From patchwork Mon Dec 13 23:40:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12674957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CA74C433F5 for ; Mon, 13 Dec 2021 23:52:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244286AbhLMXwz (ORCPT ); Mon, 13 Dec 2021 18:52:55 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:34711 "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237252AbhLMXwy (ORCPT ); Mon, 13 Dec 2021 18:52:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439574; bh=nVQjtMtAC70j8vT/pvUy3gBv56B7tT2mEw9lP5LTAR8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=pyGBVqBWb2suFoVZMuSdCJNpAw9mWxZR66aMdfEPMDIm/3i0P2hBDWs6PMsVndw/+qsSgg2jgRofVNGXohM/091uFBVEQ3CMIyUe1ua2v2T9/NzI+gdQV7WLTnGUZzSBTNUEijT4ZUH8IL39oe5bL3bzPTRQhfJ5eJlDFYU2/YOvocrlPECQ45/CaDaA4J2jJL7Dsu9gqE1r7Xfl5GUlDE3pkBVRs2K8TL8wwCcKqnCXX9SGY1iGVeBLeuE6cBVkm5pseDcE7o+JDzRHKK6f1iqcedHVlUkKOJ1WwQGUgsCtboww8z6p6qPThz8zWjqPrq3TDEUKmK2m6MfzQZcjig== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439574; bh=e/6xIKIq9L9DDZobZ5M4IV2S222X7qF6A0QXFnzTFcx=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GePTuOwb+fy+OsYLj4zHQ9aUMCYquYII+TiTFpBgHUZ6Kizg99YCEyh93nZW3tnhi5WiJXeNjx7yd52g7N32dQpAMRDJzU3txIJY9QvTN200f9j1Pv/g6ITYJqnY4Md0TC7YDQBIECHD/GlVXZPeMf/2WNta2vE8YcFyzUPC5FQDTRaUTMccVxyIsdOgKS7zcGyFNvyg+vqPiSwq9+EMM9DtPsxMriUBVVjaZ7hHakGl5MQvU9h6xRUUQx5gBecoyMrDR5xSKh5xP2QFiHWLVthOD/6ft0w3rhfb+DVeHyqYO4NADsCn5y+AMIf7h11tJl/3SD2At2rfDymAgIYvWA== X-YMail-OSG: nSEMfysVM1mLWoKWMVpifKjqKqDOtANx.pDpfcijV7Y6y2FIhyEZYY.xWZblcMU rG825EVCHtgh4Qqk7BnQGL53WltUH20VEHptICxw.Xr6s6FttJ363PTOqUYIGdu12F6Jw_FeMJcn f_euRD2xpyOdH28umf_2Y.xoM28MLRYUnrR.I9FO88Dprr0cxYbB7t13g3ix7_8xZLN._9DvlG3D STsasO3IZ5bSPCzG.x5INOddqN9J79NN1CBT7B7Mvbn.upq1cmMdQhwjxi6d4jxhxlI3t9fmXJ42 HAKOpyfaERBRYspUxZdINLBu1ddxoCSzxfg_CArSgQha.Ksdp1...sSc1u3NVhCmv.CjolwEKvlY B_fqt60fGXTYcm4lJyGDPZ4QIV4OeXGWBhEJHd7.1mjetGYVv9CU7EgJHOywvpe0yKSwomTsFSi4 V7V_4TiVdbZQUtafJkPUjj11ESNdQEuCqCX23a5ocd07GQlkUUeJmoPPTCBTlMYYlTmRYev7gcer 6xTE1JHKn.mnnuiGXOxSgsdwO1GtfmihB9wRcgeYoc.7g7ZycrwpLywOOgolMGGHI.fH7Lzeyy19 hsGu8lUCMx74AMixj_Kisu49qqRlRQ8eIoDBtYWx_P9tP_SwTTIpmhMFFZyqvfkOxOZpDixKtaMO FnGpr8IDQqRRgb5kxc1lA94QA31XawrjPZIoE_hJUmCpEzu2h01zhCv25oyzwAlnIUmZAamakWBj 7cCvRgPPT8TajWp1A6G1GAwOjk2CJU3c2MVsmARg2209o.zc6CoEYWUoX9r.q6ItoHJCe5YhXMW2 mJIRO0JGSmzPtx7yswg23T5cWvGFWIb1o0kujWRzwtEU7i9FVfc268AwHQXi4kfKTmeW4qoPUElT P7poGSVhdxwrPVm1ts.v46vTkLtARXKvTe9K7i7atlBBL8EEm8FCPBsVPSc1eJx0qA7jDhgAP6ly vRdRMFaxW17YVLmhu.iz_2qgV.K5XMOt6wsptmrdxW3Hb8UjjIxgAO6Z9xKuDe1BJvJlRrxwiUBy UKhPgXr8bqzMMSp_cVVu4KTR8yZj5fl3R4jhJ3jB892bwORIUkRDn8ljjFXb5C8777U85EwCCwcX CsYdisYfuxxaeKbeUqTBdOj2.J23W2t50pk4GJNSY9PoSscFGSDWxa6X7q5d5qLespruKnFCSYdM azgZQ_koAMPp1yg48OGHJd65bD0a614.zw0IMI8dgVd0Urufht67RrzfL4zW8TOMnVpjFRSz52Rz MeSdv.rvHhwjq2mA8v0744gxeuKwWmy5xBbuJBHLp5VziT1SSkI3Prv1wZtb44CJieJs0PNTI1W0 wUdNfpa9E4DcxsR30S9vk2QvHuocZyr638OeYpKFtb_GxVV4AgGC5u__tMhmmf6JE.QAcV553B7b GMPwwIkW_ku9aLUKrvPTo6GWUpkyU39yt.oGVuWYr3pyDYqwPx5_niuOX8gr4jQtpV0UkDLSE08h gOVXg8xpI_ajf1RyC1yAeKuRl83VbytbxUS95qqAZj1fE6bzKzjWtrj_of5yPStGcqVpctq_kQOO yfqF23HF9UaV_3nbVecTtCm3tvJiamYSXy.6YdmsG28amP6AfbauobyeMwyswSkQFjse03v1NwsO GQZoa0MQ17mjSbI3y9Zc38tdTstO6EvgfnIZ8irVxmdDtYCiT8TLNSZVdGbvbB8hNljCL00JGbIB PH4pDxAmOWawbhms2yVf0oRBi1dKzY1OOTKfyj8CZPUbZbaK2zc8meUcXqgc6rU.HctzfZ_envnp PeSy.kuuNHn1vldxjQoxh.wr7vtcHtNCxUDrOvk8srvbhCpSm_pYkKxiKEG3Kc1lJ_Pa2jd66luU yguyUMdn2gM42f17YnsgXydfOSNWnbO5Se1Q6_fPR9IUQDi40YwQDTEDXmGZPHaTlwj6IFo.R2j3 iPYPFia4cMQYwNWx55MqQ5zfgiLPzFASFXlSjCD7h.E0cgvqTNb5eud3NmOwMP_ymmpMjNTmmZWa qMp2eXgggceX8t_zvUlZ7rto5VWmXQovbVZEjaE3zfxiBR9mNembGhJ3zQ8Z7MYlihW3MJF21hj8 76RdH95RKX4_FM3J0H1rztZSMAtI_E.Yr6G4mtuUx5MEIF.0WGn8FyHnSvce3oOGKGBx93WAmbOA RmxTPjMD.2AUx.53dD0TIsS3d5FwjwH8TebIq7VKzpU705Qjei_M4CpJTTHwCQY7BOUT2teLqZQ4 pyCuerxUnafIEs.X5qKElojYFaPrS7DfNbX3VSGbLZk9iZ4T2q8CW3ZmvJkeG8ReftMzLhaVa7zb pSlpTMv4LVd71sLUJ28J_L2.Whwxj.b58y73anTvbXYRXVlQz X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:52:54 +0000 Received: by kubenode500.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f07ace6e59053715f081c87d7cd69284; Mon, 13 Dec 2021 23:52:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v31 11/28] LSM: Use lsmblob in security_task_getsecid Date: Mon, 13 Dec 2021 15:40:17 -0800 Message-Id: <20211213234034.111891-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com> References: <20211213234034.111891-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 14 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 96 insertions(+), 72 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 7805d08cd1e7..916a42c68b58 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2718,16 +2718,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index a0b9bf48a60d..bf91ff071ea0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -503,8 +503,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid_subj(struct task_struct *p, u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1206,14 +1206,16 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_subj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 22286163e93e..d92c7b894183 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid_subj(current, &sid); - if (!sid) + security_task_getsecid_subj(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &audit_sig_sid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 88a8d69d03dd..3054e06cc207 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1370,8 +1369,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_str) { security_task_getsecid_subj(current, - &sid); - lsmblob_init(&blob, sid); + &blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c469368818fd..b9a6760f55cc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -667,17 +666,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_str) { if (need_sid) { - security_task_getsecid_subj(tsk, &sid); + security_task_getsecid_subj(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2703,12 +2694,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2724,6 +2718,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2735,7 +2730,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2756,7 +2753,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 51cb4fce5edf..15b53fc4e83f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid_subj(current, &audit_info.secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 6190cbf94bf0..aa31f7bf79ee 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_task_getsecid_subj(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid_subj(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index dbba51583e7c..2fedda131a39 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_task_getsecid_subj(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 465865412100..c327f93d3962 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index f8b5e2fa37a0..ab285557a31f 100644 --- a/security/security.c +++ b/security/security.c @@ -1906,17 +1906,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_subj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Mon Dec 13 23:40:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12674993 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF0AFC433EF for ; Mon, 13 Dec 2021 23:54:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244300AbhLMXx7 (ORCPT ); Mon, 13 Dec 2021 18:53:59 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:43688 "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239532AbhLMXx7 (ORCPT ); Mon, 13 Dec 2021 18:53:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439639; bh=ErLYnnmzVYOVC7AIqd9CYsBXa/tj927ekfaGW6T7p/4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ZJk7Yj5Y25oq1OQrGOP6FI80T+r4rHkt0z1g3h8saSDTZxXH/Y1uzHFLJZvW3ii5kzntfZL64iZZSSrC8Wb/NqZTRGRZ7r1xfGx4BLCWcCsxPltfjckH4xngDfGHsl4U20FviR0WGqf11jq3f82aPd6pL6OFfuCvng8hjA2HOeipMTzVdOrY2YpyuHFpGGOL+9mzLI0pDUa6pu+J9BlFWBr/IDRC11LET1ZDTF/hb6OLiCRkS1/SQOsx/zMtcZYa06HFwU4qHmt3nqfz1i4WqqmO2Tu1tP8IFgEUKBCYgCkRZlnEyX/9fs7bmG2qGqRiOUARg8l+rRDIHrmCUUvc0w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439639; bh=zVEnaR/vrf4F15VPpXkgKSfuf3wEhEEG7X1UE0Dfbj5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=KkndheORgywGDOhCAD6jyhD1/aXWeKYaoDG63q0a8z8XOnkW+ZPSyXh0xzmjDkRxzdsHPffTXHRZwwbBbdrzc0tnxWUOaffxH5knMp9PsFa/2se5yfxMMh1xcfsmOnmuIla0AUSzSR3CyCrsabnfQi1caiuSQGIr0XE/K3JxcZdwNibibz0D3mNzK1nR/X8SbGmdIy3LaHNOD19Gz29su+hkETsMz5I/9F/wE7ImLoo7PuxNlkiXzZhWJRxvr5dZhfSeChcGkk2h0W1pVlfSKQAt6j4mSkg3kaW/MnuQTxznJoJqwUwvXqLTZNGi/+s78ktXCL1h0rDdchbh4L/WlQ== X-YMail-OSG: IYR.dRoVM1ltDfbKnJXbRMCh6vwoY.bCp1Og3IUSYHgKuG8Fehg34DBcacbuQc8 VSrDGMf2psJ7ZYP5bb5WWl8QiO9K8S7MgE6E5f3EMbz5O1JcPMq.Z9xQFBLMAxw2e1gUycgpRMR9 Gabemq45Ujr2TruqnsQMDX5Hc_Iti1Lv3J1E0x8Mhx2vPdy4pxHdt_SJnXL_1jCN4IdDG3tItU7s C3PU2ZF_U8e_0Wx977FFjDmodG6CUbrQmlezQJkMcMd2Ic4mW8_d.ltyee3bbKJvnzWZY0U3AwkL toC6ROs9QjJTdAKJh7O0sFRxNIgCjIDvEW4rMs.pZG.ItQNGXkzDC5T4MPkVxvlG_ETs9DqOPpfj DmA4YTiq1w1kAUrVrq.RZ9vIYwrrflwqBsFgX.S_9.oKbCTzA79RZi11hI34ZRU3LXaqPAS6kZ1T 75OdW5_ik1ONnI1n1shpaWO0qjlTnTsQiTMeMluUbJw6TcgRmb0aNqgEYiGwC9oCuMX8rZ7ygeaI k._GNFsay0bKqldPj76X3C1HhgpQVqpsRW.ucz0X0n7hxs3nQPMlTj.Ec3wCENS3QegbLe12Vb4z OXlti7BDHvqagZNdrBEdCL.touzAjdsHD30Jhi1AwljbCmIRG8xFTjVRVznkW62K9IZjVvQzBsJY 8E93oS5j4SKT4Fx5NL._J3ukRIuvHefTiptErwvtoX2QJp6PegBPvtma7yQfxACgWYdAM7ZIMXXR pkI86LNAAYF9gItl98Pmon9cLAZi5.FUf.yZL._Ld_dkF2Zo_aDe7Ky9eyPyeiGawFswV5iqO1pi 9QsrtpqtCvtumZJB8JHzSSafP0rsgIn3b33rhmf7NXBtq9H2JbXPpXq._yjEPhMdIb0JuNLFEQ5i ooYWfkPAa.qpndZLNmUHgHF9jdeMwkr9zgFIbdhQd.Z0MPZjhHMvdptglpu9Q7LUin.XCoAkZymc sLyjcNuoTGkyrmo4_unhSyvVqaUVtKmW42hoIMZsqpOjC9DAxwMpWdEMxPWTmulvX3Yv2xOc8Bj8 8516p0ZRWk8GHtL8pQWGVDW5yya0jx_2LNK6Ck4hsgZ8RVaQrWllpRIMU0SFQGfPx6gCcAdNMK1u tBOar8KVDXwgEDYTb3vjXfDbBhTmiB8hSYfutFbWgqwgOX7fWwAjKJZV0KnWcqq7VGXKb.im6WkU jeHOiSztvtpMqJdqbVqaH_UxhgMjBYMgN70jAwkK.DStiyNM4i5qn3VCT3eiJj5PSKy.BNh2iWJ3 qV44d3sDic3XcR.zDNSptee9L5UfrcMhFseTOs6MjM.w_QRl.5tVMPMp6MJv4nNVi0q0FkeCmYTU _QRc0n60FC6Z6J5FmtqjNL8gWQb88PKc4aR8SDql5TR6H8yg02cETMFhmZmI9dQGOkzpyqmib9t. 4TaZ05ltDqX6aWFhq1eQED4qoIHg2jgkDgndOWC9JRP4vozxuz_m23bRsC2KrRkU5d4WWc.iJaSC VMiWJGwzAx5fwjW8iB6IrB2CiOSfC.ra_p5HIFyaB.vsMCdED7p0F9u1N1ZvKaiqNuGIDEs0MHoA .Ts6QJPNq8yiDqqx3OAMB_8CviJqRwbS7X27Omd0uA5o6uqse_D1oO5M8zF_6sO5tAI0772QF8WN QGD8quUT9S48dYP68jxU66iY6ONPff28UPaEAvTctvYEsrC8lFx4KvHIP4PePMVaedLLJhBwceMj FY3UklT2LCFJu93doyMml3wYTL9ua_R5W_YM7oOrdcrlktkucXZXy6cbef4X5jhSZ_JcoQixUDQ4 RNMUSaaFKexXlS6UGzId1XbFGngY6WdpHOn_ciepaDridoUqoIJnldPF85mppD7L76TLji7E6gMK ZNrBX5L0sMqHP829atIW9xYZ3yRbmRCGVsyC2LL4u2XGFtJE9Yhf95h2c_9FYeNstpSBRHLrTG3n JOcyD0moCMfCbLjzuufAaFxdOx_TKxlNekfH86BA7gYu_jhd914oG5qfNTBLeO4M.s0Uh7bjkhQ5 eMTr5cBKpDP3JOHzcaL.QU2awKJs5MI.BrjAoDNOlhwrocXsSgKqWsLDLWs5ks3vdYKqTL799qbb lIv5544f86KFSYt3LINVLxInrsco99KjTlDEI_UAT6_Azw5RtJKIOzBZKrRlWBMDIuiACJOTQZJl 2PAKbWmU8MeQwikKShvwkSt6_jdJo8bmtrawwA4wsvOySZ2u.VvZHG_w1Yhl_jkp7.xZui4R48AG RR5AsCKyfbFSnqTGxhbPiLRvJQdl5dvMaNhBBDHiTRsbmwhsuxdNVDNai.g2lAHK.LyNuCQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:53:59 +0000 Received: by kubenode509.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 49c1f8fed2f9bb0edca267b841b22070; Mon, 13 Dec 2021 23:53:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v31 12/28] LSM: Use lsmblob in security_inode_getsecid Date: Mon, 13 Dec 2021 15:40:18 -0800 Message-Id: <20211213234034.111891-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com> References: <20211213234034.111891-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 7 ++++--- security/security.c | 11 +++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index bf91ff071ea0..3433850a3f9e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -457,7 +457,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1009,9 +1009,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b9a6760f55cc..34cec4cd3dbf 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2239,13 +2239,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 22952efcc0b0..34ecdd7b01f5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -625,7 +625,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -637,8 +637,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(lsmdata.secid[rule->which], + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->which); diff --git a/security/security.c b/security/security.c index ab285557a31f..57423c92589d 100644 --- a/security/security.c +++ b/security/security.c @@ -1550,9 +1550,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Mon Dec 13 23:40:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12674995 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86F67C433FE for ; Mon, 13 Dec 2021 23:55:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244315AbhLMXzF (ORCPT ); Mon, 13 Dec 2021 18:55:05 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:34888 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244313AbhLMXzF (ORCPT ); Mon, 13 Dec 2021 18:55:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439704; bh=v2ArQcc4YgITLhmh4+LVreIOeftCXoVuskiPNB9noNI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=nPYiCZxMvYag9EIHbYJMkRB7ReRZKD22ueb+ta5A6hR1vEkOf3I7zfIeLy4ec27Yh9d/I3o42kV2NUcgQL4BwspmDEPt4pEWaZT0mgaKM3Sm0ZLTCltc64KEsCiK5jTnJIKtuN4gMy7QTINMeiHSzJQsDDzsfRrTADDtKjmHMVibnMjTfyWB7RtKt1CvHsAZGbXiKXaA7CUbomAM5xK8jQiifbEv9tksnTgpBa4soLQ+M2xViV6UTfyjuo5W5zGSfkNL09fbzO0ePHkYjUKL1rS83ZDf9bOAirrAN73Ai0vahpBrPUNwE3aWRz0M6SgYRxqEGydrANP6SIfRo/YZcg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439704; bh=FLz2twA7hGTRRCzOuwo2f1c7jpAhX1CAHrIOzxRGMI2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=mXtQPkp4VLDbXviYgo1c3VbefHPqz9hy1Sqt8899Pk1nvyL2AQpNzag1l+fd50JHneUW2dPYN6F60UCT7amrjHS3VyhTkP272QPbIr7ke/IuYWpiggK0i1d+L+4s2vQUOwW4KfKak2a/osqn99lQFRytFkKRfQXhCci2+pne4mI692txmrwAxMuy9g9lYc82s9+LJkLDZfGgT3Th1DUfiXx7LwZ9sZBhB9EjecWbSelP+i+FWVR8tJWEgtvcoTq6EI1IlH0FtIiDt8bdQKdcNSHhiXaavwTiNK4TvKVbYmCILPgiPROyMktSIVJ8h1ba54NTPxnQSMbw7g9UIr10AA== X-YMail-OSG: v9GoCdkVM1myh1lIkfIO2XXQ_HxQLRAmdKkYI20nV0lBxBcpV9R3KXmJkLT5mVQ iNcqT7PL2vhx9yxCCXuJYO.JZz9qbcn7QCDnPoL3QVyK.TfAoAoUfONGUxZD0uBjgpEQh172RVRT xZLxeGOXi7uZIfmCTtAtCWLDtrruPhiBVIXJCFlewVkGhSvPUQ9WTcXYKLNdtCztDMqrNcjYLYbN 2SEs6_24pIn.q_WFQA_nuhahqpu9iozmMeMKbSWORxFLFhWgErueFxCPrcNMpbzpQK0JGTAAz4A8 stVSi5aMQH0mmAij5t8QYCcuZtROlbFMV4Va0UKnrvkcDgckj7Q5EYwCF1OiNtm5vLczuERyvtYp K_W79GQ8bDnn6c4QE0wQdG0Jg0YC4WSP.jUeG.ure2vjXY1hiecFzjtfv2nlHA.S0lOH8CNULfrY 9ujqngbwVqS9QjHSzgyKiNCvwL83mMCHplHu4_QhxknhLmLJ3T8yGdmWWZj0OszoXhAX1TLVUJVB IoD6T9wG9GvOzAllAwQ3KNUSklaD5iY7pjsCtu2TyvIyvOgOowe3sycaRYxGt3Iw9suYfDcBNvwz SP8MPoNiPvAWYKi6H4xS6pTgGWsDszdNtiyIKQ7YIhexfBPwC_4BykCz7tcXD8E0TnOHasvxcdCt zfOETb0CblpHpqB83bcH86.ZqxZeSE2Cckica_ZR7kMRgC4_EmFFjENuGf6Mgtrjtv6BWPsA3i1u bILfN6fMl_18s_baWe416E0Y9ZIVD8TxBiuPgiMZs8CsbeSnara3ba_KQrivkfHaAuOKaJELat8k 3HbdsWC5UzXqBhnhiXXdThy.MhA_YIyiK80fmAndKzi2ss.3zvd.hBYP3cJUyDynFKqgYl5KeggM reWyX8Hb.aqs_bMqLui00CexV4K0510jUgxaW11N07rH5dVK8186kVCDOpxhwz_1eH4B6MSq5s43 BV5Wge7uzTdYEudmMZOvfx6UFi8EC5yJ39gD5yLiUwQwbOp9Y7l8yiT4bAtmJ_GwrVcXGrBobsQ4 knYYyuE5DdIRC0Lmo1ZfiQOY90GYIBdEUg_Vyti_7EEZkqIe30c.Jczb7Tv7bu7k6GgCEKkMr8XD jLxFc5sHfqBNg5hz0TM5pt8XXxiS0_WHOBSJu0Kxa79fknh1ao4ndLI1G.9dBO5GQvsmQWyOOah0 h7dCW1o43zg6p48GC8pJOl6d18Z2va.n3RmQa0DHptEtCX.f2tb7ta38tt.Vk1QtEDIuhIOWnZw2 .TlQLvZJ3SF3cV8NtdSj2q51zY23QCenbydy5VEge2VnBaYDxhCe8UwQrG9BTHp.p.llDu1fSEF3 gCyv6RDuwJhTjRwmzeiv021ZOUCepHVR.7aNmbh.r_6r6lAxn9yfo0gD_qmQd9E5KwquTx9kxl89 qxGz3yjFtRAzKhGJhGPanw2X_h4P3MgRwatnfpvdjoIG.6BOL7WGjUSRiyHS2JWFwz4rATSGgVXo NL9pL9UcliRBUYiAaX5GieaV6euDzihj19r3aF4hR.PhLz5dCxAPZennUcbvmdH0R3SLNC82QFXm 8kObtDqaaIejOLGFiWFBnxo9WXXVum..3oKwBVMPQtQvei0w319Yeld1fyKJJIFG70qvPiZWLnP0 VVDmrOfD7mcm.hxdm4PwVaAFrIPjz7ReVpWEQFP2TSB679lcMKVteImiWmhNt38K_ktHkij_TRig epHoIac9Z9f4z6kDA3ccGOMK89xEegETjLHXyRYepEf5i0hXjVD84TIpLsvltzmHvaxQ4bmG3iod LI_Iz4KMwJ9VGz5xjzjlLtGGJLMfAdNCokNjNxpCHSxj_TGgfHMvH._CzS6qpSMm.W4NPsfuUzF. 6ZUIfqhP5Eo4.SKE8ES22561a0Hs6Ns9xw4neTdxrqOMwVsOpALM_Gjy9bkUTMK5yMgAs4K2sfsW Lb8W_qyPccFIy9jiTUq6m.flHNLwLZdOX99NvIgTb4GVoqq9irPC8zLTDPbokK7.z9h99U1yuKJw C.WCNyCwhwGIAOe7.JHsO2EXt9Em0pIhqWfVEFOj3NJK0MVQqLF89eqbzPkw7_d3HI2jV2tCkpMw xOfbmlrk.LqJyR_yDSX55YaYjpEAeXDwkr_HIeiR8f3aww0DGuZV5RExb_hwFQloQlHomUtqWYGL M552EMTtFg2GGvpUBk_.b.BY6lY03ucLFTJjibYwN94H4OAm71e1ULu4E57l2nd9qyile39CMVOw LASg3GC1xjUtkMeN1Q8Ci3TrMX1u_LKjUbfIJ4peqTPwTmZ0PSPPEZ9UrhWiLoctabjgRT8VxPbb m3bjHVGD0T0btmH_h1Dlxe7dqnITHFvpB7BtbrKwC3nRCgnkJ X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:55:04 +0000 Received: by kubenode530.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 938d4f01cf5160466ca0a1e860c118e1; Mon, 13 Dec 2021 23:55:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v31 13/28] LSM: Use lsmblob in security_cred_getsecid Date: Mon, 13 Dec 2021 15:40:19 -0800 Message-Id: <20211213234034.111891-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com> References: <20211213234034.111891-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 7 files changed, 36 insertions(+), 59 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 916a42c68b58..27b53e5f71a1 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2720,18 +2720,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 3433850a3f9e..3b653fe331dd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,7 +484,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d92c7b894183..8ec64e6e8bc0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid_subj(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index c4498090a5bd..527d4c4acb12 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 34cec4cd3dbf..930254bca7b5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1009,7 +1009,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1107,14 +1107,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1123,9 +1123,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1753,7 +1752,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1762,7 +1761,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2698,15 +2697,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2722,7 +2718,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2734,9 +2729,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2757,9 +2750,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c327f93d3962..1a4f7b00253b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid_subj(current, &blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 57423c92589d..0e17620a60e2 100644 --- a/security/security.c +++ b/security/security.c @@ -1800,10 +1800,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Mon Dec 13 23:40:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12674997 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 838BDC433FE for ; Mon, 13 Dec 2021 23:57:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239361AbhLMX5P (ORCPT ); Mon, 13 Dec 2021 18:57:15 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:35473 "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239695AbhLMX5O (ORCPT ); Mon, 13 Dec 2021 18:57:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439834; bh=Sn5tjjAGSmqW3nsqIgtZNqgzkhGliBqVHotdg9HEefo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=YP84/wT2Xty3MBSNMp7XC4nnHiBV1Se90j+VUuV2H6dw53bcAeXNevBQihCVfBdqpgyPmzltM0md/PKZTXw7T1qtKuHz+mmWvSaeUdVuuofjrp3uaaNGgYAoTnaMJkvpkWrjW1sQuxznSLdve4Sr3iVHY77TCfE7e/Ra8BsSdvsg2/13AyxB02GptdtX491D3HD7SvoB9qTczkEIUFFKWJaGoKzxnsS5FdpwblJ2wVUEAmX+X3SIAiWUwN2q5hrjIgDuYzuT/CgE0WRsoGz1zfDoy7CD8ocbcPKW/vHt/fxgPvOp7EscQIStdGXhAOHYRDr2A4PXJa58bUcRrva1/A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639439834; bh=WWHXYx/YU0+TYu8UNTr5i2Tvia2wLWZDXQiN9WRM7v1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aazwde7/k1nIb62hXiFt1TvqqgFMaKRsUQdU6y3Fiy9nHj3HejDoHoP3/M/335opGhPe8pkdD+c9VCE4LkxnhNMEyh0luDq+NzWeaw3d7xYU95WRhW1R0wyqnSnLKe87xooY4ah7xJSR2SQOUrQIrXeU9hyLrZwQtpxDaUd4zmuT4k7Sk3xVQrGS0854ktBd/QS/m9SHnNYJGye84wFJ08Io0sn5/xMIjpZe44GbqUamINER4/xigTqr4rxqf1sb4zRYQ5XEM+2LbXiS9/6G3a+rfun/qWoq77Ll3s2A0E0L5O8a/eTStTJ4vfTM5Uk4vs+RzWdfAyAuM+nFxtit0g== X-YMail-OSG: OEodNHwVM1lLc70lSb3Q7McpeYOUxzSMiC.VqaCS6Wjwe5xTSb59hzGao34qiKu uL32ec_SK00UScL6pFM.sEJltybyuVpFz0imSBdLLTby6G5Z1aIa31nZL0uqwPnXrjFKPKOm4c1m 0k8HLpluKSUjHwYVg.6DebM0joz5sm1qSMzoq5.UMiOPStVKfcSvP4O8tTdwtYVD9e40uFqmvCpG eulXmrurJevY2p4Gk88OT1wMYNg8trNtLHjJf7GQ1S2evO0y2GTzhVoEcnZUvdmgLlyFT7Qjqk1Q zNlzSFt_IKDoAQOgnRE7u5tP4rkaV_6.XTLbHAZ1AM4h4fkIcgi1K57_4BAX7I8d1MNOMEAV.clQ a86dAO_Wxm4W34dgTYmt_oHbDrRPS4DBWFw46aBoA7scOmGuX7vKuqlN1eRNTIepCWP5ZMWG_wyB oGxTpaHUL2WNvw5h5GvA5QFQCPBUiOrutkf6HXL041LUh37bnsbAjiyIxmzCg3I3dLxv2eavksX6 WrCwvWRp4SFJ2lIcxKr44tr9Xi50x4e.qmksfWxX.Rkf2QwvPDB95GERcv.VLdnvqMN1bcuhFQyC zwmwtmk4smmlpkg9ulNz6EAc5olnTgOsw9Asm13D5cUcEnC9ZDnHyQUPp7tY8YftGkR2aqeXv6JR 3r2DmkXUEjz2nADYXpn46LinhDQOWFaIr9vmnjtpgEZ5TMrr3J3RAmkHg.z8xQEJq6KmKR3LSftW h7FEfG8NhrpT.rtWwglNTuIjOMp3Fro0CrkNJL0zuqptgEJsy7dNum2loO2Jp3.yKp3O5fnlxnSy 5rfSz793NsTkiio6OELgPtIiWs2oaa6qB5WJ.GNZdJgBsP67Oey9lRwFZxQUIKSDVxP2xQRMZQG9 zAZGcRjMyE30dlIvsN3wEjLamECq0g9zVETmy1MZ656oF2k564WYY9ee73Fv5emPXtNfTa9J0cEf TaQ9utj2tads_lvTlEDwW9k39M68P.wslaMP0OEez3JHMNPUI1z8CQWHTHgWVVhVmyY8cnU3jA_v JFw3ITbejy11v31Rn4ugdGgfzlSlpx21O.3uHNrykZgD.lL0D7wdAc9Cf2ekGJ4qAuR1L7IFphg. dyWttI6rdXuOAqHGgvPaAx4ulsCULFKE0VC604YEU56ZagnSUikNmofiH0F31HptE1V6gaAcphBF 1mIpIOzJIGghzsQqy3Et9HlBoh1KbYsZPKm9vh8o9_u0sbzPEyuHqBNelagCxg4OpWIZKMjFKV_C PddmWocLOuLPPDckhPmXiEIfxQ0pUB1hPPADvM5F_8Ep56X6nFxQemMKGMBmu.gJekCAX.yHLAPB x_9RHnuz3RDzwkt5aLzwSEFdyVBs1G83wUsDdOy2oPCDc6rEiV8I_0R.4YVVqiODdFnkzdC1u8bS njTsr4DDV7Et3MCDg_zGUdVH_XCClEYReBTs8ja79aGuONvO9Z8rBkYI1Z3EFEYM.Fti11qZYl43 8Q1hvLNX1xLbtMDxwZG07vVM147I1wYw1aVw10FJ7bByi9JuekUBYNifi3558Lfgi25AI2wQwcaB l_xoKZpw4zBbmwL7fMI5jN77dczJMO8XiDOCDmlqQbM8aKHnu.cL1Q_N7DSy_9p6eZ7PplxgDlrO BPqPGzD2LrOySeNgT6tkwIHBy2IajI2r5yi9Wx6GXaVkTX3ue55qDRyTmlWIkydrovWghaqTD.Zb s.rsCxwP4ggHZW293Bwz2H3vCuh2o4l4Abgp_gXy7gzxeCZjHGUOZWLlNnpaaUFgPsr7VnjPMhHm oYrL8EIOZqQkgYBSi7KAviizCmK.LHTyklCMeVToSa9BuRRIDPq3BuFunA4N.r.UjC5LcngeWhcK s6Za3H9R9QTJXpAUd40jzxEEoEfsiqQmCAFMp4IKDzPX.9O_M1vleTEG.0ligq7Eo.d4NFC5Vy0Y 9zmquCiaXzPgyqLIIU5joT8ezreDD9poSZLg2badE9WcuGLIDedmVFG9yRQqcErY1tajoxGkZSTM GrbmEuwuBeoAQYMEXQnutfR0yFMMBRajfysAX44MCONoDd_g191vCGb1wwMeqf2vLopztD6rmqz8 Nd0Szpaje_67ZDhZRTQ9k_aWeJwCABRwKHXZUqle5DE6HJBLaDHdkaA9Z2yXPslJIZ.k9sD.Ctdb 0fCAvibIGdbAXaQs1x8AXe0Xzwruv1NmMt9ypCwJyz_0rTisa61529WBkK81.lXGuQX4sJyJavIc VwyJeczoGDSRAdTpGrj1JwasepWbBVJY_cqTD5VmPsEhcJoapkEYekCLY1DLNI2hC4zmz2B0- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Mon, 13 Dec 2021 23:57:14 +0000 Received: by kubenode527.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2cfefa36b6f587455d7cc15b16ec7ee3; Mon, 13 Dec 2021 23:57:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v31 15/28] LSM: Ensure the correct LSM context releaser Date: Mon, 13 Dec 2021 15:40:21 -0800 Message-Id: <20211213234034.111891-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211213234034.111891-1-casey@schaufler-ca.com> References: <20211213234034.111891-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 27b53e5f71a1..32dca5b40e8a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2469,6 +2469,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2771,7 +2772,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3112,8 +3114,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index fcf7dfdecf96..df2b3bf46364 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1374,12 +1374,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index ee3bc79f6ca3..194bb09663e0 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -137,8 +137,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 5a93a5db4fb0..f96da9ac116a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2841,6 +2841,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3342,8 +3343,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 872e543d37dd..e439663c955f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -135,6 +135,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -570,7 +601,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1440,7 +1471,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 8ec64e6e8bc0..c17ec23158c4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 930254bca7b5..3c72ff647fd8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1112,6 +1112,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1129,7 +1130,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1342,6 +1344,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1376,7 +1379,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1533,6 +1537,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1541,7 +1546,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index be7073df19a5..dbba700fb151 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 67b0f3cfc5c7..40cbb00432d4 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 79c280d1efce..3fcf44342b14 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 62c0c5b847c6..5961a9b17f66 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 15b53fc4e83f..7cb6f27c8cb2 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 1d734d9579f1..d14717fe0cb7 100644 --- a/security/security.c +++ b/security/security.c @@ -2363,16 +2363,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);