From patchwork Thu Jul 22 00:47:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392615 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A0DEC6377A for ; Thu, 22 Jul 2021 00:53:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D92EE6124B for ; Thu, 22 Jul 2021 00:53:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229984AbhGVANB (ORCPT ); Wed, 21 Jul 2021 20:13:01 -0400 Received: from sonic309-28.consmr.mail.ne1.yahoo.com ([66.163.184.154]:46181 "EHLO sonic309-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229692AbhGVANA (ORCPT ); Wed, 21 Jul 2021 20:13:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915216; bh=hDC9m3+/bDdSFD5OWPdwTetGf+O7t4ZTveDKcehK4qQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=iMY8G64zxJ3cJaqNxYrRpSkl0Xd6b4ZuVSFWAd29pF6enB+rrUCU2i9MkLGE0rSa9F9hhAgz43rYQ/Z1insw53v7m+OhDG3nnjgvlRjmGAlIfV77ai9Virq/U8jNUO6E4eWDvMtFLfhvSTQm9TasJxcl/oLBgJ+4nsw4ST87d6W96RrLC/rtcsJzqcBXD71pXT0h4jcpmp7wYYuTXgvQc1EdmjI5RvoXOkmRFlKEygQKnOKU7sTy2wXwrlDPjs3895Uz2DZfgeVTPvuUyEZVEOg3r6oe9q9o10ZX14XNxbqbr3gU+YNY1pfSQ+zpQOOYmbcGWkoBNyBHGe3dcbkvDg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915216; bh=pryNqsAvW+3CpkEpycFXY/oNVeys5llqtEDlxiNJ4Cg=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=NaJ5l5lVUn+C7PRzyB4QKUL2fRXGCduSQSHt91jhXs5c/tGo+vtJ6gyW7SkFBW8UeBbmzXYWcneFNr+jWCsuRBf+bkjqVX7WrKw/b39B7WLZppUBGrSoUjRE35jlgd2aAjJX/T+3YVpvW22l+u0+iru2KmJdTNM1quIX6gEfyND6/xeo5/gm6xFFIXxVTtZZMVONkHLM1EQxDtEOGx9+2X1mkuIVuAcco92v8XVSYXNql9fvEvTTyP3KKoKjLzeFxAxj9H5lb8nX0bcyLg+FVUX9rcRyusUq/66ei05huSrc0JxsnGMemhwUyK7Hp5FC0FBizwNeRLNxKnhmaT5GbQ== X-YMail-OSG: UCsr1fwVM1kJSEPk.NiKp8r9Jqw_zaPmtqYhAlj0.GszLkoKEry0aEBb6DVaqQ5 4AqDe_QP4b7S74vuc4JgJMXsXIvPXYHQ_JVF8UXkNo3GuqBdght35UxGzQjEERMtxaRItHNASpKK IR4GJJoB6b4pC0GG6VrDqGnol9N6XepulsC9MxkrIYF1QUHA32Mk9DnHAHglvmcI.qRuNvL1czsK 3SGwMeeG3etUTv0I1B.FyVtLUxQqGeo.HM2UrmkndyaCv50H2_roHvXt2O2TlawR8CZ45jB5SI_r YZs.SreZZkUO.BEuxQ5fPNiNlLGx3kbNRg2EwFcb0Yv1k0jAuj8CVlw9kPFpH7eTf9.8QKV7jb6y lLvIJSrnxn.fCEyMJGVZ1L3PRmpcYaB0ZabNL7IhJKRARKxUnJQSiAkPavc6Mj3Bpzr7neDHPCPC UApg1_kcJ2B5QQSwGnFLzncSzASIcgJKb8.ZBEYkPU_c_sCCDpWQiJT5ggt9wgW0JV6AxANUCBWn .S0kuU.Tp1eQXJCqnQGzPHz9B98pEFSTZozEAP8jgR6Gpjz81DR5.RmB2ysvSadnxFnGkS7k3Wx7 ze1BYC3wZmGmMBveKfOcrkFwVxV9qtdAfpODiVZwKbftUC7UQh8xA9776SF3_cKFXGuJPWMsZfCR 7YSecooI5r6LA7sVtoKf9tJzvDUfBWsp1v6Zq6CnhNuhZ7YmyqxTd8NKn_7sbEbvtOipdyVopgG9 DAFtqgOZctbnQlYNUh2Z2T.o6Oqa0LDgHO__fOo4RFhT4c5zqkw6ixLyu29JLnXN5lgc5GhsIj0C UqLFESRmYSJ88RNe3ylYWVtiWIWn_hwWNrfdiVjbDLBN_HJVDNnjCuExdhHruOLykwsCeiiGIm1u aHYK_w7DiI.B1hkw3uiU_sY_5bgmlktAc1bZoKPwM..1a0kObhAhLI0pgs8XjOo0fGisx_zpgQjz fvTEkk.EcJrd0dPe01YogP4j1B40kMoDfve8OOljr3j9ULhTtgPLZx1oIxgdnSMEANFViHfs5501 0sD0cyi8gIbY56MlwSRG7uso2DpTK6bn6OI8exnwUZU2BYwvpCtzBh7zUtyd3LhohZbXytqfdHVr BL7ns5UX8LdT7xGClPeYxOSEzfMjrdoFgE3p_xYdnCHpk1LWMBUvtQBF0zgrhhYWBUEXj.dADlcw RrXscVZ9DVv_soaH9NE8UkOah5GVm7VR09ivS0ipxyKzKaS_uwIEtO7OeGAJjuo_B0MwJX6Yi.NB K4qoBQ4x9t9jT7gOmWiVArpGYybwVwyef2X40W_q3EBaKQiQDWlr4EA6Uabp2.8FSK2rC4QUSTqN IITtfVyv7b0V8e0xI_DxalNa7SYMBeqfPBuA.MFsze9nE2bygKqOVAH5VMfMGUqOc3Qh8HCoKqor U_7xzDNvmkskdDVA5BsDgtNmjCvwCp0h4t1lJp_XPuZlO4sjJ8HupQ8FWuY2rHcpnnYWtIu7aEpR vvxH0tpWPJX86hXVU2_ADP864SS2H77eh69K52vO9EY5YQr1RQ_jTF1QxuIN5Z2OLT2hmW8s6ikt 3L0ATq7Kt8_hF0TTcVkG_Fs1wlwNrjWQDcQvjZJaeQqJ99Km.5iuPNrGp.72pXDjAjlHdnUoZKg3 U.Jbb11rjyqEW3o_QWhstIMqoI_qGU8xzSusS2td1ygX9F13lRAZrGYAopO7Qd3RHF_6q0FbF_JN IOBTqeDsGj6Tza1YBLWC39Q0Oc8Btyq0lQY8GEtHgyhMncem8fHCv02LB9I5k.V0B9fKEcxeJQh_ V2pjvfcZQumrea6JYE651jQJem74Jjz9V7f2cBOfNkFh687Qv6drCFc8WB.2wrDRFp1fzwu3bHCG tVqW3zUCYkWo0jH4b_23d1cnMj9i.w4ItrEkRkIJc4d3TS1FBZMVbrMijOVFwNVyiJ81pxyNs3dI lr2i3Sy2yMHiZxoyi3aWry7i_2MEKBuD8CAjidxOjz_q0Ow2akf2SQxafyGGEje.pJ7GkmtwyQGY Lzze8KUZQN5NbgtemUbFPWf6MIIhj.knZLzcdb7zFEal867O_m0kEwgPiOSwxCYGrb1z.3dJgNcx uaK_kR7gGntCqHSXAZfbuFwK4ix3nWJp32DS96JcYTsiSzgPAr5nubfgT3Foq5LSyKzYnM4r2uSD .atWD0UwvdV6GO7SSIZ5GKAtRkWHItfNj2QnfXu6bwji5zxf8p941PPXHjkDLDHiunCLavc5IPaf trr0H8sUSLHtulUZBRiehpj.tkEe.zSmkvk4mPOexOb6qqaXQ9xzXk_5CE2buAJIbiRSWE7C1Yit g6nxmnw3CAdnnGDkv05FwgTShJLSqtmaoT_vEgto568HZQWZalY80IkAs49n92gGyMAZnlwofI22 YGOWE54awkW6hlc42RPi2Rzxl1WXftJ3Bp9ywxvtLLZKMp3WL7z4sWN3Erfd7as5ABMAZj1rH1LI qI4RxEatfFwnzWx3RCbaitfh2juMoxea3CbtUPLXLrmI6kCUYrvUwvHA9enPaddmZft86OoYqIWU ZlA2XW7NBO.s4JC1Ujmo9hiVNy.yQbWDk7plBdzlgzJkuPJ1M9v0PQYahVA0RmBIStUGQpytqfPL vBszgeRJCLq0utUsS.HL_QZEkm54f09wBRhX6cww3ZmwoLHS9xey_samFcwHwpvrg9lZAqpns3fZ CLvLV0X3Ce5J.dg.3sepLW5_TVAWCnfcdHlEss_2irKzO_HatICWX2uZAcQEuASiD32jgdcAZ5D2 Rs.d0qHnRI9A9N.V6yJN9UpZ0AQmu.kGyTtpUnmg8chGZ0jeHAROfk3XzOmffOdvwQD.NMp1ah_z KPt1.livkAoQs3ggzMZ2wBQ6DtdSMdDq1XHQqxkncF6SHw31fLPmtRpMhO2cv3.alNUQN9mFPme6 4M9zDLqMWS29Io1uAAD38SXHQVIL5v98HT5Ck2St37SLZVevgsiMzMF5vo.ckpH93FkvRLsy72Y3 Ou9ZaLoTuqRLpFZ1Pw1ejfENaOa6Ijr47XZ8Pq7doegroc9y2lc9PFqHG_XCdfAcgKvvHEw6O9wx mwzt74lOz_sBYOz4T6wigU9eDaOy7PQG03vsUy1pgaJyTtDmTvMXFDRixiQWWU9BXsSAF2CTb9nM VXuNzM2S6WlZ7xqVJNklTywVuUWvsV9hzoyteg8qhSkCCbulnwpzD2ql8Ku9DWngL7mfevA1bMg- - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 00:53:36 +0000 Received: by kubenode510.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 536d6598ee7cb958c41c6a3a8259eabe; Thu, 22 Jul 2021 00:53:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v28 05/25] LSM: Use lsmblob in security_audit_rule_match Date: Wed, 21 Jul 2021 17:47:38 -0700 Message-Id: <20210722004758.12371-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 34 insertions(+), 16 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b641b5b96860..8290f6263b6d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1944,7 +1944,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1960,8 +1961,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a2340e81cfa7..6a04d762d272 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1362,8 +1363,9 @@ int audit_filter(int msgtype, unsigned int listtype) if (f->lsm_isset) { security_task_getsecid_subj(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index acbd896f54a5..447614b7a50b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -478,6 +478,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -676,8 +677,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid_subj(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,15 +693,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f0e448ed1f9f..55f3bd4f0b01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -433,8 +433,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 008a043335d4..af612a42eebe 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -609,6 +609,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -621,14 +622,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; diff --git a/security/security.c b/security/security.c index 3da6cb8f9d76..3c035faa2c37 100644 --- a/security/security.c +++ b/security/security.c @@ -2671,11 +2671,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2683,7 +2686,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Thu Jul 22 00:47:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392649 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3340C6377D for ; Thu, 22 Jul 2021 00:59:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A2D0F61248 for ; Thu, 22 Jul 2021 00:59:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230015AbhGVASn (ORCPT ); Wed, 21 Jul 2021 20:18:43 -0400 Received: from sonic309-28.consmr.mail.ne1.yahoo.com ([66.163.184.154]:37871 "EHLO sonic309-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229818AbhGVASn (ORCPT ); Wed, 21 Jul 2021 20:18:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915556; bh=x/G2+bynwaZNbQiuFoGGKAMFr1MM69h3zsoWrVOqtwg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=hekTGw5xpp346HKtAQQhdggdvzH033Cd35BsyGOGSJd3M/stzZDvsb2LtR+vbi7sy5H/qH0mQnU3iHJa6WjpN8kqIRwXVlNDH94/dBUF2gUAnBqW82XFBRRGtVWvgYCNEo4/PjY8HPmeQiRHcXtp6J5uiJmYVzS7f5XatU19NSbHvyFeLondt9nJTqlsOYGNF310jAKxYz1cdZXXGl5HsiUWvkJgmI9egRJ0c7XEpTJl9ja0yvf4vA7S0eShkhcDZPnXfxLq+qpdFPXL7sgoIjBbfsQOPmlvRhd9tG4KX0TzBQtp6m4y0cqFwSvPQCYJUA5Unck8BELvtd6VWYdFSw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915556; bh=gB+jCEF73i/QBH09UYV2mz7K4WNSOcfQv6YegsdefZ3=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=oYgFhfj+zV7Ym5CtuSBhcyGlInKXvnJinAyyProhTvCiFWC4KN+6Q82ja/zCu9WybrY9ym3yNjQfofF12xOj3xWQLeA861ZeSgIpJP4vKtCbCzI9ayxPUHse/w7JzlxzZWVqt2TTQYa0JU7PKv0MR05V7ECwO5pRque5Ro8Al6lKRlk2Gb4ZvOajDM6ZdOQQko18LU1nYMe2soblWLsEpByUAy3N0FM+ILJYC6SiBWHzAEwO69HRS2mf7ucL2sxkV++GFUCIoZ1E2C9rS0S2OHZc8xtZHE8FKdvNaGRuBZpYLkGyeTXKGlMfzCqIrSY5Hcite3gBz7dwoLfBq27O8g== X-YMail-OSG: nrGxb5AVM1ng3i.Q0J2OotrpuuotXfeeOthIL0L8fWYEPZcJ0extZRkRgSFArJv 7dmV4qezzOiTK.dxwLQXhhl_9eaVG9oavcDNSuPxj2TFxFbcCjVOW6W2US2TSAZ90swQbRSBvZOA hE97RSnP1cLUd9XFoeDiL8mXGCXvu16rqwS.LD46Yn.jzA6xOBlwm2o1_4_MBvniOpoCeiQc.NRQ bKPJRqMsNa_WsKH5yc2eb4irRm4GF4uR557lyc1E5gzfvx68lP9Gx3kg6FTj_hebGTyjzJO2PedH ciioKsfX.9Y9bhnbpDOpYQ__YVIMizxV6NfqS1NKur8QtJNoncbmPmepnIni6snWSBwdrhT5Ca9k oGl23aKZYvlw8gtQyfY4g_LvZe5CEoo8z6UABfIGRGOGM3g57fm0V0uwFCmiNHhoy8npBrXkTdVH 2Mz.C0FJX4dDHq6kSVPsj9WfS.qkjTVimEuJauk9qfOISgN7DyeX7C.6EmtZ.xuaOzJQj3lKQvvl XoCh6ULAi7cRztHbu8Ol4bAXBmN30aUWotSSsUMsEqoohy3VuU0ixQGn6.CKfmsumWqrNgeBySlw xFAdQOOxkTgnrToMKZf8PYrLRzK9JS6FWgYYHdGyaYt3U4XpFrGQCK3k.FhQPlRd_gopf5UWhnfE PNc1LITJcj.CVoQWtfvo5AJaSmRLX8ocFiY1LiPKz7h8PcC9GTkF4sB3U2WWoYUpWdY3Z5Y9ep.F 5DOe_cbrixGaeH9YAbf50euVBIjvTjOmwt1ugkbiNz6R6SOjN_IKms.GMaIz0hLb60o2bTWmqG0u sdIaOd37nHvpFRlMgxxxIHtQMzEWGalR_nRDgJYPZybxA6rN1B2tst3mvQwkH2DpuJaprdlIOF8b LxUSuOmsp13VBWT5k4wPAZ7J5k2cVYt2ZDsXS9NCCH0MVDQu1RKsJbhOkQW0.5gGm__dnIZcmqiE Dr.XbQ33KTvy_Uryog9bAzohcLtlVvW_1xnUtbvFj3ny9kM9ZB0.s84zpokbgQeXnObHY_AfC_Bq nXNcnVJkN5lPUZM95oJ2dSViIgrlO8DrM4MHg.T3oBJrzgy0dYDs0iOMP82B0zc3oMcSfH1wbuUm IznDAL7CxKyVGmTgYfIIUgoj28dsTmzpvUs6orl315HAuCSwagueeToWeILAw1AeC_vwKhu0TBAh YjjjSf5S115D9IIoO29f1BNVrrP19atn5xFmab6zXSLnw4XOE.gw2Hpt4YvTAcMbwdL_idQ5uyhD VKd_chOFW3lOy4NRFc1GoJVIwiVE9abeFBk8xQOjIofghuk6KvhKehu0s068lglpfAuhXDhpYqCH 1k_yus.enAz.3FREse2lgKUwjIt6qphGPuQOMrzb6wKSwgN0EqVLdTI.uW.zTUoP3mYBRwS7U6EY R3fye1IlYUV5JKnHG6V4Q08tcmpK2.eELrlY7gbM_5wcih0.MvmFpsFQptWvNvvoUzycuBlWBxDd dSTPozR5JxtqphvoxSP3NizLINDVxN.yejytyI.HUdhsMuAshonXyDQvEXV6rKp_xDwrDDYWx7v0 .cxUma7WYDkjweJYoXpOlRRc8EuyNCFpTgULVCW5uz6KUkC.4YYxqzZMYd4tqSBzQq2TQuEy_WQ5 VQk6xFyQdJRHBknCbyGo9XgXdAumvHck6v9nfhKMvDQ38BAsu0wD4dyvGEp94MjgOFI24RH2bYV6 gG8N1dPMRJYMBLM.rzwjfBRCCk3K3hyXXiykTpgwyuLEg006MTPPsgnTAHVcQ_xnXyLDFm.zZKBB uDz0ivc4sE2UfAhAFvi6lHalN._tSNhcpJNLpfP1._btfEwjH_GbM_qZrhg_7yeap4GjTOs1Gky1 uRpGKyQR7psryHrTv_WPD_y5POHSWsdW7o75cbdFg0riORYZ8DveucbcvRtDnfJSmuHUsEZOu5C8 PRrRvBjgsbMvYWUqjP_D1q0chjsjqsLuy5lXuNzpZAuD38.cZAXMhNekzC2baXErbZBHvkbNafAh gZlnKr.LJZNaXPMmVdaGYvgo.UOYvab19.ew9OHkrn3AdQ0eAYSKoLGqQdoBPZRcho8bYchMuG4j L50_KaZ3Dl4H7_LzvgSPTqvVuSJm9PQkT0zQvS9uT7BEmkAq_EzhFrxhDXh._8YN3xlnoteSoFIF g5s7wgu5NT7SskvfZexWkPimaXQX5mZlxJLq7aO5DKy9fH4ROq7w0BA.jIc7.6yze7fT5UnupDbm S7Jr5XCPIal_42ucm6vTFXc5Ik6_hs5skN4.Q16VpuYV4l4ALGMRcnsUVedNmexQJjixt162sjsB giL8mC.oR8og1dC8U4xi6GXJ_D8TjAbqo2R8jsF0_sGhDkYGrtctcZCd1ATyIKjP77xRK6HO1tAy catNwyjHgAlPEloyzQWofUXPnWTdWgdO7f6AJJJXDhZzpoXA2kjNwPAXqRLOWAvSZganJw3HopnO nrvJGPgzo85CrCd7TdWdZ039J3YXN7chqeWE64FSM774jxdcVED6Xoi2XmyN5rEWHDq_VZiyAa6N SdeAhYfUXGVdXxk493ENWcIC2FojrPvIA99oUfdzik.4ls25jUKVQtD1emMd26MS85bcQhXBPfPU N47XnswFEzDnY7siqe4mqKM43KpstwGoq9F6b3w0NOmTZ2CcidtefaUR294QO5_N9v7s7fRfi5Xi PswjCXBrlytN8iVmI9hURmkYtWWDARNEelg3OeTI9N.rc8HVw.wO53I_WMNMHHNwCUYyYrkXHYzd oHB.JXt0CvF1DM3LJtWO4z4dBKX2lx9Ug7f9k_1AlTDHIb5OX1IS.FurvLW61GQpvEArKgSfxQRr y4.jQNcfZ9DyFqMs1QGY5FlHkqvkdfLHqL9CyHRbucgsa7zyhLWIYD4f3AvQjX9DE0W7Y.Gxg1MU 9erbFQvMHfWC0jrVIWFFnznM4FnEPqMHzuNCG.5xLr69McQ33O9gRM0iykp4UzLmxzB2Oa9CANPN vD1tbGsFu6Ksy5II5PW_6THk.32KoZRXtrsb58fPWq8NrqGjOsXs6S_z6L6eLFozouovN9_cHuTi 9xLDsLMUU1DRqYPGaVcwQG6xDR8yMfkevqt0WHfoa6OJzXbCkMjmch1cZfqeEMJLG001OrUibhwO qV52cEkJWfF05Bkk5s5LMCo9I71Xf2hBPbjnIvfishQhDQbwAOMD6eiggaG0lccrkqsGBRVLdqKW uNxrMyTEwOxMUz.G5GXxeOUZjeyuRXsOLO.pYPA3XZq8iJks8IOwaO9LH8G7VX7OPlxgi1QDwk.t cxcnFDiQiYEF3UXwEnfxVT6a8Zo4- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 00:59:16 +0000 Received: by kubenode550.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 46534b0f2c1d69a6991f77e198249904; Thu, 22 Jul 2021 00:59:10 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v28 10/25] LSM: Use lsmblob in security_task_getsecid Date: Wed, 21 Jul 2021 17:47:43 -0700 Message-Id: <20210722004758.12371-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 14 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 94 insertions(+), 79 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 3e97a6de5e80..96dd728809ef 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2710,7 +2710,6 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; @@ -2723,16 +2722,7 @@ static void binder_transaction(struct binder_proc *proc, * here; however, it isn't clear that binder would handle that * case well anyway. */ - security_task_getsecid_obj(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid_obj(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 886128899d5f..4070cef152f7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -500,8 +500,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid_subj(struct task_struct *p, u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1197,14 +1197,16 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_subj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 22286163e93e..d92c7b894183 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid_subj(current, &sid); - if (!sid) + security_task_getsecid_subj(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &audit_sig_sid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6a04d762d272..1ba14a7a38f7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1362,8 +1361,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid_subj(current, - &sid); - lsmblob_init(&blob, sid); + &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b4d214b21b97..50e3f2f4cb49 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -477,7 +477,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -674,17 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid_subj(tsk, &sid); + security_task_getsecid_subj(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules); @@ -2439,12 +2430,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2460,6 +2454,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,7 +2466,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2492,7 +2489,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 5cbbc469ac7c..098d0a1a3330 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid_subj(current, &audit_info.secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 6190cbf94bf0..aa31f7bf79ee 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_task_getsecid_subj(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid_subj(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index ef9dcfce45d4..e3d903d6e5e7 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,14 +71,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid_subj(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 287b90509006..29befd24b945 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,11 +430,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); + /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -469,10 +471,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -493,10 +497,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -672,7 +677,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -692,8 +697,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -722,7 +728,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -735,9 +741,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -859,7 +866,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -879,9 +886,10 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/security.c b/security/security.c index c38816ef9778..458fded340ab 100644 --- a/security/security.c +++ b/security/security.c @@ -1904,17 +1904,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_subj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Thu Jul 22 00:47:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392651 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C78DFC6377C for ; Thu, 22 Jul 2021 01:00:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A8C4661263 for ; Thu, 22 Jul 2021 01:00:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230054AbhGVATq (ORCPT ); Wed, 21 Jul 2021 20:19:46 -0400 Received: from sonic309-28.consmr.mail.ne1.yahoo.com ([66.163.184.154]:41783 "EHLO sonic309-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229975AbhGVATq (ORCPT ); Wed, 21 Jul 2021 20:19:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915621; bh=88hEcSw0zf3tXzqlcfljipl307HiQH32cYtAYnCYsn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cN0Qa7mzIXweUXMmKAqXBsF1/4cJ8stnR+Eqy+BgCKxz5SggIvLEnduUIKcvsXNXMPoemK5xEiuwwB89VEnD7Jpu0o1q+zCZw4kUBO29V35AQ0of4/VNfug5S7Rbta4gPDvF9t0vsAfttMqTScPUUs/gl1cMRnc5cxGaQRzXvUXSU0512GbPnbL8BFGl0x3fFcJ0kGUeU0FicoCKHHatAok4Bcln2Fo8n1BuloZuMi3NyLlwSE50/pQ7zMSk7DbHWFX6AuCRVB1+BEpKCPwefIknxsezquIwudXpWKP29igyrHNHDvqK50S6Gdtt2oOwfC9LFSzj4qiH3Ntba0DnFg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915621; bh=G42p36VJKtGITi4Op10/0IS+txiN/t1eb3RNsfIW0nA=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=DelmIf26oETyEPHBkFQRaQxemfWx79HFSaW7OWo5sXcJVPXyN3urrFq+LlH/ekXXKLt9wSAGJhiKMOcZyVUsnYGKyPDr8OjREhNASd4c1mrs8PVdR5szYhQAv8rS1u/TlDEkvq8hj1kpblPqX5QpS0j/BB1Pf32FLGWk5DjKGVkY5JmzVNUFw62esm+lvs7z20enFvjFhqwBL92DonP+NFUz/7hIk8OplGWBtAD4+nKfRdzzHWe18mnX8UXMYIlxlJ4bDykssBioGz638snPwgt0tjUB387bfVtRZfXiZwwJ17sLxl8xLA8DqSbOCLHJ2UxpJBV/wSeyPGyxKGYKog== X-YMail-OSG: m5UZ0fwVM1kgR4pN76wC._VUEt1RzvX1y97iJ.0ke2WD3n2tXeGqKqQOjEWOcXQ Ox8Ho7VoT5EisYr0zub4F9kGPCfI9EyHJQ5qzN2c5e2Lc5KIqqjeZmL1uKOoH4uDvmZUCMO1q0dO XM4E9yEfvVgU8_9lfFHlMMQ5MkCFTmaEBckEHVFxlbcwB7ieJA71ilTV4SKqzaRzvEs.UphHG6K9 lj7PFhf8WLXLcnIl7KdVB5VrVX_iKGwvo0Kpal0Xp02lUVXk64yL5LLPL1lwAFyV5.WYPknEudGQ eJp8DTywwUijfgVwWgb0qgixXxywLji60eba8XABDBL2CsR.xjNnXkaj8Gde2F9VcZVhRboo82KJ jns_0rRouCz_yxQYthe3TGAORohPAOTuekMO42yqH6087LG2ghUVBO6X39JV23ofn_Dvx6VGzJiO YK.BmGSv182jZuhrKxHjIa0U2jd0W3qNlgQSnqJiajGkAWnDFpzPaoQNDCnlyNnXZx6pcQyKWrP7 GL2KxiFAYC.NzNK6_a_vo8J4Eta122RptEBz96vekeUuXSL.Zcq1lbtiTeT0m4k9IfuWsci61hzN WC5nleA.2fTNuBg9KsMI1tolQ.8lB6TwL4TyUc6.NVDNwzhhJ3NE4o53pjQe8f8U41EzYxPXM7vp ssDnoijvBBmhItkTM07PPHdylhpUUe0gO5F_rxywbiIfmMrHLbWcvlPtAD0ulMHry5DEd_Wwwpis VxdGzMziXI7mqNRxPW3aUHSBnE7Rb6s42nRl1jY5Lz9GLS4Sag7hUeawUDfOj2KKgabXN4bxfo6s WA6GmF8nID7tbhtfOEerLqpCxaLsQmGljOwiyEiM6ndOteZ.G8.RNA8ya64XtG46W8Yjmt.25oo5 DA.NWnlyZ1qjwQs8W4R6hAqm5UPK5wt9nUPZNGy_WENC1EiOsnJf9AxsN2FwAyUXx4P7AnYnxiUE .uvYGlTyCPpNlGVh2ik9ZaIumKMMPqKKIkKMQv1bq15iMDtP55zWaZUDACohwVtxhKZOqImO4V4o hGdPN1Sib6U_QEoQFHSPHGma0STk41RY6fKgDURdi4cjTeCk6Hj.RjvrNjtqxQVVnTGxauI.fKzX cBZxM7GD28ol21zzG1zsq546F2o.dXo4UlDrkZdMNQBwVXi6cSpqgqmN5kZhRIeKxePe2AsY_rcH YgVBKn04pb.28BwD_O.rn8mE5E0DxWzLfaOzudm84widaIp6OBZ6heP.r0GQDZVXBCjU5L9K923n .RRrOJTGgRwodaIpbItHaHAkryAOOpQE4NBcg6fpofGHOw_Y2MqnUUqhDPH0t8A4IwOnMhQbqQ3m Z2HiYlgR7lFmYelZNqafDptrdEvZRCoAGLHiYbSP4KxnyyWiuigxXR0Z3yFZ29aWUjsxpaISnQUk 8lC98pkOfkOq6wzxtlHpQ9ZIvy3pKmsKt1xgZf9HgcSCSLJUazYRY_R26l.GseO0ec3MmqSC7IUO P_ZUEKBswCZdoBliu_lwGB3KAcVIsewsVkePV2t1PNRBg1z9RqZUst8tY11u7081.mU9S7s7BCH5 WE_DyQL6KIVK1q_LYWZzX_9wDHU9.w5.lUomOku_iDMUYcG.FiDtRSxVOZNh.QfjCyHiQwWyXAzH JalPYeNShRQIL3vOXCla288H8NE2Dq5jjlI0owcC.XvteVmMZkyE6Ag4DIDDgNYRWMWEbbvoBafk 7JlMXH1J5zHDSHtYkd5.HEkpxR8rq6t6RS.l134gt9YsX6nqbcHOZZYSY8nWffZDoIviEvnoeuc1 iPgWyeAMN60_OXuE8OmCuAWLNYNZauQRygsICjo3y4tbhdhxOzJCahFO5SV_VyI8MPVrkeVxgD1C UdFezK7OY6EgEHuIH8L13VnaKaWhatNZdwLXCJDUpknvfLwLaV2_XQAzu8.90ywuKkxjdNP5aEE2 TDXTxaIQc6dkLYkzfrT2KH0RXDt0YYM7mWLeV1B2SBVM5LgnWkeoLvkOIuIlquNZCxWdlj7ZI_yy 0VV85B4X8OAOFFIuayVcNHkARGJpH3dQHqS3uEap_0BY66tynfVn617dkB6SlFTXJJKBN3fGeVjj Ic.awTe79vIcePbHd6c6izjxRLVYjQdOnUdxlTzPoy4xJOiwK8jrW2NtNpIY0sx1y6D28Hc7Hl1p nMBpsLFgrLFJHYMaw9KI_xovuV5IkkOG62U5CGi.52AZiJgGlcHR2ijPMf0X3qgTes_C8i0me0cf cLO2Xe0SaEwxQck4ZmECiRPV2TXAGhLLEBQ9dJFhCbNRgRQaMvfy_nVFXsQP3sx5TykhIZceh_.T Bg3LA3LQ6iWiQZpcbQ70lf_WkQJaVsOTfKYMRpR.xAe_GAUzfrgl2hyrpgZF0VxB9Yn.d3Ys_a3c cjAp4AjIbShNmOGTO35oMWVZc4N9pN1S4hUFopwNNNUoiiR9UDtNOSWdjhgA3KuwI7k0RDDRdZ0M 66GT8cVFM8vE9Y0D93PXLkqy3QKbc3VB5Lmc.cMlN0I31mTWKY3esVN96EdfAS3DG8nFIVN9tn6o sY29PmmUQvexoC6MR22nk3uCWlDT82ZTOYVyST_JS.9i4v2cGzRT_jvj3jTLG76If93_IL8gXWR_ PrYJD4FY9dg7h8XBE4.sHyUMdQfO54Y7B6KQEpb35u368K0Mr5Jer5Jux5WGzT9ROBo3FPIbV.DH wBfAPjT9LOC0zQokLR1ETEgVCav93Dsf0BJG79KDmpLfLNW1t1oiL_9okvOLBrxe0nO_GVs9LyUf Oqy_Xp14fUMfUahZK9xfWCdanBT6PhrEnsqsQAJFo81r1OHTGygwquLL4HhQ_zoyqvKKLxrumWBS 9zPhdErxZjM2RDnDoqfvS1wViZLdQMOSW10tJEogvHxBPu7i.tpjOgE8vPBqaU4e2lO3baqFB9X3 xkVXNO.a1bFQIqKKPAuIiOPVB0RMXVszfPkypke8y9gJs0eVRN0be6u2HVjI3Zf8ayHsQHaYsgV_ gTUw.MKy.Gqz3H_PVqI6jiG4panjgouUAl1mL4dk34b8LPPYaqu_jhqZSbrrHnZrJgFFl_0UMETh Ep6rrnZYxSnW0OlohWHKIdwj_BfWYBpaWqpYgXOSszbL9CwINgms2MaBUXVRfHbYNzLf8GTxTWgJ 2ZjxNmT4KaNm1TUMU8lSYyx.438WIZRgPXm2Y5wTp0qDoknwOTS96XRoTRbsYWQ1.boWpqyxnInb 0vfz4u_SnVvL5DD36MJhHCQZ.1yzcv9kvKD6iZsAP X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 01:00:21 +0000 Received: by kubenode502.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 018191927b598ade9ea45efd47ffb4fa; Thu, 22 Jul 2021 01:00:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v28 11/25] LSM: Use lsmblob in security_inode_getsecid Date: Wed, 21 Jul 2021 17:47:44 -0700 Message-Id: <20210722004758.12371-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 4070cef152f7..aa19fa4a553f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -454,7 +454,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1005,9 +1005,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 50e3f2f4cb49..dcd1b988a2d3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1975,13 +1975,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af612a42eebe..6d112ec89c1b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -608,7 +608,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -621,8 +620,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 458fded340ab..da85932a4d53 100644 --- a/security/security.c +++ b/security/security.c @@ -1548,9 +1548,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu Jul 22 00:47:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392653 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22FD9C6377B for ; Thu, 22 Jul 2021 01:01:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0231561261 for ; Thu, 22 Jul 2021 01:01:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230060AbhGVAUt (ORCPT ); Wed, 21 Jul 2021 20:20:49 -0400 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:43417 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230013AbhGVAUs (ORCPT ); Wed, 21 Jul 2021 20:20:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915684; bh=2X8LFvatnxpIK/lrE9liux7oG+mNLt1fOTdrK5/l/pE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DBqP4303zE4sEGaVpgWNm9lNfaGU9SFfO35YrrZeRllSKJD37pQYe6JdNTHzOXby4hqfBgrmwCF2N94vYc6rnQ10GKHIYrTR/6yToMXLIijdADcAxS9Ah3rdgK9h4qL5mzaizCzS3xuAtBF8mStoLdhHH3CezGtAw69D75jOZE5VMxRK1J6QWwUdi4NG79XViER4FZ+ROdkyziwk8QWx1Ya3UlulIVgqWGaFSiKsz7ygFFVdn5vXsfGdow0Xj+ko0RyKe4pgydKCqCrd/PlGVQkFXLCSuhjb2LkvC/AytyQeXRn2hIB1lpfeYZARXn2mmDjRsiZSNIDTHF9YCS0phQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915684; bh=+AilvMnDjpXBQl/GogbK1EACpGJY+ej+qXUKeZaFBUo=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QIH6ZxY44P5imv11JjAefjx7TGcFC6w4qaqySfs98Zl5fTlk0B1TvJjFpZwdh5uXJHV6N9ygCVKS7RugKrJrJ3Lzoq8t+XcwRwOzexqXEWvru74+cXSCXA3NXaSFciylFDtpyF7J3J4cDagXgYWWy/YFbP+YnO2ILc+V8Ma2K5MNZJ3LXS49EoEECrZumDJi6kXlkQoYfnJmxGjeKJJCinYmv3l18R+LpMZQQ/dJKPADAIN7r6s+boh5UrQW9RyMt8c9ZCEvDLdoy5bE7Vs/rZMjxRN9m0Z8p2figKGqB1C0XccHLiFb887/WEQ9/aTQV1qTzwzAv8Z17fx1b/d6cw== X-YMail-OSG: i4FdoqYVM1knNlIXY8KiFEIdv7SC30Kn7SNJFDRC6Vd7Ds9vjKgWSGLohSaxSWW 4QUBM3lp4ZJOKiE8BdVmyHqiCcTABZRoRZWbUy4x7GQnYmwCX9TasWjdqjjCAZktKqc7fx7wIzHL JoaQqzC0uaylOvdsyliUq16RTUhUsmV.LU1QY44ftHCPQOPMyAMhCnB6Mj_aGckkeWz7ZvaDD2n_ fDrNLlYTVwbWBBFDnTU5n_S5I2FMKCm_d7zfAvr0VdBoEEudaWlFhIzSKZlIzk4b.ru2hnnBvCz6 ULgbAjvY0gaNlpkTBcJf6hjy3Zl574MUpBARuQyGNrxxNDXvhW6ACdl4TynixJgBRDwXNpm2ZpNN r74fliTEdtK94uhHlF_aPBXo_ZOHyYP5ZxC4CV.Mo9MZZx1yUc_3eoWbdRJwchpUKyjJJcMJLcpT vT2Uh3f9O2aiLgYyXiiLo8.7125tAaztWVckWP539dwCfPGFXxOFRlhCkqSVBq9WLCeBIbM_LEQ3 4LXfNJugOZlKhr.kSrKN9Pe0n5lacxh9PsZELEvF19foewt8oRhPR152Nq2TkYB_i7v6422STiwH mdU1Tqphk1z.q892juO7UwnPGs8XjDp8jq7Kh1hRftHVJXQvo7hv2rK5IC3mfE67a52TlUMmZVtF HY6KM43TUC7vDpnC65.8DROE.pXS0vn0a09EVlGCNyspfIF2X0QN51sKEGWGfTdseZ7SU_JpxfAf 00DqUKHEkFEL7V1IJDRtAhy64rqUvbUjS5PlwhloBp2zlp0f1PpBQ2YzJHBF2ZFPh6OlyY64yTIZ jGVT8wln7Mrf6wYQksflwOak.tSAS33uZHSwo5QO5csor.g4bonmHefG3nG3t91x9UMqt4vosTL. Nr36FvcR0HYutpcx7ymkBeRukB1YSeuj0dY408OwCGuPw5J2VgcSsci.zelANB9sAMt.MN1N2wpU 3TT1ffIZkwLwNwOodREO3eeeWgta6U9YyQkgyQaKjZdiASuuOxNlLIk6SIYjHTqTeALiofy3Vujy U4ZyOwhmHKdwBiHYeTHeMk.GSzrGqRnutqj3tX.7eoK6UOUepn.AxdeZAYD6Tx5Gn7noXgMSI_27 a86ZiSJJtH1ar9AjFr1o6MynsH7C.7yQRQRAEsMfeaKp3uSSlf5shAqIb3X07GRY24qvK929pCm8 7XwcvesQvIfny_Mi51DIsOqgzGy56nW2kSmQBOVqxJZo3ltfut7Sa7ffE3iyptP6yNYvO2JbL2co x43J0DMxyc5nOxNRjE_puCgN0.KtODrLSpQsIRH9Kr77qi8yrydIbdzy_6Ioc6YYpjpQhaC9bO9k ujAxNMQ0o602Y1VO069AJDtpTz5pYhIgfyPWwETpHXfiLN.LbWJAi_jt2wEYBdxCcsh27UrhEYz. BhYpklng_.v9wtW3s7sstwYqgFj383TWPe2h0SKt3g5KJgoVgyfnIuCjnAXBLjHR0ze7HooYQUIL FfOjzx9jpklQeCc7DFU_5VwyAta44ESTj7ZgUUYVkyce1gnzSxyChaIgWwBFgcdAbFB6ESAy79r8 v0ozksfsZvhoH5MZTgypve94Gy.jbqgzwze7TbF8VDBL_h40A5gpX.V_8H8v39c280qL70nrdcjv bFrVy8ZJ3IrMPVlPvllTOsFrn_6A0IAj2Oi5ASk8QTTwA8tEZ5943WR0O9GUaBcEvan9Oh4nBSL5 6ozPXtW3rZvdBSpG7LnKDEeq6Dq3SlE2UkIHOE5pCEro1X_N42OPMzXacLpsmCr92E7MwcSMScdv S6sBdbTsfyTqbacsw375r_5TjtvfuDBGTRNA6yaGeCUYCe9LkCUvm7oDKP6chugMyCozQAH6Fk.2 qPUNKjTOJElThJ2Om_8ewxUktcXjmwN7ghiRpOqosO_vvYMSgu9k1FyXiyEIlJaaWHgF2UYyypxo jHKCBH8X99ogdoOcs_0FGEMHit58_XLqOAdOPsRvp7v99Gwix6GbjVl2pQ4RfxT0p6qVYQSxBaIB 8s0zMwH15pMSD21O7ZIi6g9Crn.PVPRvmXnrgyNO0uOVeC2Y8jFxg3OhECHThVs1XFKf7BgfbML. gUVLQh.EBXJyvB_6XyCTfmVMXfGaiMmBHK5EhfQhDodd8ihdV1OyC04r9wWkq1.YTv8.OXnlwVh4 xKNqhuFQ.eWQkvdub7xHbFECpwy1iXcF9mZj7LjyBaYDFP4taSczM.H1JzwmP2DSxbqeXOPc4GPW TtNpSx5s.ZpEKDlRDgqrhI7R2wMKll3teDLL7NDKZtZ7elvhKM2qnUfWFyFm2jg83yP_9Yovmgxw IDtNWS8UctSRsTmhilQPkebmsgnfQpZuSfgxZDTDujQq9LumPjM71kGuKuMR1G.iKsXGlRWtH28s PUtYmn.J.2Y6YQSBUWmHP3RS3lVs3t_R.V_8GlwClWnsWwfOKIGwEc.qn1kTDQL0xCjQdVgobtZN _PRP5voV784irw.SzkCUU30vZ2y1CCg4v3QFfk.LCF1EC64K9NkN3ZKbNkA2QBO1Ab1Dh2Sq83JJ ZUKBet5xv4rdmyUzx26ktUZ2x3lItJWXI0.Ilv6Ig11QCBmN4SJLP9a08iq8tBHCk5ObIcYuwnLZ eapULgZr4dixzYJSZ.NyBLyRjkA8FhwtkLFLTFdNEgWODQpXkEfrQt8iTO_SPjAKfitWosKA69ag hERgxHra.EGUIUDo0MDDqQxP60fBqIo0W1HTAsocdazj6gAJejbPTfc1ygsze_xRMglLxaG7hQI2 2iu6UZ5.i9aF4Xql.oQifgAKHU_mSQrzjFvY8DuiBxWanXEhG_lhlvHDcz7w4KikYBPxc3r_20zK IvkSf9dFFeHyeHUk4IOnOq4.zvq01FVQWK6.CxOiEH028ewt306qXGpYL8vfhMen1nSeyANc.dmT dzn_SBIYKaw6iNrJr3bnfDe.t6U39v2gHzIfzaEsJvSQchAUA.TwTJaNxQ27zUtfmoLYGkptPXq8 Se3UG0lvle9EBsf6vyws0jjfww6HjuESCMEd8vp41YIeUcLHj1dzbZCf4Mhs1fSo4Cel14EtUvgD gfL65TbLtYHCvq0O2v5nVWJFJzc0IUL5LY_efy7XFsavpPEbRFh2SFp5y1wHq1.HDeFYnjfKTNvd E3mXPXsL.6Sk83hl4Eb4zqX6ml.3zyF6VJ6eka4W3D2sw1.CroAygQ9KnITWSDyA- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 01:01:24 +0000 Received: by kubenode511.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 45dfe82e9b3831ed5b3bfa5b74958e01; Thu, 22 Jul 2021 01:01:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v28 12/25] LSM: Use lsmblob in security_cred_getsecid Date: Wed, 21 Jul 2021 17:47:45 -0700 Message-Id: <20210722004758.12371-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index aa19fa4a553f..cdd8d9122795 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -481,7 +481,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d92c7b894183..8ec64e6e8bc0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid_subj(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index b565ea16c0a5..b679517a3030 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index dcd1b988a2d3..b5807b9b8a4d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -997,14 +997,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1013,9 +1013,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1590,7 +1589,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1599,7 +1598,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1775,7 +1774,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2434,15 +2433,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2458,7 +2454,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2470,9 +2465,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,9 +2486,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 29befd24b945..de084954d0b9 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid_subj(current, &blob); @@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index da85932a4d53..b4a268c1aaec 100644 --- a/security/security.c +++ b/security/security.c @@ -1798,10 +1798,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu Jul 22 00:47:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392655 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28610C6377B for ; Thu, 22 Jul 2021 01:02:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0804D61249 for ; Thu, 22 Jul 2021 01:02:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230017AbhGVAVy (ORCPT ); Wed, 21 Jul 2021 20:21:54 -0400 Received: from sonic313-16.consmr.mail.ne1.yahoo.com ([66.163.185.39]:40937 "EHLO sonic313-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229953AbhGVAVx (ORCPT ); Wed, 21 Jul 2021 20:21:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915749; bh=whNleagmPbVrZg9/Fuf5mW+JpWC5kGDHMi1mup7addo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=R5YkLCKy9fIvnoaEzpQ9cxEwjgu508ecn3ffYLWT5OtOFMsOoa4lO10qI4bhQqqx8aqPymWi8wQXxNMFQ+IoTzS45aQOSPyCyaDfauzopr5D21nwhFbJuOJ7JeWYcDacDokQ6CFhLGU8aYIGoEaTdObk7eTSbhrdmVoUcqraFIo0VSfYvfGhgSsigJBrIfFxJU85mXa+dVGlAn+W8y2mf+0JYfj9Ws1KpYT3hl+2+tSKuMuSEx6R6/VDYhVmXJ3m8lnuxmm3CJh4lnraiyvJ8nR/UyJhLWGD8At5CJuTG8qDugxHdYVT3CHkyAIBvkSgyG+lxb4xqfq/uLV780HwRA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915749; bh=hJdcpsScFHLxSuD89GezFmntH+BH72yCXfOIskd5CDy=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rmlpRO2rQCrJtG8olmSUglvmw+BLcvYnDn08ixWCBIYsgOf5AQD8wiIdPYGW1HFzAeZ87hSFTi4TtFZImrxBqK5Subn4o+yYpHDCjttM7eV6Cst5C1LA2cWd+Jf304/VpAeELEJ+0jO86a3vNjqEIoi+9JZK5a5z/yZTk1xtDUmG3hNzNXaPGr2dRA8wfdb1ECQnk/WbK06mvGpNhg2sfN8v14yZn0NR7dCrygompbjRled26pWRCXxoSkMPdlKYlVGtM8gQSzh42PJxZwuvMPWMrjOhxkOMxvSKvXVismSYjS8USMdOuNTByCm3pCBd5rfYnxb9roaQ2Ewqmk5R3A== X-YMail-OSG: cv_56ycVM1miIdP1HW9xti9tB76zi4yRT7zKbK4HgdPHDocgXhwGKT1W1wGhWi4 ek93MpwV.7iuz4V0cqs12j01yR2jbaySH.G9ZbDcO8X2UKG7MD..UBOwoJMOhQWt6pN6CTV.TIy8 WMvYwDFeTDuss_LZ2EJkec33nrmWnkseYbSWI94LgE9zKftkFdZmBS_6tE9eWDK7dkGixOCTSy57 Uy_LcEujsizhyavfjpa5wrv36cArrROTG.ID8yA5bNIHpUMZF4.IhC4HjKye2.C.HdEHI3uZNpkW XPplhCsLyn_d0Rd8pRYrf8I_kr6fZ10tMuqNXut7rCo88qACcWDA7Riz08w6AD_JJryRN.3OgHDn t4Y1uqVL53Id9gUxFWFYt9h_TdrGiLvomj7RCCGUPN7BgSX9yNv_4hCRFXcVvnbK.pnn3BoIznCQ furuYVE_0937pm3xX9fN7npByIQximTm_giJMxgMQzjuUIh5SMkhFlWxxLI.9xXUhDPCbFi_jVmk 59gAcXCZg9wV4XuLN3W89Q6WxUuzgc4ybNGprfO4mps.CTkMTgE5X81o1ZQNmL8gvxH7cQK_uSHQ AF9UQ15YCd6QHj1Qf4FStMHjF_WTEKAvJQnzLW6pdedIK8DQYz8u3jgz0fwxgkLsulqP._EU5NIc G3ASnpudAn6a9plkUn9LQPXyf5eKI7uW3abUkD_Lywvjb_.jM9YZ9oIGvPY3PROa28LyUXAaJApE sokF0QmIrQZLI6rKD.N_Cnmhbf8ZZzWfZTaBhu0Jb7wAZTWndGec11ee.kxyIc7CCxuNQfgWkdmm d69DVU.uqjLFlhVw5FNSE8VYadrv9jiGmAuXfRiDJhp8vLxE8DBwhQuu0JUdW6HOQDtzKtXcShEO tsoHQsCScyvh5eaPhUHmVyoK9YqesaWYOW3a1QGpoyg6koSmRlsowjPj.yOdw0h9lksQBGbpGNhZ ijg49tJpzRCde0KL1.uqqcNeqW.vsIOkHo3eV301eFgFozQYWdwUHehgNiGEQGVKkC1HBzxdd5hg jWe_dx0Z_gj1KJa17DSoTr4RgJoBqMfMwn7kc9D5aJXdNO3XpR1sT2D9qIo9F6zgiSRz_ek0Lfby 9bNly6mX7CCtnaaUK3PQhz3TLIXuKYNZ9d7MLRyyPOmo6ZaYwqUqMxLHNYZFvWPE2m6V6ZXnTUIt hPnfl_YRKHVjJxh7XhJ9HHJZAiTWeOA.g8AwmAHpBpQfUzcHW6xFObsWyQBZp2jueL5r4zlyECAF B583GqU1Y8EOGM7qrIibWP4mT717qaLKMTtaN9WkKaDSTBLx6TXw9VMXfbwcUJWO_iTgmvCZQCcI XWnQWLuITCZy8a0Q96nZwv45U94TXwzC2jOdfRJ9XApTTSDZEDkX3xtFjj05OnnWNIDk9bQKQtLD .qBw8DA19QzQqcy7Pd9wakblbN6gZROM2QHNvWRUWoVgCFalutYnND6QuxbW0Lzev1NT998vKRV9 bzexr5a7_h_caP0BaRr6ZMDB482ShbVog6Zk79yUT.96BjMbKy6l3ewhmCpcCalJef8WkoUgfOV8 ivoeTyKFWCHFbKcMAroGRKIM3bhZhvbdTiBirppu2gcNSja4IJzHyDhIdkMOD0IauN8pGMAb3R4b jn7vxe0PMaqingFhf9RcsatED_SSi0QAL4jKWaBjYU.wgxj.HLWVxZkRJv6E1C.hHvGbPP97Q2JB qFfGI.Xr8vmfm9SVAZZXji_w01SLBdNeJ52dXeBUnwixpgzsTRHSvuOiclzJswPfBz1VD29GK0qQ Kxj3XuTZqxvF3lTtP11BYrCNSCIvI9HIC6_sYLPX.NcFW.RQezidgCezTX56yU6Sc0mhstm1jBoN kZS_fuH0NIiX44kbeA49uWDK82gspTgrcvKLapoFLVnlj4V4ZD4ZaUCWZ002UpUie7_mcQEdkzp_ 44aqTiR.2DQOHpORattrE9Xp.vcUv2v.jlPxP8Iv9nl4IYH8IFcUH2bcc_A7ipEgV44FSYaWF0ey deXtTbJUUdqadbPeA5n7PNXwXj1kMV53bWrM2YW5zKhZHQvYBkQLx2asskHO8I8b4m6wOnXWsFmT iwfj70_teL1._Iz3kDivvvEysSDqBTL786BPnM_Pf2DhtXqrtDa9nIpeTvbSvCJrZrfCY5RhAPWu N5.IlJHFEbYbI51g0vzwKGiNZfhhaH6S3lxT5EtXI5zFK_UUUcF4ieWmcSKSGa0vjXUIcrObPxfH m5mtWuIb4QVmrc.CYjGglXCqjc1vZF6SofKBelLMXO2nf0Ya5tqHO2OccZJMKWZzz78M5rP4Cti0 .CKaW0OP5RBJ98qAz_zzF3HPovOD0MTYPy63HVCN4Qd_y8KZsZX725H8uNBr7p3s5iVkln9BiScy bvfEdm9qViDkN5DvSTa.nE7Uz9i2njU3.3QFg4ZuiFWY1EVgWuVO7lVid07rLmYZpeMEj9FVyoid jd21zJMRsTJBFgS5zRjUhTsvrlTdnMvblE3k5ia1jw_Uqe3scSfa_Bwwh0xm4AhNZXZ7fj6dZ6LC Rnoz4ABcCuWFPRdkQovdBP0l0veXkFReScoG5rWItQDFf8BJvqCKmZWaOdIADPTVtwYVrtSjEo.z 5CRou1fEvLYQpokEVADfE.Gz1N_MWm7QNqNND15p.5bOYgdwS9zpwkGJf3fdrwR8SopG6Dv4zhbm v6RRbMGbbcmXcAMiBMFBhG2N8JrNq1UAtZgO2.WEjLMWD_KQharxBuxCpBw5ifAxlXIrZnOp6a_j 4otOWqWvPBrm7LqfbtgG.UMTNdc2CZu22XKjeoogKm1nQUD8u3lGI4zN7VM6dz8o14uR6nYC7Lvo _mR5pzLV7V8BdodEFZaZ__7CyShETr0NCnExuO7f1TtfA3Rp7vdYPxY5ApT6AS7jjOw4YLR2Khy_ Laukq8cIvKaFRwb4iPIlz3Znh7C..UxuJqBzXyVQt6s9k_qk6hYLTfRxv0QYk8nT9oPhCxXjPaQg S2iLVbCxOI9_pDjch2dHg75oau3jP1JkcMTSloOORVwLtQp3EGIn1lokX7DIBYAZuO_s_1MXpRze _bBs_sUYmRmXPrFancGr1d_ZxiCFNkGvhuyXry1zBPIBnKM439tjLbr5IYDHZyPU51GS4Rpv60XG VP4z37n3YWxz7QiUkul4btC8CYjZT6Y_pP5e2T5iCuHjdYkmRt2uPLv7RTPPzUD6kp2yTc.y9ihf zyjZj_f7Lm8zXpNpJpVJojdzyAV_zbOQOdEqgTEXFAxLZPiST X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 01:02:29 +0000 Received: by kubenode532.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 10608ef7f8774cba27287058399213ae; Thu, 22 Jul 2021 01:02:28 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v28 13/25] IMA: Change internal interfaces to use lsmblobs Date: Wed, 21 Jul 2021 17:47:46 -0700 Message-Id: <20210722004758.12371-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 5 ++-- security/integrity/ima/ima_main.c | 36 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 ++++++------- 5 files changed, 31 insertions(+), 39 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 55f3bd4f0b01..a6b59fcaf62a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -251,7 +251,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data); @@ -282,8 +282,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d8e321cc6936..691f68d478f1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -185,7 +185,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data) @@ -194,7 +194,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index e3d903d6e5e7..de50ed4df878 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,10 +77,9 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid_subj(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + &blob, func, mask, IMA_APPRAISE | IMA_HASH, + NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index de084954d0b9..2bcbfb577860 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -434,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) inode = file_inode(vma->vm_file); /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL); /* Is the mmap'ed file in policy? */ @@ -473,16 +472,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -500,8 +497,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -698,9 +694,8 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, - 0, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -742,9 +737,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -889,7 +883,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid_subj(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 6d112ec89c1b..a2b8c0ad8b74 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -548,7 +548,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -558,8 +558,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -628,8 +628,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; @@ -673,7 +672,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -688,8 +687,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data) { @@ -705,7 +704,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Thu Jul 22 00:47:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12392687 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69B12C63793 for ; Thu, 22 Jul 2021 01:04:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D5696109F for ; Thu, 22 Jul 2021 01:04:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230158AbhGVAYK (ORCPT ); Wed, 21 Jul 2021 20:24:10 -0400 Received: from sonic313-16.consmr.mail.ne1.yahoo.com ([66.163.185.39]:35875 "EHLO sonic313-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230162AbhGVAYJ (ORCPT ); Wed, 21 Jul 2021 20:24:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915884; bh=Bcd17Z4mRBYEGxEMRMolb/6U+A3obw3/nhHKIji4ysE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=aTM8rM9LS2vJ9wBgFPWF+UA3bsaYahz9bn0A6e/SssC/IcBvdY1T+hDkkv51nJ86/a9MiY5tmV1NUZYuAJFymV1piLWtciIeTb8rOr9bzZB83fu8tUpDvryy5rTh+jpvjQPZpLOrLqiYayBhnrG83lFGr3DlJWoVxdkbi1fhnZy6I3wqYKwca2M9k+XVHIo+ykm4yeWMGn6EafwFxhhdUsbB9R0LvJCk2FGyRp5dpKu4IeWVBdg4/gpDqaqCuf9bW+Gv+DEgFCdbXST7KNneQfcFGscAVsBiQRj34tTr8wLB8IgiFUVORppyVH0h781dkME+64c+dCxcpuRVS/A5iQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1626915884; bh=7Xrq2+0JcwQGxqmnpBxge7RA0iGgSihT6gphcN/RF1a=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=psUxmFSqEXo0CBK4ttxswRK1625m0vxzL6cJGr4niXGElzpvHs3BqVgewOMSZc/3PyujnR4c529dnqN4W12X1NEd819mGUrKkf1dufUNOcj+9LKFaQsXmxsjCLUeN5Us+bjwpcEZyazJxOYF/ypSXgRM5Xk4ctEq+niN28GmaqBkwg1+/zrlawEnzuPWol1xMi8XM5u/jZYX9m3UO1DATuW9i99wcNg5xkuDPYiYY9oNWFL9ZTWsHuAZWL2CmbhiK0pgfCUKki2td0KiZEyE90dKQagE3g1sD0XzyF5mPBCyimMFVZuqnCz1mdpwGccNfrUYT2ziCzcyJRjepA9+WQ== X-YMail-OSG: 4JVQ.Z4VM1kuX_oiySrwabFzzxq3Z3AVvKFgGiX8YdgRFX1.L.fZar154yDkjBM cpMLQiiKUIjYaembwGaBApV9wUDBJffc4TWgoc81OcllMcwhQGMtDw9p515u5Jbp4sY8mF9N64hG .K69D5A_Wx4yhwI8xVcHsObVpJVDY85axFW6pUDqsQjKu6kDoT.70u4ZawmdLv9WAtuJt2ZvaUw0 jmBJGflhxzupy7KJc5ziTNbnqzDDOmZ6ajQOcz70KECAhs.l60vSX1SvUhx8sOVZrRA2_E7d9gfh tURSpGbXRvRaZg5tn4896.0NqVDvEWScSUtd0W5cIYgh5RZ6iUvm4n03SqWz4tcSqPhoWhMcps0_ UAiJEeSazqKxyxqWIMMeGdtCzJPcixn7lKp66tw8BbDDLZ53wC9z1SsJI1hp2qTtWrHyb3yINaHB pzi6Zq8eJ8P0temHYniiIsqJcCeVjiq9JZQQIg2dqAbJSuePhE2qRuP9fJWRDgBnOSbrDpl3Oa3N R4qVW_6zu1L.ArEEodT9nYJA33wxqcCiprZyz2HF4keAzwn8bAXtdDeD.ayMYYG5fAZLa3DBfYAM 2AyZlUKI.8vxKnQDGdLSHO6lk2jS8u9Wxt1LmmAFTCY5PdFDfSBLG23396R06o67bPjTKouXTegx gtgXskb15GOurdhJkwLivoHCrB8yC0wnSIbAcsVJ9C66_isV8UXe72D0WH35CQ6eEFcwoyUdGcPi 7uOPc_inZoeKXX.mIIU7mzZWJIjzchBxfg8CmJnVh6v5mZKMKM3snbc2Zg.L0nk3qlvZrwJ2rL3d SNMiLKqMc5fJDShFRu_UZsV6deBG3aj31YnnoBJA2EnxaFLsZQx_fuiW7B6rmYjDs_wRPSiOY3aD Z9BnQxz_OrTnIZ4Xd3hhkN5jxCKCkM4rqcmCu.MCKwaK3y.UkoseeJDvR3oMfDY121ZSttc3OeB9 SWTimh_3L1UdjzunauQsA2w7inejrwiq4u9L.NQ5KJp0HBbx.jpDyP8JEqSwoI0CH7BoYF8nbT5T FoaUax5mhKF5jNt7J5HtjqoD_vWHSyCSLe3K4N26ZkVfwRtIlqiwNtwl8iMyiQG_uwGuuPbYkKWE nCjAheC2OZN10o.QfDxznycVc1STsqadXuU2T.4pu25xp1lDUa0MJ9tikawWmAdJWLw8m7qBS_iH fGYqiL8Cmb7lKZo3ZTdYkn7INuGyZXLunA_PEV2KMPaf85_nmCa_ad5FVHOWNQVmeOKbYvF6mvwq K.V7_TXO0MzZKsSACC8Aq2Kg74EmchwpyDWDhHGggWNjWaAJsinsZpuBj1LyTVemi.ToJ2W.Ocnz qIeWv3ePPTHlfjohu4.0uPlG_NTTV4a2Rfh1yxxu6rAMOp3PTUvnmfabCZ0TWOC5zSrNTm3U0Kze 5tRpwXhsOlecVHQCTNq3f6dZSdjm4RB.zJjg.fPP_mDodF4ALx1_p.aSO3uQUDumvTdeiOGKHGtZ dA.HdxlFq.1eUnuZnOv1ptQAUUNlim_jQVrdVXMGZr9PBW7AE_EzVnVyOSnqKIjeKTmFdMo3kW9s uW.Fy.eVV4ouQd8Cc0hfwh_UOsDiZI7SZj9wCjwjYbHRzpbY43tmkcL9onoaze9yWrlEClT0TOjx ln_OVOtCgzjRilp2QS7t.zv_BdHf8zbfyt4IbYkzmx14bpQPlnX4dvtD0GEA76cwMnD.iH3dJV28 EpFTynZDYBblhaioT8LEH4sL5Rb_jC3gfakjSD4IrbJW9ARYt7W.3G3d5CHr9Z_qrwliwNwrED_8 9sYqSyh8UoYEk.7iafl9Wl1ASt2v_gJu.USCpBzX8.QSlC8g.qddpuGZQ0UEZV_3dDZtu6EivDUR qm8LypFBeOLqq2acZLYJCJfgHy7geUmXHqil.XOt9O0YIViG8krbkvUVANLoBrXDmXgdD5reZGYj ia4YrYwZFG0t9iMSaHhHxL34LDn5U7DSVsbkz3EBn.T_RAAlVC5NgoDyRYaMKTl2MsVXZKoLvGjf 8eB.wTr9hP_soGfUqp77qGcsx9T5f.biGnmRTdPcJE0TVbMuJ2FtY67M.9_NtO5szCVdTJEyiZzn kgKJSQY5z_8G4mFBLX4OZvxESUWYdy871O_hqQhFETg9NZ2dR3Jacg1.YlOODGqVXvYiQwvg0915 MqOjm1mdlOg_cmL2RcR2t63AfjR0EMefyagpeKIYm.6Bk1a32KGylWLbJTxFWXUF5nbzl6kxsgdm E_oEu_lgeKsmAFRDg4Sc5jjBUoaeK8ujkB8Smyr7jMCrITxAgxbT.V9luvq2SDj7pxfSmVHJ8j6Y .V6L8pFXJpPympU4AXmASDHBddHS6Z..f9ahPq7U1ToUZ7UY5alx6bij0whAEuYMawuK99Shk4yb GSH2SI9icJs0xO9XArDxnHBeCCJ5oeuirNJSNXZjMtoyX1sbTCY873anYevO8N7pjT77jJhTbGZv xsulJq18TyE1umpBjtfXAP6XsXdM2RPrvtm0xj03vubma.ukWDsQDCvOPwTgpkasJDQlq5xfWInu fvmhLEv1u44poI_WdOPMY5yRgkriQwYQA1fXgLlfhQ1knS4zWPFKokq8hsgD3fiE0vJfjltxWMVM lT8TrUnqLNwB.vyOoUCdxa6MuvzpQXHAGFFxj76iafVo8hhR8yFgcSzXe06dpgqvsNO_1dgIyJCi twrWCNiDdao_zYnXEmKEOSsJkemyyXtC8vTh5o2vWOpdthYbg40umfc0X97yi1u2NjyFAWohUr1_ wrwA2fGHkdf8d2s0vBCKWIF49Bg3vYqSnG956LZzTv.L1Y_RC6x_NYjbS2bhLAwiVtZ3U4.v81Ny osNrRAb2TTvV1sFaWztJcabP7oYJi0.cnsCRSVGPoKCkcvoV4rNzAYlEVklyyaiLd7pH9trhz9_3 e9u0t7XS3d54vJ8_mok2WwDg.KnMCsugJw.FtG07I.ZOvrhzMGAWb9lUROC9ZJcck6fHG7ZPMQJv hbl.FUeL5NJ.CnwPQ7CZ.OUnPoJSusSlCOMOc8XfhV9X_oNMRMGOc1ao9otbANa2VjTNmmBueFrQ 7jccdCsYYuvptMo.ngiL4swySwWA6JC579f1jQdkrU3ESzjhd40r_XNd2peIpxjx_CfWswpLFnc. B3B.VmCF2g21k4IAUqJq8zzEQuWA8jl0Ax2NzhIir8K.nkxMMopQxx7LROEmQn2aArtG8yQKHZKF jBVDB9UWV4Rd3yHa58jwnI9_uStm2aFj4noL8kumJrrrt5Fd17Yyd7RRy65nPLA6VmT.U0.2.y9W XI1P7TyFkvNubVLH_Rycy0FC4rzO8fAmSTZif9YvBuZgOxMHGAJep626vAzwMPEHVu8FApJ.hZfJ ghPpzoxLVYRqj32dsKFC9dUH63DKmbOzHI..0bd9vHErnlCHU.FITeD.hYiIsudoPr7jIJBkDquN JzgxubprQtlLSHH4MJNnugdPaD3Znfw7Sid2HIH4EBEG8Cjydai_IKPxxZz39nYJThPuJtBsMw6Y 1WXc- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Thu, 22 Jul 2021 01:04:44 +0000 Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5a5e18f5df3293bfb2e0344944082a10; Thu, 22 Jul 2021 01:04:40 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v28 15/25] LSM: Ensure the correct LSM context releaser Date: Wed, 21 Jul 2021 17:47:48 -0700 Message-Id: <20210722004758.12371-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210722004758.12371-1-casey@schaufler-ca.com> References: <20210722004758.12371-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 96dd728809ef..8976ac6a5adb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2461,6 +2461,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2772,7 +2773,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3114,8 +3116,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 1242db8d3444..b867089e1aa4 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1356,12 +1356,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e1214bb6b7ee..71004670455b 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -136,8 +136,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 7abeccb975b2..089ec4b61ef1 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index cdd8d9122795..041e87f3fe4e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -133,6 +133,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -550,7 +581,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1414,7 +1445,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 8ec64e6e8bc0..c17ec23158c4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b5807b9b8a4d..1b1ddd62de6c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1002,6 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1019,7 +1020,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1232,6 +1234,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1266,7 +1269,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1417,6 +1421,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1425,7 +1430,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 9bf1f5460681..89be957f26bd 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 89b6f5ebcfc4..ca2ae290d6ee 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a781e757d593..005900a0c397 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 098d0a1a3330..61346aaa2898 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 7829b8f5d15f..4cb540d93ab8 100644 --- a/security/security.c +++ b/security/security.c @@ -2361,16 +2361,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);