From patchwork Wed Feb 2 23:53:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733586 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2715C433FE for ; Thu, 3 Feb 2022 00:06:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348284AbiBCAG3 (ORCPT ); Wed, 2 Feb 2022 19:06:29 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:37671 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231556AbiBCAG3 (ORCPT ); Wed, 2 Feb 2022 19:06:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846789; bh=EqNFDQMugZeGYTvYoJQnN0P9iZgp/6AR/4bWKU98LdQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=bXmTrmbedLLJ2Ut1FtaOw3ZOFk6d0E+1MFi944Sr25P0uQZhBsAI9tmCqg4e+BlE7l12ul6N5PfLAKYOiFikeVHD7eW4Z01OBqpb0mGw3Of2uXHhdfzBAZ1oxyv1JcZ42JRqNgdwAPQS6JbnrpHfjWDUzP2zGZsmansICQPZwNX49FvnOeIljsIkJyr+Ejkx8pyPAbGZNhHMTERlDMRjw1jkBXSEjli2F7EHps8sqsxNxuU+gM6NgZLrrV5pahJOEH67j1Ay6aU9YpS2x8DuG0C1Zo+fE5yDgzRN+PzRUKO1O1azB1L5HC5+yWqDq5m2Fi3NLuC2eZ84fYALOasfmA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846789; bh=gCTTO8q6tJuTejmmTs4I26sZpe886BpjN8Cmdfr9NqS=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=U1lc08X1JrjeVyqPS8PFInm8cdz+lwZ/gzVeinbXlHgOMf/2l3MUoZ5O4YN6FiVqKdJBg4ssVRNckkayYBDEsvTKhX4n32LnA+VN2pRrsQJbZ4ZnDawZ2uWXumPCilcJAfEGJELl70mE8X/2TwmstsveecNsnbo+kBDfz87XvkWSTzBFe7VZgRKNddMKtbrlZZ+vl1Yy5yBEgtdH0lnWABv0odg98AkIfDFWQMRGQYSHT2/AyX44zpLiMRenciu9nt1JrsSpvliDQDVZZ4Pde7gxmh0qS3sCIEzG3b1WG0nV4NPsc1V8Q4izU4Tx6+Km3418sgXSTHoIS5fqmT4sNg== X-YMail-OSG: DtT5mAcVM1mKx30D2vmR_TtRmwlhNHlZBskSVZW2bEhNHBUDMR_Zb8HXt7ArkV2 OPIsKGqFFgobglSKNMmStyXp0ELbFS0Wpe_hCPmCKifXUxQ8604sM9u6UU.M91eJcyQNX6eJwRMO _BjhmtPMxi6GZ3XFqHdaX8oJbiAMzX0LoKaiB0T1mSAbW2_QnobbNdKYl3isBqD075n8nyIZOoX2 Xk2d86hCLeh5iTG72P5a._0B69nyumfpHwGftI4H91QfD9XmciBo856EDbEhMZsIjiHiZc5ZGeFh 1y0QPTMGGsPzy.ZHj4TnfDqXE4i.hcOFkTnjZSlig540KXQI_FSUZKaQc1Ci0qqXwUP1DB8gFq.B NeaT2GTYt0vuDB7LNUvCicOQUOkma5lRjbK67GEQRQ2C63VT1GmIwC8o9nT57e4fZVR90P45fGj6 Zye5jEKAIOmTAxjbsVeqnV7fKfou9FESDZqi_4H3Nr9.gGCe1iKSU2WiP4gTr1Q2M7gXB.4U8By_ pGLxrTlsjvafzs5xoM.RbkqK87ktc4wjY9dNKzWS3UjKR24aQBJIofuZy3EXUMdlpHJHEONLvrRC HdsF50.7cAZT6Jbpfqcv7Z3TJrk_58jYsnbPA0fcykMWXz6Q0tV9ptLVdI.nWZa6jf4EpYcXMDvI I9L9qp4Dlv5M3N6U1RFYe4PG5mWALqfrByHfc_4adqDDxCpkSH6OtN3GMSRptPJlpbMfn7QB.6On oNPknGvobsbbILcOhmQT7Wl9mepZF0ZbQIySYuyo85klzBcPz.pjkP80sTvng0eCF.0J8DGS_RRx HVb2Cn35vrfXBPfqVd237CHB66.DdPDRfGL434qAZkxlg86yLzdlF5wjS0PnZ4.GE.ronQbPA7Uq .MZhu.r.Xe4I4PjbhgkZb2GTrDoY4pCz7fRDZANi_6OzGI86IJSkt6AGPrAKD3V68iVDROyKqoQ_ UqokZCMbqjKEziYX.y95zMzWA_r9lpv4EcRlHSOqE.hkgYT6nv6Dvnr1gmqCsZ7dgtRIs1Ldv4sV n9zbR48cx6eB1k1Mcu7BKd7RkRf8CWarrml7f1oWOTBXFjEk.3mhqsLwVWWanUFtkRi6Q8dCf034 sXcl5t7Aui8DvON2910ZjJBvIizuw17QtFFGtyBzf4XackaIMjtzOwx25Ltr57mvdv1udFpKRRct KWG3Sm8LyEPHyqaIxYXch3o8bPz9TkBUB6xM8m9.j_HJrtCGjqrBWGKBp.WyFW66uoyzkDHVLCXo vHE3KyRYqkBa8981ciO90mBSUfqul128vaW2V8utH3b4SZjsUOLWpnSqnxstPSVM68MMkbzbfzOJ z3DsbGy4zW.SdsWvkO7L5cz4LZ6kXG0.ok7MSaAAeZLzKOpdN3h4LKw4dEzHeLeb6..ndWnJljLD iFgeBM91lKxXnzgN4Q0D1musB7Tztz1vIrukvaImcqW3MqhZvEAZdMqd2Tv953tvOe_9Cy4CDrJq oqyfGZM8_ynUkSSMtVPBUZhE2v9_itP9OwxkrfE4Du4IG1itteOHS3oWP2TYb64l2tKqB2LUzYfO Fej20.Am5Fdpf4ddFdGesmROe2KFgfWxL7P5kSNrzV1prXjH4z2.IaLDXASeRWN0Gf.vwS1ssWiz _syz3jNfutbYzBSd0Q5VjHUFeIg1.Bx_iP5G1VYTEviRMK3zN8o5kBLw_kCtpFQYaUAcLrub_YqQ uef.t38pXmzvP1vsPsQu1F3C.YvM_DNK4e1vnDRgaoxYdzDLevhKvGlv_mrT7HXEdqntGRY86q5K oBQyJTzlnWBkZumCnvLH_LeePXbKlafNBdVeFkb3ihjzmgaAXFHBRbjACx72ny1zX854mcvu26bu 33QJfVZsO48cBOVzoAE3jlOoeoqjGPBhqi6sASIPWfKbLf.LVaN.Oi37HQxxXFGRhI2nH_HYhJHd ClgNEGVCfMrstun.pKacG7ql2xSckcvdk40QzJQYNqe9EHheUxmiKFVZYaWBIYzOjn3Ui8cq.Cl9 fvzF.MuycZ1hKEvwLLJX_IS_dfY3DuwWvY2JFJfI7pr4eGTfuhX8ZvHcOsznr3clsoclcsGhamYG IkNl9pQt.twmdS_413ZXPApcdHAD2O1aAAeJ2HtXf_NAahG8eDWEYsKTFW70mIx.L3DkPtIjFmoq piHb2q7GO3eNDtuAvSd8oVgKZZgcmf4t129fLRALZ50RqRmvaFBgMwu3cADnVgod75oEYnmai2M8 EjGaqqcTynFSFfudp08_bK78R9Py2XYw0nbK61c7Cnlxnm6IaEP7o10RrilIKxPdrLFPMp5J7JOD 9t70D_Q3becMfxavIJXREisICXOmFZBDTFyCAod9QwdGNecAnsshXf6Jufg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:06:29 +0000 Received: by kubenode531.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID eb829be640f0d55663e1620f1812a18c; Thu, 03 Feb 2022 00:06:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v32 11/28] LSM: Use lsmblob in security_current_getsecid Date: Wed, 2 Feb 2022 15:53:06 -0800 Message-Id: <20220202235323.23929-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 13 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 95 insertions(+), 72 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 381a4fddd4a5..bae8440ffc73 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 62178dd4ec08..d7781bda147f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,8 +501,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1198,14 +1198,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 40d8cb824eae..17ac6e74b5bd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2154,19 +2154,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2375,6 +2368,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2385,7 +2379,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 598e0de45b04..2570bf5979e0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2712,12 +2703,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2733,6 +2727,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2744,7 +2739,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2765,7 +2762,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..c86df6ead742 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..3d5610ed5f0e 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 17232bbfb9f9..217d20c60e1d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8c6e4514d494..6abbaa97bbeb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index 815200684bcf..e33fa677181d 100644 --- a/security/security.c +++ b/security/security.c @@ -1909,17 +1909,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Wed Feb 2 23:53:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733587 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E430DC433F5 for ; Thu, 3 Feb 2022 00:07:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240267AbiBCAHf (ORCPT ); Wed, 2 Feb 2022 19:07:35 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:41778 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234086AbiBCAHe (ORCPT ); Wed, 2 Feb 2022 19:07:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846854; bh=Ofx+zfV9kAlt56YC11tGt2YOtlNVLhFarLMraLNfSiA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=LeaN/Mwf3Fu/46HOknNArm6a2N1vgKXPyhZfO8tIHzTwJnlaIq/7DRWHBWL42hmCfAkvTZvO4iCBpBBKSYgW5+IcdBbAi7lEmvy0VnpG+qe6UCj48/KhB5shN6Ika2lxREDlWGODQX3aOP5e2JSI13yFOXybR8THsPrKAJY9QuXM5FMlrWFil9nW7VFVKv/z9u2leWUw7ja5apI/CYM65XxtifRkWatjUr4DjOfXZa1rPOLEB7bRKHZ9Pd6ktRQqVwk0BmZsJEFRZs6syuOAo7niPW/xjXK9qhIeFFDoEOX8TlXSF2Y+M5f03XWat+QuSC9nxHpHi5bn3jBcxkuXXQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846854; bh=USgY/omKIT6FHftzOwuaWl0W1FAmmueUGibLpKVLU3I=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AfQnVo+duFRtB/eIAFUuaOfhgkT+1cIuJ9ZVfABuRQWm9jhT/VWMMr6lWWSd4TCzHmIeijM59OMr+pAPcwpDF15HiRV74bHPiqsGbdyM6/UBziD4KaTHLKc3pBJM4IMrC1V923cjTQJZuV4zmlsHGCsWCFxVTSidP2PgLBk1VNbCy2/uXp6i21aFkw6b6B4pGygg3ZE3o3NepxPn7FuuM55VWfGdUo0bUc0S95EmzTryuCtfdFlcQZz+c+FGpmWzpAWGVtFRMGlgYmnY+1mJuRimFJX21iwPDkNp3pNOpANDCI0sMT/fNpSNq4jGReaDYvFmRJgpJRGfw6E8k8COCg== X-YMail-OSG: hyXz7kcVM1kvixrw9v7j9Ra.xOXS4WdN3hT49me5c2dUs5Ojkb9lCBK2feBLNyk Fi6iFwTpJRa6b5.I9HtFnfoQNKjRZmPzPtNXGYEqojGdtCf8WgpeEFSVjP7f2PaHMrvc4tmK3Vxo 0VqLYBTFpl2INboB4eeoRK9cHF_ZH34z0wauLWIOGUcCIN16HCdd3w7LEQ4RrNz8m4VDB9yoYNFI .Ljkskt1cDsHHZZPvBmrEHqxZ13xBRW67P0.pAxoeDw_eZTdubP3J8UwMDmMyd0Rlh.vWj8YMQuB poXc51JN_6Ui_85VudbtcnS2uruM8ua6vVcKxJiJWXruOT8fqcGn7eQ3q1PgC.WMTH1xKa.e.a9d IS0AvoTOxPN_CVv2WwJ8uCl3L_pg1XFcUggLlO_ouLAdK2yt08Hp02nPTkDqdBaLln7EpFspxnoG Q7WUk9DnHdIQpeH71bHjLKdmCB_bzi2OrOFjT17uHlXdiY31892xGNv9psbopb5CoQrzcBYDvzDG IXLTobLmH2GL1wkaYEOEjwLKvzpIzzlLocIV.804a0YhhNMPR97OdLE0eEqA2JkKyXSVmNp_yelt D2o9UQFcZw1tL3P5ZlNBh3htxiJ1vCJB1lNDXuNUQrbvdy.rd_D37wHv8YkbVWCurmwEgU.HQgKS wKKsEVwqU2iY90mlEUgn0GRs7c4LLPGsPjCEXcns2NcfOsHZEIpb984uJoDvFrle8Q8n9DnImdh8 wKrKzHLaQVeIB6qn4v9anzeegez4gzyldbPuoWcGW3oigRY4EO1eusiElg3QP9pxJFqKFoVRWBx5 SPPclUbH7faiQqEIhEHzVzuq1T7HCmhlaKv8EWE3pn6QHUR9OxSBd_w26_Ee7.kQyxx2PRuk0DKO eCWTqrS6e.SHKJkgW.OUwB.VCzUByUBZ8zX8r36IpCFFW2j6aAxk5yPYrGrHQuwiD..FsO320dc7 NT4_gkwXOiq7KACOyiGWyYZd7AXkwLAD91b9elEtsqjGKEXgmUwP6udv5uqNurz96H.xJh94T7EV ipDYLIulRxrfQGvJnUOstek0T4Ka8Y08Y.a4Vfx4GF9TSfhk.OJ24Uhh2jQ9O.VRB.5nROWyNViD mqJg8T39RaelwA7ZCa8qtf9NgSd_ui9nmxLbj_QJwlc1cGQBYDT5atjen.neBS5eoRjZPPy3QcQ8 9IZAKOA6zog1f.alUEQLLDmsrMKmNyAUQ5epc3qiDGoAEYPH.qy8cAzIyv3pkSGCvJdPMqebRm5J SF.cCEr10qtGW.frP97d.iP2Bh.fQacXlT0MbX_HHktahimmefLgYNsHOBmXcfkIg94c00SZzHxs L4rqKJ5nRQV6qFg6EwmzkCGNYAITQvZuO_T.jPTT2NbFkBze35TN06k0O_JI1vfJCdLepmwJCyOH YCt.VvLA9EpGv2etaKM1hoys1S2FXw1itk.W0DavBD8KB61FYbLJq_nrP.JcQ52T7eUpx3qiCuR2 BQRdWs4pg.MZYEycOBHbrJgRqHW1DDkSJQ_tXnbdSuGsGXviVxTVJaUY7AtuIR6sukylWImcQw06 6jStfKHQ9bdWU8R_25JPM6Tx49.6n0vInagHq4BjfyCDDxKFxuuWXL0XP3VTsmXMzmyb2xFzPGF7 YdRAWFcg.cIv6dO3liloQcqTtqfUQZBZnHufw.jZBUfSikRJvlcUz2IwPtwsU4XYnrh_oel0YymZ xiZNwPB8D.qyO5WBrXVSDwRRZ7GIuYURdGmRLIQiyCovNFbt89liKCTajVmRL3f2Mx8pK1fybUeg Ik0bI9yKR4IctrpXk_VkuDL8.UvVRWX9zsL4rHej1Up9x_CDNJc1XGCHLnir.0Yq94WTga7hXa0U DgXB6VF3XGFLEC5EyA6YbZrObwqF0XZsC3r8mQuGlJ4A2JoN0lPo9ErgV2qgbmFZ.pQnx9YLxGu8 y5t_xqhP8ICZcyXoCdcW6A0WQzkRz.frA3ti9A1la4klIveo5CunmM_2cXfpuL5W2ELc0_lE_VbL CoNluaXXCj6JKMtTVaju.jCBDAHuTpAg43X2U1khE3.qYYJf64oQQZwtgNYDBIsVH0bbTU5ywXcS ImQbNb4qgoHmv9LvZ9f6Mxo9IjB68fDhy5Y3IGGIjvaFQnXIbZfUaBJ1lqDjStgVn50sS0bQRvoq NQbJdmIBuRK9NSqt51ze6LF1JREh0WQYZ7NlAr8p5yyKYGvoJebuCMrzEajocZukmpHHmmeNDPrz 2.0RDR8XUSxdS7t1G8_rqoEg6HTXDk0jH7CIXLM.Kt5jVDeNvyg3KUANPCXdghqcpAkMPG4iVqrB PQw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:07:34 +0000 Received: by kubenode529.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7f82dc84f3bd924cb223e5ab9ecb7cf0; Thu, 03 Feb 2022 00:07:31 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v32 12/28] LSM: Use lsmblob in security_inode_getsecid Date: Wed, 2 Feb 2022 15:53:07 -0800 Message-Id: <20220202235323.23929-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 7 ++++--- security/security.c | 11 +++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index d7781bda147f..b0d1abd082a8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -455,7 +455,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1001,9 +1001,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2570bf5979e0..6cd15abb99c7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2248,13 +2248,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 22952efcc0b0..34ecdd7b01f5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -625,7 +625,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -637,8 +637,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(lsmdata.secid[rule->which], + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->which); diff --git a/security/security.c b/security/security.c index e33fa677181d..0253c925a272 100644 --- a/security/security.c +++ b/security/security.c @@ -1553,9 +1553,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Wed Feb 2 23:53:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 661B3C433EF for ; Thu, 3 Feb 2022 00:08:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343727AbiBCAIp (ORCPT ); Wed, 2 Feb 2022 19:08:45 -0500 Received: from sonic312-31.consmr.mail.ne1.yahoo.com ([66.163.191.212]:35203 "EHLO sonic312-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232876AbiBCAIo (ORCPT ); Wed, 2 Feb 2022 19:08:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846924; bh=wg/PA+wYiVPS2PsI9ZmOeIOSjgBmdcwIjtBH2wMtzN4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XJrQqnTe+RrpIAAb3Z5mHass1WwFbzq7MwsGSIYdBh3sYqyCU+KEACtP2YSc7SaELTy5/nzDVP8cNrEJ1cHpmtN9BGuIecxrW86F7VCx+NcXcPNnmBwIyERbjJ3gx2BBSk7jRQ3HOv/3PaDdSk5n3C2YVoCPaFjnENaGrhfyRCjfj/kLB/YXS+9mLewN2UsJSst9KD5M7GEX24O9SuSIZEW3Wtu44fjE7MNF+gfR25xYxAIvnBgRiD8LS8zoWCqzoPRvhz+ZiATcpVQ2EMwuyKkqH+z+N+r1DMqs8n79CdARiIRp7wt/47DwocSOMqjPwQX+5YE2rDM4/mwAFosFew== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643846924; bh=PpkZijOtx2b2q0jSkVkhViW8Lz/PHx80bwGTddy1r1p=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Nrh/6Uf11fZE+UX62sVLTWNp6GKpne5gZkMl4ZIC8kR5dyYGOrOaQ02O1rmqqsEDm8yw1GXB54iuTeg8a4K9S2GEiPjT0BXcsJKbQEqr0MbL8Lv4EPanNzBaKsqKTQTZ2WEmaNu1IxZe3yy/yDd4lQu6CECfi0sGUfH34jnOtPrl08AUKPZcDv7wQz7oeoR/eSDuAhyo5JCtknH4B9/wW80FyEqyg+sB7benXVnUZ2onG3yVBqA4p3JJA/6ryKGME6C3EayxzpEy1y8oA9uifatrTSmP3NwyT1bb4mCoNpsbXvsgBkRoZTqAg6nccujv5+vwb1FlBjvCrpPOc1EUjw== X-YMail-OSG: LBE0pocVM1nwsT9cZnWgjpKGIUmfdMMNcFI4oQpjYBMfgEm0Ku_G_YJTDXGQaP. xZHjSXMTQ4hYKL3HG7Eb0mKZAszQT5volm1ttVxNcLWjCCKq1rOReoRY_JoWPXcg6neoBcJbZs3T OELeO.h4bq3CWYvwLV9aH9xu1GYWEckSKkzK5FVd2aCc9F9qEHDkMvR6g8ow6dsrF3w7fTRKxwGe .svDTXhwuncqgca7D7bcRgAzM_igJFEhrM56EYjKJqPQd2M5OGYQobsnkUKU1M.HvRhVkKVax4Za TSVZGikjfSu6fYUuiVvASTbHv8oaXmgnjNLyFjgwcPsV9Fp5P0IyDCMaDHb0QBDml_WjeFm7vxo5 3LX_q9bewVkCAG2T1ZQzXqa8OADpSeP8b8awIgPQneYiEXUOADiFbv65b9neBeHnSNe_9YN9lFEB ZxW4jMp3voNVpZ8JkaOStsMXvon_qKYhRIzHRLXWibzykUJkXc5MkrWpG.lxMksoS2wOuQ1OYehM ZuqEADYV8_MXD912_6Lb4cKSuz9Zz0v2TtRpRcbr_a9jmxUyyAu12uqbbfQqSwA51LJIE9oYGT55 UsowqZi.pi0PM9tXqqpL7dU2dfQlB6iLFCjeObDHRCE59jIa7Mp9R.Wi1wPwh027Wqqw5HtawJGX 6EWn3FxaK8BSHn_kSsBfniU9Hf.bTWmAobxCS7pCfbGi3ge7gPGoLjuYmNEa8kNIAA90ZNEums80 Tj5tKNX9UxCzJ7xmyMeJ.xl5byeurcOsdCQPPE35xrIAHWP8fH9y6iK2Y..7lRRl5daQ1wPPPk.. 1PWAQyiZ_hozM8CkrdVlLez2FfvRPwPriVeCyUR6xWmLMsRPWm.P0.RLzZZLemM0tSUr9THsVAM2 cuJ4vtZUAAwdLM2uxMcVqIGcuwFWbIV6nP.E219V0scH4blKj1Fh71cGpBHJ6FV.F4X_qONY2Kqm r8xgEhIgGPpp1LwOEL2B0NH_xts8Q9mW6NZ.S75wiLac1mjCVwKqumLJ5fUmLFt45QOz4MU00Y76 UZKKfc7F3oaFKX4G6G5017y4UzpFxu5tTvbjLPzXNR8m2EX30c.PfrBzdzvMyCo8Xbb5v2Dnffb. .tC17Il8Pv6o6jbBTbWTt5da8gBIiTs3hLYwTxlyQJA_4fPfa2GvDpwO3I3jBwRZS0O2ekvj.Nqq eSm2yv8qfc.8gGxuPEJL7ZbBqNZeGoo2OT_6JVOKdeFxlXsQ5eHU7tBXdoZSz6Cul9swAD7oEdJd orrznMwK3fUYLXCodbUULmki4true4UL03EAIHYioDxHwb6kchr33Kh5_SqX7I48pwm3S6n5ZDvc B3.AHN6.kZvlvbt2fdMhcLP12qmffeL8x8VT4Q4vSDoUySaWe.sAxAQL736hYnLclQkwnrFCwbmY QZyb3RvCizIoq9pJx_I.iddIMetqf6X5eoCkbwXBRTUgYsHLzh4tePXmg1wusoSUCc1SHwcoFgcL U4qjRYoF8j5grOYyGsmSaFoPRdfb3kmUKO.WBOf0zc5XAtGVTQUvFKXRhxooQ2eoicFqRkuZ0GZE gX.PldRXY6zv6lz6lPBkoK51oZLdV8lhAAW5LAMBbN.vCWs36xcU50u24Ubkvond69ULDS4TnAw9 f9UGHsoLUagy1iF5ld6NZnKeQiHsFMwgKepiY8C1p83DeBbTBFeXnseetoCPuOrnYTOAM9_KxReM 2J.neVMWGzcFi.nt9ckiJhwEvEeJUMyKPqLOXB_pCsKtmEyK2GtCFrQclSMiu03YYMeryX_G9pZw Ra2K_umNgHaMxDrqTGY7xFlQrTQpbMY3nDtqge7Bd_BZ8g.KoKhRqoJeKlwU1xWXDqVenTKqFt_u EQtjAD22_crQTyTKlGUhrQGHWpYHKYUAmSWRhHbu8m1ZBEuLvEScofNBrdqBb00PfIb_zy6nxsTX Xgv4GKNW.QYLjCAdQSSTk4gVLuqRv.FN3zPcERD8AKgXrMksQJyIMS21qXEQwb_a.tc9Y0Ck25Yp NnhOwWJPgbkukFX27La0iQGG0aeCHCS_AWVdwV13_J3_iV.AHlJgIvs10kwi4Ny9XjkaspebTisi wt_05UDNN.BSDVDspWq7cjrwqCmMg4AZc46CXjrhzpxJ7CK3EXgAt8n5zRzPxN8dzwIt1bZxvxu0 Ea65qLn.35hYPTjXsEFsLOa10pJ7u9wk3DwQ9Z4FAIm2j9libOVThXPSNgVg75SWO0kZFArwdCTD 8Hs_UL.bId_no4yS1TpY6zeszwGB7JYUah8BQsnM74buT18psSjPDaqzUe2XvVJUMT240tqO3IkQ NkQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:08:44 +0000 Received: by kubenode522.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5459f2ad3ddb3315291f4b33cd876728; Thu, 03 Feb 2022 00:08:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v32 13/28] LSM: Use lsmblob in security_cred_getsecid Date: Wed, 2 Feb 2022 15:53:08 -0800 Message-Id: <20220202235323.23929-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 7 files changed, 36 insertions(+), 59 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bae8440ffc73..26838061defb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index b0d1abd082a8..821e6011c8fe 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 17ac6e74b5bd..c7cd039e258b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1439,29 +1439,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2368,7 +2360,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2379,9 +2370,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index c4498090a5bd..527d4c4acb12 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6cd15abb99c7..c4c3666576c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1762,7 +1761,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1771,7 +1770,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2707,15 +2706,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2731,7 +2727,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2743,9 +2738,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2766,9 +2759,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6abbaa97bbeb..93c6addd8389 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 0253c925a272..27154c39d109 100644 --- a/security/security.c +++ b/security/security.c @@ -1803,10 +1803,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Wed Feb 2 23:53:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12733604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C312C433EF for ; Thu, 3 Feb 2022 00:11:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348332AbiBCAK6 (ORCPT ); Wed, 2 Feb 2022 19:10:58 -0500 Received: from sonic311-31.consmr.mail.ne1.yahoo.com ([66.163.188.212]:34088 "EHLO sonic311-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348326AbiBCAK5 (ORCPT ); Wed, 2 Feb 2022 19:10:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847057; bh=mZMEsUkrlJXRzk7x6lnvfNevhq4wBixRboHMZWPFLrs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=n+GCuyFrJGUSgZHDsjrLtIUDQHyVT3GPM3jhdFWSs6tBZROOJVoYObKHGskumdw4pKJ1PAFUadFbXz/t5nKeNkW5EeTrKVdxj5ysB5UIHK9BrzS2UA6YlPDzs3wh6zztuIAoia6V1/RPfjjwT0KCP5/wDAPjV/c1s6Rk5NzNMwfVWR4dbrlH25tCwOPTkUIs4wivfE6U9ctheZm/s9KAAkfReix/45oNsFNEyK1Dx01pnPYvsO+40ppmtL6Td4mqRkxXolHfmRHSzxXl/LR2SwcEAAjt63odZdYARspz2VX5vd8HwjnsqU0Nd3uMtz3rELwbs/oXAO+b+972jpkUQw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1643847057; bh=pX1IS5QBDaLFRT2SXTeyQOk3WyRB1Wu+TSbh1TqthBd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=N53cQluOCEJ9DJdsYOt8p38F9fGB+gle8uuyvPQbZVtx89IbwaMt4a8i2npOlldQK4A21XKiYy8upYWi1Yy0v5/S5Q9km7vnrs3aRsz4si68b6eZ4R9d0wKcqwvur5B8qDz1ni3trHnbINsFRTWvFMiyRdzuEPgcafnq9Wfv4Jr2lJFi74W7LIv3UNJ8MtAsDzWw1wFfqf/KRXsu3YJfttgeoR4M8SisQKLBwBmTCRWaCpry5h4ykrmmQNHcRzRLK7K0Pk0Os03HGF8A0u1SDV4zvpJbhrIFAzjqD7jLECsBGb6w+nlkGCCuE7Glrk6Lk+aNdXO9qLQgwoocDqW01Q== X-YMail-OSG: _zlGISMVM1nJl5L_qz1SRT_kdOvAfqBNO4TWC_6BwLU6qX2dh9hpTEExP0wyJgg o8kePWwXyN5mLO3slTG8yFTEJ4Z6sjxj1LkBnDGuI2ZGhl68Czxbekb8PmpiumX.e2h907.iwh4t SR3oUGh6HBC1uc7jxRjXfLS2RrJmfqgnHwecEnmAVPpUDtnE8pTvZfT7nagqujjPNZdv3NSHHTd7 uqMRzh7rAQmk47ZedGbBtBzBccRpamwG86xFxWxqwpkUbxhUtmwaqTFUOMYfCuRCDAcrSdd7m5ye mSJn5vcvebIi4Hz9RSiXebu381_aMARQRwFvVnMPTkdVdQgUZ3ztYs2QqXYwoENBRyuLdRaPt0_y KWt80nPkoAfeHsaOp_mwR7kP_86ipLs1syL3SwFojkBjFCKDlZ28GBuNTJSPL4hc_4OcuS5QLcNt 9F_sLSPYVqZIuwSj7MvLz3Kxrl3ck8QGvRq4t2xaQXcLvwKH7_YadyVEuXQbBzvt6MpDIu18l0_n acVn0Nl6Hr.rZdQCFXPUh4cC0KBP3Ys7ju8K.bv9tzdrutTcLyNFSwCIEB4i.gAVjXgdbXQ2h2MM lhnppHRl.u00towDyi_e0FKF5HM6Sh3rMOHBiJOuwuPRANvS_t7K2QP_z1yDHwuDyYAuZeXWkhe3 wXDSpq2mFrlIpYudgAOtHGblB9ygQsPAInvUBteo318ow6.yBxyQpYWg0DdgcnXjgSVRlMT9jnhK zIwi4X0R8mm5aiYOv6JqZ6jCk8KGQ_EQq4JPidNTslG5UK4Xah7Eis9B_b9cCu3x8By4uG9ioBXm FQhqs4QrhZfTjvoLbOj2lcJinqVhUB0cWPCT71dDA1.U.0ddCOegUGUBeyYa9Lgvv9SPeqorqsv6 K3hu_008cwugqPhvsNLp5SDG92_wykDQNZO0zqKfzJrd0ELH7qHtveULrPaMcwDeiEp4nzSpBmml RSLhP.VJuvtAITDcyqA_sPGma7MSZqw5ZwlGEKOQ0abJKzuelPaHoYA6wW8GHvCGpSCMP1VpQtEc osUIvAapViFV6.CS3Qt5ALgwIsdlqo8cmYdt2cDtKJzD5caOEimHs7JziISeaz4qN3nnfWGdfIR2 EE2ABscOPusWPx7UAm63wJreje5_wCKA2.qiTxsLoFYSi5TgpsVj6KZRv.AE6dfhWhzCNYUq65.K waUfM9ENSKwg5k2sU6cEsxtBScFH2.dVO9Q7sR09JIF7FcXrzHVeohgH90Bf5giGCfQ6Nd7R7anM iMOWmABcytBkZXsTcQOa8IBh6hDO_O.hhcG0SXM6VrcC6zVSLXRIKu6ij5J9Ht_QBXl_w.mcziCa Pb.MrAaYb4.lsYKlmz5ulkg80.QB7rNtcS7XFxeVzZCXvlOT4Z5DfcOreFQxygr0Q.GzpudyH08v AtCaeCeWLnzpm.QwfUwpRVm_tyvanU43qtO3Yfmr0jJkm3IWMIJVnfZ.9HcP3FNMNltVJAdNAQbN 5m9dlmspuZVLrom7l7WB5bsXzXVh8flCJY03mf3Ht3UxGysn7yW4.WiinZQ72QQjpH5JbTF1AtNA wdAJMMfSaaguD7.VNI.tsK5ISdppNHspCq4ujclFsDdWsov9JRT_2P1.DQ7G.wlreC6xTs2XtQ_I OA1FT1Dnk9i1L.Se6cBPIu.pOJ6EH3oPfNPbXLB7HzBPDiSJp5BwGZZwzGXP1Y.4.KVIuhs83NMG AaXq4iYSE7FexePxwK6HPIxgZqYcFtHNW5wh_IYYizh4hCqxkVnlqWeL59MincgWvBDldOtmMK2I fEWxatlAxzR3CB3uh20jtA2XZ_lSWEU10GUafxofqIhPLvPFSEb13jQkHUOAWMvnyIl_zbAaJtSX myRB9P00EL_Fw8lVxDUX02cNBiefsPQWVcyD6FkHiEsPdPuMqHsyCHrf.pqBHF2mQGkMnh2JbNIN GQi.20avyg5NyOG3Zlo9EjX..HoiCD3K.uQfL2h1AWR.55Zomraaj35iufippTkQXeq284VGRllx PnhgRLfFwbBgfn10vLh9PDcUXXznLwUP0bjW4K1yyEI1qrXaLflGyVmtWdIe8Kuewi2rXVuCepnM GeO6qeuF8oxm7UfhqDgA7RXk.vyNsIcHdhh4ZQYOLJds0D9aj1LYdr.j3r21CxnbMMxKkw1emEdu q8ldhVYNDMwO.NDicXRq.RZrXm5iq_q90jiS3.n2YuGLITUByLua9ulH7AYm8TMoYUqgELfSbsx4 4HMPacyA39TmjBFjqhd6PYu_8nk23cPa15kvXdAr8wAaclm7L0GDm4hPAo4h8offcu0zCy03ZSqw H.g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 3 Feb 2022 00:10:57 +0000 Received: by kubenode522.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8eaff6bcc33e24a4673fc3a34be90183; Thu, 03 Feb 2022 00:10:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v32 15/28] LSM: Ensure the correct LSM context releaser Date: Wed, 2 Feb 2022 15:53:10 -0800 Message-Id: <20220202235323.23929-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220202235323.23929-1-casey@schaufler-ca.com> References: <20220202235323.23929-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 26838061defb..2125b4b795da 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2725,6 +2725,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3033,7 +3034,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3433,8 +3435,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index fcf7dfdecf96..df2b3bf46364 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1374,12 +1374,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index b18f31b2c9e7..c6237b5ddd93 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 899de438e529..fedc4b0292d6 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3331,8 +3332,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 735e39fa510d..72da145c1aad 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -135,6 +135,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -568,7 +599,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1431,7 +1462,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index c7cd039e258b..5aa2ee06c9e4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,6 +1190,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1447,15 +1448,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2147,6 +2151,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2161,7 +2166,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c4c3666576c3..1626d8aabe83 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1351,6 +1353,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1385,7 +1388,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1542,6 +1546,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1550,7 +1555,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 073510c94b56..212e12b53adb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index bba3a66f5636..3b6ba86783f6 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a9f7c9418ad3..d986bae1587b 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -627,8 +628,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -636,8 +639,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index c86df6ead742..a8e9ee202245 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 0bca482166d8..163cf0ae2429 100644 --- a/security/security.c +++ b/security/security.c @@ -2366,16 +2366,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);