From patchwork Thu Nov 5 00:49:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11882833 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C4D46A2 for ; Thu, 5 Nov 2020 00:58:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 198A420867 for ; Thu, 5 Nov 2020 00:58:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="ZxI4ZwVj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387960AbgKEA6y (ORCPT ); Wed, 4 Nov 2020 19:58:54 -0500 Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:43690 "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726849AbgKEA6y (ORCPT ); Wed, 4 Nov 2020 19:58:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604537932; bh=eZeO09DJlcX2wY8AdT21fgnfDkYz/4ihUnMP/xr6IW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ZxI4ZwVjQY4n1pGC1v99I7NObkXT6Voi9ZlqfGnpgWQrj9raNndSjbhvx89OAO2g852gdtb1pcQ2nrQe1Y9ZW0OZGII+qUPudujm8n2hQ4ycTosQNiSQ3T1RjKIozzfPY5QaXc3WFtdZG3ayJQiSi5n7fRCX2n1iI/H9UomKNrmpaI2BjNxbSwh3ADeUyCk04zwg1iJ4GDFwSdTviiAU7/tvOqyS/1gs6jfg5zpnom51m7V9H/ia2Uj4u5VGV2KZsIenggXEvQaNv2OzEKZ9jMJNO4JdJ8TtKWSStaV3vTpx1OxLq4YraPLGgmGCSs3iXNs0j/eq8qH3IMsWj7D0EQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604537932; bh=U92zcroqCccal2Vy2U5Og48M2/YnohAQu2wwg724827=; h=From:To:Subject:Date; b=ZPkpeXPII78NfFIDGO5xIl92NbpJtORCZU7cXo+hH7UjwMlIcoYKbQNcijSt+WNQVg/4cQN14onpygg9NUWTsCeo8WJozETWXRVqx69qGQZMvMiH2CE7PQvglKC9uksylBjknqykM9MgbxLjHv0aSpdljiFXv40UGT7uasht7y0Qwl9y3TjpCZtF6lEE9NRB3XQ38o3rE7lm7GGbGoxs5Dpb4pitq2WR3Dc7mF5ig6y0VDOQm/rWp+Cm2qGXEavoQMv4rFAd2T87h2uV5KEoXdaZU2LyIXNWTLOXkxVV4F+0g2z/er989CZ6QQcMJkBT1/c9WcTlP4/V8Dq00v1sZA== X-YMail-OSG: 9urMCVQVM1kLeM.GHp429ckZ0OIGDuO6NjibPIrFWcZsHMxFDTFhYhV1JvGS5iC jBy8qaf18_ZLgbCnDHsfoV2Ej6irCRmwclX4fnOyXaWFvnHsJJOHJcgVNs85sDfRBy2xhJLRipZb 1fa8SqJCYoLYzGcer2G8MFRZy_qGYBEUnazmyNJmUWclaSzgPyorkRJCUxNgLEhO0qneu8qV5WAr NsU5tFq.kVqK6wnlhBX6fq79PDsZD86RC.eVSK12wnr.2BsmvKTAD9ju3PA20Q1mK4RTIdkOy6aD B_vylP0EP3duB.zvP7ahD_WvfMAXe33e1yyyeBxF1usk8d9l3A2LqUWU45ttfHAB6XC.CadGpFzl aZ7M4xjH5ZjKCuQmOPMtm_VrAjIVU_dYB2yfL6LpcEROgI9Hw7REduCeN9Ufn.PidCD451eDTH3D x.QMgD31nVCRrGM.18dHiuexh2Qa5ZffZ7G573rtI0LcAnsHngaXBA.NvgFyQEKey1tgWwjbANpD VdOB3qnaltee7ySGuyr4Gf6L1OoG4L10E0wj1PZymuCyiAQfQwTEobVylwZQgXE3e5M5kcIpWM3. CHwKC0oggCyVVLSvBe8fLYKNB3CyDmewNf.aw9opjN6RsENdJCzZZjZt60kW9MK.TxF_42JtQo4. kVeDjJ57.E4m_bU20YRWTIMl2brhn.SZYV8_bJBYucupIlG2rJc802bG_m2_kKQGmTcxEw311FzK ZcKr2bt9omSmSFS0fgizqieOz75gA2oykkQsOGniIUL.YCJL2Nzs4J7npo4VWHbyY18u1VYJjqo8 lOSHkV65FjtTBHODVZyd9B.nd0Av70FTP8BIK.DOstCDge6aUHMI5eB85rVQ9Zlwrb0H8S59us5g CxLWrZIk1vKAj9PHchq.pZ7cJH7GE5p.EIx2Dm4W.fXiWuxoNcFDceu76wOaIRdOUVDpeEiHEQQ. dnbeUWOdI_e2C3Nyw5.JEd7OD56twEWxIAYn3dnBzOVasWzqa3EP1lMeM85LPM0Iv4tFPMnImn9y mprr5wnblMuwbuhrYkr4PnaHJUQvD9NMhZOHjeEXshyUxqg5vQ46MoqdMgymRYlGMQlcFEhWJG3T kFpZy5huVYJEuzrX4G9XNaXG78KdjLqEEfM3aAGSNoNOjlL1tVAN9mjZU.MJWXOGM8KBuH1B3z7M vNd_80A_vIOUZ0yB9U.ptFkszMRuV.luhfIsbIyizoTgY9bniThtIHzFFhkE3BTRaFSCXNi00DJu 0TYgHjgdVg5EwXgtZbs2UiKAZpw46apTjEJDTzRNYB7dIMJ834WCk2QpRMN3kyotzJSSvi2J3plZ BzFycmM.ox7xZY9widT1cL0Nug9IJbqysU6Cgl77DWAcuJ6U5ZhHQC1Oni3INE8PDzxzON5Ofed6 RTrX._R_Sgq03Ghib4CySmO54t9BP449lPCUjNzIntuZaJOppsjgBkm4YzYM0M_gJ02lyEqkPLfu kttwBpyCHFqvme0z4.t28dgG5MScgQj.C.GItcLhoQ.BPLosXdCe9Npn5DaDYRcaHdTDn66ng27c szSsjdzQvCKQjrtNTIp5v62S1ixHr0KlPEjN1gnC8Sfq1.TjfXp8CMnflOQT0BUrBxPy4okLGN1n KAItNq3w5zeD0rSy8bDWKwUEMye3ggIthkRncfUXxUa0qwD4zhZrz1foBsXbKVtN0I7Z6xi1.Um0 Y_tDlt3PerIhdiBMFpWVxavGHH.f5XKl_pkapf_tlBrtYtJrvubd2SVmtxfbOkgm2moasYecboR. tIldQXYje8C3Jxjco9UZEv2270gBtJ1GwaGa4_WYVO.AMjJFyxIR.N92xmrT7b8T8xZS0QxEw0Ek PXdKBwOUHaXuRWrqQqM99tP2cLKa2LYnPxcpOdJiSAfeoZyxySoIzrTtxos4K8dfH.mQhKxZZTuy lnyWjeT1yf4RyB9Vg.w_POz7oZJd5pPydAAbyWPTkLiWP6rsF.1K.GF5UbfTpf74KGFW3sysOmrm q6JAe_ePOViYuuOzlEt0PKkGFTCi5xYEGnRMufg0jnvvVGUa.ZM8YAqlWcpv1oBwCKTuC9ytCNml O.NGSr1mLWZsFInujSW8Me74rMyGQe_VcVc5nXddaAPLQgxvsb5WmdXYcyirBROJyOoodueVBmeX PjV5zrCBLdYBj1UPENUO7m5yagHApvYmRLXEUviH_2vKwOe0JZ1u7A0eg3tczyzz5O7z361LLQEz T9mAlxKs4jnEb1bwkoji.Hy2PdulxLqgvYagUR9dXZVihXxJhUdpKrnxv4pF.SBKsni6dhF_1CXi NJyy_x2PBIQo_BADPg67G4._gJNmHmqrzwWd9CaRX1OUyGVYnn__v2p0gpLCeR5GUroCT9qGBX_g tNsCQq0eSENmWQB6hXqed9VLWYiG6xfwFPPfj0w5gKPISWbVBuaZsy5EWv69lZWL_MJBDP.7Kujd vZ8i39K13K9TcBVCkI4FMXacxHLG9B7aGhur2mlMqf1z_D4b4sFVfl7gkHZWFw80mHkMOp5irCKv nIgtSo73y_dyuyvwpXPbSfoE_QQYh.9nM0ooLjW16i4mZ70dftiCSH4ypkdEuYh4a5CCwdjnTnVB 0ppUKFXOZG0dwbXuHc0XyFU2TFbe_RHsq3iT04ycSr0bu3yg7CPrncSegSYcuHvuxck3IRLZiPsv J73LVvvhgJ4mjhgHyUHJBArsSnCSR.NBd0lUR45H3Mm.fmGuj0THFyELJcrpC1aI_GWm.tf1DFbK Bjc_IFUIDprv15Jg9IkouacqW27e0RkC7rVLvPdnmx2qs1bjNCOTmMj9UPzt35DeeC27VCYaCbCF irUQbaDw_AdKSjauOiAd9ecdw629mE.h.zCWjQ4NKAGB7eIFOMNvkqm74iP95uKvZy33TiDdPOr9 q_rVV1ilAHDvZdNX25ZFRQhWUQFF3imvcDK5SaHS_MIp9EwAPnoEqEHZvH9WF2ot9W0K31rm191A fZ0ROzeXXFRtJ5LdgABLbghpthG97n.f0.AF3eGEfdGWTWq2xGK3ea_nb0D_dvLOdgZs5xRMbQAM nHyyFdCdjFkvSI6kNZNFLI_ewx0VzF6SdvEmdh_CRXls9paqERwLke06V.x8RHwhNBaMRtKwYuOU SiYCGMRSwTU_2KWb0QTe9qX0cMHGgx35rKSvouvK1N1SG4vB8jUGgqLc226fXANT53yYJ3kEJGWz IxaAswdIb8KXU.ij.9OxEqKgZcrjBvnT4VixMOMhjrLVzpCsIZ_3lU34Od3yfeexoxVc4kXB7B8H CSrs0pgYrgyZGCxvvOPQno5bwe5lp86n8XzncLYy0W43sLUPLfPSB65NC5iktyEp83ZW6ea8pVOd F1PBK4yiyn8o2tk00xaBQE_OM.kUwH22jlzcr3YUVNe2Vei_LMNCBENBh9VcYWDLEU3KoHUUECva lED4G74DwaSbJJYlrqvE28cLG3PNDgq8V0iTH2i4jf14BjBLjUj8jZfq5KhTr.bjQvL8R3Vkg4tb t Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 00:58:52 +0000 Received: by smtp407.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7f534deb0e26511a545991947c953a34; Thu, 05 Nov 2020 00:58:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v22 08/23] LSM: Use lsmblob in security_task_getsecid Date: Wed, 4 Nov 2020 16:49:09 -0800 Message-Id: <20201105004924.11651-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 7 ++-- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 12 ++++-- 10 files changed, 80 insertions(+), 73 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 55f3fa073c7b..08737a07f997 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3087,20 +3087,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index be8db737da74..6b9e3571960d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1155,9 +1155,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 4cd6339e513d..9e3eec0a9c29 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2136,19 +2136,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2356,6 +2349,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2366,7 +2360,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 35d6bd0526a2..8916a13406c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -473,7 +473,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -670,17 +669,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2440,12 +2431,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2461,6 +2455,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2472,7 +2467,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,7 +2490,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index ba74901b89a8..94071f67e461 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1557,11 +1557,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dd8c2e4314e..2a18124af429 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -65,14 +65,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2d1af8899cab..c9f1f6bddab5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,9 +430,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -468,10 +470,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -492,10 +496,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -629,7 +634,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -649,8 +654,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -679,7 +685,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -692,9 +698,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -809,7 +816,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -822,9 +829,10 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(inode, current_cred(), blob.secid[0], + 0, func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index 9c1098ecea03..421ff85015da 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,10 +1799,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Thu Nov 5 00:49:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11882845 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7BE966A2 for ; Thu, 5 Nov 2020 01:00:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5900020867 for ; Thu, 5 Nov 2020 01:00:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="M57DjVQk" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726604AbgKEBAF (ORCPT ); Wed, 4 Nov 2020 20:00:05 -0500 Received: from sonic301-36.consmr.mail.ne1.yahoo.com ([66.163.184.205]:39370 "EHLO sonic301-36.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387968AbgKEBAF (ORCPT ); Wed, 4 Nov 2020 20:00:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538003; bh=kp4dWfdwZR3/duFNL35a57sdXSJgVd0rWpqs628JXTI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=M57DjVQkaepIMMogIIO5Ipx8xGSulg7nWaBk07oVhEFTC/BXum5c762FDvH+T/ynUGGomYnP2S96uwlrUnbW2yIECDaZCgECLiaEg6fG8bkWi7gKfufW0NkZVE1Z3uoqdLk+oOxYeKVntOGxkl1ToNUy3XrBLj2Xaff533aE1/fZUjx1Gx1QK88bkHMalmjlOgyp80F9zJsOqBll+7uOA5kGMG8+IuP1xB4Z5yythxeRteMrLAZFWVLir53AZ0WSqxgWwc7Y/qam+IPuB/D08pSzHUedOAXM0JwhZ/xlkUH52jEKp2DTskb/wGMDossPmYg1bUF9yPMrMtoQyOZHxQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538003; bh=lyPT+J6gpRSd0MW9kH4kw6fZxYeQcAUtgj5DAcScSzM=; h=From:To:Subject:Date; b=M3xsr+qjTsPFkcRjhFbMw1TTM8tzHOLHWIFVrzn3joXpweMXaNPJzrd0BgE/0SRyXLbkQffNNXUdlJfA82Y8opNEaH1EWM/DXh4R3zyGDo+1iWhRLKk57OaBA4YwQ+8ST6AvYq+03UTIP1wUeBbJMPEmXu+Sx6F0klSrepVnAhPgucJWgZb6rtabkwQWghPMU9OwGg4/9IR/WuFWiecFRWH4zwTpCKoyq23ldd3o8HgJ/z+kV0iCiYN1BEoDWcAs8Uhe9TLK+YmZJBOjQlnVQMG+40HU1vMvmaAazfeQ3iZ2BXMkZ5sOd+ldpRfQPpURSxzEEQgnpA8umGijak1YgQ== X-YMail-OSG: TU3cH58VM1nTl5jx1Q88xtagXxHMH_nm_SC3jiKmiuoC77I16zbsEISA_VB6t7a OwT5FpGDcTsxwI21TtcTSEvoli2HlIlhGtWq7l5Q7UK_zJnVwJoNGtUyCH4eDGUjhe_yFXtZCs1o xUy1LNUHKQEiy4gG_nlm_hrNqkwUcMYDkFhAfnXvZzWCbdgu1xejmDe.9HxIMvfYOTTf8tdfZarv hC_8eHbeUCsLYaEcdJsqJEnJJXiBYQbLd.lMTrWcU9lwJjMOfShYHKj_.laETWTGhy8JqxN6w6yC za6zvGkFuux69sRnFbLD5EYZVXxGfaLr2dgjtwx_wYHbD2XvnBmPSyAx5EYYkV70SeWf3OYvWv1_ oDY9XeZ8E4fqICbMMXIQYNUtSMs.zHPa0.5YVjZSFvk9COndhCcd0LspBMXKuMXt9bOtNVSsOrcp oTSPQvB5LdVjGyPs46uH6ujX2ZOnof_wSFyrT4eroAz8XGglCpbLK4efpG_rSY68.W5gk4iVuGhW LU26fRLrftvpC0Kp3_fhn0oZ2BwuIqpI.Ez5K4sMsv9qIQ2RKkhFHCQoupiaBNIWwuMHuYe.BFwy iUItgxGZdz9VdU0n0eDfsIzOtc7VhP8of4Tm4AtKAZRzCAe7utART2viB6ttA8GSUvoin71F3_QG E21yD8thn8Ayi52T23SrxuOzbed6CuppoS4eQoG5zgKbA78lgZ0.9saKBiqtzhhGSVzFA7Foy2Nl uACLvy9Kp8jJzNAz1GtIBQg6IbqyRyv6PPVk10vRg2n5SgqeAaHgjQVv3hUZdVQhJeDbSEII3ViF WZ6PKySPIKOM4rPE_VjmLrmagYPwCEIy9zHypGSKNDV2fDriXVggGuqvy7JlIXJV3OwYVWNz6Zp8 QL22_hbi9gaiGaGt6.szxqmgpDNUaWQXBLu34lONa_PdTSUk9WY_qx79AxqxUwUpZJ6bReQt_PwM HOELkVZ_7gfFq4kXA.XYY4QrfdUaruk6wPs1xhMMsAUgrtt3XAdFtPbZGxxxVn_9NMW4yQ_AsEl9 PxJ89bGF8B7dTt8mVv3Alb6n2_f9HFsM1EoE8zXcafoG4o_1GutwdD0JdAt.kFgYuGjK68pT3e_W s6oWgfT8jQMxDFiDUkdF24RAE5S7wzhJa6Nwn4T.3R7v.EAKCBJ9G6jXG3lUEnSs_DXLLtZ8.lqR ECqfW0lNu6v5twtz44OxsXBwO1WJTAHbbGGWwNbJbK_3Rhfz.SChjm9ylCH6tMiR9ZNuljs74EtL _v_aVP6jkkKmiWqbrDVhPPy7cEI19SLQ9tA6Gxwx2k.hlyKNInlTopPkQvCeyNxkCAcs7mLfOddC QYB2YzUaWWj9l9U3hEeQlCOb5Ogb4PmAvbE93.6Sg8LPoUjEyEENqOyZlG_D86rbcE5JS2YKLtBt I.O7YPvW7ICl3m8QyxV0QbiIINdg3q4VcT0vQKT1Av1kChHJiArioDGq9A4lzaLU2y3_jYxz.n90 RXt.ra2JtZpQd03.K_Q9u1kc0FxLV9FvanMxibNPlsPVPR9owBAdd7VpBTNZm6UaIWmHQCo5435r Chr7l.DcU3AjYIeICqBPYSd8KkiuNEpygh6Vt9q06y.4mR2K.33_ZHEh9te.5dt1EWcnDd3Y8mTI o15p7H.h.V1AQ_CpXOrWfTFmLMnLrXaKg5Ak8hAp4nvN7nbpRS83kqq3Se32agU63FxaxrBr93Gs tKd8zjSjzd6IhyYi3AOZpI9c.DWEq7LkMAtEf1kC7w29EsWvvVKigpL_t1L_zNOc8AhshzxCa_I9 FwLlrXFLRRo.tkD7JM7x1L6PKwfupUbJo_SPVOYMx_z.vyxxRsXfjPn4_f2hcglCvwFT4LOJ26bF P1sd1JaTHGq.9RiRhGHmLcPtPmYzz2yZUBK860cZAlu9VBtIiSo.jsuWa6WNxzE3MlrEmTNhwvl6 J7t6VSa5RxJW7mETQmEMrmfcnw5tBCo_9uuyKyNXRaN92SoOUwf9cmsRKJUgKa6pp7EZj_dtaCGh c3vtLR5jaG3z35G2r5E2rCTiigvGWBkOSZJgxxkfc7eXNJG0Cc73Na0Ol0xLSGkKlg8.3hBgB3j. 97sktd3vk4XH4fggKcUmwTow4kDSzCbNO7SEDmCMZld8o..lYu9HA.wnG0OsXpOUbw9t4P6JJNvt nHB9UDqbcxfbNgMRmK9czXfbtIJTBKP1hvdsbL76pwq.5BHpyfBVELQDI4Lt1J0WP0FHWce3qaDc g3YO.38gyZHUx583zGQvI_iq773N0tXDr2UB4fbaK_9Tpm8OOAy.W9ZMgn4_O0yW1fMOtP2x4neP L.6O.A0iD.Skxt4K4hBR8wkVpJKJcUaVOxXMq9QKm1GTZyHhV6xkIs89LM9nZEeXP9U.DkaxaZeE sZZmmbLHI3TSA1Sq_PexUdZpeAWQjz78wI9XReUltrh0kunqmzmal0oJgrkz6GhNyN9KWrJUbOmR vmT1b9oogNzxmOb551GnsoJm7kr11hlB0eTfWQkQJQK3rtC9ntO8OIq.jX6QGdwRIAZ1jAi3MGAr 73Sd7hBX41CLKl5a0YCno_vo8nLaWOXhjN1x6WUkfEuSUWTLtSCnsH.pXxwSNESV1JaH2jkcBDz4 thhljf40fvPtHatFn0I3DFjCkq9IrtqiwW3MJac39zHfZwU7RyaGJugrnsFrtQYgtv1XJzPAZOZh WObQy3qUvj6YoIH3MaqaoEu2dv0ES7.SdnY_B_5JS5EJevsFCeUtC5OyDvVNsTL2khaIGSe0Ow3q xs0judpwdsNXqF6lrpTdvfFwukHtBc3b6LCNqqR06Ue9Bez_d3lqrZ94L.Cuq1XkexB_ELcY2lcm 87EtSA1AMULyKpSZPiZ.JdQ3FlLaavo5KseZ8nVrwTXIJPfbnW9zviotQPoLnAxC.B8yt_gF639k dNLCchouoNLIFF.zjAPNfO4QDrJUCgtd9w1BX36erG42vChLjBz.QG7XdtCAA2zAX25AEDD1cTOB bAPaJsGNs4T4IEvouaY3UnyXlYLRA44sh5DP.UV7OhICqroKG_.BZTnykQR4tZViKgFYHp4Id.GL vEe3tA00f5yPD.AwRB1L3HgZY1.TPsxPvCqtz2WBTYU.0SF8KpNvE.2ocSVIUZOjgxhF7g8wgZmL aKppON4DUc4ym_s.ugKQGc.rlz8MVR12x6xBfte237t2An5s8fxoeN1nLp8N6a4REqeisTm_wcEr AuChv3ZCug0cP4UeuCAi4d5_.72J111hEzIBZ.FAmqV6r8priC3WjAVUx41UWqeuVFQyJyzpL2iw sKARHbK1r5vfwj62K8s3SxcVSL340nLH1WdzSuIkYoNCgpP3SVwaX4Em2BqSduHBlFLBmGcxJJna xNgj0UogCT2dViZptTgcoypKL4Xu9ONPE1hwX3Gs8RZ65RoeiNYCTu9HRqD5K9QZzniGf3KUQ2Vk C Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 01:00:03 +0000 Received: by smtp415.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 600cc41e751f00dcc1b00da4b488352d; Thu, 05 Nov 2020 00:59:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v22 09/23] LSM: Use lsmblob in security_inode_getsecid Date: Wed, 4 Nov 2020 16:49:10 -0800 Message-Id: <20201105004924.11651-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6b9e3571960d..a7968dde27c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -436,7 +436,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -963,9 +963,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8916a13406c3..b58b0048702a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1980,13 +1980,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3e47cc9b7400..bbf9fa79740a 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -561,7 +561,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -574,8 +573,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); diff --git a/security/security.c b/security/security.c index 421ff85015da..f3f6caae392f 100644 --- a/security/security.c +++ b/security/security.c @@ -1443,9 +1443,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu Nov 5 00:49:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11882851 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69AE216C1 for ; Thu, 5 Nov 2020 01:01:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 484B520825 for ; Thu, 5 Nov 2020 01:01:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Ku47Rc4D" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387991AbgKEBBP (ORCPT ); Wed, 4 Nov 2020 20:01:15 -0500 Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:38858 "EHLO sonic305-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387989AbgKEBBO (ORCPT ); Wed, 4 Nov 2020 20:01:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538072; bh=ociN9rc5MgUa54JEw2DtkHS55iR7GBeupgmmWIRrLO0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Ku47Rc4D2OnyqokF9uDiVHNRxw7wOSEr6lXR2jL2J6IPwmZGS+u3pvLHWeMMW1YXTtb8HpPj06747FizP2VMlJxvAhttimT71fI5WPc8wcD6YM5gej+kQaL2euERjL0hUiLLC/8ugifwZwAoci+d+MVlCnUoOCZqZrynpi8sFi7ZUKyNAs9dumQejBRX+Y00LvqQuqt+F3W0DHYqmLs6g1GeAAldy9Qf/wVSaXo13cIPcnuzSoVdxg5k9rwjsSOF6VEuP74lljXItlStAP1aC/6vjydShBP7iLJbK9+y8r+di1MM7f82L0AwkXVubwo9rGJKFMgO6u8BF6Lk7dzXSg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538072; bh=AlIW5mwVfXQ/a1sGhqDM1rlgV91nEaTZPugT/ZFjHt1=; h=From:To:Subject:Date; b=lwsaLVeOlk4wotCIpqnqOHaYUt8HeKmyQETgx4SUvAzt7fyctTKDjCMW52q84k8Cyv0dEqW1MkxPcA1vdesZGzfxyys+twqkhExSxGxgHYiB25xnDwkgYkdXCQ4hKiA2t0AQ/g5caLAjsjdqc6fNX+qLIHoKtdqF2iuyy8s44NZEgnyrxPfCNwP+GWfp5w9UkpQeYkKl+RnmEyvZYtv1qpTz0a4VHTOz+52pUsBSHXOEfTVHlX0O57db/+F/tCoAZBboRrXa91BdvSe+R1WnHCbbveeMkkXpFVmVMJ1FD8u+r+deGMEGzIEe+UTjOJqXVaXUlVtT8DWOI/DQhAWErw== X-YMail-OSG: gvx3nBcVM1mex9lE3KnCbhaX9_mnO3E04XnpFJYyHeeGDsUT_pIoYHJ4m4dCNWP duL3r12HIrcEjROKh1iUn.wyt7GE6agVH110z4I26kIeUzOLZU5z4CfoRnsaQQnfZc_KNTxcJ44G vpswvnFDfHaLV20J60jof7omU5Hzgf6IgDtU6XwTwb1zvjGJTigsQkck2qdsjwgz3P3ls3OT65i1 _.SxMb9LCbwGuvcnXqd5SyrxctkpY0g.wDf3j2ZMqmhSHGX2Mc1heN0ITZBSfbhQI6s9uCM8OHEo _Fs0AbTr0uLha5v1f_1W9iZbNYpIoyVQJrYMP7oZWycc._WtpEae7rbqngR0lImNaCMAtg3BATBc 26QEKMuoQf_ZV.I.w_qYak3WyCXuP__ahywl45KnU5TIqgef_mQy82DcTt0vsEar0AtKIiO.1AYt 8jnlpTVwiq8rysczIhMLiFOXBlUTVzP6NG0PBFc9DugZd4yd.3Rw3j4BIE2wevA0ppsDUVDfSQko i3KYPtiBU2JRcJqd9JzGiQC6V6EaGAXv81HY0BJ43ffungL1DDrBdw2RvF_uhydJ3Kvam5ijfKQc mVUf2jb1Csfmn4xV6cGBjqT3Nuc7.6JlHYkAPdka3J3vVXxuGynBa9U44I1RODYHQ0QZ1XRp_yZQ mJcxFQb3YVoRZhjP63PWkHaL1SIQ8cZeKeOO6OHPDLZMWIRsyfjp9SiibsDE28j3DwAG5cowqgba 9wqlFneoxc6m_H9N_a5Q8LGpP0fa8Yk9bdWvSgvlsK5MjOqNQNzgkaOXMWNNDKxRVACkBuEaslpp WC4F0QarZOobl99TUgbDpVmPRVocBYTDRpKtf.jgNyqgrmE241pSveWWk5xHlqXxgPy3Tg4acKWn pMhZXp1YIdMQfuHrgQ731HbjT8EGfF7q1mhTO0.Ve8o71AJK6GDHDC.ckWSI1CtWETsUrX89oDQp .gieltMAQ.AZs5IdE0WymdoXTo.DgRvPY0kmG3Bja4IzBUnZU4iLGiKYybOaS68KBwE.Fh6cuX8R gG4XYHJUFfg1Bvn5elsPqvod_XQe_E162IAOqGwMw23l4IhffwmqP7wG2.106SBbP1IN9brqsEDU 9.X8hLLOVHletVEhvv87iSCtAXcqsNGFIybJqnwk_vxybz8azRYrQJYSFpjlsYRTp7mt6vwNbgzl 3pcK.UvvcYdDU3qBwPjPNvYq5RX9W2t.IxVvDeMr1g_.rYHsDQ5c8zlr6W4K70A7E4V3DZ_RdxUD ToSH.OpewEFh8UImveXA8dCIb5mWEzjpMcdK_NaeSusJdC9VwDOBslTUUDD9FvIzNgJDUuxsOINp wX5SujF4MR5kQsH.hNWXv8vjmh.zQXHJIK.zMVa_e0_SCIBG38eapaVbtcH3KM5IrbbBlafJ_1ph XFo5T0MfYMAXf9TeSRuco0oU7bRKndjHkfMC8J7VUMUflJ.g4vUUtJhdrBk2OEOa88RDLsv9kUdQ 7lAqWBPHzK_AbwsSTIoj2eGMzQUEo4g64aUmric687GPo3SDo7bjCQjPRCUw3nHVLE.N42ZfLW.X 7T1xW9VzNumDqFiE9Lb_mDOcoXEVbph5PTRpd44JQUoNA65qhL1Rc0iFL1xQX7qPpMLfBiepciRY pi92pw_cnuLStpkY_Qn25t_RPZYkEdD9hP59GcFZRuxbmgibtmEttnHIr7DDk2rcjdocusEFqFEZ RthX6otzNZayMeXPSzrNZGOKR24vfzjkcGNeoqkfeSvmNu4Z7_WXFBx1ZilwEOx8lswPU6MehRuG Gh0sAZNAxWr5m7iXokt1.76CcgyXEEnLGim4Y1M.1gZz0lSqpLfG9OQB0u4BFhiN_Q1D2nAEqd6U prxKxUnkgP3r1b9NR.HiRQH_Ep4GulEOP4Y8HyAK6go1yUsh9NNeLFF.RBJCC_tA4n8D5SUQmo2n fIF.RC509PxAOIdtslelTxkMvo1knGySqNfLuwL_b0IFWZaPavRIswJ9DVnSvEKA.4X.7bjwELjX F8V8M4LWX5YvHgjcnHJyS7wu0cSQ.7qGUJVVTNTYLZsk6DMxNTGr8UBSqHsuKa85eX2fnFsr.KFf PO2D0nyhKMImjVZFdBsi7p_PIDwKPLsQ.tb5ua82BRzZk9I0hooK0bqM8b6fUdzAoRqNtemYrU_s C6qYGjXnbtFtTFlN7YPWMHZ7TjTrnMwCZylsKowsCIeEcfhQe8dmfZcqEX07tmvTAsKY5SLq5RXf nMvWKRmQuw9eZfc0lv3mq5SUiiHhhWQ.quHq2P.XUZfm3PoN9bF7Ekm535P_MHK2vybI0CfSjhd4 BL_sTA.a9oMlyseGxf68zTrivRawKniYbg7oNLWOs99WS1eiKaKPXj372ys16uRLQzqt_MiuNaX_ 327Pmgh20UYHzSINLcZx7D8hyqyvyIowb5mjRy6c2L87D3rPkW7NAGYe2ZdpVAzQYv5ABFSjUYjf dHffuvgpdXC1gHTh1oMddzIVoqCeDTd_DBWMiJ.J7mfF.xztxdkueXcMIwlOqz3xk2EW_hpdT4Dk 4Q6sTj2Lz7RtchdPbqMm84tQ_by.l8_t3S.QZP6BpSmnMWq99Ks0Lf49o9ByNXA4jO8ApUCZ__ST twgKg.H6.3BpNoj795jwGSStl6ntdEEDK.mNwtpR2V5OqVQb6y4MPgkycflvoOZkb8ZkQIVvSgHI hY8LPzSSypEv4Ebc9Z_WROGxJLSZVeqx3hmDOj_ZLkAB0ruGPrQKfVBhiAJ97kPR6h7Zh1ZQsKi0 SExqxtV1rMdvlzyQs.yfHhREh.1nUh1ZdsyLRNL_6Hz8T87BHL3lV4_Q5g02tmjCT9lyI2MSsIXc HY2A441LhWAudWoQo0u09f3pcROCgXIphBNIXJr2QSd7KHDMfwnR.edZGmhw9gikuU3wgOOOK4JJ z9pfbe7.nq5LEqZnxa7oMLqPrJjgJXGDyCgqb2IXWaHMO5w7x3rAZP.Xi5P94.1Kya_Mxc9E1gsp zBi00Gbt9s_Pl6YDZKeQF.JX.XvKRYqYvW8p8ODAKwf_fvj1T23M2CWTPIYpNGfeOAU59hoS9ccV 5xva9memHlpVByH8rO5sVNGM_bffTR2fSFkF9KD7Sm5AdCYWt6UZgqYYym.jA0.rLMaSiCowHeln OZXvhbUtgmzp2vrGcamrKQmUVJIYron.rH4kO3XfkUP9xRpvhjrCiJV8dnB.wm5d7u7MYYu_umhJ Gw3PEmVpE6vHC7dC5ZeNMc0fmurNzkMXGM9B4Rx9bJ.q4c6xANNZOPSOxv1io3Ndgx3ka3aRo60e vALEbhtNID9462ApOOC831pNg1pHcROOKFgTuVaf1WC5N4WvxGvvfyVWDR1tjAe1W2k3hb0PqbKY kQ2UrVhWpasTjlgXDPUgx4URLiWXcJoDTssvM.KtaUE.XtqDLta9N8igZMh7JwCEmfxUXsMzvOiL XeA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 01:01:12 +0000 Received: by smtp403.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5144cd02d3567cc7135dcf2a346fa93b; Thu, 05 Nov 2020 01:01:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v22 10/23] LSM: Use lsmblob in security_cred_getsecid Date: Wed, 4 Nov 2020 16:49:11 -0800 Message-Id: <20201105004924.11651-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a7968dde27c6..dacd64d2d141 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -463,7 +463,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 9e3eec0a9c29..1f987ac23e90 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2349,7 +2341,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2360,9 +2351,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 3b9c0945225a..ce41886807bb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b58b0048702a..b15222181700 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,7 +113,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2435,15 +2434,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2459,7 +2455,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,9 +2466,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2494,9 +2487,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c9f1f6bddab5..e2fd092a1023 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -469,7 +469,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -479,9 +478,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index f3f6caae392f..78aeb2ae7010 100644 --- a/security/security.c +++ b/security/security.c @@ -1693,10 +1693,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu Nov 5 00:49:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11882855 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 687CC6A2 for ; Thu, 5 Nov 2020 01:02:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3974A20BED for ; Thu, 5 Nov 2020 01:02:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="ZwKCxYv8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388002AbgKEBCT (ORCPT ); Wed, 4 Nov 2020 20:02:19 -0500 Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:33756 "EHLO sonic305-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387989AbgKEBCT (ORCPT ); Wed, 4 Nov 2020 20:02:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538137; bh=sn233g3yrLDkG9XqXk4WNuW+QliBdnrF8a2qtcNu7yk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ZwKCxYv8pixFpe+cDwk6/XDNICRYmtI90jv5Q9mZhZ70i5gLGiD8jEofbVJN1xetyH0+qoAZgoTMHhGmPxvcPikSRmr/kOQDT6H7/XACehgabXBlAHOydNvjRUvrrPTh5WeNclh3ll/lZDttqDTykzZEng8xn+HvvPjQuA9w/A7sjRpaMfafW0EfGoSv0pdOwuf16VLmXT6R5l18BZmhZqFB3Y+xm9T+KbGgIWKJd4p8k3IYq0HqTbxKv6ocMZBvDEZSTIUKRYBSbdY/U1E1mfRu2dyY1oUwKJbPv1+whvUStJsNXSr4j97YXp85lkNMtsUlAY5Z7pHMUCvXCkQEEw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538137; bh=ftFptD8KH2Z45yQ7mtArINNpfWLjp/zojcbMRz1U+fE=; h=From:To:Subject:Date; b=iPoHMnEUVKzmZI4a2aFYE5SH9ygZ97WSKqCNx91L6rqRCfNvNv88aX4ii5VYau4NTM5M8EjOKGsASJchYy4OeVNPI9Y3BX8Lrc/TDTSQDy2O4Z0QbQ3rTMH3y/amdS+mZ6NI1AZBelGQnyzou93hM9te0R1CD1XiohT5vzUyCujicfixiDDqMLBLaCJXONG6HVt2A2eTBD3N1vu34UGxYAYA92JtooSYvVR73klhBigo4M2BgJub35RnL4wQsVrVuYUE7PJ7sPzR7p6qN96YLCnNCP1tyMfW1ImAU1BlL/lAFDbnZsYaUUzEQNppe5GkzsVdEqrewid/KgcOclb8pA== X-YMail-OSG: Mj7JtzEVM1n3JIde.1cl4kHcooKDKDWnsV2u5KSLTnUKJzAS7wfK7ewkVHKeu19 KYJXNC4FlfZUP2Ioi0ZZcQUSHcaAwmrU0S6OjZgNfpXJTqesAwmqRoRSXv17z5CSBqzSdkAEO6Lo GYHnJMyB2yL.TpsYQfYgcBNzkVARl3Bk5NsfkZbRoB7VDFX2kBgbh1aI1_FQTnN2OXIOgU9TtGOX 8H8991BLu3Nbb1_gvRtC1wI_GCzGyrSg4qkXLzqikCtun1HAbtHnNuqpdI1DhCVJfZl1HUTSbwis wShYayexX6fhpeLkLSGJUWAgMcg1tIGZ96lx8Q6pbW7Re0AC83s67aHeIjFZ9H5g0YV.XE391U3h v_YFYcc8xq1SD4e4cLFIyUalboVutbiSCzDPXqiolQUTEIwnKm2.LKyjK54XM.rFBvQQFBfTuhL8 jAQJ8e_LsuXVRAeHAqBQ_nKFgUmOlzqOPByvSD37NRzCYGH_dypnEhh2jpbneHVC4SySY1CHuQ1m a_CtjfS9wi8.h6on1.HYAuXHSmcAIhPzXpyX3tv_kJ3SFnLkvAvT.sWSniaXSfucD6mG4TvOxaaa r1bt6hnTqFKUhEgisxmnm7rp9IxP.sSIv.D1cpcC.zDCiwmghdgx3tiep_jN6ddSXHAqD4CWfF1F Kw7p6NNNqLkORefDi3Uohi3FVKPBwnLeQJ6PmhqE6OfbH49BiQdTczUQt7SwD_keVhJKeAgvuJgn 5d7bAnvBPHglRIpT1AwpOArUluWBsm9XPtJaLbJvX9KRpyh0U9V7.SjmNPx.3rpWxVm6PI6irRDv kcnfbQjnaWdoKm9wvuYThSgJJYQbECIr_FORvPp4DDNn5Hg1t9pCttrKQtYBcz7KfvbnNND2wAo0 de6fPAzfr5f3nktcaDhsjFFWos.fA6uu53NSUpAsghl3rg7Hd5UKQdhDgE_.jb89Xav_mLLn099Z U_UmhW9TyNkhDsBtwg84TeIYRAb9foOrIUOrE8oiB3XhK3h5JnpvFBNWQRLxzZq.SmhBNnIqQyH0 Ea1Dy38lVJMGp7l5LTL4Hdv53Ea6smMhcfFW9aQtQPkK.SU_I.OkLH5nePhFBrQZZOR54hOTDTKA BAiiPgy6I7hJQKF3D.fOVaYzVrRqRrXsYFYJilm4NbbECbdNLw8udgjUrfX59Hh2UaTgjw8B4TDk hTK_f1xuwoz6ciKnO8PZ09zA38LicQgHIaHt5zlXtxgjN.MP.mAARuV.2YpG6eEgNYSBGn_6CKx. kMj3dEuAn5BeATQ2w_3glnhYiQXJUxpWKggMXZJlOid1_4aGGoGPR_QVbQ8ewhTGwkCzQf0Huvs1 TlSgzq.PLmdJ1BJLVpot0coTdmp6GwbewbzS33mRwPM17bEXqS1HRVoN6fQWM_LSP6.RxLCCHPNL JiFSwfQtgJHZ76Qo7aglmy4lhZUwLF5ikkjZ5z6QLfR3Yvt_AdpXDVMBzgVgxumLtAbrisOpVgMW pKtGg3_G9xaCaADSlXU3.Xjr_r9Asx1lMlYSo_p901M2vLZUXMJY1PCdKVBNI4vEoTXFjH9946q1 a3Bw7hRqEYjSC_1EO35bObihXHlnhXsrUvi_6PKhXY1v6KRAtugCxfyQDndPwme6.tomvq4dgjmQ R1pLMZ0UV65R.hvVx5nQVFmqXK5yJGLRcMIgXAc0Las0B0dX10yOdn8tXZ7Y34yqQOY.huM_HjZo DXJut20K2F9lIj2.7dEClrSNBovf.MW8fS1mUwl.m.r6miUaMdVpq_FwcFjlqYSA_QHzkXQYSF7v O2E7iUhNFJFkbN88SCm.M3_R0Tr4kZUeXjc2WWlA6xgYeMJLb3ZXAabsf6gft3mytx3mUE7miWEd 7HJmDK98zSSO_rBCzm_4eZCQFHVZA9aDBeYVjusPJtLIAQj_RcgY.X0xHhtDU5omC0sxPsUSY8BZ lPSreqGB11AWOhHNm019vIldieoX9hiEeQk0bXTutLlmypLIEAUXhBAeCEX93oWsXZSEfu3A2DdT Nb9AKwMaC5gjM6x1pXB3EZIZfavNTnQwUtUVbbHiet8CWF8uFig7vJfcVS5ct9ctTkMz.mEBriKu FOBwKrx.dkBn3I_6JQZhqMGQXzdJhJwy39lp3_l_FO2KIQ4W1VYkhARP_sDC6FsHMxZapkJWwmCI PROHIX0en88r..3jFYFtNBovrHT06Ok.4sTO8w2dToGAAOwKh1mCAeV2yrDmCu3eKxrFzJNvXgA4 Fy6HoXleVdKBt4FpechVkkE9fm_g89tJd4lgmcgGPMad1MVz3ajt_k1eE0MFbUNXQxKZk2IJOvw_ p8TKzTi_8HLt8yic_YbhlGgvyIUQdd8JetpTXOHjDBbiDoUj3uE5gRoH1pX5ABttmn96ohvIm1dT gA.DV3pJAOk06Q8aNBQzyLcu_87zOUDRiDxfelAp.q33dqcSALR1UUhhyE39s7vZCyOKUjSyn8xv CGP6j1oXe1LgogCKfFoPD0CuCDMa1mHABuKaisacmOkdH0_7y1itphBrL8z0.AsbL9wlHdK099Oh 4zlbzmzoJoDwwcu.WinboWBd.29M7ncie1Qf3opp3IHcBHyfehhOb4qECd0xIM95.TSCWk1uC6UL xph.GWCpbja09ulamnUoMf7b7kG_tvFrpU7nm7Cnodpsc2NIbf4MorNLzaKffYl0MPg.N54algDv TPmll1biu2i8u2dXLZ_kbTrYQteYzdG3E1GbhTfnztOtiqY2xERNT0f9iTgNnZVDbibC8TR.FThK v6PyOGi1KfdhxGbT21vA3rj7BCkmN8QnRUQhUmMwIsPxQbQRyqqRX4KK_fkoK6ABSn4uLduyM0Gk 9IqxFeKu3rGSXoTzCLFU5YD_CqddLMRYsFcbnRRfXaLazKTlHLKtaAG57b3i7uhoMKeRLFI7bvH. rtcnBHOjHF6k.Zf.zD_r0Ds7T7Yr1KsnOw0qDgl0ewLuWEobxGH2tPBGtOlA2Ghm9XtOUdFgdPTp Bdb.O7hyFXjAVfx_Tt1mGbTh3ClW11p1dzkVdmUYFdudgUmA59YJZfcxOh__38ilrv2qpiIyJdqa LJW49NphEHoTv3RVrnI_RHWTvloZERmAho4IdDRjuCOz_ZPDCf1e_z1G9AmGEyrvAtM3fZjampz. ln5rTWXaJGFgPINsyXbyUNuH7Xj9qg_Hv_kErjtfiaMjRUSzdT_jB_1Z6I1deIE1A9gHbeqcU2Sk hM0VOFogUTwhyJTvr5_K7fkPoQRPYg03qiFD2Hs8yyvr2gK_0NtoQ4kRj.8a44ifDqv8qddnx1OY Fe4x3Wrq3d9PlvhI.aP8BABay1xVnQP4h5Dj0pzcUsFKmKh2BOEJf1FdC0xcuqnrUGXbs2eNpZSf HkAxGcmqUOVwnwojbQkbKdaYRtEGs2LqkctbSvKzGtZ0ekrlXo7n92w6lteGrbwOG28uE8MT7h1m eKO696Ogg2PA9pzbxp_P7AbPttTlpucUFGrs- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 01:02:17 +0000 Received: by smtp421.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8cb9fc6bd4831f998a56aed3eeb56cd9; Thu, 05 Nov 2020 01:02:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v22 11/23] IMA: Change internal interfaces to use lsmblobs Date: Wed, 4 Nov 2020 16:49:12 -0800 Message-Id: <20201105004924.11651-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 ++++---- security/integrity/ima/ima_api.c | 10 +++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 16 +++++------ 5 files changed, 36 insertions(+), 45 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d7fe1d5ee8c9..81b00d07490f 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -252,9 +252,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -280,8 +280,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 4f39fb93f278..e83fa1c32843 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2a18124af429..7c4e43399269 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,10 +71,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e2fd092a1023..39ca17586c6c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -432,8 +431,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -472,16 +470,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -499,8 +495,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -655,8 +650,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_READ, func); } @@ -699,9 +693,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -830,9 +823,8 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(inode, current_cred(), blob.secid[0], - 0, func, &pcr, &template, keyring); + action = ima_get_action(inode, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index bbf9fa79740a..a95eb37937dd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -508,7 +508,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -516,7 +516,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -581,8 +581,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: @@ -624,7 +623,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -639,8 +638,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -656,7 +656,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Thu Nov 5 00:49:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11882879 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3E627139F for ; Thu, 5 Nov 2020 01:04:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1645D208C7 for ; Thu, 5 Nov 2020 01:04:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="eutTA7ah" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730127AbgKEBEj (ORCPT ); Wed, 4 Nov 2020 20:04:39 -0500 Received: from sonic313-16.consmr.mail.ne1.yahoo.com ([66.163.185.39]:35199 "EHLO sonic313-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727285AbgKEBEj (ORCPT ); Wed, 4 Nov 2020 20:04:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538277; bh=NjD1+KtwElZe56/UGI6PApTnqSE+EEj9ZLVXzNuLfBA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=eutTA7ahF6JicqoHKXQhVfMxCeGBAJlnGti253jQQowJaVYINUQ7e1gF2yeycSEu80Tqm+TkpG84AcJs16oClgJMoI3PKzoh+ONqvuC/xOjAvpsxtppkpAJolnYSLHFpq4tn6fcB2TsPcFxJ26gCxFatlky/TukZhazmVvGX4uAYIcQDwJIsrAmu7EDTl7JIK/gc37bexnF2qGzSip9JO75PpstJ7HAnQEqhlR5dQanO8Og5s/4tXGvplkywmWGdQ95D53v0RqIIs6tDlQYSM/XUS0aqqYlvyKuYMJ8P0e/W4hCwBduxBqnTdka8pX36K2O9AJh+EhCmXj+4W8hqsQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538277; bh=zJnjHW+YcVQXANrM8fww5EsB+kytvSDSGD2Z/KAfBOy=; h=From:To:Subject:Date; b=ZnPi7aYC9gkT2qwu5aOcdA+jcGlsxEbZUH4rMhFhSVTBljOJ1Qz4McypD2+WDM3jpAfO+USLYmdx2buXsCzn6+MxdtoMAu/J5M9o1XwA0NWGcC5UN/1bsoaKFFevT129kIyMbDQN3JdojuQTXnQ2XHSJ7ifp2giSJOcxIPRUV8MaFRFy0YQYLoyKcsfhbjhaOMjVSiSaMElM7bpXfn+bbRPKutsa1vF6q14kdzeqf30TlE41fcts4CRVxcAkYIZglaDFImv9P8an22vYGqfNLsFHH8voGVMd/hNKCbfoAn57QbNlZxygJtp+2drZzCQiIFV57sDFwt2r3N2De3wuyA== X-YMail-OSG: uH4Th8MVM1nbZKPy7QtCJwT_7nZQ4.U1nR2cSg8dMXL_jwyxsG0v8bdpgc6B8NS g7UGeaBLkbQ8c5.3dfq06_7x5CdSWIyyTdgat9Agqb7l8jXk8b8Nkk1H7BJWk3plU8XtRv.Gjrmp APtUAyps4J5fhXAxN0kqddbk2VeE92qBgVE7L7YPY1rOWFMJAqryYUsgJSHmBwUWQfmQu0DqKjo3 GLmx68VTJehMI0fCjTut9mPaK3B0IimpzzlGN3iNuOGxVVo1MjyFrAUl1sxB9h6dMRtEaoGfHzjr yl1BFy96G.JUvtJXWg2gcvvv61H3WjNRKzxj9C0SFZRAiXM6vu6IKMUt0Z75.73_CucICecHORjr 8e_8mBzqjz1L3_v2Rb7WhyG_6aX2akOxk70S0vvfevG47OwfFb_s652q7CBBkI4s4vom3.bdWWh3 ZFkpR4e1p.eIi5R1Phh9VRiUYYjXfhCWYHDJ_J64jZIi.BB4D2Sx27bLuVM2Rv08Nno9eg5tP5sK WuJF7AMacV9LYW.JYO.LFw8lR0H9l60qUszCvzdbD0K3RZf7bdAMndDMEnpYmE3emrupBmlJesY4 h0ClUjdAt6Aeq0dVJK3kycm20QROLBOsfdriPIaI7BDUlMFc0X.HPMnQ9itUSl1TdN4wQZD2Eo_G vMVl.ZRMLuV4sOpCUHM9sq.7kuOfK0gbFAO.aO7ufxAKirHWHy_tEWa8tuGdxwRjxijyiwhrZGLy srUktoLdy7ssKQQ.YERa1qLuRLl9KEK0ygLxOj4jtDt57ht9X7LzHQbJ5Izv8Y6edRYJMzaBlXD6 7PC1Ur8B4nrCnzAEjucIl_2rl4mX_q3Zs5WPuldwnY1h5_R9b.59PFGErm.I3USp39WbGV1RYPby LpR_QsGKiQ_2GIpug5yOZqSeNM386ObVw19dgCKC5qBg4uxnkt3TQ.Jpo3xeh9qDMJqqySF4p3Of OqBDupJiKHSe6iD955hzKyvf3DLCnHbFVyQAciPTslZJhdSSuaDAgYoA8HwAo_NR6i_hnws_2HNl 4aI_QLh.oubX91WxbN82P7qhEjGjyZdNt2aw777258MCsCxADMrREi8r8gLlQTaRD1FtarUZENZA emB5V44.idEQhgqwzLUTCczCYANJgy0F2alsbIFDTBHNi1jBxtlZCEsi.f05avZXoZ7AAXkU_6k4 qkR_GAzaSyLjF_CQrg.0dYxb_7IB0ffENRdtfbhrH6nHvU9.pxJjCgwvCwVcUBxT3FIOmz4iq0Tt Myu3u0dpPSsGL7Su_FKPZQAHcJsVJw2BUakciKAz8PbvCqwuYxtMB2Q0p3Fh.g6sJ1nUWt6j1kPY soS3Zarb0M6uO5V_dKwIfkXaqyIQPsnxkl8YuJvhkvnh6TcjlDDwwFDixZbWSfrSS9VQTqMi07zr wk_myVvCp9K97wD1qP6wamaNZOed0yMHkh2e3TATgllzXCykzxXrL_U92_JnQWwgje1xWfGVCrBp 6SjvSF5GZH_yznW8WhWH_feW.8hFcgErXMh.vTz2dQjMA84vZhtPhjsv6Z0xbpsXlNDLSudoaR.z Sg1Q32ucQZqqslNANycP1eDYC9fbij9cfBA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 01:04:37 +0000 Received: by smtp406.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 9732deb89ce3ad442102010a7f8bc296; Thu, 05 Nov 2020 01:04:33 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v22 13/23] LSM: Ensure the correct LSM context releaser Date: Wed, 4 Nov 2020 16:49:14 -0800 Message-Id: <20201105004924.11651-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 08737a07f997..05266b064c38 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2838,6 +2838,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3140,7 +3141,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3473,8 +3475,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 197cb1234341..5dfd08357dc3 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1273,12 +1273,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 9e0ca9b2b210..4b03a3e596e9 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -139,8 +139,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 833a2c64dfe8..4ae7e156ea87 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2717,6 +2717,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3228,8 +3229,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index dacd64d2d141..4ed7a0790cc5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -132,6 +132,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -531,7 +562,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1366,7 +1397,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 1f987ac23e90..8867df3de920 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2129,6 +2133,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2142,7 +2147,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b15222181700..2b06171bedeb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1407,6 +1411,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1415,7 +1420,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 8627ec7e13fb..5d2784461798 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 54da1a3e8cb1..e2bdc851a477 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a6dbef71fc32..dcc31cb7f287 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 94071f67e461..3e06efe29cfa 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index f9d9f68d40cf..9107ca5a6af3 100644 --- a/security/security.c +++ b/security/security.c @@ -2245,16 +2245,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int display = lsm_task_display(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);