From: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
To: Sergei Zviagintsev <sergei-E844GTqJAzo@public.gmane.org>,
Paul Osmialowski
<p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
Cc: Paul Moore <pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Tetsuo Handa
<penguin-kernel-JPay3/Yim36HaxMnTkn67Xf5DAMn2ifp@public.gmane.org>,
Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
Neil Brown <neilb-l3A5Bk7waGM@public.gmane.org>,
Mark Rustad
<mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Daniel Mack <daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>,
David Herrmann
<dh.herrmann-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>,
Djalal Harouni <tixxdz-Umm1ozX2/EEdnm+yROfE0A@public.gmane.org>,
Shuah Khan <shuahkh-JPH+aEBZ4P+UEJcrhfAQsw@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Karol Lewandowski
<k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
Lukasz Skalski
<l.skalski-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
Subject: Re: [RFC 4/8] lsm: smack: smack callbacks for kdbus security hooks
Date: Thu, 09 Jul 2015 08:24:18 -0700 [thread overview]
Message-ID: <559E9222.8060604@schaufler-ca.com> (raw)
In-Reply-To: <20150709100808.GH25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
On 7/9/2015 3:08 AM, Sergei Zviagintsev wrote:
> Hi,
>
> On Wed, Jul 08, 2015 at 12:25:06PM +0200, Paul Osmialowski wrote:
>> This adds implementation of three smack callbacks sitting behind kdbus
>> security hooks as proposed by Karol Lewandowski.
>>
>> Originates from:
>>
>> git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus)
>> commit: fc3505d058c001fe72a6f66b833e0be5b2d118f3
>>
>> https://github.com/lmctl/linux.git (branch: kdbus-lsm-v4.for-systemd-v212)
>> commit: 103c26fd27d1ec8c32d85dd3d85681f936ac66fb
>>
>> Signed-off-by: Karol Lewandowski <k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
>> Signed-off-by: Paul Osmialowski <p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
>> ---
>> security/smack/smack_lsm.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 68 insertions(+)
>>
>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>> index a143328..033b756 100644
>> --- a/security/smack/smack_lsm.c
>> +++ b/security/smack/smack_lsm.c
>> @@ -41,6 +41,7 @@
>> #include <linux/msg.h>
>> #include <linux/shm.h>
>> #include <linux/binfmts.h>
>> +#include <kdbus/connection.h>
>> #include "smack.h"
>>
>> #define TRANS_TRUE "TRUE"
>> @@ -3336,6 +3337,69 @@ static int smack_setprocattr(struct task_struct *p, char *name,
>> }
>>
>> /**
>> + * smack_kdbus_connect - Set the security blob for a KDBus connection
>> + * @conn: the connection
>> + * @secctx: smack label
>> + * @seclen: smack label length
>> + *
>> + * Returns 0
>> + */
>> +static int smack_kdbus_connect(struct kdbus_conn *conn,
>> + const char *secctx, u32 seclen)
>> +{
>> + struct smack_known *skp;
>> +
>> + if (secctx && seclen > 0)
>> + skp = smk_import_entry(secctx, seclen);
>> + else
>> + skp = smk_of_current();
>> + conn->security = skp;
>> +
>> + return 0;
>> +}
>> +
>> +/**
>> + * smack_kdbus_conn_free - Clear the security blob for a KDBus connection
>> + * @conn: the connection
>> + *
>> + * Clears the blob pointer
>> + */
>> +static void smack_kdbus_conn_free(struct kdbus_conn *conn)
>> +{
>> + conn->security = NULL;
>> +}
>> +
>> +/**
>> + * smack_kdbus_talk - Smack access on KDBus
>> + * @src: source kdbus connection
>> + * @dst: destination kdbus connection
>> + *
>> + * Return 0 if a subject with the smack of sock could access
>> + * an object with the smack of other, otherwise an error code
>> + */
>> +static int smack_kdbus_talk(const struct kdbus_conn *src,
>> + const struct kdbus_conn *dst)
>> +{
>> + struct smk_audit_info ad;
>> + struct smack_known *sskp = src->security;
>> + struct smack_known *dskp = dst->security;
>> + int ret;
>> +
>> + BUG_ON(sskp == NULL);
>> + BUG_ON(dskp == NULL);
> I am not familiar with the smack code so far, but I see that current
> security/smack/smack_lsm.c contains only one BUG_ON and this patch adds
> another two.
Smack does not use BUG_ON for routine error checking. If there
is reason to expect that these values will not be set the case
should be checked for and handled. Otherwise, I don't believe
in cluttering the code with assertions.
>
>> +
>> + if (smack_privileged(CAP_MAC_OVERRIDE))
>> + return 0;
>> +
>> + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NONE);
>> +
>> + ret = smk_access(sskp, dskp, MAY_WRITE, &ad);
>> + if (ret)
>> + return ret;
>> + return 0;
> Three redundant lines here.
>
>> +}
>> +
>> +/**
>> * smack_unix_stream_connect - Smack access on UDS
>> * @sock: one sock
>> * @other: the other sock
>> @@ -4393,6 +4457,10 @@ struct security_hook_list smack_hooks[] = {
>> LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
>> LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
>> LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
>> +
>> + LSM_HOOK_INIT(kdbus_connect, smack_kdbus_connect),
>> + LSM_HOOK_INIT(kdbus_conn_free, smack_kdbus_conn_free),
>> + LSM_HOOK_INIT(kdbus_talk, smack_kdbus_talk),
>> };
>>
>>
>> --
>> 1.9.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey@schaufler-ca.com>
To: Sergei Zviagintsev <sergei@s15v.net>,
Paul Osmialowski <p.osmialowsk@samsung.com>
Cc: Paul Moore <pmoore@redhat.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Stephen Smalley <sds@tycho.nsa.gov>, Neil Brown <neilb@suse.de>,
Mark Rustad <mark.d.rustad@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Daniel Mack <daniel@zonque.org>,
David Herrmann <dh.herrmann@googlemail.com>,
Djalal Harouni <tixxdz@opendz.org>,
Shuah Khan <shuahkh@osg.samsung.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
Karol Lewandowski <k.lewandowsk@samsung.com>,
Lukasz Skalski <l.skalski@samsung.com>
Subject: Re: [RFC 4/8] lsm: smack: smack callbacks for kdbus security hooks
Date: Thu, 09 Jul 2015 08:24:18 -0700 [thread overview]
Message-ID: <559E9222.8060604@schaufler-ca.com> (raw)
In-Reply-To: <20150709100808.GH25971@localhost.localdomain>
On 7/9/2015 3:08 AM, Sergei Zviagintsev wrote:
> Hi,
>
> On Wed, Jul 08, 2015 at 12:25:06PM +0200, Paul Osmialowski wrote:
>> This adds implementation of three smack callbacks sitting behind kdbus
>> security hooks as proposed by Karol Lewandowski.
>>
>> Originates from:
>>
>> git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus)
>> commit: fc3505d058c001fe72a6f66b833e0be5b2d118f3
>>
>> https://github.com/lmctl/linux.git (branch: kdbus-lsm-v4.for-systemd-v212)
>> commit: 103c26fd27d1ec8c32d85dd3d85681f936ac66fb
>>
>> Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
>> Signed-off-by: Paul Osmialowski <p.osmialowsk@samsung.com>
>> ---
>> security/smack/smack_lsm.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 68 insertions(+)
>>
>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>> index a143328..033b756 100644
>> --- a/security/smack/smack_lsm.c
>> +++ b/security/smack/smack_lsm.c
>> @@ -41,6 +41,7 @@
>> #include <linux/msg.h>
>> #include <linux/shm.h>
>> #include <linux/binfmts.h>
>> +#include <kdbus/connection.h>
>> #include "smack.h"
>>
>> #define TRANS_TRUE "TRUE"
>> @@ -3336,6 +3337,69 @@ static int smack_setprocattr(struct task_struct *p, char *name,
>> }
>>
>> /**
>> + * smack_kdbus_connect - Set the security blob for a KDBus connection
>> + * @conn: the connection
>> + * @secctx: smack label
>> + * @seclen: smack label length
>> + *
>> + * Returns 0
>> + */
>> +static int smack_kdbus_connect(struct kdbus_conn *conn,
>> + const char *secctx, u32 seclen)
>> +{
>> + struct smack_known *skp;
>> +
>> + if (secctx && seclen > 0)
>> + skp = smk_import_entry(secctx, seclen);
>> + else
>> + skp = smk_of_current();
>> + conn->security = skp;
>> +
>> + return 0;
>> +}
>> +
>> +/**
>> + * smack_kdbus_conn_free - Clear the security blob for a KDBus connection
>> + * @conn: the connection
>> + *
>> + * Clears the blob pointer
>> + */
>> +static void smack_kdbus_conn_free(struct kdbus_conn *conn)
>> +{
>> + conn->security = NULL;
>> +}
>> +
>> +/**
>> + * smack_kdbus_talk - Smack access on KDBus
>> + * @src: source kdbus connection
>> + * @dst: destination kdbus connection
>> + *
>> + * Return 0 if a subject with the smack of sock could access
>> + * an object with the smack of other, otherwise an error code
>> + */
>> +static int smack_kdbus_talk(const struct kdbus_conn *src,
>> + const struct kdbus_conn *dst)
>> +{
>> + struct smk_audit_info ad;
>> + struct smack_known *sskp = src->security;
>> + struct smack_known *dskp = dst->security;
>> + int ret;
>> +
>> + BUG_ON(sskp == NULL);
>> + BUG_ON(dskp == NULL);
> I am not familiar with the smack code so far, but I see that current
> security/smack/smack_lsm.c contains only one BUG_ON and this patch adds
> another two.
Smack does not use BUG_ON for routine error checking. If there
is reason to expect that these values will not be set the case
should be checked for and handled. Otherwise, I don't believe
in cluttering the code with assertions.
>
>> +
>> + if (smack_privileged(CAP_MAC_OVERRIDE))
>> + return 0;
>> +
>> + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NONE);
>> +
>> + ret = smk_access(sskp, dskp, MAY_WRITE, &ad);
>> + if (ret)
>> + return ret;
>> + return 0;
> Three redundant lines here.
>
>> +}
>> +
>> +/**
>> * smack_unix_stream_connect - Smack access on UDS
>> * @sock: one sock
>> * @other: the other sock
>> @@ -4393,6 +4457,10 @@ struct security_hook_list smack_hooks[] = {
>> LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
>> LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
>> LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
>> +
>> + LSM_HOOK_INIT(kdbus_connect, smack_kdbus_connect),
>> + LSM_HOOK_INIT(kdbus_conn_free, smack_kdbus_conn_free),
>> + LSM_HOOK_INIT(kdbus_talk, smack_kdbus_talk),
>> };
>>
>>
>> --
>> 1.9.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-07-09 15:24 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 10:25 [RFC 0/8] Introduce LSM to KDBUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 1/8] lsm: make security_file_receive available for external modules Paul Osmialowski
[not found] ` <1436351110-5902-1-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 10:25 ` [RFC 2/8] lsm: smack: Make ipc/kdbus includes visible so smack callbacks could see them Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 16:43 ` Daniel Mack
2015-07-08 10:25 ` [RFC 3/8] lsm: kdbus security hooks Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-4-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 14:14 ` Greg Kroah-Hartman
2015-07-08 10:25 ` [RFC 4/8] lsm: smack: smack callbacks for " Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 13:42 ` Stephen Smalley
2015-07-08 16:38 ` Casey Schaufler
[not found] ` <559D5201.6060400-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2015-07-08 20:07 ` Paul Moore
2015-07-08 20:07 ` Paul Moore
2015-07-09 10:08 ` Sergei Zviagintsev
[not found] ` <20150709100808.GH25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 15:24 ` Casey Schaufler [this message]
2015-07-09 15:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 5/8] kdbus: use LSM hooks in kdbus code Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-6-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
[not found] ` <1436353775.2331.2.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 12:12 ` Paul Osmialowski
2015-07-08 12:12 ` Paul Osmialowski
2015-07-09 10:55 ` Sergei Zviagintsev
[not found] ` <20150709105510.GI25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 11:28 ` Paul Osmialowski
2015-07-09 11:28 ` Paul Osmialowski
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 13:37 ` Stephen Smalley
[not found] ` <559D27AB.4010402-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-08 16:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 6/8] kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 7/8] kdbus: selftests extended Paul Osmialowski
2015-07-08 10:25 ` [RFC 8/8] kdbus: Ability to run kdbus test by executable binary name Paul Osmialowski
2015-07-08 14:16 ` Greg Kroah-Hartman
2015-07-08 14:58 ` Paul Osmialowski
2015-07-08 16:46 ` [RFC 0/8] Introduce LSM to KDBUS Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559E9222.8060604@schaufler-ca.com \
--to=casey-isgtlc1asvqwg2llvl+j4a@public.gmane.org \
--cc=daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org \
--cc=dh.herrmann-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=l.skalski-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=neilb-l3A5Bk7waGM@public.gmane.org \
--cc=p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=penguin-kernel-JPay3/Yim36HaxMnTkn67Xf5DAMn2ifp@public.gmane.org \
--cc=pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=sergei-E844GTqJAzo@public.gmane.org \
--cc=shuahkh-JPH+aEBZ4P+UEJcrhfAQsw@public.gmane.org \
--cc=tixxdz-Umm1ozX2/EEdnm+yROfE0A@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.