From patchwork Fri Nov 20 20:14:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922087 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B27C0C2D0E4 for ; Fri, 20 Nov 2020 20:19:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 44BA322470 for ; Fri, 20 Nov 2020 20:19:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="bej5qH8V" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730465AbgKTUSi (ORCPT ); Fri, 20 Nov 2020 15:18:38 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:43278 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730450AbgKTUSi (ORCPT ); Fri, 20 Nov 2020 15:18:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903515; bh=9MAi/LYB0speU+LRF2qgGstFEyg/96KvotQ1I5WfdEI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=bej5qH8V4UgAtouV/CS2tLmgep/ruE5EAehoLRTNXWLbYVyMsIjL3FtmsbZp+O3ELg9DkEUpw/xALnJWCv0TQdw/wXTjggk4VcwPSpT7l41QxGab8vQParsjj6JqiW0M+7vn0uAMfE11sjcP1q14CPZDeGCcxJZ2DKysoatyd7QO2lLfslz6RsDSARl861Im5S0jUaJ3RcuYCwIGpi4lMXPkCQ0kq2hL3urnW6U0aHnt7d8OyddVoSzaT7fqVCMcXwBCOGJGLQGjAKZ+w+B+6nIW1TJZJ9gUQjrLl6lKKrGOOady9l4iujNEQ9rywPQT/NygqAaMsiwd0L0iaBwtOw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903515; bh=Y+lYtThC/ExlOTD+qnOBk0yHzxOLu1peAaLXotSet6m=; h=From:To:Subject:Date:From:Subject; b=VatUHeKkgKiBL755P4aYxOxWiJZIPo76RXi2BAR40uJxNOMxeI7Zw6y+HCG+/T7hEOgvW0w+H0giUHQpB3qLZlgmdcVQP+w7nJhU4N+YgXQJrAgPDNzHgCQJMZdt1tCNeBki9rPhVaR3CqfF2USvOlBUmYZ5qdDiE5Acmqb5/GM9kfcA44rKIb7PN86p4Vq8LvYJlnpPadVqZngFeQK1nvxEMtYDAZIP+NK9BZn+N/D0HOaS4GCpu04xNDefjIHPczEB/D+Y1oXBJOxRUiRop56zcjgoxJw8qiA4CSQEzvQW38jB3Fqwvn9h25qlIuqr+f+7R9r/USt+YC/5xN8yuA== X-YMail-OSG: 4qBx6DQVM1lyqmxeej7TQbyLc0TUsrN2ma5B3KO_769QV29_NOtVjhT3IgbNi03 osstjdU7iLHxPIoxq2yYl5TmNVVbbHrn5XZc3nclXxNCg6cpsbAC8JXUUyS15F2TjUW0JFiBNeso yUF45QoL4Gelsa_ZqXhJ7ByJwkPsNe8XqbjdO1b7NuR7YQ7KxR.MbLpisF0siZk9r2IOthAmMYJ. djBdHUPx2hDOykVkEXmVIJ52NtaYbrWaV3bRleLBHaxmjzD9g.cDWPD_9lvT204MpZo6RDH7M68c B108btKU0z.uEppdUsT8Q3ClCGLeTy_TMskHNNYhzIXFoYUwPjNSkShRHRnWmF.7YAxi1vA_PksQ w2WgyNjjTA41BOT5uzbv1ZYwczmrQ2wNvqVRw.1yQ0MJgd5h_19nQrQqc5WVe21nnPc5kg8YOdsp 7l9.vSTWt7oNDXiYeU5sz5InNqFsxAgeVrVay1Th6m2u.hHvDc3aGW8qS4dviIcs2tOsqurQc7Xo cxYeG9MuW81RNtGYkqwCEXufeehxsJNvfywYZa7AiUGkmoyX8ynoE4WjGyexmZfKddA_PYPybwC8 gYwOicW9PP.tb0gWu5jvUPMIJA216qxJC2c0d2lblg4JNZtDDZ7kuiINhv74JVbL2DmcHM3s3Zw9 cRLT_RfhDQ9x8vYykjqlHPSmIF9TmjzOzIUU_tjpMk_suJZFMySb6wBsN8kK.GA23SPqvkWpa4nr 5tgOXHAYXiBIxRZdorTlpyq.1PNuVF5O2FQN5XkqhAm2pmSNrR5pDDao7BaatqeIKJhYHEOBy_cy 4TGqHwnX6XS8Dp3OBDSkzwtgzBaVNIsiayGV0iLGJMshg3D5JF1J2RjJZDu5ZqE.kGb2b4xgRNnr 5tESrnAYclVcwvUqWbX65Ph7Q7DCNLX3NP57phmvTLoYY4WV20FzIxZrkLAEgz2PjtXfUcjFj318 BqHR5QT6hZ962tBHbBch0nUav7ANp5AvMiTkfh35iu32PaSZ6lZJDsx9YRo9NcG22a4abXOS9csM F.6wsW5SFTBFUc4D_Gr3AdDQ1q6u4vNvZYe.DemJXcV2HIDqnOmriM1ov50QKHXEtjaMm6aTvxxJ qwdAKnvJRGIac8p6LLFzIGzI7bz02QKYLED.9x1DIIhYT8FNSVgiA8cRZBXv8TIK4eRILw_NdA9X unJsmY10.jWTOBIztGXYEiyXms2VRajr0OXU0r2pWjJNxYM7dcj6ewl1Z40E2SXGAphKgr1r09z6 IeQRaghSzC1lOo.tuJBb4xg9Y1OYJE9EVBuRESiGRRRr.yzqLhIW4iK85q8ZJCaJS64geYlHTiZu mVjHG.wro16vK.FROG.YZBCJx9QUBOmHvdNdiQhseWcs95l_SQtMjKMSaIBYCaq7TMfM5wxFrljt a8hSJ1Bv4nRdvCWU4Gz74JArVaaYlTbUECGClRRzXvX43K0WUWIRUXmKWAFahbPp.y7OxNvk6zkv 2l.MDEYJCFDPxd.Qi6BHD2jCYZutZvpJL6LL2Ln9C3ZJPQsbvtbkCEsIVWcEQ0v9dN_benzS4dWR UEWV7MBxyEkjmLpGl3gK_eqXJTFbqRGM.6V7bRZFv9Hb2hX10_n__XgVbpM1WJ6zlvwREPOGEER2 39vuAwkRpCByie3paDni2xdQkfVGO16mlqSJoqJcZebc_DGMBM31OJiAVaknPpjEmKch5Oq8GP.9 Z3CAyq9NTvMMAI8.YjWDOw6EmqulJiJjdeExS3yE41Ezxe.HC3UtklP2BKPpd1GJovvmoOQzw7G4 ppN412uwUI.kdHi_75mv8MkKJl5qyaaqSG74STfLYF90RfYbT41uaSzvSD33srQpxXXbQdfs9OCI LOSxKMJGzcC7xv9ah46w8yEIQq7TufMARFbmroG2Gq5c2KI9r4ERGD2OPLuDPUZcKEK8lSFL9dRa gZDkCFMwBox1wn56pLAR7T2mNy7pBitwNYyMK2WMxGuwoc0zyTErEh2QfYSycHHRpEopIksUM4CR SpsTu3OHSW6rPDstGlQbK4lH0r2ErjTLjcyB3qwLm0z7d8vm96Iu63BIggXoL3BcCt6DrWiP1X.j XBRFRsSbYsBIcWLgwinxe0HbrywcaHimVkZM_pDW6HXp8EiUNZPnwJx8URp.cUFps0VCwK11rnl. zYAstC_MHfomHnkAihCL1gqmoArJva1vs9BiqS_VuwXpgIpiehRHfkD34Fiqm7yxB.7MhhSB_tNt RtLnSuzCBSCKSbRjYty7pqj9hd.TU5bBMAME2RjjwAtzIEhXsJQML1bcSPewSS.X9T4J7KWNzElU MW.VNWbJw5NOSvIOwHgIT.JLdywKsU5ld_t.KyoPpRxr3qw03wzLsZTyLPI4ug7i7TIfzNIeNthd yYJzIslIQi40tlSeceKTCZu1blfrWtq0wRJLjyz_lv03PWSQI8ACj5DXeoFzJ_3wqQCt208am9u0 PS7l9WI_hXtHvcLGpZqPKiVacG90.5iMvlmzwOP57Z1Ptoc6R9eCGbt9c_Wr6oU60_K3jqaINVVK J6n9p6rPx3W43p4VIjHanH1UvLP.eCyXCmTvKUmWTmbpB0xV4wsVzfK677XkF7dlVc3BI.vQBe28 4JpG3YGrLfi1Ai.OOhPWV343gfLuqBXgXU0u4MS2uKLx1ccjLg9h25uEWLk1EhDn.0LwN3N0g5S2 4KbhV12rObaGz6tDyEDiHw2HeYFLzcKJdUBkZzrujvaFw8YxX2b.httTPXOuO.pUefq2XutnbEMZ gsI9u.aMuCbjkQ6Uogkkfyx4hAtOjvf2yAc4KCaiiL7uMTd0SvkiKjA.ZxYWmwAfCRPRmg_xj_vv Kl4ENe9RL4jNOz363LH6mCzhjTtbkUfPJP4BTjrE9nGlqe.LkvRCCCJdongDC6KqCF3zS_D4P7Mh 40qDxobdfmVPVbdj_u6Ejg9r7Xxp3iBRzxetwuCdDe7RVh7zS7y4lSR_4B7hPt8O8NF0Be70UnCj AuQdoQEufRgSED47bfuKUXVytlMDMfFK6CMsNwftms0ZwjcjTgNKuu.Y3MctJ0ZinOjAVHfp5h4A j8idDHmKAW2UL6fxCkXciFy45kpGA3AXB_lprFuSq.XX3AvTZsIpJpBS4UPq_bKUZWibYdDWEmvj zZifM5uDKhDj_oy4487qyIQqPn_tAtbllF_osvgDAo7Ut.XlAuOdb3tWB3lI7u.J1ocK4LnMh9ri D7GbTdnCkVVnkFnFBSUJYxe.FnxWTgb5Dk.12cGpDRStAPN5aezS6YCupQC6H0xCos1Xa2GMbgmB f8mzkxpCQt26uZeVXr1JC89iUNUxHkFV9IzfZSnMK6Gic.40pTR3D8EnP8KiwX.4vGYRBhRv0_v_ QMkKQsfZxZvlJgMYIvKZ_qzGQgPENWEGlDm9QQoPfhUDQudgJMISD.Y8aBl3yFCbGrWEItPu6G0z t2mbe4hLap0Ica9W.bLM- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:18:35 +0000 Received: by smtp424.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 928f9f0a3ea665543955f7060f39dc12; Fri, 20 Nov 2020 20:18:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 03/23] LSM: Use lsmblob in security_audit_rule_match Date: Fri, 20 Nov 2020 12:14:47 -0800 Message-Id: <20201120201507.11993-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 16e3430f7d07..7dd6b815a9eb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -474,6 +474,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -672,7 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, f->lsm_rules); } @@ -687,15 +690,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -707,7 +712,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 6ebefec616e4..6bae2ee9b251 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -429,8 +429,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index cd393aaa17d5..3e47cc9b7400 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -562,6 +562,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { if (!rule->lsm[i].args_p) @@ -574,14 +575,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: diff --git a/security/security.c b/security/security.c index d01363cb0082..4ecbef074809 100644 --- a/security/security.c +++ b/security/security.c @@ -2558,11 +2558,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2570,7 +2573,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Fri Nov 20 20:14:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F7D5C63777 for ; Fri, 20 Nov 2020 20:24:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DA8A4206FB for ; Fri, 20 Nov 2020 20:24:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="q3POIyBx" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730537AbgKTUYI (ORCPT ); Fri, 20 Nov 2020 15:24:08 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:43835 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729999AbgKTUYH (ORCPT ); Fri, 20 Nov 2020 15:24:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903845; bh=OTCSU/TFUOOnhF4YxVd7UlRaclXtcORtUX6Ijvo1JP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=q3POIyBx8t1ypaQrXh2FUuyUqGaqw+NsVmNUOVnLZbbo2BdyMPT0WgEBv0OY3xoDiOgCfdiIkpxb3eGFWLM285KCfL+SrZ2Trg+h5hRHM9r0QsZ9yyZelEZ/rukvlU0xMTBfU386sGeDyxV1FZPOJlKW0pk21ChILLBc9QNY0H5v2A8M97OkuC2sd+QE7S4I3zD9kpExgjX7SZsvjg45wRCJrN5RPS6PLTpwFt3Tl7a8aVmcDfH+p7EEYSLSIhMV2kQ8OVZr7HEbTQeoMAkbtXh2+PUaxTfKCN06p6NgQ3UpvZfm0JkP9J+XwaIML5JlCTqIucqls+73CeSVyIiaHA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903845; bh=HF5r2semHTXIu9Qh5U6FCsYVno1vxysDEYQmUXUekRe=; h=From:To:Subject:Date:From:Subject; b=QP7mS43k+GjWJyUy9ellFmzcOKz3z678DpaOSDgoC7o8mMsGYghMEIqUAp+a+zP7dctUd7pwiWu2LkRCr4SSb6PKULIUIp5OM68hkLLCFMYBI1wyP0gySRJQtT3sk+b60eTqSzvHOww2JcXwLCM4zXb442IwamOWhyP+9+uCZqxMoF3nAEz6TCCw8PBmE5bdZgtrblQKm1NGWntEw4f3QHelhLDi6HrWaIla0WJWhTNSsDEqmLi55yrxsAGv9DJoyc4eU56LPV5WqgUiElaBZV0TmGa7s7/tOAt0aBxZpsI8tHmwFBx2SgMye9a+Zr7ZXmVj15ZdzGwfX8z14/F1MQ== X-YMail-OSG: If7R7yoVM1lWlUdez.Ci59Qa2rG81MdDt48q0JYljFUkb0R9cTUV1IF6yUxGIv7 HLpv.YCkDhy2SG_uhNJTPuGfOL.N7MKoHx7yLS5pm.YhSA.ORFdcitRWHk22yEUNTh6kwL3eksy. ulyQ3DJxznO.xhYFvIOVP6QInHUN63RKyN6O6Qy8ygonkH5xD_bqEV354GZAF0OlUssnfn1julsa m07L539woI3MYCclqwxN3uygWTkLxhhcT59DpifjKnj1P50uEpWKSzJt1aZ1yJ4OI.VGPv9uA41i ClHqCNbXK0lVT8XksuDiV4srGH.mpCrB0Lvu.BFk_FFqC6UicITW_bKxpmNLprjYL2jJi4nHsJZi fnJO67_eINZOX8pqyMe514ViDAUaRGPAMq3jN8wtnB_LmRA3_dTd3zHOOa3QXKNeaPc1D0Jb4prK KAIlQc9ZC5JE9rxrhu7bLrhzLofzgxBiTxMkbi1d_5kWpDge9y5S7x8recd.5Bqfad19Bix10Dgv ZItf7AWPBzhvf85PlPBno_OQrq9M89KjjzyznBmZbXJA6xdhGY_5BMtZxO8yQw5lB6Gq2f.RzV55 7Knh.GkPrhqUUWDtxEbAPQLioRtC.SFJjrd4sIPHDOCP2Fo6_6cI8VxuQZG0HMCEstQhnrYfslvf bn8ZdLvxiC73DIWogswdpsZfDsJv6uQNFWde1hX.0XAfCCo1oYUBMXLns4FJD9hHCaqncNHdUeso 71CmEJQaZKrPl6GyqpeAhcPzzEUnS_sYHzrfB40Y8lZFR._5kH_.A366dNnmC6Sq8dLjiTvkUM3p V_PU6poDmPTKreG2alOaVbh63o82BGIdzZGWuVhsAJoYj2yYSYtn.o6NTamMYl8Q6XdZKGZshHVD L2OF6Gwqjj43p0BSrKc6KqqBQisd5jmxNefanFpulA.Fb9qVdASXna0LXWWYm8oTyf1TMuOkjaOe XwqiSZuQjM7fg1c_xd9rJ6BiEbpIqC4HHPyfppzQLtvJ9b7j0fafjHzazwxOjbE2YGzFM8ejaXcT NTKLKRqBu7OV9QHJve8V3VPQcRiuBhSoZlPLNhLAj8w9bVw4RFyPFUVV5wRLxdSoOULJvOSzf3RW k64DGJ4Dne18Y1kXGPzXyMskAW9mbj6H4TCWrSPZpl5E5lCkyLtxFQZGlRtlczUiWPEAwqw4qLHg BSng5AFS33eSTcFGD3rvfKizbYa9sQuMudwBNzh8YpXwJMMJWej7zrC8a4QJwInr4hN9y7oD58VV EOex3Yb_ifFBERNJFhR_RtPL0vsH6EPhXnIxJE59VOmawg1NMDh3fGKQgW2BNfFSFqOkfYsU.hTw 8TfocLAgjxpuoDXNSIX6N6tQcojoIntR87wmOtIvhP5B4LwWFnrosJm1Ze3yIf5UNo9Pc9b5bBCw M1ulHu1rQlUQGjy78sn234hgnq.Xz.atk90MTbKXOzlkUhZamEQRJpDhmRkJ3vFJYqMYHM8ICjd_ otG.fJX8b8PcSTOK7PTnu9HvMyUDHkMyUKWL3LKdbh2JpyQKKjWb6xxYEWkD8lp_LuEwcI4dYW0h ccFej72nCmQXgFbrkwEkJDuMdK3_Z6dj4SkhkpR02GJkrqLrRaFSuTK5QFUIMnqBudy0uv6HfrVh TMxxZ.cis29hc9_F9PZc.fZ41WoLLa_S93PFH8EHa323fDpvbAv7DzTMHrwKLdc.uM9DTOx0tuaE wjwZ1PiV_5veTMWYOD_f9Iip2.aIM8n7zyRgfAATfXAZVe4E0yIvIvWhm7TIo050N1BDtrxKpwBH nf_opzTkL1w9sd17jF_Nuv6WpmjzIoj53tGg7AEKKD3mW3d222aFjzo8tKEh_e3v7cuDQ1avVmoK ioMcbTzVqpTy7ClIe9q9pyFWQgLXv7iYBr.tEkdj6q5cXiWrznoPLeWP.3FrklVdOaxwTSS2rf9G rVWCc.quiQsavaVuynTkwXxVCYqxsC.pGpTUA8wyGqyDL2jXoijcP0SYQ2PUXJUdWJIZgscX2Ij. ptPmrLh2CdFEF3J1OKtiqctlbSnl4hK5wVz3OBjZk6WMsXe.OP3zhr_MfPwlWHTaFuYsgk.9dILy Eg2jKHjwLSmgyZQcYi01bdBibyiqVsjlPxXhWZzVhoJ7wrDljjCGwhQ7b.R57AmJNdRZkNbYTT1y BlJAsVu0Iwi_L8yHcOKSxjPa3n1KHEJeGAzvflXORUCi6TjYkTMXW6Mp3IH5vD_FbPSNOze3UEVH VvQ0FckRRlXJ1DEQWhjo01qHjvNxzTQcAB1rOJi0sxIyqQQqZ7tIuHY3we1BSRE.6sVAowBB.TfG 3PKDNbDhNWIJQc_DGIy.SR.C8N3SWEwPX5VGhgumslFVpjoPU4iqwTd2c5wsq3a8QMzhKSUX1yg3 8iBTVfcqxZaXti3kA3TwhPrtoVc9VpdbDCLdrE5oIWxva3sBR.5S7POJqmkNbW4_EzuMj3_rKORh zDBkUNUl06A21ejgKouZs5JXmXCKvKTzr92byqOk0NYFErzxEucNDhfNwooFb5XMDrGS9FBz5D8n K__XEBKQ4xWt5QiaUvvN3y0xlT.C_iK5q1BBFopLma4iIU0vv7clDh00c1XxrbLyBWFz_A5aTQ8k fbAwCgWZlFmG2Caq04OcU06L2fpMoT_QP35JnT0au8lb2yJleESm0psUUDgicuxVXvlnO1SgTsJa ENjie3ZQp85Yv5BXzNexJtcgNduNpsQSJTK81cYW_r0_nWvOkOE5Gv94K5veAQvs8BlDMdNXs76K xRXj5YSlitAzFQO1Eje6r6DTwm7EA6TYjdruEoIY4S6YbjUaVjp211uIgXYrlVop26mYXXfXHkgQ _8bPZTQWH2w0oyOHJYWiJv.rXY_za6i11f3hFhl4YAEEiRkQkvC3vCB70ihfcrRUvtJk6rHrApeM 0p5rkx8chWEBFAOw65f3aI_xFbfo.KJIKb3clFiT9xmpM0lJUq19_6R6EpSk2vNoCXpBiUxcNLWY vaK73gLZYz2XcBR0RAG2G1ZqTPojXj8CgWorulS.HZjA8eqA5Vfsxiz2gLYlF3BQb8PdmqcXIqCT MwQ3aZtoWuHeabBRDThPZo5hA8yN9iuMYE0aGmoCOxFcQ8gTjjj4OVyS5Gi_PtgEe3NYneDACMV4 cTwjKZNl9DiEBQAE8MNb9x_OJnI.xfVUDabTN5zEw8bmbyuY_.EH5Bqr_WNfRF3Yt4LaDtbI77AX m7WgmG1.mOsPK49YXXua1Pc.1l.JBvzbmHHeAjjiTRWcHIo31N1H7aPan.ZuNJCm1hRysIyA.QbU bTCoX3TKwgZCjytoLJCXfmAmawGCNhCBdKPdr0kT1NJQDhUzZHvYLxN2IIpwlVBoMWDIeq3grPLk a9S.NEGhm34SGWlvn7YlpDSGwaUWn2wlwsEjrt7Ac0jQk8BlvERgDaF.BBjeXJiJXyC8kuV5EpkN 0Ey_sROuEwogQl0SXYnDaNNRVTRb.3jyUgTruZBJUg3bNVKHu3IqB4Yb6QdzZdLV3VI_WtcpX8IV hlA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:24:05 +0000 Received: by smtp403.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 13df31277140d5491dd9fbfc5f79afe2; Fri, 20 Nov 2020 20:24:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v23 08/23] LSM: Use lsmblob in security_task_getsecid Date: Fri, 20 Nov 2020 12:14:52 -0800 Message-Id: <20201120201507.11993-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 7 ++-- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 12 ++++-- 10 files changed, 80 insertions(+), 73 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 55f3fa073c7b..08737a07f997 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3087,20 +3087,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index be8db737da74..6b9e3571960d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1155,9 +1155,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 4cd6339e513d..9e3eec0a9c29 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2136,19 +2136,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2356,6 +2349,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2366,7 +2360,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 35d6bd0526a2..8916a13406c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -473,7 +473,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -670,17 +669,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2440,12 +2431,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2461,6 +2455,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2472,7 +2467,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,7 +2490,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 18749705a862..cabec85136e1 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dd8c2e4314e..2a18124af429 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -65,14 +65,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2d1af8899cab..c9f1f6bddab5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,9 +430,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -468,10 +470,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -492,10 +496,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -629,7 +634,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -649,8 +654,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -679,7 +685,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -692,9 +698,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -809,7 +816,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -822,9 +829,10 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(inode, current_cred(), blob.secid[0], + 0, func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index 9c1098ecea03..421ff85015da 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,10 +1799,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Fri Nov 20 20:14:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CB7BC56202 for ; Fri, 20 Nov 2020 20:25:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C8B0D24124 for ; Fri, 20 Nov 2020 20:25:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="taFDl1Md" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730673AbgKTUZP (ORCPT ); Fri, 20 Nov 2020 15:25:15 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:36135 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730542AbgKTUZO (ORCPT ); Fri, 20 Nov 2020 15:25:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903913; bh=kp4dWfdwZR3/duFNL35a57sdXSJgVd0rWpqs628JXTI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=taFDl1MdWUcnKWGjWWQvYrOjVfJO+Sv7wHUUP56vb5CsYr8TK0wEehFj9phr9/KU2DzGXPFucACNsM0apCwsv9TC29Z/RPsZh7j3Abf75MXeagNTjLyEd9LW3AIxrIl4Qcc0uZJUp1gRrGewdn/E35GuHMBWGHqv8SOEaeHalxM3gNyS0gqUM+OkZBSl/dHN48Q1G28wFN+gcBRqmOTF8lX0+Blux/QnlReinKd0t+Mx4GD0KzR7SHi+qYH7vQ4QkmYlVaBTNgTLJfo6I4JxOj5Lurpcmt2HVEvzDtl8NgkZHWhHpsHHn67BjsAvS4vxvvnvGePjv0cWGuqkIAISPw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903913; bh=T177cc6gmedjQsnEeWMQbEBsJ88iH0N6Vbvr9SMRNVQ=; h=From:To:Subject:Date:From:Subject; b=dHfCD8RdHvfSigU0O1m1zNMwJt4d8Zc8neCZUBqu2rzLkCfwiaVczn1AmjqIVzPmozfwQxYgMR5J2R5TLO8tgIOvHLhlH0C+Y2nFyasdcPGPx0pC1c/YSMguiuReMZEn8OJf1irvPw/nq9tPE3Z5WiCeqZ/q8uobi4uEUynR77x2jj4rdcsGD6zk1jJsqfxt8OUf/Gwn7rmsa9AMYm1+dip+pdA/8n38tgcti3NByCnzKpABWFHbUEclBTlmaWX1kclLi5MYKvv2fD9UKBONYnf5ynA4O4MQ//Zra8BGlKESiKSp/G95fzaFETp6ESUT7nHV9Ko8jHrJuWwForTPzw== X-YMail-OSG: rFKwizcVM1k0GQNDH8B3.beB8IcCI5XoEo28AdhLACD6QBfIVDUR8sLRRa4pyUL ljeTXnEmDqTegVl5AnjbWLHs1juvfx9SVh7DqB00tRd14JyYRZBE6W2IQBH7r6OrbbCl4WtRbuTC tpMYtEPVvXPChwFfmR0NWlsURI2CNUTGv2lFx94EObisydryh.kU6e199YUSTzo3y6xjFTipY5EF SFAsnKfG7MRwAsGQ06n.IjVPmZyTrH9rw9yMvJqrlgBJhUtWzPhIwX_25L6aQ8RhALBH3mPBXws1 hjb235Nck8y_8g0iqrkE0jSwkYK5_c4ndYYZ2gt1puxoUKo.kJczEVyqHy5sm_mMizQPVkaSEbzt HPJ7NTwHgBJBgKl0qNRy5wqVz.iDHgRW.ohKDoPDkK6fgEYKxA5.ijt2vwBkxe6G7A3QL8SeZVI2 EGIe2dX_zKzte6wIvCCutfl7ZOjeZKHs3RdQ2pab0luKZQnc6egjaw5BOBkIdi6OwudRRz9TrsMl TtjGxaohPxuAoFf8u3MgHyyFREM1V0EK2odqN7BdOhAS.bnUULFrQIBo1sf6SdE6XiTTp4OLMdS5 p_zkf6xt1JoShSZOEao5eAQKjhD6T7vAIYIJ_bHgw_okwfHKXxUAc_G_eZi2bNsnhOTiprJ_DD45 KPTW1Hz33QG.oNYjA5svYdmin52ymXifSfmQteQ7rDcewROg9z8wrG7lyF24uRcZSHRbTVi5axeL pY7DZpdN3mkpCKxfCYbg.hciPyJQ2yv4r02VnOFE4tyFuTo6vY7y8DpsBnhfncNbEXkhioutMxDH 7Ggxj7yWw2Sm4ELVOjx0jiqpuqysbvlVPmIUf8aJ.Z2wm6ceKmKP7AekbbXBaH4Ab4SmfX2zE33e clNtRA1fUPWtwMlvGJVYu36DIayaxHZvYRBCWRKNjXd_b7Pmaj1kefPGud_.TzFnwGi86cXtbbPL F7W6NqJrmLhVZyA2jzY6FpKFsTkOHv9Tqn8dEnF6oVnkZyCsVT9XG7f._0yovx6Q9LLrjLTM49aR cGSPyNttjelnKak9ku6TO9VRQ4aU5wEPPxiD8XBopW3KaI9RKeAX00DGIXQYwljwL2UGj0qxFaVW UeR1ML_w5AD0kcIXpwdNQ4OSOiBeCh6gK625gDCVWhBfofbYDdO7J9oCzs119UyPyc7Q8tlTY5po 7pOAYTY6FUcoSPPVSkqf.mdX8DvsnKxNpxTad7rC31faQKGEAUBT4_1_qgdeUgJnjg_.ELSQKLPk N6OI68obUUyL5bhyepaiUsWcTTeeEiIbcovTIax81cnRARoL1BgffAFvH158m1v.kZgABqBDvqAV 4mGN1LEMYz468IHacWwTp21Ipp66UWGXfAjlEXKZP.9f9H94b9plTBhfZyY3WnhVHVOeS4O1xzM1 kvOG19849Xc29_KI2tMOpuWqsPt9TLYc4JW7vEhweg1fR0BstxDnLt3EfUNdpGh7hG.NKGVjoWXC SjRxhtyT_zgu5UkBLhVDVnhVzTi3nagndR24DHM.Cn5B8OMma_30VDXlO0lx4JCqPobL6dqu9HBE vgYu9jQbTllaTTt92KENMTvQaxtRBexz2n8U5b.Q.Zod.wYwLwfTfb8Hwi6BcKI4oJuDOelpFKkJ R4CfuAojTNynKvtpFYYxJgPFtuMyqazk_F6mqc7z3iDM59_OpCUXEFkN.7vEffGo.DArPxdFMGTE OeYjnpcA_o_6AmBq.FYI..l7ZMi.qSyflSCkVkaSoQTVHxoJm5CQ4at5Ul67uuaIC4kSL4PUdqJ6 lt0KgJZV7BcXEslNGD1UzSboj0sd7KXPOm66Ha.iomgzBeZP78.bj.64eoWdNNkwVC9CljdrcSoh VrVxARcb0avlIVgh87dSkC4hBjNkF3pYEWvKbJ9KN4rdr1pFa9xW4SAzolWDheqawQgXdSqHgXxa Wr_b97_egVB2iohe.gLedjk2Yh3bKrkbZEYprUrL4n8zDGVCx1685HzY_p1FvWgB0RObA9eYKAxU x1hh54VGofGpfW8ZIRyGZll.E.vbthNQOGpyqy_DkBKQEedfWz_8rnYAR71yDr1zNEYD563Jw4Xb BLuCsmRg.LpL.s5xGM09PFa5PjCAMR611zZcsdzOiB96j5xbdYMExlF9I5slZCttJSimK4PGLXfk w3F0KAw.rgpVXY_owV8FOuv1ANIBO9dTIZGkZf8aBtdh1rUb0EMnn7OvcY1LkXP3b9YF6xZvAYX4 qzuhWurX4dLvBNDEp8GlFUfk5cvSJLNbV3GAIdJPZJz2k0D_VBZ_fOgYphzb_gjYaO5vHsSxjOUj rW4HWXo0RWTS8xdR0ry6p9Zp6CFcQEti3zIur25hMG9cNyP5h6pfmwmZ7XqGb1b8WpFCYNgrv0ZS KSGK3Tt_lx0IeLa8BImMBt1KFrnZ7uI0oP967j4q_0yvBXcouO_eN5LYDMH2nHz9o02ATKMUXwzs 6dYLOi6ZkDTZolAkdD_.iGrgQMqSRfriQ5HdjtX2jDJLH9G2pSn2k4GFaizOfpMD.3muzwAGDXkf A.CQbspb.UfPg22Hulw8dZpM9H_2EGTFSCog51DayhplMNrtgzkxd47SoS5WvsgnU.SSN1.RzHKj 02HC.NvpRdkzuaH3G0Mye3VNvmKBx2CB2g3pyuUvSv1k.zAI3OyDDkM3hR9f4_ZsXb1d6h2LN5LW ftXmgd2.yxhdcQvzXyWpBshAHa1zid38lJ.cuC3A1Bua3xOHLyqeau9IXAo0CE4zZC1idZN.qlr4 UCF2pEytUyL7.N257J7FZDfw5xAVtw99iCMlFX30Qqnnvg9HUFWBqbozZJ6XJvvdCBwPW8UwwCwO HlEEBOFRFcAAxrm.EiX90bKCA93kOFz1NtEzCpMwUNkkzR5ngCAuQNWp1NZm.SCKV9EpJm39KhJD KA8fxp1lldrzDefwLhLclS7Gt7EH7K6kY0Xx.ZlSFxi9EQ.VAX4_4TfmVvYptviv6vEwndnwh8mV vfcSTs.AY7ZxqU9oRJpl8NZOwq6sZ2TxHDx5CrvyfnS7KB4hG9iZwjUQSI2I67mQ5YMZ1WJA51W2 oGZ9h2w7ARaADirOnIV55Swwp4Jv10xgGtA2F_9H3QYY.t3Clb88PPb5kl9Ha8m6oi2PxFEDUXLI bdM5iwf7AcPHMyvbEIP6rimuHdLW9KemZwrkieyM2RoUVsbNHbz9uJ8ZFEMXgQFEow6TEo8qjGmZ KtnqJx45fZpt41B3NSJwrKCR_83Q_M3TMW.ZiydkwjbSYSEOHryTolYu2_Z.0xRwjVXIGkshz8T8 Qv35piuOIgD6u4Z2T7EAcy9uxLutem3rinlELwVbDOP4l6GxwTFHgSEUrg4b76S1G6qdzd0yVZnO 0mgSKVhaDRDxLd15a.U8Quo93v7hr5KwfvjmUY2JP9xC9ap784b7OtTSeTrUqPU8CNKvbCZlH.l2 8jw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:25:13 +0000 Received: by smtp419.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 75f68069faadaccdca8e0dfd07d5174a; Fri, 20 Nov 2020 20:25:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 09/23] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 20 Nov 2020 12:14:53 -0800 Message-Id: <20201120201507.11993-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6b9e3571960d..a7968dde27c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -436,7 +436,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -963,9 +963,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8916a13406c3..b58b0048702a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1980,13 +1980,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3e47cc9b7400..bbf9fa79740a 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -561,7 +561,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -574,8 +573,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); diff --git a/security/security.c b/security/security.c index 421ff85015da..f3f6caae392f 100644 --- a/security/security.c +++ b/security/security.c @@ -1443,9 +1443,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Fri Nov 20 20:14:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94CB2C6379D for ; Fri, 20 Nov 2020 20:26:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 51D46246BC for ; Fri, 20 Nov 2020 20:26:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="jHi10s6x" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730595AbgKTU01 (ORCPT ); Fri, 20 Nov 2020 15:26:27 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:36332 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730635AbgKTU00 (ORCPT ); Fri, 20 Nov 2020 15:26:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903984; bh=ociN9rc5MgUa54JEw2DtkHS55iR7GBeupgmmWIRrLO0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=jHi10s6xBX8WVxwRF4C+kwiExKI6vzdsmnfk4Qjvc9z9KuO5qvKE2z0NR3y+787KCnFvVxR+qnc58zYMvNaQ7+TRTeqD/bPFkSI+RiAQRD/MW1I8few411tFAsRl0d21lbWwY4GeZ+VhC1QY1EPy9ZG0ef29SOL0vCzVUrCrWiJGZtMHFgMmn7HhYn9XNb9ntISE6ZPJQxhSNHr7GSdgg9ClQZmcMZb1mX9KBm00+t4BAdDaIu4XkrntSY8Q7mrB/LF2TVlOQ8DuCS8yc/2AdMzOpK0LFvvBk3Ym+Ix2Ynf11xf5RYJaYtuE8714TO6LI7YpmcJG5TiHOdrjeHx0kg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903984; bh=lCwoQOPY3YlAqAiLhuxPVs/VumTMzrLLbDV0aQV6f5E=; h=From:To:Subject:Date:From:Subject; b=Cd5RryuY/3v9bQgapmn8jV1Yb9sXNniI+G3tjsOpH5vuYlhz01Fei+/jWOEI8DFd8IMQFqk8j0VjuQBrAsrcwyamPy3wzE7VG0Dq0Njet1EoC6uUIZ1CGzad25hcX17bqH4NjQs7E99TB5i/qMJyUOz4/tAZxRXtt541l+ZVeQaPhq0QKzTlmHt+uBv1HOQ734IVrtHv5alUUa2JHgU7ESS1q5D5/sXk4CwvmmhtJzcrkmBklgs+I0c8QxH+PniBUiSxzlBkL10E6DPjDGtcrONL9ZmVD7rj68L1C9kUd6iTLk4nUF+kBSYRN60SBMKe6x3dig9xeTYTNYLTB5wjDw== X-YMail-OSG: kBvy1OQVM1mQoZLm0hBp_PE0.zTAPEmL7VtTFZXfhqDlIjbi0Tqsblv0rdlNczD .nKTeV7xFSRp2bVBbHp0Y.fZI.1pzDxI1I5KENKSy6Y6Krt6IPl8mKqqPyy064xhMTlNMFYLsIdI bteX1XZu6mCkS6Tuwv.erXRWNCbfaJ15zCLuYFFL8oNohEnODGW.2znQOG2Q_EVrptqMZYLhKNdW QEqV2KEbhN.4cFyTtKMTdVoP7i5rca6g8kuvLiehhgSuG_BM41N7L88MLcV_G5CzXQzrFfTNh_yK aeAw22qBS2gIlksN7FQJYehjWWYrMg7susWxZj6qL1nXLFS4g7a8bkE.xgRrrnVGMhFcbtCFsMPr pkjQbEcdupSOh3GWs2XHz9jxJA5iKkniQ6eZgi5K2bVrXnOCmcus0Kmb.ohIPAE7JcaI4C2Tn.8L ma_JGJtWimdeB0WBcQ8PBNiXUOBQMB9JnbZf7P6k98CdjyUUUqPByEYDJN9.WIQ_xCAETEqf4xzS yJ4H0c0_SThF36G18JVubRQpKzwmZIYgKEgWXf.FAKRW7XDtcoLWpKkGlZryyA2XQAbqXPvWdv8D Nc2iP38rlxw3WCHfNc89jSeRXDS8oGNIhiyFGDCjlswXEaxIamIS3yrNF07dhdK2boG.cwRDofxd ZeGbrUsuMZl18aWdmhPKuAPijTysT9OiebDZu3YR7dI_2DyQzp1dxNnaBmcjShm.JODcEwc_hTE2 ZCk9mD0GGOeVhpXv7Px6lm4V2M30D2P9QhG_a7X8zsfDjoOuOtwla.DmMc2ewgNALSNf106b2Z_L EzF.JgjBzoYJHdnlnZmtwB7A.37qbyD3462oyWd1ORgQE1hOBxk3JEKVJ7Dd6wU2MZDlZNkjc2Pi HBrNCqH9UsY7gVLqLkPTDwkm.40bVtduTRf.vGm50280CRc1LBXIB9dXHVOG1NVVZjI50AVedIfm ZmhC3rcNvxKRZQdR5cq6hyjgqMdpkFU.k5fAjExJT.FYBEI6hEVi98o5eNcbwjFmtk1wguKWNlDS SCaOmSAitGL7FfCBXhValtmEq4aisGPztA6DgFSH98ue5UpigTtSd.4g9U.yfOufcp6..XGSb1LR gXCYf9RiwFljFXzClwlwPTjdxTa4iS9foQfrYGQEWanw1UIuF08DQmkkFi.Vc3OKX.XusXzT6Ix8 tQAv_8WmuF4X4ZQTcFX_ulBsjjl2tJHxF7YhSIhqpMI64m7UQGeOQbWwFE6vqTue8VfDfDMNLSrs H.5_e1enL3zISpxIU9a7IX38mAn4oOpVsFts2rVbe8QKzS5UCBbasq6modB4loB.ON92iv9cEba1 z8Gm.errEbJILOClpAO.QSuDA62_bS.PFOefmyPUbdnDxchquzCWyee.ChWXl03wKhvIhe5NoRvL lqbR5zCqLgbQOmbi34UF5HAbKkNa9lEvtnK5n0VUaDk1l_Hh2FPhJitP1eHNC3C_Fadt37oUa5AG wTsjrZK.rD4_eJs1lH7GKe4E7JG82JRl59K95c4q3MeVTfedR9ElaI7hRnBSWwDZR5XdG3ySXt0. 44Nk_GnymLxA7UHweykolwq6LVwejXP8aFJbm8SSN2EAeDyyodExI.2AuAP0ude1ZX7vhl_9JSRs TM2APCGeKHr3mgR.bq1ixOnDdD5JK3A4EkKTfr1UDqSTJWEE5Ve6OwMPOBcvzQby2CZWRiY9QIuB JoEz07w9yEJCbn84zy9E0juaFDiI2.L8n8xVUAHysMLhV1v.kcPZ3s5s0d3w1l.uCeYSqqiBhEO1 6hYMzuXKGbxzWzVB2bNp78MS6ADpub3s6FIlxWnyzT911._x2fncxayyzArfACNF3QhJvMpk0abX O77HCLG3xTde.4BLN_vwcPIq7kO.tTPv3uIv.75Z03VflqIwI.HhnrKUzvHGK1l2_FNmSGcpee0i gfr0M31V4PAj.PYgNDfizH3etSBwQsm_UaF.xJ7ilMwFy_pR5FAecLvnjnpTQDyHRnsZ5NcmWLB9 RiYPkcYhJhEJgZija7U5riJjEcYTKPHTW1aHytAcGftMz_dx4WxW6bWz6l0k_0_lu0w7tZuAUe5N kH8rv891rBTa7_KE0sLSnXm.nIkrDkDQut_kV9snNSI_dofeLjoe28i.K4VXzZAmp9IC0NEbIn3P _u2c2arSOVTjhnljBIoiVQZ1YI7kTZvACY2jmcmNtX7KGJGbOkosBtfm.eA3s9V1P6qID1dxvaik CghGKW_HNwSk1h7ehvlkeQ7QTA5RfDAi095DSVn.sz_k6p0tpfwuKzZCBLBTAW09e3qMqT_oVA7i fuihMrStPiV3z1NajiJGQSO6rGEx9IVUjC45rOvDXYVuzTMLmjJ2zb3P6yxw_K.wIQgZcBCESo63 ynRqpRzp4UVfFjRT26.8X_h_nwI9BEbaDfvOwGfNZGG63UjAb_e1fXw3iSAPcSz.bBDrkTnDZInJ AJrwrNjwoGOP4ZxCqwbVmRUfotqnxkfJd9cR8_u.CxWDZ1nEG_Y0EEZgjuW5qslEASneX9FRSBLP Yg6Sq9CgbfcqQf8zqTdisau9zN3HqeaJfWH86YVeKI5xx0FO.ijohM9Z_H0LbAtrXRfP9cqOoE0w 1E12kwtRrBVxyMT2YLMA9Y2P4SjoLf2ZMrioAq192BvB0951GKED.V2EMDrWdJyCdNlZArq76G7g t.UIh5Y6iEMEm9fqZdy_aw2HPuX4ghHZSDuZa.5HFQHHr0DdYAgiILTKAc6YqNuMMbS5GLXOlLzp 8LGkdcCe.S.VDDhzbg13PiJVKgfd_p5fMc3HEr8z1V0n5hXvPQdAfdKftxahkSHi7UkZD8DKjj_T .ub8GsU8qjOYUv_4qLHoFVlYVgWYKoXUHi63DEpt8F7WGJj20IOZPYHogF5AVhqNOh9YUrS0x3.. fV35vK37aH3O1GRnIHrktbGUDW5i2hERU7RwbZ_DKZmERn06l8dG4lEZpPOhzeEp.b0LD6Zg6iUN 4kiWK2pzT82c1oUTtLqXlDMUsd3W6C8uylf6C_zg8HcW0.anLenFmFeUKqkk1DR0YmlTnEqACIcy L3v42aO3TPVdTuN7YTCpVfcxuA2g4K1VfQwMBBAyraWqKwzx0QPgB2V.CEYaIg9CJxQZt5rnvLcr AKfRy6NADCmI51DeBv3zecwDcnjI7rGHZWqIY4OQz9hAPBDltolkreocuhVNzKIyLu3bVEvKkeuE zOCpSKdNlAMQWGspQyxe0TntfjKvvrrXKBU787Ab0uNcqjb7SDMaj4UzK3EyAt3qkby_Li1g3e1x TP8ZeNjrUEwxA3BPPX3AEm8fK9A39LlLygoN8rq9VfYXIvY_RgsONQ7_XaD0i3WoUmPUnaq1fQa4 n0PryMkP9cyxNw2uS.Mk_oq2izictToCzgJEaA2c8My3XFhuIeXkEj4B32TCUbgWsRRs0lTAsjiQ - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:26:24 +0000 Received: by smtp416.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ec3a54960ce6754cc1bf168bca538386; Fri, 20 Nov 2020 20:26:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 10/23] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 20 Nov 2020 12:14:54 -0800 Message-Id: <20201120201507.11993-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a7968dde27c6..dacd64d2d141 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -463,7 +463,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 9e3eec0a9c29..1f987ac23e90 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2349,7 +2341,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2360,9 +2351,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 3b9c0945225a..ce41886807bb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b58b0048702a..b15222181700 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,7 +113,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2435,15 +2434,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2459,7 +2455,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,9 +2466,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2494,9 +2487,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c9f1f6bddab5..e2fd092a1023 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -469,7 +469,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -479,9 +478,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index f3f6caae392f..78aeb2ae7010 100644 --- a/security/security.c +++ b/security/security.c @@ -1693,10 +1693,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Fri Nov 20 20:14:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CAE9C56202 for ; Fri, 20 Nov 2020 20:27:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0230C2415B for ; Fri, 20 Nov 2020 20:27:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="TQRrAoVZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730853AbgKTU1a (ORCPT ); Fri, 20 Nov 2020 15:27:30 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:36308 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730598AbgKTU1a (ORCPT ); Fri, 20 Nov 2020 15:27:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904048; bh=XWyk0JADyyo2acfofHqJ2zRfDUHoIQYgdTRToE1kkCw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=TQRrAoVZrb/9Qw1hQGEXz+i6a0m857KW59bEt9qnWwWmwkjdXUHVyBhoZea4nReFqMn6r2yC89rtFd2YXdVfaeRaZVV8GPZisXhQPwbUQ65WBIRTVP1tNHCakagTndaso7OoUKfui94xBqnKSsySpEdVmD+kOmRNpDTogsgtiBzGtTATEDSceDTFPl2Kt5ZxLeRJLFciRQlo1TffX9saxwPV9c6UjP43Im+/PugiDJYQnf9CcMW1ATvPUFO8hNP+Trdu2/pEvKp3IQCU0TBnqlfJdM/zRtGTLU98tTatzfjZESKqxirn9U+AKsLxn40gUAlX6VvKeJl0w1eKwaCAUw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904048; bh=TESIWD6Pqyx2X94UUuvUrfBMsUY3OOPN8yg97WTt6MV=; h=From:To:Subject:Date:From:Subject; b=kVr8NFFpualmR6hcZ4LtObGAqkjbSbAjXmfcIscc9d70zXBdLjQ9nu/EgVGgxXYMxlhiJEMVYLoJiWZwkaRply8ZPdLgKSJLEPdEOtOLdjmPASyqv36pkQaL+c4EiaTtSCdXGJJn+u06mhss5CsNnKL3JJ5TP6GcVkYtuCaPA0CNy8vjRpoLwGIeF0EB9FS4lflggg1dB+BF1k4HFUWkLOQ8/sqS/o303blMwYJOXkoGhYxEhuWTndmC7aR+Tl9+CsKdxBxh6chcEJIlvg68WxIhMs2QWaPcSokIKNvn4/1s8XmjY+Uqot+1llBtRQZAHmvb1BPfjgMPfq+GByPsjw== X-YMail-OSG: t7iiHXoVM1nhbuS9swUS0euISNnxLIlp92hVwvwkgxFUc5FedXzj8ndrxFKdYfv DNtOXC9ZUYzP4fTI2j3ZfpdYU.9W.027NcE5L1pKoyl8qT8Es6mLfNhBGoNo2gHG.cRCGp8pvNS. CFnKNB2sUwZIeqSR9ODer6Z3n3cyFpdIiOdgJ8bROvv6qIqSHB8fjJEBgxOnlH3eFw0pO42Xd2y9 _zki4q7ieM8xCvAtzptVUYmU7ym1ASY92txd9RrNGme0MF.QErOBivnRJkKXvfwUO7kZpA2syJoY mBzVAF26Hdenj2tqywiXhGz5NDkOrdlmk_A1T8Zs0CocpAj79LX5DPZp.UkwnuuU1iIlYapTtCrC .U5zdQDeU.KYGqpgm_wKMpi6.5cj8osnTiJFWzrlSEb758MIdVODRiYyBdiTnvaXOA3.GB7H1Mdm _jCoezyHMekBu5B8n.N4OhUBSKXV6B.UJEQFU4kcDu9m9RMqeN6lZH4nPRNIeVBFH2V6WDU2YgQQ D8UTJx6jwp.hUdh_6eov0CwKC6JzmbW5rVHJrMLJ9iUMxWu9ThXK6FOtwsA6YAn8QdIF09fcAVwD jdjf9pPhl3THBB2cd6u6llduUB29VHJOHAlrxqMU09FzE9CYEtqWnESxJ7ObwcVwS22yK0hM7ICI i6eZamHWr3_7IZTH7Jv4Jiux3E0_ERi3.gAVuxeyibayyItShSHHLT43IJ3yaCiFoVEogXKTxlAC tIKlHJMhGaqZyiWhEwgf9GVomtAmS5KwwN9uvOGMqfjj9e5sYIY4KFkqKkI92rN9e02ywe4fROQF lM6gBvIqYEEBL8Mag7zui3d0HnXFEDueSb7j61Dg1LLgimOU7Yqy_cdop8iO7V1.QfbgN1wKsMPN GgLe48UU5F0wmnqzpVqG0_mnZCMYiZfx0kRT9sAAWamJi6IVyTn_24msTzwu5Dxd5_f7VpYGoFyY 204EpjQy9Gq7vb0OtnhCC6T3igJhWrp9klSUC5Y2V2wk9JOIlj1ThXapsR81eQUHguVNFZtbKc1H WZ_gCh7ptyP3Ad5bzvYmdaVNZAxd40RR1O8IWLoCr2Y3AXv9jxFzGU6eu5wUB.EdshrFR1kcWrSe riKy0X5JpEAu6XzKEme6mL7iJSus9vFW4OBmXh9a0AF_m.21CeZ7z3m6fAvFAvbU23iId.jVi_kG Hh5LCzfn0zJsAkQ9NaaigTILC2Sgi5tGG5iWZ2cz2RiitkY.GhIPjbYrJASlPWdmT2jUFKMqSVNV OuXLtkGhpabkiks5rBEuS92TVHOJqXKO406VerVI2MQsgTy9x6dlY_R2.iZ8Mg6.X0x4_f9.uNMe jDN3IMurIfQiXlK6BDv0Y8SV5vuOJmgSWb6vCGu21ClmxB2IfcASgdO2KpWaK9rQcYizfABVhYkm _VmV.Wjq6ofzdLXDygJrPJQ4KQ07pL4hQmrmby59C45_JVqj2TF8U2eeh0HtvmBlEdVsQ9ZudngQ UUHHOovHURdk36Yp4Yc4Rkw2D68jm8LJvay_j..3THoWPIWiH7mOIUV2VfYDHpp3UUmpUdSkNh_0 ooQoMuI6cy41A7z9AgLl7_82J94vmYyx2Ldwk73igx1.YmPNGd8p3kdo95SgJblFU7dZAToOHLEc EaV1R4bxs6lpMFiGbDDoG1fZdMkNH6HrcUxc2b.XpGLPLvxqiAOvBlFnX1_KN_i8MU6h6fnZ6QLs JTctgTwhw9PV7zoJCiTY29EilLdwh2N_T14ko5xcNyT2FUnvlwMD3tNbR4loNu0NKzvHJ83vWse4 EUhSl94NvzKJAeliHHeU4sPmU3ecH8RFko2fjYkM6zkvH7c1EbTyh.fyBBMxazab5bIunff6Lsf5 PE9n0dpxF6beElOFYRdnNkyd98QYxybqRk5IfFQtLC.T0Ltu8dMlt4fnP2aCJ3OQxQ7vgahqABbi QW97WkIyZHDQ0k7k_ObXM.a7lKo2ZT6KkWcVhjfxTbxgJv9oYhVfw7ri1ir6bf75rKw75VqYJQuz Uh3hXE42HmfVW9fMnkBa57V4MQtkLWbrtSs3V7IlwnRfbbk5N9a4ylbqr1ALK2VlI.YqoQA3ajLZ .IcufwymED49_fru1dpEfubrxILqXShsfgV4obF3djco.zrdq8VvQ6lTA6CoN66DmLG8wqOvsos1 egZMMJW4KCssDBuxiEqWPGXAsLE57YZWrG45TfEAGLigkdjwmCLBV4N2r161hsyvn8jofePuZi8F cgMcvRb1uPUwNuzOowcTWmZedzz5btJ10mTAzKWqh.vji5xjLWPnEovUNzI6Oq8Wj_SJGQgiUWoY 5fazxqN1YQU430xZThGQfIUgq601DIMfBV2d3Fqd.H76NydWfPzD1fS4pl07Waki1PVYi5bZWC2J 7nYgV7G4kEI.zC5h5ctzDsmNBWXqfLSplshwBJDqj61EL6afrV0unF5SzkHFTz7srAloF8gb319L 4ikfRUKUTl93S0HGwOgfYPWWxz7f9TLMGs0qiFHvtMftNKyplLcuKD6hJ4eCYawRffsq5WSwWlwE tbDT.VnV8stQonVhjb8qAJhNfp14wviOE2vw3_KKxNRls6LciJO3wcFzyzxpP9pAeE1Xcae4FnjG TaOhRP.yRCDt9CwVBGm0bjwUnVoos.yTtNfcd96fDEFZiHV8gbT0DeEVL81gqjCl.6cfcCL_yUSd Vq7rRaoDxaRYc9N4awNjhU1avScf.lKbm9XuCV.E44cdXbbzraKlrNHutwJzEhIQOGkEeOCNBjUi RjH3SHBBO9F4hAXS9vGhHiUxYG.l7FV6waDuthvWyY7SB0JpbdN.ogKO.q22Y9PKBs6iekaciS.H 4kcSNjXud4VZTiMF2IfQNUK.HQDeEzLAkdWSnlaF6l3Vc3r0g8SUGt92ZgZoiVld4eJm_R6AO7fE 9U8vVmhOhSblZvLOT_ic8Cj9CdUlQBXTdAbLrjSGcVSUtD60I7K_neRx6zoq9QYzr2sdkDtHe7do 9q4tozQHdqv4EIYVchFUVumRFktldeUAm2jgJOH49tEcLY3l.bKulajd6pobC8d1QL9Slnu.PpTx jQWZ92UXz1BLZ64pddXWH7N53TTmc9LzzN6TJhiLUMwal_5ecvpuvvNb.Av3zzPHDj0IGUyqP_J2 oW_SA0WlY9OuI Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:27:28 +0000 Received: by smtp421.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0b8368fe1fee6c0cc7a1e63711273346; Fri, 20 Nov 2020 20:27:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 11/23] IMA: Change internal interfaces to use lsmblobs Date: Fri, 20 Nov 2020 12:14:55 -0800 Message-Id: <20201120201507.11993-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 11 ++++---- security/integrity/ima/ima_api.c | 10 +++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 16 +++++------ 5 files changed, 36 insertions(+), 45 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 6bae2ee9b251..8812e9b9fc1d 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -252,9 +252,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -280,8 +280,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 4f39fb93f278..e83fa1c32843 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2a18124af429..7c4e43399269 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,10 +71,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e2fd092a1023..39ca17586c6c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -432,8 +431,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -472,16 +470,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -499,8 +495,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -655,8 +650,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_READ, func); } @@ -699,9 +693,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -830,9 +823,8 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(inode, current_cred(), blob.secid[0], - 0, func, &pcr, &template, keyring); + action = ima_get_action(inode, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index bbf9fa79740a..a95eb37937dd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -508,7 +508,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -516,7 +516,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -581,8 +581,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: @@ -624,7 +623,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -639,8 +638,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -656,7 +656,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Fri Nov 20 20:14:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922159 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F2B0C64E7B for ; Fri, 20 Nov 2020 20:30:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7C5862223F for ; Fri, 20 Nov 2020 20:30:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="XQCNbbDL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730960AbgKTU3t (ORCPT ); Fri, 20 Nov 2020 15:29:49 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:34170 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730946AbgKTU3t (ORCPT ); Fri, 20 Nov 2020 15:29:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904187; bh=H7Ri/VHtHrASIh5rh+CWAH+f7yizZE1UTVXdJjukPwQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=XQCNbbDLwcc+M2e7NWSO+Z0i/f/Dnzs1VXDAT4xrDDsPHCFFleDGmGCwsTOFldht2v2PsVutAYGIoXKzTDRWelR8/rRBw86a6tAnqvLILuo4S9DnF2a/skQx/a0jDV+6y8CBHBc85DSQIijY9PcEmvxr8tufq8FrGvf3KvAzutOnqJhavd3nQdVnHuMjfC5xjgCLVhMkXlk4j0WBpJYW1g52GBKjzi4t18AovbAqGWtGuZ/4Ety4yjlQ61sy29X0jxFWwVVcVf+SnJOZ9oBGfVXzRk2vnJNIeRqAiKbo9VYB5bdwF9pnW7YBvFBGAhZA8hTu3UU7fNFqUhWiY/HXqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904187; bh=z8hyZDD1baUbJI5PJE+uj1fcLiaZZLovwrM5tueFnFr=; h=From:To:Subject:Date:From:Subject; b=Yef/QAHJcAixNkvdK+O8Gh/Enhyus6x59NvG2yBSlqUsDWm+2rIEeRlE3LCVDYaoWHmPx4zSYYIxtwtNz5giHu/602IQgaovxWbsyW9sjHCSbzLABjKCo3KX/sOSiGJAlsUwslvk98G/OOYngHpGHk/CdinW7PMWwVPmIx38Ac+l2BUnDrlt4PHY4hh4yH5s9X3GVO7NFSLH19vIV7uLey0OpFPzdvGhnAx5KezT6m074nS+ZM7LjPL790IFAiA24IGya0KVpF/60RJm6QFYQKgUUfdrzTcHux+fHoHQL9zsuwzh8zmV8E7zCTl3XM96jCOHsohyG0eahIFXL2gz1g== X-YMail-OSG: m7d5C.wVM1lVkOMtOCJJ5ZCDH9QzQBWGEvifAZZso_wufrwRtUosAFMBmykBbyG 8lcMdBsMGenjr53.94Ey2_W66XZ6X7h.GkexKb5GP8k37Kn0gPlcagiYvIuEtRWq_MmugPMqQxLB HP.uu7ppUZxtUyy4.IR38ZbBL7XWlU6LC9fsf1T2AkgBfsSfbi4D9T9wrNPG2iQFFqpmD7XlkQc4 aQzTXNaSToD5Flf0G8ElkArx7inEoDbUqUkEQpAx4BGC6v._RkV5g00yHACisLodUuoJCLfmVxgg wXuzuO6nUj6VhugzFG6XlHUSXJKsB5VY3rNvwWyQLsAnKDqj69eAxyD6fdSdU6kkj4dxrZRBLvlK lwEBQAR4yHOCYJ3mGpiOhAxonNBeILmAQMVk6TJslH5Y0Mv475ScbaF7zoH2Fq2PjmEojTrGQq_Q RXkvK4zWriBoD4FMCXBmIt5SLRVyKHV9AyAiYpgad7DLN9Arap.0zjI6Leyl2w1BlnlY8W54kUcN m1FKxcI4BDmRpQUyN1oY9M3Y46Od8Dv9THZmO9VRlrtIjzgf8JWDLKsenxSmkcqtLYmWBrhzsRCw yjoaXszQD4RXPHmE.wqvxalSk2nmmyy6PwN9LqeaJFAbOv37mHwzaEQp9qM9gpAUJeXQjk3smqBu Gsv47PMx9MOuUcVxDE9pJXUtTEiNaoAi9QDJTmd8GRYmiJJOUOi3.maBQS5X_MsJM2oKZnTrkBL_ KudgM_3U8Q_9rN.Bpgf1q466gctKqC7REKEl.VO9jEDOthZTA0ucyjP2f2XzMbCocio3ESg.tR_i M3ladDGCLf8d39XMIFmLWFVP6jPXg3fazrYFdNnibKfe8nXzfQJCClpk8qndVdnCsRtYVPzxTJHV YmimtEZ8eNPQ8zJWIBQgas5xrQ7dzIokvTwK0KyEbR0lwc_Ht4n66PSuzIPon4ShG3ZSgKyyQiPF t38jPsQUb0kg1uuXiwifBazF5JGxn2GhJ4WsIfVPkeo59.LmgxYL6dq5L90lve87gfH_YhPAykMX vQoqhQppaHsKp_ROjkyPIVxaOQ6tbzsANK3Ac7EyC89WLfdLWiGtXcgqfvJPfni5KSrG2k1TUMIP 2E9wos71q6ztSM5AzGmcglbC1EfbSosmBPP_1K6G9tDuh8Hq5KKcmXwGiT4sHpI_HPWhX42hYYOY .lS749sdmqgvDkfsscN6TnRdf_F2s3715HCsItPTFrUXIpdD6EQOQdeSQ.O42X47yFT4lrmZDrsg jFh2_XMzJ5Gj2hlbtFnlZJgjRq34OQADwWJmvw8rBm3iuMAPtJepST0sIDi5L3nSjXT3AaR4Oh5p r1fwbKNT2okoJun84JLfIOp9NQotLxkLhmY.8y9Wh2JjF1JyXWphD49CAmiMDmjy6yjPToVcFO5X BDxBYi9Y0uMCtiqsnOZu6npwaLRl4td8PCgcWwT4RFMmQdWf4ElF1ThDXthnzPPGVTrWPer6t0u_ zu0VL21B.Yb0KpgLwF_OgD68je_qUFMKq18UXQIQof1ASXz8ajbon_AYBVXWHw9DX7DHy.dHKV6B _qmjA.cMEaktgIUvIqsvZKU6QSfudr8tNWmMDeqtNOvt9vfpHT39d_2_JTyiqt11QGwQ7x.gEoFu 7CHvEk4raQ5J1Y3opGariz2T3ZknZ6RxGa1VTG3SCGIl9b26OkF9zuIXC67UnNCKJq1Ze9wVorj2 4730eOflvhB3AtKqwhqpZSs27ta6gd3OAg63fxBl5XVPgk_8NN.CQnHdhTZg2cjHJCW712c95kOa UVzM1UeaJTdZYwTMYnsQ7gJ60awF3joU1UEnYmt2fz9gPQBwF7IaEn_43A51NJw3BGFqszypfn.5 gf2oZTGC4YwmHthf4q_WImVVfnNMyN8A2OHhVFV5JyepbReRsmb2JEZjTOhL9KcXAFBsI3KcJHG2 v3G_6NpFV8Hrn8P7Zrdke8PESKKq.yONi5AYS7HWagRT8AIwcpImXocmHFiokCRJOzudz5ySpxel X4S8_fPxOShuvxKmWH6hmcGfnlbPILQ.afigzoSP0gL_XQp6coNTOIKs6auQmmTFIWqLHWfSYSx. xDV9iY92ws8B0vkyRWTZKgRSzXgoHs_udV2TebmSwzF.M_DHHM4K7ITRU2CaOHUSfHsAxGcq_vbv cohPGurDhJDE4gHTw.y3buTxKPCRA4Xg3ra_PEGvxUh1JCk5hmWSvj559dSZXNVPOhmssleuWjyF qv.OlQBH6dqbygqFKwWKXOrEhlMmUS9__U3917YSsB5YMKELpV07u1hKOcjY3fiFlQj8nE4nHy_k 3PbHjELiYnq3giuyNbbkCBdwbMcQSD3raVtqsH0WGaKcLPaNb7ick.bFJvSMPoNHc8_H_PpknhE4 ySb7IKVNBV1Yo0abXiJNbgGwW8U1EVLJigbYne.A0R6zXJHwvhOndqXp.4nU.Iew38DoQRLKKCw_ BE0mg5BWKIHOhoUgjk23VrMlPu4BYuAVE4xgg9dYpc4Gqkry2IhFqnHkAajcDPVOu1GSO1nsVX9t MzQ6qq.1jM2UeJsqQEUiFYMSM.J8nrxPnIG40PBHjHekAERqS0XXl9vATnkB1hkWRXex7iw2xnzY hWhB.SpAcxEGpLd9skwQ7J61uV8Iokyu6CgSi35QPtj8YEK3NxcRAWb75TvN4kCEBPt2r.uK0a3f R6Mx0qUyL3BAsCah2X42d.s0ypABt0PXT2fyTA88qJH5bXS.C8Ke_EaasVLUqXl8FWjSSWwCSxZb 4RtPBWQDSizs7XfBF4SRI9N4fo6LAcfTNdIF9uxmf2s.0VBw_tST5yWa1fcb1hrF75qxmmCt7QHe ciCcu5xiEFKYRyBMJr1dLC_KFbGR9cZGR8xy4ODNOSu2BGO1GIz3iuLa8bzUY5A2X4MJMVof1lQd LQnq_AJSzZCYKR2az6ogTcV1jTvPBUBhfsgnuwjImuS5OH9oylzPeEtozQXWiefy_l5qWf97OW92 RcgDJ7KMgQEwwesR6.qEsYOUOeph28n6pffIsE3Me.k.zqOZI9WXvhUFiGAu37gPzZ53pvtjG.p3 lplk9sVh8IMPa1T3.kVbUpXdnkexuJsDoprdUWNpqxjLIuQY4egwDNSYwt_8ulKMLGIao7pJx2_Z lJ5PcAc6YNA7Bhzw_5cNRMAlWkCmIFx0AoyyNJMKi_w36iNYPkSWT085nZECMOij44.ryR.OiBm2 jgmZFCv64NKyQbVf3aHIqCnFmh_6zX0.POObOlU4PCe3csmhZr8eyghx2z9Z4I7S9SkZX4PqUi8N ijR37hKPSOThEFPz7ULp4MS77Fz1xIWieP0ARZzbtMwH0QnNQKlyfk95khV9foEQMaAXSzQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:29:47 +0000 Received: by smtp401.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 62e1877e1887933df0f6b34e459fde17; Fri, 20 Nov 2020 20:29:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v23 13/23] LSM: Ensure the correct LSM context releaser Date: Fri, 20 Nov 2020 12:14:57 -0800 Message-Id: <20201120201507.11993-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 08737a07f997..05266b064c38 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2838,6 +2838,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3140,7 +3141,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3473,8 +3475,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 197cb1234341..5dfd08357dc3 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1273,12 +1273,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 9e0ca9b2b210..4b03a3e596e9 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -139,8 +139,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 833a2c64dfe8..4ae7e156ea87 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2717,6 +2717,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3228,8 +3229,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index dacd64d2d141..4ed7a0790cc5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -132,6 +132,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -531,7 +562,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1366,7 +1397,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 1f987ac23e90..8867df3de920 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2129,6 +2133,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2142,7 +2147,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b15222181700..2b06171bedeb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1407,6 +1411,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1415,7 +1420,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 8627ec7e13fb..5d2784461798 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 54da1a3e8cb1..e2bdc851a477 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a6dbef71fc32..dcc31cb7f287 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index cabec85136e1..5b83967e3f27 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 543d9b707fe5..352c9eb98425 100644 --- a/security/security.c +++ b/security/security.c @@ -2245,16 +2245,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);