From patchwork Thu Mar 10 23:46:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12777056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF025C433FE for ; Thu, 10 Mar 2022 23:52:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344954AbiCJXxL (ORCPT ); Thu, 10 Mar 2022 18:53:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344955AbiCJXwp (ORCPT ); Thu, 10 Mar 2022 18:52:45 -0500 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2C4C19E73F for ; Thu, 10 Mar 2022 15:51:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956292; bh=E8MURJmz0LV4/J9e8+2M786mlXNzUX9F2mLnAQJ7BbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=msgsWTQsSdxFNaktQQTCdwp+uf/F371m7uemjslbpuGP+qkGmaMtW1hrG+XVEu2W0BOuAJvL5AQBwBfUGnHsNwdMNZgCzumXyr9vi/ifS1YHNiHm1LolyPLb7qkrlx1kB/2/bGLw5RO28X4z0bDLd4cGuHvXzPwtAs1gA1Uxm/Zn5hdEDqspJyzhFVvXLUpfkvcMpLS/DKCg3ZURblXz/npKYJRnkuzHLryI7Tw29vjIAO/JBQLYWGFyTef1RGdnrUxArVL20pWN7mm5sJC7OdqJSbYo4c8TNuaPZu05S2RLZJRXQCBPjoRc3eP1IuyGpDGYigdiE3LGLSAjZNcksA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956292; bh=j1fCpAd3ABVIvrM9/w3UlkRKHS/XbWxp7tu7hcGc5Yq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WxeB+vSWYBYwvU7O+QDVkAU0N9bhmuGQwK5mNTm43IfEZpK2mEyfkmSD9ATistBLOPP7hkzLpa5CNsHSY+fbwZEk7MTrFweJe7QWJ2JvdUBm2T8bIv38b2c+nGtzDLe/VBFFTdcfH6QZbyjrLmQrmtZxMUJPxcU/XMymN4AiNBo2lxkUgANTjAw4J0xu5fBy8lZZzJjLxNk90n5iKMZz+NX9gtkx/UW5nrpB8IKOiOkFrTj2LenTfJ0aW051XvSkDpmIE/DGqamdD9iAuw3I1965RfF6z9WS+AoMKNs0D639sryu84SQUJj1If/915q2MstGnsPIUU+CaixvqDeHug== X-YMail-OSG: k53x5rUVM1l1nmiHkw0PZdOjgvtPHtQegZUfc12DF.MKrSwsq4DI6S6gpm6fzHn R5ADIKngK355XmdsiSv2qHJNKkdvsfWVW.1ID2PD1kPHRDFyEXYm1pfdB9NMD4PD0kkeT2KKDCHi LMaohXwNmrg3Eae8bFOLmZ42IGEG21PBdj14NgxSQy9WAzJRMDv8VixAYKTPh8RXf.Pj.riFXYdf 5KuJ6hblKrO_3A5SlQWjLzwXfZ4dv.ubYg4QA0vbfvpISuCQP0wazyGQY0Hza.CJakQWRYz7y.D7 L1bA78yTvUMw9JbLegZRJMGZ.tCqSl0KBIDfp8XuluxMAkT01uS3eb8ZHQqe9GXPXeKqRn4H0g7r 3vIh4bkg7woE0ySDKqEuG9df6NEseLC2Jdxomp6myektCiwsGdwkBOlnywem9KliVI8ADjQo3IgU qCdFJvk7.YaeoeysBgz0P0NUUpSVsstAwoVWOy8XlIoqlgNPw63z1Rq_3b7w9nLQL_pLvYC32Kfk UQNmSxWmg4n9jDMqrG.XsfgeN1siC6Fk6NdKNnzi5IwDjz4WcNNm52pyTC5Y7aNxTHnot0sIITp9 7cn2xWrkvNRFUU1WjATXpWNPA6_0TwHvdJPoOfRFvcWe4NH00u3l62b3e8rT20.8HbSG0oObYjwW lTb08dTkg8kOtK.q_UV_8iZlDTifOvx6wGv6MY7UuClhqFCsRgEC95R5VpfrH2fd.9N0UiF6sX4K qpqu8ziKmOHEZ1iaJ2YuCkeX9D2v9_gHE8dBG6ZRq7FynB_Ts6jKxPMMVF70f.Erq.e06jhy0ZrI 6SgcNLEZxwgW2vkR4tl6p.q4kIKZAqQg9pcA6Y.bLHoLDXOzd4atyNLmxkLDG7N33ziLv8Jydxq. N2b_tIxSMZMbXdCUBqE.fhyeDJPhEEaQpDaFiEOo9kQiNv3FwA_a75KbvsFrvPusyJwcB0NxfMLs 6LBAEjehHKLYpwBt0y0PszzcXmUx91tYa1_9MsFtUuu4StwaJkzVTilxGixQ4uuOsxGAYScDA_.K s4OxcvTKyjEn2L2ZtfD_ZjlTn_8_0aGRBzo2R9gEEt8BZEBdl9S4iVG5Hb3JJA6sC1BnDVVEtWPF Fvd0CguToiIQJw7.Xci2gso9G3KcEDgdidtJGc.ytUXs2MhiuAwYs.nXQaL6Dc4YAE5wLwbUqYZu JWeXJPn87VipAk.Nc2qi6y9WotUbVx16B0GQWAiJjg1wZHeFPFKugxgAHi_kf.olrLfY5mxLR93g IBJsTAqtEu5nrBKNpWNIuhDKBxynzDhT1RDfDxcupxLJJkIhtaqYacib4.SW_LoaPFI29DqzSUZB eMyFws8gYLueIzJ87kHWr7jtXEM6bi_B7YYiCo9Y1OTviJXWfn6.do9a2E4z1en9FWd1QTXAq16U g.rxA961PtdB7RWf.6aMAJYmzAzW6CCbNzuBfcM14nzyoNydln3eTyYlGN90_DetTC1_k7dzGmhI gTz0Ut8koX9Zv0XO3t16eUtw3paQ_cKYMGH99_YhA4dMnMgmLuWxTdh7d1gFub7fH9dC6bvVEPeP a1ddJB4xDUInFFN5jS28.NCQ3tKYABoUpBOqwbWsudQSbfaxaaaDIQ13eE_gRjx11LOD39pgMZPV KlwVKpXP8OuvvcESMrxgjhzGJclcab6nyOSCrvTh8IQKsaQEEHTMFO19orxJaah35cmvB3PAWSY. 27UurYIQDKTahUucuzI_QGfuUYNp32chBMn4tiDECXwMbwfXDV9z.VRAH3AoHqxy5ImvgtYUSxm1 MP1nGflAFyb4lsqWgH.noHB6DvqXvstMiD1rXHHvq5k4RD2EQ1mzbqO43qdL7rS0PsgihsDhiXBv 0qK.6aEcpzO4RP7r.Acq3UfixQyGRmAUaMF4BevdUKSiC3ZxVHVEVZvXgf.0mWfkBwWMfNYZ2.hG bEgvioJgZraZFSxzfhcVHgeK4VroDHdmfuuV7aALFkJLwhbEf9R3pdmNm0F2MHLlZV1JLJUnxrjj iduYWnzDR4reYjgxei56y9j_NhGTkUggUAbFHD7HzEWj06TbEO0D_chmdIVh1R6JYhuW8zu439hQ nMCUqYN_7QoOgVkZPEaJ2YAgsuCQpgWipRShdZRaP6nhBq_BZGkE3nz_M9kSNwOH6TyxMjk91tnX tBxFqiq9zKwPOfBpRXnoF6jHQvdalDD2EcMvzzRgdYSTsMwcm0NV459seoY1sKv.159qhK8ZLJpB .Yq22Q0.lMrmRCAtOwzaXHy3vpGtS6Gp69Ul_fyRKeMeMHL76yVXo7VwMeiQn4ZSmnQ1nI56dXJk gCj9z4YSEte8Ulz65p95Kwg6o0GFcwcDSUWiteOjC2K6gZDb4lTvszqtH X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:51:32 +0000 Received: by kubenode514.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 02d0d7342d647b4cf843030be84eedee; Thu, 10 Mar 2022 23:51:29 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v33 11/29] LSM: Use lsmblob in security_current_getsecid Date: Thu, 10 Mar 2022 15:46:14 -0800 Message-Id: <20220310234632.16194-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 13 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 95 insertions(+), 72 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 381a4fddd4a5..bae8440ffc73 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 1814516509ec..5f20c0c68f67 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -502,8 +502,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1199,14 +1199,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 40d8cb824eae..17ac6e74b5bd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2154,19 +2154,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2375,6 +2368,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2385,7 +2379,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 598e0de45b04..2570bf5979e0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2712,12 +2703,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2733,6 +2727,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2744,7 +2739,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2765,7 +2762,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..c86df6ead742 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..3d5610ed5f0e 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 17232bbfb9f9..217d20c60e1d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8c6e4514d494..6abbaa97bbeb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index 815200684bcf..e33fa677181d 100644 --- a/security/security.c +++ b/security/security.c @@ -1909,17 +1909,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Thu Mar 10 23:46:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12777057 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6ED7BC433FE for ; Thu, 10 Mar 2022 23:53:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344969AbiCJXyI (ORCPT ); Thu, 10 Mar 2022 18:54:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344966AbiCJXyH (ORCPT ); Thu, 10 Mar 2022 18:54:07 -0500 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C194914FBD4 for ; Thu, 10 Mar 2022 15:53:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956385; bh=tmh83u7osd4pu4GiZfbJMQrqUIl/l7Z9iBCkVV4+kWQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=s1lmXJs7rvJDfkCZsOLglwFpIZZ3TMkRfYFcep3I+j48y9wwLRKHdEpaLauKKR/lUm9LBkvf4fs1NX+MqI5rvzl1DLyMxB0VEUllkvFh5a8Ur3jmpZSccJmoFHezEcB+lwp3NbCVZvcqpa43AtQNuVMfgoGx6dVZ/fIo9WWnknWVOJEmqV77/Nfkwtt3usk0Uv97FdJTJJma5d1yBCp5ldAsgf6jXZc17Udx1k4LWRt3n7WemxxDjcuLs4Vtfxa8AhJWIPSUscoUpVkLxW9yNCPy9irgpm4+VpzBDrXTjstYrLhFjpWCD3nh2moe/naQLVtZ4KidDrsSGv3P7nGfUg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956385; bh=CilM74VtaqTeJCDFFadjb0pK+9MovmYk4HID0FF99Nx=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=sDKFM6gVVXvHaEp7FSzVQe3XA5fnGXhuCiXqGkXLsR+6ZHImpfO9dX5naVpodqg082K3HqmpeNc/NFZBFzk/1ezlsYWJOtfc6HCixFGpbCeswidp/AUmHcfDJ2FtEnXcOkbwNyCm/caNtVCDs5u/DxkQ67BuFx/0VB3JA9AYnaHVAd4n1qEMizihAmOaruwepOIla4Uv8Yg1XIkyFzzG0LBC5vbNCUaEeUT86aGF/ya3tk8V3iIhK0h94u5NNUal/tRKd9aHD4QPHmEr3hgGDER9SZEB/vBOUzUVFL6mW5QlvmxBe6Ir+r759hdQ/XOHwZP4wtbCIOukjHeJHvKFaQ== X-YMail-OSG: vH_L3ecVM1lcB5cHAeb_CHZU5UecIaTjkVZAsD0gUCgEaGcom5C4qeIxF6mbEJE D_pXruOPgylVdjpdpo3QbRw_.SOMLHg6gtf49GoC2DYRYxNM5rdR3dbrdyUo31OrSpPDireOGhEw IOuRDqSQQjx2uXN.E1nYQ.lbO7Jt55eZMOCsFEB.v0Ce6RkSlmqFDCaBg5FYpVF1SHZDhc.xG2L0 Ds.vuZI1qHMEvfLfcWoFB75ERPy1nLrPZp7ZaF2biKS9PVzIDqs.OXhYy.Twq2FDXsbEIBaArssz f5EMdaHGYUtIbX0hSGsHUHoKKdWeUvu7CUZ66FcooJ6jwmQPSLeYZ_.s.rGQfycvQNWxcWih9zav 3fuIWKiGtzYciJwS5NJXnUjg8mBIEfaMwdZwHH9CgnYw3W1iu9m0oapJS4LovqcaJ41_6M2DvlyQ W6ItnerNRGnkByifipgbL7S.XNYp_2I_AkLz9mDVbA7XkQSKym.fEFYiPk5Zt36zhYHtNaA7r_xo lVwj.9p3Ce_iTuRE6l9qHtmcQY2z_cZL6I_Yxg0R_vRDxzbt52N6_vU5Umyc6EVW.hhNcbuk0WrJ _K6NhMfTO47ygyYBKc3nsCalNruNB01nKkbUSUb4eB5EkAYwyYKBYgLisRBf.U.E7l25MXLOXgKA ctfbi_I4XDBC4PQXanUxpnqoxmNuKEiJ0BfXmE2xzaJZpmPPc2o3RPRtH2zf2.E2YKUIrPSen._V domV6YzDR3HsTn2h9Vu3T_A7QP.O1KbbJfWXe89X_V8zPU2xJY7rKm8oRdmPTiySE65EKyduoOV7 AWMH02dhi.X6ChuKqK9VOpnVI6hDAw8DtMAeCUxgSQZOpU4nf_75X7l58MQ1lSgSllBb.50MVn1K VPsiIA_MYwMpIvzvI5WngfGcXqAQphlfNlDjD5IU..WUMDXN2O2P_9gLFbJ5D7sVCosnjv__Eygw K0eecMtkF7EV6Lo_7PLGX6mR2enusEnpJFXjbR6C8eWqBbnA.5zAlSWIvTxHy4hLYq1Ios8ZEnVz F4B5cBTxHltAcouh2RHV.FjsjTD7Aqn0B1Ddx25pdzT9htTCRxR0jGbXuMAaR4R0RB_qW8t_DCNQ cAn.AnmNWwEQW1Y8_JEEqySmJ9mn9zHjfqr_KmMdG60TukEcyiK9Vr9h7Mlf6qEl0OjjHOJMuW85 uuJ1rDfqRE4AWvPS0duiR6nb941HOTDS_UPMuwLj8G2R4nrlZ.FltNEaUAUn0EPow66VCYzhh0_7 AK8WuI0q2mtJEelxkDjgUNBM0tEzP8uBfcIUW5wMtCUsC5pyJqxaCKAwTkJeeyUDYnnRJiQ6G4b0 9wzN7IZg.wRNKEWPKJim_qhLvQkj3L1KkZLUISEHdxqjkV65xlXVsfNFjLCTFs.6i6EBbrqGmGED fxsraLkCCyQVo2PSzbxGPeiFWIqbhG1OBCmcywrt7BMkY.IjUT0zdCsRXewjNmqDq9Db2I.OGMEf 179cW6s3wYl0OEbYgL2LIQZXQ.v_ViAutmNwgTvfjRRcMe6WYo.L7FZFZrpX.koHLJwlIJ8NMD9a G65TZDT90YRt7XLrwjFvFFgXUl_y1E5N_spQRScCYmO1RKVMpNTNXAFg1jxdunFm35s3xDoz.1V2 TkPEmzO2YVsCeyfwK105zK.PxJXtprhCkelWZsNsXglHrSuilP97o4L1IqROlgmU4UXXrcp83zhj KrJkce9bjZxCTWmzLeqspK9GvfIancm.qP7awfG.8yIbOqOrAwItYIg1vspSmle5JYyDLAIMx7By TpK_PABFtVI9Cw4BR87VWbtOyh.rbtGjGXFwPv8lSN90DNNyUQulbEJAOcySQxG7kzFDQXs6rudm tREAf5s97kpZ9HbfhmQwwC8D1t6h76hGnTJncPodHdFe5ZsiU8ZwLc5NVYCxIynB9hP5nKO6j0xM 5xiO_WXHzvsX1f0DaVfRmQxXEh4VCR.q2AOHHsb2y5X_mDVlcIH9nDI1RtTsoAnjM3wzwC_XwqFx itpV7M3XSgblZlp27Qpf8oWJFAET85gHUjCirz3pSwP_lCbLYDpizKoKB87WNgB4_U_PCburq1vX 84JRNspzxaJiJdWhe4AQx2zgIz0RVh9iF_MbbgT2YjC6c9caHIfhZkvQduckbWiyvLnxD9C.ZfEU ekqCwApWa0gmEr_HZFEkfCCGK90VYsOv4BZzGI2uCzOv4DB80qpBSXvBYxaTqq8G_agW1vIbyLGP _..4ena0rj0f1WuArghOy3ChpWLjDUhPAMwBOucL2hb4KJ5lILPzoyQnGA9iISiiDKsAF07hyqy2 P6qWvy2ho40QM7pZDdRVNR7EQrJLGd7SQ4rxNzmdLuTDoVdOV_FoL2WQ- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:53:05 +0000 Received: by kubenode525.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5fda70cf8d38a19ec9bc1b4fcf47812c; Thu, 10 Mar 2022 23:53:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v33 12/29] LSM: Use lsmblob in security_inode_getsecid Date: Thu, 10 Mar 2022 15:46:15 -0800 Message-Id: <20220310234632.16194-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 7 ++++--- security/security.c | 11 +++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5f20c0c68f67..6fc573d2c253 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -456,7 +456,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1002,9 +1002,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2570bf5979e0..6cd15abb99c7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2248,13 +2248,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 22952efcc0b0..34ecdd7b01f5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -625,7 +625,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -637,8 +637,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(lsmdata.secid[rule->which], + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->which); diff --git a/security/security.c b/security/security.c index e33fa677181d..0253c925a272 100644 --- a/security/security.c +++ b/security/security.c @@ -1553,9 +1553,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu Mar 10 23:46:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12777058 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67C9CC433FE for ; Thu, 10 Mar 2022 23:53:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344998AbiCJXyP (ORCPT ); Thu, 10 Mar 2022 18:54:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344980AbiCJXyN (ORCPT ); Thu, 10 Mar 2022 18:54:13 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com (sonic306-28.consmr.mail.ne1.yahoo.com [66.163.189.90]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA43C14FBD4 for ; Thu, 10 Mar 2022 15:53:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956390; bh=GO/Bqxwgc9VQWSjrcC6II8HoCihtitHg+71BIsNkOkg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=bcribzaxukC//3I43/UEOxJtsaOp4Wrt36CinOvSDlTRKw2L+HF1xUxbajY6bOtv1mo7gFJkKhrhmQ10jNIaqL/Cmrx5cIstFivUzaK5/ERi0G7CLXBwgVmNYuvNOtOtD/5cbWKyFNkkiGHPZCBhq8KwxGh5e9j75ARhpeDTmujbZOVo4o5tqRYAU0jyvEIAbbi0GMSGlvNzTcZY6ZkpMlivSjbBCLBawtamLVz/QUsJDcB5IVNP3vX+RnKFBFL1BNn0fnXsiniNBL4lZ+B82Nfs3Evv66rnaClF9sxUT+ibZrlJe3dpSA6XSM9bO22JqY9yhzEYzOR1ZNuFwlVbGg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956390; bh=j/dTt1Kuc63+yIrAWM78sgq5GtPXFBERyH8Dj0q3xw0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=N/BPgceDDuGpnWlovQHVyrOcwkEuhQvmz0SIidArqzpSHtCxjFecD2EQyAY4TSC62JidrzbH2s8DxGWoNwj9U/qGeLbQvg6Dt7Nk3V4QE4e+nJOkpSE/4DKLM02nzRpC3RIAmIsw7/LoLkXUy8C/jAdlAU9PVbGL165r5eYYjr4DB53WngCHA+E88px5P2G2IkpYt80IOw8/EPjLNVGdgVknfaIsliEpxQRQhYZzcb9uXTLchX9Qvj1VmAWHRCO7geV8ZJgHhw5OegpvR8sAx5VFFMRTBIjWotzjvCpKmruJHbPvan6pd8mS1YkqIxeJmeVwsCdIIGYePJfMrAoBaA== X-YMail-OSG: aZ.0F7QVM1mM.6wziF2fr4zOpZHqxuFodqH_5qUEAYuTQZTi0rftXiQ7yImRaP1 CJlMTSt0US3guItLiPMVydBGe7gU2xAcuvwx1UDm5Yvc_csLo4KfVHm_F4FzHOvUhhcT.jZ8z6Pq DE22oSUlCvnO5sX3LXeJL7K52tw7gDi9dcwIva4XbxsB6ssKlv8nLZTTrymEtyhdDZ7jm1yY4u34 OC7MazEowaQEocXI8Xh75BvrNw7hfXVeRXrFrvMlRKc428k8.1ySjCIuvTGP8d1xEnccEFSd..t3 Ui3H5bKHcvmZnSdGo.B7l.NIKIsGfbCXAPadfiNytFxXBnmL.L6zLglpJ2VQL4vmaTZnq5qYY7D6 wWuDFCJcdqzrVTIq1VbVt9aHm8MHEAE_szHOuZaR71msR0gOedVm9tdlDutYL3qjDT.Njq2Nu.Tj J6SNslxW0NngnCaKRn.tuyCW58A1wdqKr._GkeEyurZ2uGMwQtimaHEnuEAj.N2mvAYumCNHl84t lmw3ER55TiyOD8cwstNP3a2bfLljAc1yOLpI6hEPVLASQhUc5dUSCzBOvRiC79hJ8E5XntcTfWH7 MTRCkJ_xoUq.GdC_GIZaFolAFLiGfYdUyyDFVZ9ZFoKtN25CTgy4i4E4it5zXMF4aOrmaU1KAL4s 33ED1NysFVGXA6qhqtkzgJLvX8WBIKD0WTtHpwor_Sfo3Bibf6LuNOPjEOPK5_dmmqOLgNtb479l 2RrRxq4AtWwFGu.pKxzF1tG2CFOsG4ry6VtC5LYvPcTZX9xaGbOSP7xSJ3KvlMJDCRRTo34a3VHk 0LQ5dvfr3n6qMcWZtvE60pd_Kk0bwCyCblwda3uqII2.Y1rpfBa3uvSEqOtndIchUozsyA4ZKxR_ PFk6sqWY11SYYKJ4kP4aFg8rZF3oVDUUpViME.NB7WIvlg_LwyEM3ila2ioagJ.ackkukOwqhpjB pUJGwUYSgMcWxOHJwB73oP9vDPHTtETHQvfmD7xfzQX3zz.xBOqWLH3t4s.mXMKMw8HCc162j.Oe jJxbQ.qN.1K_sI5h1HZ_4zaLz4p6ENK3GR3.MKhTz8LfIeFTsCkzh1nmMlEKY31rikQvwJNWoPIc 9.il258YKJO1i1E3K3h_gWLHwDBl9ijkHODkP6qk4kVK.qxiJ3jjYjp_hrG3xmDRQHI8NKgkZeCX pWZUbyyBoaSqVyTihVRDOOk9TCFMbDj6G7Hgk7R49qdAC4FNdFI5VxtcTq6ZEiK_FsOc0kwY2MXE hFLebJJZS7i3QGyq7C3c68DqLgZoDq70cS7Q0GPupZP_H5sRVTVm8lEgg99zaCaf6LX9KJ1FJmGw krRr7.DV0X2R2Qw4jEFIEQqaSGW6GQFjkbuzkuhkdlyr_qJRUD1uXo5Vzwa8FxDqnRUeIWctrJUe W4e1.KwYe.1d9U15VJ6DQNotKcpZPdpQf.TYK6pHyQcW7BSNew43erNX2P_BZk_hKTMWv7pcPC7k 2CYfyiXuSTduNBssahtBNk6BiCcBR044bbr8G4reAoY2vqYjWZe1HY3SJHHVm80lUZ926eyEpOCf bqR4cZriYDn978XkPQft0ibR4gH296mx3HH2J61svYGIels7xgF5MLAcMmszjcUDqpUKx4SjPYgv RtZgMmqpULqgtACjWMd.ODUx2FXKbGZDCUBhWTO7REATFt__RZtymf6qrBHiH9KIKze75qatHaBM IvMmgfzLd7rWFflSCVq_jZ2N.OtDCGwdvYnQgQ_s9eJ6gDEUYrx4xu9LAAdRXKr8tfsKQlmgFLdn Nsqyfl4HHYXNhc53sFyLFtt_tVwjEVbBhHs6N_giCK67Q7xVA0nywjg0Wiit3XM_YJ.xEmeC.HNa GU68DHonNO.vAoeTLOt27JsKhlExcg0tF_bCkbllwpSRfkgGDy419Kpa6ItOXIBoDauumDNDm1cQ NxUJx88DRYSMzninHW7sKFXjcUtZVwzSaWmHslg7nqkqoaDwvgJ5r30sUNbSXPgocsxxQs8aMY_C e9eihdFokL7KIH0iULCHLCER_pnBWVriPN_44XM7h6CPFTcV2yWXkHCev_FVaKLTvB8q.kNR7oou HIVqyK05wBXQqEKvSI72N0KkttSRmpx1nbFEE0gJdVM4xZ80heLXKqFvDXfBzpfjxtBTkJIXA6fB ai2HnYzr1LbVBlGJZjgIFfMxl1zKp93umivtKaFmyzLxG.pKRkzC8kQUPYOlj5KnMhqUyjZhXvWP 4GFM40B8A4Xp894RRPn9aYumbqvjHMpvRzHBktZL0p_YUoBRZW002upvU3DEIyXrpoDE8f99E0q5 S X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:53:10 +0000 Received: by kubenode525.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5fda70cf8d38a19ec9bc1b4fcf47812c; Thu, 10 Mar 2022 23:53:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v33 13/29] LSM: Use lsmblob in security_cred_getsecid Date: Thu, 10 Mar 2022 15:46:16 -0800 Message-Id: <20220310234632.16194-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Reported-by: kernel test robot Reported-by: kernel test robot Reported-by: kernel test robot --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 7 files changed, 36 insertions(+), 59 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bae8440ffc73..26838061defb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 6fc573d2c253..955f75fc1007 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -483,7 +483,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 17ac6e74b5bd..c7cd039e258b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1439,29 +1439,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2368,7 +2360,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2379,9 +2370,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index c4498090a5bd..527d4c4acb12 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6cd15abb99c7..c4c3666576c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1762,7 +1761,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1771,7 +1770,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2707,15 +2706,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2731,7 +2727,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2743,9 +2738,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2766,9 +2759,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6abbaa97bbeb..93c6addd8389 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 0253c925a272..27154c39d109 100644 --- a/security/security.c +++ b/security/security.c @@ -1803,10 +1803,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu Mar 10 23:46:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12777090 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 456F9C433F5 for ; Thu, 10 Mar 2022 23:54:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240657AbiCJXzt (ORCPT ); Thu, 10 Mar 2022 18:55:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234064AbiCJXzs (ORCPT ); Thu, 10 Mar 2022 18:55:48 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com (sonic306-28.consmr.mail.ne1.yahoo.com [66.163.189.90]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF1B819E033 for ; Thu, 10 Mar 2022 15:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956485; bh=tIJ56PEQZpBSEOX/gZGEurZf9l4kFo3rQXYBXSi7jvc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Mdjf0THosuziM6SWXri5jjE/1GWwUC4J1nyJ7gkvqB/WCj8/QdLnYUHXH1mCYp0o5JFCIQFC55IUtZqWB9mTKjRaHK8w4sDoAe77o4ley+16/vE7ra2mvVpF8+LEUhHet4J/TO8gdgzYMILLeDYyinUPGyCnpEanX2c38IUq3/Sx9kOak4TA6IvBIk3wA5PcBHUoA512ybO1v5ws8dDnM68dXOdC8Cu6qQv86bdw8P1X7ROI38V2Np4yWDcZLN+2JaNzb1L8jgPGBZaRJ0gteHaNTiZBikCThFq32j9mwpdFdJWAkIcLA717iwWoXdLQhoHDwpYYh+TCcU/mxmr+yw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956485; bh=ZCSh/oLHAHPaExJlnEJ2GaF1ABfpvlNuMvLofDUgi7a=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=bqYu2TdnBgaNgecy8j459U9dSN+94E0R9dr/XgKLCE+rrf077dv40qT5uHyoCbD+sZQxBL/InOm/tvGBAS3K296SM1EtgB8E8PeJBJ7LAMQ++nBQV2rInP+pv63Xiwz+xALJ8vnObZttmXz+ud7pXd8ykosEquuooSewVuNfUXUcXLvGTU2ydC/8U2tbCFO6IOr7tdW+4aXKEKdzrvHOKkzFdU2AN9zPQdoThc5DUYvIEc05ZX12M/mx+iDJUX1RwxoQagXEWOMb2AoJq5HRLDB1/4StPzzdNHLHmjF99u7Npl090YPq4FXp7SS3nPN7+67fXx+x8Ir2V4FX4n8rZQ== X-YMail-OSG: AoU5VcsVM1l2o_VmGwaPlalORd9OqiPLRlClxryHwjP4JEfgt25_tRjueY8sImq 4iFBgM28HJ3AgyZ.32o8lABKsk6gEpmW0Gpfn5LV3C6v_0tSixdWyUgTHUTB_2JUdCMrWstGeUQv sW_LmcuBIxNe5g1KbwVJ6AnwNCoV6Y6Ytnwj3k96G3hqHXBsa90Y3BBydEaTfhl80uwuQ3i78jI8 X2NCX3UgMZs5Qd502gLxCJctZ8exV_J7OWgPJ0L0j8pNxEWZZBiKvKEBnJEI2o9.zGR_e.WA8zs7 SxpV1xM188psObvgL7edD1e2uVUMvt3tH3f1yiEOux8oBiOwRBtADy2yUK1B9CWX3Pz6Wzi69fhm FL03IWir5nR82Z_solmsKGBCZAnq94OcFNObxkeQB6nZiGoLhnNvF5UXqwxSPwWFp91NKZzNtvPo 020cOCZfCJUeT4EhL2JPU1TmP2i23is_OFL79S0Jq2DFLFiImoPTZYm3o.NxK5lbwLI0NO0NUOH2 yEeiawQfFcRcmua40fLDBAPMWNr6rc7YLJnvfofZslihNAoVVDk2.FUKLnWy1IvLwJAMGTfmug.0 4fUcSoU8DBah8yzhjPcF60kG6GjRmTqqxHw.0UEl3FDxGxGO4QSnKjxZ77xXeBbGxeIWpVr523lR x7VUavceb.sLyHGkf0N1nCOCm4MVD.fVGoxUie3Hu04nxuUX18DBTdn3QR7USeds9YxaOmRwMswg m3Ip7pAC14EuN6a.z0yvXIi1iXBqeWAiT68kUWdV1TDVEdZCpe61.lR0vNoe7MTqtf6tjkRmzBzO zQwQyv8XegSJv7NPuwPuZ7zILSsAagQdykc7quKBkqVF9Yx3OBQDVWP.9M5.OrpQoaEWE8.GZFcO fkP14sGCq1Ir1uzY83jKUrnNNQjJuJ4PQOYaHnLeC1wDWU8EJyWtUC5.NwiG2Joi0d9_yUmJvom_ EfCFDtpmekLbplQaO1.V_1Xxw3Jd2ORfr3B5QBAk.lI2CtTp6XxEx1a80IcTvmdORAvF8SoXmRDT GNV0wUWb1wXCslSzM.5nrG974DplYMJ2z2tN3C1DS44TApU8qfxXMR4FU_pM_B7CkMJS_itRNkP6 k2VaBj6L9ni66XToYID9peJDB2rzWx0lI2DYjGWgL56UrXgN_4eApKlayKKMEf.vSIb4aEJ87XIW TjY17qTYHPfPtpz9pw70x6l2RgevTlx09NA7DnwZ8AlwX.w189tys_Zu4BB0jZWf28__lZ.5E69u ilsRwddIqS5CS.fjeL1f__ebv_9C4M6FB7vwLvCXLLvfixdj6F4An1Ooq9dgv9OrJq9_sGTyi1K3 RnL3ZRrYjvuvT5Vdnd1juk0MTcBaRvYJ0oq3yj4oGxeqyfwOqesoZxnmZk3ACiUD5UMvA4wOzP3w E8INC93zMyDj7jAs.HBMjmGLDN4q9.CYRrzhtzCVjRH4LxQrBU772u81JS6TSp4IU43QRkDsS3tk HQYjIb7tE86w2nuAJwdYuM7kjReBwJi8xAsaiGqQ571eSH9wlDD2mCO3sy1m8p120vNMmka3uytI B8oNmsAcn9g0YuLTF1jiYavxecreqp3uHfaqsjY7i5PyTipW7dk_wx20f2J5kWB0u6WKR.dMYNue 77h4p5ix4lzLXwfPfqAwNr6fDNz_8aLwVdxP96djO_yXzWGFq2s7LV19e525KaPj.9EsNMGgO.vl bR3qpXzkXI7d.0tTuzYYiZiRVo_3Xh3PwwLt1lQnPPS8JCEg0Y5.D5M8pMWfdNRKkqYVNY0grBR. 8le44.1e5TjicJF1M0c0xJZwWeYxGwiQ1qieeDyGwCmdfjaAO1k5t914ai78sVpVIdaog4cZUTEr SaUGq_SjZL5bK46kadLIZkFwVG5DfiJzqyV1J49TuGBSxnNficwy2VJJe42c8uDEwDm_Ddp09p5Y ON65CqyvV89dEqWKK6mGWv7Vc14kgt5sjyLNkjOd6sW6Ze0zZ60aCO9wXosxYsCA67vinjUvIAMO 9Apd.vgspqSa5OPx.1qq3Xsp4wcnoaZ1JjWjfv_bONTovLlIbtiEGo5NsU8xRSwzJ6YiyUsKNO8e nuV5Krc0Hl6A7M0t1AfiIys1u7xf6aJq.s92lYuzzKPQRsUdQA0BoMG.hji4XNdCYGs8RsMNZp_x 8ISarzgDwGui3HOb.AiQOLkKALLKPrLZjcXadhvSzrXDM_Qu5cYmPo9K5iwZOLoacIyksm1wiVT_ RMG3T2NGb1h1Q8lLPs4qRJlqq8Q09a35JOqJjWDi_wZFcXv6mExuCm_BNppLCHbCftMH4ogx2SE. F0xcu4u7qtBucztyAfxHKSqJFNoFWChthvUhflcvGV72RSMnUY01rhw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:54:45 +0000 Received: by kubenode520.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8cf1c259c50308b34237c785a039407c; Thu, 10 Mar 2022 23:54:41 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v33 15/29] LSM: Ensure the correct LSM context releaser Date: Thu, 10 Mar 2022 15:46:18 -0800 Message-Id: <20220310234632.16194-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 26838061defb..2125b4b795da 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2725,6 +2725,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3033,7 +3034,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3433,8 +3435,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index fcf7dfdecf96..df2b3bf46364 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1374,12 +1374,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index b18f31b2c9e7..c6237b5ddd93 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 899de438e529..fedc4b0292d6 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3331,8 +3332,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 9753bd9b4fdc..11c4d088f7a8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -135,6 +135,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -569,7 +600,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1432,7 +1463,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index c7cd039e258b..5aa2ee06c9e4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,6 +1190,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1447,15 +1448,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2147,6 +2151,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2161,7 +2166,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c4c3666576c3..1626d8aabe83 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1351,6 +1353,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1385,7 +1388,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1542,6 +1546,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1550,7 +1555,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 073510c94b56..212e12b53adb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index bba3a66f5636..3b6ba86783f6 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a9f7c9418ad3..d986bae1587b 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -627,8 +628,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -636,8 +639,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index c86df6ead742..a8e9ee202245 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 0bca482166d8..163cf0ae2429 100644 --- a/security/security.c +++ b/security/security.c @@ -2366,16 +2366,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);