From patchwork Fri Sep 24 17:54:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516397 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED04CC4332F for ; Fri, 24 Sep 2021 18:00:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CF8A661250 for ; Fri, 24 Sep 2021 18:00:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345537AbhIXSCH (ORCPT ); Fri, 24 Sep 2021 14:02:07 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:43396 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345464AbhIXSB4 (ORCPT ); Fri, 24 Sep 2021 14:01:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506423; bh=grDkRo5RV4L2mHUqLOUmZGqo1SoGcBwapuM/U/xc+PI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=NamNUeI5D/GW8yuA97NnDpNmfJ+0AGHD9gCXJSAyBGmhZIJwyUAMrHvXzM7nm8cWWgXy7dx8m7aFf8gPfFAxgPpV7W08MXQfSycuss6vYjcBTmJ0D+1kLa7JbOL13zMb2TJqPwx8tqFi3yqKEltuVFLpLjJQcEiV1GTl9RyQz2x3nueZgZ4oIF48uu0UpwA4bcCuBzfgHF2cgDWPjfeBF4+//5XoQp8byFmG90EXEbErNd+q1X4mFZdVTnOwEFz3pdhgqWWwAZAQfZkn4U/M9ckQC1lOAH7EfP+kS10PRTY2t6ws5H5E6x60UWC5M3kHrUCdIuW5zcB4Uz5iwLMJ/g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506423; bh=UWYW5K96JpFM+Rmc11aEzqbKhgYF7JGz12u97oGzlOW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AiBoPVrulgoPlsajkcrrfhikxsi4/np8HwQD+9AXhEGH6tqcZXHICS5NAKZIgQ25yWil8Bg44mZXW9l139rfsiHhwrRB5/wLmm/3VWhe+BNqSWOhgWRFj2MowPCb+Tg2DgzmIvgP7qNV5C6eoH57m8ECYTcIVeLPI4EOYhkoVv27eacwpw5QRbfg0MLgOVe7Sa5vNbPgBjbk0Cb0VEp7twnDdOMsMsRvXyOgfNmNN7ZC01ptXcODTmjwzfRHhIhPkMqsXpGdGlpdLHzvHEtJewaouQyxYidohItKz1/KmWmFT2WFN+o7/hYdO8nCDVlK18VqX+PamJcEkEqVCGOlYg== X-YMail-OSG: UOxbg4kVM1lnPDnBn_mzKWvloejDdKqfxxIh_ZGdg8iaCjQtkhS.r6dgjBu9zln tPSM7y84Oq0D_CqrpaSgDsU3jVlkUZQKVu2tP9Vsm2BUnYE4VQqs1LI4Fr5YC7W5SIlt.TwvejcG DfA94TlkVuKgJIVKCh583twYOzMoxvZdQRqZg2Q1CXNSvScMWK.BWBGQOOWPhDg.JIqOd3K7lB6g Nd9ngQ5JEm.MxMZ2WyHgiiy3mPGJl96AY96Ki8aDlNPtW_IgDiobJEqOnKPcBqSHjHTAgJBMPQEG TOk24JCvE1BgRT97BtAPi_OrCc._0PQnV1hsLuvD9DqWUrBNxzp7VU8HgEc3eUrg44BS_vQdL5MO yMH6YxSFp9uUgMxrtBAe0JQxtzcpqu3vq.MM6fBVNrvqAui7ssKk3FUJB7pXDjpmcV75JiMu5J1O DylfGGxg3sWU48Ht5HJXMqCUBhlQ.dLk7M2P.ZZzY5FgKszgw_4qsjUkv1bKBwUhxPnfY..q8Vf3 .pG5WoMNRrnLiDjRjZdW6MOA9JdNO8aqKLCSz6HEX04qHFlIb4vBWHkka8yfiFTFQFIrRVZqqDVg .iWq4eidQB6EGUmtoSJ4PXKbnCBaOkHd21iDPydRNHOwE.q__q7pPJJnI.Kez8CuPjAnO2amGoHH XS6B39l0GXgQOkYp7Kra9z29Io_oXSsh.KIHg8MpV6pRmw8Fo80exU8pDUuEX4TRta6HnuJw4.tr Lt_DSHyOdlUGkj7W_Qb1J6PeJjug0bJ15sgBH_gtTcUJhpvNY5T.gqUgGHqQaGDVut.22crTAw2m 2.0YPiBM4vFXgQykC_cGHY7ziZhQlooWS1MkYs.SUYIHiAmjNUIAAMOtGii.CGp1Ucqtvz8.CVoZ wN8DbsmHWrcpADvVAanlDUy386F9CQpSJhKPbQOhdnpXVfJi_j6N2.uYMb.2kydiU.9yz2MA0.dd 1Am6eoYqz8bebz.VVS4a5UAVtdNjFRWeElZ9qf7rXTaSipmV0tW4UW1KdYSpBi6TFUgdOGhipxo_ wKxxrOM9_cOsTq7iXlaZXSx6IIrMArwkT6yW7mmy4vpAfuEFMdhfJafxsaaSbOnl_bM33.5N1SMz FTXRVmAU76KFEm6oPFtUJJFRvHmj5_c40EKOZGndYlQu7S7YO6UV.bB_wVoyPhwCZQo941tpDuiy gcbsBVj8lPyGUXmn8PlmwkVDFau9FvH8k.zMSoXM_zrd7Tq2AgmvZCCUNxuvIM3.lEV.BE6APFBj JuLQ_IT_RUGwZBm7QckhX_SKVz7qAy2tq4UsQdcXsqG8PDCn7E17bxVfPxpKqoOJwClSK_KjS1vd YaV4SgYh.VnbEOl6SLJlLLkOGbdIcXw4oU3qd9xqWrUWSXMwzK_NIqqUl74fjM.f0AdgFOOZ46RD faX5EJwa3r0RuCaYlY2rug6UZRL1Ry1g3j7HkQ_rQXuwIVJMyfPHaoD28UmLEATWhjUDENN70Qt0 9UEiW0hVDuMRTY3y7cTWcsjXRBkKVkW4_U1CO0N3JsRkxAUDFQd_YHjsJ_LPlhdqcDS86UfnRCGm rD.6FVOWDUyGLnU4Ct3Cd6G2acT7nKK.V64OQ0yKhDcT3c7qd363DM9SoVa9zCG.wTTlDQBkCCix VXiyEzpgBzYQRMTHLWaUU1uubW9hCFJ.76grdiRak8H4YfQ46xlED5PIs1mxhABKv.k1g18cdCVW HzLZn4sZPFbJCS9JBPX2sCe8wZPu8r2QByZByaJKxqEadr9yh45tVxFMt5c8wn88DyiSDLRhDggG nPev__L1_RhcAsHGSXO6rhIx3_AvV9bcJd76Jz3U_UajkcmxqepZWzlNDn8rxyF9hKcXOisxmDtw snzs.RYKr3VCS1r8tNk2Pl1C.iZgLo8YGXZk_eBeP4wYUsCIL2bwadxx9GDs2YmAtfJW3AOG9PFT sRiekXJL_5OP2i6doHuiMVkWlmJ3gLdsedsB9xtJ.XeSPAg5Mh5GMJcQ27PE5CF3dCrYW6pdHfg7 0mB7UNWHMId4x9LAcaljNyxiQr7Ez9VkV43yHFoXFgZjg2ZFws.lf3xh4Z1UijwliohcNAgIc9T7 fs7mC_qmNUe8fvXZfCLlJcgNDgsar3sXkTddbfcwcFKnOiHPU8a9YvwMCzrVpJ0_MDyH3ofc6ixt z5jfgvv5CXGIsKiOYiftrBP.FyXFEQ2I1TCRwZDnOA7PXJ1qft5_.SDOPqukt1_lXdqrQxkq7wqO yPmYoxfONoXnmdursi4l8yfsIGUfO_a83GIKCG75infkXMLYXwb2gMU5krMmgcJoow1ixYkOtyuW o5yqqHU1TdukkjFIkGu_ap.qO4bi0JaTLqPc2omJxrUAt2o1o_ovT8PCYWiiKxurf.KDFpJdcWbI BN6vz0nPCODnboYZ6K5OBnzXeEilF0wP2qLml.9k- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:00:23 +0000 Received: by kubenode516.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b67ae9d5c17e62eb36b02eaa4d7c9ad3; Fri, 24 Sep 2021 18:00:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 05/28] LSM: Use lsmblob in security_audit_rule_match Date: Fri, 24 Sep 2021 10:54:18 -0700 Message-Id: <20210924175441.7943-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 34 insertions(+), 16 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b10b10afd04f..0ebec0fcf313 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1945,7 +1945,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1961,8 +1962,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a2340e81cfa7..6a04d762d272 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1362,8 +1363,9 @@ int audit_filter(int msgtype, unsigned int listtype) if (f->lsm_isset) { security_task_getsecid_subj(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index acbd896f54a5..447614b7a50b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -478,6 +478,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -676,8 +677,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid_subj(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,15 +693,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1f025ff1f011 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -437,8 +437,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af278e225f9e..3d9f051edd20 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -621,6 +621,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -633,14 +634,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; diff --git a/security/security.c b/security/security.c index 8ca554e1dbeb..6f080a6cc090 100644 --- a/security/security.c +++ b/security/security.c @@ -2672,11 +2672,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2684,7 +2687,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Fri Sep 24 17:54:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B01EC433F5 for ; Fri, 24 Sep 2021 18:06:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7762A61250 for ; Fri, 24 Sep 2021 18:06:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347886AbhIXSHd (ORCPT ); Fri, 24 Sep 2021 14:07:33 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:41240 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347873AbhIXSHc (ORCPT ); Fri, 24 Sep 2021 14:07:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506759; bh=lF1ziX5gHsSe9ECLJ8VrrXequmqld4YMJ0fxEuwG6B8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=P8rv/FJjbB4XL7jBlvrQPbu6yal6zIOPdlSi5TVlu560z/Hcq7UGacSzqsDkRaufl6oTfkKdvRLu9KZw6mVDpdYgAFWCjmarjGob7r4uc1Sr+8smLxT0FZ/jx4BWNcdmO2K8vwe71QdirF8HByQeHr2rpF58vOqooQ3yITy5Czfgp0ngsDkQJ+MCHzJiVsEEm65lcyI2vrmqjJ2uLQRdhSHF1vy5un2UENGFcIfQgLcOqAJMnv3hAqots91XNH1oQpP2eJK71AXD9g9cZ/NMD2CM5uIGUYU5gqA3/hPWSYLf2YxDie4DPlht4fGeLaLjWQb65AkSwAvqie2y2Z409g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506759; bh=IidI1bz81wUanKA4KLf6bUe2F4WNKk7TxHk7pH04u7n=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jSOMdyun9jL6e0jzJ3EYP/AqSoh1az++e/EyVBumxoZDs0q9eiXSmB4usQPzUicJjczAzIxRqUdMnZrUT6GdR+Sy2fHR289MA31K7pSEwzeFbFvvLLdOi/8Dj3AsksTXB8nXFblkiiK9dodh877a43hriqPgcfaXj64+m6XDhUeuLO4N3+yssGw/Wywk6bGUYzgXFblf+PtVwNptggjukxCQ4AE3sJJHs6Ok2zk9TmbcGrMpg5YC8rClqleJvRGNwxev+MmdW2Aqq66y/dJx+oFyo9ELIEwJMxAPV3ARp2PGUzhdUrJ7mvYEnXu9AlUNcbJYIoQJ9et0/GC5kJO4LQ== X-YMail-OSG: xJ1D3QMVM1mHqVa0G1WVYdCRFBmw4xNAAM5l5cRwJsmgvCc3kd7gsP6nVJyiLXi hBX51jqXUXLd7c9zZoiDfk21jR3oD8DuBMRYdrArtik65A5ubIQmZfCO9B6Ala641uorB5O0wvx6 7shq_0I.KhiQUuc.7.E9UQFGEL4yOp7hNq_oa2oYGFfc2t.fwHnDg_VaT9d1Ax6gaipVCz5yDdXr 7qHaMi3f1ivOJ0lfYjg.zeIS2m6Sr2g7mixTQAZoKaCVe.TDnC_VJTtHw6SVH4Qg2SjSbRXcYiLp jrkLwY3lI_tOThW3iVbvahtNFN5L7kTLDMgHc3Dkk.ZcGFxc0f_SJPAu.Uxo_0fk0ZLDVCfSFh8h zyublWco_NgDCKfIRe7ao30TPiOAkxx73INEklE9bWdSu4lqgR3TjomBLqPx46sgAoUb6SYJPDgc Ywi4sMvvulePPwgMD7RQuMA_KtMvF95cB3gI_2RKMe9LPpUZkP4bVppP45CAvCKRq39ly3ivOjbs Cam6GfcbtX57x58KlRg8asvOxPaPQqpTG49.MHAbst4oMG7F3eljVvNzPFXUYsdlbUBSMPXeB9ry 6T2ORlNStBSeB_XMkg9gX1ZKARsh4CTngqsXsWsYPy5FTtHKgiXfkPPksSD9IwcHgObFH2629nvY xfnqAoZ07MKEiMrUHREGZJO9jjHaZPQZ0VfLDsL8wHI7IVRJ2N90lKXzLudRbdhRY60d7tGMtKs2 jP_kzOMfPiRwk0B7Hpu5UazS9CHQMAl6VxmS_hkrVZ37rELXR7htwlmLjcQc.3WgekiNo3T1qrQD Rmf50CsoLw34gH1c3Nso43UIxvKYyYm05qrlzrZYNu_h7tx5XAjMGfC2ovwxst14hMhOw7pWkxn7 gRIp9aV7YlzC2e8uTbnTYeyrFOtTx02mvLKRG_meJ9G8NBplO1PWiZLqUx5SuXDTfRcy5VuwBDP8 bcfAi3wTuqfRHMYmaWPAjGB3t4jjwVV1KuPsEALbXOtef0w2D2GbeDl8ws4eYEQcaZv.ZMos9umu bNqf5lTrtDTsSydNK_r25RICi4MVJT1rQ02ITmSyGQnfkTCpGDfbVItnXrHK2AWKSe3aKpfvI2FT 9s_RzLba.5xuBXrDZFrB0GJhZC_rU3Szv36R8mncnpbtXFA4Dq33Tlv5yecFu4jol6U7XtH9I9p_ isgUlsvD6uQ7wWpMb_l9wUNeANTkX12n4WCfVsStUw.lqd1a.B5OiJWPxkgkmX1CoPdOoFqCxizk hY9h9y9dFwYp1XJOQHiL9Dy2xKOVp1Ykbcaz28c7yBK09G597mZhYgO.ws9Ft8yUq4YlmPuNsmwE MScMLVIr49KIC7_Am7zfG3e4vSP.MowMn0uydAffegzoEgWqztiDmfZNDoUIkNcGldgfXECajOoS qadBbYu4Taa_PUZYS29kKZX11Ddsg1k9xMv1_grTNZK2wB0zmBVGG95w3ov62Ij6hRxgkwgsePHs r03emvWQdWf5gZLX9RfwgD2ncfU8KSMV3DD3Cwd6gZiIbPT6TyZkAQb1FsMqTWL6kUppuwF_mbzk yZmSSJZ_cm.d6oS5Fz3f3IwQ9a2CK_hW0Ubt127.DeyJrFRoh70ptd_FbCZAVoms0tVxln2.rzap Ag0tFM.GUX1qsRSSVJY0CzFavFZfotGVgkGu.D_aly3lqaE9eVUazFT6Fx1d23auLiW0u3CAyA40 ia4kK1IuuP7qdYYYOudhFkhj4wQbA8ofAiP1ADhqCURX8UABJ0HmB2J_BH9V2pUEw0Sv4QJd1XST RD7akvGq0tLx5qo5NW7KDapp7xE2sME9hM8PEkIqxh4aemHXuJAdoBNnji3S2o0Wuy5s3ihKWRwn rNMpvDCQfBc1tnse74nFlV58I7WS6LWlxXpxKzPnSDQfgHpdPQLcRA0z9yuJaaW_euykam1PHy8h wmFQN_OtJimhkePQsh6aCr2OYfE.gGXlnFJftmXe0dru6o_I7QGWPbHhs_ubRwVmUAir7o34XZo5 50O0B56_08cUEBzNApflVEL3wFZCKU29DZcx1AQuqkl3CTJmLdo61NCfI_2C2SuGMk9BjHcqJ3b0 ytiFrpsz6DMYI.lZsaej3ZGv5eWw__CKLr9RCy7G7VY8DIq2.p2FaZuDbMbDlW968PBAtn8VB0Ma R_V_9r9Y26T0GHfD6B0qwaBiYA1NIKNWd7ZvjNGKh663axaYkygPZlets0t88OgHU92EcaxP0Yr0 F2jBQf77KoKN6Znvym3oh6lpJ5Cfgg6wwZj9PwWB9k9UwNG0KzbLq9_9R4G9vCk3veArQYw4zit1 8.mj4S9ggV4iyBCoDAW8hbJ9dn7KPNfDj.cNkHSZs.OJdfkJYiVksAx0wrLwRwc7ND_m20ZrKgKs 6Bxh04gdytFtjiUUFIj6LSyE.CEz8cXceZw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:05:59 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8b07f85760cbc40cb575fb1fa28abcbd; Fri, 24 Sep 2021 18:05:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v29 10/28] LSM: Use lsmblob in security_task_getsecid Date: Fri, 24 Sep 2021 10:54:23 -0700 Message-Id: <20210924175441.7943-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 14 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 94 insertions(+), 80 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 42bcf22d1e50..d17a34445dcd 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2710,7 +2710,6 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; @@ -2723,16 +2722,7 @@ static void binder_transaction(struct binder_proc *proc, * here; however, it isn't clear that binder would handle that * case well anyway. */ - security_task_getsecid_obj(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid_obj(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index e674a6cdab46..de70742c30d6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,8 +501,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid_subj(struct task_struct *p, u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1198,14 +1198,16 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_subj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 22286163e93e..d92c7b894183 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid_subj(current, &sid); - if (!sid) + security_task_getsecid_subj(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &audit_sig_sid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6a04d762d272..1ba14a7a38f7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1362,8 +1361,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid_subj(current, - &sid); - lsmblob_init(&blob, sid); + &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b4d214b21b97..50e3f2f4cb49 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -477,7 +477,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -674,17 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid_subj(tsk, &sid); + security_task_getsecid_subj(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules); @@ -2439,12 +2430,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2460,6 +2454,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,7 +2466,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2492,7 +2489,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 51cb4fce5edf..15b53fc4e83f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid_subj(current, &audit_info.secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 6190cbf94bf0..aa31f7bf79ee 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_task_getsecid_subj(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid_subj(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index dbba51583e7c..2fedda131a39 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_task_getsecid_subj(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 465865412100..c327f93d3962 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index f6760b25fed0..74a7fb981904 100644 --- a/security/security.c +++ b/security/security.c @@ -1905,17 +1905,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_subj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Fri Sep 24 17:54:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516431 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6694C433FE for ; Fri, 24 Sep 2021 18:07:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C660160FDC for ; Fri, 24 Sep 2021 18:07:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347909AbhIXSIk (ORCPT ); Fri, 24 Sep 2021 14:08:40 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:39364 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345715AbhIXSIj (ORCPT ); Fri, 24 Sep 2021 14:08:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506826; bh=NSFipKtBBIm45/MDEef6cClsYrf6QTE77Xh6yL0FpFE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fNknNLA3lYmvdhxrqDKdQ8a7wO8Fob0lhCAnyCbKy9hvdT9UoXbQwoLRC70BoVC1pWxFZzx9mPLssi9kEn+oirXgwE+LH3UfrIjtl1Mt1+oTrwY7ISlll6GdTkjchyJnD7cWgzOufd93NIOhWd+Cp8rMXpuSa1cEfQQWrpP1Fzlg+6EmkwVjlbb2iT30h7G4I45J/l1Nt+0d+4TqI3spkG5ipmlCSFt+DllEcvrXRZ10vCldQ2uWlJxxpD4GGlj+c75Ksi1qRUFG+gTOWGlffGgTxzogQI0/UDy1sPolaOcQodfaKQrWOgG6dyzzboH/Qh47SfxbuH50km9YmWRUJQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506826; bh=4msa18yrZDHcDr/ysBzWkUKn3IVXkXJ7gsCnm4heKIi=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cWilWyRLSyoXeLsGI7PWptmQyVjO5Cwp9pnsuJiPG56sr06Z9qjQkrN0fVYBSAo3xa2R36Ru/DykxvZ4o9Rggn8Ise9YNKxOnxUGq/KlhxfLqOWDCblHPGXJZPIovPbSodep6Te+Dvx8WwVa32DUZv5WgOFLaUigxHY8Msm8V/zIeHxbzTwaYrzOwchMCKcbIGtWZK0Voq/+91ESSEF7+zlE+SGDnExZ0kEA4i6YLbEBs3aYAwHvX7XTvDqJzo2TfFl++QAZBBMBcOULd5hcLFIkh/jKsQci/vsF+Ofge4mpBAfefziUugAuLgd+OWSL4hK3t1t5ZxDMtiqjZk13Zg== X-YMail-OSG: S4r3spoVM1nia.7i3N9a0pMdtqHJYFsvhlN8i7XfNsveKkChgEGcecLCLJDu0x0 Sd6bHKFLrd5G1B7_XlS_jvZdygAR8HAKllBvs_e1FduCcdNzqdzYXnKUvNWmFOuvBGoAOp6r5grv y.3Rntsz2789Sfub24lSoI7XrYNJv5ShQOWDiGEBOuJbI6MlNFzU3siTqCO6GcIhKOpux0_1KPGi O9rtxXLTNGr6gUihZnSalqjm1jIwISfLrtNI.KlHoGip5WDuTyX9pLoJ1mcv94zeoekXuWks0NIE vA1.Acyk8fbWWFkhcQjoEVTNnjAwU9G7LZQjAkSTsNbJlzrU5oB0jQ_4Q0w3UyNNidaqHmgoT4GU MJC4Cm70obEO1AAjH7HZZ5czLv4w_CjapVYV7dSP6bytMS0y9BKnfdIxMDNV3r1A_VxlTeogapuw QEQHeu1.t8vncxTnmWnt.X9rHebklKhwsg6USy5HxbEPzCPOIJ8osk5NWK.orulrzYaC0l9kPkJh wx56ShyST4VGBAPA5Mq5lAlM3VtLX0M9d2tG.pt3Mul4FYX9f_d6bqouLn4tXH4VYlG_3zD6_NdT PBnTmU8f0eNY1LU45zkk1jAtBzwUWaVoN7E68PlLKnc6dAmy1b3AMnWToE7vU9jLPOMiL674I1XE Xu.GjKSjzGOX0HGcsCv35aPyNTjo_E98J9ZzXw9G_PdApXJ5gGgzrW9VQeB5n9JZjjH8Ape3c.hI t2Q9B4xohrybloml23Zhaby47_PGWUULeuUywQey3MronKV8ynBAIkf.xmIFGBsQ_y6wtKYcTrcs tkQGDkIFN.DlrJJfe.V5TVSfFrPknjP6xRqfez8k1am4.pHEZWR5j9KyWNT8pTOgrL2MKDT8LBCu mJYL.obbpSeZ6nrqCMJIFiCxFG8xPlWXCXJ4KCHBqo_7Uw4T.OWFLs8pelHU9A35GE4tyEBDhn1n yszpcc03ztovhr8Jxju98NVO1GntIA3IDkpgjjJwbCjOCUL7YAaFXaH4tLi0Cqwzd_igDVGJJxqY Wcyo9dS9iDA7576RF8YdFTJ7yQaGa8PcZQxG0dhJPkzMTp0iSd7HXrOGECm1SU9OlN_t10NucZKa RmEJjU8GNxJfp.OlpmkdQyWnbmTTcy02HMM3qA6zYPNAYO.XoEbSWGHy1fx9Nk1BxSGgpvLCzRnb IgRhebwxIEoJUek35qnInrzKhqkbreSf8Wk4BdcY5mjtNaEVKBACgE7Q_zvgB6AxCEE9h.xFFxCq zDkTjpq41IaFDhuxtJzEFdYq2j8oJhvJyaG4talNmSPSg.mdNRx7ZjyUf3qGf9TAGarGmiUzNfCh arIzDjsHg4IZvMzYdVQoMgGizaxedEuFWrR6FrF5tedQFYppdMKCQy58cu5Fx2bkoewVkphsQLRc iD5_fgg2j6OGUsKGDonzmEaaR2FRvyxGqN755lfJZyI_gSIN_SFs22gV33BybwOqREt4b36Uq_LH 1nRoyrkbsiBxZJIcKuCCyNy4kOmSUd6T_t58EkM1jB38tbm2.i7huXX4w1Zli3mb2gNB6H4SVal4 7PPw.LMZ09STH3mOXjDOnBgZ3DWJWuPapVwR7HnAA25QrTv2L8NWDwEhsj42NUlW2p_EYyuooHXZ EsXruqYIeGOkjjW3ltOp4eP8.mumRcb9yPusb_JB0dDSuSG5X0U1Z_aSEj1bKBjFOBxzfbloOZFn mZjcqaTiCgmzfquUUU6GXZO5thpXLVzRqVnkpbVepTXFK.FosunC_ADE0i7tpm73HZx7OWGXJCzO vpZ_X4norddkOIMEjTFJVmN8c8zXeuL4frgO8pD8lSAHMZULtXMP8k4ushoZpJ_0ZUlRNnTm60WM WVRDBb4Sek4xtYTUMYgxBZJqhk.bLW_YNFxQQgj5o1l8WcV9XD4uZduU2LeCyCg8AbT.b4ncAXpS scgSJiTJxuQq6v0tv2es8XywkXxrgrm1uS2drwVnlhs8C1q2QPknbI.qjVvNf1X1Ipk.EGW3UNb5 LOS7KEEQIwKj5e_zHFaRKVplR5Uc6A2Y4lMim1RXf6qXsB63tmFKT7XWH_Aq9f6qWmgVTy5UzwUV WUYs.CSJ9xdoYQrfK1V5.ik4ezNeFS8P.2muYI..r14Pcp.UB.TadrMubkkwryfGjctz_BLRaO1P MD0M.AkUTPRzznCP.PqDrWi4skXLe_y_D_k61rb8wCs93X5mJCkm5LG4eLM_Zzr_tvNG2V44w8zy YELP9WbW.FQ1ms17WujNV0MkfwkghROoBHSg2Z.lU.lsZCd3rCPNZgXsFFZOrsZyMq6xjSkmJZgr LCawIHnSfE_zKLECGksNdu9jaIPzPJyytJBTQnwBBAxZPZTGoLsxy X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:07:06 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6a336e70ce257ef3e6f73420e83310a5; Fri, 24 Sep 2021 18:07:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 11/28] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 24 Sep 2021 10:54:24 -0700 Message-Id: <20210924175441.7943-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index de70742c30d6..5a336fa10818 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -455,7 +455,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1006,9 +1006,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 50e3f2f4cb49..dcd1b988a2d3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1975,13 +1975,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3d9f051edd20..67c7762b2533 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -620,7 +620,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -633,8 +632,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 74a7fb981904..5fbcccbdbccd 100644 --- a/security/security.c +++ b/security/security.c @@ -1549,9 +1549,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Fri Sep 24 17:54:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516433 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C43DC433FE for ; Fri, 24 Sep 2021 18:08:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7D7B361076 for ; Fri, 24 Sep 2021 18:08:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345517AbhIXSJv (ORCPT ); Fri, 24 Sep 2021 14:09:51 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:38649 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345435AbhIXSJu (ORCPT ); Fri, 24 Sep 2021 14:09:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506896; bh=BAnSfVvP1uRJtdchoIVy7g+glXh9o7BFoC0c4oy2wJY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Us1s29HNIHtfvZjWJbjukP0zrJ5S95h8in/elYo93sfqxqYCx9oHv6o12tXXBfTZVCRizyEtNJ1KFTVRLSaqJosPDSjpwHray2NwEzUq/+Djxj6//gtbRQdwXgNPopSpsoKN8QIveohhoyhm+sZ0qoVutUrTEqiXNLfUhHoEpMUTJ95bG1GktkbAJdZ0mGiEP6saWUtH+LyjndTftPZIMQ8RpEV4P6trwe2zgAia815t4Gijsy59B3L/YrmuYD4yJGt2Bi5H5fp6VpgrsVIz7PM+/S3BnTBPznpwShKt0+YLbclC7sY0o5ZS/hrWB30vpaMLHSyHP3zrsKdPGD6t2w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506896; bh=2yM6xuhyR0Sknhc2BGrsGom9Tc1BG8VVvye0xl625s1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Rb0Pbd8lAvIDHKKIf5L4P0i2oMM8+dkmT76TUDMOwBBTJTN+g17bo4vtkfrGqPuXvVyxyZ0QhCs8p8R9ifvzNt0dGD8BDZJo3OHVrbpEHB/ABWW5FvRNDUhdLbfIlcVGEWWixb6P18NTU91dfeBkJvp2rjSQzPTA00NCo8z4xv/3bYT2Zw6SYpLf0QCpgnRhn/WAIPoNidkrgnH55/nCUkI6a5tM5x8KlX6xyv5g8Qbn6V0G/F7nrccHsibVB5ZJ+L9m7zq4mKx/iywg4UvITrWCTwuiswrZF3V3014KsYBWexObT5B3adJkcvfBtUV2Jek9GdHeDforVf1pu+FSSw== X-YMail-OSG: hLquolUVM1nAWS5IGafv75W9T3PZgW.RDNHQweaq5z9rGoUvH_DE_nUt7kjULvo Gh5LHT6Ef31f2MKIjFPGud_XqydbuVPADRTTSGAApPbziPiZo2dACSrSMMchOlN_5BGfV6jlrand ihnLFdAcOKPrSvsYQT189F6cQts7xdLWnYSgm7.gmi5Fl7oxMsqYQL4xsz7_fKggUa4.8qNfgQQN ZvoF43QijaxCmEz5GIoH6AtpppMtIpWCpuJMuCx6seBwNnVy_gzqFcPWZ4J333OfdWoRPneLe91u 2_TGm86ZlQaelIRA.sPzXFRJmLHucGxFFH.O8pIQEUm_iH5qk361dtl53sq712FDj2r.2P8PHtl8 Y85nElxBcDSsQHE3RWRuKo7W3JTHbkeIHYHSxqypdZdkTh7NBcezbF7sHkAdFWJ4N3HY9lCKvX8A X_iAEcdU7eMIbIUJIC9SyMM60fV47DpbenZfutmzzXID6zaTXI7.RAzzQe09DBXpm8pvDv9kgBXZ ZOJ5bwSi6hYNhGXzy.lXlQSuGd5J4mBIJ2FlaclFn18WaThLD2RydpedhhDsuWEZUEv8I_1hWB9f jFVQU84cdL5FGBJMoclFXUuyPJ.i.ATUVs3cB73Do26DhgLm5pWVlhP2Sm8fh4hQx_UWLHITxfYF r4d8jOUUUMOhLRt_wD2TnecNez1Rxq00Kskdd0.SAAJ9OTy6.XGDxVv7Q9Z8bN.cLuwjIuV7X.jg XVJ6djG.9YvSYqusd8XayanRgE61Aiog8P5.xZpusePRfBI3_Xs7yYcCWcIjP7LC2PmKnSLhsF5e EMgr2IiFCLrRkgxYsUsHeFUaW7hLIV_4dO3JTgvijMSMfimaBZ.XGJC36OIY.fa75n1LDQVKer_q XMQCPzVdaz1x_CIWtIgQiL56p60t89ZN08QEdfKwqaGU5F_VgeoLyxgaqga9MyvDSwCQzzeqY.l. TusfOy2vEBQDuUYyAlf617VGXqnBJra6VufuBURPj5VpxKvX6tPiVHlHJmq39bjqSTdcCXYOFwJe PmeVhPmyBjFwNx83Be8NLBj85pppToe8D.SsVCr1jH6SVJepNfj2FtO6PiV0EAzi5V7_uSNCs3Lm oGOp3XShzIOBADNgDV7A4Y9SzyblnNLInwfRlhBoyv4DiylDPKOTd3s6VvcwE4rSJBKBMm2hj18u DXgK_9UVOWoMll_txcdmF9YnQTk.ClAGGxcYYHHshzeyUjFOKO6HepxcjQGWqBM5GNRe0xW3jKpv D13g8rLr7bNuGz4ZpEb5.Jm1Kj3LHf.zo_hDYZwoijHmpFyDtcMTgXmkqUk9U.ktokaCVVo0_phb 72QAn.5VkjRv_ZzdXOu4di0zYC5Y_sp51K_qjPF.T3Ohhg3P.vUmlx1W2IKiwMQc5AsN1pI3EPWQ cnhuIBq_GJ4Jju2xhzaOBWeZRK2qi__KlGzEfcbVKGlMgy3gJWamouztzFwgQyofZTFx20NvN_RA 5mUHwDlyjUWhV58zb5ZpasczTtIcXcg_USp_H7k37vhxDrWzNVPr37MuNsv1PuTBr1K7zex0W.kT nBJXlH93nAMSadBDxediAX6xPKtx2XQZwgCeJYIVPty0F0BdVWoDfxp_pAVVWGGn8oTAw9lux8K4 FtV6f37Bc7PXgcrOa2Rc5KEgEkJwx_trsPc6J32To5XQk_3P4aH_sYQS_9nqhuoyaOCliEvqlwwW XzgrUCskamLfT6MEMO9ELCEbDzpTx4M7CnbAJ7y1LGserVFX6veZZOUk6ZNkoOXj1s.zNV5jOeRV 57tKb7vO5YBSM0URCfeQRdXOSyDbkTrZdQyB7z73kkE3lr88bu6F9.2n6Eh.xixQAWLuQDYH4cZg WeGrXbOpiPOim0bO7nXDoSfKlwKpJNMJ0OxWWcuaV4u03f0jm3Hv7pD0KVyuuyWkh3xXVsbYClVZ 5kbbghlBja4J0AArx9xAaJaiOegGyhmXCM2T_evcHMhUXI7XQP6E3e2rX7YdHkui7l47ajivrW_u DYNpO.erZ4sp0JhayZZFvITlH0l6HC7OoEabqlA8_RglFGtVpMCfAdmzXHOvkwqAqMFEXpol1jMl gJgJvT96OX09Qlt.0frMrSHTm9vXPInalNEpPbwbA45EWyLrGXcO7CsycG.D1KTRftvztKRUT8ll 28VvqTyz_sAfcQiRO1amBlJxgvs7YEqhm9RE70fqsrnpVpvn7JSCMlVMFNPxrCojVxciN.IRsbhM hnAKJMJIvu5H6IFo2dDHFS8Z_DORJspxkmIXEp8DdsatjmB3V8cNMYv22MNN2TqM7q7jw2VFsg9j Ap0CkX3KuijJAQqPPWMpT6Y73Hv5R9Linm.dU8XOrJXKeYEQAhEZXCQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:08:16 +0000 Received: by kubenode585.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f6139ef9ea109ef4c54f04b259cb9c09; Fri, 24 Sep 2021 18:08:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 12/28] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 24 Sep 2021 10:54:25 -0700 Message-Id: <20210924175441.7943-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5a336fa10818..58c853eabcc9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d92c7b894183..8ec64e6e8bc0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid_subj(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index d6a2c899a8db..d43a08eabd86 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include @@ -137,7 +138,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index dcd1b988a2d3..b5807b9b8a4d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -997,14 +997,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1013,9 +1013,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1590,7 +1589,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1599,7 +1598,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1775,7 +1774,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2434,15 +2433,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2458,7 +2454,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2470,9 +2465,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,9 +2486,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c327f93d3962..1a4f7b00253b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid_subj(current, &blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 5fbcccbdbccd..f5e9f2eaf5da 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,10 +1799,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Fri Sep 24 17:54:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0C6EC433F5 for ; Fri, 24 Sep 2021 18:09:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7BB2861164 for ; Fri, 24 Sep 2021 18:09:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345997AbhIXSK4 (ORCPT ); Fri, 24 Sep 2021 14:10:56 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:37029 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345799AbhIXSKz (ORCPT ); Fri, 24 Sep 2021 14:10:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506962; bh=3pmmgD9t4z8NQSI4p1azkNcMGXOlGepTVasZIQiZvCA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DNIrxsFZScsb+SoVRi/rH6SvussDc1YVH4a/oGVPZLwpQj3LktPEZSIwUXmMh5Gcp8QCkTLhqK/mAmHbdmux9Z78cZXzLugKR/1hlqjiff5oQh8Q/CjhLcW2LNStBwvgzIcVLnoS8o2YOfP066fMwCC53wnwe+Q/QbQjMK1o8l8SaRTTyuGJ9EIshVMjQ9qOBc8M6r7rmPzoi+O1UfPUM8bbwNDOwPDc4NxSdh47xS5s67K8dBR1HckvyXtWp//+HxMxoCWCibnq+WWfEPz3rY2EBcYcRZnEotCYvSvaLq8/DHJ0WUfQSWmGPQt5WRHmq05yJY/wGJtuSC4LPK9b+w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506962; bh=fgc29GRrXTZa1Vl+DtuHKa+Fe5gpE/9Uuzbg1Q9YUPA=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=s7o2qDzpcT3zAjCpyrkYJqtZkYUDy5184aI8+bisW03f2xPbBA9eMZvurguH8QKiyRBfneNFNNao7shJrgztAep5a5opOvojgAv/OdtYJxD8BFYhZc5OVcS+6Mx2/oUjDKxceU/Xfl6H1TzwVqASUDkTi+y/DjoqCvlB8oaXaEe6Gsdb+coerI2a/ESu1NgtslTXlbPbQ5DPY1os+OyJ6wjf8Cl1zv+Th6rGq3qLTakYSI66FgfsF3QxYXTH0Y+OUnNc1H0TqFtjAbWCl3atDuyQeyUDVNOBZl3yWnbq/7+irIIvqHhsu0hOg/YWLkufuNJbtbBfMCyKVnt8+1UFmQ== X-YMail-OSG: ni7vDc8VM1ntq6.WXBiQYwiATX74bzTV7_sa7yOP2G8V0d9lZ9zj1_XsumEgpYA 8zIlJ8MVCPb806vHM1SMm4NRY_Hy.8EeHTTdthEUVEe3jAbSOCd0Wq81cMzRJoNnx_u_atuBu0w3 BffIYR11Q9Uar9DfdU9AwWfWwaYHWdubwFsNILlbgz4tPu43aGuQDCNsVy3TzZAah8nFX7ik2eoz 36CUooxlf2x_Xo2QVj_CX8a1WQyR_Rj_2SpIiB6mCHkiPyaSkXGtFpyYbMqByKZlWtdBOMJ0K1X9 ZJqvcnWv955D6cJxpHthwj9cEZG8DmtRoBCE2i.CNcE_sAVfEGNfR2uZ2niiI4o0eiWKbTPv.ZCx 2YlEqaFYMOdF0FileL9ktb9BbRIJ8E9cUVTtbtNpmFdbcEplJAK_jtOSyiplLdFrqepPyJwUx1MQ PROOsv4PCTOTqdWwmnSwgfvonLmUR5.zn.gSWQ4ZhwHpWmdqUoqogCnT1RnDguX0V0WGuj3mLX1D eYBV6k1sYmPDjie38v0vLQguefgUDo.Ds6YKDMOL5ni2j05S0_3hSIbAtcyYK8m_aT5ExCSvRdMK USu3Do9VSDHzVLQHKt4Y8GbOAsIwB7x8v1DOjeRfY6MDhvyE1Dt7K2pE7ARrcNM75h1IKOoLSfaC dg4ReQQMb6lsUvLYOsJMRr4p6x9F_B8GkeFnHiEMY4PUQlonyiDtvHk0an6A0l_Y2_I.4zTY3_4L jJUQ9sUpBB9KC7wEGiigxR96D5yzJCvMkMr7n9i_OaCHKRvpck20GthNoKrM1tHiJRT7aC68_ylY nGVvUsmMIvDHcRSA4rfbKjpNcaBbSsWAuqNaGteksAEmRspywU145n7HOlVgMNFqfE_GUCCMyNZO DowZpCj9KKS_nsVelnkI14D6srrmQVH5.STAlDAlYj6hY.3x21l78sV.CwT0SNW.a58.Qc3H_CzT JRqGFhJ6xNm9bfR0ozhDjdxpYlvacGnuiLnnkrX5DVvmlcUeKgy4C6MUyDpi4LNyPBZ3F_q1edtF icD7SOucF0BcF31FVD8b_56eHS7ikVfgOdYjdgOZ1h6fpcJDulMaeA7NqlzNBdQe0459JuNCAykv l.3uz7M70XOP3tU97YCaJdokeCUizZ95ZCponXLZXjIkkjtQU1dSsn58JDWSeN3LhUNewHb_WknH Y3_jW4NOZQF.6PJY.9Npbc2sl8cDt.Qil5jSKNmD0Z7T_ssv9omQ3wuTPwF6hh8r25QU7lhFmeBb XywSYgjWAey5nJEPYWmgDLPdcyoO.gP0MNSjeWR53maSosJQ9hP2ufHdLbLbDepQouIKVCQB4m23 aozXE9fSYyU4LMeZFAB9FGcOKv.mASpRHKrOFFG88IkyiZW4somalm0TWRiqWXrpYOUncu_dhxg3 HdEdpQmskoX8iM15J0Or3n1th_jCDRE.cLz0LRDY67Xree.Y92O.0gmwdt2EGJ43Vp7WrkAyeH6n dOlQkZwtam4LByfwMCioLiGZylqmpKAVQJ.k2L2hSvfHwvIqPFTqWIrkTMX.IHcUCBPrcxYnr8q2 FG1HN09gmMBVGe.u3j2XgyYP4CWcG5KaBwOjOvtBZlgIu2b13vcIsfm5lkSQpReNtz9kOKlkaR72 DwwuauZpyqTmRaS6w6tmfAyGBD9ulhSAyo6JohbK4JL3.LNe5d9CrClPcqgbtdvcayBJo_lyzNEy qh3KLRAOgvlhV3ALzawO1f0DI.Xt3Rx7NwHfrQA3ujSs_TSVaP3wJZHBoczP5pndHeIWzR7mG8Qu tGtBnQZBAX.ojPvrhlWb0oS.yIaFoNnppVmPJtsXu1fhCyrsgsjF3QBKRfzOjgClyp1erD9Wge2B s6yuSr2N9dqALZOnZdkzcmu4qx8GDEcAm_0nDSz2ZTzl4VNXwLOOM1gbxcS23cU.E7VbvReS5UKC isIw4lmfNfqzwzj0De5u6xgrG3Hp4uZltGi4CibjUMzHULgwuNpRdQVc1BW2r7OHYGEDiYu6s_qC kFXyTYAY4j8jp5hDhidKp5WkPe2fptxp.UvfjoxLbk9E0xdmje6wIE71k14Hljqk0V26hq02bwRo dKlck6rzG4HI6HAtYWeqkorMEg_oUajx7pJWAWLSacgrqZOd6wu.HcDrhU6q2kWjxpQwBqfXm9hv .KaVqq669rTM95Yy.QdJwz6wDalTUgAm9Ux2zp6FWn0326HmHvKnxpXggeUOf8_RCTZynD6seEiq fO_aK_.2V6fSfn_7TR8EBrW1_4vl7R9pZVgbfwMb1OE8FvEP._P4SJdnpsDTTf8H55mTw8bSMDOm pdapHoDLwMWWZO408BJIQUl.mv18zjeRBODpkNBmKR9HhCaHQIZweyw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:09:22 +0000 Received: by kubenode550.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d05a32d7b279403a153a7aae7034a619; Fri, 24 Sep 2021 18:09:20 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 13/28] IMA: Change internal interfaces to use lsmblobs Date: Fri, 24 Sep 2021 10:54:26 -0700 Message-Id: <20210924175441.7943-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 3 +-- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 ++++++------ 5 files changed, 31 insertions(+), 39 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1f025ff1f011..dfa6cf5115c3 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 2c6c3a5228b5..aa27f2144476 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -186,7 +186,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -195,7 +195,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2fedda131a39..d7244a5eb69d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,9 +77,8 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid_subj(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, + &blob, func, mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, NULL); } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1a4f7b00253b..4789d5256693 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -409,8 +409,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -450,8 +449,8 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, - MMAP_CHECK, &pcr, &template, NULL, NULL); + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, + &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -489,16 +488,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -516,8 +513,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -714,9 +710,8 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, - 0, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -758,9 +753,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -914,7 +908,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid_subj(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 67c7762b2533..99d6f6499094 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -560,7 +560,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -570,8 +570,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -640,8 +640,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; @@ -685,7 +684,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -701,8 +700,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -718,7 +717,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Fri Sep 24 17:54:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516469 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E66EBC433FE for ; Fri, 24 Sep 2021 18:11:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B7CF861076 for ; Fri, 24 Sep 2021 18:11:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347955AbhIXSNL (ORCPT ); Fri, 24 Sep 2021 14:13:11 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:32781 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344871AbhIXSNK (ORCPT ); Fri, 24 Sep 2021 14:13:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507097; bh=sSZAkFLtim3IMEiW/QSLmTBaEhGPPpcC/viHHuJ5ZX4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=mqaxQ1QGdcLdVyimRxLSx5f703LyYEBGp24+DJFR5iD6RA9eZbx7A3tNIzM7vGnaIWdAAo16o3WS5fqlPVXsZTmTFlE+8YY0mrKoE/shWNURqAHDh4mNItkwoZ5wH3maoYFgGdQ6cuHq2JSc1TQIjDPDuOqiC1DR52mVXMqHc5mZPFxcQ0BeRAOWMFRYWXUXgalE2X1Wd31PdWDqC/f55j5avbIaHXKJ+ST8b6wRlW3u6ihqJeSChQo3jioNOlcDfaQmW+4Mh2IC7GwrHIrjGZzhsYYb++Ffb5MSFdHPHerJ1qq6yonLTnQkjWZ7+GPKBIJ9UMFMLMdgMQidei4EfQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507097; bh=wuWBSNL+e0vBn8+uacoJ7yI7WoMWpcYGjb29nca2NjF=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aZac2nIK1zC0hnQJtntkbtFAha/HpCgWcMzeO9M+++vIsE5XdTjqgak6KGBpk2KqdqcV9ieWOCUmXHOXoytVZcFl37NFW6CV8aC5VgpZNOGfXnwR8VdtiAXNKWNoDQR0u5qP9R2a6OuyrGy4HNp+noXpZH6dxmCogVuma2TmuCOx6umSHQCa5xhyU2YNlsajDxPwA3+hVMCbG9WibQysoQTz+YIqgNwO7/8xIlXYK1ifuUAr9jMTzcCfcOgy4yIoaoMkFN3TjgrK2j9bJ6d/zxxnlzRXMBhlnAOmNETo6cmtQ3YuVIGM8RFgwxUZip6WF7203a5vUYxocdUMCAcWNQ== X-YMail-OSG: jXv5SmoVM1m.ci_.2VWZKKdDRdxaGLmAIX2TFEbxUg12LvWet4kjB25XAU9K54t ctyygJ0PhgH.UkJRMo7A.6m.WWeRZ4uToo7FqDfN_vjOLZ1y8iBl50POl77oK.QM.kJhpgsROfc_ xecLHgDPRKiM0ZgfLcC07Z.16_ahI5isx8WGWbPENldklCLd1UqDJcVmJELj0IKPh86PG2CDZcl2 Y_JnnD6870_XJfTtqTTFNW2qN5oa5cRgCHLowMP1izreVDT4sa5C3ShGbR0V0_PzNK0kNP3CoKA0 n8t8xZzMW4KB84bL1GxJegkskqqnSjJxFQWnhE1XIxZRJ0SqBLa2ijF22diT1aNLkYQseRg0XFlW MWiMyG4TyccopHeC3TAjYEM.OH3acTzgGVa7jEHRu6HyBbHzzJYjInlyHhAU4mBGnvdEFup1it1m LApqcWVQia1s37bj1ZWYJYPXHn._CW_..hXu6fmYGhot8M1I6ARNfYQ01HxulV1dw3nziEmhAjzr Vj.p6QZQVMnvxlIq.gQXisvMJ.e6zSDNqrkUuDtHW7laApXbZlgoJxR8fukndV2Bd.VbjHynXUed 5xaZBku3bcHnEwsfWKvPZBjA4RJu_UUBq6ueAAaKXVpi3sAPdbyNiRRleVU8oKm9mca0XhJxCCYV FZZ3EDhCSvVEU6.DDJ0x4MC0UrWeNRhM1ju7xXwANaXG_nzygSiIMjGKk7upzkec9FOZa28hBPn2 G.mFqfYFYhqxPlvj4J96fXkvDBcfhbixUeqvrEcec4BM2UuLByvDpxaeIZfqD88GKHooGnTks1Q2 LLBtgyHL_dOxj27w7ccT5mk_TCtV450hDPvMRd7CgB5m2tda9eMcEf0Krj5smvJK4lfdtLUOcZfh qKWhTfEa41QvQPLtEqwkSTgZvaYzPqEm_GwXMM_mI2sUJEpXQpo36frbCckIh_pHMFq02yjn8f45 LsQJNFuUHqbr_Wti6al7wZxsweA4c64pALr2tKB33.6Jq7uZyb7rmIL2D_SPsH5mrgV9eJ3Zj5fV fqXNDzWTPZZj9DIt6EHSDHrzKaRVZ0AqZWLhXL8hsgSzy2kz6sdKGMfmtLkaaJ66jjKeWr7LVekP fhEbi0Vtto2TTz3nemVHWzUr4mP0fHcUaCezS9J.3V43Z7JOK9HmoEHd4.Sy7nLoxgUGHMsYOWSC wm.xg17QhE17CgmOXsmuYu9Cc3WxuajlMjNHvJ9PHGryuU9NynLwryU7qxbTF7.13fDcrlUqCUV. NveX_xVVTHABspIhceoPX6N.KfX0hO.s6fEDsWknLakQ3GN8C2c7CnhUxqHNsYJPasKPNmIzHmYr wwOSD16f.VHAqEGgAi52.fVneDh3Wh4dy6N8TJGjbP2OnwAdYeHbGyYLWoWJ53m9GN1Hv1Tele8S jofvQ8AfSpVF3rs7Vh7JmM0W.6.Ulrd2ywDKSVCM3.DtxhyntlZ4YSA5ngEeiHFq2PBLMVMfqHBZ RZU4qwsjnF3ZMfk9d579lhrNC77tjYbdUbZDR2YSp1KLbkooInVW.M_5JNYchWaS9jws4N_Z30Tg t6wT_exFN9lJk6OpMrcbGlCdiCBNudx3dnDkZt792sR6rUYkEqCtxVPKe65CgShQMoKv0R_98Mse _pLVdtStUnaKoXjWDH_S3N21LRAXZM5vVkZTxRSpxJQIlPoQNvHbM6G4u9okJ8m.v6iQSt.x5Wb7 VSwWHgLwC.67YG6cgU31diN8rpZXtqKpbqVo99KNzVv2p8she0KaAq2SVjCbV9DRi74ykZRRZSGE KBNIdXogXaHs46Z2qyjvsxVJFJjS3FoMeL4YI409JcA_v_ks6wq1NC_xz2kQxvEX47_29jtUyIAy 6A1TEb6FMmiCJDLDbcM6s7UpTpU0Cvg2x5as04jEBhWPs704pLAAIU1_32bDkdrtvPV6O6jae.ct Q.eDQEghjQEYS4K1sPki.0bPbm5HRpKW0VrjHuIz9kMAXM0SmpwvsA7aGPKWWN9c2TZ53VpDblIT 5oxBUWAySkEui1C5WiwZ_wBJpknC3LU80AbiPHWUw86K_kTl3awXQSBd6UAHOlhdXuGXetxnvqFq gPgSfcLbDfpJipc1hdCVd6SJMXrQCyVR2l0qSl0OT1S2vBE5qgbhR57CployeVW5qODfU_2S4rcy mqy4a5.fGQukNZXZ6OVLTHXuNaUgynw1z6M_R1nwEi8fzcoYnMbM_.wX9oNJ9LxaFpKhqK0M5VRy uqJRcscdgRKc8Au7doTp6FqhA.Y8iB5DuOtzmbLYQZKmp7D0bfSs9chGpdfcqTArECzOZRDbI9cI VQTWE8CkiVPnRinVoIXPzUnQ1wdlq2O8uMM3DYpHy9Sh8RdQiZs5OpTy9oCx8eSIELtBrqpMDOz1 rh8QE0HJEbvhPYC9Vep4h0XQDBJ.yRSpwyFk- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:11:37 +0000 Received: by kubenode518.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 3b42191bf6f420db991064dbe869fa7f; Fri, 24 Sep 2021 18:11:32 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v29 15/28] LSM: Ensure the correct LSM context releaser Date: Fri, 24 Sep 2021 10:54:28 -0700 Message-Id: <20210924175441.7943-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index d17a34445dcd..36e41b9e08fd 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2461,6 +2461,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2772,7 +2773,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3114,8 +3116,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 159a1ffa4f4b..c61a8432dac5 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1375,12 +1375,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e1214bb6b7ee..71004670455b 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -136,8 +136,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 7abeccb975b2..089ec4b61ef1 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 58c853eabcc9..580eec268138 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -134,6 +134,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -551,7 +582,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1415,7 +1446,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 8ec64e6e8bc0..c17ec23158c4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b5807b9b8a4d..1b1ddd62de6c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1002,6 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1019,7 +1020,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1232,6 +1234,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1266,7 +1269,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1417,6 +1421,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1425,7 +1430,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index cb10b5f03cf4..bf32ab6f81c7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index daf554915e07..de223234963d 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 79c280d1efce..3fcf44342b14 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index bb97e8af8345..3603bd938b74 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 15b53fc4e83f..7cb6f27c8cb2 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 863d6f77df2e..e9a56d44ab6e 100644 --- a/security/security.c +++ b/security/security.c @@ -2362,16 +2362,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);