From patchwork Wed Feb 2 23:52:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733552 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79C34C433F5 for ; Wed, 2 Feb 2022 23:55:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239165AbiBBXz2 (ORCPT ); Wed, 2 Feb 2022 18:55:28 -0500 Received: from sonic307-16.consmr.mail.ne1.yahoo.com ([66.163.190.39]:44131 "EHLO sonic307-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238960AbiBBXz1 (ORCPT ); Wed, 2 Feb 2022 18:55:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846126; bh=7Wdp9EDsxW1Zt6K6PMuw73Hqz2U5QPna7Igwbbb21go=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=dRM7ThvB9xQCBXhr5j6mRNGopRd30f40EtRQOd2hEymLWmJAMj6JmEa9Uy4JYKQix1maruI4Ut+FnRD0MmE9353IG0c/k68PGZRPZWtkZ8rg3doDAcf3MQFAATmso54wTts/RGBiAfAtzQ1m3VHX2Z9RArxsJWgspQWob1xIX5fbVPVw/+NNSKNW/XPRfXoeCQrx4L2/gZk5JcvTe3qkWv/SoiBv+TgVF8KpEQyrEnagHKCYobVAI5QTou+XjDeMcKx4GFEIwmynGIaat8HVZ2XfvHq4HB83xqI5N3yqZej8Frdv0kK20deL+ZOwbM3eZs9nMRGDW08vzCoVsNjhFQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846126; bh=uoevc6ge+Cv1vJ1tnZ9/GxO/v80tYCcRumY1ywvv/n0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=e4Ao012mh45Hv9nR0fX/kY4kF9PNZwpWbxFaj9hCVCFrb1rWsb22Z+vXfmUTz6iKjw/ufKFqiR/NjIPk8KjqKcKj5QPI6HM6WPWtUCaOHKSMk7tt/Tn1/VJ7IbRNiCs5LSkNU/BQ+/elHdvRPLgScJbeI+UGDci3nc0moIVmpDJdhUJi2A4/CPwIJ75VJbCTqaZXkCI5RaIzaw78+EFOYdWwFFRmypwHNFBfdQtxJkrjXWQ43FeyyAecgHoUDEzNXSiiuSdwu7+zw/w4M0rlePUxnb4NxyMNzFO++mBDQ9Z3wct+rKWkWNdrPPNUL7ecoOGSCjh6EW3fYxR6xJMccw== X-YMail-OSG: ahew7VQVM1mvaM1LOt1thkorhiKa6anOv3P6yGIfLazmLgdRIAgmJFso49TbfYD XYGCwmnOqPvQg31ahSIIRyyPsQI_i7d95kTtyEKVGP1vFL8QnHSG5q66FgLfg6iFUPTN.C14jouB 5i18FlqH0dosJX59Ei6Y1gWeZqn.GvupuhdKlxRWxcE1yEwTW_gBd_hpRasCLDSCqVzb8AK0zF7s DpVxX9ZvDvkxknS.M2USrpxuNITy2GVEbI5L.uLVkJMFEls55bMAIvKesVM4r6XswHET.AJRpeRJ UZ6GCjeUcxLZ4Lu1jrxHjXxmm3FLL7Z10acHhEz7S91Pnsgs6NAsYrOelSOMdcf7W5T.4Pqe11N3 RYaSmyI7uWBYVeyYqLMSmVXrAGiVtYvR4dBLJDJ_XJw1Tp6jw4RDp_EWqeMyCuLcuxBzduQljDFp YzB5ziy_dLIoy3lbX1K4uhZmQVBgtyooCsCUWQ5InSwwzuepC3c0seIyWGmfjX0RWzIiPBo2hwXN eCoHkBRCxNn6K77hIwBryWBPfImrAdhdlTOoCl8tMdkDu1XvSOCoYZAOcKJZ63M.P3sNMJ9tl8R5 qZG1flyEvHvbBE_5eRMLT7rmIBGlTKhMo8bU17PNkZREG5QBegXN2dsMvAgxnZyl76HqXsOVtd_n 0cmDUrLNnz0aAiuHT4YnjfxNLrp5odtlrDOfvapDICvdXgYmfiJBM1dvqQuIhdcOMi76sCqmX1Dw LS_seFSi6XAwJJ9ATNsZTxQe1TwC_CwU3mOv0zkSwFJb4KfN01IpXogX5xq0A76Kr1t4TopUPmI8 nf9haff8Q6UyyeYHklPc0OiUcrXiIo_cNJUn4KCqBttfuiiKyQpxVGWE.jDbaE8cA2OndcrtBo_B dL7SAECvWCJWI2UK0_UYXDt_.C7h4FqW1dK0yZOZ4WHQDSTRZz1bOJOrc_bZxwGHPovWgI0SrqdX rOUljflQY4OjbjcYnaYStlCpow4sHyBGQngiMfoP7rI.tLXcUVKJvonm8PUK6niYhs8PSZOr54yO TLtJSy6x8yBb.m.tCWnHs4CQHS4mSDJZ7Y4FDoxefl97xlOjTHvMirH38i7GWKFtanPnxHOGVUEi jBS5BiD9ottSnYdMbcIbdFYPIVjV1HrtdfFOgqPWkKmUtNw4TAXLuAwAb3E2LcEVEJzyuxigCXtH EM3uKBgnj5GNYixiECVciWooa4lSH.J4qsRdBZP5_9I49BdrHFaJRq..ynfWgr1dtIdXlKr4.2q5 gKOwHxxVWzzokjSspIyc1R.CSuMflmkhMtRtl5ZyC5yFfzVwQOmbmSxaLiuh2mW_y2ehqnxDyzOS Os7enRiAMmd4RlefMW04ZmDa6BtUDCN4A8XeqHset.M9PLgN8KJbtqqbicaVFeH5eWi4XCoxQ6Iy BFSJJts_9sbB79eIjXl0WZJCk5VkpCuX2KWdFMISG_Y4rMOZIdyLz.7P.uOaHo.eNvnNmr7Dmt_j l2frcCmnv4epeIgJrRWkkHmThhRroEV6bXn_0YISbghDvs4OGsrlc.r8D0U9cFz2kIrLA5W8RAdk fImnOAVfnsQmW1sp5sxfBy1BoP.XETJoFC9mNabltvN1pIB4nMX5Xk6dsDY8ndISN.35oC2_OxPl O0fMfh9EN5sBskSOujwNpwCtHdpusLHp2JVxJ970B24TgleVXFrWnBKliPO0XFYRraysFQmjFURp 2ueMcYTJN9OvuL2hipqI3.l3CJYClbTkQBORNam3Gju8pgJEMX1K7SL0mr5PYoEUYvGJgDdQpwYc ZFy1.WNnMlIrOq0VtXzdKAnYl2H_gaFM9YJsTcs7Sw8OFsPneZafwOZPBoixJvr_ReaiwI3WgQ4y OYKtPcV2D9l3V9c6DxT8SgUMml3YdHlFlmmxIoflj4BkLMqJQliXvuV5D18RGbow7esZk3mFt0MD g62qS8btbxj5GxsP3V3ZHlRzUhiDcxeAJuJvoa5UNV.iohrCJ225kbHAtAZlatZVTPiPCLIqEoKO U.zKb4xYchomGENrTmhf9brDo4bVyntu.WmzZ7mNXxlhbt6Ytz9k2qT5jWrtunWr_jT3x1D2.B_H xpKLnd4CdMbNQdqirdOblroPCpMnCXIEAzYGiELkLZT7t5dStQpEI.vi0cR_8yQ14Bmd1HN3TlLJ b2kE5GIVv9PI8PgL_2QJRmgamoh_Gkw27KMfkO7G9wj0gMMSImgsUU6Q.YETtaris2QYa.k.EsGJ CP0sB5ZFoa828JJAw6v5aCWUVZzIHWysfQyqgdBLe8HweKQl126gMM0Pe2d1xXQ8w6Ubb.QR2QyI hAF6mO6o1nudALnpki65F X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Wed, 2 Feb 2022 23:55:26 +0000 Received: by kubenode550.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID c9f9b4e3e0a0513a55c332234593eb5a; Wed, 02 Feb 2022 23:55:23 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 01/28] integrity: disassociate ima_filter_rule from security_audit_rule Date: Wed, 2 Feb 2022 15:52:56 -0800 Message-Id: <20220202235323.23929-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new fuctions are put in security.c because they use security module registered hooks that we don't want exported. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- include/linux/security.h | 26 ++++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 47 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6d72772182c8..33e0f2e659df 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1909,6 +1909,32 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +#ifdef CONFIG_SECURITY +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* CONFIG_SECURITY */ +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index 22261d79f333..5208b21c8433 100644 --- a/security/security.c +++ b/security/security.c @@ -2566,6 +2566,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Wed Feb 2 23:52:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733553 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BACAC4332F for ; Wed, 2 Feb 2022 23:56:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348190AbiBBX4c (ORCPT ); Wed, 2 Feb 2022 18:56:32 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:34865 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348187AbiBBX4c (ORCPT ); Wed, 2 Feb 2022 18:56:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846192; bh=iPJV4z48tVnKJ2CzTi8sCc9D3sS+NSGDRgbtdyfouS8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MRUYEk+9AZFpmFtl7xlqLIhZB4kuabwNBf25Q2uWs8XS3aNdPqnz1i+I2chRGjyEKMoogfuOzFC3I//Vzub51a1zfgUFGaMlS+B1WG6Zelb6gRWrIESrAs6NehbK+DfeliCQob0fA61slZ07XwEqB3KmqfTqknAPjgoBaoClqZLM3eom3hffhpGF+eyZ8ZIrvKsgfkr+5/CiTcxKWkEIFEdSxcdeDWUP9VfS4adphd2zBnIA2c/+5T3xIY5PLBAJ2VnIWRVP6RkjccYfFfQr496htzhRWCxqC3UemkTOQNBQuuJ0OJkagr4PQFPoy4zGr/fbpZlnIN2PRmx/iwcpBg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846192; bh=iUIw1ZVAM0FiU10grOaFFZTW3qohSX3p5+Xd6NDHtuG=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ns0R+8d82mnKYfEjHiwbGuYU7XHQabtW2E0lONNABhnsToLcx2frFkHSDPkgxspJh5dEdaFnKecL7pRC3tmU5a05m1sW/LmSsVaY2T/OJhE283yyfv0ohO6gooVXs7ZlljQ5/qLvePY+XixI6xlMtaA8ddVuj5/rGGwvdlv/8IZhSP4Dhss+4OXeshUPk1jsP/LlkqIq2XrjWaY5kHZbNTzOiYUem2Sq2i+UXj8V40PsZqm5ZShyO2rXYhmJq4mHWfRqD+7E72fA732/BfGGAoxVX1wHVQceL/iQhRaH9dAyJZFe3TbzBizcE/WxM497+EGef8la0Ss0P/ULq4k8Ig== X-YMail-OSG: OQAXHzMVM1mAoEccOnv.uUhzbGDHOyQerabJ3UJGabrwFWPa5JDGV9RyLiqllj5 LHg.Yl13H_wqwjNE3PT.17Ux5p.DC08Pawxg4pRkwIUOyAN9CUZfUYsuAFtBAxN_IuR..jl1S31L Vd.8PX9faF7asrdF4RlYge_DNB3FwtCyfYp.OeqwxZ5xaCECuhmEpi_oP5wAcol6qLUo61ZroFYb hOnbWpCD6LsUkDTtOllQUoBTxXHKrZo1Hh.ngqzbaYUZuTx0bIR2jdHTRnu_H1MGkp5WQG2CLdVi l19A1TjQ_H.6KRIhIkA9WSjuxNnAnyvif_Q7xUmb31mdPJXPQK0QIO10Js3_t2apfnVTyY75a_H0 b5hGZCffbopNVnBbMR1s7s3jfKenVpbRkixpVjI3BAmszZXPWZMssMIQMFtzTCUgi72swSfHf31P eNqv8P1OOcfLHUKuX8cKcRYviU8_As4VR1ni5cuoK_NDcVTAM21vHqTqeh7LoVFwa5c4Ob6H9HUK J7.1DNY7x.qj7DySN91vZXmEGOscchC71.4iz3Uzurf.C090w7CdVuiUzDZy3.LoE.yyDOzYZz5I 8xCXKR6Afneq5eQ5KsMvJ5nr_MNh1v3tGoTGWaIXNyiFLZ5HaIjsPuth_caPw.9mki3lk9VVi_3Q r.fsJJLWusoK_INVTEK5Gtio0uCP7_A08.LCrVAMvYm183WzWG88Q2lM792bdXaJowO4ngo5Q7Q4 _0ZJhKf8wV7xJOMcOP6Zn9Cskxd9T4mCBIdm6IYjxci5MK5YWi_r7qmUZHcXIKVKlO0eMq8ZtI9t R2eRrhpiS5FyffoU7Y5CpgYEq7qM_ONoMX1FEv9ZQDV5g6dTjJLD_vvsPQmo2QTLDE9A4Io1pbZG 447DkKMsD093VonLkH.M17oiqvkb7LKS5yYu65sRGy.KzsxCQereqXaxscyVpxv_aShffam.UYNc YkxYKshkDThZKTixt2efCB2nN9usbj9gUfDJfw9fGBCZlFCFWCudULOc4fl8RWBx83Ik0tZlruBX DtxkMHJn4Go1jdSSuOhmQIj7.LL7J7HWaLi6gbqzWtwAQRPT75qi688sqEPmnHeXojSzFMeahNDP 7sp.clRf4AN7orx7zsP4nFozeEyt4YHmbmkWGFw05okKulbuESlfYC6KeFaAmnhvbQxOgSBzpR2u OgFaa5x5RCw3woTkLLOMrv.q9zO7icCabAqzowaj9xXgYj84MzO9wpt8SSbTWm1ENLbzH4thzisT zfcEYcX0crw_XLQsVknGEX_Dk4CNdRxDVXX3iDbjAlVSwwz8op6gfGHh43nFKtFpnGvMGACweaOS hk2dOOFPEAmIXxLGCP0BSv4NMWwgl7YUSd5v4VZOGI3DnhSM3IJ.qnO_k5jmLrwlRkAaH3CqEDRO Waqlz8eyQh0.g7ZAOaz45iyuSm4aLqapuyeyYMSswiEvESjwvQHrnOBWTSndB6Td.2plvnh2KSed bzIsF5mL2o4.EIfLwynaNGQJDVqCSmklopPl31xM0dj_UEle1NEDFWxSLcuujr4WqrmmaMgIaAOM shSx.8xHf7TvD1PFAoxQvQZp37WLjG2VH5Ix2kUyoVlUm_tS1gpSgzyGHIYPRPQmK9JzYLnbl1ka IrAasbSbBzg9OpC3V3ctMLdd4WVpytaN2n0MzAE42ySFWa5Fo0uePLAAMoz3Mvmf.IAvxAch9t5U bKZDSihYJEPm6Omf73P8DGOAUxquWmHz_oNxZyXt0t8BTtq0EimL0fnfdmOgdtBraWoMFX9MRxBA wlNa7Z6kcnk.HdR2gCCrzuKJKbHjAm7nKVyFRypvIhEuJVmls1VZXa3.eNcDp.wxr9Ax3KUYixK. r9THIQstSQAF4ACrIAD6A9kU7A6.Yc7K_BUMsJwPtamYHhtY2K89680.yYI2ypIvGeqwkqvENdgb fWGAG18mFhkTMWpIgG1JFYOMThq5b1KgRyqKF6P8PlpIf82Tk2oUrP.nZ0q7Ko0x_2h6TpUY74LE g68wnLFcbLiO8HgnCSz45ahwrUw6r9rszmwsinLtdP0Vd16Wl6e9XZuS2tMDqYVejJ8fiFj3H3N. Dw.HhB_DksHfhpBkVqDM7oBEDxFhWloDM87jdqKav0K8SBT6qXrPM1LzHorvmqzB0ER69PsMhlCr RGqVIQORykLV5MLWH7AXtqntMyhdXjzxaiVYDtyGJwr5gddyk57FKoqAs6ELiWTwx5Go0EH8PWZa vCg8Xddnen..OoPup2GHXl5Glr77f86BAYH9WhmsszFmNIF1SMgNj84I9wlbBlgJgLea9JnV9CJS s5ym5G6rFE5K2RcdftX5OZA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Wed, 2 Feb 2022 23:56:32 +0000 Received: by kubenode516.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 3bf1b52ba335e22e522421f7255ddf8e; Wed, 02 Feb 2022 23:56:30 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v32 02/28] LSM: Infrastructure management of the sock security Date: Wed, 2 Feb 2022 15:52:57 -0800 Message-Id: <20220202235323.23929-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++----------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 78 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++-------------- security/smack/smack_netfilter.c | 4 +- 10 files changed, 143 insertions(+), 119 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 3bf5c658bc44..129d99c6f9ed 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1600,6 +1600,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_superblock; int lbs_ipc; int lbs_msg_msg; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index aadb4b29fb66..fac8999ba7a3 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4f0eecb67dde..be8976c407f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -782,33 +782,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -817,8 +799,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -874,7 +856,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1059,7 +1041,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1072,7 +1054,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1156,7 +1138,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1166,7 +1148,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1183,6 +1165,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1219,7 +1202,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1771,7 +1753,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index 5208b21c8433..f2d4b20613c8 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -204,6 +205,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -340,6 +342,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); @@ -659,6 +662,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2263,12 +2288,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5b6895e4fc29..dffde40d367e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4593,7 +4593,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4650,7 +4650,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4666,8 +4666,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4682,7 +4682,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4817,7 +4817,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -4996,9 +4996,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -5030,8 +5030,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5073,7 +5073,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5106,7 +5106,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5174,13 +5174,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5240,34 +5242,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5281,7 +5276,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5291,7 +5286,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5306,7 +5301,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) static int selinux_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb) { - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; u8 peerlbl_active; @@ -5457,8 +5452,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5475,7 +5470,7 @@ static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5496,7 +5491,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5513,7 +5508,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5597,7 +5592,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5726,7 +5721,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5749,7 +5744,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, sk = skb_to_full_sk(skb); if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5842,7 +5837,7 @@ static unsigned int selinux_ip_postroute(void *priv, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5871,7 +5866,7 @@ static unsigned int selinux_ip_postroute(void *priv, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -5920,7 +5915,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -6920,6 +6915,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2953132408bf..007d1ae7ee27 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -194,4 +194,9 @@ static inline struct superblock_security_struct *selinux_superblock( return superblock->s_security + selinux_blob_sizes.lbs_superblock; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 1321f15799e2..800ab4b4239e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -68,7 +69,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -101,7 +102,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -236,7 +237,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -274,7 +275,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = asoc->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -355,7 +356,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -373,8 +374,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -392,7 +393,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -507,7 +508,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -545,7 +546,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -584,7 +585,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index fc837dcebf96..ef9d0b7b1954 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -363,6 +363,11 @@ static inline struct superblock_smack *smack_superblock( return superblock->s_security + smack_blob_sizes.lbs_superblock; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 14b279cc75c9..d58b50006e79 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1434,7 +1434,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1817,7 +1817,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2237,11 +2237,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2255,11 +2251,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2268,7 +2263,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2281,9 +2275,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2396,7 +2389,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2428,7 +2421,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2460,7 +2453,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2533,7 +2526,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2621,7 +2614,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2715,7 +2708,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2763,7 +2756,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2788,8 +2781,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2852,7 +2845,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3583,9 +3576,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3631,8 +3624,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3669,7 +3662,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3881,7 +3874,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3903,7 +3896,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -4007,7 +4000,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4056,7 +4049,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4105,7 +4098,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4125,7 +4118,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4211,7 +4204,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4747,6 +4740,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), .lbs_superblock = sizeof(struct superblock_smack), }; @@ -4857,7 +4851,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index b945c1d3a743..bad71b7e648d 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -26,8 +26,8 @@ static unsigned int smack_ip_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Wed Feb 2 23:52:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733554 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98C1DC433F5 for ; Wed, 2 Feb 2022 23:57:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241411AbiBBX5m (ORCPT ); Wed, 2 Feb 2022 18:57:42 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:34589 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233488AbiBBX5l (ORCPT ); Wed, 2 Feb 2022 18:57:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846261; bh=WMcmW1hmyY7BOxsD4gJ4sm2oABc8IaT+hDwssY+Iq7Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=BzQhTq/qIZtqPt8qgVuHea3ee2D8ucfW9WynE0DWl/otX6W/9WwdIEhCf4y2/VGYkPARROzdXcsHbL93uigiQyZ+BRiIZySAHZ2VqWXzL2n8mJyq7CmbyQnQ/B/Ure2G3VnCzndG9kPmxz4mJiDcXlAIX5BJrMwD0lOsOYO5s9JGaPWaZLE0wqdanMxQnO9O+gEOgYrFcW6Gxfz94VVkiNCH+POuC1LED8C4w5ZY3ALhfYij8FjGSa7AB4qG/KYck7fkXE4tvc4nN4cHbj25cpnWdqyNnEAjomNTEpPvYLtSVlg9czC1jT7/2Xm6k2HaxL5eNSTGd3bG7SZbVXrVvQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846261; bh=Wg7k5644wuwypA+4QJvCxV4v6jnSo6iRYLP7IpGH9KK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=T4gWcURgK11VxOcwXtP9hmY7Yg5coNRiffDvSMEmak4P1kphZeLwzUtZAK24uldcHbEW3uW0khYEEgG3RWw/+jbMlWMcjZ5JyE1wbELnqD/0QwFMsWWtD6r/uOrJ7uBLyjfcgGjjRVDm3uFSmYw4eTUZX1vZsmI7zuV8NZI/TiT8faGU+i4jZtroryIHR+t5tZ1/++in93dlW+xFj1QkXJw2zI9NuhOSmqsNwyt7lVLWvBovLUnR55xu/Oy2WcbrFA4Pu78YlsNkchdjdNiTbmeLFfDg5P/OCqvn5fixUusect4STTPaKxNHsEsG3kCwJ6BM0bhHujy9YeUxX2MpAQ== X-YMail-OSG: s4246IIVM1kLWFQCsteSblaKDylenermBtGBOQuTRxLwbI6bW6hJk_mul8QvUpC n1lnjkql.cfgrFaug5AEumoX58G.OIysbuVTmkQHV4cc95sRuVXOuIPhCkkyD8jxM0j9iE2TLeAZ eaMkjzSSWLjhr43WyiJ13ir_e7ged5iSlW2pXKJuJlg3zbGABsR3sZy5We2JS8_2YjbfKeCTCpQz QuHqao1yxdmDFupflrbeS98_NwppLZO3iNIh6Dy07SjGj2fIe5Oe5.vJTLKY5GYBYsZvTRLE4Deb gYPamZ9phnVAo01H1Dqb0J0UuYy99HYSsjOS.SjCs8dadwxVBrp3jPVdD0UsMZud6jS8aym.E5At yhEEHIJRu13imVmKgchjmlc68UiLs15GeERB8Fci7mmy8NFpfeILVtQgHdHacVbu8mxRCTBshXvI DC3QY31KSED8I9NrFxftRNEkeEiLtU0DufkTb4AUruTYgqn2PP9yakpA3URSwO4pID4dFX7WpOWW klF9Mb8zrQhdxFUDVxLCoH8Db8WK7pNzQZfLOlvbLOeCdY.52GS8pVYBQwZhxt3RLEJWNBqSdecL IX_ZtsWZ3my9EXkueiIFVnF4_dB9NDXD_.9FhxRNzxEAVFHRQQRwbnlGGDKCVWQcKghgEzGcWyle wE.kRUoZVm3DfBTftmcHbr.PKEpe26REjRRaeKdbOkaYxukx7XalO9L.Xtst2CvddCQs3bTmdBwR 6qN822lHeGTG0MJIVDFeT5Eh.NZFjTA96fQnDQaTKw5iLPX5F2PzecmV3JVi7x3_QcAZAs6HK1i0 TbCImwmgtDbTOiduVdo3mQmQiBGhaF2tlgTf3OJ0416yO0Cx7AycJP31vBU.q4TTsEL6ma5chRCX 7F_sNhNxz__YHK9hg0uFw86MkMUYWNhOUUaat3QNB2dOzdAg4bMQgtzm766xNbLzdyG7VYk6JJDR g1v6G7fbFQTBOA8taqN37fL1zYlKMeFeUX10uFowaGaCzBpqGYmPhxeDD7jgh5rlaWXv70VJ6jKU OeuUkApTxiTsi8eDmqgke0BBVU5ccptFz5p_UJnj2nQNc1hEMoJw8yqEkuoKt8tDiYNy2_Mz1UkI yqBZ04wsAIw310saKl57GIRSQxut5W17hW6YGhZEbmxFABPWq36AUNF0JOtAaquL3ZfoEt0zgqLg WnYnuaffXxkeptpx8Zal29Fnw7rFwVt8b5yZgQA1eNiNoCWx145yGVT5lzpE2BiYixzDiOM2UMQY Ith49TismJpLhRbkjehipVL4A8lfPtUesujwhpNihqAdnlrOKl0lrPedyGTQiLI4lohOooU8Wr2D KOWiJifF4dUglc9k6i7qFrcihITHoMjv0cCKir4FT3bHmOSdfKGUWn.qWkPBVNJyU9CEY..jdT7Y 2d_nLcrfjJi3jb28UUFY3pE2QVGArtIKd8KsfMxYylIW1w9BZ_CIJ1JyQbZ0Buq56mSOx_GRk0jE eAx1TfpmXtWHiBEZ9afImyW3wh_hXl0lroIMoRs0DxIPO8qzjcVArtUCEiV1Bh9_PBy41ZD5a8BN lStr0.XpxmpOpzV.m7LRvg_HnjkCc2tNHV8hPtKoY.AgV94ri_Md_PK_OvZz0ZKStdEMMxHcYWHw ESUhC9we46Vk1.GFX2Ycf0cdRNgbyvPouKOjI6jHuaeIvfvCJrpAlxngsWitPAZ.Z_FPSx4EJljN nVdSpCmcPEHRXPWr10VreD5TpGJA5dZ3..JRMxoTFiqEC2_ONRc7UmHrPzLRcorlHxEVLsZP.FVc BbHbh3JK.wMCXd6SySQFqpQd9.kxIrk.4GjFBcD7Bg245eSoezocirfV8rASWLjvkT10HQ3SsR0D pQaRCbdAwYKMAVSFQWKtjZ.b3inwWjfXjAo4eWBXXaNt2ysUktEqu54W6FWRz1Us.ekCuhfuBMDv Cat6u23IaDaHurztvvoutnyDbDzyzJemPxfPo__ql_poje_NDwBazAGplof13rXUu0JLcJcCuvKd Xz_zAKx.BjezX_vJzXK8jredovtOiOxy7TZSBdDzGMU0oOZolLnp9wuQcKRjlrSBoJfED0v7GZiK nB6uPILroIKDCY4eKqqQRE.lMcYENThEprj03OlGHsO4XXoXposOcpudSJmpdYfWim.y04TfU8Id oYZRypgF7i0SAOddtL7HCGWMX0o76pRcBl5tFsbTG4feq5POPSts8982IJeQ33AeWY.kJkAEwRq4 BVzyjbm8z15.2txlHWDeilUeXs2GvrcIXqmbvbu8BHhFg3g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 2 Feb 2022 23:57:41 +0000 Received: by kubenode513.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8fb548af23af7f5f1db969f1525c3441; Wed, 02 Feb 2022 23:57:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 03/28] LSM: Add the lsmblob data structure. Date: Wed, 2 Feb 2022 15:52:58 -0800 Message-Id: <20220202235323.23929-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. A new structure audit_lsm_rules is defined to avoid the confusion which commonly accompanies the use of void ** parameters. Signed-off-by: Casey Schaufler Reviewed-by: Mickaël Salaün --- include/linux/audit.h | 10 ++++- include/linux/lsm_hooks.h | 12 +++++- include/linux/security.h | 74 +++++++++++++++++++++++++++++--- kernel/auditfilter.c | 23 +++++----- kernel/auditsc.c | 17 +++----- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 +++++- security/commoncap.c | 7 ++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 5 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 82 ++++++++++++++++++++++++++++++------ security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 21 files changed, 253 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index d06134ac6245..14849d5f84b4 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -59,6 +60,10 @@ struct audit_krule { /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ #define AUDIT_LOGINUID_LEGACY 0x1 +struct audit_lsm_rules { + void *rule[LSMBLOB_ENTRIES]; +}; + struct audit_field { u32 type; union { @@ -66,8 +71,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { - char *lsm_str; - void *lsm_rule; + bool lsm_isset; + char *lsm_str; + struct audit_lsm_rules lsm_rules; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 129d99c6f9ed..2c2d0ef59a41 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1582,6 +1582,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1590,7 +1598,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1626,7 +1634,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 33e0f2e659df..1a7e5bf36a82 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -39,6 +39,7 @@ struct kernel_siginfo; struct sembuf; struct kern_ipc_perm; struct audit_context; +struct audit_lsm_rules; struct super_block; struct inode; struct dentry; @@ -134,6 +135,65 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize an lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is an value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1879,15 +1939,17 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules); +void security_audit_rule_free(struct audit_lsm_rules *lsmrules); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } @@ -1898,12 +1960,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 42d99896e7a6..de75bd6ad866 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -76,7 +76,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(&f->lsm_rules); } } @@ -529,7 +529,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + &f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -782,7 +782,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -796,9 +796,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + &df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -850,7 +850,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1367,10 +1367,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_str) { security_current_getsecid_subj(&sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_EXE: @@ -1397,7 +1398,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1429,7 +1430,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1444,7 +1445,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fce5d43a933f..f1c26a322f9d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -664,7 +664,7 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_str) { if (need_sid) { /* @tsk should always be equal to * @current with the exception of @@ -679,8 +679,7 @@ static int audit_filter_rules(struct task_struct *tsk, need_sid = 0; } result = security_audit_rule_match(sid, f->type, - f->op, - f->lsm_rule); + f->op, &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,21 +689,19 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_str) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( - n->osid, - f->type, - f->op, - f->lsm_rule)) { + n->osid, f->type, f->op, + &f->lsm_rules)) { ++result; break; } @@ -715,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + &f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index be8976c407f4..1e53fea61335 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1168,6 +1168,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1853,7 +1858,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5fc8986c3c77..c94ec46e07ac 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1446,6 +1446,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1470,7 +1475,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index 6725af24c684..56b121d65436 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 97b8e421f617..319e90e9290c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index f55b82446de2..54ccf55a077a 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..759e00b9436c 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .slot = LSMBLOB_NOT_NEEDED, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..0c368950dc14 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index f2d4b20613c8..2bf21c726ba0 100644 --- a/security/security.c +++ b/security/security.c @@ -345,6 +345,7 @@ static void __init ordered_lsm_init(void) init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -472,21 +473,38 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + WARN_ON(!lsmid->slot || !lsmid->lsm); + + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -495,7 +513,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2075,7 +2093,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2088,7 +2106,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2579,9 +2597,27 @@ int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrules->rule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2589,14 +2625,36 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + hp->hook.audit_rule_free(lsmrules->rule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrules->rule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index dffde40d367e..d67bcd1aeaf5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7009,6 +7009,11 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7324,7 +7329,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d58b50006e79..ff832d47479f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4744,6 +4744,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4947,7 +4952,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index b6a31901f289..e8f6bb9782c1 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -573,7 +578,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Wed Feb 2 23:52:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733569 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49C48C433F5 for ; Wed, 2 Feb 2022 23:58:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344424AbiBBX6t (ORCPT ); Wed, 2 Feb 2022 18:58:49 -0500 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:43700 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238038AbiBBX6r (ORCPT ); Wed, 2 Feb 2022 18:58:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846327; bh=V9MYPYVW/ACLny4ll5w654GiSd+q+5r1VLoq2sGzyzQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XC7YMgPUxHzMpwoWMvda6cmjhfB8XnSfLIZKvRItk+MfzTn5bgtrfea3zjQNCL6C0vxLAZDy0WbldytrR+RGEgfZiIE++J6j4rJ6qR40nnKHCexp7RVtmqePwqr1/0cEIt5xMGKjczXYN9mRzEUXcd0GqAGET2lofzEG2rcPUO7VWrN85zScLV9m4llmwaERcc3owy+K9oUo9qfHnt8ImDTaZY4B/Rl6UyPQdz7IsVxr+9ggn0nSeIPft1O7FYVOSpdAZkZMVKgd+kFeJOA8PVxq0L+GiaofgNa8Q3AB6czVxk06Gr+DNKiSiBTJBgiw1mTpT00l1dohorpCZUyWqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846327; bh=yTrWdpAL3ZklNZe46HI3VTwsNEb+gHYwRcVAddqxc9S=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cUdWZNjcPadHLbLyXh0W0ZG0A42e2b+VAKtL/buwyQlW3pgnAkyKKVAzNmtft5PMVHgB9rdAnlMBWxTplJNzXDR/KWpzxLZ6zYo/C2q/SnZvFclxAXPO+Lka5cC+aGBJA8z9HTAIFy812J4s1N49J5YioFqbJBcSOIkoOmOdGTHgLj6Iv5F4qnXEgmiBtS3FoMSS2M3G9C0CSQe2mOeSCiT30qOtjOYk8uvchxEQUl+iMjFmbteQ+V6AeJ65BGkHkPwPF2Ay1jzaOlgpwWvfnCyi8xXlazzmvpgSnL9qYPa7W32rPR40Eo+bmTz8Y3qr8xyi9Wp2AXhbZolzKVKJxA== X-YMail-OSG: QnQxreUVM1kjmwcoGFNJ_0C8DLxdnxbZSDwE5bpfVdoRnZ4zkdrzJDWf6zO.eyz 3k9xdH.xiddrWAZ538.HC6nBpPOD4aOkig9AxBR5AyeEf7l3vAKNkCll.8YDGMyMhHonBypM37wM e6BskbRX7UD_OmTpXgIQ8.y5LMe1Q41amuJMfglUicOCVpxvfboNQxEy7CTpQkeHU1aKPaneexcj RDbDSmzXNV6WDurDqomEV975tKxZiaeGefm51xYyKARTPPPdFfPBk8YmQ93PVJ5RdKYSXyA6Zf2r .hHII4lH_LqPA82xzOvNJP4JKJmc.ut_bKTwAGJraMgt3.SKoXzQKK9AoSXZYqAXYVEE.t2bPGx4 3x.XQQdJiDPBKI7dINafFkTlEkBtUkATZf5ZsJSE71eLBujNK7uGg6l_rAch8S3Y1HizZyhOL.y9 1WXAZ0trWc5l_AmWj4qBhVrTnNgqAkLJ4RBAdypYeY_7wJB_D0KU6vPnDaTQn7IFI6WX45e5aTB_ o0ArVPF3bwjHVUUYxhoRUe9sAIpacCmRAqNM78XrG04EWrziU_VCBPxldW8A0vUYCniFoEl3FC0V nyJwRiPiBeaYHnSk20fq7CumYlFX7t7gkH6vAldNYfTDwsTfy__AQ2QF4GFumQXCUqDr4PSEW1BT cfilhNzd5GiILw6otO6j1pZEH1Q339yHKy.BxMT24v3nv8j52rN8BO7LgUfavSm4VQ90M3IIRKTl TGZWvtWnmS7gmmNIJ1BhNhAAwwJrbGQi5G42_HkomHw_pgGODHGy.ZAir6vrps.QljsqZQLmWPo0 37.NnbK2wj5KZNU6gBg8aDKSkqzuUQw6fTm4I1UcdFhBfl9fOuuS0DRHLxb.LhXCGNtimzqQGzzE NgVZSLb3xevhKFMNly7vIVSoS9ACjo75BuYtsraU90ZaMIDal_dLQE1zHfBgm37OW6l8d0kVwxEE nL5_rrrPooxab1Birkd8XnnZkSg2yGjIHz8q2lrLo5X7Dplb4C4c27TqXhG3QDn7tN4hXcHhvMf. AUotEXnybWICdVfRdW_cqGVTe7mGYeXY5NPRWdYcrazpgzHfGTr4v_09YX8iiC1IGisrL.LYCkDv L.1HlmHF..YhjGt.V1Encr3h94t6YO1fEzxMtYJf8izczNVf.8DypA5We55SM0EU3SlBZgFpcGq6 mhanbugXcubDT8X8HrbAGHBpRoviONW40yiq0467i7eORr_8ZCL9VKrn40WaAVqGvcS1TG3JOdPA SPPpszknkCqo9QsgABOPai0hdb93Zi_KTEUlkwkYQLt5Vx17ytQNdf_zqpJHw40G1blKZSn73bjp eFIIu.c_yju0ylWm0Ug_8gmai7HxpjranVJ7bjWLn_d5vq0XRoyw44PB73hSupB4n9negtL1XO7U MUg24oDM0dycnS2R5u03Bmnb6E4sRnb9pDPo87uOfuWc19mBk5F9JL3aTVoVDejQHc9TlrN4KTQb GhCG0QiORadVe6inNNv3KlhlIFcf4_O9maT4izGo6tQFBY6_MVOUZ.Qnn6EKS1oJjXExyWS9yr3c dNgn1UK9m2yLzlnQporBYOmJId9WP3HzAukuc6dazUkVkkszNKPSeSpd_VetcDLUR6KDG.mEdU7d js7hilVvclGYyLzwLUaoJRY2bXLHRYWC3axcJO58u63RJqi.euV4UZIJCw8lmNPabqVeYDd3eJ78 SeNXa3e7Mj22MPQkEfiuD1bT1c7WfbRFblEGq.czSbMck4YHGksGutv9kCE6Jzj6hVqQDNVfxiUH Z4q4UDj2UPny5vPUu3THcGhLdiOt01lQ5oA9RWSrPaKrLqJl1zwqpVwq2I8WqR31F5Kuk6lrK5js 6a5bhY8ESOQaoY8Pq3mzM5vdHmPkfpWetlNdQPoD8Y11.Q30hfvFBBWyR4YQYEnSkpxhSnfU0Nxf eep0l31N3.bFwaXgrdETBcX6bTeoqtCHU_.f6NN6N6HTVYjbEF852k3RFMWkGpe8rLN.wevWQ.qD vDdf5WMMSEXsXirPHLSsQA42KqjxgZKVeHAgNz22QHnDA4Q3fj.zcc9ZLTVlKivTH5RarsVGSkrz MLvsT_ZLMb9aSl8JuZ2PlH2d5jwNJMtbA9hMC0PflimJD_ONvGGM2lsfRoOz5nG2bFLDgcTL.dk_ uJnwIbwZhh21apS1TSIISlMWTHhrqYOETro9vCUU3v0uI.8DR6bWFg_NpoJFPwVFy_uJsiTGv8ce O4Won8YnRxb_rRW8tGq8Hedu64cS1U8VnR21aN5Zm.IcjXzaBeZfKpZlEq5B69qJnwHZmx8O3LvS B9XRGc39nIgpCCw5M_2220tY- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 2 Feb 2022 23:58:47 +0000 Received: by kubenode529.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID cc70543db5d26ae35881f30f63a6503c; Wed, 02 Feb 2022 23:58:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 04/28] LSM: provide lsm name and id slot mappings Date: Wed, 2 Feb 2022 15:52:59 -0800 Message-Id: <20220202235323.23929-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide interfaces to map LSM slot numbers and LSM names. Update the LSM registration code to save this information. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- include/linux/security.h | 4 ++++ security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 1a7e5bf36a82..6da0c12c9170 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -194,6 +194,10 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) return !memcmp(bloba, blobb, sizeof(*bloba)); } +/* Map lsm names to blob slot numbers */ +extern int lsm_name_to_slot(char *name); +extern const char *lsm_slot_to_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index 2bf21c726ba0..03a0af7e9e81 100644 --- a/security/security.c +++ b/security/security.c @@ -477,6 +477,50 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * lsm_name_to_slot - Report the slot number for a security module + * @name: name of the security module + * + * Look up the slot number for the named security module. + * Returns the slot number or LSMBLOB_INVALID if @name is not + * a registered security module name. + */ +int lsm_name_to_slot(char *name) +{ + int i; + + for (i = 0; i < lsm_slot; i++) + if (strcmp(lsm_slotlist[i]->lsm, name) == 0) + return i; + + return LSMBLOB_INVALID; +} + +/** + * lsm_slot_to_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *lsm_slot_to_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -498,6 +542,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); From patchwork Wed Feb 2 23:53:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733570 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D1C3C433FE for ; Wed, 2 Feb 2022 23:59:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348234AbiBBX7x (ORCPT ); Wed, 2 Feb 2022 18:59:53 -0500 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:42030 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348224AbiBBX7w (ORCPT ); Wed, 2 Feb 2022 18:59:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846392; bh=HWPHx+c9mffkOYBlCL7PsaufKRO5fGg8oeT9SIKx648=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=sh4LY0sEvEl11GPkF77rzyGDafdkgGVEr8voHWxyBWZ3F27roqk4EKiZqKwcPNuHO/nhR31B2ojz3V7/fzZWWx2VT2rcDvKc1kC+5ZQEnw1YxmjeiDu7b+l8bbv5EPWYxujIfRUwqO8rto+FGveaYxpwWQBfg1Hc9ac1/IZYjO3bydNdwoxqXE09m2Pcf3DWy0ShjiSqQXb8FwhXv+2nDyYdLX6E9fQO7nU+E4zeHndUiUHRiaf9zny23U+tBotUmCyqEZ6FR0l69Y0r6a+odzKHigVZQMCcD7fUYe79uB/cThFF/K1bIrCnIAw+8PiET9D8uBAZuB1bGiJE4IDeTA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846392; bh=P5g+uhbsJe0yjPTOrazpGBzz0dkof+C/uejbPynu7gY=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=fqgDPowV/F00A7s4BnSxjWLBdlQp7+MJfDq13ynvKoLqZPC6bKhDUbY5ju+xxWWgOfD5V8O1CaQRU9ZzzK+nYr6mbCk1z6DcfNVjUN9KqFYOCGtpI8rq3bPLxuCAV/qb4L6ZC8aPAAkbe9uIAdt6wEQKcj4j+X9j7yrOd9NaPakeu0ZrnNeC2c3pA/TcOVm3LohYr5AMeaFyr25d2UVhDKlj8MDQINNM4rfZ0/NH1rStNiPCfZQjSngoxpzqbNP5eONjvbEsFvP+wKJS9vuNIBz1rhtJQiaPtbEqbwBIN0MDA4Qz+gwpf7JVcCpZUFmEiLkv9g4U+asMI97yyLTkqg== X-YMail-OSG: bDrZt.AVM1lb8k_UtgaM6KZ6gIRSDhS4Ao7bl0a989WlofQRkeblB9UWm2NAyVZ DI4yq2NVEIfPdieN3_FkqEMRbbPLboxs8oq894exr.bDvn64J0TuJl8_do1F9V306MtCWQ51Z47. hUX_cs1CLUxOPCV_37wO3lq4C8e.S8n2dXP.PfuvDolf0z7v0vXQ2mDvZsFnCs3_x6_FS1YSmnJp m.a8sAZUvhzasfeEe_1ibuPHiWi965TRjcid._JZ2fdmb7WGiE0_WVRE0mqGEvIhPtxUEhEZy8Nc KmcDVdEDIvUHt176niU1Qa7spAis_ccx7ifL5NyC2oVMkvJQCHmg9a5u3bOucHhte_nWuZNOyekY Vk6JhnWuc8bjhp7dqsCFVNam6SQt9HcpAc3y1xevc.o9.SnSvZyRZhMUes6QNrko7BncTu7Y3hAt WAPEGOdSJLfA82uP00qOAK5oWvS2DyGHq2isndFdu4Ir1.bndD5NFapDqNkN1PLcsQvRYfB5WYK3 0_LrshTcJPPS0ETkG.iU5F5Owa6i58GnxxPadoJMKmNBTCM2TDyvsK_6ub2XWjtwrTh8cM3qIjxh DDbRy.sZmnHd_SYyeG31rGMEufjQc7L0ibyhNFYuoeIPs5b1h99sZzGcE6tH7Pucz9xbcNKs5LCJ klMLnkkzRhLLTITcI2A63q3FK3X33TmEGeKmCcjjvggBbqADWLE9IrTxG4oCwouu6BEzvRPhemQz LNu0mJPjHVPtJV0Cvmxus4uSC1ac9ipilCmcf2woWhDQrOKbTwKQmCEss1A57C9LhSU09kJHxHCR Cy0GRrSDGSI5iums6y2QK_moiRmULb3r0Xxf5vkNt4KLE6kAS7zYdbnJSxamPJelmt82zEoGJPsA YDV4TgbN3ySs0B6sPmEzzZBlRwoEXwLIWMmmiY7a9gvBOrEilJ78TpD2UixbisWQhXYd0UWhxRXt b3GrLZLq7daGYUwt8lSSzw2XWWHBHHTlNAFvZrJzYZphsAroJd9a3jP5R1wh9A.pLViL.JjkLPYl Cx03MiMcC4zP2t0PwrfHp4PSHL7sEMHVngRe1yCpWFdv9VROh.SZfzAXBTDklJ9nQouyyr.dVXbn 25xQOu2jBXcERtDbFwVf7pd0pZnEAmzROXzKrUhvMtX2_FU8O1fWkiWeuY2EEsUoIHtMjt95cxOr 2g54t0nLhvOyqb.pYLPOJ4vCrwA_ppQ5DQtwWk6.X2eCaNIvHwqiDjgQmmkZv69Zm4I0yeU4OD5W QWi67xzYzW7jip9pxnaLl709MAPWm3QXEMuH8MoxoRWw8l_6V7aLJeFZ8WH5QNvCRppYVtjevabc If11HmwoJ8DXJQHngqzB_4CKmqhqN9YEhk2HCBaS8Ar7yVYO4ZrA2ftF.cGxC5H_eIx.esrYIoqZ aXTdILITVNKRnvwyHcxy6hD3qd5i1PbARMtE.MHniKsaGDgQ_EHrGBDMlIqlgcpRwTcZWLt3n9aZ 7KUShQxIqH61n63ajaCTzY24ZgWIOFqqhq_JKXRpwaLSv1Yqt14.tB.y8REXxadHB__3FddKpLez 5FXO4AL9npRuYqHFlUFy0lRUYYU9AlyHZxafW1YrWNMBNameehxQi41MiENefcO33fcbKaUou0He QiX5stpgbwAXClhoy6AsRmzdwtEoKsrpWNVPdvNRS8uWrg2vOvzJlOl30NOxfb8VMcV.ylX5q6IM 52l_j9KEzjSyDMKnurfHMaQ5wdhx2Ky8RZAVUGSqBUoOutDFnD2MYgAfN3BVgDqZGQhBKek0YtpF F78DiTZBmkqZzuhZ5.4rPd2QrQgypul0MuMcneV6_WVYMRyHSrGLtY1cXqDPJo0Ihg7d8nIpZ6fk Vg3L1D6MFs.RJTMUsOrCyZ4mlU4s8.qBuVPtXi66g_iggjXmRIeQFonZRKiuh4qbLqsHzjKWraVT M2E2QJnO6X5SFOx8tpeXOJVkp8OvgoNyS5RHApp05M7B0CsGjKEZ1.JwS7Miuvtrz5fhSE7ydg8O T7IruG5cVsg2RzihIv2VUuhbWNE1lVO6vpDVPmUGJbnHn6S2wicC4NEguDToSpC90Awe0Fo2T.L5 kkK1NXVIdo3RBujIzor0ETlsZxZh.k0YwK5kGif7N_TnXyiG7YI6q9uRyWS5tO8.gtO5_pAzKo4x A7kH5KXUUXJdWVZukXdhxQOKyNpBBNOfPVeByk_6afixcRzIRauBtRsrs.7ShNnIFI5kq124olvs 5jbLjMSLCnzUdm7d3e4z675LRcl6MpgCT0IjgwXoe6MaQpIzvspyL749L7.49SSssFkclvsw- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 2 Feb 2022 23:59:52 +0000 Received: by kubenode513.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 246274658a7f9c615ce7598170f9f417; Wed, 02 Feb 2022 23:59:47 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 05/28] IMA: avoid label collisions with stacked LSMs Date: Wed, 2 Feb 2022 15:53:00 -0800 Message-Id: <20220202235323.23929-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Integrity measurement may filter on security module information and needs to be clear in the case of multiple active security modules which applies. Provide a boot option ima_rules_lsm= to allow the user to specify an active security module to apply filters to. If not specified, use the first registered module that supports the audit_rule_match() LSM hook. Allow the user to specify in the IMA policy an lsm= option to specify the security module to use for a particular rule. Signed-off-by: Casey Schaufler To: Mimi Zohar To: linux-integrity@vger.kernel.org --- Documentation/ABI/testing/ima_policy | 8 ++++- include/linux/security.h | 14 ++++---- security/integrity/ima/ima_policy.c | 51 ++++++++++++++++++++++++---- security/security.c | 35 +++++++++++++++---- 4 files changed, 89 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 839fab811b18..64863e9d87ea 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -26,7 +26,7 @@ Description: [uid=] [euid=] [gid=] [egid=] [fowner=] [fgroup=]] lsm: [[subj_user=] [subj_role=] [subj_type=] - [obj_user=] [obj_role=] [obj_type=]] + [obj_user=] [obj_role=] [obj_type=]] [lsm=] option: [[appraise_type=]] [template=] [permit_directio] [appraise_flag=] [appraise_algos=] [keyrings=] base: @@ -126,6 +126,12 @@ Description: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + It is possible to explicitly specify which security + module a rule applies to using lsm=. If the security + module specified is not active on the system the rule + will be rejected. If lsm= is not specified the first + security module registered on the system will be assumed. + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 diff --git a/include/linux/security.h b/include/linux/security.h index 6da0c12c9170..1edbb362ee72 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1977,25 +1977,27 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #ifdef CONFIG_IMA_LSM_RULES #ifdef CONFIG_SECURITY -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void ima_filter_rule_free(void *lsmrule); +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot); +void ima_filter_rule_free(void *lsmrule, int lsmslot); #else static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, int lsmslot) { return 0; } static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void *lsmrule, int lsmslot) { return 0; } -static inline void ima_filter_rule_free(void *lsmrule) +static inline void ima_filter_rule_free(void *lsmrule, int lsmslot) { } #endif /* CONFIG_SECURITY */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 320ca80aacab..22952efcc0b0 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -90,6 +90,7 @@ struct ima_rule_entry { bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */ int pcr; unsigned int allowed_algos; /* bitfield of allowed hash algorithms */ + int which; /* which LSM rule applies to */ struct { void *rule; /* LSM file metadata specific */ char *args_p; /* audit value */ @@ -286,6 +287,20 @@ static int __init default_appraise_policy_setup(char *str) } __setup("ima_appraise_tcb", default_appraise_policy_setup); +static int ima_rules_lsm __ro_after_init; + +static int __init ima_rules_lsm_init(char *str) +{ + ima_rules_lsm = lsm_name_to_slot(str); + if (ima_rules_lsm < 0) { + ima_rules_lsm = 0; + pr_err("rule lsm \"%s\" not registered", str); + } + + return 1; +} +__setup("ima_rules_lsm=", ima_rules_lsm_init); + static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) { struct ima_rule_opt_list *opt_list; @@ -357,7 +372,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry) int i; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + ima_filter_rule_free(entry->lsm[i].rule, entry->which); kfree(entry->lsm[i].args_p); } } @@ -408,7 +423,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + &nentry->lsm[i].rule, + entry->which); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -624,14 +640,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->which); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rule, + rule->which); break; default: break; @@ -1026,7 +1044,7 @@ enum policy_opt { Opt_fowner_lt, Opt_fgroup_lt, Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos, Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, - Opt_label, Opt_err + Opt_lsm, Opt_label, Opt_err }; static const match_table_t policy_tokens = { @@ -1074,6 +1092,7 @@ static const match_table_t policy_tokens = { {Opt_template, "template=%s"}, {Opt_keyrings, "keyrings=%s"}, {Opt_label, "label=%s"}, + {Opt_lsm, "lsm=%s"}, {Opt_err, NULL} }; @@ -1092,7 +1111,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + &entry->lsm[lsm_rule].rule, + entry->which); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1781,6 +1801,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) &(template_desc->num_fields)); entry->template = template_desc; break; + case Opt_lsm: + result = lsm_name_to_slot(args[0].from); + if (result == LSMBLOB_INVALID) { + int i; + + for (i = 0; i < MAX_LSM_RULES; i++) + entry->lsm[i].args_p = NULL; + result = -EINVAL; + break; + } + entry->which = result; + result = 0; + break; case Opt_err: ima_log_string(ab, "UNKNOWN", p); result = -EINVAL; @@ -1817,6 +1850,7 @@ ssize_t ima_parse_add_rule(char *rule) struct ima_rule_entry *entry; ssize_t result, len; int audit_info = 0; + int i; p = strsep(&rule, "\n"); len = strlen(p) + 1; @@ -1834,6 +1868,9 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); + for (i = 0; i < MAX_LSM_RULES; i++) + entry->which = ima_rules_lsm; + result = ima_parse_rule(p, entry); if (result) { ima_free_rule(entry); @@ -2151,6 +2188,8 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, "appraise_flag=check_blacklist "); if (entry->flags & IMA_PERMIT_DIRECTIO) seq_puts(m, "permit_directio "); + if (entry->which >= 0) + seq_printf(m, pt(Opt_lsm), lsm_slot_to_name(entry->which)); rcu_read_unlock(); seq_puts(m, "\n"); return 0; diff --git a/security/security.c b/security/security.c index 03a0af7e9e81..29fc50322b1f 100644 --- a/security/security.c +++ b/security/security.c @@ -2708,19 +2708,42 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, * The integrity subsystem uses the same hooks as * the audit subsystem. */ -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_init(field, op, rulestr, + lsmrule); + + return 0; } -void ima_filter_rule_free(void *lsmrule) +void ima_filter_rule_free(void *lsmrule, int lsmslot) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (hp->lsmid->slot == lsmslot) { + hp->hook.audit_rule_free(lsmrule); + return; + } + } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + int lsmslot) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) + if (hp->lsmid->slot == lsmslot) + return hp->hook.audit_rule_match(secid, field, op, + lsmrule); + + return 0; } #endif /* CONFIG_IMA_LSM_RULES */ From patchwork Wed Feb 2 23:53:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733571 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8914C433F5 for ; Thu, 3 Feb 2022 00:00:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242404AbiBCAA5 (ORCPT ); Wed, 2 Feb 2022 19:00:57 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:38712 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241085AbiBCAA4 (ORCPT ); Wed, 2 Feb 2022 19:00:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846456; bh=fQfW5dthVjGFtJA2gwR0MhT0Aeepd3QCgSYtlUwhOyo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=dC41yTZ83ZN+Ojjuei2pxlXmlI7FY5fWORvuJy7NgpJuVipcXxL+0lOBGikzhFUqSBTApzc9S96RlaaK8bW9HkwF0kXAsyiQohH0fIUqZT+iROnJuIqguDtt2JXaFK1tNmAacV6GWqQFsLGinV+qxkdygZq9mZYG9DYVwU67CbwL9mUkbEGk2nOQ073OQ1cw2Lu8N6De42B6eWDOGUsySWY4aAgkRySe4QQUaN57G4WPD3Xn1xg0anOME035r22Z6xG5BQQOv32ASRige9ndaTZygO73PaMScbmBeRfu2itZIdpRMxhGVsw6CQu6S4GU8yAkOtWShmJcR9C4LyNTsA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846456; bh=5JM7m8MZbB4yMdxh21LgrB95d+z3weTFMgYAuW+kQAA=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=F51KCfuXLwUFSKsCei/kSrAzyY9tfkmzvp4+jR7NPqTfFyuAFQUXcjLupm+9+pBrN6d23vHccn61tNnGOc0TNf0rRv7r+Hqp4Yi4yZuzaSxPy55DIYIDMknaFEnM0BbHwqBawaWKEJ/9UijAiVmjNEd9c67bpW0j5g58ovjT87Gr1j854+vMMqkx5Ja7OZGDfCXgyR/oBrjO+AYF0gWlPxL45qd1CNBO9WF47t/+krkOr75NKlC4VmF/9Nk0U/DfzK/3buq8UcWJcY3oSg0J6SI8mKhnSE+LQWS5jl1CPvqdrOZDb80+5ME7HWVRtdmFA4MDC3TVRKsaX853ScBHGw== X-YMail-OSG: j6sBNu4VM1nzWev4aNc.IkaUAaFKB3stnY2m9Od4ilCgiWTtJCYLW5gcOwsKPtX 4r955rCYOYU_6eDx70Z6nFccudXVc6R2dQ2sXd5quySkQhU3qH4bz4Kjt6Ju65iPN7P3630amytC NR96Hg6nSIt2kauyu0R2j4hiJ4g2j8rAosKpwl_6n02Ez5fMkwGG25Xdf2y5MP7g6A534e5ehODs YfCDwLEyYoZZtcUr_YPQ_80NwhLmfhBvqlN1FnONAHjIWFLycFQrcDLLDoPKdN6PQP_ShFPwVrM_ z2ZTCbAlv.73dDJ21O9oilh9hmGZYWvAKUJif.8WM0uXTzcwKo2ewceuTzPKQm2I.qNv83wkHv5C BUDis4mJcNs2.bzHqLbJkSNwYUta7vuvuPT3mA2Y64htTBUHJ9mM.xZjgE9HrivP7SoHl9eAiTrv L33_2TUWoyypbtQccl9IHaaA10_XdXe5tRRaZuUseVn6tRT28CHeuRqBJWajtGYIbmYHNY63iEz1 rM7Uor7tgXKeXsLvIpHi00fzjEtyr6rQvBBU5ltCxebVLaguV7IGkbpDtVpDsRYAqRdjN94bs0Wi 1S4lvvkWzY1ZdvR4LrHr8n3o3UUfnwIJsZIp2haj4XCbBpI3xlI_oXg1c9lDAXy5Z.X26hydkAoT mrPF5kY18gB6EBLTEZufe3oQl3cpqixQIvIwO5lLblWWGUJdoiZGAH.l8XdttvtmNmEnKWDoQ2iU xU3vaCNJ57QJd7_CHzFCwitO2VhGt6iFqh9.Z.EyLrFnOI1JQY4uAdkfDYBkxley5Rw5oYLj5xKT dW9I57sB5ahzvAfO05pGGD55TQgoOanE2mmfw4eAUIOaPA0Y9tuxfsPVnbv8JHPyRzCAhpcfus6O 2pTjvSTJxuYRjMGHvXkThbzeC5v1aMXs7_muyxdb6CT8CEeV_C5ZStZmb8V_YIvwccW_hhwjbn4r bqlJ5W7aBilm4fXL_XTOGWBxYANnW_MqwZC4I_CVDKfnVs9RtWi2jdcoV5UWj5BZsHXjqfF.bVJO cp4THTZEZtYVlyH0YtvHHoqkKpW7Rb8XHP7dP_B354VSYw68tSAlaoV9U5K_VdUdCatBiriG_xyY Tha21i1IFU_xTEaAkxnp6pNKYSpz34VkARJBkZ0pH1qVM1eOhFqtSh2fZw5qZS9LOT7A98DNpYnG cn5XR8ppyLbWOUbK58lkHvf_CkefERSrcbd9yYHD0i8T1szw5q761I7r_yg1O1jU8CgkyWswy2eZ LEuVDKEkx2nr2mXTem_irfs6Avej7nLMvUmeXsuzMeqrGprurU6ncOXS04fZ8AhhFhR0rX2r1oSF J92NrvaLehWofCqsZ6gj32Wwub49y9eiAjhsfPtMnrR_uulLjf7qdZ0U2ifx8sSfLeFLD1f2oN7p aSWfioxsWusqNMs3TL1KGbmE2Ugk3zx6Lw_4dU7yP55pTOnHV402hekDdKzk1LPMppSRE8kfGyrm eZGlAFOwGiHmWxwxmpYvh74.kCIKhLLvRr9wNMRtELqH1LpjHPPvZs3WBZOotSef.5tc1X.JqUfs Vj1a82ax.5AhBj2.DVZk01i5RpktSPBzIKe2HsmX6nyxBfoYfFyjFKq_dFaQFTNzENDBvPMUPi4m VcLbzX9WDyMJXqCo7xrzKDle3.J.pthk3G9stLbWXHOHqvwALv6SZH1im_w7yw6nORoVco.1wJmw eiNpvqUN54LG1HTdtQVwFobL1uq1MV8plFCTQmw9XWkGao1N7GfJDY13y_tnsliCdtK0jPRFcPzy Pa0rdkVrPR1mdC7ebEZwR7fDmaf5AvI2AC73uKeb97BYaO7l1RkZ8eppecnpEHPWARzlD2v1vkut bPJOsJEGLUQa35T1C2jTWNDG_zrZd5WIc31ziW.wL7sJ1EdumgHrg0k8ojxthCoMgJshCjrfSdX3 LBhgrYX9dzJFIUTkZfvovKMEK3yK2Tl8IT1yfc6b6cb1jqmV5YamTqNXhv6jIwNDLp8VvMe5eZVh Kgvdbd0Tj3Xn1_Y0tuafH2HV9ZY3JJ_e0SS08ikG1tSgcpoCqirBBumkM5QsO.ooxXWA4L1UfdCx sYbYjgPaySFihIEjv4IMFg1OhCwMkNb8yDFFn3PMdOOk2tQ7Mlkh0Qtg9W__MS4tEBxCcQRAI_LK 0.QqA2UNGcYSx9JE.ByNeJCrrAzc3.QaUbDbiOnOhPE3OETJ6gjqHRfVbuIHHNpfLK5lI_6vT05e Q_nF_y.DurTW_8rncyKXop4kzrO14y9yWvmA9JY1m2r2uAw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:00:56 +0000 Received: by kubenode551.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a02ef9b2aefbc6e63003d79c476ffd53; Thu, 03 Feb 2022 00:00:53 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 06/28] LSM: Use lsmblob in security_audit_rule_match Date: Wed, 2 Feb 2022 15:53:01 -0800 Message-Id: <20220202235323.23929-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Signed-off-by: Casey Schaufler Acked-by: Paul Moore Cc: linux-audit@redhat.com --- include/linux/security.h | 5 +++-- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/security.c | 5 +++-- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 1edbb362ee72..3b734ebb7e29 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1946,7 +1946,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules); void security_audit_rule_free(struct audit_lsm_rules *lsmrules); @@ -1963,7 +1963,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, +static inline int security_audit_rule_match(struct lsmblob *blob, + u32 field, u32 op, struct audit_lsm_rules *lsmrules) { return 0; diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index de75bd6ad866..15cd4fe35e9c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1337,6 +1337,7 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; + struct lsmblob blob; pid_t pid; u32 sid; @@ -1369,8 +1370,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_str) { security_current_getsecid_subj(&sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, &f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index f1c26a322f9d..e5ca89160b5f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -468,6 +468,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; if (ctx && rule->prio <= ctx->prio) @@ -678,8 +679,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, &f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -692,15 +695,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - n->osid, f->type, f->op, + &blob, f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules)) ++result; diff --git a/security/security.c b/security/security.c index 29fc50322b1f..5b2dc867c57d 100644 --- a/security/security.c +++ b/security/security.c @@ -2683,7 +2683,7 @@ void security_audit_rule_free(struct audit_lsm_rules *lsmrules) } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, struct audit_lsm_rules *lsmrules) { struct security_hook_list *hp; @@ -2694,7 +2694,8 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, continue; if (lsmrules->rule[hp->lsmid->slot] == NULL) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrules->rule[hp->lsmid->slot]); if (rc) return rc; From patchwork Wed Feb 2 23:53:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733572 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A52CDC433F5 for ; Thu, 3 Feb 2022 00:02:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230203AbiBCACE (ORCPT ); Wed, 2 Feb 2022 19:02:04 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:40052 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348245AbiBCACD (ORCPT ); Wed, 2 Feb 2022 19:02:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846522; bh=YfdUW96wvEBYALhSt5D2yGP08y9mz4oFH+V9zqwgcbw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=aOz1ewxj6d4kOCBWsyPvJ8kxpZixnYGOUx3+VqmfKu3LujgA2iUufJk7bReir+M1NxVOWf9Hwf5rpZsy9wvabBFU1hC+MhycnZnFGpqrDy1KUFTf5XvHYNU1I0+OXcKsdhSTydXs/Wmj6Rp67icVZhhxggJ9eVXqXg2ettrClZ4CxltIeXND0JT7vHrRe0d8HQ/OUTxv/76j1IYHws5K5lV2TIYIaG1iUvurJK9XoTIKpKD9w7q7qYrrmy6UUWolAtIzJ75XdtUHK8yvDGajVXBKsmHW0MjMqPvb//3uqw0dbvMIUPNrSwukVaBomAF1/Ezym9KLb4Y34f/HPGqmmg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846522; bh=hkeN8trIp7LqG3qocZkXyVfp2yx3funQIAPxb+BUmcU=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AXA4fxALf2Vy/ETlpzzTYSYkb+oN/Guqw3SAIGC+pFYoyEBQWwwR7TcXoU/SClO0sox2oyQe8rQ5UN5PNpKBPeafcy++1km+NbbrfXZblarEWF0M2TqkuEgjTU++yhBHdUTmEXjCwam5TFF2vmD3UNKScchBOOoozQ9ivaX10DZPrt0LMgbjZz6tqZGnP4SrHo1DoqrMIG+eBlpOmNnEmWK3SSF5bSCPafgNFrPeDDhy9QTC58dgUT7ZZuLkT2/IfiOdrWzhbjtHdKS8FVJFg02jcnsPvzg74Zlw5PTz3JtdnQQvyLYh0xiGa2Ql3q3Wo9ghW7MeXbr0WSs6c+dPHg== X-YMail-OSG: k2XWFU0VM1lgdtxmZjzXF5oFCol2lzXriaWa0xkPfWlhEnD8jQUA3bbdoV1iWTI mlR.1rB0zYzBw0pZU5IuQmzftDUgmSKH4ZKTl9Jd7fXWy8Q4FPMBzqpr6d8YiHafET2S9AYCdoFU ts7SI19qIY.1bdEZaTl_6HQtW2oEZydp5fOwJiZnruMGExPMpg8E.C9d93NBy599O4AaKEe_mYHo 3RgTduqH48BaYZ.bQ9bQU9ZswuR.IScaIxiVw.INDr08bNaQoEgprv3_cAAs58ZfHpMrrAF_rXQ2 q8zXOmQuXvRGyCU8Jfi0imVGzhfMQQx8LuhhryCXz0FE39AncqAHuPcNqS4Sb2FvBh9x4MN4zVM1 fawd3iL3oQYl1Evax4KcqVR1GRE2pEtO_n7bXgpAZDu8uJ6sWKZQ1AFWjkoNvXbMYokJ0pT6A95m 5C5sA6BmNAHCZEjaaC8HRH_LtFR7MVjlxZGuTzODbXGNkwRVC.dyJ.NTrJRGetPvXF0p__GWG6qF 1qhz29tdpQlmoUG7dGbuIOQojmtYJR1_o955lttd9md0ty_8wuHDkJAazhTmVUXRguP42.1RuHK. Mps9dJB0Vlam10uvJL5PYvpraqxtIqjGC2_M3Am4k9eZp5ri7rjOPfGDDjEbbLlHwWwql4CHvfAC CznA_Yy4ypFBtJfcIYzuJuVbGVgBMjZz7UUkFLt1VkZXV114ekgMBPfuBm0x1LsO4qkW534iFQO0 U02fxhXVEeDVeI4on..G4se6aNuPJyK5k0AWJ6MUFJD293Tc6wWqscUdcFcIdEWlcHSS8sWIlDTp QspPEice7hVT4UAZGE5xMwAFpfdl73hpt1X.7bMIGH.dFuyCvOGn.eXH6o9arBe2zesYFvi6ExyL wNZ357l9hP2h.Zp7DPQbhK_PPhht9MmS6F6W0u2fNWZ.bXpzuLb3iKqO4A.qcTNs0piJeTJI6DoP z4Sa34vOw8ffb92UJ.XawcxxroBFGCeEkptiLuWWsqL8G9lNPzf0qYbvUdRlnXHq2_QaB6o5V9S0 AXDGRxe4TYc2nIrExfFX_zfYcmQ02P0VRYaxhVfApMIe78t_ITfUKee5txWfNW8g9Oo8zBIBEy.k I2mKyFPxWEcklHdAvd_hPrux6OCYmc9s1ThrR30sWInZLp37_GrO3yGeTR51C2_8XAH6hAgcdtwK MCCbJdMkOUmGNnJYlX2CknIE1TFtbYjMPNeOIrIFjSeYSmwqObC93rFGZfeu9bVfBU_xXmFhxYxH 0bjZsAzNGOFK1d6uGs2EI5kR6I2IqpH3pUXK5F40HPOaho.HJYlP5asuLPdHMUd.V59KUtl2fmjK uyJ3G1EMNyXfKh_XDOrA2ASrEbfGEHeGzJT8LO8YfOsdaWUlinq242nOfeNwf6GorVaMMCYgdwWn _OeVtAOU_Qe5oGsHMCyZayoTjV2xvzYSvQY9ZgO6EKB__uQn8L3k2CUhVPrwCfKf5Lu2hkNL7LYP U75a_r9y9jVGWiBVM0o1wC7FKZQezVBpUMCgRY84vZFBdCHV2Q7x_3nWe3z.5hwu_04RArm6e94o TWM214vSoss_OVRYgam8eNKJXxVbTvdiiRuj036Igc3DjhkvFqoFiEa13n3QQgCOVIjef5i5ORUC NyFnTWFAofKhPGPOQHQQFxHXpA.Cn99CGlw7aO.5dtiqaMKGsIckcl5FqcIpBK_p8.r9pKIWQ6aK 92zQ5XFnA_1d3xd5FLZ90XsqO6ymoN24uhagJScrKJ7V49L0GfSnHp2ctM_GaBH3Vc0pK2TxGhOR _3iWUy_IQfbTXd96QO9dkdjBY9VoTS_nOExc4S8oGK7Udb1Yp26yRKCB8mTYzGdk0ZYHp_8GDRRS fBK_Ld2WhD8L5ZmR6h3rWmvHxwQZuWgZyn_YbUitTORpiI4RpdtuZXh2pBSHCC6BCZ.tZh1w6KLR woVwn4WeMEN5hyyQVlHgj8_qeXNoQ0JprG4z14MWJ8PxX1nos5Qp499E0lRmyv_PM0F.B7pKEnJL XW46sNeF_68ahJpe7BcXjb2wu9SBHe9SDJ0ifWxl4_nxtdYmhaXMn2unJb32Ju.TDuYEg.s0tnhH jHNu.MCIufXCs2nZgOfoPlvi6yPHUvYA5bDiaKa2GzjAX9MFEIGYYFsJdLbNh_mWaAVbxxZ0jNaK e0x69n_4OkiJeG7LiQJsfIMOoKGu2IwSIIl_7ixNcyCH7ufTs71vbXCh85fF9kpAyhWf9o9oRI2X 10NNz0.rXiR1RQuE7G2h_tYcRZ3h5sCH_h_.6p3VD1I2G_nv3QtiGiTHcpBsEXBRzij9MWU.4yFM 2N5udt1iTUONKwssvxjC49ik- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:02:02 +0000 Received: by kubenode548.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a665ec3aa0aed90f3239ab23ee85f667; Thu, 03 Feb 2022 00:02:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v32 07/28] LSM: Use lsmblob in security_kernel_act_as Date: Wed, 2 Feb 2022 15:53:02 -0800 Message-Id: <20220202235323.23929-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index fcbc6885cc09..eb02e8514239 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 3b734ebb7e29..4a256d302d97 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -462,7 +462,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1104,7 +1104,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid) *secid = 0; } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index 473d17c431f3..e5e41bd4efc3 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -772,14 +772,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -795,6 +795,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -802,7 +803,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index 5b2dc867c57d..2178235529eb 100644 --- a/security/security.c +++ b/security/security.c @@ -1803,9 +1803,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Wed Feb 2 23:53:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733573 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BCA0C433EF for ; Thu, 3 Feb 2022 00:03:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348246AbiBCADM (ORCPT ); Wed, 2 Feb 2022 19:03:12 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:45513 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233771AbiBCADL (ORCPT ); Wed, 2 Feb 2022 19:03:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846591; bh=dO+uGR09uRVBZct0wGFemFXV8/PJpFqP6Hvb4gSqVwk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ewUB4WR6U2hAQ3eQV1Dg57fFcrUDKZz2Dbn9umPSEjJMZAjfElZtjJHVDMstX64830aEuqoFRu6pQEOdXd6s1p8dJDrOkQFOofPoxYnvJIP66N+sTq2GAMzL7JcbKqVogPYk+apUIKT8vWAhddWRodYLYhuLfH/Ggs80StU3EkLiTJ/YefF3Z0ygMKbjCfQdRPKpq4zQ9uZjRWBEAyIs9twtGRXOuzC2Nw9Kc+Sc96Y9xV0bzSCxHmQ3kE1Kze3gD3Ax2/aCCvARHQjA7002r+XX0AM5+RodeZOPPY0XYPuhIGuQl+TLSv29M3XdkyF62aTgPP967zcRz0M9IWhn3Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846591; bh=341sz0TDnhbFtGoWwVXxgmrFzqB3h9qyOVml8UhOKrK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=BRsagEzWq7o+v2Fj8BGH+XvnD1Va4zVnWMvjRhPy82uIeFSeJVFclePVR/WDSm8UB/Mu7qMQTjLCYLj4ScgOUVx64P+VnHycIG+I/eM9wyEe0BOuufTxSqBRsF0RVfBgx5KofeXsp3GEsBdwl+qNcftGXaUE5oVdUhPAdtbILn4HvcCPIKw8XyS653CSMWzXO68BjyZCoKgZTbWW1+leXZS1BrzHebbKe4s3NtGlWjrufT973ITpsnakOXTmBnR3GOjX4BXFnVq8L2M8NBBP2mvmBt4OCXHqKHScGtR+QeyjQcZ5mblzgE59qFrtst/VkCOY6cqZ4ZtN0tJTYSlLKg== X-YMail-OSG: oc4bBWQVM1k8AFO.4xZNrYXv.G9N8Rrn3zDmmafnBnTTsvBGAMPBAs1KIF49gXx VanoH3e3ZX4nUfmLG6D5Go8gy14vogcebw9C_NdHKZrvogBbXyrwoxSwBFiPkzC2N2SGBo8XzeHy J6fT__EdS9MLk4JE0F5zy8.QyBOqtbunY0JRTZbIe9QthQwoVeVXlhCgg.GfMNw5qPEl8XYasab0 uN3gwrq8q_gTg.ShmYQwZq6EvfvPA8X6I3ETFs4ny2hWgBEcP.ot2ZfGAr7DBbmQlnjH1oujRHzQ eJnd_.2QyP5C54Czobygx78tQn438lVvnuBtUBkGWZ3RO8kCxm2JpH.oVWCozOGhEclFzmQLqC8x mVRNCzlbURgqGgF0xcqMhIxRSTLhljVGDqHNMKjl9AgOZbGlZT2B5YqyFwUB4a1uoVrOQmZdsKyb _YUXITvZuklY_1WsikPZFOGAfDK_..El8Og9EXcfS1SZmAE2kW.ysP_Lnjor6ONoNoRYHxgR7qLV 65_AxfcOxMaWKaUksfu_2U4PTDN3L.pGScYTsZ5Nb6So0gXWvokMyYcNcGM_pjy76GZaJSQd1IYK djQ8YAN6.dC0xfwT47QHtdaRf7UaltP4sMTVrDlW0Sy7MWHyvF3Hk4fIVEn3feUXqhrXrMEqOLKl z5Kh4UmwLSlZYJMzaxJxfcpAG1cncZb.FY9DqVb.F10X7aZGkxw2jRjC11BHE3VD9YA8YxnxKb_0 s6dMdTGxlKy2b1_tOFPbaNP7HqqDE7hYwc.kpnYZrQdKrqqbdK_jUfRcrz6g.4oFDlxI3LDFJUMc D3YnEITDas4_Rg8utGtX4GuEqkz1M3zZvP590rE19vZCPmTcT.sitpVq.9w5ezAvdhdoZWzE41zr n58wg61QYin7IQyJ1X9j9YPe91SabXrHCdDPzY43p2MBGQxdwcKjN3pTWQopNupinYd8EvSTVbbP 80WuYgyN0W7bhfIttiHTTvemjs5Wg0xSkZKDG_jkzqkKsR3Vv5ai.bl9fAs59CCjiUfH.66eQXvc HZSf6bXPuSifI8pnk_MWiBMu86LGGJtJaW7ThzDQykQ5_yXVKE0iAnKUQvDYsV_jX6WukTr6H.xi SNLjd9gqfkPfI5.rQ1BNUIDwjMen4FZUeAdzZAycm1DIBByRSzo_GNuchD2S6IZxXBK7dn73ZSn5 9sV1FlVDQCQpB3wdqEjts7K2QyB3g_RNPJD4Kcsu_E7l5z_Yn4JbtamDYuGDaCL4BM1NwFOkzXYl NGfWRyAkMNRLpZxKSGAWqafj8UIukd9s9g3TmzUEAF.GPPToVGDby.ooyHr1rOvLVkIw9FbCMjBG f304uR2ykXow.znw27IV8HgN_Jr2LeUhYbpCXWpmPrwguHTMRZPjdp.aBDfP0SFVpWAB8IAomMrE zrOYBLjBvuAZdiIqauLtud1O73eUtXNhOEj8cMZZq5Na1GqpM8UY_QX8ciXM84TTSTI_4h05UxxC MaakJkStOLkO4eRswOnJyu8vzZuBtew4VeGY2tmrZrjnOJloij0R0Ew._CJz.7uEyFwUg1RVwsZr J1cssYvortx9kcU20vcWiyZ9f_.piLNZoI5S7TloRyEs_9fccM3OPFW4NYu2AkeEvHQKMUF2_RXO JXNBUBb1JnwIpTfDZYpmOJQS9PLkfszhVSZySm.ETr_Ffa1qsL_cqlf90CxJIYGiK_CR.v6nXhKw q121ULilAvDhX9OUAQzcDbtu9JmrJfaAVIx8CzVYIcq0sH8wlI0WGbnT8iWDhWukUClQHjZFeuKX ApvQhjRjWAsDSbMBjwHm9OongVkb0r6bBEppD9drl2vsE03Yq9_Z4dH5RWa5R1L.Nnl9LINHKTnM qCypwmh7dS9epBqwAxNLVZkLg4N30u0u02iRWHLzrF1ZnVW7TZAs.iytlKXp4H7Wud.aU5LuShO3 LRVVtWdIJNnvR9Ra7fkYnr0UCgauszRhW7ks2VPP1re3ijsYEDknEEuzIFfHq9kQ6wgyDljt3fr_ ZB6gNDReOfbu6PQlvWCnlQjviojUvOlV0snjo_lw8lcgPT4v6KFcHjTpfimKaUGpX00LtXTLtNUr uLKLLuIKa4Iyfp8xuc.krj4S.fWHyUnJAT1K0XbTHzA6JhghHZMeMvEUAZ4vRBLAOKWpwcWfGaMg 4ee7n0LY0EXD.q6EV5Z2yWHPGKDghFgOCJQ4JYg704DTnl2KVMsiPvjrqnMBvhlY79njkof0ub4Y bqsrzeN0Zwhozua2DZc7TkkGTjokGyNs4n1bE_cGDK7ZABxRTrW.mJioMSLPJgfdsKwcdAFrfng- - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:03:11 +0000 Received: by kubenode518.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 92c78fe2d759d98c8b61fd921c126114; Thu, 03 Feb 2022 00:03:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v32 08/28] LSM: Use lsmblob in security_secctx_to_secid Date: Wed, 2 Feb 2022 15:53:03 -0800 Message-Id: <20220202235323.23929-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 4a256d302d97..085565914515 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -198,6 +198,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -528,7 +549,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1383,7 +1405,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index e5e41bd4efc3..a112ea708b6e 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -796,14 +796,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 5ab4df56c945..6763188169a3 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -861,21 +861,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 498a0bf6f044..87ca3a537d1c 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -42,13 +42,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info) static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -56,6 +57,10 @@ static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 8490e46359ae..f3e2cde76919 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -880,7 +880,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -904,13 +904,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -931,7 +936,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -953,13 +958,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index 2178235529eb..0fc75d355e9d 100644 --- a/security/security.c +++ b/security/security.c @@ -2198,10 +2198,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2352,10 +2364,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Wed Feb 2 23:53:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733588 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 264B7C433F5 for ; Thu, 3 Feb 2022 00:04:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348259AbiBCAET (ORCPT ); Wed, 2 Feb 2022 19:04:19 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:46011 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348243AbiBCAES (ORCPT ); Wed, 2 Feb 2022 19:04:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846658; bh=I80onzhH7yaXfwP7a2cDirDLzjQGllxXcwrQXJDrD1E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=sl2vn5CsnLhXxibT5i0d9OAC+MJMR5dwimCH2/9IOH8QFQMKj6V918jHwhuOqySAZp9RGuKRDTRq6FybvxzGGwRRSfm2Dqop0InZA0Te2P2e+Bitt8ASCGxOJVo1j+3cyDNQIR+/v6SJtJC3k0h6yw2ZYdjC9SWDS92ywdOnMTZgbrsUpLheaUYdMtyXHFZzOxBtWCXrWqtL+UMLAn7P+aEDm73JV7oIYusC5o91JTPn9DP5YmTjS+Y2J/h853P+AJrJQShfza925dhR2pL0GftmHQGueDskgDq6K6F6g32+aB5bcjOpZZXOz3BmeuIUWnDQc69X0a3j50ghXptOVg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846658; bh=/ZVnweut/G6a2pLmWhASOB1ZcpaUEHVDFi5ai2J15bz=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Wbe5CpCfVGPFldOyjmNSVbNp5lLHitgII5JUovbVQkZFyFuSb093h55JeruNnuo/VwLvOMKliktaE81bP0U3eXdYQvgu4eiMQ5n3GxQNABD6x8VZxc0lKVHXgL+hdQGM8wYUgD7uU0s31pXSKbQQG/mJkUzNB9bWGJqSwFTec0zSzDm5ZSDUkxEZY0ykAaZENTcOWddAlXkK74osI2BbmsgIAGdqFF8XA7HLtbhsSkwlnlY1+2iuYYFfptk0Y/c3VS4n2w47qx+f00qsEaSSoZEPRIy7bTnYU4X9wG1CGrmIzz7uLM4plvPGfulrxIZDfErdRkaU/kxDjKTXUBc6RA== X-YMail-OSG: NagP35cVM1mFDy6.WtM5HptQCC3g53KyPWLExW.mHWhJpJkNky0hbbLv1Ts3QsI vEgmKsvI3Fr7M0gZrPZ9AK.oY5FzdeZcxckkowH8C7WZwCXkm8yDlxfx3MQ2EGOkMLoVsw2AFeM6 VIeJ0T.fpd9AnU1SGNBimBvOrpNmpyFJ_XjHj8oGUo5pojAtNRVkxBFzPrsMDuqRNioo0aM.EoIT cVTWmij.HZ1FxHfeeMBCKuPP9XA_q83cbJFvfCFykAfVTQKTG6to7NewfeFyfGJijqkLV4aHPfOf 1_qJ9stBzQ7.p2ADC7h1hDkeuPheqkZ0xlbJHr1FCF2O5YF4m7Lv_CV34jxkg0kbN_Raa8tqtH9M 4gyWvyrZy_hnlFK162cwz5RUj9.q5SEzb0.e2Xz8S0SYZyaIchB4KxpSsxo_mLFZxkeOJGDrkHcH vjRe3aJqEKP6dqA9QAOK01RbByUcuIAHmj7SDCLT5I4M51rUiVEaZHdqE_NKIEsJmUUNRik5vtkX gudLGpvUg1gDZuo05dyAwTG4kUyTi6uN2tLORRqy1snnhLWuzhHS2IJLrmOShsnNQHtTlglkEGkJ Z3t5QNbwH542u9U7PQy05pNBtqjihCezewKKKeVv1Di5IRf5pkRCJYDZIp2_Gv9i1IvQiAKdvMmI b5jN8LvT43IxZPfIhfURnJUENcR.iX8Kx6TrrlbYINht_xvUHQwDCg4g7ooDobm9dvW9xCX.wE44 VsKmZm7PN17kXGPSBoj7dfdePKOydRhERWc6SY8FdVUNUsDH0.POt1aEau0MzTsRoE7dXGEFeZVf pwbLBDQnYG52BRXtTMHjjAnU03cYDT9Yn.a80OrxhJy79ro6PpM.dZNdJyFlvHOe50Fxz.p1tsmy 0hjbbBLUkcggy04j6EXHVhgNcbYpsa9N3TlXl9fWB5cBG5tLYbobPOZggr_e7Axp9c4H.Ib75DBb gG5mBhTrmKDbyexpSfPOP.ix4Cu.1QzNiF35l7XRAawvy7E4uH8b9BPtjSuwmm2HBkfqtmCvxdcj ucE52QbpSQJC_eGTlNKO0KwV6RgPJ_9hwlqVdbKxZIcp4A_co05k8oAg.8uNXfRO__mSm7TcQS_I woWLtuAKOPtA.syvEysczblE_LB4QwZQ99hOjGfMB4QRYcXPtwKad80KJO22gP39xel4Y5wiGnnz 63ksOudSJdfsLXGKndhUh3u5zHGefMMxJO7IOkfIeSNosqSO.Fs1xbSpB07ujs79hhly9iLrN8oA 1hMvv5Jraz.Dt_Z6a9l5sHQy7xvitiMPvrTwtpCo6OiqPN86wFbXWFqnXqR8tgIHpwQccIsPa94V petmr4oeFvGLt5YN.yRxF5nnABmbqDsK4MzlIeUlCa.D.UHSK9GJc9JxMo_psiczmvGup4kqAaN1 lGdEBgX09lORjmGsAq_D7Icw1IpeaIr_7PdFXurR42NHrSqYmRG22njPz33WAjJsFqYM_M3loUXx dFx9nwuFcfjFnaCPZOqmsOF2FiCaa5pVR2QZ0IcaV1D4iRIFM30fb7VM2_wHFhdC51JQuV5PkvGa HeN4pMvVSOAPK6ybWkUchfWfme3XgEzyB9OEh3scTWJKQkUFl6xIYOe867Axvl30njZnLMs7VVX7 MPSUlPvfZOHrmwNvO_fO7wQRiNkWBTS0CBLwmLX_fnQGO8ETiRFqPATy6_t_p0plNkA0Cz5sVj5P nS9UXPHsA8kP8LAlkfdagqTjTxqhyMs7cBzNCrot0OzVuX_rVAoRx42UAJkCQJQxM3EnmzDpy.hV BhHvFcvpczqRHiwksS3xa_CLm24QS33hKUzNfccCjSBUvSd1QzIOgwn5a5TXDgwudoCm5TzBQJWO y77yy1xjAivv_Hq.Srl5BDiiuAoVH2.aVethsXlml0gB5SPhvhDxErGGzCFGGHiXVTBfYHorZQU_ 5bWQKWnqx5vLk2xFKTOKOurqavPCLkKSta1.2jDYKLf9Y4p.dNaCJUvKAy.M7QqStTZeiNgNACUK ZsWby5CbXTXZz89Z4qe4C5w1PeUrSMZC.BLG.99xxUuUrk3jTWjgYAc8lZ7V6M6.M5o_bwuOc6ht HcQBI1Lde1M6mcm8eH89J9jUOZJTU1NHzq7Ih9I5x_NG4dOdg20TqDnaRpU2Z1vFKUY.gNcmenHP v0r3FaTVGMSpwXyGTk8kuABjgi3B7YNpTKC3NgtjtkmGd1eOuH8gX1R3IykcswEfeykpzoyW0IFL fyz_l7hCthdgNCAcEXmQROgqq059xCCiAOLtLNlTuJ8QJFuHmLeADJaZS_GtWwBYRaVlUSmmKLA- - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:04:18 +0000 Received: by kubenode522.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID e2553693f3b26411334448521192e2ae; Thu, 03 Feb 2022 00:04:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v32 09/28] LSM: Use lsmblob in security_secid_to_secctx Date: Wed, 2 Feb 2022 15:53:04 -0800 Message-Id: <20220202235323.23929-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 21 +++++++++++++++-- kernel/auditsc.c | 27 ++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 123 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 8351c5638880..381a4fddd4a5 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2981,10 +2981,20 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; security_cred_getsecid(proc->cred, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index 085565914515..44843d665f35 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -548,7 +548,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1398,7 +1398,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index e4bbe2c70c26..40d8cb824eae 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1440,7 +1440,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2146,12 +2155,20 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_current_getsecid_subj(&sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); + if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e5ca89160b5f..5edb16cb12e0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -679,6 +679,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_current_getsecid_subj(&sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -695,6 +702,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_str) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -1118,6 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1127,7 +1142,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1371,8 +1387,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx(osid, &ctx, &len)) { + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1533,9 +1551,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 445a9ecaefa1..933a8f94f93a 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ac438370f94a..073510c94b56 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -341,8 +341,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -650,8 +655,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3e1afd10a9b6..bba3a66f5636 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -178,8 +178,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index ea2d9c2a44cf..a9f7c9418ad3 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f3e2cde76919..0a99663e6edb 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -493,8 +499,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -536,6 +547,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -553,8 +565,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1080,6 +1097,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1134,7 +1152,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index 0fc75d355e9d..ffdd366d2098 100644 --- a/security/security.c +++ b/security/security.c @@ -2179,17 +2179,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Wed Feb 2 23:53:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733589 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5217C433F5 for ; Thu, 3 Feb 2022 00:05:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348268AbiBCAFX (ORCPT ); Wed, 2 Feb 2022 19:05:23 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:46740 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348264AbiBCAFW (ORCPT ); Wed, 2 Feb 2022 19:05:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846721; bh=U7o6iu0aiGNCT9KjovMFIdMhHKxbc+wRz9jMKeUUcUk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cXK0efDBffWpAPUqtHSXOtbf0YDzJ41uzKe5mmY323BDuzu9rjpxdByzCEHNZzqJmmuBRWhi/2tUhza0vmPgJY6mjIhAK+jiQAP0oa+u+J9DbRW6FrXR9agsyRxkb6dIrpSNg39vOQEZEqncZBz1JxOkQj7mMK00ODcyP3p/3rXG/Sy3m+/DwDmBxCMM+Kt/IotGqwfZYw8so1vVtREWDmrAr4+3OhP8OkRyWk42NTyFKzU9f4QWs/uTHoPZJrSMutXKrosfmOqaaRfBMKaK4csdW23GWsF3deMSz5aRKYK7337vTkP7bSs3Yd7kmdg9av6O70OWlU031opkRenLUg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846721; bh=fi+il9McI471DpB8qWLNOMb2tseOdryw7+GaU32Ly/B=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=orEpZIxgqLG1dx8ZrJ5koLs4scji3e5Z5WmCCEqx2wiPP6sARE6nq3LmMipuabVxQYb1Se4FULC/6xIf5EDnaE6STvT5q/cb/8E7nUTCMY8PhtuVCdqQY82PC4EdJnFV/iLaltYljpmNONpxFW/4GHLm9ftVXc2q0Gjr5RV/j3XcwHAgQOv/BNEARDJvU/M5/QYfUUcKAkf4fVmUfEOxNF+ZQFLAl6tp7R0rJ+1Zh8Bv+dF3Xr7+TEEFNfpPzEmC0kJ5peVBprRt1N9eCtrYaSNkMc2y4sXYCS7us9BctSli51WJbH/5+84r+qmxwJXgNsN0GQew6SYNJn6lYjZYKA== X-YMail-OSG: oyybyQ8VM1krzzjVGyPBWEwJFGABFQm8dk6BvgoXLcFd0vfJZOT0wv_6aEdXD6r Md3whcA0V154Z3BASctJ8gU0o9X35Mccp7KVXwWBWo4dFB9QZFc5JaxvTklwOyWO.qJiNv6eo_j. vKUuZb4o6kDAPIQhHpYxu.xEt_yGSA7AoEhugtbyBIZg7s6JhVGpsKfwREUPaEBPRwDRVPbXlw.g BgITsZr4OxZfD2QBU5ncmGMIhResjrBGd0j7PgTPhB8t47TQI9brUSG9In0HYHVns26qi.J9z3xE MJIXqUq9uY0B3jORdCVY0MgIQWEGTfGiPCGEVINxJLEcg9IbFV2x_pTKJjWHJoj0FNK4Bpv3Otja tbux0AjbTr62cqE_1z_hMprYSQ6IJOZfd8.DOwTXbzzN3WO1Ej1Q7UxC9h6FWQKxTuzcVDCwLvrf 9rWd35QI3nYbJnZZ0YxtWLrHp0DIdgDQNl67dcMHf0HVUW1tmr_oUrEOWpo6DH4AVUbcFL__CEEB v.21rbNcl8lVrnCAlL7SwyGCzyQupsMEC22AZSagqy77Lz1Dt50KkDZV_UOySb3fn_BdkLTgndfd Mkm6mT4HUZCrAYDwa1aJgfzKwtVeqXvCGi3lxc25Y25nHhzZan.gWwO3Jj8raRDw5XecEAHuRGwW 9Jq6B_oM7QDSAJWn6X4u9lnP0QQPVulSoze_X2k5v.HoWiqrmBkcQSwhrIFoDHsoAq1Bc4XXRcdo 3Y5rqVsLhNfpU6FRER2i74kzqI0DRIXyp8x1itZ0i6Wy4UnbLUS4WWgN2Dwq08eQLWwGn0DZWlNz Opa.lpurC50osWgceejFlWhsJstFW5p_MesADnHErrCpU9ogVPg.4TgUwKu94LXKDHq3Y.bZZMMb u4Lv2memOx.uuVXYqXi14jR8L_tp2lrGR9DgYuV93U_HWF2bly3kyQaaAjtF_7TXs_6LfCcL5I3N HKqHpwaZ7prk0JTPMjUSt4dEd5hOJKfkY_11WedOvEpW36w8bXm6.mVsLI0kyqNzvM_Ai5N3BRA8 qHEPbPIvZEx9ttYnMa_Tm9zD4TQRSxVi8HdqHmI0YboEcY9WD4TPOdn7geJvRwpwHCyjNOHU0RIN Ha_DJmab_g9KDvudU5XULBEIKllmhdu5t_1ulNTbFweRIV4.1ruirC9KIFOH7wIvWdPy0jqw_6qL 9_RKCDOhTpDPs0rC2CDisYvvgT.aKYa2cH6IDIwFuCjDb8YNqgGdxsvZZtHK1u8kuYGxnCqZaLbG I_jMFqZTGD1HSzFPDy4S4fB5AZK7E5uVnKIRJS8_xGnw4gXrj4KQ9nESgASAgmfBtKWjxTJPM2DA qC_N2Zgy5WUEe4K.6kkzlp5sURP3YkBIzvTKxmrLKOD3kszdJav520HcKG.co77DWVcfbnCOEs9L 9_y8sSzR82ALMVOLo6r.lzItrbjrcC0Rz6UojhmyNlf.amypZI_kgrh3sRSOUnYNNUubjhaO2yDY 3zzijB3VV13sdtAVSG3SXD.69EIAt0Tg1cK8mcFIkNuRxZeKJMA07HsIyQjyivQPZvpjll6w_q2D goq8kFHG0jS_XGymYtVhORtWkix9BIUDy1vW.pcfsXLNPgp9NWSq270ip6fGyBcsj1SFRA6jPNn8 Zpkb9mEfGRbbnZtTcgIkzpTd_C3F2W9leUEWbOkxS0k.qCzjdyRMOfZ_psXNjwifh6zvoOIj4C3G t2u6VmQFtvWJo..ylN3enX8dRWBax9P6tpPh3UQHQqbBGzcqOpGyU5mmjYyFMXgvDSAQjrz8DC8j A6Y.5hbqts_SPnw0UJtLuVygVx3doYbmsYlzz.APazcn2HvdImyw7HorboZnFOt4eKk.sdLzRGBk HUqmDPxYaIsl5l0ZV3yD0D9owVb83eWhfbUbuGaSLl6H7xpfrhztyHVOdLd0ysHj7FKAwda5nGB7 ZfVGpaSzMlOZe1az4LLOyAeFlzcArKi2SBqILVDFPEyjokZ7QPq_vAvxAd6YkNaWKVMcH2_5E_Qo Crsu.kMBZtOstiWqfqwhg7XQUzKFm7L3loccdNLqn.xgJcJZNkdnUhEtPSQJMfMpV9DvfbSGlWbV InnJDf9H7Uw_ZgbyJOP_11caFW1JTHB9Tdjml1ZgVVbpdz6Cefdoqb1Q_swByWh9lar7VRSwVxj. w89eQzqQbfaee.Msf9G_iVY18rSUTSHzz5nHpnxl6Jf7w9IDtw7Xzh_2fj1bUi64j.kTB3ROaFEC mG1pIICgeGnz1xcYmSlX47WcS6jGSa02HRByFIgISJxBhBU3wOzU- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:05:21 +0000 Received: by kubenode514.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID cfd0a79a651ddfd5d30c37da48c43da1; Thu, 03 Feb 2022 00:05:20 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v32 10/28] LSM: Use lsmblob in security_ipc_getsecid Date: Wed, 2 Feb 2022 15:53:05 -0800 Message-Id: <20220202235323.23929-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 44843d665f35..62178dd4ec08 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -519,7 +519,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1276,9 +1276,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5edb16cb12e0..598e0de45b04 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2610,12 +2610,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index ffdd366d2098..815200684bcf 100644 --- a/security/security.c +++ b/security/security.c @@ -1999,10 +1999,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Wed Feb 2 23:53:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733590 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCB2FC433EF for ; Thu, 3 Feb 2022 00:06:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348286AbiBCAG3 (ORCPT ); Wed, 2 Feb 2022 19:06:29 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:32850 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231229AbiBCAG3 (ORCPT ); Wed, 2 Feb 2022 19:06:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846789; bh=EqNFDQMugZeGYTvYoJQnN0P9iZgp/6AR/4bWKU98LdQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=bXmTrmbedLLJ2Ut1FtaOw3ZOFk6d0E+1MFi944Sr25P0uQZhBsAI9tmCqg4e+BlE7l12ul6N5PfLAKYOiFikeVHD7eW4Z01OBqpb0mGw3Of2uXHhdfzBAZ1oxyv1JcZ42JRqNgdwAPQS6JbnrpHfjWDUzP2zGZsmansICQPZwNX49FvnOeIljsIkJyr+Ejkx8pyPAbGZNhHMTERlDMRjw1jkBXSEjli2F7EHps8sqsxNxuU+gM6NgZLrrV5pahJOEH67j1Ay6aU9YpS2x8DuG0C1Zo+fE5yDgzRN+PzRUKO1O1azB1L5HC5+yWqDq5m2Fi3NLuC2eZ84fYALOasfmA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846789; bh=gCTTO8q6tJuTejmmTs4I26sZpe886BpjN8Cmdfr9NqS=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=U1lc08X1JrjeVyqPS8PFInm8cdz+lwZ/gzVeinbXlHgOMf/2l3MUoZ5O4YN6FiVqKdJBg4ssVRNckkayYBDEsvTKhX4n32LnA+VN2pRrsQJbZ4ZnDawZ2uWXumPCilcJAfEGJELl70mE8X/2TwmstsveecNsnbo+kBDfz87XvkWSTzBFe7VZgRKNddMKtbrlZZ+vl1Yy5yBEgtdH0lnWABv0odg98AkIfDFWQMRGQYSHT2/AyX44zpLiMRenciu9nt1JrsSpvliDQDVZZ4Pde7gxmh0qS3sCIEzG3b1WG0nV4NPsc1V8Q4izU4Tx6+Km3418sgXSTHoIS5fqmT4sNg== X-YMail-OSG: DtT5mAcVM1mKx30D2vmR_TtRmwlhNHlZBskSVZW2bEhNHBUDMR_Zb8HXt7ArkV2 OPIsKGqFFgobglSKNMmStyXp0ELbFS0Wpe_hCPmCKifXUxQ8604sM9u6UU.M91eJcyQNX6eJwRMO _BjhmtPMxi6GZ3XFqHdaX8oJbiAMzX0LoKaiB0T1mSAbW2_QnobbNdKYl3isBqD075n8nyIZOoX2 Xk2d86hCLeh5iTG72P5a._0B69nyumfpHwGftI4H91QfD9XmciBo856EDbEhMZsIjiHiZc5ZGeFh 1y0QPTMGGsPzy.ZHj4TnfDqXE4i.hcOFkTnjZSlig540KXQI_FSUZKaQc1Ci0qqXwUP1DB8gFq.B NeaT2GTYt0vuDB7LNUvCicOQUOkma5lRjbK67GEQRQ2C63VT1GmIwC8o9nT57e4fZVR90P45fGj6 Zye5jEKAIOmTAxjbsVeqnV7fKfou9FESDZqi_4H3Nr9.gGCe1iKSU2WiP4gTr1Q2M7gXB.4U8By_ pGLxrTlsjvafzs5xoM.RbkqK87ktc4wjY9dNKzWS3UjKR24aQBJIofuZy3EXUMdlpHJHEONLvrRC HdsF50.7cAZT6Jbpfqcv7Z3TJrk_58jYsnbPA0fcykMWXz6Q0tV9ptLVdI.nWZa6jf4EpYcXMDvI I9L9qp4Dlv5M3N6U1RFYe4PG5mWALqfrByHfc_4adqDDxCpkSH6OtN3GMSRptPJlpbMfn7QB.6On oNPknGvobsbbILcOhmQT7Wl9mepZF0ZbQIySYuyo85klzBcPz.pjkP80sTvng0eCF.0J8DGS_RRx HVb2Cn35vrfXBPfqVd237CHB66.DdPDRfGL434qAZkxlg86yLzdlF5wjS0PnZ4.GE.ronQbPA7Uq .MZhu.r.Xe4I4PjbhgkZb2GTrDoY4pCz7fRDZANi_6OzGI86IJSkt6AGPrAKD3V68iVDROyKqoQ_ UqokZCMbqjKEziYX.y95zMzWA_r9lpv4EcRlHSOqE.hkgYT6nv6Dvnr1gmqCsZ7dgtRIs1Ldv4sV n9zbR48cx6eB1k1Mcu7BKd7RkRf8CWarrml7f1oWOTBXFjEk.3mhqsLwVWWanUFtkRi6Q8dCf034 sXcl5t7Aui8DvON2910ZjJBvIizuw17QtFFGtyBzf4XackaIMjtzOwx25Ltr57mvdv1udFpKRRct KWG3Sm8LyEPHyqaIxYXch3o8bPz9TkBUB6xM8m9.j_HJrtCGjqrBWGKBp.WyFW66uoyzkDHVLCXo vHE3KyRYqkBa8981ciO90mBSUfqul128vaW2V8utH3b4SZjsUOLWpnSqnxstPSVM68MMkbzbfzOJ z3DsbGy4zW.SdsWvkO7L5cz4LZ6kXG0.ok7MSaAAeZLzKOpdN3h4LKw4dEzHeLeb6..ndWnJljLD iFgeBM91lKxXnzgN4Q0D1musB7Tztz1vIrukvaImcqW3MqhZvEAZdMqd2Tv953tvOe_9Cy4CDrJq oqyfGZM8_ynUkSSMtVPBUZhE2v9_itP9OwxkrfE4Du4IG1itteOHS3oWP2TYb64l2tKqB2LUzYfO Fej20.Am5Fdpf4ddFdGesmROe2KFgfWxL7P5kSNrzV1prXjH4z2.IaLDXASeRWN0Gf.vwS1ssWiz _syz3jNfutbYzBSd0Q5VjHUFeIg1.Bx_iP5G1VYTEviRMK3zN8o5kBLw_kCtpFQYaUAcLrub_YqQ uef.t38pXmzvP1vsPsQu1F3C.YvM_DNK4e1vnDRgaoxYdzDLevhKvGlv_mrT7HXEdqntGRY86q5K oBQyJTzlnWBkZumCnvLH_LeePXbKlafNBdVeFkb3ihjzmgaAXFHBRbjACx72ny1zX854mcvu26bu 33QJfVZsO48cBOVzoAE3jlOoeoqjGPBhqi6sASIPWfKbLf.LVaN.Oi37HQxxXFGRhI2nH_HYhJHd ClgNEGVCfMrstun.pKacG7ql2xSckcvdk40QzJQYNqe9EHheUxmiKFVZYaWBIYzOjn3Ui8cq.Cl9 fvzF.MuycZ1hKEvwLLJX_IS_dfY3DuwWvY2JFJfI7pr4eGTfuhX8ZvHcOsznr3clsoclcsGhamYG IkNl9pQt.twmdS_413ZXPApcdHAD2O1aAAeJ2HtXf_NAahG8eDWEYsKTFW70mIx.L3DkPtIjFmoq piHb2q7GO3eNDtuAvSd8oVgKZZgcmf4t129fLRALZ50RqRmvaFBgMwu3cADnVgod75oEYnmai2M8 EjGaqqcTynFSFfudp08_bK78R9Py2XYw0nbK61c7Cnlxnm6IaEP7o10RrilIKxPdrLFPMp5J7JOD 9t70D_Q3becMfxavIJXREisICXOmFZBDTFyCAod9QwdGNecAnsshXf6Jufg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:06:29 +0000 Received: by kubenode531.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID eb829be640f0d55663e1620f1812a18c; Thu, 03 Feb 2022 00:06:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v32 11/28] LSM: Use lsmblob in security_current_getsecid Date: Wed, 2 Feb 2022 15:53:06 -0800 Message-Id: <20220202235323.23929-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 13 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 95 insertions(+), 72 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 381a4fddd4a5..bae8440ffc73 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 62178dd4ec08..d7781bda147f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,8 +501,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1198,14 +1198,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 40d8cb824eae..17ac6e74b5bd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2154,19 +2154,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2375,6 +2368,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2385,7 +2379,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 598e0de45b04..2570bf5979e0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2712,12 +2703,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2733,6 +2727,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2744,7 +2739,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2765,7 +2762,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..c86df6ead742 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..3d5610ed5f0e 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 17232bbfb9f9..217d20c60e1d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8c6e4514d494..6abbaa97bbeb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index 815200684bcf..e33fa677181d 100644 --- a/security/security.c +++ b/security/security.c @@ -1909,17 +1909,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Wed Feb 2 23:53:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733591 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4EDBC433EF for ; Thu, 3 Feb 2022 00:07:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344066AbiBCAHf (ORCPT ); Wed, 2 Feb 2022 19:07:35 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:40972 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238012AbiBCAHe (ORCPT ); Wed, 2 Feb 2022 19:07:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846854; bh=Ofx+zfV9kAlt56YC11tGt2YOtlNVLhFarLMraLNfSiA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=LeaN/Mwf3Fu/46HOknNArm6a2N1vgKXPyhZfO8tIHzTwJnlaIq/7DRWHBWL42hmCfAkvTZvO4iCBpBBKSYgW5+IcdBbAi7lEmvy0VnpG+qe6UCj48/KhB5shN6Ika2lxREDlWGODQX3aOP5e2JSI13yFOXybR8THsPrKAJY9QuXM5FMlrWFil9nW7VFVKv/z9u2leWUw7ja5apI/CYM65XxtifRkWatjUr4DjOfXZa1rPOLEB7bRKHZ9Pd6ktRQqVwk0BmZsJEFRZs6syuOAo7niPW/xjXK9qhIeFFDoEOX8TlXSF2Y+M5f03XWat+QuSC9nxHpHi5bn3jBcxkuXXQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846854; bh=USgY/omKIT6FHftzOwuaWl0W1FAmmueUGibLpKVLU3I=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AfQnVo+duFRtB/eIAFUuaOfhgkT+1cIuJ9ZVfABuRQWm9jhT/VWMMr6lWWSd4TCzHmIeijM59OMr+pAPcwpDF15HiRV74bHPiqsGbdyM6/UBziD4KaTHLKc3pBJM4IMrC1V923cjTQJZuV4zmlsHGCsWCFxVTSidP2PgLBk1VNbCy2/uXp6i21aFkw6b6B4pGygg3ZE3o3NepxPn7FuuM55VWfGdUo0bUc0S95EmzTryuCtfdFlcQZz+c+FGpmWzpAWGVtFRMGlgYmnY+1mJuRimFJX21iwPDkNp3pNOpANDCI0sMT/fNpSNq4jGReaDYvFmRJgpJRGfw6E8k8COCg== X-YMail-OSG: hyXz7kcVM1kvixrw9v7j9Ra.xOXS4WdN3hT49me5c2dUs5Ojkb9lCBK2feBLNyk Fi6iFwTpJRa6b5.I9HtFnfoQNKjRZmPzPtNXGYEqojGdtCf8WgpeEFSVjP7f2PaHMrvc4tmK3Vxo 0VqLYBTFpl2INboB4eeoRK9cHF_ZH34z0wauLWIOGUcCIN16HCdd3w7LEQ4RrNz8m4VDB9yoYNFI .Ljkskt1cDsHHZZPvBmrEHqxZ13xBRW67P0.pAxoeDw_eZTdubP3J8UwMDmMyd0Rlh.vWj8YMQuB poXc51JN_6Ui_85VudbtcnS2uruM8ua6vVcKxJiJWXruOT8fqcGn7eQ3q1PgC.WMTH1xKa.e.a9d IS0AvoTOxPN_CVv2WwJ8uCl3L_pg1XFcUggLlO_ouLAdK2yt08Hp02nPTkDqdBaLln7EpFspxnoG Q7WUk9DnHdIQpeH71bHjLKdmCB_bzi2OrOFjT17uHlXdiY31892xGNv9psbopb5CoQrzcBYDvzDG IXLTobLmH2GL1wkaYEOEjwLKvzpIzzlLocIV.804a0YhhNMPR97OdLE0eEqA2JkKyXSVmNp_yelt D2o9UQFcZw1tL3P5ZlNBh3htxiJ1vCJB1lNDXuNUQrbvdy.rd_D37wHv8YkbVWCurmwEgU.HQgKS wKKsEVwqU2iY90mlEUgn0GRs7c4LLPGsPjCEXcns2NcfOsHZEIpb984uJoDvFrle8Q8n9DnImdh8 wKrKzHLaQVeIB6qn4v9anzeegez4gzyldbPuoWcGW3oigRY4EO1eusiElg3QP9pxJFqKFoVRWBx5 SPPclUbH7faiQqEIhEHzVzuq1T7HCmhlaKv8EWE3pn6QHUR9OxSBd_w26_Ee7.kQyxx2PRuk0DKO eCWTqrS6e.SHKJkgW.OUwB.VCzUByUBZ8zX8r36IpCFFW2j6aAxk5yPYrGrHQuwiD..FsO320dc7 NT4_gkwXOiq7KACOyiGWyYZd7AXkwLAD91b9elEtsqjGKEXgmUwP6udv5uqNurz96H.xJh94T7EV ipDYLIulRxrfQGvJnUOstek0T4Ka8Y08Y.a4Vfx4GF9TSfhk.OJ24Uhh2jQ9O.VRB.5nROWyNViD mqJg8T39RaelwA7ZCa8qtf9NgSd_ui9nmxLbj_QJwlc1cGQBYDT5atjen.neBS5eoRjZPPy3QcQ8 9IZAKOA6zog1f.alUEQLLDmsrMKmNyAUQ5epc3qiDGoAEYPH.qy8cAzIyv3pkSGCvJdPMqebRm5J SF.cCEr10qtGW.frP97d.iP2Bh.fQacXlT0MbX_HHktahimmefLgYNsHOBmXcfkIg94c00SZzHxs L4rqKJ5nRQV6qFg6EwmzkCGNYAITQvZuO_T.jPTT2NbFkBze35TN06k0O_JI1vfJCdLepmwJCyOH YCt.VvLA9EpGv2etaKM1hoys1S2FXw1itk.W0DavBD8KB61FYbLJq_nrP.JcQ52T7eUpx3qiCuR2 BQRdWs4pg.MZYEycOBHbrJgRqHW1DDkSJQ_tXnbdSuGsGXviVxTVJaUY7AtuIR6sukylWImcQw06 6jStfKHQ9bdWU8R_25JPM6Tx49.6n0vInagHq4BjfyCDDxKFxuuWXL0XP3VTsmXMzmyb2xFzPGF7 YdRAWFcg.cIv6dO3liloQcqTtqfUQZBZnHufw.jZBUfSikRJvlcUz2IwPtwsU4XYnrh_oel0YymZ xiZNwPB8D.qyO5WBrXVSDwRRZ7GIuYURdGmRLIQiyCovNFbt89liKCTajVmRL3f2Mx8pK1fybUeg Ik0bI9yKR4IctrpXk_VkuDL8.UvVRWX9zsL4rHej1Up9x_CDNJc1XGCHLnir.0Yq94WTga7hXa0U DgXB6VF3XGFLEC5EyA6YbZrObwqF0XZsC3r8mQuGlJ4A2JoN0lPo9ErgV2qgbmFZ.pQnx9YLxGu8 y5t_xqhP8ICZcyXoCdcW6A0WQzkRz.frA3ti9A1la4klIveo5CunmM_2cXfpuL5W2ELc0_lE_VbL CoNluaXXCj6JKMtTVaju.jCBDAHuTpAg43X2U1khE3.qYYJf64oQQZwtgNYDBIsVH0bbTU5ywXcS ImQbNb4qgoHmv9LvZ9f6Mxo9IjB68fDhy5Y3IGGIjvaFQnXIbZfUaBJ1lqDjStgVn50sS0bQRvoq NQbJdmIBuRK9NSqt51ze6LF1JREh0WQYZ7NlAr8p5yyKYGvoJebuCMrzEajocZukmpHHmmeNDPrz 2.0RDR8XUSxdS7t1G8_rqoEg6HTXDk0jH7CIXLM.Kt5jVDeNvyg3KUANPCXdghqcpAkMPG4iVqrB PQw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:07:34 +0000 Received: by kubenode529.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7f82dc84f3bd924cb223e5ab9ecb7cf0; Thu, 03 Feb 2022 00:07:31 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v32 12/28] LSM: Use lsmblob in security_inode_getsecid Date: Wed, 2 Feb 2022 15:53:07 -0800 Message-Id: <20220202235323.23929-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 7 ++++--- security/security.c | 11 +++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index d7781bda147f..b0d1abd082a8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -455,7 +455,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1001,9 +1001,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2570bf5979e0..6cd15abb99c7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2248,13 +2248,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 22952efcc0b0..34ecdd7b01f5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -625,7 +625,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -637,8 +637,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(lsmdata.secid[rule->which], + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->which); diff --git a/security/security.c b/security/security.c index e33fa677181d..0253c925a272 100644 --- a/security/security.c +++ b/security/security.c @@ -1553,9 +1553,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Wed Feb 2 23:53:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733607 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E5FFC433FE for ; Thu, 3 Feb 2022 00:08:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232876AbiBCAIq (ORCPT ); Wed, 2 Feb 2022 19:08:46 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:41589 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241081AbiBCAIo (ORCPT ); Wed, 2 Feb 2022 19:08:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846924; bh=wg/PA+wYiVPS2PsI9ZmOeIOSjgBmdcwIjtBH2wMtzN4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XJrQqnTe+RrpIAAb3Z5mHass1WwFbzq7MwsGSIYdBh3sYqyCU+KEACtP2YSc7SaELTy5/nzDVP8cNrEJ1cHpmtN9BGuIecxrW86F7VCx+NcXcPNnmBwIyERbjJ3gx2BBSk7jRQ3HOv/3PaDdSk5n3C2YVoCPaFjnENaGrhfyRCjfj/kLB/YXS+9mLewN2UsJSst9KD5M7GEX24O9SuSIZEW3Wtu44fjE7MNF+gfR25xYxAIvnBgRiD8LS8zoWCqzoPRvhz+ZiATcpVQ2EMwuyKkqH+z+N+r1DMqs8n79CdARiIRp7wt/47DwocSOMqjPwQX+5YE2rDM4/mwAFosFew== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846924; bh=PpkZijOtx2b2q0jSkVkhViW8Lz/PHx80bwGTddy1r1p=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Nrh/6Uf11fZE+UX62sVLTWNp6GKpne5gZkMl4ZIC8kR5dyYGOrOaQ02O1rmqqsEDm8yw1GXB54iuTeg8a4K9S2GEiPjT0BXcsJKbQEqr0MbL8Lv4EPanNzBaKsqKTQTZ2WEmaNu1IxZe3yy/yDd4lQu6CECfi0sGUfH34jnOtPrl08AUKPZcDv7wQz7oeoR/eSDuAhyo5JCtknH4B9/wW80FyEqyg+sB7benXVnUZ2onG3yVBqA4p3JJA/6ryKGME6C3EayxzpEy1y8oA9uifatrTSmP3NwyT1bb4mCoNpsbXvsgBkRoZTqAg6nccujv5+vwb1FlBjvCrpPOc1EUjw== X-YMail-OSG: LBE0pocVM1nwsT9cZnWgjpKGIUmfdMMNcFI4oQpjYBMfgEm0Ku_G_YJTDXGQaP. xZHjSXMTQ4hYKL3HG7Eb0mKZAszQT5volm1ttVxNcLWjCCKq1rOReoRY_JoWPXcg6neoBcJbZs3T OELeO.h4bq3CWYvwLV9aH9xu1GYWEckSKkzK5FVd2aCc9F9qEHDkMvR6g8ow6dsrF3w7fTRKxwGe .svDTXhwuncqgca7D7bcRgAzM_igJFEhrM56EYjKJqPQd2M5OGYQobsnkUKU1M.HvRhVkKVax4Za TSVZGikjfSu6fYUuiVvASTbHv8oaXmgnjNLyFjgwcPsV9Fp5P0IyDCMaDHb0QBDml_WjeFm7vxo5 3LX_q9bewVkCAG2T1ZQzXqa8OADpSeP8b8awIgPQneYiEXUOADiFbv65b9neBeHnSNe_9YN9lFEB ZxW4jMp3voNVpZ8JkaOStsMXvon_qKYhRIzHRLXWibzykUJkXc5MkrWpG.lxMksoS2wOuQ1OYehM ZuqEADYV8_MXD912_6Lb4cKSuz9Zz0v2TtRpRcbr_a9jmxUyyAu12uqbbfQqSwA51LJIE9oYGT55 UsowqZi.pi0PM9tXqqpL7dU2dfQlB6iLFCjeObDHRCE59jIa7Mp9R.Wi1wPwh027Wqqw5HtawJGX 6EWn3FxaK8BSHn_kSsBfniU9Hf.bTWmAobxCS7pCfbGi3ge7gPGoLjuYmNEa8kNIAA90ZNEums80 Tj5tKNX9UxCzJ7xmyMeJ.xl5byeurcOsdCQPPE35xrIAHWP8fH9y6iK2Y..7lRRl5daQ1wPPPk.. 1PWAQyiZ_hozM8CkrdVlLez2FfvRPwPriVeCyUR6xWmLMsRPWm.P0.RLzZZLemM0tSUr9THsVAM2 cuJ4vtZUAAwdLM2uxMcVqIGcuwFWbIV6nP.E219V0scH4blKj1Fh71cGpBHJ6FV.F4X_qONY2Kqm r8xgEhIgGPpp1LwOEL2B0NH_xts8Q9mW6NZ.S75wiLac1mjCVwKqumLJ5fUmLFt45QOz4MU00Y76 UZKKfc7F3oaFKX4G6G5017y4UzpFxu5tTvbjLPzXNR8m2EX30c.PfrBzdzvMyCo8Xbb5v2Dnffb. .tC17Il8Pv6o6jbBTbWTt5da8gBIiTs3hLYwTxlyQJA_4fPfa2GvDpwO3I3jBwRZS0O2ekvj.Nqq eSm2yv8qfc.8gGxuPEJL7ZbBqNZeGoo2OT_6JVOKdeFxlXsQ5eHU7tBXdoZSz6Cul9swAD7oEdJd orrznMwK3fUYLXCodbUULmki4true4UL03EAIHYioDxHwb6kchr33Kh5_SqX7I48pwm3S6n5ZDvc B3.AHN6.kZvlvbt2fdMhcLP12qmffeL8x8VT4Q4vSDoUySaWe.sAxAQL736hYnLclQkwnrFCwbmY QZyb3RvCizIoq9pJx_I.iddIMetqf6X5eoCkbwXBRTUgYsHLzh4tePXmg1wusoSUCc1SHwcoFgcL U4qjRYoF8j5grOYyGsmSaFoPRdfb3kmUKO.WBOf0zc5XAtGVTQUvFKXRhxooQ2eoicFqRkuZ0GZE gX.PldRXY6zv6lz6lPBkoK51oZLdV8lhAAW5LAMBbN.vCWs36xcU50u24Ubkvond69ULDS4TnAw9 f9UGHsoLUagy1iF5ld6NZnKeQiHsFMwgKepiY8C1p83DeBbTBFeXnseetoCPuOrnYTOAM9_KxReM 2J.neVMWGzcFi.nt9ckiJhwEvEeJUMyKPqLOXB_pCsKtmEyK2GtCFrQclSMiu03YYMeryX_G9pZw Ra2K_umNgHaMxDrqTGY7xFlQrTQpbMY3nDtqge7Bd_BZ8g.KoKhRqoJeKlwU1xWXDqVenTKqFt_u EQtjAD22_crQTyTKlGUhrQGHWpYHKYUAmSWRhHbu8m1ZBEuLvEScofNBrdqBb00PfIb_zy6nxsTX Xgv4GKNW.QYLjCAdQSSTk4gVLuqRv.FN3zPcERD8AKgXrMksQJyIMS21qXEQwb_a.tc9Y0Ck25Yp NnhOwWJPgbkukFX27La0iQGG0aeCHCS_AWVdwV13_J3_iV.AHlJgIvs10kwi4Ny9XjkaspebTisi wt_05UDNN.BSDVDspWq7cjrwqCmMg4AZc46CXjrhzpxJ7CK3EXgAt8n5zRzPxN8dzwIt1bZxvxu0 Ea65qLn.35hYPTjXsEFsLOa10pJ7u9wk3DwQ9Z4FAIm2j9libOVThXPSNgVg75SWO0kZFArwdCTD 8Hs_UL.bId_no4yS1TpY6zeszwGB7JYUah8BQsnM74buT18psSjPDaqzUe2XvVJUMT240tqO3IkQ NkQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:08:44 +0000 Received: by kubenode522.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5459f2ad3ddb3315291f4b33cd876728; Thu, 03 Feb 2022 00:08:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v32 13/28] LSM: Use lsmblob in security_cred_getsecid Date: Wed, 2 Feb 2022 15:53:08 -0800 Message-Id: <20220202235323.23929-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 7 files changed, 36 insertions(+), 59 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bae8440ffc73..26838061defb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index b0d1abd082a8..821e6011c8fe 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 17ac6e74b5bd..c7cd039e258b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1439,29 +1439,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2368,7 +2360,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2379,9 +2370,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index c4498090a5bd..527d4c4acb12 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6cd15abb99c7..c4c3666576c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1762,7 +1761,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1771,7 +1770,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2707,15 +2706,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2731,7 +2727,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2743,9 +2738,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2766,9 +2759,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6abbaa97bbeb..93c6addd8389 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 0253c925a272..27154c39d109 100644 --- a/security/security.c +++ b/security/security.c @@ -1803,10 +1803,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Wed Feb 2 23:53:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733608 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E71B7C4321E for ; Thu, 3 Feb 2022 00:09:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348322AbiBCAJs (ORCPT ); Wed, 2 Feb 2022 19:09:48 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:33406 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348312AbiBCAJr (ORCPT ); Wed, 2 Feb 2022 19:09:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846987; bh=j0G0XiM39BCNi3+UG0p3X8S4z99uZAvfdkTdYxxT3xY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=PLu4P71c7fTo3/gMsb+vNXiLpYoU8q692s4ixokUZSYcql4EsKh3PPhsG548U8DnJCzGUGKl+VOFzqCd+ts/3UDFMKPKdQCzV9Tcv9nVoK20VUcKd8xshGLYPmU7eddOb3mp4bu7UWyN24PXEmR++Ef3fTmGZJ761aC/KdE6uu8BweW2fJBKuiBSyC7EeXECaKqy5UmefT939MQ/cEkMStBor2PzSqtduwWghrSZom7Vlr7o8M0SQG/xSJ1YrT/GPjtIE+psN8bpChlFLvGVgma/nPoFiGGxF2RdM8VnJQ+NA60rwK8qrRGPZm6sHLpTi6Ok8DvdKTSOMuiAsNb4eQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846987; bh=1gYmIootQvlKrfFGaiqvmtBwlZTjYTr8kjUPTOYP9uD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=dxm0sUpZMGLKXpDTZwgNDqzyJ+o2ide/FukGr84xz3u21yVfqzrEufsB/Wggf2oYG5FIruGgCWvYr/G2nEu3VIeHqVupPU63LLvx8xbV6k5+mLRRU8jA6UlRApiFs3qDHrRvY1D+HA6kmNIVSNb15HOSRNC15F3OH5iC6oqLiaVG8RhMhIva160LU1SvD20otYC29dAd/wpDOU2saVc2VlzsrTs4HhJwR2pUmsczdnMAs/y/fo2QwJDhatDNHxhHd73Fb34peYcZo0+VaXzm1q3Pa8YVC1zneWlV22MAbBAqCR6EWAbPOPjQyYmYnPlpBvw8voydoD4cbIcuTAFPUw== X-YMail-OSG: K0x4vdoVM1nmxAMqsoM_MZWwp7Q80X9kS2A.QpAhS2c8ThxR2gN1tCP1njpOPHA pbaR5PE_sPJb0f80WZlxPO1N5A928UuSETzfqGbT7N_dfNKcreLkNlznessy6SKZdpUfEOM0Zkvp 0dCD.gX9hNhVBIgGul2G8OMvL9IOZyxrkRMV3pSz2DLdRr2m1sLq5LdtSAwfYEsfuKhezekyA6bs gTelLjRrzWwCIuDqcpRyK6J3m_tWTMfTrC2ZiUpvE8ARXmDPEes88Hg7y.FN75yUjqsZTNz9BZIQ I8HwTCq7xQx.rhhelqwch3bv_Iba1T9g7BHiG.ixsu9BgOK_DOy0GU7P2IDOb7G4lZAQjcjbr2x. mroutl8W4JJvGDsc3M4rXjgjj0Iw10kFSWrstr3Vev1UNeYRhpDnBvYxs89hDyq8N92j7QnQ5hQZ cUUVUGWh02qu5krCjp9ZXBAdPAEBeJC5VPzT671KkPQaDHwam8BLrvUpGSVVlZK0cShULx7duwxf m_c.ZzCaVl_GzeneAyeQ25l1vOvWbIBQAEYtF2_cE0O9BXVq1Olt8wBWOdIAJ0FO_CuROc8TVdn9 9.Ma0DdEztyAAC453Z7L753pdEFivLbPgi.3ri8cHYiKyTPQcJqEliXiH9hdGGq7.0Oj3Z9yTmlr Ob23Fk.KECmfvJaWBNBqAoeyKggp0oot2LKFPnXjyr4it_Bbq1hy6fdcC22IPnLENELwlv7v8nVi PPLhHcCFm3rus41ep5ndR._nYlTomS6dm1ORc_6elyHLc3D.8uhjlYPmpji7z8XNZyzYZg7ZNDAP NsWLLaMB8H8vhAP7LeCixKPPnDxRqB25DJhvlyAXz0.hQytn9L4JbYy3.cgkNTGY6vSId37eWgIn HsfcVg0EKc3TdBbxdPljEzbNV5jtfngzNlhd.OvRrDRVAOoeypaXUF5iHBB6SKg2dEfxPb4Uizoj aIKckCtcBDLRPsgFyil2CqBH3J8oIpXfEMa5ZFo9Hlitk_18ECbHXcNuPrvkoeuewlLgla03EThT mwMdXQ5E_T0S6x.S_9yiejrG2oQaqrj0LK_IGDE6KdAP8rhM_OgUE9nyFEgjNR28D1943MrEljZY A5nHaCRJqOV_VWxHBHPkgshoy9UEDmCFbzbd0ShX9dyv64ZN.WZ1k.X08zN7tz32dPWItT5ON9u. Joal2ISxHkuaGj2OsqD9m.Oth.o2CGh6wVHk.MD1xlJxTs_jBgQ3bO15lC71jjLZ1bXKZL6boyz2 BWEpkF5PJHnF8meMZaKgPwlWcmjoGKWyzIBSoRW9S_FByES6rktJX6sDD0dqrF1oSEeJR13zlC4e 8U0YwBfdcqAs8X6svbjqXM5G583juw_BDA2q8fcWNL_B5dUYkFz15eIxKFvzuX_UBlBKFGLZQ.A1 1Qd.45nWom.QMZQC51QbBXYkd.M07IOERg.aRa.i.DyzZJmmvq8Z5SmlafXbRqulsoMtmeqOjF0O uRFI6L8CjGejeHDMrtH_o0.RXSfyfZkt.273AuYfV2LvLUQ.gHr5ld79n_csyt9.RhGjPmwSIjJo W1Y6NecY48megZ3J8n.5BVBqGKJWEHCqDXGJdzk6w_nTaqsmIpzgMaX9tgoF2Yr1nSSFXbgwBzwC L94dyKU5h3.JrC.R6EUU.HT4_8.d3wsYLadvcysJ0NlcHtG5outZrInhe0WtkYZ8QqlUhEPY16Gc sx5tnkIg4Bgvw9znc6SA4foiAAoOilTn0SGiTa4RqZ3QaqKLlU_Ytv_Uisx.oMH2WTNeH5hfongP BF8TTkjtRk6Irefy9_X6rnYxCE9JmQNvt2cLDgr7PJRsxTfsI1JG9JW6_sypGdVLBIPTKWi9NiYw SmQxi_1zc853hbW_.55wLCb._MP0q5ucARVy9AdKyskwjYs65fqECjDKf_e3A9HzgKUxxhryEV9S SyGr2.HBLcB5r2iQ3XaWy7YFxstaC7x.0oz9Nuzeg.bJ21nTYV1oGIL5wiUtkCyQl.fjtzQZk_6a RxH_i6QBW2TUAQ9IX3kX6iW3NbBhZhFGTR14HGivfUsBc0pZGH95Jq83iWuV_up9o9XD12IjqdJ6 uRpbGPfKpTFQBFFxC4if.CCusErWG8.Uh1LA0ZxXkmXem.cpXiNop.6MFuqOZGiHJ9Nv_X_nDduI WXWxdqRwj0Qb1.SDFLfEsn7e9OjxdmKBw8d9DZlJ6CcX27GPtVxjqI6n7ym7BB1Wsnq9OTBGSem2 pfFKRbQNMlH89si0R0Q_GY5PHvA36lWF5OKmHN46UD.ynqu6XeBG5ItKDzXGEIWIFjTrxMaMn4ah I.Xos4rxkAOvuJwz3b1FCFyNyRHIuznRGkQGLmxdo X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:09:47 +0000 Received: by kubenode505.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 28a27c86ccbb500b546c10802b3cfdf8; Thu, 03 Feb 2022 00:09:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v32 14/28] LSM: Specify which LSM to display Date: Wed, 2 Feb 2022 15:53:09 -0800 Message-Id: <20220202235323.23929-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/security.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 166 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 3 +- security/smack/smack_lsm.c | 7 + 10 files changed, 257 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..0f60005c235c --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index d654ce7150fd..e0d41adb38ba 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2828,6 +2828,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/security.h b/include/linux/security.h index 821e6011c8fe..735e39fa510d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -219,6 +219,23 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1e53fea61335..29181bc8c693 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -621,6 +621,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -632,6 +651,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index 27154c39d109..0bca482166d8 100644 --- a/security/security.c +++ b/security/security.c @@ -78,7 +78,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -672,6 +681,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -680,6 +691,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1739,14 +1759,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2178,23 +2210,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2214,15 +2333,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2233,16 +2352,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2250,7 +2368,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2391,8 +2516,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d67bcd1aeaf5..3469ffe195e6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6405,6 +6405,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETINTERFACE_LSM, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 35aac62a662e..79b480983bdc 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,8 @@ struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setinterface_lsm", + NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ff832d47479f..3c1cf65cac87 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3516,6 +3516,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Wed Feb 2 23:53:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733609 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D999FC4332F for ; Thu, 3 Feb 2022 00:11:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348308AbiBCAK7 (ORCPT ); Wed, 2 Feb 2022 19:10:59 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:42705 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348325AbiBCAK5 (ORCPT ); Wed, 2 Feb 2022 19:10:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847057; bh=mZMEsUkrlJXRzk7x6lnvfNevhq4wBixRboHMZWPFLrs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=n+GCuyFrJGUSgZHDsjrLtIUDQHyVT3GPM3jhdFWSs6tBZROOJVoYObKHGskumdw4pKJ1PAFUadFbXz/t5nKeNkW5EeTrKVdxj5ysB5UIHK9BrzS2UA6YlPDzs3wh6zztuIAoia6V1/RPfjjwT0KCP5/wDAPjV/c1s6Rk5NzNMwfVWR4dbrlH25tCwOPTkUIs4wivfE6U9ctheZm/s9KAAkfReix/45oNsFNEyK1Dx01pnPYvsO+40ppmtL6Td4mqRkxXolHfmRHSzxXl/LR2SwcEAAjt63odZdYARspz2VX5vd8HwjnsqU0Nd3uMtz3rELwbs/oXAO+b+972jpkUQw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847057; bh=pX1IS5QBDaLFRT2SXTeyQOk3WyRB1Wu+TSbh1TqthBd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=N53cQluOCEJ9DJdsYOt8p38F9fGB+gle8uuyvPQbZVtx89IbwaMt4a8i2npOlldQK4A21XKiYy8upYWi1Yy0v5/S5Q9km7vnrs3aRsz4si68b6eZ4R9d0wKcqwvur5B8qDz1ni3trHnbINsFRTWvFMiyRdzuEPgcafnq9Wfv4Jr2lJFi74W7LIv3UNJ8MtAsDzWw1wFfqf/KRXsu3YJfttgeoR4M8SisQKLBwBmTCRWaCpry5h4ykrmmQNHcRzRLK7K0Pk0Os03HGF8A0u1SDV4zvpJbhrIFAzjqD7jLECsBGb6w+nlkGCCuE7Glrk6Lk+aNdXO9qLQgwoocDqW01Q== X-YMail-OSG: _zlGISMVM1nJl5L_qz1SRT_kdOvAfqBNO4TWC_6BwLU6qX2dh9hpTEExP0wyJgg o8kePWwXyN5mLO3slTG8yFTEJ4Z6sjxj1LkBnDGuI2ZGhl68Czxbekb8PmpiumX.e2h907.iwh4t SR3oUGh6HBC1uc7jxRjXfLS2RrJmfqgnHwecEnmAVPpUDtnE8pTvZfT7nagqujjPNZdv3NSHHTd7 uqMRzh7rAQmk47ZedGbBtBzBccRpamwG86xFxWxqwpkUbxhUtmwaqTFUOMYfCuRCDAcrSdd7m5ye mSJn5vcvebIi4Hz9RSiXebu381_aMARQRwFvVnMPTkdVdQgUZ3ztYs2QqXYwoENBRyuLdRaPt0_y KWt80nPkoAfeHsaOp_mwR7kP_86ipLs1syL3SwFojkBjFCKDlZ28GBuNTJSPL4hc_4OcuS5QLcNt 9F_sLSPYVqZIuwSj7MvLz3Kxrl3ck8QGvRq4t2xaQXcLvwKH7_YadyVEuXQbBzvt6MpDIu18l0_n acVn0Nl6Hr.rZdQCFXPUh4cC0KBP3Ys7ju8K.bv9tzdrutTcLyNFSwCIEB4i.gAVjXgdbXQ2h2MM lhnppHRl.u00towDyi_e0FKF5HM6Sh3rMOHBiJOuwuPRANvS_t7K2QP_z1yDHwuDyYAuZeXWkhe3 wXDSpq2mFrlIpYudgAOtHGblB9ygQsPAInvUBteo318ow6.yBxyQpYWg0DdgcnXjgSVRlMT9jnhK zIwi4X0R8mm5aiYOv6JqZ6jCk8KGQ_EQq4JPidNTslG5UK4Xah7Eis9B_b9cCu3x8By4uG9ioBXm FQhqs4QrhZfTjvoLbOj2lcJinqVhUB0cWPCT71dDA1.U.0ddCOegUGUBeyYa9Lgvv9SPeqorqsv6 K3hu_008cwugqPhvsNLp5SDG92_wykDQNZO0zqKfzJrd0ELH7qHtveULrPaMcwDeiEp4nzSpBmml RSLhP.VJuvtAITDcyqA_sPGma7MSZqw5ZwlGEKOQ0abJKzuelPaHoYA6wW8GHvCGpSCMP1VpQtEc osUIvAapViFV6.CS3Qt5ALgwIsdlqo8cmYdt2cDtKJzD5caOEimHs7JziISeaz4qN3nnfWGdfIR2 EE2ABscOPusWPx7UAm63wJreje5_wCKA2.qiTxsLoFYSi5TgpsVj6KZRv.AE6dfhWhzCNYUq65.K waUfM9ENSKwg5k2sU6cEsxtBScFH2.dVO9Q7sR09JIF7FcXrzHVeohgH90Bf5giGCfQ6Nd7R7anM iMOWmABcytBkZXsTcQOa8IBh6hDO_O.hhcG0SXM6VrcC6zVSLXRIKu6ij5J9Ht_QBXl_w.mcziCa Pb.MrAaYb4.lsYKlmz5ulkg80.QB7rNtcS7XFxeVzZCXvlOT4Z5DfcOreFQxygr0Q.GzpudyH08v AtCaeCeWLnzpm.QwfUwpRVm_tyvanU43qtO3Yfmr0jJkm3IWMIJVnfZ.9HcP3FNMNltVJAdNAQbN 5m9dlmspuZVLrom7l7WB5bsXzXVh8flCJY03mf3Ht3UxGysn7yW4.WiinZQ72QQjpH5JbTF1AtNA wdAJMMfSaaguD7.VNI.tsK5ISdppNHspCq4ujclFsDdWsov9JRT_2P1.DQ7G.wlreC6xTs2XtQ_I OA1FT1Dnk9i1L.Se6cBPIu.pOJ6EH3oPfNPbXLB7HzBPDiSJp5BwGZZwzGXP1Y.4.KVIuhs83NMG AaXq4iYSE7FexePxwK6HPIxgZqYcFtHNW5wh_IYYizh4hCqxkVnlqWeL59MincgWvBDldOtmMK2I fEWxatlAxzR3CB3uh20jtA2XZ_lSWEU10GUafxofqIhPLvPFSEb13jQkHUOAWMvnyIl_zbAaJtSX myRB9P00EL_Fw8lVxDUX02cNBiefsPQWVcyD6FkHiEsPdPuMqHsyCHrf.pqBHF2mQGkMnh2JbNIN GQi.20avyg5NyOG3Zlo9EjX..HoiCD3K.uQfL2h1AWR.55Zomraaj35iufippTkQXeq284VGRllx PnhgRLfFwbBgfn10vLh9PDcUXXznLwUP0bjW4K1yyEI1qrXaLflGyVmtWdIe8Kuewi2rXVuCepnM GeO6qeuF8oxm7UfhqDgA7RXk.vyNsIcHdhh4ZQYOLJds0D9aj1LYdr.j3r21CxnbMMxKkw1emEdu q8ldhVYNDMwO.NDicXRq.RZrXm5iq_q90jiS3.n2YuGLITUByLua9ulH7AYm8TMoYUqgELfSbsx4 4HMPacyA39TmjBFjqhd6PYu_8nk23cPa15kvXdAr8wAaclm7L0GDm4hPAo4h8offcu0zCy03ZSqw H.g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:10:57 +0000 Received: by kubenode522.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8eaff6bcc33e24a4673fc3a34be90183; Thu, 03 Feb 2022 00:10:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v32 15/28] LSM: Ensure the correct LSM context releaser Date: Wed, 2 Feb 2022 15:53:10 -0800 Message-Id: <20220202235323.23929-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 26838061defb..2125b4b795da 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2725,6 +2725,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3033,7 +3034,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3433,8 +3435,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index fcf7dfdecf96..df2b3bf46364 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1374,12 +1374,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index b18f31b2c9e7..c6237b5ddd93 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 899de438e529..fedc4b0292d6 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3331,8 +3332,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 735e39fa510d..72da145c1aad 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -135,6 +135,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -568,7 +599,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1431,7 +1462,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index c7cd039e258b..5aa2ee06c9e4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,6 +1190,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1447,15 +1448,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2147,6 +2151,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2161,7 +2166,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c4c3666576c3..1626d8aabe83 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1351,6 +1353,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1385,7 +1388,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1542,6 +1546,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1550,7 +1555,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 073510c94b56..212e12b53adb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index bba3a66f5636..3b6ba86783f6 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a9f7c9418ad3..d986bae1587b 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -627,8 +628,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -636,8 +639,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index c86df6ead742..a8e9ee202245 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 0bca482166d8..163cf0ae2429 100644 --- a/security/security.c +++ b/security/security.c @@ -2366,16 +2366,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Wed Feb 2 23:53:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733610 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FB01C433F5 for ; Thu, 3 Feb 2022 00:12:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348339AbiBCAMD (ORCPT ); Wed, 2 Feb 2022 19:12:03 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:39843 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348337AbiBCAMD (ORCPT ); Wed, 2 Feb 2022 19:12:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847122; bh=Vcz3MlyheMLYNtks1bZep/m6+6iAU6tvsg3u01qbx3A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fEAqM6OeJhr/JRqnBy2oT3mxfJ9x+b8TiNhuMvHIVGK+7H8a12T10hy8AiYwIRQuT5Rhkcli5D6AOxiYoUd3pDfsMTFUMjZ4wWTM2E7KGhnzOxxHMRIT8SxA0m1Nd0Pk2DnlitytZULJhu5WRxWvNLYIW5SllSIjyRnO4QCbJ3rdqIACq5mWeHKdl4TuNSUBa5+FZ8H2DNKp3NdJVwzimkm/FQCHXiEW4eRMH8zlIUGCQ1hEcZccOlMd/SDYtvKiEiYA10m9mKSj42oF/hmMtODMHuCq8Sg6wSayqfeOzVxJoE9zV3N0OnYqDXN4vJ1EvolNWr1qrEWaCPGeBiy+aw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847122; bh=l1gqNJv+YoSrfGWfCp6/rMi0udAae4R0YlLjOCNO3Cd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=d+1QWKJKiJwH+Hd2RjsahJaas93aa0AxosvWbr+QofXSoWfxaqetLkX7vMS8rjUmo91iSHF2Vzy4K92FUD+IC7R25joY5cuWmEa6yAZf7D5rsa6pEMRwOFUHnrT0JqhCEhObxXIISzUuDNjjj2bLmbHyAvB3QOdD9UOpUyXxBRf1DOIPVdH0/9qPhsdM5oNOB2fXT/ENgqL3s109dXuoFvDM+qcY007RmmKTNf5ltHNeHn6970vaOfNKWr2u8fegLMoA6tVRpMQc47uDaqGlWAhKFi34SD9eke2fybogE6DN38TD6ckpbsHG7S+m1fq8M6hCWptJRbhqHRLSSUML2g== X-YMail-OSG: ANiogCwVM1mn.v8mw_eCayAF0KHqCsjjQ5DDVwrzO_hwnj_GSsQKHDVjpEAz5AE ZeptoDBfgs4By7K455F6_sCVPrhXRLV3ZdGcJb9nIn7oXvVeX8rIjuoFX44M_xhR453_z3uE5EWp nq5UD8ayUAC1dku74kpaJ9Cfp5yIfURu7m3XsFpjh8aTIrbndeQIjX0S5EK7D._T.2oGWOYNTJcq dcMckxI2zqgYh770b_xkWEUctR_c3HPer9yT5kTZoiZZjwOIIol.afAD084WwAgw0ZP1_vHRkxGq 9fZ4SBYslanWeNq9aHJkSG8bMdigfKuKzP.t0HZg7FSIHlwFrMNrDuUe4Mq_svnhjfaduKcCKxt_ 6B_F3hc1suRdN_ns9GnBQfmcyLVU8jiYPFSZ2Cd7q_Mr0116wHMvDJRh47oxoGn.6b2TvhUSo.O7 fCWsEUL9Jn_Ib.la2x3TaVhd8ZR0KqNFZ0PGw68T5f6PjS.F9JmvwFY72Jtv48r_KYErauhY.rLM XayHm.6j0meP1FdQAsq5mElSx91eUKuY7CiO9cXn3xPnxS2334sxIBuMlh67vZk49HY11JsbivB5 rld7t3Leptg_EwBC94YbvfR8Jmbo..VGe5MDPnYkogXDC66RHdjqs09UHv1bENgnw126Q4mHle70 pjWYHaOeQ3L_RUDWyQcpFmxUGkcEOkx6YK_77V7Jo7ICCN6fbHsw9uCVr6z3.5MMhmmeUT2CvsHi 3uAviqx6tt1A3u4qHdkNYEc0QpQIqM5IfJJoWNTF7Twe1c5JkZ0BzIWeAdPsM_3MC5q0x_ufJ6s0 iQjZVML90IJfcDcRk6SDBPh3QxfpO7b_8KIoZdA4HEKQrHyH0HHLGdFsaivCxTNcwG3xUz0z5IVZ u_CsVLroFleMvjsFrHfj2Dl4U12Xl4nj0gVZ_Fl4FMpUqBncd4Mi.z_YK2vr95G82lhIerwM6OvY 62cROJ82miS0le8w0G5tpXZbsQnmfIWcvUWH_VKi5qHsAZ1DylWQJ1YNJs0aNfdXJB02XiS3sdbf KM2HM0CI0ABsRDcgvx6h6g54zY6Z9PVSGXBHWrgErBXyOkYhS2B4_QQBalB7TxF56oyGGr0HhaVY jGdKplXiosuj_9KuEfPpA6KWNUwsV.MOFn2wvKsMadATFVrVEVMpMSc.pQ6__Usi5UnxSa5NdnHb yQiM8qOLNzM9gp07bQ7Fw1.mVOKO52JLidJpGSkRzHN4.PkTyK9fsD5Eq7w9IRiiSwKuyRMCGr4O TVRUYV_IdiCuG3k72ueetrAk3JnMBSnkPM6iWsJELpRRwk.HmV0.xczNslCUyP9vtd7a__u2vPCN G78COo2q8W9JgTKaluF6R1OhLOc1uBJwauzbgVRwxTg7nj5HwkQG.8lGA7kXMSjPQ4uN0GH0pl.W GP.knKskAonsW8AMPGC8mGQDMKg8waUe1jb8KJ.6n2kXmNPa6gEeWueuvUNEww2x2mZKhYcTN9jd jNj2kIV61VbmEzgjihmdBYqyBoyOWeYDZFcIuQqqS6u6c4dS5PHnU4O7LVx0FGr9VpLXgGpdybLN Uj0Jhu9XTalcWMDtAwi5ytS8QlbODdmrhS760BXrBArWaj5XBT.XeaTYP7a5ycPBs3gUMd7uinWN 6Fmkg5VwHDqyEnZ9jUKQYCZwj4IU96.2fSfk8gT81hW.FOnYc393tywcrEanm9xnwl0TRmUkDuZK WwslDtRKsjgeAOfJwe6zy6KhH6c5Tspuhy.PeQixMUkOdn1OZf7Pmt0n80N3lEwgyi5UUIWB3Q0Z hu18wLqJ35pmrkVMLW0ru7ye4oPY.o15u8KR.vIVNki5.5lZeldxplDjOSf.x.dNklJvcuSlivSE gARkRobDIeJa.afq8WSv.irhJV.sCSPPfS1l5ASu51nTo6pH.x_sUv34Suz5Jhw8wtnAa.JJvxTp KnVywwzqGyRVaUQ1WE1VmwBTUZuJJMRh_KRTeJTVPshAADIfzKBAflBdVF0RBda8VAHBJ0r.PnYx HrLUxKs1uB4QZ_YF5c_7gvIR8_WBw4ZZgBQRZZb94vzzh2qrtrRZTmXzLs_kg6mN5jyqeYStLzHr RtQx4ay6jFQyHki9o_LDtYNnymbs4BVEkJFqVI.EBhgP5Go4gjjfQpXC5CMD72sB6y8ne62ToNwO QXgGefaCgG0IhljBikUg920iNDRBAoxGCXqW4eMkI_CQb_zu2Kx1RkCe4EbU.Dgd1HQDsv64u.EF lgrdahAyo1Iyk4QTUiXiPmLTsO1oOqSsQ5Rj5JpEkB1l0yHjboacoCMdQPlOJjD4Ui6MYixmBBOZ 1iQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:12:02 +0000 Received: by kubenode505.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 983446ae350fa35af88aaeb04f10d176; Thu, 03 Feb 2022 00:11:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v32 16/28] LSM: Use lsmcontext in security_secid_to_secctx Date: Wed, 2 Feb 2022 15:53:11 -0800 Message-Id: <20220202235323.23929-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() will now return the length value if the passed lsmcontext pointer is NULL. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 ++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 42 +++++++++++-------------- kernel/auditsc.c | 31 +++++++----------- net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 ++++------- net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 ++- net/netlabel/netlabel_unlabeled.c | 40 +++++++---------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 29 +++++++++++++++-- 12 files changed, 99 insertions(+), 127 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 2125b4b795da..b0b0c132a247 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2723,9 +2723,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -2985,14 +2983,14 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { /* integer overflow of extra_buffers_size */ @@ -3019,24 +3017,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -3080,7 +3076,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3435,10 +3431,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index 72da145c1aad..79554e5adb4c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -596,7 +596,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1450,7 +1450,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index 5aa2ee06c9e4..03824cca058c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1188,9 +1188,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1438,33 +1435,33 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); + sig_data = kmalloc(struct_size(sig_data, ctx, context.len), + GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + memcpy(sig_data->ctx, context.context, context.len); + security_release_secctx(&context); } - audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, - sig_data, struct_size(sig_data, ctx, len)); + audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, + struct_size(sig_data, ctx, context.len)); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2147,17 +2144,15 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) @@ -2165,9 +2160,8 @@ int audit_log_task_context(struct audit_buffer *ab) return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1626d8aabe83..7858da40a767 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,9 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1134,13 +1132,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1353,7 +1350,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1378,17 +1374,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1543,20 +1537,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 70ca4510ea35..ad5be7707bca 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 212e12b53adb..9626e2b0ef12 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,8 +339,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -348,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -357,13 +356,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -656,15 +654,11 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct) static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK - int len, ret; + int len; struct lsmblob blob; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); - if (ret) + len = security_secid_to_secctx(&blob, NULL); + if (len <= 0) return 0; return nla_total_size(0) /* CTA_SECCTX */ diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3b6ba86783f6..36338660df3c 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index d986bae1587b..625cd787ffc1 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index a8e9ee202245..46706889a6f7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 163cf0ae2429..d56fcb794ff4 100644 --- a/security/security.c +++ b/security/security.c @@ -2330,18 +2330,41 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +/** + * security_secid_to_secctx - convert secid to secctx + * @blob: set of secids + * @cp: lsm context into which result is put + * + * Translate secid information into a secctx string. + * Return a negative value on error. + * If cp is NULL return the length of the string. + * Otherwise, return 0. + */ +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + if (cp) + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + if (!cp) { + int len; + int rc; + rc = hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + NULL, &len); + return rc ? rc : len; + } + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Wed Feb 2 23:53:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733611 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FA93C43217 for ; Thu, 3 Feb 2022 00:13:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348376AbiBCANN (ORCPT ); Wed, 2 Feb 2022 19:13:13 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:39854 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348370AbiBCANJ (ORCPT ); Wed, 2 Feb 2022 19:13:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847188; bh=mhX/VBeW0lVGdMxFK2mQQuDfWQxxDoChypEujsb8qRw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=feNXvHdiYkhkplp3/Gw+eQZATI084WCoOfRBoUZEdvZwdPaCMmpXk3ceAge8BdDX4mfppPzltp9bi52jY0TFhwt4cl7rfSNVKzX5egiejx1jMbSGXSYb4QpbiN1ZsK/vibPbhyPYhJfZuN9KHpS+NVISBPT/xNdJ8zu32mwhf91WDJSUcTP2pfd3tcX2BxV8HUvqqUzPbBgAGKbDkAyhdZNouFKlHaIeChOJk4DZpgo0SpQl3b8S3AlIhZ68BCL70qnkTyqDB592hN1iumvvnfg25c5cm+UiuPpZ5f4DNTWpBngCWUpKEpgwVZ1AMYnb1GmNDzkD53SbBSx/q0mTCQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847188; bh=r9SzrBljv72NJrqBADS7VSqK3WhopGtY2ltSCGBMb31=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Za4WC27T69ox4znVlAOM8cKtrbyuN719f8UGrjKZIeXPvVBNWp9DsWsTQEGScsTGaCLErJlU6V9+j3Ph8XxcK2ZOO9Ao8jadu7WcxEsoUS03NIyiglqSp4R5+0S1c4f8aRP2LTkO65iakhlHh7kHmvSToOGG8hpl7bNafYxdWv/OahIFWmwxCEm0pRYrnVDUgj2dzjtH8pKxN5lPrLCgKsif7kfuLLx70YjoSMiP+dNWXk1RlzE0dOp5s2KAcIfYBTywJam2hjd3FuOIfDc3zc1K+sF+9JK7bErjv8teXxf2V/xSfL33x3aw6boF7XYKC4vnofgCUKbwvjqA/f2jaA== X-YMail-OSG: j233Q3IVM1lBunzWVszbLWqiiveKFLN5.xMfOLuOWlGuVTNyuDujHlVU7BCUPF4 I_INXX3Ec1YarRHvfwsz1OLQs8GNG7M.x2HSJM.oDiauU7WmubKBItuNrbmt68ZaMcqsDWObiS12 4kAzb_JC2wxMkW1FKY_fW7uW2gClSWvrBh6Tv.P0Y4sGj6_dJs3ZLEF0X2rK8NIvBCFN_ON1C8LX mIaXywvNVbPUoZuNbCrLvIn0r.m0VjLOUeLejCmW940S1KAmD34fb92qXAMu4M_xKaLbbdIKWMAd KOx9iIdV2yZGDze6LMHmQTJadN5lV8DnHMFCZocK82AhB.7mfOnOycSwx1xsnBE41awk79OpapzQ rOLFmgvtHxLeJN1td2gq62n_quq3wNTln5TmC79H3gRAV6ihT7x4BlXWz0JMX90V4VU.116Tz7Gy cbZAu5ogA.TMH93HJQNmeAVx8dhp201V5RWxUQNCNkzwe.16klKn2ARdZ7NYZb6hwM2G_AiRp269 K6uWYx3.9SZySL2Pkdy5_1IlR0kKjft1llXljqfdLgupsg2eioxeKR1iX4qpp8al9yo.3_Mn.BoE fhpwXay9zqdCv7efQ._diUSMNDSvvGhjr4GTuAXew_7bxwA7jEQCw.HXiV0EsQ6AhivqGh6qu_Ef v_mBocGYwtFh6sCHZGbnWbCE5NnwZRtgKYq_bA8Pcu.3bs00OIx9J1KM3LLN7fulGeSKcTER6aG6 BQPwp0.ZjP79FVM0TIfMANbCcFqM4JJnaBasDxuuUQDdGCq394OmRdrwWbEiAPhiA0SFG6yzRwuz 9w85ZN3G2o.07I0GkqF_Lprp7m0IRTnLFQWtBRRTWyxz2Iqs_yAATtRBknZxN45f4VnBNw3TIcAF n0vZIKu.nIbvjsbVcO7fV2qleKUYCt1fKa37p.UvH_bLp_fiEvSN_q4aTwiA4p2mIx1TCuMSLqH1 Cv2yeZ_UMuPy0ZgHKEYu9_GvUyPjaKzMcYLUAV9tac2uYMQFKNxo9tbwoI0OLL4f3RvhUIOqk7bf 5vxRbCi69s4io2dE6aS2GFAW3I34RignBPTesRsZhWb2KhPurmUZYFACwoMCtP4Bz.9gcNLkYYTe BzZWfY_qXOmazarHAQ3o9vnGVq4Co10qhIlu0fFzhfLzDxmXnE7kG_yYKQh__yNxyaQ9Sso1we6n GgNHRuLKTm.BX7UHeAfF5Ddp39tlX12kgC0q7lSgfrzuWQ6SF9mQY6hqTO.y0df706zQD95z2u56 1RNvppIt0LBlz.YNbKHKCPU0ST6zYk9mHXU8Du5Sju8I0yWaA2dibH5slGmSqy1u1waVOfhpivDR EQHnQ9MLnp2aBIys44zP9giM_dbbw12Y09a564z4dzZBpTZEmSHsCmUdfqJFbXDFs7RSCyrvhadT WnXS4woug.bOf63zyiHeLAjUgh9plIhKJbdihUKgVMy9kZq.h5ppW7uCHnTFjohYBEDnNCDHoLpU Cdzgw2x1FrXdsW_V79iWFH4pCmNUZ8ZbHxcvGgEdPgiei5Mo2pALyuVzeWpbE5bvI.1BGt94MKpY jqhjMiEFDRnb6NVyBsq5OUVQa12e2MsFARcK9zFclwV0aThYj2DKUhyUZ72e2uHjYK6QOfu7jaL9 SkX8HI5AbFrgSToR36V4eKpTh7j7mBc4khtYaTMDbYRXBh_lhNKiFTDMOPOu255S.jt2hmlSbiUz 1EGCJXVzy0C2kghR55j3q6b_IlY_8VZ1r8.4L4Khk0RJE1wulfDz0wTuuSsGtUbQMKgpEm8Nia6g 0I4kB.8WxYV9w8YKDvM8lSQO66JH6icVMDV9FXLQM72iIKe2wYrvLCwqG0enSb7oUKTYwrGH1tqB 0WwQZ.BkovEMctxaMLGszdeSwOcwi.061ymQ67rrCTNla_ESWCaUOeyaZHaTBxcJSXOGRDw8KNut e6BTp5nJ9M86Ng8QS4KGwS_wa.ECbeH7NPjpPKYEXu0VaVxsJk1ImI0I7f.a0jnS5OUtiTFtw6xY n74KFvgHqFlKSONWNPY28n9JSvxh3CC6EidZuIqILD2LLrThV_2Phpxz6Zrn3.1cgocBTXlqUIYY X5LIC2P7PBPM6kmaimpZy6spGhNj8kLsXGbGGtRw6T8A8GY8tqrlhOorlL655Sdqj_BqcjL7Maii dYTpHB9bjjlOOg.esSn3g5baGoOKPK7l2Y09f5snqH9.TvlbLXxzlggTQIZ8mYW963g0KXjcX8.t BfEK2FTGarmwggL95.LXHE3WUEkBdU_gPcGRz0dMTTNrOoItfpUA- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:13:08 +0000 Received: by kubenode539.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b85f0384c0ae4c0e2c35d3e6082c3b09; Thu, 03 Feb 2022 00:13:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-nfs@vger.kernel.org Subject: [PATCH v32 17/28] LSM: Use lsmcontext in security_inode_getsecctx Date: Wed, 2 Feb 2022 15:53:12 -0800 Message-Id: <20220202235323.23929-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: Chuck Lever Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index fedc4b0292d6..4b77e6a13e78 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2713,11 +2713,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2727,13 +2727,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2830,9 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2890,7 +2888,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3310,8 +3308,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3332,10 +3329,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 79554e5adb4c..e2939418789f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -603,7 +603,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1478,7 +1478,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index d56fcb794ff4..c9459c4754f3 100644 --- a/security/security.c +++ b/security/security.c @@ -2421,9 +2421,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Wed Feb 2 23:53:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733619 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16996C433EF for ; Thu, 3 Feb 2022 00:14:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348370AbiBCAOO (ORCPT ); Wed, 2 Feb 2022 19:14:14 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:41399 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348271AbiBCAOO (ORCPT ); Wed, 2 Feb 2022 19:14:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847254; bh=OPmcc6RxdekExVViioUe9rMhP6xIsP6mDCh0RBi/+Qs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=h8ffBTPMoJFah9n8Qm3CDl+XbQlVrT8q5syZItmtyN9hlRKqoT+Ft3pWI7Ip3Tvw29hnjwoe4lnrA3SG3iL7NHNfnFPPhDtzlv4HdA1NilUmRfpyHMkebIFdSS+aTq3dANiyPsWKBHxG5atXI6qpi4w5ofBoLUs45oHfNguS+ttLHzbN8dg4/MMzd5zmvye23HFGf1XuivJdREpa/UMYqzRRp13IXFWoOva6ckrW0847SI6LGR1cG+oFbcPi+GfsL3U7xWEOTgYhj2TChFAbtceTgzfjldpOt2gOevqf3o1lQL2P5nPbDplORDaHRJrY0iZiXaRN3iW9zMftB2ULvw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847254; bh=JWLmen0v1iaGlr+fMYDNSNw6J81iTVeWtMd+lDm0dp1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TCC7t3uvlVUcJOtc4rr3X2vGyYaihwytEuMAHvyoqj/gboDkj+yPKA1mBYyPhPJ5/VYEV+L6AUu/s4D6nAm93L/guduUYY/Y8KIb+jxznKFsTbSdsb7i3IDnD2LHVeG+8Mtz3+O5sYTXaUBegXW90y7dcdBa/enHCw1y8NFjYVzZJeevwlqS25abvMqJi0IIL7BykJeXLhdlyNzpkKor42wdR7jD4RLBx7yWKQlBNO94cfUaxdAF+gxBulin/ZA/PXarTxwboUVWNqL+PRRNtPjzFH6bQA8dAC2tbVZ3e4fO0fYVn/PyLnSff69vLRwVKMJcU4doA8fZ3zO8rRoZIg== X-YMail-OSG: qosHQDwVM1nikMe.7SO6m5ncuiKLq9iyb4U_sxQnVywwIUTg9s9QO9r3LUQnwH7 aDGbdAHz4USz5O3roJ_uy.70DLhLLasHmaUz1C9bxDRhKVaFFzvV4Bw0.X3EbmPoRrrSQ.r1vAW6 aj3c9sejtoK0KfvByyqMomQOwAe23XzYZ74UuCfAEKXKgmwiQIdcNRNQACblPX7x5CwNMqsJBA73 idy4M9MMLHdPoWcxgvAqGZ2pDjonrN9WR7rOsqXyzO_HNI4xCZJ72sk7MoslCwAk3.D6b52MzTEs jnmnhBT.gxBVeEd.GsZu2fHzNUlIQUGxKUDKlzO29wbsvvDht.TMW9qf9qPnalWcMIyOQo1CDTdN P9M4qcJ8fR7XTk1kGYAYF2GrYZ3MMrxp7NLuse44J1tJLJTSYQLnFtrsi4V_IVqnabbqcXWIQCaM JtU_K8xxALIfnhZrWutIX7TSzBVtxkchRq98MlLj_N0GCxHbFLtVWfOBGqxnUCxU4UQ0o0rcTHmg Mhgy501Vc5QaigA68jNaeZBGgqpz9QXPWSeniiuGAm62bmD2RCvDKp78Wn8PRCxxNqz9HJWFk.Zs 5wBMxubGu4nOJ6AQCFIXaEbxZ_wk3MQ2ewW6uJdd3uv_OxHPiyJNtkbkX4MxhVqQeZ8SBea94yIs THXQfS.9zWNF4l4KUME2SYQm.8h9boHyZpZj5tZlRCVV8Ya3MQbRLHC.Jg9p593WgvekFTw0BTx0 rj4SPrXqvdyWHaUC3u.Lrm.kV0pU7wPnPuIzIKhV03wEaFfn59Evxe0DgD98eQcoFPssBpChP.M5 Ne9uQzSN31l5gNEWO4LNF8D73gDst_31l0QbMf.gwOI89Qjv1Y4Gf2SWfvul7sMD8dsWfMWH53R9 3pm50utRysavJ6S8ZWFRXOVGW9aTeWjrv_X5xEEfR_F4X_NXKOfHoPsAtgJWPapNqwFViAJdf_rw WEF09weCRWjDj3OTYx87Q3a6tXYMtd8VEdQTDnZCs4CXGQh6cVTtj9VOGzLsLxZD.gRmYfQAf1qO KvTdvDeV3QEDKW7cL3pfKrrHSXh4xb8oWg2wOWDvEjlD3UdrRxH7elcXL8REq9_N8mCFKZOjd8nv 8MGsA4ghmnbnSCHRhyZRHi8mYw14jF_Eir9BgOVgcRE1wBKuQuveXIuT0dgH_GmnP3cO5uOuztIT HCS9fpzVtnqmtTvt1wn5e8zS3XnPdzULFujL2nzR0CQsNgHPNaABtXdXgJfcOLy3ni4.Cf21TbQJ xPrVCbwwtzVJUTD1rQQiH6nWrGGasRSgIa5tYAVyVbTfQqoh_2QsLTlo9YkWaA3HoRNKvU5MXiSO ADkH24wZGcOX7viG03JDrTis7pDdEgu9FzvjeN28JhVI8pPDUioZvJaskPYHldO9hKXiDulyl_xO akvApLx4UHSKdMNItUZ0eb6AuQdy1_P51Vhi4NrbVxVDpPOB8tPYj8QlVVYj_UuvAL0.GvYmVXEl xg86A2nGc65alT04BURVI_2GOAsP_paM1eseUXDJ_031GA2WvhGNQrouCkokXDcXDharTG2RAD6n C_LrCmW.Z68HmrReEh0VXi6t0kaBZ66TlMIie2IPjFwD0rTnXG5brd0MzTKuScGWj63sKoPQr8Gm y2mByFfB7LbIaBL2P5unH1g_OsjGqRavwaOqZzyGszPZ7YpqWH9QGsZjuHR8NbysW6KmPiW6iqi1 0i0Xu4VbXj2RH4yPZMWpKyNZFaFgFjDHnIQ.41bx4SLIfIzZiTsi.BQ_zpjN5foA6d_6dPhUgRhZ Wew1p0VxwfFya9iEIe.WRkAo47_6Znv16DP4M8hzPn.8ZD9C4e0akt1GMfBN2jeuQmzNymeYMNqd 4Io_BFeMWO7WOrOeJpBSradF95J1mJSLcc2n6H69BLZSF3JISMrp5yVGvABje03JqAiAJU5nKUYN b_Zl5bWQbiD5x6MCYpchmMWw8_MWxuxkci57hCAp0NpcOCUHZeTNJNJfdGRTwdikrk87ighHz.cq CSvkIiJpZpjbd4DBqXBlXuB7UnYEHC_x37MivQeybXPyPHaHAJnN2g8eYJn8VVH0pbWScSH5.hGd 50bmm5C3xfHVIc0imJnIp.CWnbCSVoLQKvnl6X_za3X.vIpnZy8xNX8Vr4jh2goZJpbzwQi7piW_ SXnWWYhJijl4F3_pMZcic4ryk9br8S3aTFqJIczvrs2IdAQE_4BAJcXdqAOdJ6lbMSnST3a7.yaw fDu2NUvV4wpcInIPCuC.3zdp7bOmJRSMdbU3Ur.NOT_ygqsWZH2RwobwBSLj3aw1bWXPYZVQhPrK d X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:14:14 +0000 Received: by kubenode514.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a29bd64dc2f4fffffe40b3652cb32a1f; Thu, 03 Feb 2022 00:14:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v32 18/28] LSM: security_secid_to_secctx in netlink netfilter Date: Wed, 2 Feb 2022 15:53:13 -0800 Message-Id: <20220202235323.23929-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 625cd787ffc1..2aff40578045 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -397,12 +393,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; size = nlmsg_total_size(sizeof(struct nfgenmsg)) + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr)) @@ -470,9 +464,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -603,7 +597,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -631,10 +626,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -642,10 +635,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Wed Feb 2 23:53:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733620 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37D25C433FE for ; Thu, 3 Feb 2022 00:15:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348427AbiBCAPU (ORCPT ); Wed, 2 Feb 2022 19:15:20 -0500 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:46654 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348419AbiBCAPU (ORCPT ); Wed, 2 Feb 2022 19:15:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847319; bh=qvgUu0vofJzjZUietoxZexLdMa3YX3sit8IIoQiY16Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=V3K0bapdXwsfo/RN1ur8kIHJnRmEU1HkpNWgLljIPhC4i6vwleycSI8iF2S+bie67Co6N4JSS9rdEd1R5EoJayKYwOlXFYZzhraRzUNXqUjalTpsgr46KOo7TuY9pty0MmH7y6Ygz3d9RDJH+riVmi84e3QdVUvq61ObSjmb0cSvxmIdr7XSh8KRw/Cb8d5VtIJ59EyLaG2L4r5xqq1CqLpG6VLR4HwnYV8f5mLZ7UdKAD7pY6lq1O/c+sy0NTVHNbgv9GE2r6De561Z6CnBVNBzQuJXErNHlxulAM3nJUbpk4q6c2S/VE8UXjNDeb+Z5ZY8rxeEBzni0VSzJsHU/Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847319; bh=RDi9+Mu2CoZl801wDGOiIeOmLCpJM9QuxRIVIige4qS=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=njlrYqHguX9zFNsZWyHe3nMCP70Y/0h1R/JrdOuEp75JUXrhMgtWbAc/+uBQoWZkqhOp9LrQdlDuO2tgZ9DGXx3PbByKxjBHaBHmPAE87U7rIuYTYnw6ySiNisnVP+2BbSH/34rZuBtiFMFEvSu8u+FKdWo7XH/BoYhtWkSXvCYevFuZbmbN7dkE9zB4w9gW9yFHKjbwB4m2c07mBbANSn02dp1RaVw/+cHLLMtmF9JQyMBTPLF07Xg9SXute/J1Pz41zyw1khev1VPwdtuMcvwpchk9cXTTibytHm85AFUA1DfnBPusaaclnDpRs7bLeUtq0F9W6P0Ay5g9uMq76Q== X-YMail-OSG: DLkA9gcVM1klntvvI0IPfylZh6x6pCq2aa7orfhX14HCjDsaEsuSXLj2sZ9Fp0J H9kiPB5nkSE3HPj_vVEnKSvqPuScpUsSDur8SHfVsExIGHBk_rr.m60JlWZRH9tLd.5TYuew2M.s cI.aNixBRphhvy8npaK6pTvn2dfiVL6LlwnKbw_HKyhNb5LjCamX6i7jUR33RZw0N64MI40VlloE 7_XfeCnwM38oeR9omJv0mDH6HU2Xuv0OGoxSr_fL2RCTbaX77KMqCBz25X_68NITHluLnR06I08w GpRwVqLq6IxwOronursgzVaEjmSxlejw4yRAtirXMnKJF5uVEYwxkdRK.YVsQd65rdr8zI4lPZCx kbn_scDs78xSl9XQxRn1CiY1oemzbkChuhaObRnxplCIzpNopzR3SISt8v8WaNb4HFliZSWnwG7A tcj7DheZPxLoRxJJVnUNfmJXt2Xgr5GT8oG8MJtlfp39jV8v_Zeoi9dzYovH0VsfRjG2RrPbqYxe thdhDFp.8xko18Bmik3D1qtIWOBycCilh9KHPOWvku5iBXAL7hyj7avTNOr8wjB7rbxeSPF.saYG IphGU5bh7oZocFjOoaldMZ2ToQr5X9m2veWgHBach0AECKriO7.xeyJ6jutGLhR8Xg2yhF3re2Yd VAU_Sh02FAO6ykkoEYTA07Nu2Cax5TseOjwZyMsZeMDZ6gxs4GsA0cpHlQenHGgK.1cmOygkJcug Uf7LnC2ghMBmJxiDKKzYgkSsp5xwxJUpB2pGiUSbvPSG6LT.bmedzuMU_r7fAzNOkZTVTeMBE2kI tUbWwbqmEHjOG2kVFKl9lZOZPGcAK63KKQ9tay4xc1iA4ntaFBdpcRJHbx.C3l0oukG8icP1kxNL 5TGMyb3_P8gH5Iij0hirisJ9Nk0igABf747Mhg.1RDppxW9HB3YD3_LktCA19y_TScodr6n_Ye0P odyjo6A0d8tm8m5HcqdnwIciB8ysjaUFBAYZ5h9D7tHsvGUexEYCvhAo5fpti9XJ6TmNQS9zrJtw IAiBkys4gk1df6zdAc9SKndsJzvgB9vsRzuo3p87pkTMoDv_SiQytMfDfQPBFk1AbV.xRYFvxi1U 8nuRrkhkFNUKizeWvYlJlxSlU83C5zs2Q5Ap35GQlmxUuHhX28xPsaPrL4BiEm6uvDRi2svvXxpl .5ubh1nGRyOCb4OlLxCNh.kzrSoXeUY_.Gd.mdsmU1xD6XLrzdYj0eS_AusIpFn0oITYr3NNNFlV msKwtOFf1vpjQX7Fptb5eiz7uDqYT2lwSYSWd66hYiGHtWOdlByaUV0muTJajEVepLY7sfaS7nXp e4XmQz6LZx0ir2DrsvKW4IfgLt.QeHyocfX89fAnMvyTTB2dRYhbhNsTzNy90xGCjeWWHJZrTyN_ QKY0PPFnC3way3TxbEngurV4PFdUSTmJqhhQad_nA0gcYtERC1YdaCVPP7M0lkZ_rsp_DnXNIc1n b3FRGrL6Eui6Nqh8yYcbV8RyjO.Cl1g1QWrZWBtOtb66GFMaA42HywM0Fk7eMMlceIjQd.c5o5Gb qRmF.0nopnbEreBj.djUbDFggrAW.sUEnv5PwWPKOuuatICc0gck_rPKGeOJfAVkO9vXWX89fvgN s6DladdlUyqOCEMx2wpL8mXqhkgwtZdfPc3sAORFuYumheDHbzYmP2s81clbNmiqGjfX5Sb2vnkp U1hHdcgJd_YTjPZNrAe0r5lG_N0XbAGp8oIrtWflCD_ZwccMXFto6Z7Ep_nhE37tQ4Tw6etLcC.Z X48hEM2s1MV2JQK4gAHbZP6oRwDQiGlNB30Iqtr_2nmx9MOBGIH2k80M1SoELTyEmEL7jO3573a1 rPvNqTBIdINGG55TqLXYnmb_Rp8cX9JvrxRQMgXoOAv4i6EnRWrglU.1psKW_EV01xKQI1hRkuXa RTLU8Ai4p4L2kSc2h7HBGJChyQNUryE6oT8G4E_4XWJdpVfXjrqORz1nSv5iEzKmhk5m.yfyWsfb g_tjt70QEJF.YVx1vURgQDcKbHZRb.0z5lfynYEI_2jB1jKHdKOFhUGAzA0GxO7H5lRV_HMC6_tz gxjx2qPTi2ZTmH_RFcyWCA52I96qk69TQPjzhQme5qxXPKkGOtgkLCdXyiAwuVgJDhhZ_yyvnn9K QBZ5fNr5xEf_PHkvKCvHTzJHhsE1HO.0R.c88.lpcEdLKcDmHaAvmoyf.GdAe7KRdnyCn7FKxJnF v.bit2vROaanBtuy5kHpuVvIEOXo6yx6d1S35.VEmYiioXdpwhfk. X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:15:19 +0000 Received: by kubenode518.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0d0bcbdd7bfb25bb2a79335f410dc581; Thu, 03 Feb 2022 00:15:17 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , netdev@vger.kernel.org Subject: [PATCH v32 19/28] NET: Store LSM netlabel data in a lsmblob Date: Wed, 2 Feb 2022 15:53:14 -0800 Message-Id: <20220202235323.23929-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 62d5f99760aa..bb9c900da6b0 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1460,7 +1462,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1480,7 +1486,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index beb0e573266d..158bab993e32 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 46706889a6f7..3aab71ba3841 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -496,13 +490,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -543,7 +532,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -561,13 +549,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -921,14 +904,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -975,11 +952,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1091,8 +1065,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1130,7 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1144,14 +1117,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1510,7 +1479,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1523,7 +1492,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3469ffe195e6..7b9cb4d263c0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7020,7 +7020,7 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ac0ece01305a..9f856f2cd277 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -73,6 +73,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 800ab4b4239e..0b8f99703462 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -109,7 +109,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8e92af7dd284..23a45c9dcf04 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3899,7 +3899,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3977,7 +3977,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index ef9d0b7b1954..ac79313ea95d 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled __initdata; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index d2186e2757be..c6dcafe18912 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -524,7 +524,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3c1cf65cac87..46d81f638a2b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3728,11 +3728,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4751,7 +4752,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 658eab05599e..13c2fa728054 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1143,6 +1143,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1274,10 +1275,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Wed Feb 2 23:53:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733621 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 579EFC433EF for ; Thu, 3 Feb 2022 00:16:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348417AbiBCAQ3 (ORCPT ); Wed, 2 Feb 2022 19:16:29 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:33002 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235933AbiBCAQ2 (ORCPT ); Wed, 2 Feb 2022 19:16:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847388; bh=H/2k79voQ0fOdYkvuAiOfOHnDBkNBUmiw2X8r7f2tmM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=BuASOe5Q6xNYNiBo0rlTsSrNMP1P3XnLAKuM/y3yQhGchdwdP9XjTJuQ29EegOFaYxIx731gf1fWswflSskhQy7uFMz3EyZjtQ6/O5bX7Ura2dUvAOvFhlHZC5uaaa6cxun9Nsi8QUcWNNggI93tBpcL1IAMlCa3v4hfgpiY346K6qVdoSIxZkZUFCnjMrNcDF6hDCsKrby3+iSWZRADZl8V6fBdlKbhHy2f+EvAt0A1Aixh9zUZwr+VHPyX5YDnHPc16iSMgGlmonmNijLbQzEboXIDMTMtBNM8XIaBcMCMX7f4QOHzjmSrurp84p1zcslQtNgVGoFkve6pk/Iwzg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847388; bh=5MY5MQXDiueBgfxdftDD0r6AjIp6gx/YwREeTEjUXvW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ceQ879kMHEVSsl/0yMgrXl8ol50lw+A6epsB5OCb/TmayP9Yc954vEtHTJOg/tWIW7g/0cISjeeDkM+pnJbJK2/4+0hnYiSOT8y7aPbzVmz6/38k7F+nQ58RvOW8+mbWpAXkUZNwU1SdvJFmZvwKVa/Uv4rc6Cm5rAGpe0zUsH4apv6+gCWGVKJc7AvbwCqXNqzNSJDhL9UZENUcC06rJjHFfXDUwkxe7y6EGyVMOJ9YUDHhXyXUuwviYJsDq2/G2HtBE8gWXu2jeSCwV7RyNteiP4eEt1yhtfW8Xh/KcXhUT2sNUmw43DY9uV2XwpGyZTsHzzWTk0kq6H0BO0I+og== X-YMail-OSG: QgsbztQVM1n.Fc3mTz0sVyfwDtfXwt4j3MFFo9rYQ.ndv3YPEKybEOZUUd6uKmb vLi55oijFtupnHasS0y53SmwuBwtLu4FHrOvWDnIb8QQHebVEGMlOcQ3rMfRxHx1XuDOVbiXJdLV 3wfDrBj3nWjpp.Fy_QqSipehYPW0iFb_8SXZXZtV341nZeDHtUOYexdQHTKh97RJuN3JDTLaIV4W S53kp9QRhyMZbk990rxuP2ZDfvdtgHhlky5v5491n9Dv4MYCRMp1DGun123EbUhY4XWp6zkrmPca NURZqYq_WHrFT1ilmePECA6g3Mkf3etmnmgER7Fre9enAIE..bvLpmheTVqICzybOaAo9zbKynEj dClimue5Sd9YZk5I2uvPrkeY3SrN2lxNdYJ5pBE3QRVfPxdnES3c4TjOdtatUAKpFU__4G38dNNi yHj0ndi1eZDDTAUuu3pttcibDCCkd3GhCeFOhzM0QzqcBzEF0.5XjVZHSArzcemmbWzJjuJpKqFI pRxjXzc3EF6BugF91JlxeswQfY1LV.nDMQaDeudZbcGahszsBOQ8L82ufLR4cePYxHyqjTqufsRS EBPlqfEJiQaFftuC1Tx1qeksvzFMBB6au5Bb2kym1aI6DjLtAxoXaP7SLF2vRx3JUpF7Pmq.i8lU 9pRJYHG_O3EgBCbrIaAjXzCCz9LWgfJCHcT0gpudZSRWdeyZZ0DkdmVMF0dQLMwTmDuMlFBvtxZ4 pcsAWmdu_mpOkwnQI0EHaGO69H_oTFkY4S_ZVo4Mu0giamic5vYa_4ICmMjOgqVItoLdlC4eezJZ czGCkYnJACcA1MT9vP0aRMPu8MP.EcO8vIpQ.5TrUNw33.sWOdOzvyKExTt1hSW.xu0TdimdFRZy V_678Sec3PSffDqnfOTM31WulKSsJNV_wsCPPjPyF19jzTPee1wiOSHjMfawK99C3A7Adi_L.ThF Y4vguL0yppjkJcwseJwCCuSVZefu9jOtkP9j9qkzHZmWbxEDfe8VFTJakZWcIgkATquAymyPe9MS lt20KQsQQNcG3feLneO2Zv0Sv0Y3oQIQT4i4BPRrozGWJUIb8gg3PXuJ96XgAxdVA7ZkqfAfR.qR bIHtD5u0LbPFeOZyRkqykWfC8UaHR4GhQgLej3xdidDOEPUU16dNtFaMoEW_6hLfULWwPgWFplhB WP6n5VEDN2nE0aq5Y534Zei..tKuC85CkOJtlq.83N0R9_2ODR7cxfgn51NU1_rKmKWbO917oMcd 7Xik1J80yN9w1JH9jGG3KNr3VfW0ST9mNCK55qXAhh3q9SmRH_rzhz5FzkL7UKa4qsWM78sHEfBI sIbLp7o4g4RLvrYGA_sDrBBNlv8lEyAsV_WcPQduJjeTA8nw1a_XEniXp3QKLGbxhQ3qY9y3q_je UxMqpNzRS5l9K5l3_nR1bNSAJpOrBiMnTBiqnoqJ3MIUEaE5CuDlNq8lyrL7Wvz3g4clCXwLNt4C kV1volZlsXsLw4pHQDRrNsAhggMeDPaYWZISe4bS6XxazGE0ZtPR5Z7TsggSi1bkQ03Yg7YWu09u Gy4XQ6c_p4UabSKp4kNj2j0Hplt1jc8dACXyUXoDdRiBzS9p.T.0KmokaUULxWa2eUepIWKfJ3Jf eqvJLTPlHqstbmsF2Tq5J2h0J3I.gEl9lSb07D2zb95_naoYKgXGVGK9EipHuJpTZEoYCc4phH1P 0UHcezRcDg2IId4ICN0n3dOKIrkeSCOiT2BEvG4ltuohHFy9LdqYHH2sQRvAUmYKv_gj3aW.MmQl Gh.5IITJD3ZlcMby.hwBsUsz8Ql79dVFCGe9j32rNY0XgrR8my_.Zm08My8EX_pfcpwLLVxbc8SB SHVQ28YIL2oY5XLkV5fwdhHTKhPPW_M3FtU9ooIj23JfIwGBTS5C._ESS0DyeyiXdGZhKXgzGZuk P7ShRdbOioe8vQCK0FPu1VzxQta4xp_.a1wOwvVWJ3ixpuM1rsEHdSMqcATpxExJci7nA2Zuv_3C HPO8l3.lEGfFbaBP9kOX.7M3tr414dQGgpK205_KIKBy0JV6uOwpQNS._UVB84SARmMh3rfV6L_Z _r.9meDu4TJW0.C7bx199bkCZhUkF1njV1XAxwDLPDOo97pAhMwKhzPuAgTOJhNzQTxFI8HK21AN Crm1Mo8bwAOPmpfAqFGqGQFHS57416PEqfmhzS6rSsX5UYt4QswB0fGyWtHgNpgv1WqhAYGh0s.M wd4V8ySCdsPyPsrUiKHpXWgFQlx.EG5AGxCTV3EOxRBU8EzXbVYI- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:16:28 +0000 Received: by kubenode516.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 84a273bae704d785981c3c0fa8e65cd8; Thu, 03 Feb 2022 00:16:24 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 20/28] binder: Pass LSM identifier for confirmation Date: Wed, 2 Feb 2022 15:53:15 -0800 Message-Id: <20220202235323.23929-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Send an identifier for the security module interface_lsm along with the security context. This allows the receiver to verify that the receiver and the sender agree on which security module's context is being used. If they don't agree the message is rejected. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 21 +++++++++++++++++++++ drivers/android/binder_internal.h | 1 + 2 files changed, 22 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b0b0c132a247..259f5e38e6ba 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3024,6 +3024,7 @@ static void binder_transaction(struct binder_proc *proc, ALIGN(extra_buffers_size, sizeof(void *)) - ALIGN(lsmctx.len, sizeof(u64)); + t->security_interface = lsm_task_ilsm(current); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, @@ -4453,6 +4454,26 @@ static int binder_thread_read(struct binder_proc *proc, tr.secctx = t->security_ctx; if (t->security_ctx) { + int to_ilsm = lsm_task_ilsm(current); + int from_ilsm = t->security_interface; + + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + /* + * The sender provided a security context from + * a different security module than the one this + * process wants to report if these don't match. + */ + if (from_ilsm != to_ilsm) { + if (t_from) + binder_thread_dec_tmpref(t_from); + + binder_cleanup_transaction(t, "security context mismatch", + BR_FAILED_REPLY); + return -EINVAL; + } cmd = BR_TRANSACTION_SEC_CTX; trsize = sizeof(tr); } diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index d6b6b8cb7346..e3a0718ce17c 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -545,6 +545,7 @@ struct binder_transaction { long saved_priority; kuid_t sender_euid; struct list_head fd_fixups; + int security_interface; binder_uintptr_t security_ctx; /** * @lock: protects @from, @to_proc, and @to_thread From patchwork Wed Feb 2 23:53:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733622 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE6B8C433F5 for ; Thu, 3 Feb 2022 00:17:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237482AbiBCARf (ORCPT ); Wed, 2 Feb 2022 19:17:35 -0500 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:33343 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229759AbiBCARf (ORCPT ); Wed, 2 Feb 2022 19:17:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847454; bh=J2ETGMG8Q3KLYZLvPCboWzQEzt0aSOzPc/R4UsPJsXY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=rR+a4LkLTr6KmIiE+Z6ebXGouo2hy8IjEIWz5CvYJw3aEokLDlJJskYIpZdakie/IxplYra46ANq0M2mRuw+pXArjLbfAgvQO3AbbCDXpsIJJ1Fo+DeSdk2xto9pLIsOKs/rv/b2si4J1QLSZRK1B+4OMPS706ArpVBefNSEJaNQoezr0ndFJ9Z8y6DqD3zkF4aA+nDFpakYLJPYp61cBzIt3i1dSmIs6iqESxxT/Vxb9KBNEWrDgo3iyzMnf3pdg3RDjyH++JBZdfNreabO4GRB/10EllHmkzuyZLV5ERkv+C1A7vzXR4t10PXfjbGKAG7Z8C+Snfuz7Ey/zFMZZA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847454; bh=flGtNyhd0aSA9os0RiIdNjyfm8H95n9IttpvsON2lat=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=oMAirc/Mzn2oIHmdGEKxyz6IRsQsuXoq6LSO08a7gNwSpDnX1w7JGSfLVejvNk+DE2uXmOO1n1pDx7gGj052IqXPiinHKqltoe9+rTFqdo++kiC6zVn6STx25YycC82H/VxhsMM0xPNx8+Qmc1Sz8Klcw0V1UyE0MJ65jaXvhlETn99q3GbuKkk71KY7fSe3Y5bjxX4zURSrHTS6h1BaWcIC2uY0wyLOiLCHz/lRtrfNZd+sfXmFGjB85vSzvhvavzfvxSa4vEGjlHQXMYNLohLFW7k5Bmerm0RLn1Hogpe6pIl+4I7f06lrJ7AYlA2OoYrW/PxfFnV8ke3kDdssVg== X-YMail-OSG: 7yHTR1kVM1mR0MeUnbb.mwmmSyOEsWNvmcMtzlIM5VPbalZ6pg7tfO.AVbBudXK e5aHzFN3vPn63PTK5fj66lYNMNo5TWdmd4Gpsm2jQXxsZzQYzFJYsqdxdCR6LwyeMFII2qcwMFvm Vi3zNq0SFWstqSxVmnNVAnzQiB48ToskXKb_KghkIDyyQX8pXXPlpIOug31WBeBdli7MhWqIB..d sOpXIH1y2YqTEXg911_.heL6_VdddiFbNw2pCzSiyDfI.TwJfTPO7JXC6xEyfxPbNzZ5avU9PqIY EpskouSvrgGcuK5RFZot8qnM_f1maYejmFxEYzoF59cxHg4QcWMIocxNxU3GAE2i6iRSReV7lJu3 CDUtfsAysSJEABEeMI59lXcfnZ5x4mZmkUW3RSpYzwhjFwbhLg_BvvDudpGX0WMTxvmF8vh9pjI4 T.Ni9RtdUr_dwoawnmw6jsn.pJbZ0pIEpRuVct7RG9cQf5tteOGibso6EsqlHXZxjm1syc662yA_ 8mi73II8GiovPNcRQXsparoRHTOsRQaJxLQRP6GK1ltlqsCuS6_O2wjeJhMX1EnrY2l4FT5b4Hmg ongNNDgIR4gyjuTVyBHeqfu4NqxDMT_ERYIn5vN2GHu3qSoYo0CQWCoTDeOC91v077UXnc9S37Zm B.wL86FN0amKN335wmtdTvzyvaHmbBHY.z2nqrnig6OhnG1BNtKIMR9cgi8bkdnCYEGJpiZw3fKf wKE7o0cjl2qeJIEnH70f_g1pPpIhKn0LqhYABHF9_28SD1CivPgFfaqb_jIJFR8hwo5AtowtcGy3 bBgj57AgAIBLG_0dMuJ.PEiBwaGmsBOx9CdZFFPupsZPC_UD8AmuNdqsemjkg2vKtiVlM1QdeHkL ZkvkFPAxfzxoy3f3k06Lu6.FBWByFkwYdbApCka39a4VnbcM2TaKWDdPNRfnJJdwXx.9o1kLRYDD suo8uJ6ya.vAeTxCfDt_hPi3CSe.m4dY.vdCXkqbF5ubtFDmyXTtkWX0b3nBldRL__kRYSpBewD7 dpuJ1cwoFRNeBo2S2tBYxc8EZ2LnBwaVTIOcATpGO7Rv1DNEVpxbZ2.totxwYZcn2ODbQxOPstBg ZHMziUNCI6ZPmIppUkpL18NboRve1Zq.IdlFq3YlbobAlDAa.hU6Rl497ac1wTWAgkmbitIxEWXS Wj6yVgEPRV99G8m0DGdzVuJ.f_i4PiTU4yC6LjwVgHQtWB4uYG4hkBpFEWdr16YMx2biyvxGnq1d 0HHwe71mA.nr5.AwzV_280BpRDWTnoNdQ7lB3.ucCOXPpD1DVbiBC_B_2WHwW_6kjcYwVehhc854 fqqv8UPa59jrUKqJ8hPeqNdibi1HlQk2IK6tLClu_tvhFnnJhWjUKVeVUPiyoBaoeL_2okedwgKS ABRHFO9lKM3Wab_cbgHiSYR_5TvvhWILymQjh1CFVTTRXuVc9rS0jYIGCxm0Kr1uBaQIlPP_MHss p9NNjoc9sXxjK2RDxiSiEWSKF.velbZGkaLkIl_cJoBmdSGXnhAWFuXJapyoKGjznNhZ0p3bfeZI yMYX_gxxg3KJ823AQVLUzA4q8Q.4oJcJCJstCkyC_5IqbaLuzG.lm7xYELPQf0PCBTayspfGosi3 IYdQTNvOBCTAgd40UKOtDy4u08hTjXAZCvuDtMAh5qypjE3PZTXMl0M_l7YssG9IVxDIGS0Oti45 CVi060JtiTDkH20zRNQHZ.5LMnC8ohhYPXCAnJRzN_qte9Zud3DtNMaFY0.93vov2KJpwWAbnop4 QFoYhv0uJX2FuQEvlBhCOVE7NEW0ZlAVrXnAMuShr8JnKoATjmVKD8Hx9sSPs5uIH6Upq9gViZ74 3Qk8dJM2r0xZv91J._kHXrIDpJ5AqQSauQ_pbrCTPoBdkNfHAQvYU5wG0TSNolmoI7buPW.QO.B1 PGWriyS395y_8yuXhlFBNmD.zuZsZ4fXsF7Rv1uVcbRGRrK3CcH2bSoRuGRamWxtURNyVuLRpunQ VAK5srXgGA3Mo17jKyusOQ0xrMvFJ9159XfNYvFpIjxMnXMG0DzjIXpF_Ue9RJa9ZiyDsB3lEv.s 21Sk57WDUTBb0QEbT.xF.Gf4OOxaTCcp0TX2l7XMCIxTWaN4qtJhRDUGwnf5qIuENYMldZfS4kV2 3CGTQlSBkRNOGurvN3H4VBiRexHWZinFnV2IlKiKxTACCG5eYYP4gpJXXh7tqIEzpXkit2V6PKc7 GVYz8XMXXUSjsUX_WNU_qAUVm0RdOqTI6yh58XAbb2y7eN4BSXPicBGCr6onAu_ytcjcmgsYrZm8 NfWj7cKpNt0lykwbmY7d6Qlz5Z6r1zLE- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:17:34 +0000 Received: by kubenode507.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7850c669e06bf97c405e8be9f36de1d9; Thu, 03 Feb 2022 00:17:29 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 21/28] LSM: Extend security_secid_to_secctx to include module selection Date: Wed, 2 Feb 2022 15:53:16 -0800 Message-Id: <20220202235323.23929-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a parameter to security_secid_to_secctx() to identify which of the security modules that may be active should provide the security context. If the parameter is greater than or equal to zero, the security module associated with that LSM "slot" is used. If the value is LSMBLOB_DISPLAY the "interface lsm" is used. If the value is LSMBLOB_FIRST the first security module providing a hook is used. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 2 +- include/linux/security.h | 7 +++++-- include/net/scm.h | 2 +- kernel/audit.c | 4 ++-- kernel/auditsc.c | 7 ++++--- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 ++-- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_unlabeled.c | 11 +++++++---- net/netlabel/netlabel_user.c | 2 +- security/security.c | 20 ++++++++++++++++++-- 12 files changed, 44 insertions(+), 21 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 259f5e38e6ba..d59c4ebf7e22 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2983,7 +2983,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_cred_getsecid(proc->cred, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index e2939418789f..39e113574ba7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -184,6 +184,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "interface_lsm" slot */ +#define LSMBLOB_FIRST -5 /* Use the first slot */ /** * lsmblob_init - initialize an lsmblob structure @@ -596,7 +598,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1450,7 +1453,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int ilsm) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/kernel/audit.c b/kernel/audit.c index 03824cca058c..0fad7317cb09 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1440,7 +1440,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -2152,7 +2152,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7858da40a767..e091d03f9184 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1132,7 +1132,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1378,7 +1378,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1541,7 +1542,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ad5be7707bca..9b5c44dec1e9 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 9626e2b0ef12..e919c35f85fd 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -347,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -657,7 +657,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) int len; struct lsmblob blob; - len = security_secid_to_secctx(&blob, NULL); + len = security_secid_to_secctx(&blob, NULL, LSMBLOB_DISPLAY); if (len <= 0) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 36338660df3c..cb4b8b636f6a 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -180,7 +180,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 2aff40578045..6babdf5fce18 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 3aab71ba3841..b53cf90bb6f4 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,7 +437,8 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -550,7 +552,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1120,7 +1123,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..1941877fd16f 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index c9459c4754f3..b694eca9d4f1 100644 --- a/security/security.c +++ b/security/security.c @@ -2334,20 +2334,36 @@ EXPORT_SYMBOL(security_ismaclabel); * security_secid_to_secctx - convert secid to secctx * @blob: set of secids * @cp: lsm context into which result is put + * @ilsm: which security module to report * * Translate secid information into a secctx string. * Return a negative value on error. * If cp is NULL return the length of the string. * Otherwise, return 0. */ -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); if (cp) memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; From patchwork Wed Feb 2 23:53:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733639 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B52C2C433F5 for ; Thu, 3 Feb 2022 00:18:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348442AbiBCASn (ORCPT ); Wed, 2 Feb 2022 19:18:43 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:44022 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348444AbiBCASk (ORCPT ); Wed, 2 Feb 2022 19:18:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847520; bh=vgO//PFYDezNojD/b4WOsqsxvAcTkDNEtP0WkzWCjT4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=AkFHLfSyO4xftRsiAXQXg6kPhJpa7QdfSWWJX6de35/0BJm6iVmJNNVxT2Z6T3KPwvlhM4TNUW3qG7LzaokjDkv4K+4tvx2ZO0993Ju0MaKrtDnrXVJ4YDbLHxkxAnPb0jtWjpL+H/rzMmWYF0Ul/b7zJRpZK2vDukQc1614Ixcn+EY0xdplh2MYyEg9SqjvSDjOdOwf3mL6nSzfFWsdjCEuqr9YvkUfmDe3B3jngpASvaSq8svTWWd9OTzTtqITN0rMOnXObQQb3IjoiLDiXTjxaPPbnKStxsxmc6Qf4E3U2xvllu0XaY6HyN9y2+79FBDejP4n3GfR7R8e8YVE2g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847520; bh=89NtYWfD0iqXz7mfggFY4ZksO3WojLp2Ejc/1l2NcQ1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ieyi0p1ZdaN0C3MVpVJjiGTXAkjw5vTV3IxqI7KsHET4U5FgVMhHXvotvFERwTvyxfsfXFLalf48HCh3++LZlW0cbj7CGja/ofs64hrhqbNdO6tDAV615hUbcIZ3QPVqOC9rJyU/F8tR2RTM+t2hisXNNj+b9Ps009MlfSvYIv1GSh0+bJc2MxE/PWJzDAcywExw6eMrq8oXQAXQsVLcE8HWeYIJc13OQlnI3cxxJkOLOt6j4jmIOklpMhqHoVcUac9TYbrmTQr7wDg2bNOVB/Lr5t38yhD8ijVZDlisBCRwfOzOBwNDuOrtdKysOsGaDgp1Q2CceOfaBhQmCy1eAw== X-YMail-OSG: 76__EsYVM1mqVTBvgNjyup07mJUX44XgY2_46YQDzh7VWHrP2ifPFKOlDO92Gqf 3EH0qW2vxzxUPSsjdLtvCh4hCQwxI_4K5G_3wxbPmAntSm1J7uo1SW6e2K2cs1iLaKwPup7KFlhL UvYWBO9TJdVA3JAREP3XTtpnSXCNL5uzjWV2FLXa53Yz1rSjts4_5qhywt9x7hjxr5EKfPREn5mJ KAjlbIgr2WJOe15COToKaV2r4mGWXFJHMZkuUaUKQhMv.bH84xnIluQKoHsEk3M3SOp4zzRweihI bszbfZOQW2aXEE6Yukafbvs1hamnKPEYa1Ax9w4sxH29dFemeaue3fPLkKs.311AF.e_9BoZCpJu XFfy_R_L7wzuwLR8i_fMVoikzi8wCuv664jx4E7QWKNzOa9kZBHQIbwS3dTd2Xc47r8OgaHO6.Xg RpdGrwrwcct374iQv156OQY858EfWGScosHxzKpE9LV1inHhqkbAx6A5Bes5bRdI68WRTagjhOgr WVjNNmIKuHq7M39nZCbXAoq4QWOt7IAJvgZGOQuG6F9KFMzR2.yGft8G0JLoHRbgnwmysDKRYHDC MEXEx8_xHbO3LKZpS4crHpOOWUEPrYssYmSd6joxIa9sbxwZt4WL7z4es3SIw1e9QM3F8ORdA.k. t2Z3GIBwB8H27a12iKH0kuEpebf3kX0vdCaQiIiZ05xB8zcVYklh8_s7U_yQ.y6W.FR6rvIB4MeW Td_fQmTDHUJ961rgvw1iE6IYtzq01MwOk49O_TDKCVlexrFne2OFSju8lMd3GuXYLdGoNFjWhole zfOZF4A0U.FJASbiacqEjtXKdGCoYtXYewCEm.nvEgow.NuvtCpslB1FQ0j_MpQb2At7wmd7ukk8 3azZA2FfTE53DNaT3Sy0vWdV6vadCjJ2.F19R6CMaqRqO.w.GoaAt0p9ga5qvkhNJeqN3fxDVXwv l.NLhj538g7NyCoMSm5IzLwFzG8gZCPpW_WF9fQ9yjB5VnXmymt7rODV.PduZ1WmAmiafOW4pRN0 89e2XZj25Xc9nO0TEBAFMq1SspS.AzH.ZWLirBVp_Isjnq34spzX5flTosGF_xZd9Putb2MzRULi JgV750P7TixBMJG9b4CqoqDq.q_ZHM6xeV2LoFHyoi5ptpE2TBZmkOLrTqMKjv68e31RVhoED5gU Z5FjxJzVTZVPVbCueHjdu1pCTIUl_S8X4wjMCSMykWZh25k_X4ebq2yDuG2TEm4.YD3PscrxxUGy Hpzv0ZDLH9GZBM6sCN2m9xSmN.FUnd29QtWQ4YU_O_N6EtTJGFfobs1aNuli0hC02GxtcwyTYMyf sjZam04H8_Py4SFtsXsqTlAZ823ZD3t2gniZPQiUga1Njo4oCAAh1J.dd5mzs7YtLn1su2H5nyN4 YoaOWJhUAXLZSHzpb00P1V82mKkhvnSz2PuhMYIo2lSVcra_FUR2vwCVpQV7EIUBFwJCO4Lu1y_q AbhBTI0SubfQbmlzghRUnD48FI8kqeppHpBytC_bixos4wGFy7gDEfNGFIuHPTMpuPphPXq3.shf .wxeeytmEReHsFajmZ2Y7AcW8p2SN8qpVuOmU4bPocHiJ5b9HqBW5Rh4rmcQMJgJSvmTeWoTlAY8 HC6TaJiOagZs9GFjY5027RuR6ER.tLIabrurftVoUwsV_9i4bMns01gPj2pgi1eY5YAP5xcj2b3x .imEq.8try8vXWaRRFHZzk8MjO1nUZ0n95pe7mryW3KU3e__2BTtaZdu1ZHk3.tGwsKCVyNP17e6 emVVdlFlnZwYjQxzGQW5dchkJ19_VixKBb69CpP1O7l9BUslcRlTvwioxJiSMaajtRh3Rovg5IvX p2_eoHGSA5v91NbVoncpw8Nm9SM7VLPK2ZvyJdl3_LRFqnY1cRZCBB9uZ6ZUag.TEgG9BPWR1jWv adg0A.Fgi4c9sydoEU1oRDCMYsWigb1vcTbPHUs0vDIt8r3SK3O7B7_VmBBRiDlNFEZKzvPilpwY .WoCjML9lje54muTtdRwfQ7V9U3HVGUESCDrzBQl1Hz19FKOGZYPPcWk1pvHP717bF1ch72UuTm6 vfxlpiAn4stOv9d6RgPBUr6hSOzj22gzEyUqUvXXAiHXssCmfs8aDb5uoAxHgdEdcX3dToOXqSQK rrzD9bVGv0.stYquJ9kPNey3zrspGgjY8Q9swwU4TXxdts9MPMjZdpy3DcbUNn20MLEu014qHg86 _iAkRQPCN2TGjzrM0VfmmjvNJPp.7fUjZKc80pgT93rVZGigF4gP_IPr8XMVFptideA_7jdj17Y3 LMXJ884G4A_xP5LDQDsi5Ps23uU8USw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:18:40 +0000 Received: by kubenode526.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b28cf5c59f0e8f0ad457f4b9d7ee197d; Thu, 03 Feb 2022 00:18:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 22/28] Audit: Keep multiple LSM data in audit_names Date: Wed, 2 Feb 2022 15:53:17 -0800 Message-Id: <20220202235323.23929-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the osid field in the audit_names structure with a lsmblob structure. This accomodates the use of an lsmblob in security_audit_rule_match() and security_inode_getsecid(). Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.h | 2 +- kernel/auditsc.c | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index 527d4c4acb12..a2fca1134519 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -82,7 +82,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob lsmblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e091d03f9184..47d34433b91e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -700,17 +700,16 @@ static int audit_filter_rules(struct task_struct *tsk, * lsmblob, which happens later in * this patch set. */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->lsmblob, f->type, f->op, &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - &blob, f->type, f->op, + &n->lsmblob, + f->type, f->op, &f->lsm_rules)) { ++result; break; @@ -1537,13 +1536,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; + if (lsmblob_is_set(&n->lsmblob)) { struct lsmcontext lsmctx; - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_secid_to_secctx(&n->lsmblob, &lsmctx, + LSMBLOB_FIRST)) { + audit_log_format(ab, " osid=?"); if (call_panic) *call_panic = 2; } else { @@ -2245,17 +2243,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->lsmblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; From patchwork Wed Feb 2 23:53:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733640 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62F25C433F5 for ; Thu, 3 Feb 2022 00:19:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236472AbiBCATn (ORCPT ); Wed, 2 Feb 2022 19:19:43 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:39241 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230232AbiBCATn (ORCPT ); Wed, 2 Feb 2022 19:19:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847583; bh=dTXhzuopyuHsOK2uVsPAMqd3JMR3iQuSAYWnNMHmUjA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=C8WFVKWM6f5ndaMWK/xGSzm9YZicZLxsQy1dU+DJ7ziYo6x/GKGdwquMa5kkg2DOr2Hkw97f4hJiB/8LfOJmvEDu6DQ6eDsY1A/DBC3zSmas5mIVfuN1pHvIrr77K6PGRXOuwidRB6BTyp5dENDQTS9sRc6vSpJ1NQFfn3eZZjlk9pC3nC3Qc60hKvo1ZQj59nZGV2vcdtVFUfqIED94EdNDT/Z9iYLa5QH3VDaU+nspsT51iyaVuGSyGeGICkQUt4Iq8u1bijwP1ohwl5rItlBgOb7xF8qtbmmu9VXaQsNuwWeEHtjncF69wDCiYwmCo0B2RYnSnCXaMNT17/5sHw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847583; bh=GUdEHeKQnehuObU/+xRpT++4GRAaJw0MtJrMdOM1rWB=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jKJkiX3IK/71pvdQB0HfHtNwvP3rKa8jkwrgxnCrnUbd0xlLcdfJsLctJ0h6ZTQH2HGhBYaRmoBpbS2aXLNXs4emXmkRtYdGxPefZvlq4TKs+RP2HmB9bGDNfpOXP0JYuoPVJM9KpW9DM77wCGKXQeG5+/Wt2zeenYB0s1wqstmgv2ZYhOnEUEbFGkGshtdWjVe1bXpr3yk7uhBHpwu/ea3wK5g1tNXePcNC2EltZdxHgmVaufkQa5sZNjgcdijiwqaRD+pun7Hc2whYgei4FUWzXwhMxE92Gi1Ro8zqj/tdVVmLTClEjTapQwER6kEBXZl5WWb4ahnJLG82a9CgwQ== X-YMail-OSG: uaWPX.MVM1lKC0x6uDxJ8xMXL.QTVudtUa67rnuVjdxQ8m3D4h45PnV59YSWp_m EBCUp3jsZRYevzOtyjRVHpkouXnoWPGm7402YoonNlHE40KdzS6.d1QnF.WpLCaC0h2stU1VRhlq HM5GYNk5fJNP8Su1fo69jdwYlk_OrLMlLPWOxFOkQ7emtNWdnpOM2gBdnQ8LTNlEwpdsboqp4gaJ .Znpk8ECwyPT4w6axBZ2Htc_fLVIjBOho3Q_psQ9ZLP2YlpGwUPXzwY4fRjnn615.h6CXFCBnkvd cGzdK3GLRgU4mCasLrvDwQ4PC8tyAwM3p0vBLWVtS6n4dTbxIi..44QOIdqHfU6y6JB8aWwoSp6c pvVVIY7RPevMXrTEtdJnx2agfC7X3DAnp9xAbYcWkqH8UQYecIj5511fTZLdKmbu8XVdci14HzIo XoHCnBtNNWlN3fuwyqcafyhZUoopyaE7hJ2nboer5zCps6PbNF1nl4qVBOgJ9.VbFqJxpXrTxDIj c7ZCZLXHq55GIJwPmIlfTW5nmVnVauCfTDwhFGx62wJS.JxhQOatJtny6PnMu2HiGEKMJg53rJ9D agdBsdCGPU9fTS1KH2NGuoT50m_nO_eon_CVynUT7Ko9wCrHvFCPy8l68fLF6G7G8CtnIZhReec. 1Mno9z3WRmeUKznv1pOyyrd5HPUpaua1e4NMxu005vumcNUezl4LuteibJJVXdcR9CQdrea58n1G z307Zym_CWRWkKXgWue8Sdo39Ke8SzoGbQVLeT4jBNspkWWK5fT7fN2IEDFpcTyPB32dotwv9I2I NzWjOwp9vuOsY6bb7O.shrWz9DY.p8.BeEb8okX8QhU1sjrhNw_CCe1iWnxjcHJHPD5L94I_z.hy OEfBaE8A8ntOCzNUtzxsvPTkNqwxKXLobFDBQPzwFNchtNfMWalH4y4kP7AXr2qD3J8oEQ956CkO lVwTwTbMbDbbfrQ4UOfXxjSHyyrtqZpVj7uAyD2XTC59tAuBdwDOGzAYTHTVYLB1aFCPvola25qQ S6sE0NuYrQJsbB3xhXdgDb2hoMgpaetioVCS0t8V74IdURol4fYxfxkmVWQ2PLE03S7y38JzxwA4 U6d893PhmGnTTwgTyiPbU8qbtWraEbLKKSyi6TXBSSOeSq4YTpkIa0wYp76ryIpYEUnfuSWptmnR _dLxMauniqar2lLXyQrE3ncycKXBb3Lb9SCOZ5pA2PNbvNSKr.Abjkpa9uVi8KSjTk1fm4zdby1G kd8BpFhdeLfS8q9Ovau0UUenMHaMFPPea8W55stQqkRJP.j0rBy4eaH0BAr0FQp1DnwwuIZjacLF cbzPfy7ixKAhn25efXWsH.nCib2Af7jg3dohWoGjGEMlRb2yQTAKlyu1ao.28xzZgqMauNcXw5RA 1iXYhmdiTDQqmf0hmPArB._6p9rIrVG51llShw8zsJ7J0ywppscQA9yt1E18wkZGc.zWzew4jysr VElEa.OVJF2JQ58pHwXPDYJVUo489IBAIaOGwsw3iP80L9s.Z01aGt3D5kCet0Mzp8lKbNmbFqlk JM8D6dTJskV8ezvWXcDtfX2cY7mqZKCenjxyWW3biP1CHXEen1XvbGifwxCUNDIYlTK1GvJonbfv OLvsbv8ije6aXnnJQCo1mCFIuSmY2WycY229XJFqFm1Q1tGdGipka4spvMjyKlNYllJrjQmE028x wfaET7wGcPMrRvZzBxuWvDB_18c.6rYxQGhMk5vu.6PG3iYBQNwnIaY9Sh_SbvgeuH3_r2OlNa3v 8c4cJ1PSWjKpJi2HjWpvs4lWvHi_nOuOQw2CDm6BUffE91TuDuxgiP1XUu3jPEHS7kQO3M8fvdt9 SPy1DiUL5GoM9PeV__xxI.BeqZJo7n4fwJTpWzieKqBiij_.LXLgVVhl0h3LWjjVjuwXV30k2piJ hdlvV8PZHCEdzMENe1r352fD7GFWk3n5AKi0H_WasX49AHVYU2LLAINcvZJkSSnKRzhpMPOsKscG NHkkV.byROjBJXzE03J12AVQGDw9XYVTVFqeKVQnPJsKnnSQPg6W5X0U.nBrveYQj3VodaNHRsRI emx1p_q_aDFobAjW9MzWD.SWqI4LhiaJtosJetJVQtAOixn5EX9z0wVPDcZvklXiVT9I6i.BMp4e tafwIaV2ALNC7zZ6ZzGFAdFqagKXC3q3oni5il9QPuzlI4Bz57vmTp7Tup3gTPSd4J0AyJZ4omVu lIm0CjTzrnS7w5uRWnFw8ZDLbhaqhMZV7q6pPO9udhz4LuskZ.Q-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:19:43 +0000 Received: by kubenode520.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1688eb5d75ed6a9f47d4047264beb981; Thu, 03 Feb 2022 00:19:39 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 23/28] Audit: Create audit_stamp structure Date: Wed, 2 Feb 2022 15:53:18 -0800 Message-Id: <20220202235323.23929-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler Acked-by: Paul Moore --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 12 +++++++++--- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 0fad7317cb09..f012c3786264 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1798,11 +1798,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial = audit_serial(); } } @@ -1825,8 +1825,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1881,12 +1880,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index a2fca1134519..56560846f3b0 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,10 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; + struct audit_stamp stamp; /* event identifier */ unsigned int serial; /* serial number for record */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -261,7 +267,7 @@ extern void audit_put_tty(struct tty_struct *tty); #ifdef CONFIG_AUDITSYSCALL extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -302,7 +308,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 47d34433b91e..7848e7351cf9 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -992,10 +992,10 @@ static void audit_reset_context(struct audit_context *ctx) */ ctx->current_state = ctx->state; - ctx->serial = 0; + ctx->stamp.serial = 0; ctx->major = 0; ctx->uring_op = 0; - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code = 0; ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1898,7 +1898,7 @@ void __audit_uring_entry(u8 op) ctx->context = AUDIT_CTX_URING; ctx->current_state = ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } /** @@ -2014,7 +2014,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, context->argv[3] = a4; context->context = AUDIT_CTX_SYSCALL; context->current_state = state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } /** @@ -2483,21 +2483,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context == AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial = audit_serial(); + *stamp = ctx->stamp; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD; From patchwork Wed Feb 2 23:53:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733641 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B71E4C433F5 for ; Thu, 3 Feb 2022 00:20:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245106AbiBCAUq (ORCPT ); Wed, 2 Feb 2022 19:20:46 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:32822 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242087AbiBCAUp (ORCPT ); Wed, 2 Feb 2022 19:20:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847645; bh=42GUyQ/jIyvK1CqeDiPNIBC+BT6wOWf+jsO2OQBpwJE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=T7xS2/kNTtvN0iCPvfrOTU2cAp0OC1Iz5Os6ft+nFIUPh8Vv2Sj9/7Ypms9ALCklJ9TombijNxNzsYOXNStBIKm4qSHcPAsbk2UdFEvKA7XIh7wMsjwsnmfSBkLme1KLk7OqINGDyqrlAJLp+/9vp+GNZj8OSx1bEWswGg7zRffgVddgfGfyvudnhpQujcLkEKrfZqXF9pXcxFAccF0HTDh/b+2QTMGSdEMHqwhR1+/QrCtWnfQtIeIXh554g9V/48WAk2P4DIUvEIZbYv5L40fsJATja36TbwjX+1i/vTXhX+veHIn8XjBtUbjfRXG4CZ2VyN8MPncKBAyLtgrWvw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847645; bh=E/1Dj+zx1FlCiUkMYriQiKadvBaRUqheX5/adQlHFw4=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=f7VatvA9ZILpb7CBbGwYUstRSZcIVa8mW+FL/cydHH0Pu1/DDludJdUeud59EFwYmoNT0tRoHMcUHWkal5MhUyyx8tdJqXlN5GKycQYJ+I5kCSdQ8K1JYy2dJXXceqtSKAubliR22DjFs0JMEehw/M9giaIHsVDUC9DkYIve99mI4A2fGz+FANLdivIT/3bnt3GRdQFTF6AoEfZtPeQeMHgp1qZ+yt16M5heTuD44u1yLc4LHZd3ZckNoQIdEsjq9sqdoWrqI7gHTQxNxNIymmF3YC1VTrAf0zAVRom4oKQVElE0AYTM1MRWmNLiqU3gz7KYFM7lmvojTsVrAS9Xjw== X-YMail-OSG: CegtVpEVM1nV20gXkBQ8hb.QWjtrCl_fxm5VHFSGJqnEkStDnzmvJbX0rfTErKG 9ApolmaNLkkIPhAQljHUvn1AgaZDZbGySFiCDW.s6s2AUhdGi88bGCqZ22EkOSw6F2pyWVVbDOWG _Xz50AHi2KzViARWRQdwQF8LjsdGAKQ5SBzH0fjQJf.3oymTVjL.7JbQnP4yVReuK6ruGqq0KfRk KO_fNFGlBJ5xProw4obq0vG8M8.KmWuy8OAK8RJswqZ2ehaB0y7.PtEFfbKpL0ZKlZYuvFws_ycp Zh4DXw2gkH1qFGDmfqaWKDc3Awg7SE9jERWTs7nMO33tZ9cEV03s3dwp2vKMysLRJCA14jkQn9UM Mc7nTlT0XBRGIOkMFMSELC0_aOHMJSrVwJ2Ogbv3HoI83.6Slcfm8hXr7ZBMxYzHqaz8ShR4KzOk kjWuXbDzjnq.opN5BoDfd.1KMBgYydzfr3PNLz.b5LRrdktfXgzB4pzAHp164g0.GGBTYLPNDGqh k9_MthghLVrf9Mx6Mxqc2CP5viqH_7cbrXv8lRxl5dn6yYFOIsHxmpOB_3a6O5lXg8vJnMjIXV__ VK.LCzMIIXomuh94MPWm0g7yxxezUsyMte4Bx_BeHkPejxmZGfZtkbtY5gRO5ERUrAjfhedRHnWP AekYZSYxTXUhFbp4HkCXVIxeA.n7Yysddf6kzIkAaXHk4sOhZurSNhescsqF0bq8rl154dDt3DKy ec6aGH9uMuZ8nWmcCv7MYbyunQXbZP9vp1L7Uf6tqdpvFU3kJCRHr3_bK.STV2Yzi7b6vSWb5qJC FgHndIH71YjkVH3Rgl2gir0KERIN4VXYoBjWWeKLwgb1RZi5nD3SCU2DHMBXXTJPUI6Xn5ilDPgO pwHXiO0eflKwuvhmi2wtXmM0266wVdANwyAS2F2XyFGF7vrMDb306IGwSTgySmQP0AMp852PwaMh k83gT3PdKncCErc3FqoElsSm2I3APsL7UWJZ4XaXCrsLBqO9lHOtC5iQgWosPORc4eKLae8iOYyQ wqyfS1.db19MBdTiCeyC.4fBSHswTRXaGo5YqQYBBb5wpk2URfeNPvpwW9fdTMhNSTolc6SSMvHe A_js3smx0q0RhHoyvhglyLMI9VK78Sx8WrjU3O4_JehBU1pOv875bBjQUw2ZnJ6m5LkAJLWJmZnb baYG7HUcZucBc6w0jGNqq4oTm5aBAtXU_gAcsCrgk6FDGihC1JkpcS33g.jeKq53_fIcK.4tY86l k8kcx2Wg6Uz4C35obK7F.urjO2_GJeIdH3Q0TVZsHQdfzs9LqnN9jlFA4520z2doPrtfUf46TtGb goZnrg9UdJARLAksWMAlmHnZPe2er6QtdMOuQNsA_Srl38nOYLB04NAv0KcTm9uC6yU5JSvB2.gt 7QqAEZLcZs5hWTFzyw3FzRRLmS._unKU78dA40c2WMQwFwDwOGGEQQ.SL4_McZPotJNY8un1y.LY 3if5.1fdCMMq5HfyB3qyIqbIbrIpUit9aKAwYZMB_fGUYGjruv3qG5wnofUyf4ngKJ88pxycKrRM QpTyCeA_t5Uk4HhCcHxkrSLK1zxU1.B5dl7M_TPp9pd6cwRwkfWzvojjiINMVQPGD2nADFDq2JYQ AcI5xwOW1IW_v.nlloPQkZn6sfKBcY0QXbnS0xg0wVvhQbhx5sMwJcycA10SSrkwGkSpvwYGbh7Z 6SlzI9CHHAZ4xXLvTFTxdf5JrYz9zF24l.O7R_qbbwYfLDA81y3iIusv29XTle33KVAfcjEHcpWU W07axfzEsxYiZhXtsscvfjfRnfFS3QMjT2EWwzMa_oao9tOO4q6WZ7IbZG7IBVd91AkGHMzm39jq ZxAADr.UXiNgKifaBanADxQEFepEYEcjC30wcOSitJaXwazRBYFZ9hTJIahoTZE1AodetvkfTNBy Qf2k.aLztFjGwOUckJt3T_PMnXvUfCrqdhlceBkxUo4livoc6sKFAthDYIW3XC6LTGFteB1piNXM eqNjhT7CewVhgbnHrgb9hbPECio6hAW4Sx_27R0VlmsBD14hkOf_9kIoLfQFFsRKRTaM7PY1Lm7d 4BQJYo_4GRP4.C4P3Asikkh75h87UE2IoSD4ELSJnLjQBgAa7q8uhOT_lmdGIBC_AfyHyfoTwqbZ TBmlIBcyBSEy454yBKyfTXtPDjLO_JNbvZ.TZ2JT.sn1zo_TO8Lc_zRvW9WHerzz1l13VXFfxAUP oFcxkXdeWWko3oLsUYTY1NyaGQY1lqMTvtxbuuKHg2mldWOQBHkkMagfjxOgRdZAf8AzoKZa2S7Z 70gbQa5n0Mu3RwwutcO8ac2n9Hlc- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:20:45 +0000 Received: by kubenode526.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f690c427fb438f8dad9f2bb13db83d44; Thu, 03 Feb 2022 00:20:44 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 24/28] Audit: Add framework for auxiliary records Date: Wed, 2 Feb 2022 15:53:19 -0800 Message-Id: <20220202235323.23929-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a list for auxiliary record data to the audit_buffer structure. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Signed-off-by: Casey Schaufler --- kernel/audit.c | 84 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 74 insertions(+), 10 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index f012c3786264..559fb14e0380 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -191,15 +191,25 @@ static struct audit_ctl_mutex { * should be at least that large. */ #define AUDIT_BUFSIZ 1024 +/* The audit_context_entry contains data required to create an + * auxiliary record. + */ +struct audit_context_entry { + struct list_head list; + int type; /* Audit record type */ +}; + /* The audit_buffer is used when formatting an audit record. The caller * locks briefly to get the record off the freelist or to allocate the * buffer, and locks briefly to send the buffer to the netlink layer or * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ - struct audit_context *ctx; /* NULL or associated context */ - gfp_t gfp_mask; + struct sk_buff *skb; /* formatted skb ready to send */ + struct audit_context *ctx; /* NULL or associated context */ + struct list_head aux_records; /* aux record data */ + struct audit_stamp stamp; /* event stamp */ + gfp_t gfp_mask; }; struct audit_reply { @@ -1765,6 +1775,7 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, ab->ctx = ctx; ab->gfp_mask = gfp_mask; + INIT_LIST_HEAD(&ab->aux_records); return ab; @@ -1825,7 +1836,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1880,14 +1890,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); return ab; } @@ -2378,7 +2388,7 @@ int audit_signal_info(int sig, struct task_struct *t) } /** - * audit_log_end - end one audit record + * __audit_log_end - end one audit record * @ab: the audit_buffer * * We can not do a netlink send inside an irq context because it blocks (last @@ -2386,7 +2396,7 @@ int audit_signal_info(int sig, struct task_struct *t) * queue and a kthread is scheduled to remove them from the queue outside the * irq context. May be called in any context. */ -void audit_log_end(struct audit_buffer *ab) +void __audit_log_end(struct audit_buffer *ab) { struct sk_buff *skb; struct nlmsghdr *nlh; @@ -2408,6 +2418,60 @@ void audit_log_end(struct audit_buffer *ab) wake_up_interruptible(&kauditd_wait); } else audit_log_lost("rate limit exceeded"); +} + +/** + * audit_log_end - end one audit record + * @ab: the audit_buffer + * + * Let __audit_log_end() handle the message while the buffer housekeeping + * is done here. + * If there are other records that have been deferred for the event + * create them here. + */ +void audit_log_end(struct audit_buffer *ab) +{ + struct audit_context_entry *entry; + struct audit_context mcontext; + struct audit_context *mctx; + struct audit_buffer *mab; + struct list_head *l; + struct list_head *n; + + if (!ab) + return; + + __audit_log_end(ab); + + if (list_empty(&ab->aux_records)) { + audit_buffer_free(ab); + return; + } + + if (ab->ctx == NULL) { + mcontext.stamp = ab->stamp; + mctx = &mcontext; + } else + mctx = ab->ctx; + + list_for_each_safe(l, n, &ab->aux_records) { + entry = list_entry(l, struct audit_context_entry, list); + mab = audit_log_start(mctx, ab->gfp_mask, entry->type); + if (!mab) { + audit_panic("alloc error in audit_log_end"); + continue; + } + switch (entry->type) { + /* Don't know of any quite yet. */ + default: + audit_panic("Unknown type in audit_log_end"); + break; + } + __audit_log_end(mab); + audit_buffer_free(mab); + list_del(&entry->list); + kfree(entry); + } audit_buffer_free(ab); } From patchwork Wed Feb 2 23:53:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733642 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE58DC433FE for ; Thu, 3 Feb 2022 00:22:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348501AbiBCAWD (ORCPT ); Wed, 2 Feb 2022 19:22:03 -0500 Received: from sonic317-39.consmr.mail.ne1.yahoo.com ([66.163.184.50]:46627 "EHLO sonic317-39.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348495AbiBCAVz (ORCPT ); Wed, 2 Feb 2022 19:21:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847714; bh=sLADDpDeS/OaAkfD4ZYyY97VZX874clZ71WuwPhCS5c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tCrf7eBGqNYt9yKpHERpSw1ZwCydwRJtUvQreJwDXCMy4usAKCu01XR9PQ/LbPegZ25IGEXtR3Qnx2SBC3oAZYWKvJ06Lsj1416/9lDLaUR5GtnPW871eAvANzg09ayKKjB2a3VB8lgly9ipLhx9MNzJQOKfevqc4m58UtAdvprrdEgpykwoFJRjsjsZJz1aoMwaO0CqdKf8QQKzhjkGr5tgbvbXWJB3Af+nVsYk5goCmMfxnw6qetkDubED12nsi4Z3QxQRyJKMvrG9rEz1U24giaDkLpwTe36LIJaRARcdrhCsduhSvRVQjLXHdEQ0rfSGvO9bRLl7R0OS+paTCA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847714; bh=OyzugtIlpyzCj1RQG9ayViWPgTZUqeMr1ofqsQ0CDlv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ua3HMdRyoeBknSEULVkHgbA3tuxLfpwNvMlUSAvR2tif6ixdctIehnECiqHrzdwFcB5CZtGcf22joIFbkQ25Xab4JBdDXocQ+5BCdZMZiMwztS9mY7mNLEguF5rYw1LqVz1nUG7/4W1B4JeF1I2YRheGpjrF2e2nb2KYnhmA7t09Iy8BSCAI0N3EG+mN8To/dhf1feO+oppER1mAnqkZaCQYlXat7NiGfXgsfx3ylV/PXNHO1SVkLi6VQtt1Yw+/x7zZCovlfSwGuEiIZmA++86KO6WXQ+VWsOKLw7SQ7HdafyVz7zTh/pCcUj4roslvxn1RpSVbKjaUNxJsSI0Hsw== X-YMail-OSG: .kKA5AEVM1kardbrh6DXy0VAyh0zOe03RojVzFahowtHT6dJg05.FHQsdHShihk sIXmWDln1OaDgdf5ULYzkVvTGMuWkba9PZkWkcwrHHNFjT2_ajTBLtEBRBrvROHRnhHZ.psVmqhv NSC8gg1TKA2cfWXrtuHIqGX2hxnA2fLX6E1W.vHqvfXJgUMYQL3ewZgMOPfWiXqthUIyh9jMwWa. .4Ghhug1W1Aau1L9RCFVo2.yl7RBZUSyE5l9lUg2Lsi6XoRGvDr0_J4o7uP5eUr6PeW9ErqLKzdH XyqAA7uoSlLHD1jo2xHBOHvzQT0bWlAsntuOHdhGwz0EASjUZHFnMz_me5U.q0r0taRemXrHE7Hk DXF2ym48ntDhSCrAHslg3.PCuj3Z1JkjBEiaCPMmZ2kHWwm.6pkz8TpdNThUxvPI2p3jXzXSiE7s QdQRK8qkz0rA3cZTpQr2SzQHjj2Pg4vNCh0J0.8rS_Beq.AKWGO462hFQpRo5vXTaCYvl2p16QQ. bQUGiJOqsipC1cGvaiR9Uv1GkQU9KrVYjhGdGxnepFAfGygqJREpGZ1.2XmRQ46FXofqk85wqBhj PlZo_KSWytxCgAyG40oeOcKNkQcmllomdYzgACfnE7f05rDfB1U4IiU21aLdwQcnh_GCfH8hbXwS BOoe_OEiWUuoXdHIBZ4CLC3fwiADPdD5iwqPWoywONamwSqNSw2oLmKL3uetF5oN9Ukg_C6mSn8j 8m1DG.vTHg.OvMHrY2tP2XcP9Qz3ehZhiy_nYlS43_q.J.lTg0dBHyvRxz451lXsw5wyUhgfqwoy NHfFWQ7e67mEgnNWEHTxnYqP9BuJBos5ejFaC3fKhxMmAfOo7d8SmywWVoduFMzxnue.adgOf3Ki ogtyv9SPF9FzycF45OFfAwC8kfY13O0TBu_BVlOHNz8qmodGLw6DUnuYvjXKwCBHjwO4K5ygm34A ZJZbyhEFMDwYltW9VTodhhgyyrE7Xh_rVZlVzXQoqf1l_YwMtyEa0LJx7QgR1rF40G71rrtwUeeH YfCD0vUBg9AoL0_2hWGw_byBL4i6UCxCvZ5nG0fOY4w6GWN1a2hFnygmbmvYG4a4eHX0eWRJbil0 cpFmkkCV3VmfTourW_P79U7E0HfHFO.rBjf4qllSbBAM2u72H_IXO9sdurwgV9NtU5WcyyUw3Npa nmmJUXS.KYoT3PDmnz7vrzKjxTER3n4zcWw1FpJ3ugJWXyRuSQAQ6h8pHLKh8sr.jCx0MX7QX3Iu zHg5X_DUyg5I_78SUMHAek5QVoNwcjTDgV9sITvAqB.bOhlxHt5UpYCxde.u_N24ap11DPdwqQ2O MuYxSpgMt6MkoFXHqa4MwQRqGdXHcnOL8popVWvZaS5gnizBjBpE1Kif.6AyUIzm4i7EcFnUVo4B lQc4IW5cfYq.rUgh7ZOC0xvCfB450PCOCWvfBXGOR583FOwsd9A_gGyxUSNZFiTGjqM_CA5yAKiX JaEJ5sMiwJWnvH8jMDzQt18w1vOotpZYOCdGIN._5UrHCJ3m1QMiU25Y95EE9AngZpwU_Uhh5gbD UmGdkr52gePBvArFZWxmOZjlhbREw.z6Js1RiN9uzgN_qTPS5CeYAdXDRn1SBfkP2cNHmRdjx._L O2dedBckNT0j_bVdA5PuieWFjR_fx.mvbeVjcBRC.6HoLxCMMPepQfvW2ClM9_GfHWBSzQ.C7ZGZ fa.4mxbzwk5WuNRvI83eAdzghbLo6sl3EevEXoFnOVvyAeb4G83wbRM_nnyN9CsnDTWu50GfCAEs LE0riUq0GNKrIP8Clgcn_U_uZsVL1tQ0xtXN3TgKpi5HyMCSEBNiYtkQc9GlM8igNbc7tgjCuAQ6 CsslYp8r5PdpQTfCvKBAlGd9LkpNG8F_sFilTpD9stuHg1XynN1XivzySxTWFTlVOPFmsUhvnSeY tSRPlzM6YJirMjY12GKAGo8Pl_XSxmClM9harwQOCCgez.59fN7x2zCxtnmXrGKLJwahBoEi3opY Psmw9Ak_IwEO36HPd2L9ayqabSqvl3Sy6VQIRzRw36yvDur7GyX4P_sotFb8JkFwB8i1K1yQ.Wqw OMTvKy8nwMB3EHBYeSynYk2fx.Pm.nHqq7G.AgWBZKhiaA2N6XheNeChLPFNoia73IwDcPG9Ayfm TGcVfLqTJwLDuz.zGG1VRhwvjzy.njGpw8IwejMsL1GIwBq7QF7Oht1jXIRscYJb_dHx626gFa0G SrJh8Xfbj.666w10Dk_TGk2kTJFytxzCAx7R5XdiUkitm5JZWN.SptIRgSWm3AT1zSaJI5I568mU BEx52CCS9xBaVQcUUy8v3f7JbYqe. X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:21:54 +0000 Received: by kubenode522.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 9765e89dffea763971d3123694c911fb; Thu, 03 Feb 2022 00:21:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 25/28] Audit: Add record for multiple task security contexts Date: Wed, 2 Feb 2022 15:53:20 -0800 Message-Id: <20220202235323.23929-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS (1420) record is: type=MAC_TASK_CONTEXTS[1420] msg=audit(1600880931.832:113) subj_apparmor=unconfined subj_smack=_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=" field in other records in the event will be "subj=?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Signed-off-by: Casey Schaufler --- include/linux/security.h | 9 ++++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 58 ++++++++++++++++++++++++++++++++------ 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 39e113574ba7..280ea8d4778f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -231,6 +231,15 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return lsm_slot_to_name(1) != NULL; +#else + return false; +#endif +} + /** * lsmblob_value - find the first non-zero value in an lsmblob structure. * @blob: Pointer to the data diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 8eda133ca4c1..af0aaccfaf57 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -143,6 +143,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 559fb14e0380..e8744e80ef21 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -197,6 +197,9 @@ static struct audit_ctl_mutex { struct audit_context_entry { struct list_head list; int type; /* Audit record type */ + union { + struct lsmblob lsm_subjs; + }; }; /* The audit_buffer is used when formatting an audit record. The caller @@ -2163,16 +2166,31 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(&blob, &context, + LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return 0; + } - if (error) { - if (error != -EINVAL) + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); + } else { + struct audit_context_entry *ace; + + audit_log_format(ab, " subj=?"); + ace = kzalloc(sizeof(*ace), ab->gfp_mask); + if (!ace) { + error = -ENOMEM; goto error_path; - return 0; + } + INIT_LIST_HEAD(&ace->list); + ace->type = AUDIT_MAC_TASK_CONTEXTS; + ace->lsm_subjs = blob; + list_add(&ace->list, &ab->aux_records); } - - audit_log_format(ab, " subj=%s", context.context); - security_release_secctx(&context); return 0; error_path: @@ -2434,9 +2452,12 @@ void audit_log_end(struct audit_buffer *ab) struct audit_context_entry *entry; struct audit_context mcontext; struct audit_context *mctx; + struct lsmcontext lcontext; struct audit_buffer *mab; struct list_head *l; struct list_head *n; + int rc; + int i; if (!ab) return; @@ -2449,6 +2470,7 @@ void audit_log_end(struct audit_buffer *ab) } if (ab->ctx == NULL) { + mcontext.context = AUDIT_CTX_SYSCALL; mcontext.stamp = ab->stamp; mctx = &mcontext; } else @@ -2462,7 +2484,27 @@ void audit_log_end(struct audit_buffer *ab) continue; } switch (entry->type) { - /* Don't know of any quite yet. */ + case AUDIT_MAC_TASK_CONTEXTS: + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (entry->lsm_subjs.secid[i] == 0) + continue; + rc = security_secid_to_secctx(&entry->lsm_subjs, + &lcontext, i); + if (rc) { + if (rc != -EINVAL) + audit_panic("error in audit_log_end"); + audit_log_format(mab, "%ssubj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + } else { + audit_log_format(mab, "%ssubj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + lcontext.context); + security_release_secctx(&lcontext); + } + } + break; default: audit_panic("Unknown type in audit_log_end"); break; From patchwork Wed Feb 2 23:53:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733643 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E198C433F5 for ; Thu, 3 Feb 2022 00:23:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348285AbiBCAXC (ORCPT ); Wed, 2 Feb 2022 19:23:02 -0500 Received: from sonic307-16.consmr.mail.ne1.yahoo.com ([66.163.190.39]:43703 "EHLO sonic307-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229753AbiBCAW7 (ORCPT ); Wed, 2 Feb 2022 19:22:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847779; bh=fz7Hyq0u0gDBG0Z2rrCwOkB5zs8CxAU7YkzpN66/55M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=JebglNjBLbVHK1+AZTwo8Ev/Ba7cpyNnwyxTDHXTfZy+B6ke2jgxpplvBVrAXU80Qo46zUM7vQFzC4U/ErZqYqjm4Do2Kqu6YnuhgzzScXHUjrh3T46rCKdctFlj/O4hvhBUnZQWM+1snM+AQuvuMdxyus1JamdoUovdnbSB04I4rgAvGrOw5eW6rc+Q7o9ZDaP1Pa87g3uyZO0QSojh4X5n2HwSIPDnT51ddfWWG8IsZj+iegfh9qtVKRPrs7ojvRQPMrN47lxGSWEegsi9GTcrYpMeYMenfMI3Ppd4nDf8kfZp55/eNfqr8U6tgncSoq1MZ6OPSFZzU9go6JpqHw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847779; bh=1hrh7/QyGiFHR8sMoH6XCsaYLVQmysBsimoIgTb+XPT=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=BqmKCj74G++/E46xPPdzPX9hJ4KEpcIKKOSxPt53ziiP2NdC01QBaUXWeoqQF+nud5BxZlqrncE7UCKex+ijfNm4lFp4V4MqbBDOZaaPskQKzMkeZd6Zx4AGO/IREW7YY0y8ZMsWigz0YZKIBTEFfdO6Gs0c4DB4HCPlDHksuBu/7r1Od68jwDO1/oBfvy1gVyi45Y6tiUvHqNxCxbKKX8HEVapTSRN9o7VZxiwXc6ZEyObZzVaf75nWZrt+lFkLbocewfMpTN83kcZl+ot+gJ/E0GjIO9OEirrSrmlBygbhzFc6yddJ5Qh3PGZSOrHBmEGgfOxABCBi+tt6mDf+UA== X-YMail-OSG: 8PSwn6AVM1lgyBD6eN1qZJ.3wobOO.7bYW4PhLzmDxD06N6j2SCPohcqt0CcaBI RJHCvhdIcVNdTaAwTfEHgQAgwSj8.HLe5tLSVLgCmGKn3lxFato7ohhjUZKz08j.bcmek2XUbtdm OoXrj5FZMEz2XX2slyO4HHPhmwtxny4leDoIafw.ZZwOWjlEpR08nq7CKxlSAZy5nkYt_t_GFwIc Gxw7l.1MDsxpelrPUmtPYBp2tHHhrnWqnwLzf3RJSRYSCgp8JRF3YWjt0C064OqtrGY6BFnmlOE9 GOFQ8NA_9vqGLs.qQ9HrXGP8SA7Bu8Dxu._2jCesU2vEFpWDZwjwrB2RWyLsiSeWLEnFFGtJR5hK NmWReY3uCAuEnOW9XxmErV.TDnll.1BswzgPWyXM8olGXvz3jKDOZU_bdo6OBjGt2O8UH8qSJrsR VTWo9VdK6CgKfuWCPpgBXp0ZX6sENDB9pA_StzszMDR8jnP8puQNVAQVUqSEF9RQgUBpkygm4_KL r4P3Uz2qm_19ln_QQxu1JIk4ywRwyQHc5EBPqNkFF0TXizCW.oDOHyzAzFZcIWvcAAp8PM5hqCWG IKRs4XzvukaTSHRnsQUQ8G3WEYFwzigOLM0x7kok3GLKZwiVyYt0Le.aCQ6yfP6i6c.c0jlMZdUh P7vjobxPGNqgORcpCxhxzPN72Ppqx74HBADh1YU6vTVjUKElrPDZZ6iMEOUi0wAOdXTXzLnOeSBh Ulnh_yoIHyUdDxmjFlMvENdNTw7wKVAxO8a90kB86eivZ7YEHiA3wAzMyBo7yNCieCXgrYywfLyg gWQRq949c_55LRhCjHZbM2y6aWXVpqCtJlUX.LVjDcCEDTLlQg90Gxa.OCVcFsyOZ0bmVnivElAm 821iK9K5SNDTaOs9jC39jDFwQL_3d0w0GeOKT7c6TjcaxpkAcRf3lipBLrzEyjIYiPqNY2Adbduo RsXvig0GU6YTjZeCiSteC8vxOTSQllHzOSJrdcStZEc6f32.MO6R4DBahDSEUPbzO5qGy7phMwKL 2nz4LnV4rve.Qrxwk5R2gflWmKy8o05TK77C_cXKG9v.II2BQt9Dx0j.s0oYuPHRt7Y.G0ixsi1m APrQBjuLTXkk82A0hBYnTYTcO.ZMYqLmfv.GV08gtjUWhfn7OScKv7xTPtOqFdhdVkij.gvw6zqm NxcQ1fk8_XPfDCgTn2pjZ8Vl_AIr7xLc3ZUFssmSg4efm7odSaYhkh2HZJCbkdorMwBNadNOccb3 7t9n_wWOMnZSMEWedhnsm6Dblzh5yrZ2v5ykUQLhot61ie01Wq4jPBUmQgqmBUH0NTd01PXygsqo lIZD.U0yExKlIeEbOcZ6MrSnQvndte3x55GsH_4LR87wsmc1ZwhtpXUw3PcxHfUAEpr_R85NjhPk bSGnOcZ5L8HJo1ZKxg5MZ7l379dNmnLHehQ0zYm8Qka0De0JuG5CgHvNjwKuehHLKtSt1xu9wlOH WOYi21EXLd4XGDBGO3KJXu_pw2iQgxzdgLAqdR5BIpkvatMRnkPznie6PNW51wDtZLvrOBUkHnoo lXlZ6bt9vZjvdo8R2GPl6mm8nt.WVtGnEdPfP1H7LDzH7bpiaTQspge6ZZ2RbgMqfRuGAH5AYPal 5JaFMPo1UEnmR4ujD.b41x7kPSwrXFPtHMq.X9esnS5umhCyzUfs4WcCyPY79F9jL0.lUFtcbFk0 fNvOdpvvWnhBss6roCIQpWmpOkYSfE1qPfr52YtzD9Ue2n5FMEFWwNGx0YNrwfVlliQ6YaaVA14A SUEMsAsgdNbNjuECXtjB79KbHVIbFu2TcmJFZBKugEK_byAtZMDzWjlfmk5pmHcMeCvm2g.sUVKm 9IqX9plumPCeNG00pzAzZzzkASzNTLKI.2W4maax6Uq5rR35iHPjHUssPfEuZkF5akTewssFb_px VI4v3No_bDQdkz890r_A.EhoT0F3SZAe55HXJJggkDiplA5Zd1lfChLEWqtbUfNT0dVNxeXo54Jj 5ZQuRcqHLHI1Lqm5YT5TabZmZrwEz0g6Z4Qe3aQLqay.nqo2zsTBsv99v4Tnlfpq4Cmcf97PJyaS fYnHedRIXF6BQvkHXi_EyDR6VHwMhA0dSmLKbgJXBd5ychLrJChGQcTinfYYOmUwUUYoEiJyEVHy Zi_dsyTiHs0mnA0b5zGcImBO8ykK9hXPoCdyV5kYZLnSZKBFwC7SxtzbEh5x318vRD3.gowFJP1R 2MHM4OYZ1cwwhF68iMib3I2q1hFw4MQsZpQeGrsywyv6E4XwkJTO2MrTk_nr6kMaODmcur4BKJd7 Cg483WqcTbTzLWgeRnYMotEKH92mqHaU- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:22:59 +0000 Received: by kubenode527.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 02a9a4d42f588e0ef94355ca83943995; Thu, 03 Feb 2022 00:22:57 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v32 26/28] Audit: Add record for multiple object security contexts Date: Wed, 2 Feb 2022 15:53:21 -0800 Message-Id: <20220202235323.23929-27-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=MAC_OBJ_CONTEXTS[1421] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=" field in other records in the event will be "obj=?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 5 ++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 59 ++++++++++++++++++++++++++++++++++++++ kernel/auditsc.c | 37 ++++-------------------- 4 files changed, 70 insertions(+), 32 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 14849d5f84b4..94c87ec043c7 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -192,6 +192,8 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); +extern void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern void audit_log_task_info(struct audit_buffer *ab); extern int audit_update_lsm_rules(void); @@ -255,6 +257,9 @@ static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; } +static inline void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); +{ } static inline void audit_log_task_info(struct audit_buffer *ab) { } diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index af0aaccfaf57..d25d76b29e3c 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -144,6 +144,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM objext contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index e8744e80ef21..3b9ce617b150 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -199,6 +199,7 @@ struct audit_context_entry { int type; /* Audit record type */ union { struct lsmblob lsm_subjs; + struct lsmblob lsm_objs; }; }; @@ -2199,6 +2200,43 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) +{ + struct audit_context_entry *ace; + struct lsmcontext context; + int error; + + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + } else { + /* + * If there is more than one security module that has a + * object "context" it's necessary to put the object data + * into a separate record to maintain compatibility. + */ + audit_log_format(ab, " obj=?"); + ace = kzalloc(sizeof(*ace), ab->gfp_mask); + if (!ace) + goto error_path; + INIT_LIST_HEAD(&ace->list); + ace->type = AUDIT_MAC_OBJ_CONTEXTS; + ace->lsm_objs = *blob; + list_add(&ace->list, &ab->aux_records); + } + return; + +error_path: + audit_panic("error in audit_log_object_context"); +} +EXPORT_SYMBOL(audit_log_object_context); + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { @@ -2505,6 +2543,27 @@ void audit_log_end(struct audit_buffer *ab) } } break; + case AUDIT_MAC_OBJ_CONTEXTS: + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (entry->lsm_objs.secid[i] == 0) + continue; + rc = security_secid_to_secctx(&entry->lsm_objs, + &lcontext, i); + if (rc) { + if (rc != -EINVAL) + audit_panic("error in audit_log_end"); + audit_log_format(mab, "%sobj_%s=?", + i ? " " : "", + lsm_slot_to_name(i)); + } else { + audit_log_format(mab, "%sobj_%s=%s", + i ? " " : "", + lsm_slot_to_name(i), + lcontext.context); + security_release_secctx(&lcontext); + } + } + break; default: audit_panic("Unknown type in audit_log_end"); break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7848e7351cf9..41111b607c78 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1120,7 +1120,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1130,15 +1129,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1373,18 +1365,10 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } + audit_log_object_context(ab, &blob); } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1536,19 +1520,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmblob_is_set(&n->lsmblob)) { - struct lsmcontext lsmctx; - - if (security_secid_to_secctx(&n->lsmblob, &lsmctx, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=?"); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->lsmblob)) + audit_log_object_context(ab, &n->lsmblob); /* log the audit_names record type */ switch (n->type) { From patchwork Wed Feb 2 23:53:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733651 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90851C433F5 for ; Thu, 3 Feb 2022 00:24:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348509AbiBCAYG (ORCPT ); Wed, 2 Feb 2022 19:24:06 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:40688 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348496AbiBCAYG (ORCPT ); Wed, 2 Feb 2022 19:24:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847846; bh=MZ4vJagyUghLy0nswAC0kHp8cwcJQt/yZ0z4gmY7kX4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=p5QTvyuF/rVRZ8+Z13paP5MNFtsrjTEpKbYQfDKuR69vq++u+6XKMhgnWdOmO+6ZzB8Q5YNIIlXWMSmb2tmA1CHpXJ/FNRo/0rdh38tUGQ3M+ZjMDzvX6bONPXAv057csSU+tKDL/0LI1h+iB6ah6soi7q9A0R1LV7hbHK73O/UHAFuirEytYsgk/hPq3R6Wr55Mqe319roYn/9rQPfPNXY8Mw3s7yoXWRBfnhPzC2sgY2cZs9N02jF70qdIOzspaeXvWWDugIldIz3ellTEkKAYG8Ph8UWN+qm6mOubsr0tL/4PU2ZEs4guQM0TicyhqiVrGtztBQsLRwYVGqFNcA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847846; bh=5OjqGiOXlf78fcMx34HFr0+szaN0zvGSAFDwRbcK1Rn=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=PiLMIkJmScSjk/OnEk0m3Yp/HOFjIH1EV4H6/71Zrlt/d8jRLfphatN4ptzORzWBJvIJZ5z+y+vRLvI3K2mY9cE5iBwDWfc7arTcC0YbG0e7h6+zArghIbytj2sIe29Eg/9Ijl9Y/fjzjLLtfl/4UTOjTOapqKLcfN7yast/dyz79S94ZLYWm7/vgxc2yhCQa05LACbFBTUqPCEZuVYlHBLeDqw4y251PTujgwxga9Gw/tIDJuh1j54Ixoz+bSgG0ZUldzsw6GjCwkdOrxwP0ZUsZpejlUeSbb/otV/AqUlHdkViyvjwuqq4BHL7ni9caDhhbkcSU+k8IRG6aQLoWg== X-YMail-OSG: pZ.q6VMVM1lrqZ7XYBJrVdPhAVAdN.cbt98FeRxbjKd862DdUh1i573KU2N0gI3 rDDm22a8.qjsGQK1jUJvml3N7lg7BBrUyl6IqkUGFgQimciSP3nQIM2iBLfTQN5f1w_cOpKpQMXG 1yAdJW.1AXKw1JS6ws2GB28de5ac9gpISRPkhi9Ht684YPFLIlt2HdDzw70AiyHwqSbvXN2aGx5v xcmmmyxc.NVfQyN1j9aHiXS.VAgh6WckHN4KrSxSahC2GnECgQ2pdYLR0BovHD4x7T0vWkYvpnLY IgR6SNMI5hA6pmWXFKp9kTjjpdew2RGJbn2tXmm.BKBXKsKkXJmmkw5Z4SCKdj4PLK1vsXu8R8fZ 43eMSQ1eUlHjJLqEIOiUo8LyuqLcWLeSzXUKC4OXJ8N0ZzZliXues51wpolYkPsjZ2Uj59gu5Pg7 rUcXPlbf5eT1OsqxE8KGTp7eZOvC75_166LQJZd.bovXFbPSNFBaORxPiwx.sPhMg_TjLteTMBzL jGuApO1xcPC27LyV10B.t3LogUiB7Lk899HDWTG3uEbTqvAHL644VWE3baQTjiOXSQ28SDskwn4a I3bofkaIsKULrAPIylMWmKxgunHz_vMiaLaPZPs8.gSiR4kTT4.8KwZ9M4Q_u4HQHhIUma.DDE3V dZN1TtsmZFmaC.XUoAxEq.3V0tS5kHJfjZZww5wr8lBvT.QZzH.iHYRHUGI_0wQS6gzac.0mbyyF gVqNoyB035R_A4gYb03lDAs8gX3ytRuOaN2sE7bmyExv9joWx_TwUbYKRb8gqRLJcscyTaKOSDTp AEyhtPdvzSDg3mhOfvO1i.MX3zy..XSyZR2kAZdQvzOVKokVIRx4FIcNwc9ae..XWjEZfpeB6SnV d5QUk5_6MkqMd6X0Heal8RTBrOT.ZfuWIcIMXpFvVpG_G1dDqLrRH8NMXNPc.YwW6.0uEgHR_xsi PC66rRBHH5Gha4pAOguLxz.ujZsrSJznlZC0m_sCvGjghs1rJnOazZayqiOhwHx6K5NlQeImrpXw QiMRE31UnkK5C7C6Zz5mvycP5NR16VdduAX3YW7MpZAMpnBfuEfaRcgvnjHKXnReRBwrs6MfHkIo jTDDONJ4wW.Kj7YPzNc_8yN3GXSwQpSR6Ip.wOvL.6NfXwqJjuWR0BJPXRDaJBUcHjLE0osPeBcU chzkNDKJe_oS9ZJCA8xtN9nXfwg2v5Lo56TwDiWcJnW8sSWOXKBO19FJoX8oA98aWjZ1.hyj._kx m6tJnnSZJvaf5h1VSURfzY01Eh8iyJR0xb7zCZTlczq1z6MkZi8Zo2J6LB2zqq8A4g.wLs5NZElY _XvutlyxG1RLi53ToiEnD40rIAYK.aExuKN1W31fTAlNBddblBclWS4vuSrqeUW4ow_fa5ycONBG Nr.oKMh3KGLmU4I1mqWZfqMy04.DXkz0gaZ3Bvrw_PE2qTbAH4vd2jtydrbW0ev1xFPlMab9ibyt N03HHIcCaSyrmxWclFsBizYTuaWX3zuJ59V2x1bDQZusEyyHagfBbi2M1AYh.fvyYUSA8nk_jdeg Ow5hl3EXlvxhiFfvO3e7qcaOF3gGa_K4pXxKEvIIcJfb1kxOBwhUBr_BePw3hvmb0IXGt0NMaPFi tqPA0AqAvQVK1YoLjrU87bZBa3kcj.gaZJEJ2FDoTeOBScjLhpW8y6yx4dHbBWGBRFuGO32X4nkS 0qk8qYoaDioeZRB847HFMrScDViIOiyOK.0a1EzjlRm12oO5eHslYXf0oIv3TZ9qsVZXMwzNlXl6 QqXEXLHhCR8kuOi_dUxzkLhy5pQJe.HU7O.ts53vxT5xs0mSSTP_AkM7F2EbTJ4zhPHZZ.a5vsy. lzIlBaU1czF3yov65OsgnrKN8b3cfH4MJSvVmcsUDbYKcx4psfhE5qbMQ46CnmVkN2T.l9vBFz4o zKinrzSgXx0qtMd.NU2ZtPMec2VkrUxN7zpVGvECczrYBEW5bSfE7Ap_53i7KMLhh42F5D2AZiq9 jFboOUwCwGrcWlkp_fCKLC2TneUKMxTVHLXbaHz3Hv_nB0GFPk6mX6dRLHTA4NqQKVvElPvIBMVH adplYPnQvuaXWd6R1jupsRJ7xwLq91uvSqriKSGibAyMNQFMCxJnBMGSAvDjh6fw3ggaVSrmmjlz 3rsuIAOWzatGkpPckYcMIb3zkuz7TJbhDdgS47wV_bKAJNKHFjbZuP.SVQHKdLdtvY2Wjivc4_I8 BcfIVgDAbaw6nNJgFYSxyCTmC4W2m_4XFeaQiaepZHe1lTJdi_I001g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:24:06 +0000 Received: by kubenode500.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7b7e5f79bfa77e30e83cb3d126de8e27; Thu, 03 Feb 2022 00:24:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v32 27/28] LSM: Add /proc attr entry for full LSM context Date: Wed, 2 Feb 2022 15:53:22 -0800 Message-Id: <20220202235323.23929-28-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- Documentation/security/lsm.rst | 14 +++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 +++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 ++- security/apparmor/procattr.c | 22 ++++---- security/security.c | 79 ++++++++++++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 9 files changed, 121 insertions(+), 15 deletions(-) diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index e0d41adb38ba..324370d048b1 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2829,6 +2829,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 2c2d0ef59a41..51b5acff7f0e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1396,6 +1396,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 29181bc8c693..1ee58c1491ab 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -609,11 +610,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index fde332e0ea7d..172550f67fc0 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Requires: profile != NULL * @@ -28,20 +29,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -50,19 +52,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index b694eca9d4f1..b1a95ede7fc2 100644 --- a/security/security.c +++ b/security/security.c @@ -802,6 +802,57 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2210,6 +2261,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2237,6 +2292,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7b9cb4d263c0..beb0e1cf02b5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6363,7 +6363,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 46d81f638a2b..d1677339e677 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3485,7 +3485,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Wed Feb 2 23:53:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733652 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68785C433F5 for ; Thu, 3 Feb 2022 00:25:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348518AbiBCAZL (ORCPT ); Wed, 2 Feb 2022 19:25:11 -0500 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:43488 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348514AbiBCAZL (ORCPT ); Wed, 2 Feb 2022 19:25:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847910; bh=ufFIfi+QJcABRY0VK+r+pIW1TjiSDfvy9tEFxMIQ5C8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=R1mNa/Q794DYHK1XLg7zJ2HI+IeCme00pxQd7Ph6esvURqteiWhfOBYxwkMcotb7GtyMBiqsbovEbnfsiIO+aCNKhZUhmeYMnC/NSIBX3aOjnDe90jmSzdkamlwSuLRJfiIdVDieQYSdiDRtP50fAJ4MJTYNv8VMPigU125huGTJQgvh5nmbhW75o1A+Fs/M/0ilnSxvXrOSaxUnaCydDFObmTFrjvi+Z8SZ3M9ibH2YfIEYIJzA1z7bxnYoX0UtTaownHWh7w5nFL6CqwHrIIcNQT2wfF08Jj5WDSoQklMw+mM0PQSKO4n+w8l63SO7Ae741aF0YYRblA7aJMu4ig== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847910; bh=G5s4dn6DjGEuEutRnfaG5pRwh0unvfXgWtdEkUsCoo+=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=CPE8465Ta6XXIKGEV6XkJY9QXXaBxHynJKey0EF8WPuiD8wbzblHBL9nUjA7p7IkphGJWT4kiw4iTk/XhH47Vz5eVIFR0CKSbCvKZjJXXTSk3agK7olinzhU4zN3PnrfCXR+31JsSYQzplZwVupsib56CECSSXAx38ciIm7mh3YUI8h4PMJkx7/+xXIbhuINe0gh5gGKLSsaTAveOsJFSEE3ob93+1MU7fJlVWinyVbRyfd7fc993QCg3dbGOF0gPxXFKL8xSre4UyqIetfNQSn3oL5f6+H2E9OE6UoDlujjPC+ESPoFSMUbGsXHgi9YW2mGYwpWTRpV09G59q3ikQ== X-YMail-OSG: o9wezOAVM1mW_P0992CxGmY8y0GRsMMhQW05q7rvPao01lyxy13HDe25lOCY2fn 2qjELBW0htYWCqvVU_KrDkhhFDvu5zQR1hroeqDRikq0fqreVOcns0na7PMEvJ05pJ6jEmVeyTSG ArdWj3GdEPm2XXQM_9fTjkNigD5GLxFrYJ0Wzl6.geLJEmZdHa8khsKe15So9K_76x.VnslGJqRy 7aa143aYwdWWhcWy0CW1RWDRNUR7uXqO3kcjk1HMIwOXR_cg9R9PakbIsr3yLubl1uPan5KMMjfX o1.dTO237IkBvH1X_QlqIIxC8CsXW5fsR07jDv1P5zdUa7mK0uXXOz84Gs4NSF6jcXHcTJTit4rV YH.7DeJqfUs3WompJtU6iQ.YhC5pdvV0K9KJwEAyoXqIxXGRVcY3zrQVzPM3mYdkPQwrSizJg9Oe gBeCKcu3WFGcSmQYLlAYhKj4Yixo86RMjIX4OsmCN.gcR4tSwdm6oQnNq7Zwip705JSt8rc3Dv4x 3oLEzyWq50EieviGDh.xLw__RPA2WEatnXT2AvsqtMRe59Nx2pQW7REt9EOrvvOLsKZT5JatCwIS ADrwKPXUWy1kIrQ3pzcRSb7SN954ne8odDJSt8swhgpm8L0_pkQexGoXYoTLCBMpZc4cdJrQyO4y VRitT9Xn1FvAHiTPwxQd_PV1tZahPQLBvGPmo4Ec1Usyon8fLqxByQaPaJfpbCMnvH8k5MAS1z9g bvJr4k0HcSNHFm5wNjtfd4NDbpsEQua4eA0lgJnqTRZybGFjKhRJFbV_Zqfsj2lpuSowRDlCrqSB 6Cr7hmH4ext.z0rz7pONmFA5Yw2rjkJwBQYhQiCvj0tVT2pIKhrfc8TeBhwaCNy.f6oOC5bgtjEC bJjbk5S_3JgC5RgedtWdqbfMtb0E5mQmINaYDdk0m8CYmOkGNuB1miAJdpEr8r5fiwAc7i5dvx5M iqAqFkZRrjGQG0A.ikJEUsaZ0VCfOjLpsUaLXQcI_14cOmgXX_Avpnzg8NDkK_VaInHE4CmXRS3S RQELHS9cC7qTC5t9OH8ZrOrgRlwgXmXyHb9pMIBnaCFE04h4l.VEKpUMasnxl59U.S9ys6Zz0uMe 4ZzIH_y3A217.eFqNIFOInmvpZ2jVbxqwnRAXKSNdMoAfxxUUKNxE3Yo2ATJBAZzuHrvKhI.YL_k C9YxOQkrVsCgdvyHolcT0jBLn6N0IAMwEjWFeneRneFM6NDH_Esvr.y0SUyPaokxZNtRr5.mQ9dX lu4gHeIq8OEVktRuziHDe7.tt_ysvHmBv9kzWesZdK8HPBh7G4p9wfnu699Z7cnHlxA_Pd50e7gD AIjl4ei3FM9uc1BAcjku1dbXIQHcVtyJCn21uj4KQg_KhxqJd0oEgwz0tpF_emt4PI_OdOpa6.V1 3uHqqtuWExTo_gScuMyMvwf6My_4PsPxj3dCn5nW0HE0og.GnKjaSPCMp0JcPsIv7LBePYz2uAa8 RSQ.QQA0es32rv2G38YPBL32VDO31Ev9LhJmfCk4q4e8g98m3wPaCJL4cGNtOU_ERhEV_OOAXFQB kH7bb7Q8angi61Kpm34AJyNVp12S0rpdyoWKUpzhANrNs256dzepPcs2ZaKtb6HassBefqKiJu9m 8wlu.rY24k6jndpnlz8UY_T1iYGmw23y1IW94GrDnAFCP.E5V9ofXctLqL8kXY9YF33nGdFyowMJ 1Di3kL5Ve1iQsbQsMiZaOj7gZ2kDnV3VzlgDukBYHdnenWnC1uSFPVDfyoXcC1pBWFLbjLeQO3jI 7.hCMdsGo4NpQeHqA0fL0mLl.NxkkscoA7CjoRp8cq49qBL41ePgXVFDJdMQ0xFG8MbQJNqFF6.J v0lRERFA.3Sths7vGHcW1TIShtWYHrsQvU.8dZJ9RB_1orfrXfr3sPHcpl2DbTPriWrlt_1KYkV9 1RdT4eGULU80634Wvy9R8sTTDYsA2ARSwy7VjTUMEfS3vanmg1OyTBThJfu9WFU1hze72RrsXYY_ LiFVtPCiyNEh9KUy6rYMXjGo4.vh3hzmHoHXzhTzyh1kIzCggU6Hw198kdEXnFuZnd6rhyAY6qQ8 DSDnh0oXk5NNKF3hVkaKKbWLLkO0FAn1WSG9jpv6poJwGcuqRp8cENNKIW.TAB4GGUBunFP8njZG Niqg_qtxTp7XMHbfDqusFmKevmqDzzcFPSxPzoJoTFWw24btCx805qOA20WcdfzMHhFdHqo6fibq RTfDKG9emF2xkvPpqvHjoqOYAyR6dmtmuWRzwVmHafSSV7Hy_jFw- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:25:10 +0000 Received: by kubenode526.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID eabcb31384f559dd1421d5f3a1b09447; Thu, 03 Feb 2022 00:25:10 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v32 28/28] AppArmor: Remove the exclusive flag Date: Wed, 2 Feb 2022 15:53:23 -0800 Message-Id: <20220202235323.23929-29-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 1ee58c1491ab..388298a15556 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1145,22 +1145,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1264,8 +1248,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1919,7 +1901,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,