000 Received: by smtp408.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d9cde0c7351cf67e0859f60eeef4b052; Thu, 09 Jul 2020 00:31:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v18 12/23] IMA: Change internal interfaces to use lsmblobs Date: Wed, 8 Jul 2020 17:12:23 -0700 Message-Id: <20200709001234.9719-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200709001234.9719-1-casey@schaufler-ca.com> References: <20200709001234.9719-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 +++++---- security/integrity/ima/ima_api.c | 10 ++++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 35 +++++++++++---------------- security/integrity/ima/ima_policy.c | 14 +++++------ 5 files changed, 34 insertions(+), 42 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 64bff42f5d56..b83b0c06d9bc 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -236,9 +236,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -264,8 +264,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index bf22de8b7ce0..ea78825e0033 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dfb573c7171..bf66e3e6f398 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -54,10 +54,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e70d8626208c..5093f9b4db8b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -188,8 +188,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -212,7 +212,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -386,8 +386,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -426,8 +425,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -466,16 +464,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -493,8 +489,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -675,9 +670,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -773,9 +767,8 @@ void process_buffer_measurement(const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, - func, &pcr, &template, keyring); + action = ima_get_action(NULL, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8f9c66a0a612..6a8f347001fd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -422,7 +422,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -430,7 +430,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -500,7 +500,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, @@ -544,7 +543,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -559,8 +558,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -576,7 +576,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Thu Jul 9 00:12:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11653065 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A07BF13B1 for ; Thu, 9 Jul 2020 00:33:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7A76F2078A for ; Thu, 9 Jul 2020 00:33:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="tk8QXGaV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726215AbgGIAdY (ORCPT ); Wed, 8 Jul 2020 20:33:24 -0400 Received: from sonic311-23.consmr.mail.bf2.yahoo.com ([74.6.131.197]:35979 "EHLO sonic311-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726100AbgGIAdV (ORCPT ); Wed, 8 Jul 2020 20:33:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1594254796; bh=DuTNzDQ2PUoeINiszbWjIhNugwJ/8PriVWYsliVa1Aw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=tk8QXGaVcSx16dFUGEuM03gNMAVONggEmbqvss/j0Ra/rCSD1aOOL5JgNHHXdMS2ya94uqX4kX0syC13ysgkojZ5c4zxVLH37Z+hAgRpZYzH3Y5qJQV3wvDcxQZfOqlRiftHx3GJBkhgYK+4hAP8YuGHaEIF2eJAqTq+UCwFmOexGRokUcB25L7xpcHaj0eUcUHsaebWSlJWLD0srrcT5sgdRhdPnKSNE3d28YbJkMaLYifxnUN+tXjOXSSbyP1PsytX9BFS56vXKm131ypjM+Kc4RxTqvbIy/DS4CW7ki1u4YzIgRPjrXZytXfhclZGMAR32so9/KrnD72GPGH+tw== X-YMail-OSG: nPk0mdUVM1kPK_nTOi_e_iwHBDZ.Hc8S695Ab94tDIkkCZF_a9QUC2VhtwN6xfn AAB.ENAub3sKxWq6LI3szHOfB52KyiPKnB8gL5EHptSDMn05yd9Z_lCs347lOhf8nCxO1VCNCQfs a.UcVfraP1oWktIFUO5X3oxIA7OZ5EF1rL8r.ymtBzT.dWqvtlqrcQc4kn7IURLmr3nU5ouSvzeg 0WaZYJqCI4e59fVOLVffP5O7Jb0EoDXHnoDMqYZkTFH9C6Nv6uV.n1m1E9CxiNhz8mIk9eKLZR4V GTfuDUzhBwZfb0CmO6r8Rebieh8ovmpQMA3Sjv1vaDViH8WbqRRo0JRqlVsMEquSMnEszJncL6KD v3iL1LauCygax6TWVgBhnMfGFG11CBXfGC6hzBkbmGZIJBPk7DH3WXxeikqLzbfb9XiSyVAqezxw GBxb4pRJYvmvxLfWw8aqKAuWJYnFCBHe8RpXd0JJvq44hUSDKsNXn9jLojw69mcbKWgK7drvKSGN uM7UYp4UfSSrcq_rWyx28lK0dITxNTiQ0WwPalHCD213SsgCjq_PiF11xzbqruuYEV_z_1_XqQye 9o1EE69P9rHJwsesyB0gw2Z9F2u_Zbdg9UAtK.KagjqtFbvZ7ftMGihI4aiBW.GELZRvCNnVXaBU rQtrVupk4wLg_BkWxVNq7oXPrDwWmWFxd0X0EyW7OthRF_nqi9saduCJVYCwy8HBWTrNl5QUenYD WXdCXxn.XsKvcAbFknC6CDgyexIqQa1_bguP85YqlP7LC6cJgqZBygxJC0RgADIInD4bIlVPGFYu KkPlz_jISlAASZysNYJ9424p3ZenscSaHmYWnWwaR37uVx3jMLW4wOWT1GyLkpCA6i1O4044H8jQ CtItDjN1nTfKkiQ.6x1j1NvqHTx3XtmjFfi2.8zyLpqh8pClRLlzAE2_lIpKebW0u6Zwj2c.3LiO VC9ZNHkzCrmBJkqbSDSPTZXpqi.PNtwM01rcb440ugxJXFzThfrY5QZz5pHR_J8WaU46Q7ppk6tg UC5P4FTzfELxKvjo5gIuwUtWg87kHhbPAkKFEwFkk5CSX5PI7iKT7wrTXs6bxN82oTv7btLUyAPj lE._FYH2LawJuXwGvOAMXJKLSXCLTCkMvJ7VwJlm_7NIIxlnjsm0fwZqAk7lIWvSoA5zTQtFLL_4 Ll8Ap.go0UHKu8rGTiBJPq6pGdvsqsVw6qVcfhAKVnJU73zMlV18KBjGEqCVazZDzbGzP9JpG0__ al5qPjsGNDg7P2ayAYhkebqWo4Z7ZGtfsZGtOl97Hmgir3WAcU6bRK93TCPgd5o8p8NjJ9XFeqVg RDmz5yHfTi2TfxyTpTHG9UD54TcfIPZwtw_MILuwUVyTPpIsgkWjjurlEiP2ua7yd6qPDZZOyGSP NMzTjp_EDpgdNH4VXpXMAzmprwr7S_Pkz3AIAwB0e Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Jul 2020 00:33:16 +0000 Received: by smtp412.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 24577553825b8110a24393d67af7095a; Thu, 09 Jul 2020 00:33:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v18 14/23] LSM: Ensure the correct LSM context releaser Date: Wed, 8 Jul 2020 17:12:25 -0700 Message-Id: <20200709001234.9719-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200709001234.9719-1-casey@schaufler-ca.com> References: <20200709001234.9719-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 46e2a26089cc..b7ab206f8bb3 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2863,6 +2863,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3159,7 +3160,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3492,8 +3494,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 71ee34d160c3..ad36d5fd7a84 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1272,12 +1272,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e32717fd1169..5a42ed23cb85 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -130,8 +130,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 996ac01ee977..61d6b8a0e8f0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2496,6 +2496,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -2998,8 +2999,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 84ad4404f7c1..f67e4084b893 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -131,6 +131,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -525,7 +556,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1352,7 +1383,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 31ae605fcc0a..30ba801c91bd 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; char *secdata; u32 seclen; int err; @@ -102,7 +103,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index ff381344f950..3378c773b1c1 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1188,6 +1188,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1438,15 +1439,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2116,6 +2120,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2129,7 +2134,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 82d60474098d..ac6836c1f2d3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -980,6 +980,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -997,7 +998,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1210,6 +1212,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1243,7 +1246,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1389,6 +1393,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1397,7 +1402,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 1bb60d2cfac6..6391a570f9ad 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -144,7 +145,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 380b660d0d39..1c45ca8c3c21 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 244c6c2c223c..fd01d778c295 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 44ce42e8c82a..c89bd87d0dae 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info uninitialized_var(ctinfo); struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f4a6204f4205..5785e6dcf54b 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 75313b32aef5..6e353835e95f 100644 --- a/security/security.c +++ b/security/security.c @@ -2212,16 +2212,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int display = lsm_task_display(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);