From: Simon Horman <horms@kernel.org>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: selinux@vger.kernel.org, paul@paul-moore.com,
omosnace@redhat.com, netdev@vger.kernel.org
Subject: Re: [PATCH v4 27/42] selinux: introduce task_obj_perm()
Date: Fri, 13 Jun 2025 15:15:25 +0100 [thread overview]
Message-ID: <20250613141525.GG414686@horms.kernel.org> (raw)
In-Reply-To: <20250610172226.1470741-28-stephen.smalley.work@gmail.com>
On Tue, Jun 10, 2025 at 01:21:58PM -0400, Stephen Smalley wrote:
> Introduce task_obj_perm() for namespace-aware permission checking
> between two tasks using the objective SID for both tasks and
> without assuming that either task is current.
>
> Convert the permission checks of this form in the hook functions
> to use this new helper.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
...
> +int task_obj_has_perm(const struct task_struct *s,
> + const struct task_struct *t,
> + u16 tclass, u32 requested,
> + struct common_audit_data *ad)
> +{
> + const struct cred *cred;
> + const struct task_security_struct *tsec;
> + struct selinux_state *state;
> + u32 ssid;
> + u32 tsid;
> + int rc;
> +
> + state = current_selinux_state;
> + rcu_read_lock();
> + tsec = task_security(s);
> + if (tsec)
> + ssid = tsec->sid;
> + else
> + ssid = SECINITSID_UNLABELED;
Hi Stephen,
Above it is assumed that tsec may be NULL...
> + rcu_read_unlock();
> +
> + do {
> + tsid = task_sid_obj_for_state(t, state);
> +
> + rc = avc_has_perm(state, ssid, tsid, tclass, requested, ad);
> + if (rc)
> + return rc;
> +
> + cred = tsec->parent_cred;
... but here tsec is dereferenced without explicitly checking if it is not
NULL. I'm wondering if this is safe, e.g. due to the call to avc_has_perm().
Flagged by Smatch.
> + if (!cred)
> + break;
> +
> + rcu_read_lock();
> + tsec = selinux_cred(cred);
> + ssid = tsec->sid;
> + state = tsec->state;
> + rcu_read_unlock();
> + } while (cred);
> +
> + return 0;
> +}
...
next prev parent reply other threads:[~2025-06-13 14:15 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 17:21 [PATCH v4 00/42] SELinux namespace support Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 01/42] selinux: restore passing of selinux_state Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 02/42] selinux: introduce current_selinux_state Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 03/42] selinux: support multiple selinuxfs instances Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 04/42] selinux: dynamically allocate selinux namespace Stephen Smalley
2025-06-13 14:14 ` Simon Horman
2025-06-13 18:17 ` Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 05/42] netstate,selinux: create the selinux netlink socket per network namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 06/42] selinux: limit selinux netlink notifications to init namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 07/42] selinux: support per-task/cred selinux namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 08/42] selinux: introduce cred_selinux_state() and use it Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 09/42] selinux: init inode from nearest initialized namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 10/42] selinux: add a selinuxfs interface to unshare selinux namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 11/42] selinux: add limits for SELinux namespaces Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 12/42] selinux: exempt creation of init SELinux namespace from limits Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 13/42] selinux: refactor selinux_state_create() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 14/42] selinux: allow userspace to detect non-init SELinux namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 15/42] selinuxfs: restrict write operations to the same selinux namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 16/42] selinux: introduce a global SID table Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 17/42] selinux: wrap security server interfaces to use the " Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 18/42] selinux: introduce a Kconfig option for SELinux namespaces Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 19/42] selinux: eliminate global SID table if !CONFIG_SECURITY_SELINUX_NS Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 20/42] selinux: maintain a small cache in the global SID table Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 21/42] selinux: update hook functions to use correct selinux namespace Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 22/42] selinux: introduce cred_task_has_perm() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 23/42] selinux: introduce cred_has_extended_perms() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 24/42] selinux: introduce cred_self_has_perm() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 25/42] selinux: introduce cred_has_perm() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 26/42] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm() Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 27/42] selinux: introduce task_obj_perm() Stephen Smalley
2025-06-13 14:15 ` Simon Horman [this message]
2025-06-13 18:18 ` Stephen Smalley
2025-06-16 10:31 ` Simon Horman
2025-06-16 12:47 ` Stephen Smalley
2025-06-10 17:21 ` [PATCH v4 28/42] selinux: update bprm hooks for selinux namespaces Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 29/42] selinux: add kerneldoc to new permission checking functions Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 30/42] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 31/42] selinux: rename cred_has_perm*() to cred_tsid_has_perm*() Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 32/42] selinux: update cred_tsid_has_perm_noaudit() to return the combined avd Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 33/42] selinux: convert additional checks to cred_ssid_has_perm() Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 34/42] selinux: introduce selinux_state_has_perm() Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 35/42] selinux: annotate selinuxfs permission checks Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 36/42] selinux: annotate process transition " Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 37/42] selinux: convert xfrm and netlabel " Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 38/42] selinux: switch selinux_lsm_setattr() checks to current namespace Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 39/42] selinux: make open_perms namespace-aware Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 40/42] selinux: split cred_ssid_has_perm() into two cases Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 41/42] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware Stephen Smalley
2025-06-10 17:22 ` [PATCH v4 42/42] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250613141525.GG414686@horms.kernel.org \
--to=horms@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.