From patchwork Tue Jun 28 00:55:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D0F6CCA47B for ; Tue, 28 Jun 2022 00:59:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242060AbiF1A7E (ORCPT ); Mon, 27 Jun 2022 20:59:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242363AbiF1A7C (ORCPT ); Mon, 27 Jun 2022 20:59:02 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D1E4220ED for ; Mon, 27 Jun 2022 17:59:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377940; bh=tYqWAwtnK7psUEEe4XhJcu7l6wVw6vdttfwUfuyaySc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=SAgeBo1sjcMgWnDBC1xlcCce6xsk6wRmUqxJjNppwLOLQ2J/vQXOTqLS82D7XqD3LrJsxebgfmwlO4LDYo3XSRxi9wgjKN1P1+y63ter/kpIB7HgTSKwbIcEX8OIS22xJC+hu3WESRNeiUyd4GWG7sARE9mPFG1MIlD5thlBH6ws2z8vBbnAsMag91EBMjuMMfHck4Hew53YbHDRwgZYRwesuinkSqmAv/z/m21TD2xXzX+0O4SFo6q+yZAvQH0V7HSvdS4gL1nv0vla9dOUrp015yPAz2ncW/RvM/HtVrfLXkT6oROnjPEX1H395fhgRHL8/MVHHmi/xn8sWz5Ttw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656377940; bh=QA6E2JR13S6k3NYK/bvjQvHkizLcH4RD3DodTeatUSw=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=DpPt8VtPI6yn3xopzfTt6WUjlXLfI7T/CHdZvf5qbOWAjGFTDqQ7hRshnapkiHsqyPVABe+YvRaZ4OERft4nrPb84FMxgIc8bq6bnGUTIjBmbZYZNOeCWP9aez+dAN2XPs4b7ZQJhWt5eshdB6wuBrPPJyjftNFrnBRgg5twzI2IClkR7IzzV4asx84MK7KF1CEkjuWPx8X8w3muR2xNjr1egB9F/P5Kn5J3og/uC44bQn+xm2gDDS/pt3Nz103IicM1U1xTqb8KIASqN+9Mf3aL5T4JrSpOigrsfo+W59cc2XOXKP7tCmQt60t1ibPZ8eYoDWrwFD7unp4OBlTsTw== X-YMail-OSG: v_79ysYVM1mRV20MgroC_3Ki095aENCZjUwOnNSxBwMbuMVeSkPKR8.me5nCUUw rKkM7jh7yayJczS_d484nIYpMRNprBPtpvhvRqaHmsNirz38z6774jX9MbSLafq.YNht0EnJWSMW o4Vu4i5t7tmpxeCGHLIRD8fYo2Qn6wWQUaLD_i2Qjb5iLWbOUCx9QgkJbq8x_7UMbNXhrrnMvJ0K dLMo6aYbfrcQwi2ku0Hc6cZG5qh3pd4Rt_sh.OZQbF0UEDd.CiJ_GrB1jGTX7svv2xSUU901AXhA OudH.yPjzL03PCN9QkEwSe7OCFqWoyspgWd39J1cyBANCfxDmILNqgthFYJjQ6vI_UfTdrnCJqyo dWobjiv7iQ2aC.2cn3SYqaLzwhsdWMjK0NfoMRlMDXZR3RzgALENj3MbEjpXH6jWtNoXeNpjIugt iMdyx4W8MBDEjKt34jMsx5t.9o2ZhDGUufXmU57Nr8mx54bL7n4Ma.bAbJBG.0uEYn.J1MMOQezL _cffaROKffBwtqKpp.wFPc5JQG1O2tBAOjP6K615Wig4KQ_F6_DlmtQBQWNgQljAoM_Rzpn5bzz. .jfnpHn5OkzMsC8_qNUdLZifNb6vG_3bkbxVA2MXuWKLySDguPzJo7ExAlzfLBmo6OWmgd1Aa4Fn Zw5Te8dIFhvB31QilJiQqbUJSoad9D.LPtrYQula8aReOXFnOSVp9XwrKxYV0QhftH3HkA8W9Pwf p6ZwHTiUn1g0cZeN_xgQQeYc76iObr030nXf3mzApcaBHqUEtsYrAA5SlUtI2nUyXz7giQ1kXB.T PlpsPuyT51p4wPYspBIdobUuwpurU.Rc8LzCoT9VhDsUE75j5a4VYyum87cA5EMSx7qhqqSUAmqa uoq6HaGWnPge__NuI4gjw5Xb4422O8KGZep36Nz63_kfRELlmBpEeq0MPpAcmb3rXoz0sxrlzBBJ UecuRQ60ZXN1mYNEYb0L8B2smNo33Pa0Bk5fOcolvOQReiUO2Y4EFg6zUQ09egDIuNUU8C6WySbi TMrEYLRlugSQ0GJnR76iVZNQw09o1oB_YRZ.6RsonVfA0cohWhdk1PbBMbD0GaCcowVVCFf5JrBm W.Fe6SjQni4c6pxWPyinaY6KXog1_9QbJ_X6LazABPoPK5me8v7clYRWkA1NYBvpqXw5sl8F8KEy GzhgmVBWSI3Rc3D.iRMOYtP2Q1KPduNqx4f7aC6HesvNfZQ3yxvF7cYy2r_lHrvGeLupXATo7dvv 7bp8FYaiNdcl.jQIv1llBuV4axTU8wU5Ywpq0WKYEa.DWvYBNUp1JNK4ZWNNNNT34yLLOCsN53rr noQ.jK1Mq8EbCD.jR7VjyiE0PySDvBRH0OWqlsg6FvsVl.Gp2rZPY_.wU0PNdQpbNlyUh4Cq2DWW kqTvWgcKvwoIm5V2c6M3YAsXAKje_TlFfw.KmoMgPrSA5TtjvJ1Ob5HFLi0mdSEhDzguw7aCG3AY Y5frcV8wxGYRPnYAGydVBaEgKPuP1dej5tsk9JcOOrC3gCTyeu7kwmzctfTARDaj7W29cRHE3Qa9 mAvv8Xv668pCJOKiMkDbOfd7K9.aqt7pqjaw3mEnllmUoyi6ON1B5Xd.tjKoxG9uuHbisof_9ZuS I8ahx878N8m8lpof1YO9p_xgsRt9._LICiVqph7xY0ahZVWq4c48cVPs6e3XNe9UxaUU9Xz9SOTB H9j2z4ZtVU7Wou.EW0LwMKU5GWcbf8BOm0mi8XOEingxfbwOK9zAYvdZpzHo4SjnwBy53G012vt6 mn8ednd_y3Tl9tsaGQMn8eIYD_s5Krgn1SYXL7nD7MXrDGKBBRM47UhhQ6C1st7g12T9GcUDjD0D 1yEyc5WGnMrA368nmr_bCmDf3Ri2TbFEBCgg4GMk5Bu0Kq3eZsrsZq3k6cwUE7P8iM7DG5pXBJT. jZcxIw.ZMC4MoobQJXb_DcpEgBCeXpNkiT3bhjO6XTMUCVi9axyzdzyKA2GPmRhT6R9lUpjoAdh5 G1FWojv93dQqdYlOwoH8swV43YssKxN8yLXXlQ8XItIy13NnPSHjaWAQQkSaCn5K991.Q84udzei 2DQTYypCa6npXxc8BI24PotBOrzvlJ3lXsW3yxAdu0u89djiLdOMyQJyUJrCr5Q_GCJzYAhpjjYm hq_wBeHAWhAkAo5K44G2v.NFfKfSqMaIqcGwC3MF4KdKOSPELKnd.40j_nADyLwAOf3a2yXvDlD_ eHwYqVt8.cn.uvV3_UEi2H3OMlPog2i3u4BD.2QZhxJ_vyFnazc3_LYg81FMYAQg1HhBO.e6abbz hX4RJE0ZELTtU.51VQQHcuEx8oWAOiKAwgnDXqgAm3dbDS0ChRneAw_0yHg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 00:59:00 +0000 Received: by hermes--production-bf1-7f5f59bd5b-b6lnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d0a6274eef1e7322c21c22475730a9ae; Tue, 28 Jun 2022 00:58:59 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Date: Mon, 27 Jun 2022 17:55:39 -0700 Message-Id: <20220628005611.13106-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new functions are put in security.c because they use security module registered hooks that we don't want exported. Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler To: Mimi Zohar Cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 24 ++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 7fc4e9f49f54..5260dbe9ef0d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1919,6 +1919,30 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index 188b8f782220..8b176769dd86 100644 --- a/security/security.c +++ b/security/security.c @@ -2580,6 +2580,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Tue Jun 28 00:55:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16F81C433EF for ; Tue, 28 Jun 2022 01:04:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242897AbiF1BEt (ORCPT ); Mon, 27 Jun 2022 21:04:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59458 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242813AbiF1BER (ORCPT ); Mon, 27 Jun 2022 21:04:17 -0400 Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD2EB237E6 for ; Mon, 27 Jun 2022 18:04:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378247; bh=nmEsFqWoYBqCdeY+npaal0/9kZnTY11aQGu0witiIJY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=kZjV5uwqjKiuoDa4p5TUgbstW9bYz1jV81nuMQdNwfPLqGLownndcTNkOd/Xf5pJ8V9pDYMG9V9cDjEwOuQu7FkPBkXn3jdj2/c4scy7sHgFNuPKXQTnh35oeUm9/nR16rmuHqNEnL6KuTV66Qv7ZPTVy9ej5GdZLm/GbJdAZRTGBrDs33yDRmeqLf0d3X2HouvLYXeBtj7mHU0id60upv5Mh11iddUBZeJLidra81jvKutABfwE3Wu+M16rHlsCdiRP9Y6JdNB6Zbj32vLPkEbOC7xrCN3WQ5KC5ReoYugDkPLymFGisHvpST6bdMOwDedCPBHQgK1t/qgm4O0hVg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378247; bh=wbHaa582LUoeYQeoh/+jg7KwS1x+/5YaJvDqYvvcto2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Jg4DmEbP/MZzYwOQhqLzVQrYhG2gOubHc+a8hNz4FSkMuJVDBgZ/RNIScmVzMcG/SUFBJL1VZRPwNPhL2mNc7p6NLwDzHiKjl5YlCb7I3WMMIFBiN7JJwUfuWb+4R16lLg8wGjJvaWjLuogvnOiRigTOe9RQhAdwxhXXd2KUWRtD6t3GLQRs0EhGOR43u1Eopfd0rTiGepAeoKNtYzYjQ/+AUdfws79q2pfSRsHZWJloJ/tA4Ej5sfAiTH4jy21k2hd+E/tjmeHarn7DYQsn2bY4SyLxU4nEeyFuVY8UlULiDDHSojbBvE3MrYbBoEhjdziJ2yEw7YF0TDNPwmnDaQ== X-YMail-OSG: ShVfbiUVM1k_9XCpzPiwi58xeRh4Yk75VWvavbqMfn1i5hcSRsE1EXsnibZzKKG HWkEOjSu8k0jBB1A5BH3A6WizgDVM69DwZSbS9yPizSpAPjKxYBXSAPuuSGK59xixfvozVxzGpfK Aep0HVvR6TPpKePpcUQlsn29SFghnw5.IwFg.OzjQ7VMchReirY2WUE5xeENaXXu4kCXKOw.I4nA Wwy12Xlw3VrZUpAF_Vm55AzJZt37clh4pFksi4aM8NTAZVh8Mz20rG8lvocwCvQulVUIX.ZFwnYS DkRf1cGFL6Bs93CVVUpHtJqAW2RACuoRkqwafhJS5.R6GzS9FeuTnfLbHH6s0S9jIqVlLlhdv3eQ D3hJsrNHk7PibbSb7kA4lRIbJutSLihuB2FbRFe44s_oR1ZLZmiov6RDTxMQVcCEtjrrBwbHbexi xwKdHPrBOtZ1fmx7aNQPMYQEF7XJ72PnI_kRYkReMyPz6n.5DCGQmHSlxOYpeoMlKI45UnsAbw9h WTDNkKhPsO5LooM2MTlDVBiJEASYwbQjSF3uhbVUTs2YzoxR3vGvTOCpQ0GqCq2NTSWv48dok2Py UbW2VVBProHLvSEiL5mEvtNOhVSZIAtmzhra0ZmC3ssMQ_v8qVY8lm6VZuh2nfm6TM4lVxX3t2YW IL9UohUTlj0RaJfAmN_8Lk4KSjFiduljlCfOCkZAifKPI9pPNE7xAWcOYaxB2o3y05JOTb8WNKKr sWeV1BIXNw7BVG6uot4qOqXvejZkznvPApX8SjRyy8A75PQVfLuZgNIg7do.67Eamrj24Nr1ylsK y5ZxlOdMyughOGedml6TF9KF5CvkpQ_v9k2GZ62EMPuVt6IqMhsQUXvwzhOLfoi_Soq2tUAHwGBr fPS90CUltmA4ZG..gaPeOdQpexFkyOdKaPPVwA9dRmG7Ane.kg5llyHpilmotR4D4XG.G2uobR4. x8C9YYg9kAUQn7ujqzZ1TDkA8ChCKHgBy.4rSJ290ywwnKWClwD8ThKHpbVP0hRUATIActFJ6wLr cuXCugPxPtWSakLYQq6OHfe_KLSCEDqGTorDa5j593yVXoziZdp9wKml1CZ0LL5fzl1nQoo2hkKJ yrwFg1V5CMongg0Ob5EjrXEH6U.Hv_uVci0UWdQ7a8w_BFM6nePOBz3GltCGUUKEGQvpDa87TwXk KDwXoW8_6w9fuLK8crgKvdJUZwYWa7MmnSXj27OTKLs7IJZR9j2VSNHMe44_sHnb75nSti6LGzPy 2JcKISuXJTwoCtOJ.9LDjvcarGrXRm3hTCAs.bWHHlOzHEk8u5Sdwu32yLcGS8baZPk8ZyD5TY7X QrUGdqdx5WmGRoHBhqk3WVgne2KgWmBGr8SSp4nppO4qsIhNmIXWRRGd2002UL4561wynVqDVzEL iyfaboWZRNLj_q.NkKI_Eb8zp4iwt3sMFwSlOslnNj3EnFfVUNgoqvMbzFwW2WC.t6TwnKQqGuVh iofQOYUaC74FoAvwgBg1.3f3ccrJxmW_9UEXjGJUbNmCT7uu2PHW3sqokYif7Kv5f3s0bTPGIEkG xsow4St1Kpv5hKF9YKKic0A08LA5PB6MQHnvqTVVmMwlAZBfovnwrHicJMa95DoftFPhCCIa0qYl GMD2hHfaoFkonZUoqeptK.D7WGHn.STXfmhVsfBcsGS698b8hd.0HFf8JFk7Eofv0o3MNvDf54yb kpGEv8.7S7Emza1Zrp.H.yzEEifcSfctiHR.MSmL8RdR_GgdxCjIGWt1E_RMPAHQP3j.X_kh9JTZ 0YTE2Bz1tqz7jtsQ.pNAS4_woOHebulcBk6wFS9hN0kzznn1KGGJvv.6olQFTRkxQiT00IoekmL8 Q_wEYM6bzZTvT5zp3PcfJ5z2LU7b37gFmuCMYQPYT7t6TsZ.B_3tyc2xIYm9ja4mljFgqH9ivXR7 B5uVtVWzop4zQZ2.SLdgiitjHgq82BCTCtgq5ISKjE2t9W6yM2paOZlVeRcpoeMlKVjT7Cfp9Mnq jfjrMjBKsMvSr4x3t0OYPTE5MjGfIz8.YrPopl5_m.fFMXlAiRE0nL3HRJSo3Kh69twtN5B6zIv. 8HMAL.L6mFVtajbwF12Q4BgQdGibeZ1iVlQJqZg3Az.wFCEa_286A5h0zTIQnpeXSTHZn8Qqt378 9hsOqVy77BQFqGKxYpOPusCZfQ4Qad0xVcM7XgMw6JcUZops_lYjrMN5kRDtgKvJT2GW11pJS848 QgA6V8jPfRyCLkC12g3o8JBvL9GvjuVFifTmBylWulofScFXpHXSKWD7d.dJjBJRPna4tVKQ8GG1 rcH86PItUP_3aJdf5BaZ.N8k9LZZpIsq2Ma_IBNtYyWNVsbvpr9QVnEBcPtBg303X X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:04:07 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7521274ed3fde3701c40279c1a2b59fb; Tue, 28 Jun 2022 01:04:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v37 11/33] LSM: Use lsmblob in security_current_getsecid Date: Mon, 27 Jun 2022 17:55:49 -0700 Message-Id: <20220628005611.13106-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 31 ++++++++++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 4 +- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima.h | 6 +-- security/integrity/ima/ima_api.c | 6 +-- security/integrity/ima/ima_appraise.c | 11 +++--- security/integrity/ima/ima_main.c | 57 ++++++++++++++------------- security/integrity/ima/ima_policy.c | 15 +++---- security/security.c | 25 +++++++++--- 13 files changed, 124 insertions(+), 88 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 4ead3360a1c0..f25a867063e5 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3054,16 +3054,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 029c23719a5c..ce4a4af362f3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -222,6 +222,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsmblob_first - secid value for the first LSM slot + * @blob: Pointer to the data + * + * Return the secid value from the first LSM slot. + * There may not be any LSM slots. + * + * Return the value in secid[0] if there are any slots, 0 otherwise. + */ +static inline u32 lsmblob_first(const struct lsmblob *blob) +{ +#if LSMBLOB_ENTRIES > 0 + return blob->secid[0]; +#else + return 0; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -504,8 +522,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1201,14 +1219,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2acf95cf9895..2834e55844db 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = lsmblob_first(&blob); } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 94537d1feb9a..e5530bbfc83b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2770,12 +2761,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = lsmblob_first(&blob); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2791,6 +2785,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2802,7 +2797,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = lsmblob_first(&blob); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2823,7 +2820,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = lsmblob_first(&blob); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..bbb3b6a4f0d7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + audit_info.secid = lsmblob_first(&blob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..34bb6572f33b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = lsmblob_first(&blob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1b5d70ac2dc9..f347d63b61e7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c1e76282b5ee..8c48da6a6583 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -166,7 +166,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: secid(s) of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -187,7 +187,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -196,7 +196,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index cdb84dccd24e..9ef8210e901f 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -73,15 +73,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + return ima_match_policy(mnt_userns, inode, current_cred(), + &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 040b03ddc1c7..5d6029ac52f0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), + &blob, NULL, 0, + MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +438,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +448,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), &blob, + MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL, + NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,10 +489,11 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + ret = process_measurement(bprm->file, current_cred(), + &blob, NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -511,10 +514,10 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +713,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,9 +733,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -760,7 +763,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,8 +776,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, buf, size, MAY_READ, func); } @@ -900,7 +903,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,9 +926,9 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index b04733a5d066..5c2bc6782e17 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -563,7 +563,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the secid(s) of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -573,7 +573,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, + struct lsmblob *blob, enum ima_hooks func, int mask, const char *func_data) { int i; @@ -657,7 +657,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + rc = ima_filter_rule_match(lsmblob_first(blob), + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -702,7 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM secid(s) of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -718,8 +719,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -737,7 +738,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; diff --git a/security/security.c b/security/security.c index 1e9c06607c39..1a4741178944 100644 --- a/security/security.c +++ b/security/security.c @@ -1916,17 +1916,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Tue Jun 28 00:55:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897418 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66DD4CCA47F for ; Tue, 28 Jun 2022 01:05:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242638AbiF1BFm (ORCPT ); Mon, 27 Jun 2022 21:05:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242717AbiF1BFm (ORCPT ); Mon, 27 Jun 2022 21:05:42 -0400 Received: from sonic302-26.consmr.mail.ne1.yahoo.com (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B8E122B3A for ; Mon, 27 Jun 2022 18:05:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378339; bh=nN/Pq+0ZyHWT1ZKsDlXxwMua1jP9bHIcug8QyvfySHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cNxxjY3EQAIO3qGNJK0puQbK6lot3NOJeUGnfXHye0L5zQqND8EPpvI7NAj5kjYJ/49nlNJdgSlN2I7MRuR+eZVVCVnGYNMcmCah/EwRHzezn0fou++5LtEUeX474wRDtKLhvafaY7XP+1VsZVazZVZyfvEWhikRI4icvXFqRMMgZQSc2yIFyeNgvoti98CTJMm7NRfjxq1tIvi8Uo59AZBZJqQH9sj+bIV6MEbikebvnmjGfmF2sLaJP9JfLPT1fhwbckxqhP6bURHGEYc/0KcjqXucCOye1gp9QoGy551+PrM/jrlA72jaRaLJE2F3R085ZSrZRFUYDE9pu6mqIQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378339; bh=gidIIPgp1Fe6CKn226mRD56pZU6uUmKTzsaEXBlSWIh=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SulYHKS0+qmWPYbRaQAB3B+fJaDH7N004Ys46Pw25CUD+xdYGTpcpgTewPMUYYs9JP0PlwKOLa40LjHynobHqgFk2wv7CH+giI6MCI+khA0mZ8L+y9Kyn/lZagD7MzUYvIq1OjunFMPFd0AuTDiuaFVMBmfC0BdzF7CEZVJglX+BbRZDzccB3ga4Y0atWawMQ4iFmGri4wd02MYEmJJCVwdH0I177hNnRYig7+ZIHitIdqC1L1pSuj2cHo1yC6XOSe0t69+ZRorG+25vfROG6V57D695pzMJpvl7WRC7PDZCRleXJ2VB62PAFfPMbmlkjqJHdOaI0MZLOBCKBrFVTg== X-YMail-OSG: PUwWTWwVM1mHy8geZNNMtWmHqX1nswfjouj0FI_N3_0YcQ1s33gn0nhbJWfaPJJ NGgazlGqyf1ZyqxTnO8yGsgPX3Dsm1Pmugh1Y1.U.gTUOFeDFEbbiyKX3YlNmO0hdnwDlZUg7lu_ w2uYy.kDKYIY84VhlVUpFMRuAdrJxv71qOfFqaz9G5OCVuXp971GNwHIPdWKVHGRM7gdDkxicti4 3P7256YLIAD3LnKnqIn_dckp41S5Ud6vTinPkl2.g6QLuVQQT_vdOn.6lm2PqC36u514HClWjvO9 5g6g4Nxq.BkTDfFPw3zS4XjDOImTin573NqKTP4fk9j9Ju2ZPqbAgiNnBk6uzESwbSQ0vuCNFQcP FmoXRYeEbzsbfcgx.SwnnLp05Q1rfoqQSVkreRpGGtsDUgcr5lUknYfVWDsyv.jHtfLzv1qd.YI2 jIQ5pTc_PT4E9y4.yK6ziU555N09kyktVMMj5o6yX_GlDSt5LqFmsGTeeXjeQOvTShEQx5QKsTP0 hn33OYsr32ByTqVuw6hiefGJV5ov9gDREaDbX17_42CD.m1KnE2Ruh9zFJeAy6FvB3U3LYoO.2m7 B99D1oEfsqRw_LKzaQJiXpoBkyqXgecmlYb0HnPUkEhgnIvtm.KR8Vf96sdb9Gzemyh65RUfVNCE nsj4MQGYdMjXDxTqIT1U9F6ALPZCPm2QGhvGbGtSZaPLuzNadzbRlTjabVgDYhDee4kRSgac9L4v WRuJnJrujHGaMZH7c8GANvqihW2Ya5Ba8c.jL9cH1k1yKrwWe.tBG6JPNW_yXejxXYB3ZbA7PmnI RKec8JhWhtnznBU5yqpESGIKPiEjoxRx3TAYmT7iARBYXLT7OigrOt236uXj4_MqFHCp6_f7Qnap HfmcppkYwEZGVGkdtKoPLdKlE3kF8r51qdr5s9qx1vsLZH8AMrZKyZTF7bJRD0c36JFt8Y1Vj775 40N1nGix4Lq3tj0lOW7ijiN.IGviO1Xsepaz7zo8qSNb3BaVCuP87nR5KBcDaXbax8i.qVdJZV_A jSvzoGWBP6DXMkXQo3qwB00ycWBDIpgxdrT3qOf_lRGlULvFt8RcDZdnLWFfLGELs9kXLA.wkmMT nJp3lZdsj68B_ZgCo0g8rMqWCyvXrIOv5JU4PcjjcZMA4lDT51vbqsaCnatYcGkBFqf6mt2ltiuu EhLyrFui99KoEuB6AIEkohzkFVahpAEmxl13EczCifWDVHqhTnDnpSwgf4n2hM9RUtRLRDDWV3mp H1L4sjsk935wEtR9Xh6CxUXXePPStQFvcT681DgUFjZMLJcvnKInNcobGZrxjO8DjHcChJHCpsBZ PAbpM_snUdYa8Y0oxBdbdYwu_WFmZRS14sT92BMErf8KMABOEL_iRbwzbqAF8jRnB9GkxDhIgK3Y .gM2th1cZs_BlQJZ8TyNDNkTqqQtBKKU8csMQekPCUb20Uft5pUstd.rUpxkSvHsayxCUyL70ii3 c7FmbtXtuuGG_IkELs3vqvF3XgXO0VemVimWF4aiDLwrmhgPfHqT.dP8bUzP3fvrSGSTpZc6Tk2R DeAGkhRUIsEMziUvV3wvDflQ0pufGuIwNP8c281HRnQ2Cp4bDAfen0l7mKm8wz4MKpCN.0VGUF72 8Q0BE9dkRGLTcyGuKCu8LxXZhXYobGTcCf7HiFbH1K49Tz_iNr50ju5N86cTR.YhyFPXft5hss2u Lt3i6kjCahF1kVWjitUwLhoFPtRaQLK4ijL3uAhbcLH8n5JH0dZDVvKh6PE4Z5PGCwDWtEslhmiv 9W2jpljpzlsjG.T7Z1ZIADW.C79WP7VveW1b6mK7U.uLrlN7wSr1aCHH.vr.54tytIKYmIzWNZp_ AFNPMyOK7WPgp1snK0nlRCcUZYDGNAi7YBSFPd03iQBCKPYI2e2NDvL59IDmMJ794ap2NZJf5L0Y bfVEQiZVcei85t9LwwLetEBV53z6X5jh0LNEQ5OSnA6n3iXoJslrPm0N33WSO97Agr1td_HTrNh4 ocpgFGpEdrtAOQgZEegkicWMRMlXVjH3uyiSN0CJeMT7wFeAS8A3CzuavLutNTo3rRF_lwS4_e5o n6Zp6ZM1.LAf0RVBCedmLTfO1ni8rq2_LsX2XegxBsKeWmIV0Pg_siwIre1A64zL5L8JziTYmVs7 5u_TIKmAGSq3Byhk4xdWVXZsU9rg371dovlbxX25RptiUI0pt0Wro8wJuRtZ8QTilHHGd07_ZogR Yq6521dtg5Ws6ZQ3rz5Hk.7GsexSmYjc5xhJvV4400SYQGubEdi04V9qQXjvtVOmwLLhvK3wsmrH oHnIeFnydOQU0X3fI85uYTAMCq_1YruJ74jvLmDcbIapFapqtAu97_qL4XL98OaEvndIlhA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:05:39 +0000 Received: by hermes--canary-production-gq1-677bd878b7-pqb8m (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e262426b02cfbecf0124eb7a5c5aa81b; Tue, 28 Jun 2022 01:05:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 12/33] LSM: Use lsmblob in security_inode_getsecid Date: Mon, 27 Jun 2022 17:55:50 -0700 Message-Id: <20220628005611.13106-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 13 +++++++------ kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 9 +++++---- security/security.c | 19 +++++++++++++------ 4 files changed, 30 insertions(+), 17 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index ce4a4af362f3..a478faa6124e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -476,7 +476,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1022,9 +1022,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2034,8 +2035,8 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, int lsmslot); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot); +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot); void ima_filter_rule_free(void *lsmrule, int lsmslot); #else @@ -2046,7 +2047,7 @@ static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, return 0; } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, void *lsmrule, int lsmslot) { return 0; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e5530bbfc83b..1d223176285b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2306,13 +2306,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = lsmblob_first(&blob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 5c2bc6782e17..593b0ba51b6e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -636,7 +636,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -648,8 +648,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(&lsmdata, + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -657,7 +658,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(lsmblob_first(blob), + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, diff --git a/security/security.c b/security/security.c index 1a4741178944..ad1080e01ba8 100644 --- a/security/security.c +++ b/security/security.c @@ -1560,9 +1560,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2804,15 +2811,15 @@ void ima_filter_rule_free(void *lsmrule, int lsmslot) } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot) +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) if (hp->lsmid->slot == lsmslot) - return hp->hook.audit_rule_match(secid, field, op, - lsmrule); + return hp->hook.audit_rule_match(blob->secid[lsmslot], + field, op, lsmrule); return 0; } From patchwork Tue Jun 28 00:55:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897419 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B867CCCA47B for ; Tue, 28 Jun 2022 01:05:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242852AbiF1BFu (ORCPT ); Mon, 27 Jun 2022 21:05:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236092AbiF1BFn (ORCPT ); Mon, 27 Jun 2022 21:05:43 -0400 Received: from sonic308-16.consmr.mail.ne1.yahoo.com (sonic308-16.consmr.mail.ne1.yahoo.com [66.163.187.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3BDCFEE for ; Mon, 27 Jun 2022 18:05:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378341; bh=aUnTdpDgNfpHhclDAMeUWOwCLH0k3UygXUV58NHvsUA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=d017HsEMpayT3UqPUWaBrQz77Al/hEdlU0DiMBSaUsQPJA/jIdIkSdDGN8FIClyrjpSs4F4JmPVmzClgpDbjBV2v+8JBAR0gU+ddlINZKb4MVZgq83KB+f78t0v9U+0hoWsy9o5mU/BUgWbe88LS7Vz0fLrslQML6dr8ze3I5ex+B67jhD4cWM8XMRsBX8SS27sOgC3H86Fq+6sInrpuG3TnzDIeq2N18JmQYvJy5tVEk/IwHQPE66Di0Wutny7QVtV1rWyM5g+yrzq1zhCkBAE4BgRf22039pCIi1vN4ozmh+MQVKi4ZfA+p4I7Ed6835XiOCmsN1cUZabm0YBIMA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378341; bh=RCdaXJyOUa70W4/U9RPtLhEXmHwN2j2js3Byb72Y3Id=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EETdhhvYX50iIOnmOsiq2zhEafTHzYOPY013ugpB+b3CGIH4OFp2c2V0rKLEKZQDgw2gjK2eFQZGEnT6NhI5XsA7VXxmxiDgoO9zgaDBpM7oJzQchpyaiGXtx/VyUJUYGi3a2rok08RsHyfeYFwlCqit7AF/Ab1rI+VU1jm3nfmXwHi02pNvob3lYPRAjX28Jr07imBxF9dn02l8/Vgedm4QJfB+7inWrStIAPqUWC/MKC7698v2/uNtykMZ/Fw53yZxAtB1t4gDuSJxs21xRUdySJm3E+Ek0OY/vzsZzmduvMo45mgC3mZH6HEy8qEn3+AAvcwtETVmyy5w4NqU8Q== X-YMail-OSG: 0auG2OoVM1mqB9wdPVaRUoL0NiS3TajwBV.yATIAeenCY6h7vKdAfzyXOcElPx4 DufDh371j2U_wivoReF2zrc0RGVn._3QOXq3apu7ogqLKOOaJbv0di9xbcSD23VDjSDAPt2x3XXb XSaERb1AVr2tst0t7QQXxrG6ZjAlP_mQ6uPfFWLK2nU87IMfDlr2ySU0L7swKCPvnsTKEBIK_MMQ f8HvOx9khGcTW.iTrszE_dgE6H6glXcjdUJLWaUizS_NSctzb9hOMOHLkuG25JCGRUcQmRbXYXW2 QOy.wsd4tsWVvn1Ylbg4vp_Z7q4O_AGPBpv8gPT1G6DpSg0hwBwkSCUiGAQFrc6HLCEmB9ou5Zzf Qj6XSCHot5sdN5C7qH0UnqFMPbMI8dj5cRcIYjFhd__Uu86C7oJN_5AmUtL_ANbozTu5phY8O2km xYAh7tXuRHs7qZ57wcUSWEjSmq9ZF4zcZkfHwNVYNkWDbg1Xdb0vloWahCLkztCkSc9XOdUSVc9n DK.ajCm02.L9X62VSb1vJeVOEsYNbRwf3oh9mEwIngE_AWiU5a1.wDWjD0_D91U.jcZxkYKF50q1 rFy2OZmvi6mIgZ42YBvMj5hXqz6XrB22Re1VMZFRFoWTzn2xRkLMiH0quPL6G8dA6gx50oO7GimQ 1RtVBYpg26sKjYEQmNgRDMNwPFJyLU8w4CVdXZHoIfLEEp1siI5M35PQuMCJ6NYODi7VNgDQsKWo XuHx.bXPePYo9NV3T3nVgAu0_kd7SH.Q7M_kixKuTL4Gwgd8pYLsCgBgnWMTBvUnp4ZBgShCBY60 fBjmwYxJIJ.DBq1FWjhN5cW5RQnw01sBc6I1iCCOij2BVk3_nXb8g7gUwBuo.ZqGbFKENQq4J8EW nWNHbz0nkGXfQZS_G.dS5jj5meGEKyWJyS2v8ZoENegVHt9pmvBGgxUS83daHeRWy989uZYpXlQn KtRH3c86cK1vDlWzoBntwp9qUK1oftqrbGSmzEpK1GT4Z2eIztCKSEl7vQc33ZigrnPKq._3jK3S D6zNjDL5_P4BarFl479mZvCOmzU8FfH4HCuhpIy1tMXNPvOVvEtU9YMxt11tm_NMNUIn01._WhuU hN4nGUPhkK7I7SRGe5d1lkEG9QFafTp4wlbdPiu_J_kMT2Ds0NLVEIRbrNH2YoMIEB_8k_8eVDCe pdwKaN4_7rufxHfna.i9orPVEpld9LZmzi4BS_261mjUFnCF860nniAuP65LT4VejPxX4LqoAujV znSa.OmVH4RMJnzsKAiJfhkL3kpUjWVKabfCU.DXI5qiN839sgX1U1c.c7iqffBDR0IN9FPx20RM H34yNUEYJi1XI9qhfYkrlxnqjp3Xa8chdIg3SsnEd6Rt7KMdo9fefq.oxMGfClA57fmH_yEQO0Tj MDktYQwUuQQK2bvt5T7BOGwX1NqtBCs47atS_5BsjoyTjWpm9DIvArN7CsTmllSDKmNbtb5U_d2g jXtkg3LHVQ6jNoUt3DQeOiFqSLIx_lVHCnYI.6hLeMWxio926RpQX7.XUHSUS5ngs8I83f3HuI97 rcw0BosTKlCt9swzl_eSwAtB3OQb5vxQvv.Iq6t6JFdwzWugDjiVf.dH5_7.6Nx37Lw4b4A7gN3_ LjUIukVgQMfig2siMkyMuLWOD4QMB5TyNKBByKBH6H0hSPPkxCsDU.__Qw4IRGxFzhjHndOk9F.d y.APN6jlcPKQt7yZAMsehwF7f50Z7kIr8J.m.GlvD9WymQY0Oadwpq35ZMbO2uAxKjoaRObW0F2j WDhjTt3Scymbbf5..MaBzDvoKw13.MjwMZmWx1WQ2LlJX3OE29gd_0PwZZiHKFUZt6CmWTcRj0_W AGY1B.P7dlzcH9xmSrxFbp6p0OT0lBUePqfpL2d6sabbfqcNDsO4zd48mveiLvAdYX3uVfvAVV.V .0zhQkiml8647A2RoQlo_tQ08W8LMcnnlx_X.4kaMXxHbLKrVnZtIXCKtbrxdbg4.KBtUsVMEbs3 uIjt2ej84M3uDMehTC0aGNLP3WiICT26Xc8V1AYS3ieMvJisT8THD.SwtUZGU_48PsYEgA6VQq92 OvD1jZHz5.kGVZenVOZVKt8V5HI97yI46kWrtqXrP9YiLFjPxsOWZUILQYO8wv4LwM8HFEK6.eQX dhP3FDpgObqo98ElXdZW6h31QnyLUCG7yi0c2gsQGq0U_Y3D86x623ieF8TfBzWXoO9XXefOJxmN AO6ee1rWPMvMQdaVpGNAjwXgiknsOaor0UV8iv.Puh1bgM7gNP37OX.dIQLDvgbEXnmrkebTMH4_ 4Q5lGX0_bWGjcseyUBQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:05:41 +0000 Received: by hermes--canary-production-gq1-677bd878b7-pqb8m (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID e262426b02cfbecf0124eb7a5c5aa81b; Tue, 28 Jun 2022 01:05:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v37 13/33] LSM: Use lsmblob in security_cred_getsecid Date: Mon, 27 Jun 2022 17:55:51 -0700 Message-Id: <20220628005611.13106-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 7 ++++--- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 5 ++--- security/security.c | 12 ++++++++--- 7 files changed, 37 insertions(+), 60 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f25a867063e5..c2f71c22a90e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3056,18 +3056,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { binder_txn_error("%d:%d failed to get security context\n", diff --git a/include/linux/security.h b/include/linux/security.h index a478faa6124e..61d5f23103b1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -503,7 +503,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1143,9 +1143,10 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_kernel_act_as(struct cred *cred, diff --git a/kernel/audit.c b/kernel/audit.c index 2834e55844db..f67f1eb7f4fa 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +static struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1d223176285b..fa3cfe569ce2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1814,7 +1813,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1823,7 +1822,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2765,15 +2764,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2789,7 +2785,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2801,9 +2796,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2824,9 +2817,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5d6029ac52f0..ecaa0b96bb26 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -488,7 +488,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -497,8 +496,8 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, + security_cred_getsecid(bprm->cred, &blob); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } diff --git a/security/security.c b/security/security.c index ad1080e01ba8..6df37398cfd8 100644 --- a/security/security.c +++ b/security/security.c @@ -1810,10 +1810,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Jun 28 00:55:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12897420 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4430EC433EF for ; Tue, 28 Jun 2022 01:07:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242609AbiF1BHR (ORCPT ); Mon, 27 Jun 2022 21:07:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237516AbiF1BHR (ORCPT ); Mon, 27 Jun 2022 21:07:17 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01F0622B06 for ; Mon, 27 Jun 2022 18:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378434; bh=aw7sdlRZ8+yTH4ZutWyqDOvJ3351w3XteiZy62cDUVM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=YY3r3riZc5HbOfs1ic71Qou6blZT/88EC6ngwEPCvV9b9cpIUKvxLDXQ3QmD2Wr8pwUzrx8kLEzaVl942vQrjVqfFmwUSh91lR4MAZiBOJLITUDTIEq28dt91ghMiCDRLpuk4pkW8bDrDzTpMYqM5HN/S8ghvQks2pvikPlyYAJlz0TiDg4fscTB/YlbO84VYVdDX07go28lGNLhWGwBp3g4o6kGIhr+pQxIpLGGV1DQjUuReIgXoNgpENMQd5Fl6keA+LuvQ+sgIajg3C0V7PsoUnfBwR6edguomDAMtk1JFNkyfsXljcCmTU2nXXnR6JftzLVlClUCY2sSHbafkA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656378434; bh=8a8JxfEKsl4hP/RPXhvPmjxxfyzvrLjdGGuivDs/i8j=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QzDolqyQvbaT/HFve69pyXUkioiPYQCRGyC0x4LRgAtay2osjmTpsW7TAyRcb9mYkAQAd1CfcmV4GLVKY6f56rngB8mAguVedevjbmW8Nf2otDppW/0RXjWGf8k8yJE2ubz8V2Xk1DEpdS2f1OjIJIvEiTcCuktZHsE/gOvwrnNBCi8Q2pk+0x8eOrUCxVB7SC9WXeN/PTG5gRq2YSs4i3pbF2jHG2WZyfEvECqEefeMP1TBi4mFtVHrF7VnPSF6czNL4O5lvHknandJcANHQWY2ENNQ5a6boDfT4J6l+rbsqcPLXH688zwbjxGYAwuChZ58/LwNdt4PckltadmXUQ== X-YMail-OSG: BbX5a8YVM1kl0nymA5_sb.E2emLuMr8Qnnz2kRiSToGaxeefgOUzTChJXMPlQTa yZPOd.IkJ3u7gJ_hul50fUbt38PtctvZL7cBgaAMDkRlyI81DEN8Px.LXoPfqEFbiorYyLpLUQri YmvKp3loecIEMnn4NEaywv.3bW4m1MXe_Zz19Y.R0oZbYH7CPXWU_dQ6U98TClQD.K8k4uD7NU_M a3pFSRbnYf9RbRzzjde3kZhepxVvbIGIwPsftbc_BA8BXvBhhpk7EYyvCKIdEzDEzkiFounJcdJP wtCksL7hyhK08v2o1.lAkh70162SyN3.S0eO5agnmsDk3HATjT5JNH4FOuDbMlwJrWrAm.4V8eZy uLdWkXWizImwt4FpwYLWiv43zEhbisVqNRkpIRbjj2guzlk1CVDqdTI9WcVHLhcK0Q7XUs8fUuO9 YTMbIGxQqlMrDHcQK6i5vBN4FiVYaNDoVlLkeQIquRa5YdOcUKRPRBLgrRCgBszBG8XgZbU1QbAH oErJS1wiHvxaknYKfJmIK6vPo_YR8B.ZOfblH7Lb3YhJn7lja3cg87DTVen65VVsMpCoWSM8o2.D ck_zkEFBnnTCI0DClKOt.delWEF8owamdYW_VHs7tmQzEDIWq6fFLywugjax9eQ2JxqFDR8g9040 MVanoYx0pjuaEJby94tqucTxp0i1PlHHcHkASVK4AkvGoISHfBWVjXN9ICp2oSwLkaqMwEZXPi5i m7KN0eNbf7fgINAnZax0PxTjoMdl2BDhAHlrWHDJdiKseoi28lgYZIHTvyNKqnL5qe8o6u7Xre7Z AXV6jnAy92s07tPXyTuYmm1nmglLdQg0E2YmQjYeti8ye8fm2fHgclTWiVDKyGvmoO2XaTpihgiA 87QQ42J5hatGyD9wCfwhQImN9BJ3BrR8xIB6UEhjlQRuMu3mjsZXYqRzvngjrIJND._D2jv0dMZF ZT4zMo_TrjrdNhvrKE7vbsJq7enyFfKgPZln2jWT_glfC3znc4RSROL6DRYyB5o65dKW.PbxEcw5 pqlhPu4u2uPk4feS4tR6od1tXc0km92QD98OVfxjAlMGLTD07JFfnwSqbvzFth91.rKHTNdTW9dM dgh6y8weZXojz8Ri3RkZijVgTYP1pwtlB3dkgHTGIyjUj8TW05anEq_ho0fdPAKcCZ2fH8kTPSf8 KbRKq10cSCmo_apxyz5uHYz1LJKj1vna4M2zhlmNNty3BoTdTZ_NFhwBqWd2xsgIRrpEfji_q0Dj 6_EJrWXll74C.5FvF_FevNDkVqGF9nTgDW_6B1Qt9IERoxdzHJOPIucqLOo5i0rXDKTZ6Jrivky7 _MyJAMOYAdzc67jglh.npV.4T94jKJZOD2aE.oHmQSX_VHYYlhuXJpvPLN0cn0LrbNfblTOFTHZS RXXILoStZM8GvxViETAvjHXQMKYLit31zIAaZ7UMlZscEXcunHSAUssXV6JGZP4JY4AVLNktvH2I HtfAAV4yTnkpe_rkZoUHnoxxcLdY.oRP_s7Q3zlzKfYVcmHxfEGfqbtyHcxRXOnyI.2BcVKZ9pMN 3jxvCGzKjN.nbDGSkCEOo9vjD.lI3EmQaRN5mTmb_ttULAR00dGQyOVHC8QsKb5yx41lJxwrkIjF fVtBw2HOKJ99sOEaNnLUwWLWPCkEP3qH6Iaif3Aoy0S_y5dCecJ1eqv7kmynwQFHvnNRPq2NRXfF UjXtqM9pt3SC36beAgV.gZV0TZCV_A9Wz5AcYRqGPl0i6rBcYLKgyx4hd_gbdwHbYNU3gKbxP6fP .mc.YtgJdrwXmwE51XCKaGYAPdJptwds5Qfuc5RTvciMWRujhpvx3FTvoyc1HvjB0yEBGKsrJ58u pxrhvs.FrQtsqnkXxdkqVwmiC9YanaSLkE.SsrT9gsbaStdoVC3SNmoiTqeIU87rnEd1vT8aNvaG dQ6_tZ4bpv5poWo.Vs3GWh_kE2yA9TQzl7hciRBUZYNLU9C7qVK528jg3MS34r1PxDgQ.20X5zZy NnckRrOv9f3e.IloOxFN_qeqPoL6VfDkNfaJr4iTpkM5tTbRZHKWjV58fKPR6QHWSQszZlPGhXTq 9bnX5IWL41MEYzwUjZ1EYyX1uMRlyGZhfuNQLIu32LlhuZHtg6m.w.JzWOwPrkFoIopU_ihPzviD oqRmcIWVhLkiJpihDVUKp84pkyn.SAtC.uicsz1e1avV52Vxsn4f.w.n5O7p1x_ar6ArW5vlZ1.b zzpDiFdTyHuYpCuqzxyErN_9tnYSoqLe6c7jXSqD1v34PagBtPepfNzpNUrIEbzdC7MJh_ekJazq Jv62nkJWb3S6kY4F6eDIhnHfL_x0dw_qdxHZENyMAhIGFiKpYbSsxWObm.O2XAueV X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:14 +0000 Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b; Tue, 28 Jun 2022 01:07:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v37 15/33] LSM: Ensure the correct LSM context releaser Date: Mon, 27 Jun 2022 17:55:53 -0700 Message-Id: <20220628005611.13106-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com> References: <20220628005611.13106-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index c2f71c22a90e..9c1ed7fbda87 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2783,6 +2783,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3116,7 +3117,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3532,8 +3534,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index f141f5246163..4c4dad4713b6 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1391,12 +1391,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index c0fdcf8c0032..d6bdb0868729 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 61b2aae81abb..512ad208d62a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index a7a445bac8ce..a20fc156c697 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -137,6 +137,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -589,7 +620,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1453,7 +1484,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index f67f1eb7f4fa..23c8f8cbe8a6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fa3cfe569ce2..9ed58db58965 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 933a8f94f93a..70ca4510ea35 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ddc8cd65ed12..da36301e2185 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 2c1f3280d56e..644dec6a8ef5 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6269fe122345..f69d5e997da2 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index bbb3b6a4f0d7..b3e3d920034d 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index d60bc6abaa40..e434f085afab 100644 --- a/security/security.c +++ b/security/security.c @@ -2373,16 +2373,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);