From: Kees Cook <kees@kernel.org>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Christian Brauner" <brauner@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Matthew Wilcox" <willy@infradead.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Daniel Xu" <dxu@dxuuu.xyz>,
"Martin Rodriguez Reboredo" <yakoyoku@gmail.com>,
"Trevor Gross" <tmgross@umich.edu>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v10 5/8] rust: security: add abstraction for secctx
Date: Sun, 15 Sep 2024 13:58:25 -0700 [thread overview]
Message-ID: <202409151325.09E4F3C2F@keescook> (raw)
In-Reply-To: <20240915-alice-file-v10-5-88484f7a3dcf@google.com>
On Sun, Sep 15, 2024 at 02:31:31PM +0000, Alice Ryhl wrote:
> Add an abstraction for viewing the string representation of a security
> context.
Hm, this may collide with "LSM: Move away from secids" is going to happen.
https://lore.kernel.org/all/20240830003411.16818-1-casey@schaufler-ca.com/
This series is not yet landed, but in the future, the API changes should
be something like this, though the "lsmblob" name is likely to change to
"lsmprop"?
security_cred_getsecid() -> security_cred_getlsmblob()
security_secid_to_secctx() -> security_lsmblob_to_secctx()
> This is needed by Rust Binder because it has a feature where a process
> can view the string representation of the security context for incoming
> transactions. The process can use that to authenticate incoming
> transactions, and since the feature is provided by the kernel, the
> process can trust that the security context is legitimate.
>
> This abstraction makes the following assumptions about the C side:
> * When a call to `security_secid_to_secctx` is successful, it returns a
> pointer and length. The pointer references a byte string and is valid
> for reading for that many bytes.
Yes. (len includes trailing C-String NUL character.)
> * The string may be referenced until `security_release_secctx` is
> called.
Yes.
> * If CONFIG_SECURITY is set, then the three methods mentioned in
> rust/helpers are available without a helper. (That is, they are not a
> #define or `static inline`.)
Yes.
>
> Reviewed-by: Benno Lossin <benno.lossin@proton.me>
> Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@gmail.com>
> Reviewed-by: Trevor Gross <tmgross@umich.edu>
> Reviewed-by: Gary Guo <gary@garyguo.net>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Reviewed-by: Kees Cook <kees@kernel.org>
--
Kees Cook
next prev parent reply other threads:[~2024-09-15 20:58 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-15 14:31 [PATCH v10 0/8] File abstractions needed by Rust Binder Alice Ryhl
2024-09-15 14:31 ` [PATCH v10 1/8] rust: types: add `NotThreadSafe` Alice Ryhl
2024-09-15 15:38 ` Gary Guo
2024-09-27 11:21 ` Miguel Ojeda
2024-09-24 19:45 ` Serge E. Hallyn
2024-09-25 11:06 ` Alice Ryhl
2024-09-25 13:59 ` Serge E. Hallyn
2024-09-27 10:20 ` Gary Guo
2024-09-15 14:31 ` [PATCH v10 2/8] rust: task: add `Task::current_raw` Alice Ryhl
2024-09-15 14:31 ` [PATCH v10 3/8] rust: file: add Rust abstraction for `struct file` Alice Ryhl
2024-09-15 21:51 ` Gary Guo
2024-09-15 14:31 ` [PATCH v10 4/8] rust: cred: add Rust abstraction for `struct cred` Alice Ryhl
2024-09-15 20:24 ` Kees Cook
2024-09-15 20:55 ` Alice Ryhl
2024-09-19 7:57 ` Paul Moore
2024-09-15 14:31 ` [PATCH v10 5/8] rust: security: add abstraction for secctx Alice Ryhl
2024-09-15 20:58 ` Kees Cook [this message]
2024-09-15 21:07 ` Alice Ryhl
2024-09-16 15:40 ` Casey Schaufler
2024-09-17 13:18 ` Paul Moore
2024-09-22 15:01 ` Alice Ryhl
2024-09-22 15:08 ` Alice Ryhl
2024-09-22 16:50 ` Casey Schaufler
2024-09-22 17:04 ` Alice Ryhl
2024-09-19 7:56 ` Paul Moore
2024-09-15 14:31 ` [PATCH v10 6/8] rust: file: add `FileDescriptorReservation` Alice Ryhl
2024-09-15 18:39 ` Al Viro
2024-09-15 19:34 ` Al Viro
2024-09-16 4:18 ` Al Viro
2024-09-15 20:13 ` Alice Ryhl
2024-09-15 22:01 ` Al Viro
2024-09-15 22:05 ` Al Viro
2024-09-15 14:31 ` [PATCH v10 7/8] rust: file: add `Kuid` wrapper Alice Ryhl
2024-09-15 22:02 ` Gary Guo
2024-09-23 9:13 ` Alice Ryhl
2024-09-26 16:33 ` Christian Brauner
2024-09-26 16:35 ` [PATCH] [RFC] rust: add PidNamespace wrapper Christian Brauner
2024-09-27 12:04 ` Alice Ryhl
2024-09-27 14:21 ` Christian Brauner
2024-09-27 14:58 ` Alice Ryhl
2024-10-01 9:43 ` [PATCH v2] rust: add PidNamespace Christian Brauner
2024-10-01 10:26 ` Alice Ryhl
2024-10-01 14:17 ` Christian Brauner
2024-10-01 15:45 ` Miguel Ojeda
2024-10-02 10:14 ` Christian Brauner
2024-10-02 11:08 ` Miguel Ojeda
2024-10-01 19:10 ` Gary Guo
2024-10-02 11:05 ` Christian Brauner
2024-09-15 14:31 ` [PATCH v10 8/8] rust: file: add abstraction for `poll_table` Alice Ryhl
2024-09-15 22:24 ` Gary Guo
2024-09-23 9:10 ` Alice Ryhl
2024-09-27 9:28 ` [PATCH v10 0/8] File abstractions needed by Rust Binder Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202409151325.09E4F3C2F@keescook \
--to=kees@kernel.org \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dxu@dxuuu.xyz \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=jmorris@namei.org \
--cc=joel@joelfernandes.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
--cc=yakoyoku@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.