From patchwork Thu May 13 20:07:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B809DC433B4 for ; Thu, 13 May 2021 20:13:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9C07661421 for ; Thu, 13 May 2021 20:13:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232385AbhEMUPD (ORCPT ); Thu, 13 May 2021 16:15:03 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:37564 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231539AbhEMUPC (ORCPT ); Thu, 13 May 2021 16:15:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620936832; bh=OFynm7Fw2GPfTv1ptUt/Gy9TgwZaREJMG/33YxcNKcE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qJIYnMjoz3yl+1TVYVi9Wrvj3iMuBPS4JT2ai/O1amApdDwfepNLzXlC5CH1auZi1GWbSemrI1oBPoyyh73Tr8q4GdyfxtsXBQ9v7M50tnN1yehdE+MwILYyU3yENg7ZZ9tnSo4TR2tV1uRiVBsO7DojMDiCjb24Lq4FB8zTjRdeZgJK8ohTvzR4VRH4R2ZomC76qtLT1LBq0UkUN1jXotFNAgqw0e2AakLg+fGMer1/mHB3NE05me/ddzlyN5/JGpZpVYv66d0oARoV0yxavbETwrdJ3UKQYqoViuEOKRdCRP9Jzam4KTCA/DjoZP4CrctLb+rGGCo9Xow0JrcEvw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620936832; bh=7ru4Xw1PGwBw+K1Y9dag/fJvO7/sDXFIlqPbH1ITwPk=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=b3jEsJqsrcKJa7QrSeV9HlXw2NCwPTIMZrZI9tj+8xZtVTCR+fSlXz8vaFLYlJu8MLhzdHEsq1DG8nBAIyKKh4EqvZSehv8kf7mY9KepOsZGDFoECoApZX3pk+QKHahJ+e/d6nuDxIV9m4PivdCZd3Kp0OJkcYc2xh8VnwDgbc54UGTTcN96BMqmUkIDpdsM2qAIjIqAO8eIJDZTNJS/L4D4mWCmpS6b4J8PU4UZzd+YRXciMryLM6GRn1cL/lFh7L5jSVsyOi9T9hDSji8DklsvXZLfAeAZAwcSZC68HPSxeuikTBK5Z4iG/1QRRL/4Tn2/Gm/fFqNmfsEeDrcBaA== X-YMail-OSG: 9DpdEtYVM1k9Cgov9oecC6sUIzbTLM5wMHvm8IpSu8hMSiTwQsGppOSmJIJ5Cnw nqPoVyy3kytyY7_AzG_dHQpfH0o_vXszE24.B.JQykGiAvh8ko9XL5ep9qIZrwJOhIQKiqwnt0b9 yFgo9Y6UnkMEEfjsCxX5_kHDKjvGe_G25WO3Do3xZfwnSqzpc2eURT5TTz1L8hPkwS.PG6m8DSt6 tLF99fPaVLqoB6dGIGybYocLu61u6TGwP02fKr.BHvwf3u4Vme50xfYXWCCfrivwU3VtbAboI0mk qFtGymv5eTPr_3YZb03HI.IRpf5utS_ltl5NmdLDZHrY2jKiKUgpRu2MOofPmQkdobx8iZjwUuxc Ls9lPq16_t1HIxtQZcsHkI5c4Vvy_AGhV7_zL5KoKJMBaf41tLDN5aMPWuXpIUg_ruTpwMS9KJnv rCBWgkfvl2f8IHJzxV5V7lZyiNCOfiGlr88tkvjBSZJdgSh0o8KB3K6p2EzvUeV.Jr_8ayri6yaP 6WueH6rgRYthqkH2TEPuSJ5DLovOYOQyF80Mp8PhQxCwVosbs_dQUqhxXCYB5vc7vcGRC71T96ae 6TOsuvobxel54kpqBPIPGP2FxXIpCUpAwNb9ZByWVzaWGgeG_Nb28Fecho53O0icenjoqfJNkRC0 tw8W09bnbkBv6mYd0XSYpA1p1wlrJIrRS1tD6uuGRJONi7hWmrwBcKXqqQzVtXk6Tcc3giruUghZ uvxhbKZlNqu4l62By1TBke5zCCiPHE3bAI0w07LkoZl1O9euk2pIiRmr1GUVcx1HZ0Y3Eu6jGCPj cwQLTYJeIMJgbcCC_r0ZFr46kwM5Kc9NZUSVH5YKG5bCGTKERLTBBAlaXYvSrzkhZMyvLyK5QGSp uOM6oU6ij56HL60rj0rHKluCgTLZ2OvXVBtZNtl.lNfvIQcVPAeJC9r1sSkt3tS_GQuMInbAdVBm FB3FvpVWHTZL8BIAedQY_VEvf.gwnHrhuW.8y.N0Wir0ClRvcHcyuIu0MSnYwlYC8dmX0PdcWHCm DfTJ35FgCjNszlJFC_dky74D9dfO9rnGLxIEKE.YnUCvNlnYYGspqixZ64SGPjNQtDPclEDDoVZf fwhUfe44EUaIavovZrOVg5RMt7C8pRFCP9LaHh5Fu2gQIxguhn1sIfQBTQsjLSFM1rOyplmDsw3d QBkDWdY_KR.XQgEzdgiJ4rm4Wh3zBNnzrKev1W6uO1u9_DrtTZ.kgF0FcnB6wGFSeCnyUZa1qfql IuzeYVB8G_cySHYSQ.x_7i4vgHt.h.ibqmOpQhCbLcFZRrj8FLpFJPeyQED6id0OexjtK9k9ZpXG KZIz8AIqUO2dfecsSQcWIGnhuhQPvq9EKK8cZKx0Y.8tD4tpObd670yBOONHQrRthDLWPo0kv2hg BQhM7DQt5UuiwiqI9oPsdUwNTskezBZg4yiwt7IN0yGHge80onsbBMSIqpLBlap9tZeQG5dAA2Q_ dG4_vIvQMfIh7LwcMy5EdiOuqgJHNowHNxhrve1e1CGRszZqiImuaj.ctxSss.VsBWXXQapMCqjA NASQHCQ3JoyIJCFMe0JogecUFieu4vfh4.7SfGls19uILVGPFUoWBSUWVaJUdskxRAL_R8WNnEKx RrPG2uWiDeQcxd.kAJOvqYoxof_m4o5e0kwHKUzqWbNan8KdfpsrkyDK1XlYVT86tO1O8rrXg0RX ukFxlmvz9jtPCdKwSaKZG3uUJw8p_EYbe7dcbA8GzHPH4n3gxKVaJVsOerjT9kh70Ktdvz5uvE._ GGEzY1snGezJZihmlj3eb8KCMMMKTRasL7oFCy8Qfa4.Dha3NlX_ihv_79K8BpdlyyOxK.AoqvdG EXwtLd2hukZqyeOu843xzuGWKPN2yOgT0PjDINr2JDUn4R4oC8JanAE0bqnKZzXfJW1NTUQ3PdbX gmjitARg2z.kkGC5MKhXACWB5PuXVUu766phzlE7QhP9v8r1pi5ZDcPIdM8CcmqRyefmsW6NZaDK fSnC5bV2B4QjM1Jg.KGllvBbjQt5k0pO7lBiuQAXgG8WtjyyLd2htCz6P99Rmpren84idIFg37Wv ondzAK5xXTnRPGTGEjFXtIA9VDT9YsK__1V62PnQFqe13vrGwMEyos14xxotPWkGtm_HvgEEtjRc HH2I0UQNVyGinGuDJQTap13PNOQlISk6BuB92ZZ.NDxnwD3mUHMIdSReZkzVksXZcTyVkBorv4FG jhgtZ2Jj2lzPuunSOA9rDofXxXiXurdQzMextRefl_d7ltRAvyYvRO2Wu5Db55LnKAuxVlXWE8Pp X5j3H_Zz3ATPAzs2lHE.Yza4ojIF3rY1gEJaIB9fBsQ0pztGqnjtYMRFd_MIR790TPgGODa59SK5 NPJ5v3MCz44F_E3kRry6iWeeJ445sYt6udTHNDhErMbrfDPAz.PDq1Sp_TONdYK34S2tj_bqZRgP 9UVPNdl8R1bkBdQyYGWPX2GLqp8RXHYbmBjyd7sWRbifBQ4B0Zjl7g6qQu.eTSkP4nnGbXerKWnE JfTdfuOf5J3uXngL3z6NofR1tqgwZJrldZtPJOSBBcUfkQlxQ6J8QF2q6jM921s_mY.LVPreguTh 5X2rH9VYzXcN0wLFsjwX0drvSvGxdunfxF_VesPLSbfApw9N_B90pcyChb9e59N2MkMkeKlqLBlm juiJZ4cf2zhaUgkhzfTG0mU0Mjsaavhr.5RBus.KOBB1AU8sm9M9r_7fuHV4L4KePNto3pCfWEm5 YayJKf8erv9VDqN.rYGqWeGzq7YUDLjB3i9wePMCF.0jRWM9lZ.1fYAxHuVELHfJWeRdewiZ68DS INxeOBvoFgNKDsurci_IMNB7ufqQcgpRXs7usDOVzzX0STJzWNQsHzRRrDYZyndVrMWlAj2AaGud NGCbKTrO49Ok2b0Lu6zujPRK6j.tPKo7BpTg_0XZqOc3v7VNSG.SzvwFQOVyzsQyvIVp2NY3hWAZ gjtfAcPgipE.rAq4PDtYc7PzYhZifveOR_Lii4yXmAs.i1nwqAi1nhPODWos_8nKDagXxHyuCJO4 LSISQLgRVZNoyyT2aMGXdf1.Pn1oFbVpKgGxHaGATKhebSSx8qXruJRq3ISRPpn8UnWMbIlGcyF2 YK1R01.NJZ4mWxe5lh0mizVwrh1JD8lRGiwoa_XT_PotM1PGekR6bc1DbP5W23x0_am3X2fEr X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:13:52 +0000 Received: by kubenode548.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ceca9e904f329847202ac738b4e9f228; Thu, 13 May 2021 20:13:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v26 05/25] LSM: Use lsmblob in security_audit_rule_match Date: Thu, 13 May 2021 13:07:47 -0700 Message-Id: <20210513200807.15910-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 34 insertions(+), 16 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index ca9485105f00..916a0f606035 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1944,7 +1944,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1960,8 +1961,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a2340e81cfa7..6a04d762d272 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1362,8 +1363,9 @@ int audit_filter(int msgtype, unsigned int listtype) if (f->lsm_isset) { security_task_getsecid_subj(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 392afe3e2fd6..71d894dcdc01 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -472,6 +472,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -670,8 +671,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid_subj(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -684,15 +687,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -704,7 +709,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f0e448ed1f9f..55f3bd4f0b01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -433,8 +433,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index d804b9a0dd95..a05841e1012b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -607,6 +607,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -619,14 +620,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; diff --git a/security/security.c b/security/security.c index 9471bcecc052..a5793b4bf684 100644 --- a/security/security.c +++ b/security/security.c @@ -2669,11 +2669,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2681,7 +2684,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Thu May 13 20:07:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9F10C43461 for ; Thu, 13 May 2021 20:19:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9940A613B5 for ; Thu, 13 May 2021 20:19:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232696AbhEMUUe (ORCPT ); Thu, 13 May 2021 16:20:34 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com ([66.163.190.38]:43726 "EHLO sonic307-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232535AbhEMUUc (ORCPT ); Thu, 13 May 2021 16:20:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937162; bh=a7uyTu+wm+XMgRetIvea2zAb2tPOrXH0NpJuMVK9SFg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=dbtNDofc2UjZL1n2GyMLwbu7hydzP+Cntzwuy5cd+yANMBa3CYlfCfnPoDXxoTEuA85GoGH7wgKmZRJvqwfIlQJJkci5BWIQ/58TB5Ct8f08XQJ3cOnyO8HPtAofDn5nOzEknmcfpfhfNK0+VyIsAY9g7K+AiEvXOyenfpasLD6tFasDgE9pq+1ZtCBtF5V+Dxagg09zVK8gtvKGL0VEnkQ/bzbO6yaUuc/SN0ZerZLuVKMofiYmxG8L9aXEzLusfp7C+q2rt0bfpRiOuduVYsqOWff2D4ExRybvqQP2toATV5kzDHjfki1LyigLRU/aKEAGrbT4q+AoAnQRfGiSaw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937162; bh=gUHj7wZjLwTZXUr8mDspBbn1xhRGGxI/meyJWdeql+N=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=nooVRB5hsi3zmw+AK73pNEP8vwpel40zzLcUxy1EzH9QZRAKw5KoEjrEfns6882j6iNCaPcv+/bMtLOQw73Q9QWf6kPklLD+Jr2Qz9hXhbitviur0Az7a/ItzY0Qb7YdXS69OsO9L2cd84eUUEw4qX4fah1yrZPiUbvOoR/f3Ag+6QkeuTvKAOLt1k5YVykGY7oXZ0e3Q2fyht6iebwayTLEKKXzUEiS3uf6K+RwQDu/unibLVsObtjVb5VT6RtugE59ljvxTEUtubQYZNP2dlwFLjkSPgP+NCc9dYEliQOaBIL2ZPCRimVDeOOTc0JrBI6m9vCE7PyWz3oGP5Sqvg== X-YMail-OSG: L97p_SUVM1lmBc0WAHV8fvYKBplreNkdtardHJdOde0z_iZCdAxkTjKb65rCCBH GfYOhzwNh8bHozQLWo.s.jZiNnZwuPCbXEsKsf4OfJXoEmKjXdnzJrC6pcBmh.JwcELy6wxic2LJ GzvmUtfKo2J_jCb2LRKE5ikgkL6X8H5TtbqtQxeZ.2KGTbYoo.QwJQIqcSXu8URgEkDSXDPtalY5 pQmBU1G5VCjtxD39sFOShLJy_EFjpBLeSvz4CGgG.msD6JSiy6LM9934Jhv_bllOuSdXHqP1Zudl zw3F4wJJBV5JbFGUCGBx1tozd0ktoARe5n2YhyDaNc5boNvrt4OzVK9JPl._mP0DrrB3t5q.ACC3 1qQZOmjNS7MuXN6g5ruIbss_1hjXFTGvP79maZiYzWukmiWO7PF2CJiqI3bgOqpJ_j5eiQJT66so E3trA4zxLbnI3rb6dLd5s.hrtlEC9PhwS1MrwNpKWr5ilUgiCezcnUoA.kSOGT0iEN4HnQMEssOF SBdjH7hEI7GD7kPCTzTXgcLX0I9YwDcGDsM.n9Rhc8HyGRLPOVBEFvz1lpSnXOSOM0AaqUwxNIss VN5WoKDxFVGRfUoWHJ3N.tg.c1qtlbV3DYnSF_qT7R4OE0YBvt8ZorClyfxbW7d_nqmXXRQkD81E JreRYI_iekQ1hUTP5XzDWa8afHZfvrBTT7ulPRkJIegdTeglWetGPiriaG5bkYq7FwsLW9IWCjjX XzY9Vikz7AxQHv6_CLL0KddHEB.uIEPQQM2cqRTck1HhQ9H.AIOFKwu.o_nOt6buI.x06dQ51RLS TqMx7wG85Tqm6BhQH9FCiEhaEz0lTM8xE33d8UWNzelzAcpkFkDYNMiWBoRAnLfJ4suzng7PniVB hOx97OjCLLzZlYEm4bav4Qm0gBkpS0kxJkEbaSs.yaS3xwkeQ.7d32LJ04vmG3GhEgK3ynQ4vMET v08i5.chz5YmuoEKmPmEZ9zBvMXM88rSJTshizaWXS5IeahrleMDSd7TZyis_TnbdbFIicajK7xH sXcDUPljpYvi4VSVwCrravn3mwpMykShtBNPFzvyEATHb0WVsxkV6ncrh4TXpMpiXkLjCLxzmm0O TvS1KgflFGOLP2V1Wt0l1YsjkE9Ay4A.Vr0F6qwYAP2wtoC4PmkhHO4NbQzAaxh0tNo9BfVLdfcj 2e8Gck3pbQ7tT1ez7fGGZXgY9kfLDklwxZyhRsBmGOVFjp5muPH3pxnKtqfAuhzTSEWAJu1jUp05 G2kZq1C3B6lytPMM.TQkqaok_RUKDUIEs2wMJUFkDpnTxefjDxrkaUJ05YM8fanM86uJ.tJr9r4B kUKZbKdpq3tNdd34k5H0ZVnXC8XvslFDk8DznefCI3lDbcVIvFXnUKKDEbH5TIdh65cPvEVZTtBA Nyfs_TvMwXxmCPVLlHE37TNjSmTpDryTg4csl6n08CXheT27EzN_TBQxOVgY9mighcKAchUndkOw 5IZHRt9T4zJbMjPDtNH97FwO73894Jk66XH7glEWDHAAk1b4AgPG_evJhwJRg08wjf83HrOEu2e4 R6c2rVY42wWzrHXdapOXZLTiEAEmMbDd2uFk1K0VPlyBSfywjZXbl6.BWd9phc8SesXgV1pqg_P4 OxfMKme3Y1icTHLz6uINSLzK1ToTBD1UF1ztTfLH.ZRa0bbDz2zwctpDpgq8cs387MjXj1GVbglt 5vPc2GmSuCCCurVtr.d2uRmGSm4W7I.wqYNmXNfx9DEaOmugvI_YhU.j0NMzbRsk2nGqAsWTmv02 sMFsbPdkDLJg8jJPjByqroBX1JenX1PRBtm6hmF.dheGAJmzwauEiUkm6zDMXDyp9XI01ekBWKbl ZWox7HLjJ_4Ais3i7TUhVFQfsUFuZrvHlueeYsO0jmYzX84ZB0_HtUm6cBGn.PxejW.haLMRLOt. QVzE9rSNu3I0U6Z5CrMKE8qlKTejE8uxPkZ6mLhT.xTqDDpoVnsiq3rkUONwZlMW4XHxrHBk3x6l 1peSiK_DrbLOMyIleOTNHX2IQPyHBYeo2wI2NOHcldYEScW4wL0kyAzg0geVziBgLpAUhbiaiX.h RQDdTfDRbWTie7L7sZHidjFrSs9KAIZ8XZiIch0K3gm8A4F9ILBYZLAagHR3qqG8nBIfOLQmkGBY K0DswmV4owZhsaCqi54ApkPDRzXxU9Tp346V8GgrocDcW21Iuff6BPAmsbmrRlrHD2LeIaYIiofg F2SiH54jSuJ28D9mdVPceIpxL8cL1s3NJni90gMZXZyBXyWSfrM0fZDJiZYxDnlgjFRWcxrTfNC7 DZVuCk9OVz9eNIMM1Rsm8mYLvaOfb2JPlf0QM83jp5bm3.R.02Z50otJ3bahRXp.3gm_JQ3o9ZSt r8qXJomIyqY_RbbsyONN7a9wZkQOX1pgEHj_8vUzdBXfNDyao1YEOcv8WbtJQ2bXOoIdSyTkRq4j wZLiu.oikKn4VOEMejMPBZ2Tgl.bJUz6AdvxIqmRuhWfHaaCB4GQWys149cauYb3KxvPOtJDqMdJ SbsTANgwgxH23EaWsR11jvJ9FQUg.CvP9kv8GyRqkMtb7F6oE3wnV1zzbdrdd.sWEEo2XduzKPEm kZK8RKvvIfOPMDDETSpuuAWzZEvDGZ3ab2gCvUu9OJV4ZYmYm.pXegKsyvwK4Sr1OLGmyMCMrPOO OeS1qGrcBueyiSwbp3FA_.viK8kGOZ2A2EM6iwuBc5ss7.km1R2M4bHb4syknAD4NCwdDBk3HRH0 Ta1T.aeRdZ2Rm4E_8dnIytnkSEmZTSCtHCmo1ejm68kYFY5B7ZkR6hF5Nu8TaamAvg23.2b3MntX 9CoKB26ZDWYJwFGRXmijSWAnFK3HbTYovHgaLnwp_Wy_VY48imvyOXhbmMCKP882ZxvMpKtQTrnI IIWP45DSJrU0z5rIrA5.VjZEgZ00xz8BA1FLlE6kpQ8CAuey3ZSHzzja8aaAZUTHXan_I6GrThe1 Wve3N1g3HH2MxKKxnnnuviW4xHUNGOP9OJ3RDGqknntrJomAAvGivAosJck1eEOUglxVJGQyXk5Y dLlYHFcld6OzsyUJotKnowzt3AD3S5vNNYBVMxv.jxDQVzDdoWQJ1YtmzSv41t8If_4smVJazE21 bRyABwRHzdMlZkmarrry2hozZjVOFgq.dcqdrcIfrljDH6yOQeWOETzM8YiXhf8hdgJmolod2q9E .4nKGSip_CIUGnlb389Ho.TkFdgFdUJO4pQH_rLSqNPSCZqm5lawGK5lG0Q-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:19:22 +0000 Received: by kubenode540.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2b7f8645fde6207f4cb0830c1cd3b2e9; Thu, 13 May 2021 20:19:20 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v26 10/25] LSM: Use lsmblob in security_task_getsecid Date: Thu, 13 May 2021 13:07:52 -0700 Message-Id: <20210513200807.15910-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 14 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 94 insertions(+), 79 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 193397a1fece..ab55358f868b 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2710,7 +2710,6 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; @@ -2723,16 +2722,7 @@ static void binder_transaction(struct binder_proc *proc, * here; however, it isn't clear that binder would handle that * case well anyway. */ - security_task_getsecid_obj(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid_obj(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index bdac0a124052..60f4515b9181 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -500,8 +500,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid_subj(struct task_struct *p, u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1197,14 +1197,16 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_subj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 22286163e93e..d92c7b894183 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid_subj(current, &sid); - if (!sid) + security_task_getsecid_subj(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &audit_sig_sid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6a04d762d272..1ba14a7a38f7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1362,8 +1361,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid_subj(current, - &sid); - lsmblob_init(&blob, sid); + &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9aeddf881e67..dd902b68433e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -471,7 +471,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -668,17 +667,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid_subj(tsk, &sid); + security_task_getsecid_subj(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules); @@ -2422,12 +2413,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2443,6 +2437,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2454,7 +2449,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2475,7 +2472,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 534dee9c7b6f..b08442582874 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid_subj(current, &audit_info.secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index b9ba8112b3c5..11f6da93f31b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid_subj(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid_subj(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 4e5eb0236278..f8c7b593175f 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,14 +71,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid_subj(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 906c1d8e0b71..9d1ed00eb349 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,11 +430,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); + /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, 0); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -469,10 +471,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -493,10 +497,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -672,7 +677,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -692,8 +697,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -722,7 +728,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -735,9 +741,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -859,7 +866,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -879,9 +886,10 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/security.c b/security/security.c index 0364531d92cf..f3b985f76dab 100644 --- a/security/security.c +++ b/security/security.c @@ -1902,17 +1902,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_subj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Thu May 13 20:07:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 405A0C433B4 for ; Thu, 13 May 2021 20:20:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0B3CD61421 for ; Thu, 13 May 2021 20:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232792AbhEMUVm (ORCPT ); Thu, 13 May 2021 16:21:42 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:35447 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232555AbhEMUVk (ORCPT ); Thu, 13 May 2021 16:21:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937230; bh=7GtHe3J5TFyvgnmWVe7l+HjNIkfgPM3b5UFEgLeQXE0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cxzFGgkbqxphC/jGth9MelT9TfSCALjojXD+yIfLTflkgwCdNyg2XFQQUSR7hdL2MP4AP8/75V3hvjlpewX03VtAIq55enr0rWBBiKlAOPpGh4vapxaNQbxWgtlX26+RRFeQx+FxAR/jgef3yYaXGfWhguV1i/35FYb3FJsASVjpC5pUrjK6PCZwagdjPOChhCOc5cwSj+sIjvd1/scDF+6cQSLmlps1nCFX5YnWCagHW3MbC4OEBOFye/86HRxlVyQDhCaqpthQ56VWqdG4Y926uklOq4ZVlSDhZNfQncoorVKH6s369kmZKY/MzVueVww4D5HFNaFDlldZMbMf3g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937230; bh=CoaNrB3CRBpk6LX9pfQp7CMPBksU3zn51/3s1lo3MoX=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=M6vyo22m24h85yXycefGyxIJPDWXxKP554WioNQMuuhuMCpfI4/Jyndb0n0WXR7lJQzqgALplHMubyy3DOJKz5ziq+Z1YsnxYNXJht4xHphWkh7pyRcUf8H9Vb5xFcs+PsBv/XNrRC7fm8WustF6gzhnRJsD9C5GL+NLJ44VBaPiT98c5y5t27gD7F8aXzD0+UY4N3aCJdoTifiNn3cMcsyneEO+K4EVPv6lPpUSmi32zudFp75y3iWRwmCGFGjjGaxUnJejv+5DJNRlexojqP5bE8Qu6LD7tD2IhiGmPo0mXF51U2adhYlJyL4ru9A28e1Sdrt5ks0ZlpFDUm4YcA== X-YMail-OSG: oVSiAMsVM1l2nqAKLeraETLGtxNHRDHFFqouEU1bEPPhiDmAQNGNZgPMU6Z76St SjvpBF2v6rRrkH7sP.K2iKs4c4qCWRNZIiX6f8_f3RrbJiLDAicE9Ta48TdcoCCO4Sa3CkKx.LWw et9nSrkVpjTsypeeir0UqGFKWMzhQ.whO_.5dopMgf_k0DYY0FkQA0c2MGiQsT_irjJx4Fg_jO0I YynhG4GMQKuO2hIDvdI5aZviKHcoiCokWTMQThB9eBOtNZeeDX3uGBnLnHw05dxnYy7I2jXi7F_a tfaV6I3wny0xKeydacQYHKa1zW0Tg1rQjXNkrSOzLQSeuhBB4hhusxrqDw7OL5BgGRZeR8_CU_9p sYyZokKdQW9XtEWIh6CsLO74_I9qvDCBnpVce2PWJPyoiyv_gR5DUZAm5zluBJjUMYYTcaPwOyEu 1Sfgl9PSCd_pJQE_2OlVdiT4PTHKl60lAiHcf2ScXwO_qa5JSfrnl64CrbsvYiJOf1ol4kCnl_Rj ctQ4CzwSuAxN2HeJ61Q0IIVfGyvOLmQ.cYT5Wp_voVPUAUZ99ccuUE3Y2t3PJOOPiLpt0k7neHg6 yQZBVrWngwF.TYwGpu5a8E44U5OUcOyMBRV2bJ1rJt.0TYfDBobkTJwYrkSH9LRJPrE5Mt4pG3fo Fa8QXM3bs6Dkefuo4hXmeLabEfAp8c3.HlDKiDct_D05v5SbsGCFThdjSNlCvjykY4fBV0QV7QrE WP5xbFBM5lE.eF8l5qiW0m2N4oFB2Bx8LQmZpghrOmsGewvweYwnYrnCDjuxTeM786cUdtjkRii4 cefa6SbwYL7jDPpN7_DQUGdCYXUV5i1uvKPqQkh_t33nMiVdScBx2mpYOTkR1kNoLBK8BG6rKHsg 5IBZ8NNh5fZ0EMcVRsoxF5jQPJw.VbB2IjPf2CXdI74hP8O.zz43OfezPOm5FIm_RfWGcTSwsPba lk1rFKI4WBhGmlg9pD.c3zD_ZlhQAr.5tE5DARn.7GioxfIVCL1_9UBQFhNeii2AlvtOZLM0yLm4 RZRm6dyBBMqiIejVZLzrBzMMbbkxmFzTTUq9R3LIS935boHPPem1o4WnYSlnPzjHMkiz8OBQQNwz QuXgFlFYbj6WZWqD2WjrVQtT88oO4IL23hNR05KNMxVX1AhqL5wMN9Tinx72R9pyup5VTZb64XV7 ecmM6iUH8luYqZhSkYsRTsP7X8zl.SxdsR8.S2qas_TeqSxYPbZ3gPdEeeyQfOYHU127lZmxouYU wgT3Pobm_aWkRmy6CFbs4jLWk6skwBVKdatwLZ77lunuJXmpLGCusm4BPSIyD_UcWv4EtkmRpaFh y.uW9ojBw32Wc9QPRdZv12fLoS8H2lpNjMSBNTRKAR54v7qh0QgTvo3SnQ_.8BTjEDrWqJGWLmi5 UhofzDLX.8y3Z4YPJAdIx3DEEFUyrYUEZ_KmL79obET4i8w9N9dj4azF2nDcEFi4PkTyEPtfcfp7 Vm.om1pRXUk0mK2HNlHxpQLzVGtsU9EjkBv6_l7kOyxHMaeNNQ_CEB.rL.T4e1JW3Q2TQmwQ9foP q7LViFeSWVtKetMuwOSHF3fvc92g5LTjGZVye8ZkatdJjsMWVyUYOYxnriFr15ixlHih6mz5_nxg eZ4mSc0mg3JbQnZ.zSI7NEyJnDxXJWpHs0I.qq9Nd7kWyprDobNuekRN1e.R2T5Zz9Vf6RkQ2sVJ 8xt2_4DEAz2e7HSaJwc.QmC.LKxSI8b8egqFP.2EqDTS8qNqDwNH7.FV9s1j5rLx.0kBfSME_yhX MiYHDIuLCA8cqGfqq_lUsy0AoFUW3vGJn3BgHL940Qbj34TX_TzPDwfLuqiMIJV.Jf.VtGqr6lB8 Yy6NB1KmPEmENLOVT0Wcej0SnHlcFk54mP4sXg4Fop0SgGgVDM7advhAeudJUs8Cfxn_DcbU32_t gXuFsuO6SG.4Bkm8AEPz9Cp6jAASw3HpwytX4ehbLbXmsDX3ezr0OCJXhToeL9dPV2R8dousAcQv 8PItVbCEAnlPDc3z.ik7ibS5BSGa0GpKME_gTE5IHXlEV1joR9lCpZOK..VJoCgtu8fHNAkB1PaI mYXBoz1Ti2LucOydNuQvsPRippuiPdmy_D_3A_5uyvEjxBreij1BNm8fBsW5LdamKlauV.kdM2kt z6ozLtbnKew183IqbXwngzAQMBz3xBRnlKZrrmuUtbicNrRbW8Z5kmzkH0k92u6XK47D_n5gsJe9 RAWb4oe6LR_JJL3WUGPJYBAmQl7nrs8oIWeqsjHuDEB8HerJc41fXl46vLTiBhJ9xdsx3JD0T2jq nlpNOTimAZPCr3UEnaelz.0xI2INMsxmCSd8bD0HN6V7p1CaXYN2lgw.0iFT_eJ8edg9kl26RhYQ AxT81Fa6BjjGH66nGvRqwc8Fv9.gSo7zfas2ps2xUKue3CTK_Ets9JaPkDU9RGVkMAPyJqj7ngc6 Z3zK1uVZD._eYiZezqV2ikl5TPjyONNaihxmzwiL_1WwzcpH_Meyz.jAZXdnrTKlvHEekxCFGQTR PXfHM8N1jfTbazHFw564UICeOkQdbyQvjVphfjshQ6Wu8_oasPYUjRv7CXQCWbgj0pC7d7I3G.jA PMd7cDpr6L.94zgeknG0o_9wO7dY946e7MVDQFoa6GgJDfpymRTg8l0gA3DXH8FTnjkQkvBjywu. 6TBSaMJSsUcayuCd63e5XJyP7pxmU.Jc5LvYSRmCiHBnR926XxmKFVipyHPpoai.F.a2_jn4_.yy F4xhmn_Co7eDpqZdhL1NLSU6DKRGFSX2GWAySVlcY2lwgUMcQ54pKrCFgBSjLN2uvP4P6p7dLygZ igY5e0X2KjSVuCgKvu7cBD.VBroLYrcbjTCGNAvxEpjasdU4bQzBTqICyKnyMevlqEu3XkhRE_kW 4TpQ1j0sDlsV_MnMINCVcKkZzNuOlwYETJXwAs3D54aeByGdYCtLukuci_5zau8QHyRowU8CPmTR _ZLPHHNIGlhEUaAeU2ad.L6_IhRjGA8_3z3xhNufnSSTI6x6M22bM.stgqqEeyA8a78X7c0768Uu IQaTOgrYv5At6HBpviHZi8f8gTrDUi2x6LnXwlpCBCP9jJVOErfyxNZkZ9MVc7.uSnoh1bg3WNL3 EZi.6A1soydGG6yymLSK8mMCrXh8kGlEyZcqWJFmGnVj.W9PaeC2FVRq8hrg.w5j0zF_N._ZvtYi _o.WurloS61pjq_o6vdmjO7LLY6UGzHXlwbLd25rplzdHVMATqw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:20:30 +0000 Received: by kubenode566.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 884178ba24598ea363d74a2dc49a1ae8; Thu, 13 May 2021 20:20:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v26 11/25] LSM: Use lsmblob in security_inode_getsecid Date: Thu, 13 May 2021 13:07:53 -0700 Message-Id: <20210513200807.15910-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 60f4515b9181..64f898e5e854 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -454,7 +454,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1005,9 +1005,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index dd902b68433e..6684927f12fc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1962,13 +1962,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index a05841e1012b..5ee7629fd782 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -606,7 +606,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -619,8 +618,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index f3b985f76dab..54f4a4ead69f 100644 --- a/security/security.c +++ b/security/security.c @@ -1546,9 +1546,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu May 13 20:07:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F6EEC433ED for ; Thu, 13 May 2021 20:21:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6BD4B611CC for ; Thu, 13 May 2021 20:21:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232762AbhEMUWs (ORCPT ); Thu, 13 May 2021 16:22:48 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com ([66.163.190.38]:36170 "EHLO sonic307-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232555AbhEMUWr (ORCPT ); Thu, 13 May 2021 16:22:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937297; bh=0WWcwuwGjN8XC9PA6SxswcZEHx4sWKSep230V5PI4fc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FNvRNE1VUwtgVFrYGImHg96cGeOsdcGMOCK8gc1u+Aly3+bVUPCAyYnUZYUS9iEdAITxCUD1U3qR3D2RZIJxKeLMVqeSL+ppRhCGCJwGUJzE5v25cWHublKQ6weKxbbXxOlm6Txo5t42mFvgFIUNOqWcVomdmZOewx5gDviXPsYKzCU4zIPskh5Zwyw3tCegG5evxpMv0hXCfUuiyE4dMgKew71T0KUvoME9+gL3HXbIFXaoO9wx6AvjR+DXNcw7Wl4qg/pJ4AFwnsoG/pbjP/Hkn8hKBJqT2LvqpkCvtAVmbTu2M4O5QuRMK3GV1pF/9shd/w8qrFAKIcJRhWlKLw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937297; bh=uYHXWQUZ3oupDcT3yb+kqHjWYt7LPeJbIhqTUiGgl0N=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XnNeT3SBQ2e6fAXcr4sWC1pVyOmeSDr4MKaW/9OnKOWRCWnybkUW5z1mXjiSMg10RAnMuo6sJVmJQpWaLWGreyjiZLVZH0WXB5UsIPkuXKxwaytJkpzRSTdCRYzNMOQp7xKWFQiSIaOB1pNZ5u6YTF1LoMbo/Gy4XsXRix5ShDjH5+Zsx/93ARY0browm1wzq3XGXH8+h9UOUpPc3U0RUUk0D04nyG28vrSaQj0qMw2Ls5mTrjSPSKzvMPHhXSFNpG1e4ofUcxlPEHSvOiP88SkwGKeNZAkBgAtGo5rWi6suNEA5zQ6LVGKYP2NOEg5dBxcN18tVQY3LD5/EpYLuWg== X-YMail-OSG: pcZpkisVM1kdsNfxhV.fBkJQTCPcAVIf3tXzmrwSj7p7YddoIDXeZj4al3jOS_Z V_vAONui18HGqxUiuMtYn8llkAY6Egqq1CxLCvxkPKVzHw6lwvAVXIiIkzoD1XkfJrob4bVwdrUE wNGVuT6sPp9T907AYp2Wr0kcep8iOgWMyHZSleIvcVwR73M5DH4OFZmaA1QkgSupq1uAPaq.Wro7 YNH5D7_3611OzlhIUQ1UpM1Xs4_pQo_WL6eYk9VrziXelfXCJv97iKiqtfFfs._59byaI2Mgz.bx zQ7xCstY1RKj8zo0lPR5s2Ukt5oidzFaQzNbbij9H4Bi1i66DOIwKwOA2k1YkX766tPG1BR8DoJb p9Gmni0aDNet11.CTuQwxaqOmTS4PTSJlmtM1nnI1s23xU5zYZKIFAlPk80KUwvlUE2.n8b1s3xv n7GtfmPccKSs04lSF0OaEqKkqNEauK6eg9IFmlIL9Yipk8SoY5D.fhxL.nkH6mrn2ql8t1hPMyqa aZ3jGHrS1nhJQ1_TtkI9UUAAVLmAacWmTNf7y6OBd66ZuZP7HUK5wJu88RpA7bx7s9XVy7CzB8CY pckjBIX7xYxmCxC1Zo47sKPhSCDdPe9byqDKJ35DMMuNtP7E2Utw99qpjif7sSCs41sXm9CuhlOt 813YmIMAiPXoCoY04PmJCbAMTWS14FQGDiCcND.k40NSMpdfULaAZnLmN9MT5oqPah38CJbROR_W eLXTsgRtIcZEwgM3HZ62J26iH8TqG4e623PvcfUVheafcQhTBhWakFcFoULndGN.00UWpmDgpYxK 4JiJ6AsM8Y5qKBM2V1PBvPMZd6bVEJLNDYMXOJPCV5eiqgWid5InyIkuGAK770DMtG0SXsc6Pvts Ja0d6aBTvpTYmfOTlFAqCwHlL7waDfrVReYhOtXNgy.KEsRPMxEty6QksKtVx.UdtVik_YSUx6F. OWTfu_iHxBgitkb_PhvKW9Jkoecr4A0nKPOJNdvdulZvLgoSb4Kg3JCE4dARktuJe8zZ9wUXKqeW Q.dwBH9FL8UfTmCoWnxSl5RVPSnr5xBuRxSmKN3Lzxe_seqa5skMjxo6QNCgiLk6NFn05M6GFV4A I9Qv_GzB.Fpc_ibgDjKUSlBufZNhC6wG0h8CweORPcTNx8blMM4ooo9Z7iTIkoU0aBMrz6XHviNo xtOYRcFSbSxxgC1Z8mith_v3G0y_IkJYO5V8ETa5hYIPC37_VUZXWS5UMsRO07Ew.6T4JS4p80X5 Uip1Q_rOiDacX5F3kCR6ETMXtSAtKIGNVz2_GEDEYFI3VEgToSIwZ9KFaxttiv6opJKesb.L5I_P LoPPZiV97BG2c9ydMpQg_FiVjJYiqdbTQkVq1k3man2ZzDO8fLeNpXs7BFL1NazS.OqOVVZ3Kpfu AiD8cfwN4bhCb.wvxSphH5n_YVBzwjl53hfkr7UtmypyI5mamKBs8hlvKFwRZZ7HgUv5zCKPpdpv obxHk8Fa2_Fr.8Fm.VCO4TcHxfBMK3xe_oJC.RjndRdbkmjeAcVEH_OF5Wbxw1NYg3s1tsWAEFZn fl7R7QXGX03sV0Qrv03Cgzx6VEJp6vvjAvmwkHjG69pAFndeNnJVjYjN9Ei.rOnSiX5tXVjrTu5D j.LWNRXTugLGx1i87VGj6X1gyNbX962eEd7vjC.DQGM9fuwHqAlSmjKMXEqJmKxlRK4Urgf1BT6L 6EC5G6NgkHw63Ts4khhAfNc0EE0Ms1FBAPgrdvVAxbRbjVhuAwtyyrb.Ocmort4MtucpXbZjklmG SgWKv6ShXevXGfizLp_m_XQlDrUdXWdM75CHpdKKyZs3XfIOdFB9tLGa.2CvAoGCccvsdNDbStgl b2Iwuz2WBbh9DKxyeyfmudkrguBWbo3VJdPIcJYejabg0KZBuhexUE.xFizXddM8wJr7ghGbFlCx 3gtLMuIaZnKDUy9p3rQbhjS4U21Qsuxs4uDXdvJrOqw.mkeM0D5YjrOYbWwoFk0ojW52bxkL4Djg KzQBVguy8IEI9fD2cTvnuJHf26xu_jGobwAzQ4D4F7xSRov6E6bt.zXDTEf9_DYGIVzwjmPk2Q13 NX9scnkUSo3oM_w1sFTGacbKZ0mIZJ62ffyvW95kFKiyBpQF1EHXehyi3TY07NK9S4ukY7TJEi5x .7HEzrpbB.3p4MxflpCB9iWstqXw3YmInEa1.6xO9OZg5igw_Q_K3pyT0tBe8UedvhJWdMYb0.yK 0TKnIHT2YiZyBvSssvE8iGJbdkPM4l7.IdUpLwo1hMWsf_S1w7zjGX5WBfxWZYwMj.MMK9UHCfaI 3KebMcb_cQ70d7tmQnjVvv9katnUbplrpVJ4wvTfHpmkjjbB1Ew9.sgPTFEKQ5SI04wTdtUQ3j4Z UmUynfvGzFpQmKvrF_sjSZkUNbb4D3skK3NS6umNPotbY9am7AJPGzsrdTYb.5pyNsw5_uebBR50 PZ_wnu43mFaHanMZM6tR_dnu3wl4aMBK.hT1JmHiOgijDfHumLmGhRTbWmTy5IKAmpdi4vBwkmlC _acam4xnjwvLJiLtYeOcJ0wgMg.aKfFjavD4nc9kDGS31XYUJnLX158xhP2HlALXlhEgBNgvb12x 4pxWFgOCss2P53SbZ2ckX0RvaBmAakCKgVXfHSTMihM4ZcuWHDHM0rOAhOMHJHk0Y6ekF1wpF.9B gf7D48q0uFGktYenBuLAY2UL8HuDQ5ax6qCLEzZ2m3dW8dGnmjy8JCyVqwm1PPBEUNJkYjBrEY5r x4JV3f3oWMRDsWECWVZVezO6bMLhMzX00IxAOEZ_1tUoN._GQYFS_Xo5T._pXjVGVGquxXr6duP4 KW35XDipABjk4sg1hksfPhabZWbnUEcyUNBzdM3B5Vm5vMX3CmioTlr3kW3P_BO4RrsUOu4EYGWB xzAGjTvsJHW3A16R3EO5XHqJar.trF6NKLpA6Cor18b2s8tdaY7pRSiSDk92iUjYKbvw.2VyVb90 ckY5mdySnMEw1pikLiM.EU0Bapf.touQceV5ndQolBwcHMoTSlhDFAX2mvmYmJ.m6coLKkYnkuqw YfNZPEa.EuRCglnW2zVN16wkvyonVWESLWYZ2FusDgTN5SBFMVqISmKrlIDMF2QntGrS7iGZ5NCc lW2Iw4bn0FrozdWKtyHD3Jtq0mqfrTwVEh.WtVEAbWnuDuQPynOtPPRW0l_0ZRsJMFmKhrt7ojj. buJIGNNdJ53XY00_uQ6.T5AnfkqfbVQ9UhRJwUWScSule8lnbuQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:21:37 +0000 Received: by kubenode549.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d3f3576f9dc925e37a27218e0790434c; Thu, 13 May 2021 20:21:32 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v26 12/25] LSM: Use lsmblob in security_cred_getsecid Date: Thu, 13 May 2021 13:07:54 -0700 Message-Id: <20210513200807.15910-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 34 ++++++++++++------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 64f898e5e854..c1c31eb23859 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -481,7 +481,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d92c7b894183..8ec64e6e8bc0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid_subj(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 1522e100fd17..23a85a470121 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6684927f12fc..573c6a8e505f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -991,14 +991,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1007,9 +1007,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1580,7 +1579,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1589,7 +1588,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1765,7 +1764,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2319,6 +2318,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); struct lsmblob blob; + context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; @@ -2417,15 +2417,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2441,7 +2438,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2453,9 +2449,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2476,9 +2470,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9d1ed00eb349..b3e00340a97c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid_subj(current, &blob); @@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 54f4a4ead69f..f5407a85641e 100644 --- a/security/security.c +++ b/security/security.c @@ -1796,10 +1796,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu May 13 20:07:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08216C433ED for ; Thu, 13 May 2021 20:22:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C56CE61421 for ; Thu, 13 May 2021 20:22:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232712AbhEMUXu (ORCPT ); Thu, 13 May 2021 16:23:50 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:46324 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231343AbhEMUXu (ORCPT ); Thu, 13 May 2021 16:23:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937360; bh=vmPLppdW1T7Yboao5H0X3j8apQPb/Sk4zDvbIPEe/TI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Nzr94B0plmXhWvSHvVe6tsVpR/5A/eH7PLnXlZ4g0DuuYPd0Xs97ZDIb0CSjy6+nh8RZx4+co6lfv+aN0/qDeJ9vb81GaOdjIMtRBxYU7wdFJsHOTYzi5jUOSFRUv0p5lWaLgJlp1KXZ4qJ630cSmFoVgb6hkejktzKwl8HxcE1kiuZNBFyJsj08Zg5WLKveb1do7rIUoQQmDpLKPpazBD7mvkSftXPNH0+svbK5QamV0qpUKJa9F2Ud3rkI/WcPM1R9GCRQX/hktinOb4ax5YkgR3fbjYN8itkg6l8wtLWH7SkLyyvI98xDVR4bFY0RkGR7vReq3Br4YjCoOsJQzA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937360; bh=kKK7XGcid1ZQdSCKgsXOWu5Vd1av9IWciSS11b2SlZz=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=fV3IxsuofQLMo6PNZQaShF4jval0tM7D9xUOn5vNqo/7FPFVII/Ug781RY00VWfPe1nuwKKxqsXjREynB0m5DDCeHprrbh0gtukd+eXml8pA1HsRjMYshXTNgHYWS5Yhfpv2V0wCqw6j/x7PhwgqEfUw2U41oLqn/zrZVa00bQaU/h7YuVZnM192Z9O7VBDTzwceUQdUmldeSbZ+TQiGG/0DAVK8G2+FzLp+IK1/mK4F97ZZXJBnuQWwBWjXinhnSTfZIGepadX/7BjCNfakadVWe8x/h3A/raO1lp/hBVW0KV8skqUn69r86OGYmgOHCK+pilqrmd+Vx0AytaMZcg== X-YMail-OSG: RLwmkZgVM1l_rvF2S7Nc0QNJciDSv_f0lE8hFU15dfa6qegMeHf8bNoubERbEaB dymSJbA7F90t9.YBQF.7X.3Vx5zVMznNCdjdk5lw0Uh3LEd2_dIMiKEysNXLQ1DeHjDTjzIotcqV m0TrnoswqHl0TyqDcXpttwnyDVIjZZyDdFoLN8j7YWoylAIYQRisYKxTPCw5.VBo4bFLdHZqd6KR AbgcloWlQOA0n4LamA7KhTahLiHCLOnRFveAx7DI_nudShsXJQsIkY5D3xpsn0UbuWWKwW2QopHo 6kI5zqfe.MjSwbkAwsClDk33BLM64lnp9ws4N_7m_sRFG.LAw7RN0GMuPIgqAnSw7cM4TXgUupH_ HLg_I.9fJf9cDdzw3e5Ou8OY4TqVv_MsmNvnp.QYIzRDGtraeM67oTx4LHTCBasnCmJta5XqfPWJ SZtyRzHKe3rpW5.DeCX6bMe6wVMVDWKXWhO.c20Onfj.2f6h7l20yUIRzWOrgRmqDDpFRD_evtwj d4.X9YlNx.zDWsns01eoJ3BgwHcNNxIvvodW8A6S8AjtJ0.N6jlFOZirwDsqk8oEh0pE6f_zQcn0 IVja534ewDsKzuve6KA7XbqyE.qU3akk6YBfz1oyihB4joNVSCTFcrepTSNqrtdaU.s0QoOyEwck bk1_w1dwkZZrpBXi7U67EeesHWfU1a0CNuzqBeQ6wMbXwhl_5yeYP2Hq_Bgk6yNhuILhcseYA6Yj LvnEus9oXu009I1WqPkJ0FBW5XSQ6S.DuRFwSmS_36TmSeIBE3L1ALhtRxeIhy3xGW5mAcComr8i t.xe1gdyng1QofHu6F3S5Ui6KWmBo_8WyoR5uCtjfrHmpjLU37Pcy7fhZ_1goBj9dFu.STZmust. 6f4kHjNVvNu3trSPA0v3Jats5XXKB.qAUPuiPQcfgJb_ftQwdSBlPlMtmq6Zi.l3cibuOTi0U2lB rEoFPnxy4s4w3dtxY1mxvMbUnlZ5O75tXGx2T.2pUzHOBIpJiutvKoyWsdysYreMStIuO57KJmQp q2Qix5ynvomXwYrGUYtmc5U_zcvAVPAc4yh_A8m0Sq9hANRi2.61L5orBkCeX.PRRmPKbrVoto7S idrkVo0jS2zFhcpIAW.w6MFTWX3Es0NLZvHrOUn.tnxe6.3_d2lCVwsraEMPz_ZnsOSr4Ada42pU 8kDxCzDvArwKQGVNNJnTD_7UPEpV6RTQoBI2U.MNyEKsbx5X4wjkICVK7i14nt5o6FI75epgHrH8 8aI0sBVRiaSvbVj2C1euiVH8oI0Ln6iPBsIZ0PMgzR5T6hSdSQWuITV84ZVp09zrt8mbh3BC1uOb rnhslL.evXfjkxx67mTAygtPYTqZ7.kZiFoF5jr6bHHBVTGZs7aQBldInXJj8KJFiVIzR0MMKohP KejAZSi0mmJ1_8EixQentuj_K8c8e6olFA0hyCgw._jFBneJaLlh2fClA5je_auhcZI7x9FeQhgg KzkadtVdIAnoIeYagr7K7po7sVlllE3EtayM_65ylzU0OKNxxW3iVwetHftZPKk5_Z5gn0vJKdmM uOGJC4.aVWwZQWbvCR4j2Xou.s9cqvNuLF8AuLB8R.JQkYinetOOD_9ZodQ72jeeU4pySGCzhvHn asdvTQHkN0TVLClYTt8dzjMEMATxyKuDqrkzl2DXbF_5Ehfd4v9WZZeQYXDeiUqBEAaWIUdlNVeH jW5MG9IwjkkVrK_F.Kcxn0JJpejDdl3.uI6o95VD0jtRdkBKfMhii0Hh_iTwHSfM86094GWIuA.6 NB8LTWWHLJCylHXnQYlugSJYbKbDo5IpU8Sa462IT_B0.WC62yc3uYuoQbz27q.a12H6EeeeZzN6 rwzouiwX0X0gmEphEjICX7SZUCYnoQSwzyi2YXXZb3nUwe0eWHvWVBYuR2F.wb9pmtRLwBOpbp0I 1YtN5B_IpdZS8xyaXcczvKqLBahyOoeh_7AgAJ3KMNr4X0ud_Xf9fTxQLszWwOZu5esZS0AImCCB vSuF5PAEB1o0VQ5OcbJsUtkqCQN2nyCFdoW58QHMHFqWtLieklmP4QXIpo25h1HpEOOjcHGxMfui jdwpJyqOYg7a9Qe0LpYOqyvAdpGYodnQ_Hw9zC.6Oo6VFouIGKrgeuvhuLHKUsAJzSVhyuONDXa0 ECzaNlFT3baMGotQxmKkpmPkDiJCiMVMgYmxsEXJGrfWf2naPnYWS1LPj5XJNkAYS7cTQ4L2bvtV ckJEwljlI0QWxPBSV4wdxboBsTaYR4jMQFW0Xju9Y4JXV2V.HKp5JzTei3ZsNtWOdDChc0YI1lpu Kj_XVzeNoBdV4lCYXaMW8JyB0APRhKY6vZgXFoqzdoh7Ch8LPj20Bg_L2Q0epsJ.A8SeVSFkjZwb u4TNIAKPRYzrRcDZfFtcxhnJU2jdI2.FkzPU4PDQPVBhtRxmOF_lrzc6yRHTcG6LIup.16kSQVDb an0cZDfrs.DymTpC5MBhCZbqPVAHNdi5gtKYgWm7fgPfb5KUcv.0_J7xOTm_xx3g4S1tb2Oks7Mr 8CrEPh71jAf1bxCLIEGQB894M7x.QsT.32rdRukyIGW8a.T2eRxXi9.T5Ra25Oldoc6VM6982Ebi sde8mTcNXCO_5.dpj6vyZjg1N0BamzK9fM5YfNBYOVHz1LKWRJH4IRwBjNd8laiAC5OHRSgEcJyw .FDQWuY4KzenR5TJhOdH47Je5KvJdh6SKsHWtai1tVAubpAtxE_u3FoMtPaP5JMto86wd6vCDVIV ZiSbGGVSyhPKtCOMvWczHHMJWATaYYRh0tD1.noD4DVRoM10fgxRSFA99hLlFEoiTCfpo7Ldu.pf 2Z3HnkvvqcirLaNzvCvHra14XEwvHotapffPkbAAOsQWFa6fGbqeGvQAt54E4ug5_O46W.XiDc14 TbqIdB9J7i94K2MA6u8HKymmuGk3v8NOOWjEfGfDdVeHUoS56ycjZAUGFHhDtcmtDQE66Jhuog2W moMTQ2bfZ80L6YFI9Zj0DdGXYXwK4qrtH7r7_BrA5MwCNMd5sHwMTHg9aG.NErPfvTtwJ9P.V95I UwEhnUQZpbKrNxJZ1hmIgR2Gvu3zfrL3VwSi4eyo7AkC6TRnMs3ssSJq6b7OFr4vTQPkAKB2ORYt 0ivqdaXlJ1z6cnjKiuG4X3njK32lPyAFb4JyZOmCe45ZqxgOeYhHRBipAdwbfyffr4pD4erOSDmK azfv2Eb7kcvykiX28gxxaJqtf5eXC0foRfYXZPd_WyAPEJdyDFBCTieGK X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:22:40 +0000 Received: by kubenode563.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2c2e2ab30ddd755d1597eb2aefb2afac; Thu, 13 May 2021 20:22:37 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v26 13/25] IMA: Change internal interfaces to use lsmblobs Date: Thu, 13 May 2021 13:07:55 -0700 Message-Id: <20210513200807.15910-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 5 ++-- security/integrity/ima/ima_main.c | 36 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 ++++++------- 5 files changed, 31 insertions(+), 39 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 55f3bd4f0b01..a6b59fcaf62a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -251,7 +251,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data); @@ -282,8 +282,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d8e321cc6936..691f68d478f1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -185,7 +185,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data) @@ -194,7 +194,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index f8c7b593175f..b2af72289f00 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,10 +77,9 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid_subj(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + &blob, func, mask, IMA_APPRAISE | IMA_HASH, + NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b3e00340a97c..b63f73d43bd2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -434,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) inode = file_inode(vma->vm_file); /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -473,16 +472,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -500,8 +497,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -698,9 +694,8 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, - 0, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -742,9 +737,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -889,7 +883,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid_subj(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 5ee7629fd782..caacd8bf0462 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -546,7 +546,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -556,8 +556,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -626,8 +626,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; @@ -671,7 +670,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -686,8 +685,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data) { @@ -703,7 +702,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Thu May 13 20:07:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12256523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16BF9C433B4 for ; Thu, 13 May 2021 20:24:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C9D5561421 for ; Thu, 13 May 2021 20:24:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232841AbhEMU0F (ORCPT ); Thu, 13 May 2021 16:26:05 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:43345 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232821AbhEMU0F (ORCPT ); Thu, 13 May 2021 16:26:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937495; bh=HEKDnSOsr5dIFPnVk7iUYZ7liKQS915UhYcg8nARtyw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=BbalSgCDfzWDuDi+XRvAZUpAfv3sLjyOzEjJJErhw3ukiiAu0RactSC2FmsTUYp+TPz8xcE+tRxJwwyxdlJej1K4OaoygmSRBkApsJsufSCgI/yJWv/JhJ/22gxkULgPa/l78tjw5LcGccJATBeobXEEaHVE2tesaLFYCmRwDQv4pL74C1xOe3Z7+zFAMNrpJZ9Ti+B+XFD1abM0vPYmLbSGUPCW9ML/2PFy8K4ptNpPfbR0U5LNR6GgrAo5uoe7m0xHA223Va1Y1vbY9s47+dFqVGuxJ6lH5Svx333y4olc4hemBkmH3kpQnOZlyQAkCHjisdIjBrTnFqvW9FxCrw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620937495; bh=eiHrSYKSvQAlxtj3mb09JmCS2y6EawkaHusS8IiyEfa=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SOGiOCMpM2fb5y7kPkFkY3n7XWLLHZF1uRmktDhFGhIn4TxeD78uooRF1ZwijJBfvasXmUbzlPP/mAQ3/R49KR9fgpWl6I/YBA3AmongFAxLe67KcKXPM9hRgmgfp/pBrNX3axxHSvSUpUsfSzr3AtfkyIHBMQgyi0ExPueVmV6uRLSRJCzEKJkzJxvPy+mHQ8cMog0oTPmV5VvwZL5BnD/2Byce1zF87DzSv4kMc/WvcB1vljMskzaUCRhK7SXYZhFvtSdXASLZo/UB0Mj4NnHUw99g3mHt7iAh9rOJkqeGtDVkzZWmaVAqWiGsjjuuHuVFEJG5gEr+CZ1bvPh+NA== X-YMail-OSG: L4ONLuQVM1m0RYOa9Ivx6NQT29rx48s4hQWIAEFkL99wnhI9ZrZv9jkwSPzJC28 s_Ey1OxBFVtg8POVVFHwBjOkHwSBbTzp4gvPCWOUjwHm9DO5FcvRMw6gzmTt7nH8Bu8.GkMJNbV0 aRg3XeeIez6HjryjQk0oF9OpgMAjihQCC1_MqvmiQaoCYpHeg5ICO0dYXGvn41KhwIE4UqjZIwWw TSDy9ugmXt1epRhGBMP6L77U1RgMP7_3QfHUOmEg6sEgomIqs0Q.nI64R.OX9Pm2fRHU8np0XVC7 jGjJEo4CbjWECl14TCwBozmc28R3eZtaNU4G9BdVV3W6lXakX2wXeceCCVcXVnYf2J9W4tbdGCT9 oRD4tl3MOb2EfahORhQ1WDmMVTkA4EUt9ZCCc1xBn4MAy2cUscFL13dtCGteQNWayHEpLYN3se_U zPaCiDG198lLMddQ5WUDTaU2qjVDqHGNLFwqFmlC6H93r7ESZnpyAMJzJp.3Eedkn.dLv9tLzK9M Dbr.LlcWdQ0BYoP2ZKjCspWhuncXeehkbft83V88ZN4TYnBauG8o2XyKiMElYyySErvrEzBtQdsI gfrz5f_WEFRjZ8OLXouej8cufteaKh5fmG_gEQVyKlWpe.DqldiDOOAd1nbJbACwyiCeoOGCLaar eLlzTzf8mSUwd7TQ653oJA90ZALvF69le3pAa.E3k7bVlS.FYgme2ZGoanszDRIa1h9znu5qqW6C 2xXeuRgVXSH4BFxITWvgvLk4cw2xAMYHNzWWAJspxHPdctrvwHnBh0M4o3rM3z6nF4bSRZsaiCZQ sE.bvcyGXN3BQDdO2C4v9LOLmq7lwQ4WFxs4GN1pbI_mQvgidjw1ve9_slM_Gl54L2LcsqlENoy_ bbmh_rlrAkwocr0IjJWzioy4WBCLfSFI3Jfev427EUVHYjihuGwe6oX.XTBDTYv7pgdrd_4yG8zI WqYP29vQhjjXn51EN7FeNzPv.qd_dV3m9o.7ZhA4ygUCJ9t4_Yy8nNIHuIp7Utu0Nu2GhxnsXh1K OuTouabohdVFqs2hcOp.GzN.Z31GJfL82mMR_jr5n6RLp7j55T.0WdarMgv7EPUy.u.O7tHaPI9R AFd7o4XXxQA2.iMN59YRhK3Bpvaa_ZOVT1UOeMOnjEBHPU_.RtzEAPpB7eZa1lbNI2onAcFR0QzO OZp3xmEUWV0rzemNJScfp85UkZhMFq3.hlGuIgWZTpLADwGY4UteNCmJFnsUEaWYErCgRVFAul.9 TAhZfIsNl.l.TgX30zVP7BjTAikQ535bGRQahyyjMZ2bRhFbch85KLFJEPRsnlOf.WPn1bLrXtnH FIGi2z8UUfPqhY8bOJLx6w5soG17S_XeZ2ETkDbouV6XY0evfYIpKGbHyx06nCnA8ycU5yYVtj8B WdyTReJIMh9w9qdJR5qO4fR.spO1mWk12NciwQsgXL_EaJDxcyjTSzq08w_Lu_3OymFeVKMujKGY M6ud6gA5cSK0fCnQXrX_foI5Sm2WSixnH0eL5G61wFZb1CFOilbTy94MTyJf3f0.MJLVIQ0u1RDD SzlJpnp1qsOqTBZUhmWkybTCKy9CKl0rq3ISr5SLw9PDWusx7UPv5xPpVtSSilRqom8wYsFFg0BV J35upPK7PXYDmq2Z488kpuzIk6a8E6XMDFvHn8Inb6ummvj5w5RAunOiwEQBPfphhTBrxVopCsWc o6oDkgBqYvnr1XLh79ub5yv6IESoFd8Prdvd0RUJIzScJ0KDP1h_QNqjf4y67s50hY1v2hsrfj3q 8omY5XvoYxQffV0QPrwoT.Wu6v2qxUo_msak777AI9xVMLZtkN1MBGpJRRvDOW.Y8YvQRPqFcoGk WQeKMgZzyD8HpUD6DC4U5RE.qbGCs3rudKDUDfz46UNf1i_q6eW_fM0Qe_iqXi74hKiIxHL9dax9 ySUQis8gvd8XaaiPxZSNjQMOUydcg5td2m3GUp9I94o_JleldVIOhv1QQDGvPnI1ck35y91Y2Bf7 vBEeEU5N9YXBDRS.a9Ioi426tY4kRMMdhLqlaGdypcH2BQyyLkxzRO2GEtpRiN.pSXdeYJklQVk9 uHk2BBcHja_WaoIG0lV7eaaRDtNqLTEMvFxUyGt.1BVWXjdOudNQjllwwHhd6kZ5UaVuicer7cyy JcrK_55cWprb7ofgNz1s2GFmVVPK_guMuz4dbsBDHGs5ABcmBriwRTRLfbya3q7SwvCCkKCgGdN8 lsjicmux_sLNIOBnYdea36aL6VDR2_Cb04PpVjMZMNYfBGzkfUVHvyyP_xyfQAsDRejwb_RllauX IOLrwCwB_7JZFBVUTJpB9cmYnqyVdFEl5hmwW3vznkDcPDKiEIlCp8Agg0YCv.rU1OFPvjaOf4dW e4rtVKUMa3eLp8CrItbMAgkDlYgRwPSDKcU4Ln6BUGJXgnmBdO6Dac2.DmAei.ACkxwP_NbbsYrp UMGO50Qs5QQqUEA6zjtYayRMen2UExy_gTEYYB3wVn.T.IZEoZB3iVH_JJkQ.HBdyGCEWMyWBd2W XCNfs2S3LxQz74zO0I7JHW9fLihKPa.KnJ_Ac703vglLCmE623cAE1y4xVASKQLWNei3nBVFi24d E2dXzEMW_r69xdad6F7nH7WgvYqGgLwE45lqa3vNwG6K3xE0qhTcq3aGj37tAIx7oc6e6S8SfLbz OoHhnLRwAPoSClFIZCcypGCzpD0fhN32wCnRiOjo3_SaPbzcTi6eXrX0UyVAQvEZcWMQght6YzBU EO_3tmVNMOSqOA1g56FLs_MEw7iyzePTTCmaMRRWNxcDZVDeL6hfDgnx2T7XophrfW7CWr2wDVgw H9Y9uZZbGJZ.II0.ccRg7mniiJqTwBXLfSUApHt0KPu3rrtfRzM.XKYXpZZzDqi8gJhk8R_rZaQq NzGE4IP.MKb1dbfaYjTh4WNz63hvoFeezJRfcvvtoPfk_UFBvdt_M1o.KbadjyaFFD4dRbgbA2yX NKLnLqOeSMyIiNlt1R2ziMymwVcnzzjTEP5Y6ky_WhwerNXCt2VTB8S6nrbxWG9zKqbludyMliCI tDfAai2wlHwLfCo4aJ1d7CbHYOTKS3QEkNYJxvB_fVXkIsyyNWtuf_KNvxw0ataKxYx8EDe5wQgn lBlpUq2Iu1GQCm86XjQvNdk72e1qJ6tkvgk0eXC6jnfoKv9QCUhCV2QX6FWDc1Xzhzc_cDuc6.oA iuHI4WOK37BaUuQH_2LE1loKanSKauG7Evm_jVM.E1Pd3shvZqI3TDLyGl3jSZI1_HJIJGsMD0WS J8x61kAoJj6eOeYq6UPslIFIvF2tHfb3N0dkvYrpkKJKMzbYyNAG4mNgvjSHTwQK2GpHSyVl4OiK 5IfWIzE33k8tCa1.ixJrCYh_aS.4D.45oDKGpfjDIRwOPwTctFNRcvDtmjRLx4FeRHGOODEbaNEt ErXZrcOSBRJorj4e5WuYVGcz.INaE866xYkmccXwPxmmVu6KHWtXDwUZEagxZq9hEkRn.FoY2Rs3 ikuvvBw3K X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 May 2021 20:24:55 +0000 Received: by kubenode512.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5f07466c1e228d479742e3c8b2251e2f; Thu, 13 May 2021 20:24:52 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v26 15/25] LSM: Ensure the correct LSM context releaser Date: Thu, 13 May 2021 13:07:57 -0700 Message-Id: <20210513200807.15910-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210513200807.15910-1-casey@schaufler-ca.com> References: <20210513200807.15910-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org Acked-by: Paul Moore --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index ab55358f868b..eca789340ef6 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2461,6 +2461,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2772,7 +2773,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3114,8 +3116,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 1242db8d3444..b867089e1aa4 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1356,12 +1356,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 87d04f2c9385..a179d70eeb7e 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -136,8 +136,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 7abeccb975b2..089ec4b61ef1 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index c1c31eb23859..3b2ffef65b05 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -133,6 +133,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -550,7 +581,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1414,7 +1445,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 8ec64e6e8bc0..c17ec23158c4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 573c6a8e505f..3fb9d3639123 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -996,6 +996,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1013,7 +1014,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1226,6 +1228,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1259,7 +1262,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1408,6 +1412,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1416,7 +1421,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index caf3ecb5a66b..914ab6a96573 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,6 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -359,7 +360,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index b02afa0a1516..b039445f3efc 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index bdbb0b60bf7b..06b7751c7668 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index b08442582874..8ca1e2b33dcf 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 1ce125c01782..f6a33bf2a7fc 100644 --- a/security/security.c +++ b/security/security.c @@ -2359,16 +2359,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);