Re: [PATCH 1/5] Define the function to write sock's security context to seq_file.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: rongqing.li@windriver.com
Cc: netdev@vger.kernel.org, selinux@tycho.nsa.gov,
	lsm <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/5] Define the function to write sock's security context to seq_file.
Date: Fri, 05 Aug 2011 09:56:58 -0400	[thread overview]
Message-ID: <1312552618.19283.51.camel@moss-pluto> (raw)
In-Reply-To: <1312534686-4099-2-git-send-email-rongqing.li@windriver.com>

On Fri, 2011-08-05 at 16:58 +0800, rongqing.li@windriver.com wrote:
> From: Roy.Li <rongqing.li@windriver.com>
> 
> This function will write the sock's security context to a seq_file
> and return the error code, and the number of characters successfully
> written is written in int pointers parameter.
> 
> This function will be called when export socket information to proc.
> 
> Signed-off-by: Roy.Li <rongqing.li@windriver.com>
> ---
>  include/net/sock.h |    1 +
>  net/core/sock.c    |   26 ++++++++++++++++++++++++++
>  2 files changed, 27 insertions(+), 0 deletions(-)

> diff --git a/net/core/sock.c b/net/core/sock.c
> index bc745d0..1126a49 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -2254,6 +2254,32 @@ void sk_common_release(struct sock *sk)
>  }
>  EXPORT_SYMBOL(sk_common_release);
>  
> +int sock_write_secctx(struct sock *sk, struct seq_file *seq, int *len)
> +{
> +	struct flowi fl;
> +	char *ctx = NULL;
> +	u32 ctxlen;
> +	int res = 0;
> +
> +	*len = 0;
> +
> +	if (sk == NULL)
> +		return -EINVAL;

Is this ever possible?

> +	res = security_socket_getsockname(sk->sk_socket);
> +	if (res)
> +		return res;

I'm not sure it is a good idea to output nothing if permission is denied
to the socket, as opposed to some well-defined string indicating that
condition.  Particularly if someone later adds another field to
the /proc files after the context; we don't want the contents of that
field to be interpreted as the context if permission was denied.

> +
> +	security_sk_classify_flow(sk, &fl);
> +
> +	res = security_secid_to_secctx(fl.flowi_secid, &ctx, &ctxlen);
> +	if (res)
> +		return res;

Likewise, if we couldn't map the secid to a secctx for some reason, we
likely ought to output some well-defined string indicating that
condition.

> +
> +	seq_printf(seq, " %s%n", ctx, len);
> +	security_release_secctx(ctx, ctxlen);
> +	return res;
> +}
> +
>  static DEFINE_RWLOCK(proto_list_lock);
>  static LIST_HEAD(proto_list);
>  

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

WARNING: multiple messages have this Message-ID (diff)

From: Stephen Smalley <sds@tycho.nsa.gov>
To: rongqing.li@windriver.com
Cc: netdev@vger.kernel.org, selinux@tycho.nsa.gov,
	lsm <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/5] Define the function to write sock's security context to seq_file.
Date: Fri, 05 Aug 2011 09:56:58 -0400	[thread overview]
Message-ID: <1312552618.19283.51.camel@moss-pluto> (raw)
In-Reply-To: <1312534686-4099-2-git-send-email-rongqing.li@windriver.com>

On Fri, 2011-08-05 at 16:58 +0800, rongqing.li@windriver.com wrote:
> From: Roy.Li <rongqing.li@windriver.com>
> 
> This function will write the sock's security context to a seq_file
> and return the error code, and the number of characters successfully
> written is written in int pointers parameter.
> 
> This function will be called when export socket information to proc.
> 
> Signed-off-by: Roy.Li <rongqing.li@windriver.com>
> ---
>  include/net/sock.h |    1 +
>  net/core/sock.c    |   26 ++++++++++++++++++++++++++
>  2 files changed, 27 insertions(+), 0 deletions(-)

> diff --git a/net/core/sock.c b/net/core/sock.c
> index bc745d0..1126a49 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -2254,6 +2254,32 @@ void sk_common_release(struct sock *sk)
>  }
>  EXPORT_SYMBOL(sk_common_release);
>  
> +int sock_write_secctx(struct sock *sk, struct seq_file *seq, int *len)
> +{
> +	struct flowi fl;
> +	char *ctx = NULL;
> +	u32 ctxlen;
> +	int res = 0;
> +
> +	*len = 0;
> +
> +	if (sk == NULL)
> +		return -EINVAL;

Is this ever possible?

> +	res = security_socket_getsockname(sk->sk_socket);
> +	if (res)
> +		return res;

I'm not sure it is a good idea to output nothing if permission is denied
to the socket, as opposed to some well-defined string indicating that
condition.  Particularly if someone later adds another field to
the /proc files after the context; we don't want the contents of that
field to be interpreted as the context if permission was denied.

> +
> +	security_sk_classify_flow(sk, &fl);
> +
> +	res = security_secid_to_secctx(fl.flowi_secid, &ctx, &ctxlen);
> +	if (res)
> +		return res;

Likewise, if we couldn't map the secid to a secctx for some reason, we
likely ought to output some well-defined string indicating that
condition.

> +
> +	seq_printf(seq, " %s%n", ctx, len);
> +	security_release_secctx(ctx, ctxlen);
> +	return res;
> +}
> +
>  static DEFINE_RWLOCK(proto_list_lock);
>  static LIST_HEAD(proto_list);
>  

-- 
Stephen Smalley
National Security Agency

next prev parent reply	other threads:[~2011-08-05 13:56 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-05  8:58 [PATCH 0/5] Export the sock's security context to proc rongqing.li
2011-08-05  8:58 ` rongqing.li
2011-08-05  8:58 ` [PATCH 1/5] Define the function to write sock's security context to seq_file rongqing.li
2011-08-05  8:58   ` rongqing.li
2011-08-05 13:32   ` Stephen Smalley
2011-08-05 13:32     ` Stephen Smalley
2011-08-05 13:56   ` Stephen Smalley [this message]
2011-08-05 13:56     ` Stephen Smalley
2011-08-08  9:32     ` Rongqing Li
2011-08-08  9:32       ` Rongqing Li
2011-08-08 13:25       ` Stephen Smalley
2011-08-08 13:25         ` Stephen Smalley
2011-08-05  8:58 ` [PATCH 2/5] Export the raw sock's security context to proc rongqing.li
2011-08-05  8:58   ` rongqing.li
2011-08-05 13:51   ` Stephen Smalley
2011-08-05 13:51     ` Stephen Smalley
2011-08-05  8:58 ` [PATCH 3/5] Export the udp " rongqing.li
2011-08-05  8:58   ` rongqing.li
2011-08-05  8:58 ` [PATCH 4/5] Export the unix " rongqing.li
2011-08-05  8:58   ` rongqing.li
2011-08-05  8:58 ` [PATCH 5/5] Export the tcp " rongqing.li
2011-08-05  8:58   ` rongqing.li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1312552618.19283.51.camel@moss-pluto \
    --to=sds@tycho.nsa.gov \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=rongqing.li@windriver.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.