From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <pmoore@redhat.com>,
linux-security-module@vger.kernel.org, linux-audit@redhat.com,
selinux@tycho.nsa.gov
Cc: Paul Osmialowski <p.osmialowsk@samsung.com>
Subject: Re: [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy
Date: Fri, 9 Oct 2015 12:38:54 -0400 [thread overview]
Message-ID: <5617ED9E.4030701@tycho.nsa.gov> (raw)
In-Reply-To: <20151007230842.7823.70790.stgit@localhost>
On 10/07/2015 07:08 PM, Paul Moore wrote:
> SELinux treats kdbus service names as objects and therefore needs a
> mechanism to map service names to security labels. This patch adds
> support for loading kdbus name/label matches with the security policy.
>
> The patch supports service name prefix matching to lessen the burden
> on the policy developers and reduce the size of the resulting policy.
>
> Signed-off-by: Paul Moore <pmoore@redhat.com>
>
> ---
> ChangeLog:
> - v3
> * Ported to the 4.3-rc4 based kdbus tree, v2 hacks removed
> - v2
> * Porting needed to work with ioctl xperms
> - v1
> * Initial draft
> ---
> security/selinux/include/security.h | 5 ++
> security/selinux/ss/policydb.c | 88 +++++++++++++++++++++++++++++------
> security/selinux/ss/policydb.h | 3 +
> security/selinux/ss/services.c | 38 +++++++++++++++
> 4 files changed, 116 insertions(+), 18 deletions(-)
>
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 992a315..9be2e6d 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -2111,7 +2116,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
> int i, j, rc;
> u32 nel, len;
> __le32 buf[3];
> - struct ocontext *l, *c;
> + struct ocontext *l, *l2, *c;
> u32 nodebuf[8];
>
> for (i = 0; i < info->ocon_num; i++) {
> @@ -2130,6 +2135,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
> l->next = c;
> else
> p->ocontexts[i] = c;
> + l2 = l;
> l = c;
>
> switch (i) {
> @@ -2219,6 +2225,43 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
> goto out;
> break;
> }
> + case OCON_KDBUS: {
> + struct ocontext *iter, *last;
> + u32 len2;
> +
> + rc = next_entry(buf, fp, sizeof(u32));
> + if (rc)
> + goto out;
> + len = le32_to_cpu(buf[0]);
> + rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
> + if (rc)
> + goto out;
> + rc = context_read_and_validate(&c->context[0], p, fp);
> + if (rc) {
> + kfree(c->u.name);
> + goto out;
> + }
> +
> + /* sort by ->u.name length, longest first */
> + last = NULL;
> + iter = p->ocontexts[OCON_KDBUS];
> + while (iter != c) {
> + len2 = strlen(iter->u.name);
> + if (len > len2) {
> + if (l2)
> + l2->next = NULL;
> + c->next = iter;
> + if (last == NULL)
> + p->ocontexts[i] = c;
> + else
> + last->next = c;
> + break;
> + }
> + last = iter;
> + iter = iter->next;
> + }
> + break;
This seems complicated compared to genfs_read() due to the fact that
ocontext_read() pre-inserts node into the list. Maybe we should change
ocontext_read() to defer insertion until after the switch statement, and
then we don't have to un-link and re-link these entries?
> + }
> }
> }
> }
> @@ -3147,6 +3190,19 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
> if (rc)
> return rc;
> break;
> + case OCON_KDBUS:
> + len = strlen(c->u.name);
> + buf[0] = cpu_to_le32(len);
> + rc = put_entry(buf, sizeof(u32), 1, fp);
> + if (rc)
> + return rc;
> + rc = put_entry(c->u.name, len, 1, fp);
> + if (rc)
> + return rc;
> + rc = context_write(p, &c->context[0], fp);
> + if (rc)
> + return rc;
> + break;
> }
> }
> }
> diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
> index 725d594..ee9c120 100644
> --- a/security/selinux/ss/policydb.h
> +++ b/security/selinux/ss/policydb.h
> @@ -222,7 +222,8 @@ struct genfs {
> #define OCON_NODE 4 /* nodes */
> #define OCON_FSUSE 5 /* fs_use */
> #define OCON_NODE6 6 /* IPv6 nodes */
> -#define OCON_NUM 7
> +#define OCON_KDBUS 7 /* kdbus names */
> +#define OCON_NUM 8
>
> /* The policy database */
> struct policydb {
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index b7df12b..ada2d28 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2536,6 +2536,44 @@ int security_genfs_sid(const char *fstype,
> }
>
> /**
> + * security_kdbus_sid - Obtain a SID for a kdbus name
> + * @name: kdbus name
> + * @sid: SID for the kdbus name
> + *
> + * Obtain a SID for the given kdbus service name. Returns zero on success,
> + * negative values on error.
> + */
> +int security_kdbus_sid(const char *name, u32 *sid)
> +{
> + int rc = 0;
> + struct ocontext *c;
> +
> + read_lock(&policy_rwlock);
> +
> + c = policydb.ocontexts[OCON_KDBUS];
> + while (c) {
> + if (strncmp(c->u.name, name, strlen(c->u.name)) == 0)
> + break;
> + c = c->next;
> + }
> +
> + if (c) {
> + if (!c->sid[0]) {
> + rc = sidtab_context_to_sid(&sidtab,
> + &c->context[0], &c->sid[0]);
> + if (rc)
> + goto out;
> + }
> + *sid = c->sid[0];
> + } else
> + *sid = SECINITSID_UNLABELED;
> +
> +out:
> + read_unlock(&policy_rwlock);
> + return rc;
> +}
> +
> +/**
> * security_fs_use - Determine how to handle labeling for a filesystem.
> * @sb: superblock in question
> */
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
next prev parent reply other threads:[~2015-10-09 16:38 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-07 23:08 [RFC PATCH v3 0/5] kdbus LSM/SELinux hooks Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints Paul Moore
2015-10-09 14:31 ` Stephen Smalley
2015-10-09 14:57 ` Paul Moore
2015-10-09 14:57 ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus Paul Moore
2015-10-09 14:56 ` Stephen Smalley
2015-10-19 22:29 ` Paul Moore
2015-10-19 22:29 ` Paul Moore
2015-10-20 20:41 ` Stephen Smalley
2015-10-20 20:41 ` Stephen Smalley
2015-10-29 20:38 ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names Paul Moore
2015-10-09 14:57 ` Stephen Smalley
2015-10-09 16:25 ` Steve Grubb
2015-10-09 16:25 ` Steve Grubb
2015-10-09 16:40 ` Stephen Smalley
2015-10-09 16:40 ` Stephen Smalley
2015-10-07 23:08 ` [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy Paul Moore
2015-10-09 16:38 ` Stephen Smalley [this message]
2015-10-07 23:08 ` [RFC PATCH v3 5/5] selinux: introduce kdbus access controls Paul Moore
2015-10-08 16:55 ` Paul Moore
2015-10-08 16:55 ` Paul Moore
2015-10-09 15:05 ` Stephen Smalley
2015-10-09 15:39 ` Paul Moore
2015-10-09 15:39 ` Paul Moore
2015-10-09 20:17 ` Stephen Smalley
2015-10-09 20:17 ` Stephen Smalley
2015-10-09 20:29 ` Paul Moore
2015-10-09 20:29 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5617ED9E.4030701@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=p.osmialowsk@samsung.com \
--cc=pmoore@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.