From patchwork Tue Mar 9 14:42:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3D2DC433DB for ; Tue, 9 Mar 2021 14:49:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6135D65239 for ; Tue, 9 Mar 2021 14:49:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231278AbhCIOsu (ORCPT ); Tue, 9 Mar 2021 09:48:50 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:44186 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231616AbhCIOs3 (ORCPT ); Tue, 9 Mar 2021 09:48:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301309; bh=0bnIIhWktDavWp0cr9LiTL2mGyMjywR5f5WzpYYVImc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=onmUi+EIEqV7DLj4mtok90RHftER8zkvYdAKGeluK+4ToPG2PbUg+ETJN9jxcnBWaWIiP8QOf3N2hUpDcb+D3l7d7CRrixZv5NJ2IowxYfI7Re6MnN9FXEdcWrECEcZ0NwaL4gGxxKKpOJ3VY0q8jX5eZlso7evgbgfZvBx78TSDR+C1PsCIAVqbOQeX0+PyoRaTX6vToHFXI39xgA+lT+VCClOTN0h0Q80C3J2WAqMQCXhjCVTpGZxfpg3pX1B6T+zX91F1dfbM+hV60nyKpsQqnADWzp5CTpYT4A3cZSw0Eco7m8e2JFZKs/sM3mNVGg1ly2qtJ86wiZtyfgzddA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301309; bh=vYzN/ad3YKDHjByVxdzH065uuF4q485N3uun9s22nYK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jDoJmKfKdJ0Wmyj1uUlBUlGWXvmY3kYnnTt9NQgGNAtvas0Gj58JFFTRTm2YOBUei3m0gkWGe6nBhvSBxmyjNkQc0Kvjj4WZcBmU0G+4yPv1vUZVL4dgzjWIEwj4hlsA7b3MEPPZKQVIowCXn7rjUz2vBTaF/Z4kycMpD4tZROat7jnaSwI3b1a7gIJT5gfLohHrjJ5aNCRj2GIJ9Mh8PU6yUzfdkAN048kAYEgxwpmUONHkoi5rb5LEfiLOtxid5EgFuF+UU3AGAgu0UNdG+gM4VMZoxqGhpT+XYjPk2B+hbQGXyM/gEc2eE0y9RGysuEueuU4bctQi1+PHkNe3+Q== X-YMail-OSG: DmUnHPEVM1klsOiDEdco.1XB5hvxgfw4DdWsehZgQYPmb1X5bXmhdnwnWn.Mj6V BwTYR.1_yNIEDAFQkSfTSvUwDwMduqD.LGeJCv72oqmz2CaZCea6teEyqLeH4Bq8vjCIcXNCm7D7 l2XZlEs98X73hl7rWEKfx6limKZBQZ0qUEOwo61.Lq4zPwqcI7daAPouot7LytX0mSWnMxeBAjcQ lFxgkXNt_5HLWIteNq9UMN50swH6dfXkEXRBLHIgxdxTNZBG50psK506WrX5jCareBZO.Sui9ryd Jn_Irzoi1ZvSfHHXCbwDG_7oSGJC8e8o8N6JTKVMBiROw.p7xSgzOevIHs56vc5.woQfXkvs4NA. 3ce4XadUWwUaPOXYHhtTNdCAb0T5MhHKvO4r1IQ9ouq1MfLvUHy3Ir77q9_pTji5WujSIQ98Ny_Y tcqydx6fvPzFqqPkUBvIhWiW_OYomf4KXt_nOS2TUZRYQKnOLaxvzddOFizqdQ62kS6ABxV7aVVf h6BXQ45oz0nqcT0eu_Ncp0I91gSXzkvF3j6iIQAVtEGTCnUy0BdH9k92YKuYnLuQ6WUU_yKhMO0_ 1ZM5Z.R7O7APcmuukkkchmzlVUmZW0Ya5bpbBOgDB0qCWrrdz7vEgbd7_b4kzYmAxOhtxucj304N MewwJkmyH7OkaMYzMWSvbuzUi_yPIJDzM6rNaRYK0a2ELi78SHfv618OYAekbsJc34bDJJHb03hr IZNRjCIU9UAxKC9Q7X8k9MBzSJxP8K3V1XAfNusXjIkjgwh0UdtnouBBly62KBduYejeg_k.iHSF b78YSkRdHuIJlJteMjEdwAkfLTlPpAnuZR2QqYK7CAYIBfjwALAaB_sG1k7TKWb5csgGnJG3c2Co ZyYLIy15HRkywG38Fxn2B2bvgyin1tSiRCtT0tgKAlv_LBpYR84j.Xs.Nv3qpAttTi.S0pbkZt3M a6L8naTLK8HfzBDT8xBF_zhrBYa00.jW0kaJI6YNf.UFggXUCq.CzhrPVegx_RRrtMBgVH6pxxYd c03WicKX1l_noI2dELIJIxKDHn6RICBpquO6vwQgRQzKfunsi8GBQpQE7ei6Y.zn9n0Cfbmbtj9E zLHuZ7v6LMGspvlyzy9rXv6au9EVhtlflWfrd5MbvLBuY4e8RjRl288z5It5c_Z8sjwdjImg1Nyg VfF8sYAcobU6tFU2XRG8kZ1Bj7vUkB4FymOY3KHebMT8lrfBoV69P4KIJDjhdQqzN9p5pH42S..2 chLTdpuUZoYFYKtFmYo9jwZIZ8Z9EwTI0msBDk8s8YRu5TJ86lB5RzjlVFunz9RuvTQHSCgoPK5c 5PdkHpavTfDdnY4pXSexwgkB9k0abZSaymbr4sIVchLaSpzd4wpDoGUnxJt5WKQLYTSrv.ZGLmgm KlnHYtHPwqcrf2a.5thhu4hkLIi2L51fm5tK6RKjqnO5_A38XV2OHz_vonDYxtGc.oeOD2J1eB9W pCGCkxELJNkeT52b1GAq5Vl0.70igbFNZBWHn_4DlXtFmIKVKbGxT0_DE91W2ZvcrFN8BfzisyJg OBiuxm5.lng.wmmDlPUUvv841sTbdi7W_bjNYh0PJKrrfygdLnjrONPCuKd1t7DZPG8aPdcxNrJR i6vbgnSFn3Zry0q_FAFvBOzGKV.ONVBCb.7yuEbERhO2AiE0A1_tes_g09_OaZbsuLAMHuP_ehGv vsvbS8O4iejtHSiViBfzQuGZtB8E3vJX4rkIpw2mhXx0AE8dE9xpyPkfs0ihqbvbI3Oec2wdk3jt FYTthDrrn8KG7bYXnp3i0LvOqFCo52Zhtz9tJg1yEqW4qp4vzP6fysD0O5Er8CgTnkpqOukyTgec vl_eE9qdzYaxXyPpe.ARM7a_IJXSKElrsBThWDYKe6RlWLr3YfRTCSoEgf.k8xqNlPNKfDriy5YX 6CQ9Jf7I2a6Df4whGjapt35oN_0GYDIMvUVjRUvz2yaNiVCjybDKbKXLUkxYhuXd5yvfEctNWoOz 3Qkhykl6QayeIT4OJADEbDGvloqdAk_g6lq1jJrgMaP82y4ob0ZRswblpOIc11i32dP7WjyX8guH O.hg4WKzj1S.Ni9vrcqnZztYNgK.gMn9_tnUETSBGgKv3VPX3VUpBhnD7Z0j2LAgJsSLs4Vr8mar zmwdjBg3CB5VZ2jvWPC.n6DBEJ8WYEha4PFc8McPa4WsSHmufCee8fm1ppQHeXqdiXdVHdmBYtef znQlZf6tFmqNoNlkLK0BK38xXIH9C2UeQsHDW2TzuLef9.jfiwdp9WnF1tZ8fFXOUkN0yeaI.5rE VsilaMLUMAE3Pf1XXvb3vA_I4qaax.eGgX2zfR7hsKCMA..sVfWdxMBf0jAV9p5liZJSo4FdEHlx f6SfCB.1YvOAt6JGmyCYUynBuVPna1Nd.dt8icJ.kfz3SvdSksZeV.OoxBomYrEy39ebl7SJ0Fnh 0G4x4.n46czCBousbWWNoDQwsLF0GviCY6lxvUgExq_YICczvHOyD.TE7yEiPnba79gkNk4diYwI ZvkI15yrcg1btJsmguVj9ZNwygEvxH8VnNOOg7kU9d1C.nRfDR4oOJq1F2p7kidr3.1cTkmze_41 711n.CIzNU2rlmVNMd7COviMCMvxR2ZLIW9YVS5i_CpwipSp5uWPyqrA758zh4UrqrN_npTNcrJM Z5iJvTys_K4nfKrGmRcMYUGxVsZC_IuxkIRyaYLWUfwGqwy.cm3KnzuDeeRwbIwtcKTm7.exLbkZ txMG0VdE_v8qBZDsl4xl4jabOJ4HxHY5noCT_Uqkxqhw1MJJTvMVBcxWG_TlsYm1RnVE3mqXiG6M Qi2gAoa7scs6q8YM2VZq_D.4p70AM6hF5czf_tdZJpX7gMkOcbarQkg_FNbn6zhgM92ZZlMegG7C NcWol0_cLG9mk0lIBehO8CsqNAlAzQYDF5zx_rxTjm0kY2.VLgU4iCMTLq6tcYtk001Mq74r_kBT fI0r6AGX4tHjIo0mryfhNvs9QuB_1uDTqRH.Pqymyg1jgYvgz4NgRFDGEpv1fBLXyOrlc3gOXSax pIDLKhgePfEC7FBBALNVbQfb_YX7XXv5b6VRPSuRlaUDXkRYn0OwZcLC1R477gZf0Hra.qMC9rQJ PDB5GDXNPFxhZoL9VT5u.UUIQ0WxJSYWf62lJwLwHYbP8DFL8_tgDoleS1vgyDMVUggEEE1teZWh X X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:48:29 +0000 Received: by smtp420.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 253fc13a7a5299d33a87efaa9bbb70dc; Tue, 09 Mar 2021 14:48:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 05/25] LSM: Use lsmblob in security_audit_rule_match Date: Tue, 9 Mar 2021 06:42:23 -0800 Message-Id: <20210309144243.12519-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 14 ++++++++++---- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 33 insertions(+), 15 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 38059fedb693..911e74840593 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1926,7 +1926,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1942,8 +1943,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 45da229f9f1f..e27424216159 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 385f7769ae5b..829005d3228d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -472,6 +472,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -670,7 +671,9 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, f->lsm_rules); } @@ -685,15 +688,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -705,7 +710,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 8e8b5251550e..475f5622a903 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -437,8 +437,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 42a11f2c1068..81d45b471a62 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -607,6 +607,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -619,14 +620,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); default: diff --git a/security/security.c b/security/security.c index 4d4b0a21bea2..67e9345741b8 100644 --- a/security/security.c +++ b/security/security.c @@ -2618,11 +2618,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2630,7 +2633,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Tue Mar 9 14:42:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125581 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A8E4C433E6 for ; Tue, 9 Mar 2021 14:54:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD57265253 for ; Tue, 9 Mar 2021 14:54:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231239AbhCIOyN (ORCPT ); Tue, 9 Mar 2021 09:54:13 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:36960 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231743AbhCIOyA (ORCPT ); Tue, 9 Mar 2021 09:54:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301639; bh=+/f1NX6henPEUSZ7JJxy8VF0fRA6aHAaCBwP+9Agv1g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=HJlLqE4SZoIwPB9BNXICyu03p3txTvYmE6yfCkeoS8Og2Sgx8GIS2o5IKLmFSc0UDdCXyrkwGKh7T0NOcaFkgJR/5IYrGAza8jtxH67GaLJd6V7P1/EB242jYeHJzuHO/aiqagBs5kndBlRFO6ncWUnhuSMhLwYaO3W/V5DHLl/8298Oj/qszcygvA1tgWGew3xpokZtEpE/Tu7D/CxuSAnWx7g2VTJQiPiLBIC71eaV/nE7UMAybffaP8+s1viR6ahOdkNtN7F1bZaVUiXXbfdnvenTRQnLejHEHBWeos9AGAfr6APtSs0R26VkdF34sgPmc+/erZHzng9wS/9X4Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301639; bh=fW5gG65FzTn5sjQuqPQpNBdUOtWzhyV/yQpYM2jBwZf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Fzl7wC4EGn33BjBI8XlCvSwe8FbQcVd/2n2ppzBBNj7KNDLyL6ilqI32ey587o2IMZfcAqCXjnGnarffwQLPR8lEQSd8Y0gh7pm6WNSjyldjWBvXrBpCy8cJFEch7ARkURj+rckX0Wx7LNGyfSJ/6TicjPJ0OYHMHNR6apbAr86BtJYzAs9pEfHdTeOdcqCifiDy0aIv3OCffsGsPyP5Q3wtGYRX7lBzqgOJAW+0hB4qnunMnT05hw9FeTWL9HErtJpw6qwlNZVktYsE6RNAmn0kPj2TWv2DfHox2fx+dIB1chnaNqZYAmfuC0KcvygTMdedGcyj9miS95tMrqf8NA== X-YMail-OSG: 4PH9pqEVM1mry_Bjk.QhzHTC01uQbMuRZaz9Nx4PTqg6M0nIDQ11zuUV20eBYz7 6toMEfnI8CzPfNijYkyfipw4rB2b61uBcN6ffu_FKKEFxinTYAnTjECxkAQHGSd_0UGm_i2YAhoT GvxV7p4ONk9rN__fw3rBoHkDJj8PdO7L7Zw1CApgVgT5gsc2_J11MOoRVqWIPVeoPQrmoQfGff20 CJCE7DO0uc8Xwc1RMth.MUMQRRVU_JNEwhUFOcLXD78ZKjn7u7PAofeaQ.VCd4noXwqlY2xtqc5F 5t69xHTfwtfE0CZQfJfhimuSrjZPhGVNj8uvuX6OQmnr8ioX05jA4yPgDFVU6fi_UmVIGHz7TvD_ TvTmXdC.c3OZWCOeNJAzk49wt5d1ycFq38Pp50n7DIAa5UsqjSpKqqbAmF99Bj9dty8esZUAqoXn sw8boG.m5n89NIKpeC524Ey03tP._.c_.cnau5acPoqYvqUlWgeK0USQ4ZFKxejOTVdmpgpXxLD9 bPUVLK2uxSF6g5bCYSlNR0VBbX82Th4ximCYlCLwec.QXRUBowcLDh7d4I2O79NUwPr2vY0YAfjC WpoY0KTOxTDbeg.A2ztYL8yuczuvh2isUwHjXqs0n3xLRR85DavRIlobs1CD8ZNw1zHM7LlM_yMO _kjWjEpMSWjywIOaQ3l7kZqs8FDtgfz.qx0DiYZ5IQzrKN60heyQuypLW_LlkREsGc7HtGAebjO3 37TCmG94.ZWtgj75YoBH9PsKGt94IAmyX9N4R88MSnomJ26rihXWXK29e7FILcEpOJNuFsLde.Px GIKtqb_b2T3aKXAOQtjyaI1H82ylS7FdoEWSq7BRj5fgGk948A_hqCFvsiuY3Zk7VoJZvGVcLZ.u QBP0ajvmE1t3Wd7w18ipSZJF7DnlOyjeRStURi1CUftzgML8rWb4FEnmK9zKBknUSH0DGHzChx.i Pv7t4ZFv7j5iyHo_hnALMTsvXvckNhzUW8n7lNSU24uT4ZDjib56RE4LoejamS5NgLWSUeycASO4 KD344DrK55hA8vROTreAWNjLxdT0E2MeZS1D6Ch4omQYS84GrxKSe8aa8R0VnqZty4UwzFb2CTCU u0vCEi_bD5wzAe88IWy_Z8B_TuQVAr5L0AinRyilIiZBHep7Ssv2yfJx2iFozzGr6iJ.kWRHGxjB AbMlXjBjRp5HiD929_ejePrl85Lr2_ywi6jbYzezLQKhEDrMNKHr88fZ2PuGGZ2FxlAiuOMEZeDd G4JAfkrsnv8mz1AQDy4d9UcuLXeFiSXwTwOis6zza3_rQLVu1_JrGbNiJZ9Ywv8RbWh0pPgK9Uwh Jcld2ZN_jcel_KwAcmmYSpKFWKDPeP8DvFKcP1qyH_5tcgLntglgxQOkEhGk3P0gEw_x_7XpaySe m8E.ZIysNvT_3uBgzyX4S56NnoQgW2qlGcFFO_9cTzkreskOe1HZz8Nq7YCB0H1XTpr7BRNv1OR_ 6Se0ez1y4jSoXjVtIGUXbxtJ3vsq9RAwMKl6UJdEAAX8HudG1C05kXDjU4XXjxLrYBFrvjfQL3_x oIsvvaBNAnmIBO5kmA2eGMjd02FphNrdbbaP7NeKlEKc4EiQCjyHgBFxZOI56l1m6_Ddl.FmxTnQ Fg2cQz4c8KyJ4i4soSNKBFd5WRBWWH4Mm3yAkzlT0e6o6D3c4deqzNMh.Tf2JX9_Xd1lbCtFjhIB V3gmsXs5gA.dxDaNz09Lxn5oG3LsZ6bW68F77R5MRFBb3VTFDjXxfCf9VB88Hz5c1OOGaaMvPiRd jfe2GbrOXzEQfgw85.bMfXSy_.pxXHAryXJoI97K3LCgVhXrF0gzYJqRsUS0HySZXKCLqm1OOEDB FtdO6cC4ROVBfh8nrSWgSkdORlYky8gkoivlI03WkdjGVOYBDCShkj8.ZQUd7bzPS6UKiRo0ATfi AspU7xkN1RUU2YxLTGrzLHHCi3nG4Nf_QHJJURouuyWLzPAMVl4T0qXKN1LEaXwPcgkN1.8t2LVU 1fBCrtrt_AHYdbK9Q2DgsGS1fh8vYLy0l4iI6OO264CMZGgFQXB04Dksl8faWXe0erb7k7zYFY6N BKG0XZQdm.olnVCp8KAVOusvbfZv7gk_S3.086DiDQSmKeOVUJSPbpvrteP_BjRbTAF4W_ZVIH.s h3cFc6RTBMKaliRMRSDYRqJi0292N7KZ7og3UCMv4X79lcPaE6i9KeGNcuHVdcjJA2OscKI5yH3L scFtEVAqfxXa7Gb1xYxqCMT2tbdPNXBo6CNsD82N_pc_SMyEOpq1o1gMjWnpdaGflo323D7OD3i1 1p6jgBEefJeZTLVm6ufwaB5V3548GM9rXtxcHfzZuSaSBarAnkTbCuFaBoMOlH3aG50GsXDXUr.8 Ddh7bI7R9Ff26f0hUFd89OaGw0qx3DEW19CP1AjUGmYFLYTMwsasVkyf69xcP0wt4NML2vv84bKb XHWsOkywiouyA5GHrYC7oOEGvczR3bJltWjTpSxE2T1Bdyv2vdWndNhlR1.Tb0ClwUQ4gWwiRHCm Zx10AbCjWPKhBsOoWpwkvEbnuKbWbUhRba_uxlEhPOeVLYCvqfuX7HLn.qfieSIGHVfCHNfyP8Tr 1mBhaWFw.nZq36Wtxaej25.60xsfwA.hzRCf8_OSg40_tBl2jQ80fmp6O58HXrIxRl7fmDThNL7l kkLI6UMotNGpqokVq_1XXblQBXtS6TcWuu_rr0aQdlsK6NiT8YtxxshVxDF6txyAOnvkJguEM4zE AKtYxiq1QaflALbn5jtEI9wVhhUQF0PAG9isnqcGN1Hd2_Dt25l5NM6gomxLGqbe0AxtT9yCmE.y rfflgc0KOxSzPcF55DGrMIfRIEsk0RFY.1ACZi8ShnodJyP7uFJkhh3.Zjzu7AjKhKZbnYEhjmH5 U4ALTqNJPMbLvvudQ0evdyDQsfBJMqjfLNGc3DYEcgN1pwj5gMmxq02k7xtl.WYQmTVZjwjB50vB bdlitD.3aT3bAymZ_aOx8AgJP1OJZ7eSBn.jtpaDjs5HR.dElvXBsqEHUvrf6vQ3lbvnBAhXBNhZ cqptdhjASC0SDUE3cnFRkOJyuJJf77Wj7166xHlqoKLMmS3IOmdBBe8K593rGUWLLplQ3gENtl2F Xs0BypZyKhBG_IKxF1xGLJ68dHLfZa5EHlcU30toljTKROhdHWS6MbDYPcruOmd7W0axfStZYqDD IU3fV8rTG0ARLUTjPwqYPakU4LwcHvW0oKV_l6PQF1Vbh72xDcujsYo8ujA7SjCmkaEbW9Q4GjOY FzA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:53:59 +0000 Received: by kubenode506.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a17609254ce66e9acb2bd35eb39b0617; Tue, 09 Mar 2021 14:53:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v25 10/25] LSM: Use lsmblob in security_task_getsecid Date: Tue, 9 Mar 2021 06:42:28 -0800 Message-Id: <20210309144243.12519-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 7 ++-- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 12 ++++-- 10 files changed, 80 insertions(+), 73 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 5fb8555ce166..1a15e9e19e22 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2697,20 +2697,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 4f5bc3b424e4..852a4764a609 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -498,7 +498,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1184,9 +1184,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index fcbdce83a9d8..70df7ac1b357 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 818e4389941a..c2fe8d6f0238 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -471,7 +471,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -668,17 +667,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2426,12 +2417,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2447,6 +2441,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2458,7 +2453,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2479,7 +2476,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0e5d03c228e7..93240432427f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 565e33ff19d0..ab0557628336 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,14 +71,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9ef748ea829f..360c5e3760cc 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,11 +430,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); + /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, 0); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -469,10 +471,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -493,10 +497,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -666,7 +671,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -686,8 +691,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -716,7 +722,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -729,9 +735,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -852,7 +859,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -872,9 +879,10 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/security.c b/security/security.c index 23540664cdb9..67127b6f1710 100644 --- a/security/security.c +++ b/security/security.c @@ -1858,10 +1858,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Tue Mar 9 14:42:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125583 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2252AC433E0 for ; Tue, 9 Mar 2021 14:55:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CF05365244 for ; Tue, 9 Mar 2021 14:55:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231761AbhCIOzU (ORCPT ); Tue, 9 Mar 2021 09:55:20 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:33128 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231815AbhCIOzG (ORCPT ); Tue, 9 Mar 2021 09:55:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301705; bh=81yGunU8L5v2kyXXu1EKy02xORPdxecNuXIpIqC5nTM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=t90oRP0I9riMM8icyk2abKaaxZ6bj9sNe0jq37XNkkXMNnsg7fqMgMU9DLgjfsapVsyY1tkFtTab0kPy4CYaa4iVCuIq/YGLOAxDYDa4Y+EoVMh6Hx7OZn9f3KsT/JLBpugXyoptmxa25geUd/k4DbTegXyJkNK1AagtasFk5ReXjI3+jllqHUI++4S2nCaY+ZttfjaSC5svXWVYAobk8dr55S8/2z0ZnA2IH4zqY4Yl0+5rrO31tNKayHh4AMp9ygenqhQBEMlLZL+E1sQ1cbHb9P3QynkGfKquby7dTv5LpSvM3IV8jOoW/deHpmiCewZePo6Z2hq4CS4w9/5YFw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301705; bh=MCQHmC90LZMeHKiujCf8q33QRkR57d43yUiOyxIwwDv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QVuzQdNYfJYqA48R7XYY/xjsXGP96NQN2wktfN0HfsgIEPOy455tbKwemcwGqKnUf/YQ8lIqRhMvBsa9Uykis4y+q7QOJNaEw9tZx8p8vfx9nyDuloZ12hLDIQOwA3hpozb+x85q9Okm3ZSzM4ZljuZP+np/x529qoAt3pB8+xlYgjYIFm1no++W/0yC2RHc8P/NmxNM/O3tvvuzOl2VTBafLLAphfGxJuqPSXDebplUoMx6y+s9WF+1Iphxkji3jCiuN1J58M1vCFfVNHBJ1zH+1vrJtS5ovCh2b+auAQxNIYIHCQQSZOpOG+naJ6exGpBuZZVq393b4XhdDk0C9Q== X-YMail-OSG: lpQGXRQVM1lEgAAr5CUd6lAESi25MynAb6WyHWh2buYIHtkDBUTRN29goN18xw9 cAFYPISJHE.AUZ5Ob3tyy1eK_0Rm0CFxmWp8Z5vYzC.0Guydri9IXrjuxZtel_WixU7xBPWesfAl _Kf9HH1EPgHZf36fSVzjyesjec0OSvKk5gLei1557yCTbihFAQ_XporlzXI61d6VTAIlI.nejUdo kXX1Y4awbAoHzALQE685MAD0dSSkYU3SRPzBwy6T3eGoR1MdP.EMZSfNStKX6xcO9etzAKZZBmgB yuQKJ_kx0oZMvWhlPaAuRCx1HRSCFqN1n89Bqy._yD2BHqIEtB.p1zrUoidE9WU3lP30XjhV28C5 PNeERf9zZyODSmUCMFRqtTrLFKzq30O8GLYka.qhKMZdDMHOFCPfIAJM3pPd4ufcHkLCEZhbPKoD y6QR.wckkDvm8OUseWXPDSY4NNFRzuqkU54o815VWLK12lZ2LmB5Kirq0vVu6S0OFSOtpZK1d7Gv zEk1kIRFmQUk3BrwlNfZf.nxx6QO6lO_9tAO5Gq8z3UAxQssnuFWRzJNG8ez8kTb2MT3jUYTh2OP uhTC_t9lk8ocgvfE7cqG_zVZSOg5uOmhvM6DmbeGtOOrnkSbuiwhD0Bwu3Khk4fOIEYa8ItxzJ9g Rgkco.q0Un_nlbZdHmDlpjTfrilU_SrzHYH_ktupxpSGs4QCbU8OaJlppfuNa2VwTkX7dwfLO5mG 3OwbccLoNP5i4bwsLmtTeX9wZlWxwJRq71IahamYGSxur0eFHzQb9yyqGbjN_HR3GxDXoxFr3Ef2 3hmNFKPYYBLK8T5pilPFnk2huBk.05gZHA8ikddsM7_omoA1QjkKnE6S.NY980KPtcPQ3pGr3g0G NQwEsTd.U772Nx0ERrw.Lkh5UzUQ5yrtQPPfm9FqWa1K98KK4WaB.edUWGgUSOl1_tuXgki3AZBS ueBEptKVlubYxBvtzvUHrlnd8kKH_63e7yLcz1BJPYvlYoi.OFKRVp7PU7re1vNGNGL9xjO0wanF 9vfiOnAafTyparNounSDZIzuzYiUZ9iZgOZFGkmMZ14n7x6Nh7gUgGUpuMKCD6lKUtMpb84xekfw yPHv1iJdVPaoE0lzynzy9pa3E9TI4tFCprK6i.y.p.1ZXKGvesIkgTjaA.0CV7OEWmpJwR3_aeKc 23mauqsbNA98TBGxxei2_NVJpVTAGPHA8qaDRLGgTRFFhTQ70S98mAxBiVVLfeZKvgKE6pZP3aU_ Wxs2_58aMYQk1RykozBEm.U1DjVEohSVcZ4KnJU1.llNACYrJuW8Zv3qi.YyFi74ngEV6EUw5MNR c2UWJ2KPZrnOiOzLd3LIlsHFbjXp04qzisy4QmHGlPaUjkCUGDOG.M4N2tLEyDO1j47Jabxlptq8 OQ8xMCaCGKRI8i8DSBshb3_Zvy9f09onHlIlP0EqEsfTnfzDiTsa95L_rvZYH8kUbHSX81FtrlZc v2oyCkG0e8wVSLh982CecP0TdaRdzzAAoKkdNvls2IxI6bbi0NM2vwWoyfMaKyLNHjDBusrLjLKD buGepU1gIC1J_gfsez0JgOiJa344HrQ79I9i4aRPQ_JQSTuIMXBp_q5lD3w1G7fB6am2Z30rGlPq uxNOaKkRCgU6CEJt1hEYjBXVEPJmgYkzZ8F.P4HaUXSPTUNAfRjOzP2RGZfE0opKP92lImq4MgHu crW142C6ezUCoTI7IK9aaWfQ9BcGSZ5oQAaM0ggBIAcnkQ1cOho2vDHc04bb9em1ZdHYUSKyay2Z elHeQwM6pKF1rQq2gKo_k_X0uKyvq8QWWp4dDJlivofHr_uQr2hmw_eVyHUQrF7nV7td5zLNH0.H j2hY1L9DB027Si0qc2JhySdUaItWI2lxZs5__.Z85_xphRLJ4SwzxPuhRXXmLVIGs.ecqgNGc.LB ACGNmLbLGmivvxlSGoHfD9at6.TYVB77aCOwPn.nORpbduVYTr7ZR_IXX1uOOPz_cQR1mwLBSwIN vXvTleCb1WErv6gynjjIrFBXUubpNc7PLAuPxyjwdSyFCRD8RAXNUsVAPu7DMvddS1e9FKqsAh9T eaqmL3mwKbzRmNwsRJlppKoEfI.0eihu9NRNUf7W9qH_4mz.4iEDGJq3Gho.II1psg_M5akez.ha IFcb0VKJhOcPV0CyUG0inO1sqdMhSt.6hotoHYor0t9lyyG_bV5rH9QkIsz14yTpx3VNwSHptKWf 3t_A2WumiDEwxCX_KNVjyfkpM2ckelPyyb9rKp6v7fX2djOTpmbsoHSY2YU0R.LLJBe4VR_MfBR9 fQ5bH0pVpN.SOmqoMKXqRFwjUxIumITNVIFdxhtk535P7WcBOyXdlIf6xvDGgMW89ftKVQaBwfhp gcKe6Rdwd_AM2BYO0qvrBgKz.B04z.uQqwc1BTLKIfqoeRYDdYdLlIVQJMJbIwWRGEG4v_oVJ3_q m3fqnSuQglhc7b6JyN7xWodlvOVsTIB1LU4ho44Rfm2uTIrMTMamggS_cwWJCLPi1cYzQFrx2_Gn uZOgiSGnTTXWCfUHfXxV1wa9ET8.sbxaX3I9g0aXVr2c3kQ3ootEPfGzwEA8JFDUWlD63GvSIK3d bYX3gSl7A7akLMWEifwj5IbYtEjIi1LRiwM46IIoQf2gnR9lbvIrMGO_tlCk0cOz2m3aPqvm63mN bE1uZkCym7_mzXkDWPxR2APHOSOc1ev8LHJfRPdpb85SmY_eUg8KVb0i5oj3nouukIo9zqzFIuPj EEzYADe9Z.MBHSMzByCYccodsBvJQeYchHLL_e_oSzQVdlmMbnXWZlaa3O03wUyLMTeAT2_HHpbf ey5B_qMHGqfRfxgU0yPTzNTw7Gy6Dq52IgCydLaS50EJ1nWKcX70UXlBiLxeabRIxpVvkZU8VTo_ y3nZfr32BYYZBAmI_AmCOXOgOVHTilJ2486X6OiKwktGfG8liz4FtH3xZ.HdWMFzB8Av6avDVixo 1hqrgthfaNb1idwAMPWwaptP.crDMC82sg7Y7QvkgFTeW.CDuMoiBFAwwfpvx9e8SX5OiVkyPBaT A2GjD88A90OZJvpJYwzzLOXS22GUnr0gV51Ync2o0wKH6gBO4ChTil_g8aiZM9bZeDsnTR0rP2.N .N1W_nqXCl7Dt5Rs56EWwqMEFd8zvmlBWxaaSxJr50rWSBCVzlGf1UtHGHe9ZoIr8mXPg9aG2OWg b X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:55:05 +0000 Received: by smtp416.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID bc431f58c3d808e2525c2432f93caa75; Tue, 09 Mar 2021 14:55:02 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 11/25] LSM: Use lsmblob in security_inode_getsecid Date: Tue, 9 Mar 2021 06:42:29 -0800 Message-Id: <20210309144243.12519-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 852a4764a609..6fa19899903e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -452,7 +452,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -992,9 +992,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c2fe8d6f0238..59cb2c4ad149 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1966,13 +1966,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 81d45b471a62..1cadd61533d7 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -606,7 +606,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -619,8 +618,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 67127b6f1710..54bca6d52ab7 100644 --- a/security/security.c +++ b/security/security.c @@ -1502,9 +1502,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Tue Mar 9 14:42:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125585 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 557F8C433E9 for ; Tue, 9 Mar 2021 14:56:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 115F264F56 for ; Tue, 9 Mar 2021 14:56:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231812AbhCIO4X (ORCPT ); Tue, 9 Mar 2021 09:56:23 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:46651 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231829AbhCIO4M (ORCPT ); Tue, 9 Mar 2021 09:56:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301772; bh=O+p6dWZiLzb8GTPf1rVGA6Hwfi8ItL856LdCOZO8xzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=s6p89uL44ot2tw/7a+okYPI22DlRKmBkClfhcFT4zogRg0muetaUKynB9YYifNhzxRMLNl3kXP8g9hvfvBZQ7qFplbLKWbZnp0ScAd9yriu/MhPoLFcy0L8r6wRTq1mp9nNYs8VR2zv5X1m53CBGRCX3yeoRsFmg4aftqWq03M82+cbPKg4Kq+euRFb/GMpC2j+KLBuBgB8vxMCEpxfio7TVX7Sx+0Rvy+zEgFMy1H4wmiehk41cUhSLS4GDMKb6iStt8okczmqHQMEX+LOwjv9uEMIdGP+Gkx+LmRDiSsr4Y+bUJvp/sFVEzusEOllLehVraLssp+oJTzJAzgUssw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301772; bh=B1AIaU84PK7tVSPMqsecyTS7jW9lVoYjbjZEi4qDEK9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aDXAVU0f+ip33RcpxH80caQNtFrIIXDPTa/n5dpdvoGA0xdaENxVMUmtJSlwM5MxIis3FisU7PZSii+iLmpAdSIHlMZC4qlHzz5IEMUCdf2cpb+wXCtKFOD2pPWFuO+6tXOcl7nCiGMEp20GquT0CUoJcUwrBgeVx6q0M5krOq+OpqWD+LJRRLQlE5ah0XwIe1c1xI5yaiMM2JLL3Gll6HRLkL6XsHNwGrCyh/KKCnmzAdeUqTM9606PxaCDV9/yS3SN8lrWElVkvPBGyucp5Tdqbl6BgGOgG+k5zhXg433+2h5yytPbn020YwYeT9VcRFJEIi45rMKpT5P2VbCPfg== X-YMail-OSG: YHNh52AVM1mA6uF2CjGTlWaTpMis015__gHWvwnTIBXF2_trUgO4z5ykID2.3Rq tbcXu0w5tLI500cVV9FHyxc86uDlP1uJr3qe7lL3jdnD83NMyXqDG19by3OWiilF9BEc1TSSltI1 OTGRiDTzvcizhAD2p62w5GIvQ80JJHm.D8RTbosnDYZVk0smXBZefogMyBgw4QTqISTjbSv3KHvV kOExaAYzcrW4Fu4FOUHFRkF0xNqv9FaDNq4ZPkOzaxFon9sBI6VVDHID_oUJZP8jr1l3Ko3MPgPl doVpOhUMoiRtQrJaHNXrUe2gjOU.i16dbl8uX9WySNvzzIpdcLcx_Vhbmky_gxUoB4srDpXXcCzH zz13.Isq2OzGvzWU0X2k4fslbgJE_feVy_K8YmbQeGOJ2AzLsZmdUThyncWW7KzSp4_Yir2bZjSR okWr6nvUDimt95Lzu_gxCPf6t4b_BBKp8RxUEC8IP_kYphGIXS.RFgk1rtxBBFmbox_.jajy_FpH FC96kstOEHd9M1EXWyInA0bgKGFMJE5UWN5_yH3yQgdAVAvAjdkbs0L5BzwQcCVm3gNh7qK7Yymc iFcIAEaygvZmJQU8r5OO.GDS7O35hD4XEpXBJKSL9gK2e7CNFo1598qHhtmkNGiTNEZX0dVc15jJ x.f66VEd6IigZVHy5VBpW_vBBj3zHAd49N6_.7.htJ1CH7k9BcTksY01Ak85St9GQiy_qb79sjNs 6IdTRiWBoDXHNym2hfXe_JbTEjLQQAgJ.18GwAmhq6rRDTumHhbnsVhBvPV01kciAjPdUolzoD5m mjIfIl3fCCz_bPYekXi08lhj9LWLcz1LosuY5r0iUNuVKX73kyCbxa6i78zu1EilIGZJUvWog6J1 c9jLawcF2yxeBGCrBIYA6sGYn_xvbIYA.rEsWQADuux9.A8Cbxd0393OieWiZxr.rTzaOc0VvY70 lPwmqQy4NCH2SajZGUDnGKVJbuGZsN5xOH5vyeprAugTbIA2PR8npozfeNQ.pTbXLwNCgftxhr75 ujNfgxKsHlzxsGtuyi0wnNEd0S58kh1PS7KM8YgSilaGNfkHAdy9wLqRKiN925p9lAZoPeM.qDOp LDo5RjyVSCGqgr8maHN9PN74yCn9JMCKhsnkCNdwlfbCaIO0gWX4enjqK1TQPPNPwPFJUh2sUVjt LgW_udFdzlFnIeiPVtb1nmgFn6oZv68EEcr9sd5kh2ib.cE4V.6mGw3ZpzFbiNJkTaBDY6CGira6 fssPHPKmzDy1UFnxW6VMsncnqMnqt9BkM0lMUsU8WZr7HI9Y8mNCjHlbHYqa7cjBUJw.hjUfTllQ CIkxNamCfFlzAJpphoho3vfBCvaiq4IQJJZayrW.IolI6LrQfC_n4PD_RTX0LGGJBh8NUNj96ZfC .gWPV2WHlDgseQsAgS1kAAtlWlhjlG9g3N2W_6FwHghnYQzMf70hsWif_I_G0gt8I3nHT8ZtNmA7 K.CjesO4_QqymeN0.LR1b.OhfjHKeph4cV1ningnvkpV6nv.ZgdkzQQnUryj4XQYIrJm9NvIlKe0 xwh7zOsKk4UT9pZqmOs7lEdlv3RYBkj8CoV6vGQoA2g9Ed0EF5NVSKriOY5jEy3RCs_.MxdXFIEE wjvdOXQ0WTvItnnzIlB4iLmHaNJmjzUFgsdaUvVbLilHUBVTm25Glmz_uQj.jUoO4Q9Cc27y2y5V .DE09LgNmsH.XT8ExfnYiy2JKQfmWmPk0J7wYW3R6pEs9Sw_T8DPR.5twtKV7uAtBeWVSGk6ZBmt C_dvN6cUq04SZdAsv3LFkIMwyOvRQo4X5RWhq8HQOf.LAREcS7Wzbz6JO0y2DO8TsoxsxbEixrx3 aoS6w2ssl9Qr_EG_kbeHSFDh9vinvbdWkSaJ7zlJ9aSl8l.kWacOS88PLgc_jcuZJh12Q5Hi.qaq yRGw7P_qWcpp3fw.tJ6pk2mdSY4Bnvs1qxOahiwYBKCEocqcb0Zf927M8QdFHkb0czz7fbw1tQ38 ZLfgFTJUIIYQZYf3ih2Y6X0BMLGaEb.6CsjQ_S3GYnvSmC5vyag.lWQKg.jnknETo8AZPHzRHRSH 4bIiHdGWu4LNWfE.pyfJ3s2jqazTmGiW4W2Qx6pgif5pKaWOTejetBrpH3mnhXKgSvbzQcDwTR.1 ClrzJc0wm3z5RjbApa_uwRyKHFEl39Ny4R_DeEM39ASdh79Zkj9dhhtzqbqBfyTUT5x1JZm94QCx utY9rywgNB02UTlEYMeEToAvrTXy812kanPxNpO98yDm6pRVHDZ9t2ECWoPJP3.AQZki5373EYio rfK70deDCjhlzKA27KqaRBPcTY2IEzStKTedK09e67KLnWAk919eC321VVhWJcMw8rY89E55XMzV NxDN_o8TMDag9qILOH7u1Fb06HCJuEsRHx5ZNmXLtOWglxZdSw50.CkFZ98nxQv2ND5z63cDk3tl VzhSB.igP0MO7FobHguyj1f0qgmbFHUwP4UTHkOKKqKDOhFXKa4hWBd3t7DfPcb7rVzo4JzuRDB7 pAuUHEaUiEwJ3siPLsIOXASkvdDJy.xTGvzUPkZgMhHmYMxkB5Dh3H2mAkZdiXLSqooTWOlfeu14 M.6psRd8HP1gNkodqmlLuH083NWZ9k0kB1q6ozVTdxmofOjdh_3BtocksMS7Nh0jXDLw7Zy80dG3 Dc9LMdzi6TpqPH5g8hi3UjKqd1XgUsrxB4oSLoaWiuTMsvbg8uRbUUZslMiwIkuww0J_YX7cxtcz XgUYqmv1EWNdCa3Ow9u9BDS6LrhWqhJ3WzKqM2gHxIPrQX0CjhxuhoO2kX_1XyxdqCiC7DDHNFUB FgocxKgorF3cr8EBvR_SVb2vgK4O4QNvlcukbFN4tRHHAj2.UNyCUzs_f6rONl1vTyDqdpshf3Pr ZMmdwr6p9Ehpt8l_FX_him7mS2iso26.pH8enkxDXVI1Xg8yWPWbI7f5qV8wGiGvCvNx349nsrks yDLSAq0BMjeC4_BA14fZAM4_3ta8_sc2TKdzoBgEMMOT30Am5LxTMcE7zM.TLHXhsUz3PvLggZmq 9U0v80IELqSPB4T0jRrB07MQqFA6r3NnzOJHbnUxBkS8.BGdO37DkFbuikvZ2X13xy5UBJDzeEVF huGZSQCNeWbnsHeDwMyJmlXSfDt.UFAIcO0Xvhlub2hx4swlLrS1wHKxYv8LwirWGFqU_AOB9AQz iVzz_rJaWzc26qesOfew- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:56:12 +0000 Received: by kubenode525.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0ac1cd410e593f27049cb4773eb5c00f; Tue, 09 Mar 2021 14:56:07 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 12/25] LSM: Use lsmblob in security_cred_getsecid Date: Tue, 9 Mar 2021 06:42:30 -0800 Message-Id: <20210309144243.12519-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6fa19899903e..175c8032b636 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -479,7 +479,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 70df7ac1b357..c06133104695 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 3b9c0945225a..ce41886807bb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 59cb2c4ad149..768989b2f09e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2421,15 +2420,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2445,7 +2441,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2457,9 +2452,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2480,9 +2473,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 360c5e3760cc..5a6ba57beef3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 54bca6d52ab7..0d9a4b50f252 100644 --- a/security/security.c +++ b/security/security.c @@ -1752,10 +1752,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Mar 9 14:42:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125633 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB195C433E0 for ; Tue, 9 Mar 2021 14:57:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D67165244 for ; Tue, 9 Mar 2021 14:57:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231688AbhCIO50 (ORCPT ); Tue, 9 Mar 2021 09:57:26 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:35991 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231843AbhCIO5P (ORCPT ); Tue, 9 Mar 2021 09:57:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301835; bh=QqERwMgo2btg5WOwgfPE6/j5a3bppCWQVM7Zzy2HQyk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XqtmEPVYsRrNYxDasOlYd6mtl5i+zLB+COC2qmWzXoUOs4O7sW2i5bBx/UYPQVzZmc1Pj6hX24eJDYooTbevzgoyySQlaQf8e7L97iK/BIXHvaLId28UnyS+Grx2vhrKJGgfzTi8Mg1r/plxtKjOOOkZV1ZDL0P4cuyV1vEeV6NKdkNNAROmJDIPkm/pzP/x3SQSiN6sKtT4ThJZEiSrvkK+yjMWXAHVvp2G817nRaTe7SpIu/WB0TDfTHLD54kEVO5sAyHT835VB8N1miNu+btCO6TVZIhyQQsKYCrAVC3wAZ3dBCG9sgfG4kceVUfApmOyuulw9BRmxO3RUPgmgA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301835; bh=/gKb/lHhq8VXDJ4L0gy4/zRL2os2W46WVSxQ+L4rrxW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=W7ZIgjzQgriR1mHoQMkcGOVSqxHs5gPmPlWrwXb2KAQYgWuKKWPHfXlE6FLBY8/X6UFRv9BUguC/fy7vcJOkde/w3q1SagnYZiinUQKKnyEwMe7ZMIMYb7JtcgDMtzScZ9W9HlEIUA3WG78Q2gSkj0IiGPLphuinbOeYN/2sfdT1LkrSN+9pvsZKFZWwlGOLD7Ju/syWw+IfFFiXCnA3V1s1wDTP45563HML5kh+HA1CeUwMTnWkiOPBHqLdG7hx5f99GszGo1VSuIrJ7SmGeMHg1PJ5Lr5TafMrhRWRCAGGfziBNBKALKIZ95oBrI5KIUzNdQEup2/6bhjL+ETuqg== X-YMail-OSG: F0k3vwkVM1mQWVLukyOPgg.qEbath3p6RwYqj1ogcacy1Yc5LPheFwS7IKafHdA hYfmaTTUBI589m0XLNK0yxZp8mFYvojfnGfaTmpFx_ja6nvPLR4QeMI2P0PGHGokg5_YnaUSQbIf 9BmbY7CEQstXwRSIdWXTrvLdnxg2gnCXMHAsN4oCZFOKNsPsR9rBfVFmZc1x5s8Wb8v7cXM13jT7 bOtYNuAApBa5wYDJHO9tAklnURCVg7XBgWWlDjBHHc8JmMZYo.wT1l7OH6N0rXMtiSyTOxc4QMp6 6k74BliroRXS9eAqwPUaWg7GhRputn9EWoBheCR4.luErV_osOli93v3mEosmDGoaqBDQidAgW.T 9AyVomjg0ahJjEKbeYlK4E8VYbmKzBKYqnWE1tUOph_3xumA0fujWryRX9i7ZwmPoQiGhgIwEt51 WK74bbpX4G6JbLzZ.SczDx8Ekt9AvcFstIVYxDXo5LoCii7hjOBBt1bAjXH9fg8QwvFLsOebrKSa zKPzmIKXgS27RK19efrffsbePkMJcReK_eGorexvXahnPALZNwrq4E940ZeR58QGEkjg.F50HB9h V36rrmJPSBhbCjaq3W6N8czJNIYD9XYUHHMbmXWvD3SxH07YrR87wLhqRHTx3kNtknJbQ86qgbVp dIOHrmrQkfobmg79BqXg5UCMqj9DZ2HF61LzZY0Gh7VBAe5imYw7mo40vKUnf9qGhZpWfWupPUh4 qWb.6fcxkRVaKjRnq.oTjR8fORXl41WQGxHxrbYQsdb9nZMess3s4qC_wgV.TcoLr3AXik_YfH31 qIzdlogwvaoAL3mF8MV0Chxn3dSizqc_MfG42bksBlptEt3XMKOHvUQ4qibeHScPOIgAreoVgUqS PUfM7K6KZAY36v9.qRFn2P96kRjkhL9pUDxNNipO4wUIHN5nABQKhUaf1pEyz59gCJ8Fde4VO8.u 4tphYQMVqbkffgzUObAt0xJ70CDXM544uqnAu62BLrJNsTHpB5ZrcglZWQQbBqdtqfQOt_AtYH4_ WefNQwr0Pgi4IarAMxUS8ENu5M6zN2ehG1rDo4Zn5J6xovmX_EAY3BauVyPuLfq7qws545L9nr.o t9jy5kVURrhRtUOVQYS0ykwgBwCc3FidOtBs3byyfLFfAWpIMo0h2x8sazhhhO0bd9bdWefbkwcn _diz8wcLajghJxIizjWfhEu3TgyCjs6BUWdTBcl94vFlut04VGXkzJXkTaoR.Zl66lEh11qd3WuI 1.qgQ9jO7TVeO_MdNKNk2xIS0AJMdHBGiS_KFHN6QSJdCJlf2irgaV4PYgD5_URbKSwTLfXhjPOb QBSh7pem4.WKvCpBrRllxnxv1pSTXSjU_TxZZa3UK1lg4lJwChhHHKD5q55qgJzpYQ20fbXpL0ar 67Jw5xNBdlOhTzjd2MI3TEqbA82rmS54f5p75zY93VZgRxFpHrlsgdVI1E6MrErPq0WY3BGmCzlE NfbJ8yf5pGbGRM5SYJnqmRpEBDrHL4xW8u_DG5HXmlug148f3o0SsoFK8VFEMcc9qv1yH9wKdeBJ BkulC_7eXuAwiK5C0ONf8qyksTHL4.FsRnaZ5YobG.UM7n3uSDqAxh9W5a3231JmldqgkUmTRrht TZFdm7GAG9fcuu_dkrcO8peiiU58r6QGoBTnrvQobQvTaeRq3WfDNWgAvJd91Z6mzmHz1N5y3NlZ c5lmbRTC9RX_nJuOF.QwTKmGbeT2lidL_Ba8LvE24OFdxp3I.36uhuQ_YsjQ1ecSNC8o7ngWfJlR P0wXYrH0fHAUyb0BDIBwnTWvT87KUo1SRs87jOCWEyQRndDFXzJdWM0Dj6TbV4yUfnvUtxe.NnT8 sxJqPskBkRrydp8UABsO3KwCEH8wtmIoU6jdKqXB3cg8esmhKkJLOBba3k4DW.8wp13PEphk0W.F REMMqayRmhb5fISidZXRHdG6yY.xdQtlXKWhNZXMNPpkfSKgX5GwB0gG6nugbFa0ngD60l3BTXJS yqDr1whaM.kb9wcxwWwuaiOlFq4oCuIpHkEIZo6oFlp5.ziIgfIUVW97_O9dnzgmgBZeohKQ5nLe HBDeI0WExa69EteGWkd2q1cjicoaSWCGhntAgvD15_ZTgKRx7o7FwGvCMERmrqed45gDedgDwPc_ Zdlpqrv6XpfzsAY.sko.xAIwbf8RAqQLuCkqQo4ux9CiH_NSsI1Dfa71ycM8SXnROso4VNzNjzn0 oKBwhSVkqZRTahLz2Z_h1x1aaS02hG8mkyBRO3zb9xyY9IM8YA3PowNQgKs3U2YO_Jschl0ylZab 2_jrcOenLLZ7Tqh5ql_wUpHTqxXyzWbCp9Bmnp44vpgyyS4nfQyJN99Aw4ovS9GiUt4LmnavDFhW 6x.8T3SLL7tULKo5mrNj3Sb7G03_eIPjdrN2zSEjfpNyq1oPIAx7IwvPLYAQgAgqwlrsKhy.RCvw 3.0t1bpznC24fsSBIN568q0HM2fZM144PU2cqxqky_Q848Y9wANFKdW.xtXPqnQtVRjqVIx6tlrZ d6I9l4uvVZZ_D_1Yl25F9YkTWdID11plxcnOz0oBbUhcaxAAuoNEM2QtXJOWIGbj_.LBfV0Y4n2u u3VxYE6_nOcswDV75CKHTXU_hLESpKeCKCag4Xd.kU9AYLoFSdYUP66YbrZ_N8tPytupkCwmNhMX gEInab4bXopDM8tRYUrZ7IorsnJv4_s9g0v6uXCXqLa_W6bqqONJ_X0X_S8JEsfas_OvCnqki2C4 KfnYAx..KBuNBemoy0YmRUYDXamIovwldhsK5o9KfRYkF6D7c3Kq6OEQXxTzpaOVCklczBjk0k5_ mGbdWWPKk7OfAKw8p0ZqY7Qm2oX4um8d6NnccFi9as8uXe72UjZaKDdWZ9Y2Wz3Hs1qAQovaqp9a M39NLB30YgxOMY26wsKAxA.sulIwFRKkotXxrGjeWhOw6aVwl0mr6kxZlgYikCC50NyWOlcsHdpi Y4Xel48yrF4uV2MQh66Drc9NhVFD2Vw1mjFQhJTdiaEPwHKQ2588N7kZHe43nxNx4JOQ3KwsmThw SdQBxW4aK9p0g0kVV24BL1_yTdXGhSW4I6nwLoYKQpCGiis2UXhuyEtLaEbo_W8vDDIJZxmptUYV InwrC9LW1oZFeNUXVbQMDZ3RsTHtAROVF_pAYbh07WGvPHwCrbcndH4K5khu4XrR1Vhs9I2q6_zW sUqt2m0RMRV7xtLl5oLWw9Q7sXQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:57:15 +0000 Received: by kubenode504.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID efc2df495bedd108fa3fcdc39bebc0f6; Tue, 09 Mar 2021 14:57:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 13/25] IMA: Change internal interfaces to use lsmblobs Date: Tue, 9 Mar 2021 06:42:31 -0800 Message-Id: <20210309144243.12519-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 5 ++-- security/integrity/ima/ima_main.c | 34 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 +++++++------- 5 files changed, 30 insertions(+), 38 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 475f5622a903..ec3094f6b302 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d8e321cc6936..691f68d478f1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -185,7 +185,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data) @@ -194,7 +194,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index ab0557628336..3b2a4d3a2189 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,10 +77,9 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + &blob, func, mask, IMA_APPRAISE | IMA_HASH, + NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5a6ba57beef3..1ca861c5628b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -434,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) inode = file_inode(vma->vm_file); /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -473,16 +472,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -500,8 +497,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -692,8 +688,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_READ, func); } @@ -736,9 +731,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -882,7 +876,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 1cadd61533d7..3ee9f7feca4b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -546,7 +546,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -556,8 +556,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -626,8 +626,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); default: @@ -670,7 +669,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -685,8 +684,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data) { @@ -702,7 +701,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Tue Mar 9 14:42:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125635 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF6BFC4332D for ; Tue, 9 Mar 2021 15:00:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D255B65020 for ; Tue, 9 Mar 2021 15:00:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231254AbhCIO7g (ORCPT ); Tue, 9 Mar 2021 09:59:36 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:33034 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231468AbhCIO7a (ORCPT ); Tue, 9 Mar 2021 09:59:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301970; bh=LSU+EkqD0c5zRZoBe+7VA8ArH3JWctcbCO+fWVyN374=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=r73yZvrhDSB1Fx4qA4GLJxcTrz8gn1KBiPBUjdQg+ycwIvNDWruWd/pyUpBq35eGjETliUeRcmCn+CLEXnE5X7jqvQD47xM2yDjYcGmBY1+0EnsXgGOoAAcDuf/SE2S1+uAYJbArgKK1rGZNL/Bstc/xovN4muLCHIlHwZyilgpohs01yGkb8hPnvK34/NWj35zKjQ02bwWzuFVSdDPjXPLO+GzlT22dOVTlMGcCsszNEnR87FDSKZtCqX4Fw1zhKLfTSd+YfGWO80mR8u8rDnguTFmQytkevU1n+3lsVVJU0K6dRC1hUrIpYBQtOYbWoURBtHaYSAj9cjc48eec1g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301970; bh=eFZhiRHekSkfhaVLecz7mGCLa1rzi8m3JnPk06ZRbct=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TuQRETmVuCZcLTL2GPpO9UdT5sSWV1QWlAZ85UMZrIfY+S+x/fT+Zj1AIaxk+A7CLnswQbUVkOAiDd+VBtay1z6WJ0atZYoPupcu9sB6n53Ea/EYEWijfGQ6Ljvo8cYOfNJE5PTzN1dLN+bX1pqRsx4vCLWJ43Nh9pPqEWMOOhocyo66hIUlghTtvrLvvke5JGpLTRG9ppzBctfu/hIxf6rLm4VxeAlkLsCgI9iYNxAmssQo1gQFdxsLgv92WW2vfg9CSNBKkiMjZw/7X8CsrOpz7puMwpbwPw2HB3H/wPdqLCNQ1eDjgCfIV8zhpn+rqW0htCDW3jidpv+XiaelTQ== X-YMail-OSG: xo5VtTwVM1lU4m8go5gnkjbknMU8xL6rVdR62umuJiPNBKOpyMcRDbcNftd_6OX MHi.sppbit_OyHT6LnCeVSuwM9esf53gBgTgOW6RviC8d.0oIF3JTYlLjkZeNv_GEcZtor70Iuan VLOZZ704YWCwT.Ke_H7sgWyCL4ZLXh9qBXDBywChD8lBtX4H2YeDU6M4GLSlQH4EYXqMhN606dnk URodDX8ZTHiLG5GF.oM4wpXj6WSCkh9o1mGElmKyROAKWd7bkYgszBY5FZyyEjkMAieSB3Cig1v9 JoRIp0ucNdj2RIrqYUyMhs_dtx5F3FJDpFbgHitdI7D8V3vVkbJMFnudwLv7dkHWRmEc.FJYn9Tv lOqQ7i7WXT8bjNWLZ11WBxP.qfVqj.kljcsQOIJJnQMmmnyrKIppoebfE1xboaF6qTMexjJ4YaEB 7BLO5ctsji4qA5HbbRvdG8Rh72M7tLRhBqJO1OxCLn_1Z3c.AFBSlUjnLVRKdRo12Wf_EjYOgAyD CmgbV2Liuh_z4bXpCkdxkk7nHqQx5h27aqLjjFe5d800kTahWFBnUxQUhSQofr1EapyE3J.osbnT fbP7oakpTfmCko_NmmqbuZwFnnWURcEVim2GoAYOu2s6SnRH7dSauUlHeYrR.C_OiDd4lPIDOX1g Hu9LQlf4QLo5HwwrGVcWmpjkihk1f.A_cozg3VHHK7DETKas_UUDBOPHJk0YUCwYWeqIILZDIDQJ gwmVn6YWbBcfnQ5.v0VphrZZj3gwmkuHcYxNEaMXHjQatpX4XajkWgFupng.YsNdzQuwZLMt834S jQa67HuPckVQdENEku.veZuSauEGTLa9dQXjlBTySNROS3XGcLsjOP.3uOo.vs1klGEBhAO9HMtT RirVTC9gcwqietpZdSZXj7YLLfd_S2fqAhAwTxsrGa1uYFLIpNhX4VheAAWwkerFQCMt0SpPXKvx UF.SemH2ckuPU_MJG7Ry4L0iGP2glIpFNVllueNXRN80LN2AC45Lfp5tIIhj62WspB.OJbEultY2 XUSZmjmS6cK_ZpzARmQ7jfAPPZsCe0qrmO7aw_1uBm8ybM9VWomg4aw49OiEYYVfE_.3RVtY.4_j 26FkO0.cWoAhsqwGAOHice90bHnn62qIf.zpED1dODCcqsxmoRs923_q_1iHSg72Yuf_vxeeqlGF V4fUXqIj7Rls4Tq5oX7nk92_TXcChhqilHGoWsTHmgTDVaWBJQUY3lCDZL7FnBHNvZWQPADz4V3m pqAEEyOSzqDKNElDJoldpIkVfrTER3WZZu8lNfcLMw0kYH98i3ierzxVJ7QtVWb7qRPrvnALD102 ODGWgbuP6WAKnlo3r5aY2Y2DfO8jgk3TvQlejtVbZzBh.FHVRReKnmE_9KlUfgiHrwZ5e9xaTD1d o6CalHvB.NWyqymjwHTk9isSs6vXPyXo4vajfu_fkQBbzuhH1tkVriePGeRAScYymZEtfle98Ycb kyAtawfTPGBqcAU7XHyTPl_4R7L8UwrYyc1Uvgs5d_fFgaN0w1bSsFW1WEBwQ1MUz4Juip_fgJ9I xTWue4zZr_5DKSt653s0rUWxfi6Ot5RIiWpMWDraCKzkXVL7ZTBH9DzBDqFhhYpjFiFgjYPJ9R1. QFJin75efTp8hGI_WL3zZ6e3waDMCOX0xlXHsGvV7CXdYHNCWiZmhv9GzVqziHNAcCsd_RwYftHV 3m7prD5C4._zV8vYp_TmfN0hIaK1FmbRK3SJmpzh2BNUIuLCVIdm9H3VJJpJ812qUwYIlwuQctuZ R2MyDIozwBw5y2x2qo6jU0hl.c.SeR5y.9dhf0r5FP9r6oHwXhHnF1jgVycq5up4Fg93xpF4NHDX 0f8UepgoaK.Fip9VFpDPknum6e2WCkB2le1dhaTHMZ4bx7J3NWEtrJtBDh5qUvFSF2lXLfel3q.Q gVMbiETlhIB2x_jNBWFZ1.Z0pQ6g0PZkCP4ck4DfdW5wNtpTN3uDNuG4QtgnL4sbxF5w0N0rp0wk rjgIf58aK6b9qCYFDFhXkgQsDbJgg3UjY2edgeeIM6jFWwz2IpNLufCEVtYn8sksyDaraMFOFfSZ _oY9GcLi1s2VjRBKHm9xLDIrlJm8X0Ty3HfMA2OrUa9YhTxc0ydGRLCpfJ_og6HwYJHoaW.a2lGd B_yUbGzXpOuI6JnsfaY_vuXLZHSdz73cnJM1U1D4QK_cF.sOTw7B.fs4qgyicmOek4y52wgwzz3t WKNn6ynQDwcVC1UpKp7DnB7MYoXe82UhIiJgsmcmJlpniseKYsUrjFA1eCErpaHq4yiJgL0ajTAm gzy0dJtofK_h5ydgNgh9W8C9MIzUl12wUHEMM6b.uUjpd1_7thDxKRsiFwWo41CpA1RSBBLM.xs. M6PAWhB39I372Nb1KGJU.F_.qL_v5Ea2FymHCQZK.XXRV.vmVAtBaZzEZnlegWRCwBOaJlrxBbbw .DzaY4.tdRjNqqE42CRnWNJ0GrLBVWR42wd.EADSwJc3UurLm7biyTOijuqIWDeDFsO5ciMYbf_L Alit9eN1.oqSsZ7kObpIfaxkZgvuYaiI9PB6F5ZKMopX5l5akklCx671LcP3nkzxp3vbUxPy1_L2 viv5TdqS6raTv3CKmZq4D4KopShkKq9UxxURl0U19LsHIozdoawEO7HOdxa6bCQ4UaW2PmpTLqmj a9RhApM08mYKVY6nwCRxkSaDJ5OVcHWWTs9OlJIODF_Enlipbjxz3C.OIrGpoIum_dyJM2FE0YZa BxlgryeKlVwF34e_r3tu5ymK4pvtJ0lYLOgplDVjNwPYMvdpe0tJ5RRdLwLjqnchyAEgJdkozTxR bFCKrTtTB43Rzlt3Q8BgPhRH8viGGwML_I96NPQWmo9RShF13p5xwmMJl76hBw0BXtEvUq1dcPVJ qUrO5JB2SDbHoqnJn1ZuLSPc77LQkKaQUU1Jx3.P1TdQX0Fdv0X1L.Hu1sLj53tSEJmQ6qslyXrd 5Y0NxmwbcltNvi8JDBreuEHWnNV.NVEE8xW3H69ofpnY.aNArlaZKUquR0W7r67KWrPzMiSj_vuN _elzMFXjHF9AXqT29hWcmNtXe.oBX8.zSOW_VVv.HZmG5RkuhpzU2RooDyWh_i8n.UmiRx4HDs27 t6eQ8qCm0Due.__sHs_jm3KMGfForfr03mPbPSnFFQ5yvopKuDibQyGPeY4fF2UNruzTu3KPjscK nFgnGWUXqiRweyepYYX8oi4JK_j53nIpQ2jPzXxOZM.GLRta_fT35JFpFq.l.DV5qY.pXhw5w5LR A8VUtpOQTUTbg2vL5_rNFsvp46mIJZ46ng6oEP2fIEJHeBYLiHik4uSPxWoMK36lxYaPAxl.pYUi uIDgLAnUdsvXfPm7.wGdWKxm8Lkn6xuE429WTlBApouiyIR7GvKtPEdQXFn4FgwtqauHxghr_ZZt zrV7UDJpdnVQv X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:59:30 +0000 Received: by kubenode537.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 50a94297dbc8b7791b347ff51d23fc22; Tue, 09 Mar 2021 14:59:27 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v25 15/25] LSM: Ensure the correct LSM context releaser Date: Tue, 9 Mar 2021 06:42:33 -0800 Message-Id: <20210309144243.12519-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 1a15e9e19e22..f74a72867ec9 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2448,6 +2448,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2750,7 +2751,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3084,8 +3086,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 02f59bcb4f27..27b1bbe5ab08 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1349,12 +1349,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 74bc5120013d..503ee773f571 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -135,8 +135,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index eaaa1605b5b5..afccc4f257d0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 175c8032b636..554e9da831b6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -133,6 +133,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -547,7 +578,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1395,7 +1426,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index c06133104695..bfb4696503b7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 768989b2f09e..caa69696672e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1410,6 +1414,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1418,7 +1423,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index cc2826cdba8e..6edb78c9cc87 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,6 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -359,7 +360,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index ef1394f7fcf9..5ee033a1f885 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 1956b0312ec7..08ca87fa97b7 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -630,8 +631,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -639,8 +642,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 93240432427f..32b6eea7ba0c 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index df51140a4d93..f1c1b387bc63 100644 --- a/security/security.c +++ b/security/security.c @@ -2301,16 +2301,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);