From patchwork Tue Sep 27 19:53:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12991209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EF5AC6FA86 for ; Tue, 27 Sep 2022 19:58:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232346AbiI0T56 (ORCPT ); Tue, 27 Sep 2022 15:57:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231971AbiI0T5x (ORCPT ); Tue, 27 Sep 2022 15:57:53 -0400 Received: from sonic306-27.consmr.mail.ne1.yahoo.com (sonic306-27.consmr.mail.ne1.yahoo.com [66.163.189.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D892C1C99CA for ; Tue, 27 Sep 2022 12:57:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664308669; bh=q1O7nAXq9hNq8lMSIOSddJXrQKGCzeTGXOdZUvFDVUs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Zy49jjrAVJTILeF0oDu8wZp9vlxVK4zNjCAqI4ITN54rWEaxsqxIBFXbOzRjpU9ek5FIEv73zsoejTk350IBaRRQIGFpmg1MWc9BQHG4jb6K6terSCyBq7wWzs+zQcx1Fgfxot+nJcUiNMy/GzQzKzB+PCB08/XtFZ34Jap6BAr2ZMKH+tYUKC539uZHJ06n2bSNFpjorqvm45D+PvBxTsXMkrkx0NtuvknXHyxQmpwB4m+xnVuvVygzH9QLRPj48WEzZfGKk6K0BvOcu28SrszeF1YKg1shsGpeIcl7aLgJfVYoNVQPQyonlNuPz8OE7ez8s2NDUvuaTQsTNwnSOw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664308669; bh=cO24ohb/F3lhDZtKVLSIktBVCK2dDcaYXqe2AW+Zj2G=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=VrTaOFRJqIGO4OsdM9TRs4iFRD0K6hE/E+5ByIaipqxlJYhMG0G2xYPawdnwArXJJLbtBSTZiRqgvfIzqMQvnLRJgU7dqIgX9P0B6hChUhc7VHsz6yf3QGmAKv0SCcIbF1bAlu7x0XfJqseiKlxlFEQsszcnE1K1zMQ1LXf7MM3fbqla43FKSKstveuSBMpZh0EhbKfHuTpZrfzjQLi/XEGm60qPzJ21cSeiF5cJB6LbP48Q1rGFfV5hckl/VEYUhABNFcfRJHJlKJUAolnC7Mb+mogk+yb6lkbtoz8DLO7vjGqMvR+o/VAN6HxvspwdmPGlKHBBg7CEkr5JlmbRKA== X-YMail-OSG: hGZDFGwVM1kQ5JVyLRphabpMip28IMO1uWKfwsKQEy2zKiCkWlQMdpCX..RgwrU 2oeRIVpEZfzNklUT1peOV.i4T6kkMvKgT1v7EqY.c5X1YKuTH0t4Y3RvpFI0V_ypM7vZUgGDU0y6 Bx7VZA9.jMrS3ezMYLfra76J9opub9K4lHOJ7em36bKC9BHrLxwgW7jF9_GSrWfgsoPqT0u8nQ_A 2dFdBnh_qWiGacc3vu_LDbnCZl5TduXTMYZb2fKb48Klq9uigSPfP1O4E_ZBtETgKchJvB9ixpJQ hUCPD_X92JcWKAWm1rlezao0cdRgRD30QpX9f0bsvcRLOGZTpluHMGApXx_8Ld5ZM7U0ZaSPp58s e7BVVzIPPZejBi2ewCtimPKCRA9TJZQzdEdT4A2_xxeFTy47tGDvKpuXUtA0nyF0ShPpeQHPNsOR SxqjZTuH3.YM357CMudF6i2PZK0y3P776Z3Z3TpTJUgUSVrED.KahcLcoyhEiXpBX9NpR9CYfMBm GddNWOkAIAgBANxIlZbHwGOGADnJgJo2u9txJuSgn9rNveGtYnoGSL5_AhKXOb23GLToSB5fE88D OicV.awyxJYa_BL5RGuBQSbnyfeolLW7yvGarJ74UlR6ARg6DivBuCtuM9FVLWkKYVAWUL4tsT00 7X87wi88EqDXF4GgaMXxGaBjRtXA8k3NBFjFMNETdhb.zEOxC3jySbvHKq0Ounr1C38YIJpWpUUy 5OU1oKWexNhE2lKjK5MEC.aJ6.nh0WdRGOPAeGq1LlqdgBpYIYljFcvgLieI1K2g4vE4VyvfodAG QAWupM_d51aJ0ngFuozZ_FhZJoQxmyFUAvJRpYBJG9OfivtOwCTzpRlY6wnUZDySo53f665lpnIy brAGlwVwQuaaufaZhIzUPLL53bNUYrlAGeNp8v0VqCL294nTS_NL5RHSEFxA2a8WUsfNPoY3Bp1I C72ftJSVkd7H14aG4117LmPpvDhevYvICuVhsKa6S79VUHW57eFGNygD7acL6fDTSf_4btZLVAUO cXBMZhfBzYkle8ZKg6AGLsbu4IzXb9jmk4uZxXV.qpklb0b6rk2rFgKgOt3vnPbMu0jWfzqWq8U5 or5aONZucm..JT_Fnb7r4aZnQNt19tsBMWKTe7F9pdaou9hzMFQPT9jCErNWMl1.QjBDR2ddqRAH ..YLLHIg9pL1yW9r2IjMRCtonDjNAVlIb0QRwtOrDV1MMVy053AXXLgXfN4QYEYNzBFtD02ig0I9 RCEDLLxzlxwZV8wgAM0eA0zYePiLLNXKXJmIPB82LLYogShU9ykJDAxj60va5SRZ4ZkeruHZSSds ITY9gpgNI6R6lNu_nBVTiuXiyQIw7j95oISuDgBmnolT635sFyH3ZbWYjDl9JLcCqtfIyNssBNus WU0.Q3eeor52ihlCw.7Uzw8ASd2o2sSeo5iC_mfNazoQkSeEjGGT_zU8KPAZyQb2TFvWjBBRwHew q_VyziOOyKcv6BcXwa9fHh99KXnlkXia.uibly3qmnTleZil114ZSyuyMxJBlshbmWHWxLNjoHBs Kw6DNByJ3ThMRyBpRfyOPTbyLewaSbMF1AZ3jfd1EhMq828kWT475tmIaAZtcWqDg3IsGwlAItd1 io8Qe1Yi8chvSmiem9OqoWqpWXQyt8rEipAI5b8bEvjuTmeIhIRaBBScMD9CW.cwfjigPC1btEoE aIVqyTrHQpbRHAfPV_vj3mp.a6YRTGu6x09hcLvpwZEGoOKVGIJszEQC360earARLh2vp0OEpXgE pvUZqkV3WMeFacKN.KgTEHszhPBfSmjsD4aOspHPxR6Jy8pXd0KntS5dLLQDyj5KYihZAKIG1Ask MbwSEvlzbk2gnXScIkjaqqP_y6BZ7Qw78tZdwrPI7T9wsHsy0rBYJHec9OWFQtL4JKuE6hOMnJXi os.1C6CmDV4WbdOQLo6QBZorAytSN8yJLN.dcMHV7.t3S.sbzTs5jOfurwEZX7LaT_qSZG50B3Zw 4irGM4hDNVgz6ve8f2kw_9qE7gT5JT6W7WWyIbM8nxhGs7HGz2eji6WUFZxWbOlziT.t5GDEyXZP JybyLfxP8jJzSBqV5cMi4cV4zqh4azKjYEbYCe08Vkv36qe.I4clm4GRLmLM3BIb6E0LjWTwsuXZ bmDbYd0Kwlqco_U0g1lhYCZnAxflJt570QJdy.tkAYt8e7.TXPm2J6dVY6WKwS.rTJXWPeB.Jghx 9brVmT6IycFLe1tS1pYWu55Hg5VWdJrrmM3hWrtxLmJLZ1YrqfOYJ0NP9kCBPbHOJElUXWpW3bId JiTUvK7ymPg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 27 Sep 2022 19:57:49 +0000 Received: by hermes--production-gq1-7dfd88c84d-65w2z (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 29caefd968e6c103fbfc34a90b4ad636; Tue, 27 Sep 2022 19:57:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v38 07/39] integrity: disassociate ima_filter_rule from security_audit_rule Date: Tue, 27 Sep 2022 12:53:49 -0700 Message-Id: <20220927195421.14713-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220927195421.14713-1-casey@schaufler-ca.com> References: <20220927195421.14713-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new functions are put in security.c because they use security module registered hooks that we don't want exported. Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler To: Mimi Zohar Cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 24 ++++++++++++++++++++++++ security/integrity/ima/ima.h | 26 -------------------------- security/security.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index c4696f14daac..fe3273a6498f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1944,6 +1944,30 @@ static inline void security_audit_rule_free(void *lsmrule) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_AUDIT */ +#if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +void ima_filter_rule_free(void *lsmrule); + +#else + +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) +{ + return 0; +} + +static inline void ima_filter_rule_free(void *lsmrule) +{ } + +#endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */ + #ifdef CONFIG_SECURITYFS extern struct dentry *securityfs_create_file(const char *name, umode_t mode, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1b5d70ac2dc9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -418,32 +418,6 @@ static inline void ima_free_modsig(struct modsig *modsig) } #endif /* CONFIG_IMA_APPRAISE_MODSIG */ -/* LSM based policy rules require audit */ -#ifdef CONFIG_IMA_LSM_RULES - -#define ima_filter_rule_init security_audit_rule_init -#define ima_filter_rule_free security_audit_rule_free -#define ima_filter_rule_match security_audit_rule_match - -#else - -static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) -{ - return -EINVAL; -} - -static inline void ima_filter_rule_free(void *lsmrule) -{ -} - -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) -{ - return -EINVAL; -} -#endif /* CONFIG_IMA_LSM_RULES */ - #ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) #else diff --git a/security/security.c b/security/security.c index af62f4c1cc89..b916469388b0 100644 --- a/security/security.c +++ b/security/security.c @@ -2603,6 +2603,27 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) } #endif /* CONFIG_AUDIT */ +#ifdef CONFIG_IMA_LSM_RULES +/* + * The integrity subsystem uses the same hooks as + * the audit subsystem. + */ +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); +} + +void ima_filter_rule_free(void *lsmrule) +{ + call_void_hook(audit_rule_free, lsmrule); +} + +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +{ + return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); +} +#endif /* CONFIG_IMA_LSM_RULES */ + #ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { From patchwork Tue Sep 27 19:53:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12991237 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D804CC6FA86 for ; Tue, 27 Sep 2022 20:04:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232747AbiI0UEi (ORCPT ); Tue, 27 Sep 2022 16:04:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232548AbiI0UED (ORCPT ); Tue, 27 Sep 2022 16:04:03 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A5461E8010 for ; Tue, 27 Sep 2022 13:02:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664308967; bh=6043FwQp2iKkeXBfReBtVRCeedEqz2XwfrThiZASZlU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=gBhmm8iQFH7C75vBChgJl/zZrkA91Puko+BB8pRlJTrIlW0YQaTHVR2wc33IYkEPSgZuzBQA5luW0awZZrvBgDLtHUV+iOA3uc4t0GSNvHFm1sVfxUuXp/G21GF6wqk9gCVmcLfKAr+gxtBAOp8lRbcJZtmTnbSIno5AmiGmXAAZUbZoRKts3NxJU3SPDi2YMwmXNiThVu31zU0bzebqBNimtBBZlkkBmoIODb+3bFswUv3IDXdIK1NPftB5ArfE2K3zXn/tkiXWmJpr1syB0EqRm70KhrLBvXEgORtXX8HMiih8PKcnhFo5upCrwNyUPRsaZDrSNMhDyM2dsrlH8w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664308967; bh=F4ORydJIhwHzTlFSFWQ0UrKJPw7PIInJAvx+VN1hgLR=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=DlFbq3ckIhZ/CZrw6fk17XdjxxXPjniXgL258Rax+xKzFfY2e/jWf3UiYGol/ccZv7/nlgxPMXMhMBv8WMWMvJgDwPRgpvbj4LyHmV/ndFfic2oI83lHMVsEgyBhiyp7ivTAxGoBBIC/ayNXEmyRiZT5h7dAu+3C4Zgne17RawvvxgujSm8fRW23CcAlSXbvYrQL+Xa2i97+XnA+gAyYXi5nnZDN1bBff1gh5RS1xmwuZ3Hc/siDEFrund8g4iTf0jUfoom7oPQZSKpdpoSlTwKOkVqsqowXF6jMQ3tL2gJ6FKKhMJ5qE+rQ4Lft9wlfrg2W1+lp8qVGtKqfuDRdaA== X-YMail-OSG: f6fgYK8VM1mo.FD8wByEM8YWL.KS4Aev3_6fxe80_aNhE2IEC8r4P1uqCVBsJ7a 20B8jmqmNrVZ3bZueoGSJNouT7mc_80lTudmA2Q0aaoxA8CNbPzna6zx39.m..UeIneOcGjye6W2 ApbVOdkEgMEO2iplRZhd_cxnteoN5U97xBY8LzA_nqhTp.DdM1rJmDh_D3D.IZ3cUTEL1rpVtO_C k3CFRW5OhczXj1hQRiHra_VOPTPkGuoW5kMvAQtSFMwP3EHR2CjOHWUZ3TBOtFnFkQwGuci4oKY6 xREOJEmliO_iEIyhbOkVfJzg5WRrmSM1vReKKOYiqrGfriEePqwd2.0wRGnAW08T4KCBbK3hYajq oyhFaoQpL_SgF9lCQJ51F1bo7bQob_rsRJ7dTPl.8cQZUgvSkfr8gNGQ5S8.r4BdCnQr8aSIMQfP _N3QQZfa29H51SyMqYLq8CfvPwRP3ruqkshgBLLIi_IfHMCMD._FddGRPSaWPUK7LIc2iq_gw_O7 V5grDktoDsJd5xDcGPnLb6scPjPL2qrZciOoqNOESJrE.xuCjeL5Q2ujS2l42IXDMob.rhVqOrn9 vtvsgyj99jl.dc8DjppR2z0RYzKPHwoqJeJ6bzFX9UJzeUaXr6ECmvs30XwCE_zc9t30CsYk8vgu QvfKuLhW8Hde1TgGMRoMrWz69IFefJyrmCuaToz5P65cF_yXXbcAr6O7dHT3Veju_ldyY1FMjBch teZk71n3nlN2cWZfuSMwoHCpC3BVssGeJw_lvzdJeIJ.NXZoOW4eB6CnuUuR_X4VENRQana1CHYj y2GlnHVBlVkntVdlR8WOO5Dhtv2uk3391ZtAIycdW.A6CDBh6b69.WQHYLXuDBVM8XDPesOu4Y5v lKCOJ4lCMi5AVf3WM32Tqf1m46vcuT5VlMN182vR_GbHaYvymSh.5aqNRSzKGLMvDb5QoNR.IrKQ A1TMOQLASM2Hz3f6kfVRSgLf15EFCrtJ8DP_tCREKUBtPatN3bZ1ZV20.fu6r90R9UZ8eD.lCmRL j.lacdI9bqakD5JPuK_HLd5.ZZoXzfKkk_XSk2cMWifccn_bJs_aMRfgvONf3S9HJZVaDnu9eMHg x9dgOUeh2ugUPVBj5M6vXvKL1BITUF0Lw4rKbiMfdE3JofSWuaQNMF5iWG60ybHvxfXLfuxoZYcz uaALAqgRbZ4QXpoRweAPam3htWXwEzy8RdpJCB_K.Mzk0SujuwRF8bRPGmhcE0rgmlcW_jloCx2I DDHVKPJRmeVa3yvCEyj52yzE4rmrFMzh0OIzko0vumrgdhESbqBDOEocJjQT4d613Zy9M0RVWWen 68RjZR3uGBAPnsnk1g_5X4TSK_4nJg3.cjwUDGcMIzRtfIjew76oTLnUtj4850ATIj28AOIAgQNx QDY785HTXrK1maDcvWxY5xQQWYKNvLavGz2xbmGCbc2vfO7nDMAYckL8ZzH_53YBxaxbkYViDyPn 3uxFhAjvIE3gEpoEq0_yEKWVjw88rLTynGR1ALKdCDeVGKCqplDNAEWO_OpzKtvVs_0erY9wb6hJ 5cQFqQQPm_nTqnTQlZDLE6Es.VieUoQhmck.8bJFWDHmRltn7bK1UXKo52LkrLKPHRJbYJhRgm8r pzbQbRP.yHDkSHMhtgUxxzHWSCqFcNMRAdOXv53eJS7BSqK81TFqIShl.f2Z3Pv0b8TIBGUH_1MS qGyMI4S0WlZN0h9Hk9M3osRZEGmCHQvVxk42bKcMl.UMEep8Q3V3UVVlJpmzVBo4OP6vUvXpXd.h WPEWOTq1frX_djpu1hi.raGf1kHQOxK7Dz.teM7xXw08G2UKPluCEa_NyZdkitbvKR8xRpqO8G8K 1.0OtUDk4A9nPxL4_BE3JKeWzmAyE5ieYBcatk3nUDviXCvRTBZgNv4MzmkWRZrFjE3wf_0I_Xqd n9pfL4HWMOj59janIaH8oNaxayZ4sSJ2EAxLi87yhNV76kwVfCjj8AfQ0Bf4Yy1D7YCPtdthxCWM qlbMyvXaGV.5JmHJuDpqm..pv7wFK_dt_hSJifB32tNurUqvyu53CbetYizmikC6ZIyoPcL27zNj AGfHYNFmwwcK0BHy8laHsq97V5v8KjbuDGlqcd5BkeQJIFa3XMB1nWXu4k0Zkgs5G3Y4az_KgMOo XLswix.Wwpj6Yl._5bp5bcj4LUwu8FWpy46KxvPvVcAW1k1HyRh2ep43fzdHKAyyd0NvPaX_YTS5 K4amBsF80qQVLu9DLSxXeNMBVG2fPIrv3ktuFPMychTmF7rDfbiXfttdb_FVyY7huvXSqojJn1gJ k9689nQYBzCL1O_PrfHIivPe4vvVrzpne5.eJrOMgk5heT8rRUZg3iJLHDqx4RV_pRS4- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 27 Sep 2022 20:02:47 +0000 Received: by hermes--production-ne1-6dd4f99767-97ndb (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 0896e936b45c39858cb958d2af309d20; Tue, 27 Sep 2022 20:02:45 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v38 17/39] LSM: Use lsmblob in security_current_getsecid Date: Tue, 27 Sep 2022 12:53:59 -0700 Message-Id: <20220927195421.14713-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220927195421.14713-1-casey@schaufler-ca.com> References: <20220927195421.14713-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_current_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 6 +-- include/linux/security.h | 31 +++++++++++--- kernel/audit.c | 16 +++---- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++----- net/netlabel/netlabel_unlabeled.c | 4 +- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima.h | 6 +-- security/integrity/ima/ima_api.c | 6 +-- security/integrity/ima/ima_appraise.c | 11 ++--- security/integrity/ima/ima_main.c | 60 ++++++++++++++------------- security/integrity/ima/ima_policy.c | 15 +++---- security/security.c | 25 ++++++++--- 13 files changed, 126 insertions(+), 89 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 34602b68d2a1..0ab1d5179fc4 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3169,16 +3169,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index bedb2047138b..142ecbf4dfc9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -239,6 +239,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +/** + * lsmblob_first - secid value for the first LSM slot + * @blob: Pointer to the data + * + * Return the secid value from the first LSM slot. + * There may not be any LSM slots. + * + * Return the value in secid[0] if there are any slots, 0 otherwise. + */ +static inline u32 lsmblob_first(const struct lsmblob *blob) +{ +#if LSMBLOB_ENTRIES > 0 + return blob->secid[0]; +#else + return 0; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -523,8 +541,8 @@ int security_task_fix_setgroups(struct cred *new, const struct cred *old); int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1226,14 +1244,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 6aa7db400d10..4e13e48afc06 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = lsmblob_first(&blob); } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9eb2d84439da..b2879bdf45d8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2745,12 +2736,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = lsmblob_first(&blob); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2766,6 +2760,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2777,7 +2772,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = lsmblob_first(&blob); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2798,7 +2795,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = lsmblob_first(&blob); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 980ad209b57e..604b9d1dd085 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + audit_info.secid = lsmblob_first(&blob); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..34bb6572f33b 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = lsmblob_first(&blob); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1b5d70ac2dc9..f347d63b61e7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c1e76282b5ee..8c48da6a6583 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -166,7 +166,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: secid(s) of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -187,7 +187,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -196,7 +196,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index bde74fcecee3..220cb94802eb 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -73,15 +73,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + return ima_match_policy(mnt_userns, inode, current_cred(), + &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 040b03ddc1c7..25870eb422d9 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), + &blob, NULL, 0, + MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +438,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +448,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), &blob, + MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL, + NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,15 +489,17 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + ret = process_measurement(bprm->file, current_cred(), + &blob, NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, + lsmblob_init(&blob, secid); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } @@ -511,10 +515,10 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +714,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,9 +734,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func); + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -760,7 +764,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,8 +777,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, + security_current_getsecid_subj(&blob); + return process_measurement(file, current_cred(), &blob, buf, size, MAY_READ, func); } @@ -900,7 +904,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,9 +927,9 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3ca046129ff0..2e1aadd36482 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -563,7 +563,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the secid(s) of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -573,7 +573,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, + struct lsmblob *blob, enum ima_hooks func, int mask, const char *func_data) { int i; @@ -657,7 +657,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + rc = ima_filter_rule_match(lsmblob_first(blob), + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -702,7 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM secid(s) of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -718,8 +719,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -737,7 +738,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; diff --git a/security/security.c b/security/security.c index afd6f6698fd7..8bfece0911aa 100644 --- a/security/security.c +++ b/security/security.c @@ -1940,17 +1940,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Tue Sep 27 19:54:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12991238 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7245BC54EE9 for ; Tue, 27 Sep 2022 20:05:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232608AbiI0UFr (ORCPT ); Tue, 27 Sep 2022 16:05:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232422AbiI0UFU (ORCPT ); Tue, 27 Sep 2022 16:05:20 -0400 Received: from sonic304-28.consmr.mail.ne1.yahoo.com (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C016B1D88FE for ; Tue, 27 Sep 2022 13:04:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309060; bh=BLZeCXyChXNLvsEhq+ieZUvZz8UBoB/dSDB8Yp5+zMo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tNSLxoVXeKKEJZNPEt8vk7iIuKP6VPSEks62xJ9lfY2RxIZjXymBEXLt5qNmFV3Cv8jBjft+ASySrE0UD839AfNDz4k0+vwfFe/Cm1Zi3IlHrFOePnCrvTlOnosscVv66pBqBmB9HCEtUT7ID50FHDv9IsY+0JebwLGiKJcS/cIn6IfRPq+iZG1SQro+ercYQuf3KIxar4xHm0pdCSc13G/JpFh1G/c3RiYRJZjJ4BRLQ56Cv7zF/CUCiv1/upqLz3gH2ztwK/igC0s/uMycUl+6ENugurcRYaBQEqHEoYmAC9YjeyGXxrH+HkFQEdUp+HlGs9OGdpbBW0M4Tb6Vlw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309060; bh=FBq0vBJ5sabnrCp02ar0BfXeQiQvBgu52esBZAUKP5f=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jVFUJT51yEnapg81fleM4C72klwAgxvxf+jrEGBAEJypvtw+gqK44shI86YI4CwLdC8lmFChXNYab3Q+zbSlfLJmri1aAgLK96WPBcNKwZTXH2NuSF11ermOh2JOGYHv7w1RjOpX1KcRDZS0VRBGpM6Yl/nWY8X4uwe8nioohzOJAsBUZq6oi7t+ufMstA6iQHiLoDe8xlis/3vYNH15NhlqfUsOw5rDU3kDXkxBnD2R8UDMY2tvB6If5q+WUMsD6c6pEYmPyJHhTSiZInOD0b3un2Mhb5uVc9nMohwq008Q8iX4hcP59Mk2AVAxGr0GDDLX9+MOTIcRTPNdHEfAQg== X-YMail-OSG: hoOxSOsVM1mr5DcZRE9vQ3_JDLHQERhsvm.5gCS63qYNDBnOu_MAHh6WKY55pXg 0BDiKC2OO4coG7cfbmec8TrRMuEEljvrE_wwjt_BjGKzTQ1e5_Y0JBhXAjwpx6mNsmGTSDcEzQ4w phlFlYqtCNLfHB7r8rz_AGfdAOBfpKhUQmugFQQkPPuYPVhH4SGtUB1xtPJTewtRyBcA2BPPJMJ8 ZtXaCYKu7XQi6wzXAS.DRSBd4bow0GJPEEzVzX3x0_CLLo5VhO0RF7Kfq9_qo_eKi0ERb7TJW9zp H9Iv1IsEecvuXizbijqOD2mfWp.ZYumBK5WYaLnv06Kf44237QyOjLcLl76k07fD1356nU7_4sBB NKK19xnCaI2F5NknnhyuY8.44J5ZMxdWrOXlJKb7r4Vkgrka1R5yOJiPekO3ghDD4fXZxQRIjmnk oOx9Ct4y2b8sRk.7rhVEtIeaBOICxXvCWBDK_Eu7f2eeHtCrgXFgGjTlX8HUDSMNZb.5ZLOU1Wym Xt7NQ_B8JwKCGX0LV27gMxOIkZlU1vwEuf3I68V77iaVWjGmNC.BTQVtXuWiHfStKpOF9AWxlazH sHyulMzJsgRZvtmlAxk9OQViH2f.NWrXNW97RnA3fyHyGchF4so6zOMKkoI0uOKlcUFtu0wPKDRt V2uZ7CcbRH1P2XiX5_QAhQ5d2mFtoKPEodzTf0AaxQ5LI.UcI2l_qredI9llHte3HkHaE.nyKdh8 Z_FwiFq38wPeM7gy_wOCNy8WaLzmAQsaMMQ6v0hiiEN06ufjT5oO3quzZ3w5.uaoPbak80Vpy538 zYAsS5GOvdOGArPI94Wy1qlTpMvRb2zRH6hHBNSX3yRKb5WvS4Tsy0dDWclcgaDajBq7XBfJJT2w aLfD.MX_8p008n_2I70i7UIdR0C4GrPUB4um471hzk.mGunVverguux.5HtllPEyW0DpXTkxusT. rUD175PcvVqON0_VXTVNpgH4cpK3EG_wOt2q0ShZLb5464AemGdPa5MVqFUznD5YB2OeHhnSYBmT o.gv_lQfWMZac9OIRPYN6cyDlXfjluxwvpNiWB6T.0XjI6lPVcAq5z7RXQHBy.aLbVebsQYWJNqj YPJYhHe.u4hWn3mm3De2.6dohfcrTDMDoKFE.SwHqT11XOVWJIVQr3qZ..Np6EbJNRjcYTzS7F3S JVo1WyDthkWHBf6mors8XXxnjp._JTX4KimvkX0ri8O9IFh7Wdz1jHV7VG07CUYNPaA1XU4IeAoa dzHAi7bg5ijVZMSQRDh9Oqjhxr73yx_rWynlAnPEqSwUtPm_eb2Tk7GUaKFQbziy4taAnKHZUhiO 3fqA2wlTeWK_wZ_tT55trHW6KzPwxAE9D1GAk5qm8d3wXHZNG_9NBtwMillv38UUL5T3jUvihLhD NEGQzGbugXe7d9iMtS6AP.0NpIk0.U2P..JwdesBtsNSWGcPqWnT_B0JQM20lDCqEnenjNPS.JGp lmDkCdpkT923q9ypb9HCLUXPlho.NC0MqnwTkkRM0ulNJ9MsZ.wQRQu__GNX93RzgIZLr8AHM5Fg p_MJQetGYv1YRltOhxcVf.2kJjQ2KcfYa8RBTG2R1EgVsmA_w93pIDQ2WWAtefGErWbcApQK6mhU ok_w0J9WmZ_t1zGPGnWr7WQ8XUgmutbJ6Z5jzVjMLD5lvm2bb4YqpIdtOjP7gZd2oDY_ubjBqxnA heof9jBqQXkxjlLK3Hu_4IYCMQ35a26cLUijcU8tjbDIYhVSzA.Wf4grTR6Im0.Ff3XHRRrTMjXy wJJaqgllptEnEbaG.HHVlrTJ5ffz3Jra_hfxShf_azhCNhGHkDWy2i52jsSNVHboWJhyl6tZK_Mr pwCVbwgHewwohfV6IPkKf74kcXLRu.8iJArazTI3kd.HidoHP6pwUtArMfdCcKJM1.Tzm0gXEnM7 A3IE5POjJd.EPlLPWbBZLpVx1a3taxznW0faGpXCwFjAyzikvp7Z57SrOzG4NQ_EaamwvbY_ZyKD OOPQDr.Jse0sNf43hXy6fWCXKmMX9hdaDTs5yn0itOslp5RX4hLcz_pDDN2VjtwNRcmJx_1I7.U3 .qo6kn7JbVXPZQg0241.2wg9dcHA9gi5oKoyDrIGgqB2P_J8hQwUQK8TFbqmVlRKjqJsq0Eg0lJX c6H1d45VbE_iySEYm5ey4Z4YYN8NtidyeJ6yVVXqbdPbrWHpUlz7BQndIbkzLcen.5gvlTu7S60V O.Um56p9L0HHM X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 27 Sep 2022 20:04:20 +0000 Received: by hermes--production-gq1-7dfd88c84d-mgq76 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 59c24ac7dff90509b43b845d0fe4485e; Tue, 27 Sep 2022 20:04:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v38 18/39] LSM: Use lsmblob in security_inode_getsecid Date: Tue, 27 Sep 2022 12:54:00 -0700 Message-Id: <20220927195421.14713-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220927195421.14713-1-casey@schaufler-ca.com> References: <20220927195421.14713-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 13 +++++++------ kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 9 +++++---- security/security.c | 19 +++++++++++++------ 4 files changed, 30 insertions(+), 17 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 142ecbf4dfc9..ca5dcaee7c23 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -494,7 +494,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1041,9 +1041,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2059,8 +2060,8 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, int lsmslot); -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot); +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot); void ima_filter_rule_free(void *lsmrule, int lsmslot); #else @@ -2071,7 +2072,7 @@ static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, return 0; } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, void *lsmrule, int lsmslot) { return 0; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b2879bdf45d8..ad5f33af3b50 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2281,13 +2281,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = lsmblob_first(&blob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 2e1aadd36482..e8693939447b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -636,7 +636,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; + struct lsmblob lsmdata; if (!rule->lsm[i].rule) { if (!rule->lsm[i].args_p) @@ -648,8 +648,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + security_inode_getsecid(inode, &lsmdata); + rc = ima_filter_rule_match(&lsmdata, + rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, rule->lsm[i].rules_lsm); @@ -657,7 +658,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(lsmblob_first(blob), + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule, diff --git a/security/security.c b/security/security.c index 8bfece0911aa..563452000729 100644 --- a/security/security.c +++ b/security/security.c @@ -1579,9 +1579,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) @@ -2827,15 +2834,15 @@ void ima_filter_rule_free(void *lsmrule, int lsmslot) } } -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, - int lsmslot) +int ima_filter_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule, int lsmslot) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) if (hp->lsmid->slot == lsmslot) - return hp->hook.audit_rule_match(secid, field, op, - lsmrule); + return hp->hook.audit_rule_match(blob->secid[lsmslot], + field, op, lsmrule); return 0; } From patchwork Tue Sep 27 19:54:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12991239 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55526C07E9D for ; Tue, 27 Sep 2022 20:05:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232422AbiI0UFs (ORCPT ); Tue, 27 Sep 2022 16:05:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232507AbiI0UFU (ORCPT ); Tue, 27 Sep 2022 16:05:20 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com (sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37E4E1DB567 for ; Tue, 27 Sep 2022 13:04:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309064; bh=BtRtW9ZVkdHuXaIG0T6nfDaE6FbjRi+Nx2a1Gnk4big=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=RZfPUwYyqSE3cxK2bTNlPa1s5T2pQL7EVUNDNJoFOW6rOYigyuiENgsecASN5mO+mnIzcr0VPMNubHnJY+CwFs7eLyxgZtyD+B/udeqUrYKogSzJYRAXOOOJRd/AjTB9Jq1iSEGMoFkGt7Tnj112iXuFxOUM/3U+WUdNUJgoO0kOIZkgZruV1Wm2DNov+3kGlNSiiwHVdqE0+qpuTpCGzqi3wyxtF8mumltA2lMACm0vk4dEoO3LuS940GBW4YTNaxlcioZ+dICb7hpNo/fb39hlfUrnOQilafXs1TL7KkxmJb15DzguVY7q3Vyn6zQOlPfOeFeWyd4ofmfOPhBgjQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309064; bh=JQbB1U7IL3ukRIw9Desv9ad/QYbicfH4SidUDFFhN/w=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=NYFlBDGFTppcrflC2tEC6G8Ww45N13IxHMYK6niRBojv5fXAqDol5Dw4sN6MsJJrAOm1/4Zj0oGhXTPGYTV7o6ayRXQKLJ2HGeaf1a5/Qx1T3jobA/Ni0RfO9SnP1HDsch/LjQqCkhA8kc72SL+Rpxvdz1k2Isc/y8Rl7j6fjheqQY7r06EMIzTeiEDt4wAtbTQVglvYNczhKvEZpUQElIeSqz2Y2YGMMpgSDIvK5METZj8jEUIgwJ1fAUBzPQAM8IfpXuGqwlUwwHMLC93u40QKQ9G/z9vk2HFSJePRcvrSRignNYue1A0r0/U93iV7St5663OAfHVAiccmZZaj2Q== X-YMail-OSG: Bti8MMYVM1nlD8H2Flb2sR5hxWUhNKapqLDDVNRV.S86758tZSZMf3tbIwGlzZ1 cSPBkBs40NZk6seKVAZ.F6g9xvP7T0E1Z0Ovd.OQIyC72RLyCEZcb.y7Try.LBVdx72qRBkti6DE CE6XXSxeaeeTgcWJ3jMMaRsIZUJ4LrnX2GbUCTLYUYJ7SGUFyXn2ENIAj3tfl.SGJ0l0bOa95vLY 2._npJRQAHv9MVF2KDrjEPiyZx3.o8COKhiGwHElQiw7HbZljMDZIgfRzR.6oA7g9cpnI6edlCHe rqqx8_YFO1gn4Sa4h5xOjEn7cz1XHViF.0XRVrfnvgmT5WpDAxwChgypF.HM7pdLg.pu0rKqkxav uWuxZUih_BLyAzvAqbiYBPZOaMeIOqAgwgFTY9X2iZfw.uWCM8rn3sw1xA86fTzd5mlBwA84pPIN eEv6we1bZQWQB3F2svE_ILoFRN9NaxJ6iy5iDh049Cd2vlis_83KV0LV1MGMwIpqRVaOWYFHG2Mi JMRjNDQybURt6ptkc12TA42Z8wZsAt3ZWeSwyU5I9XjZse1N.qEEZsX83ZC8C.dMcIlm8PJVIikP kEwQz29mZOPLo0DkcKvgRD4R5i2mldECkKd_W56z3IN7w.hqri74tEAOYKtOel0x0QQGUTzHhQTN e_CrqBTMNFpvYoni9rZ4lK1jmu9Y_MtIDQFNKQ8_EhZY9YIDeLIVzzsQM7XiRndUsCW0gn.w7esx 3vwTtgdLaiSsHZ86oCKZCWVLE6fzU4DGQGIaMdA8tObEFGw51_j4otF4yXQ1GMgFFtI3zYUmRNK1 wxq4Hi22GiTfuI_U9SQW5NIFAXRb6h9fbhCsXQkHtHpUmi630A7Bsoq2KgJ62U2p7LXrKBkg2C2A uJwDz.r6kUf9CTBjlfKXgNQDZf3.yERCCsGFon_9_4Y.R6m4QJfILJ0QQRWlS.LLpB7EFOEWurl7 aPqceU0aOXMnP41GwuxhLYUNh9fbuEfAOJYzmGlmaKfXXOYpyAKaHAwLG.nTfyHjQANyI0cA.v2d LCKOTt.UJ1DVzAhxpTL1ks16VLKRlmgkeMYayW.qU0J0dCuG5GUGHLHHCSF0IiE68PnWaR3QRhxa UvZwpOlYCJPEIfeN.FiCOSCHpUkdajeOyE9jkiykOgoOWZu5VJobVbRIb_NrmBh6tGmmF3_f1AQj rQYB6AXlKNZPg.ND5XXpCOhZnltBAgPZ6n1NHkIaU1h9cM1DKxnJ.ppkEdSx6p2p4SzTdcOBJnbo afDZuEY90vdcmZLShIQqgOprcHCWdttokMujW4Krua6sDoO7xyEgMDvYDmO2d93PX2KNT9UZ4EG6 djfjr_lbLVKbBKQf5cZiYL5y3gpu_4tB5WHC4Esnd6qbA.Uifq5PwoWgzo0dD2kHp7QcmBeSIe7j 3M4uXtM3QYXT6ZiJ65x0jn1einI9gzf4NCxDsiOKIdxYxt0XaHXQvagVDySUxPfudVt5S3V1D2bE DB8r7bgZDKXrkqxsVZcOcsURBMBNcUK28KkXYsqCO5YC9VYAUMfAzYVHm2AWn7l7hLMN5os_9XC1 3S6lA6Eqm4SxRUcrPmwr7ybFiuLppcKhWrcaJFhgUfluD2KvsGsB3mlvBWqZTUeyRQNJ30xdgw.a SmKjd5Xbuj47MYkdsuLrpjUOm2YcX_ZypPuQJhgix2cYbX9EVcmBUZXviny6bzCGSzc7HirX294p ujD_5mdtz3iR1NPm.G4ymsXziR.FgPcH_7EmmuKKhgdAvoakX9q_uj9usW4T00vAV4Qwg.DQUOi7 9e2zKDWjr2DoxHReFeRT3474ZLordsCeP6EY7n7huxtqv4xk8QIt.nKXGwEd6yLepwLF4xNiX16a kEezMAeL0i3Kc1APg217_AZvoS42G9rseKrKkK0v4k7S4ur7K0v5EO6x9SWk2JgXucTJcUICVETs Dv4cPWBog3GjGb9o6FExDqA8vC3ocnJOQoreqTXlUl_rzwkQdSCZzE0Ll6vAa0v5ZkUpnYp5W2PN eh7dtYMeD_N9U1tG6hgw9nDZIC4dUXLNbsdmHK5uA63g425hsduSyCyPHDR8VrcpbSX2kIh3E4_U xky4w.wEy_R.fEe_sO_Q34wJHhCd8phlW9dDF7KwIHwECMAAGc9F71oBj1PKpRFz3OgZX_rz3Osu 0ImChPYwpaGBFZEFik6PFWjYw_FpxGGhFc7VzdHzcFlhN.yk1drIRHOGXRQS_SC.lJAkid4xq7SY ZaMgc0BLhrZIEa5.uxu18vSisyNmoIiw5H.etlvgnhKhB0Zc2HcTz4eMj8Be5526ZcfaTgXRZnP5 n1Jb9SSA674Fo X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 27 Sep 2022 20:04:24 +0000 Received: by hermes--production-gq1-7dfd88c84d-mgq76 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 59c24ac7dff90509b43b845d0fe4485e; Tue, 27 Sep 2022 20:04:19 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v38 19/39] LSM: Use lsmblob in security_cred_getsecid Date: Tue, 27 Sep 2022 12:54:01 -0700 Message-Id: <20220927195421.14713-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220927195421.14713-1-casey@schaufler-ca.com> References: <20220927195421.14713-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +---------- include/linux/security.h | 7 ++++--- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 4 +--- security/security.c | 12 ++++++++--- 7 files changed, 36 insertions(+), 60 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 0ab1d5179fc4..6e1e35de1fcb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3171,18 +3171,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { binder_txn_error("%d:%d failed to get security context\n", diff --git a/include/linux/security.h b/include/linux/security.h index ca5dcaee7c23..9f80b685542d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -521,7 +521,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1162,9 +1162,10 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_kernel_act_as(struct cred *cred, diff --git a/kernel/audit.c b/kernel/audit.c index 4e13e48afc06..3d026013e6eb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +static struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ad5f33af3b50..092aba46a9b3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1091,14 +1091,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1107,9 +1107,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1789,7 +1788,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1798,7 +1797,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2740,15 +2739,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2764,7 +2760,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2776,9 +2771,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2799,9 +2792,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 25870eb422d9..ecaa0b96bb26 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -488,7 +488,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -497,8 +496,7 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - lsmblob_init(&blob, secid); + security_cred_getsecid(bprm->cred, &blob); return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, MAY_EXEC, CREDS_CHECK); } diff --git a/security/security.c b/security/security.c index 563452000729..80133d6e982c 100644 --- a/security/security.c +++ b/security/security.c @@ -1829,10 +1829,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Sep 27 19:54:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12991271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5124AC54EE9 for ; Tue, 27 Sep 2022 20:07:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232880AbiI0UHe (ORCPT ); Tue, 27 Sep 2022 16:07:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232763AbiI0UGz (ORCPT ); Tue, 27 Sep 2022 16:06:55 -0400 Received: from sonic306-27.consmr.mail.ne1.yahoo.com (sonic306-27.consmr.mail.ne1.yahoo.com [66.163.189.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61DA41EAD46 for ; Tue, 27 Sep 2022 13:06:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309160; bh=uT9reuuisT9bCYeVveRbY1qbZdIvJNHjxL5Je3V5MZc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=bZ5TnFZXYmgCJVodsVCnz9Q07127jfS0iw9kZSI9yPVDXt3BTRGoz6Fi6SbcwfuA7V2861Lp2Mtusk9UpnSZm9kGl85dIpsITYj+eygjBhAUb86SK8O4hwKmCphT55IRpM9kZu0yOohoYoXvAcCtfaTWMH/FgUybgBEtyu9QvBfjqfZ1xuSzYQnIulP09htuqHkl4z+KJQfb1gm90G1RTPZvXqXOx6DQexbNBiMo87zdIr/yqZcHlqHL6OyAO43SSfOadwoZgPjoiTHYcQqWiB/Qi1LwOrlu/vNYvLSlTT0Tsdb7+MZOGJ/o6jx09hd1D+wlILufxnG4CXn+3T6MNA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664309160; bh=lKF4CFfgmBoEXxiwSEj9yTYGUD0Ozh47iP4Y2g8iC5C=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=co0PiQBhuvslcZzOaIwMiMsaFScrrnSw/2o/ZZzhBa4IfPVC0wfD9pIE0Jd/Kd08/ZxRr3+sf5oP5JxYedd4F6+LO/Ko6SBHpe8RO52pZQobVCX0lwWy14rITIYaMCVUPcQCSLXSLKOgksEihSIlfvhxqA3VKirle+4qwUyM04XNIUdS8g4kZlZ06cLclabC1SPRHL/8Ye9VOBafI3Bxe381ujucmN6wjXv8CTJM7QyWCFHgA4ljMWmk9KXQWrocV3g/JbX5DKCJnjDKUnEjDvkKg4qYaFjNop43Kfh4bv431iZVu6b7zEh8xB6aJ2dqzhTSJg6zSsR4l1i3Ht9C6A== X-YMail-OSG: kXmI0DMVM1kH1wVdIBLwGlobmJcVPO69YKYtPQFJazZBGrnemtOg3l3E.dUaKHM svOWV1Bh0ATyjhE7d9Zp3MhKOBdPIbQUrYG9Nr9oz0W0TZmi6PwyfsYwpmU4vENAp_nr6LAScdJy 8mtXlvZVpK2dLR35.MPVdNZmz8f2K6nb_BruxhAyd6iAaUmP0ZhyH1Hrf5it9aH3st_t7Jy_sXOQ _t0t0cGEqZWAr7euaMfyZsaU2FuVA5kmZ7cDcDAMSspNLH61qqJjjTieQjXI_r_lF9g3uIn4_Eze jkuNCxDSg.gFhe4ovOL8cCH6j_7K2nOlIEm_ajDVEAVrOmXH5jro3ZUCpgWr5FrWSxFWlUkgEiDb KTxGdiFKOWDpXNE1BtgCVp4qrNdb1kEuothaxdkh09XJfcsKIDjOoG8Dl5mK0lhfcF1y_Oj4uNxw yYoJU8PHNSBeKM1diq4hLdecdZMvaPMpC8gvkbMi7sZs9yL5ov91MN3jCM8lYkKk0Ce5H4MptcsM J83CsmyoYyE0au5aJ5_7OgOFOcC1lRqUj4OlJEoVdf.ZU102AUfN5y.C8ahU3NxxlAeXEujtv6Ue n8S8gmwV_wDQfB7kL6N3CiU_wGo4aZu6Rgk0pGSltUCKjJNjBIKd5I0amCUqHqkJr.BhGUTL.GFk smGKjBx2BzrQMfc5WdO2PsT_If4kXFqraQPFvFoJbM5NO9CpnCoRBbf3uk2YgmFZUG2NWATpMN5i r7Glml7gxFayfHo2TKtr5DThqrH31Ip7PnnC527Bmd9Lq4Z4Ht02TUMyp3tG7VcxEVAvOTczmRvF C5nVo3vl3UHk1Xvsp_8fQ9.fNPtQ_3T1nPo3zvom2DMcQ3vxXkQMPFQu3KKzulS_fh2_lKUHGPMS dn4HxL5gOXd5rg.o6rKdmCQWKvmmmsEyqvNutb20wm6NcdAOTCHhUcBnh1MYbRZRh5VnHglPBL_m x1qrXBkRnJP8gpk0PTbid3GsC7r0eTmxzFWd9t1vyA15XfNBfn01aBenjqMAC3KqrIRoI7UMi.hZ 5cqfe.ArCVV8pUKbRJHpJv.BdFYACwtUO1gMnGFuFQv8xar7A0rNQVEAgZSglvCssbE0zXRLFAdf 51l6QyuyABuGFtN4vWlsFrLK_G88I2heUuXBj3WwxS5nFCLU_UvrvijscaDkt1PxFnq9j2wPfXpS 0Cm3rJo9nrjBwiMmZkqcxfqTRYa956KcmNnAXgCdH9hqSe_HtuZbMyeR1I0pDDPtx.Yo_hU3qbtE wguD4KWdMkb8JDOIIgHVPbBjaGUyYrir6EKeTSa2vxDqJPjY_jxpqm0Eeh9odzkMOUQDWBVaH2W4 0Pu6JotuaRzgBEAISrJqsZDAijTG.Xu59X_mgznIghMK.v9ydGf7.KgRVXHzi.yziBtaH37LYqVL VZhVgMDUULhXvYuzQ92OdkbcRFO7mrrIF7lxDXFVWNOF.uY.xh7kA38blwkZbtiYy9b4yLbVHQls 4mJQjuDaL7pxLP2Rb1UXn7QL.qiOapkI85JmhKyy71p57dE9TOj1eTH4cDqGhtx.B1YmXhHxabtv 2dd7QoNPZ1AeBJfwnFU5KBviWabpilXUaN7TiEcSUBPV2G6O9HagHix5ABE7_epx6mIy7yOrM3LS 8BOxhdp8ELOIkf_qo8hgJuaQ8MIVu9St8nNuyyPUY2ljgWP.BZzv2ntFgwg_9QQX73gNTBChr5nj Xp14.HtQJ8T1B7QCOFjUSs2yJs6TnXg6Za9dQAJfrdwq8STkgI8sJzH7iDNyIBaweRXbkAPwCrCB ZTB5lGpHhc20UrfnbTm5BTN6ZUYZU4AsL0CkHiegxq9kc6ZMi9uUdP5Mt0jvWuBC5FFnx9.qPm0M ZSoq_N1eG_5lflIVI_90V7pZGtOqiD_CMyp4pKbpD2ffbsym.mbpnYKuTvVL6quWA3Z8f02m57UI sDfWoWMQNPxtmwsSY5mYzZRzfe8J6pSdWO.52D0RA8vo5H.4Loql6aRD_Xbi5k77AE3KvP0acV9B vtEJO6AHs7UkGKXsLbtq9thd01tbZUvstHpZ6T0qRJmmT4dYSED_sh8izOTinCciDFES39Pepsn9 q4LdUzfzLN6.UawfGR_0BnupQp5abhbSzAZOydtqU4fRDwoSjgOsRUcWJWxHyjSHrDh7P08lyYsg WfCuIEvavKJbNH2oITeUt7.dALrg5FNsdMBdYMOzZ1g3aTVtyqJFgVZXx_7dzN51RbutCEvgza0O qrld8p6.yiiSxhsMmoHgDPETIjaXsyvfxGeMatzseT9ESW_qPb88kVjYKhrKfzCReumwamspI377 Sn6wiLhknPQvbTZ7mPqF8U5Awh00EGpzBntcoS2EMgJLyrIIAxPTUFq4kj58Wwz9.cwQ- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 27 Sep 2022 20:06:00 +0000 Received: by hermes--production-gq1-7dfd88c84d-h7f6x (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f8e196d1098f8fc47a5a474327d019a8; Tue, 27 Sep 2022 20:05:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v38 21/39] LSM: Ensure the correct LSM context releaser Date: Tue, 27 Sep 2022 12:54:03 -0700 Message-Id: <20220927195421.14713-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220927195421.14713-1-casey@schaufler-ca.com> References: <20220927195421.14713-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 6e1e35de1fcb..12aa3bea59ee 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2898,6 +2898,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *) @@ -3231,7 +3232,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3647,8 +3649,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index f31350cda960..d943be72dfff 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1395,12 +1395,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 3ed14a2a84a4..47259990fae1 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 1e9690a061ec..4a96e06f4827 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2848,6 +2848,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3357,8 +3358,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 8d3b875cd04a..a3c11934620a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -154,6 +154,37 @@ extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; extern int lsm_id; extern struct lsm_id *lsm_idlist[]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -607,7 +638,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1478,7 +1509,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 3d026013e6eb..d14e54098b9c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, struct_size(sig_data, ctx, len)); @@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_current_getsecid_subj(&blob); if (!lsmblob_is_set(&blob)) @@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 092aba46a9b3..8a16ed2f7206 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1096,6 +1096,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1113,7 +1114,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1373,6 +1375,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer ** static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1407,7 +1410,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1569,6 +1573,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1577,7 +1582,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index bb8e2af31d4f..030b8c3ffae0 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 2e257aa4f61b..2bf2673042f4 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index da61eb8cde76..b0f4349ff88f 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index bc25d49575e4..1416f8b2fc83 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; ktime_t tstamp; @@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 604b9d1dd085..f62b88c85976 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 43d2431dbda0..44312b3437da 100644 --- a/security/security.c +++ b/security/security.c @@ -2357,16 +2357,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);