From: "Günther Noack" <gnoack@google.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>,
Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
Paul Moore <paul@paul-moore.com>,
Tahera Fahimi <fahimitahera@gmail.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4 3/3] landlock: Optimize scope enforcement
Date: Sat, 9 Nov 2024 19:30:28 +0100 [thread overview]
Message-ID: <Zy-qROSRm1rb_pww@google.com> (raw)
In-Reply-To: <20241109110856.222842-4-mic@digikod.net>
On Sat, Nov 09, 2024 at 12:08:56PM +0100, Mickaël Salaün wrote:
> Do not walk through the domain hierarchy when the required scope is not
> supported by this domain. This is the same approach as for filesystem
> and network restrictions.
>
> Cc: Günther Noack <gnoack@google.com>
> Cc: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
> Cc: Tahera Fahimi <fahimitahera@gmail.com>
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> Link: https://lore.kernel.org/r/20241109110856.222842-4-mic@digikod.net
> ---
>
> Changes since v2:
> * Make the unix_scope variable global to the file and remove
> previous get_current_unix_scope_domain().
> ---
> security/landlock/task.c | 18 +++++++++++++++---
> 1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/security/landlock/task.c b/security/landlock/task.c
> index 4acbd7c40eee..dc7dab78392e 100644
> --- a/security/landlock/task.c
> +++ b/security/landlock/task.c
> @@ -204,12 +204,17 @@ static bool is_abstract_socket(struct sock *const sock)
> return false;
> }
>
> +static const struct access_masks unix_scope = {
> + .scope = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET,
> +};
Optional nit: You could probably inline these two struct access_masks values
into the respective functions where they are used. (But it's just a minor code
style matter IMHO; both ways are fine.)
> +
> static int hook_unix_stream_connect(struct sock *const sock,
> struct sock *const other,
> struct sock *const newsk)
> {
> const struct landlock_ruleset *const dom =
> - landlock_get_current_domain();
> + landlock_get_applicable_domain(landlock_get_current_domain(),
> + unix_scope);
>
> /* Quick return for non-landlocked tasks. */
> if (!dom)
> @@ -225,7 +230,8 @@ static int hook_unix_may_send(struct socket *const sock,
> struct socket *const other)
> {
> const struct landlock_ruleset *const dom =
> - landlock_get_current_domain();
> + landlock_get_applicable_domain(landlock_get_current_domain(),
> + unix_scope);
>
> if (!dom)
> return 0;
> @@ -243,6 +249,10 @@ static int hook_unix_may_send(struct socket *const sock,
> return 0;
> }
>
> +static const struct access_masks signal_scope = {
> + .scope = LANDLOCK_SCOPE_SIGNAL,
> +};
> +
> static int hook_task_kill(struct task_struct *const p,
> struct kernel_siginfo *const info, const int sig,
> const struct cred *const cred)
> @@ -256,6 +266,7 @@ static int hook_task_kill(struct task_struct *const p,
> } else {
> dom = landlock_get_current_domain();
> }
> + dom = landlock_get_applicable_domain(dom, signal_scope);
>
> /* Quick return for non-landlocked tasks. */
> if (!dom)
> @@ -279,7 +290,8 @@ static int hook_file_send_sigiotask(struct task_struct *tsk,
>
> /* Lock already held by send_sigio() and send_sigurg(). */
> lockdep_assert_held(&fown->lock);
> - dom = landlock_file(fown->file)->fown_domain;
> + dom = landlock_get_applicable_domain(
> + landlock_file(fown->file)->fown_domain, signal_scope);
>
> /* Quick return for unowned socket. */
> if (!dom)
> --
> 2.47.0
>
Reviewed-by: Günther Noack <gnoack@google.com>
Looks good!
—Günther
next prev parent reply other threads:[~2024-11-09 18:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-09 11:08 [PATCH v4 0/3] Refactor Landlock access mask management Mickaël Salaün
2024-11-09 11:08 ` [PATCH v4 1/3] landlock: Refactor filesystem " Mickaël Salaün
2024-11-09 11:14 ` Mickaël Salaün
2024-11-09 18:36 ` Günther Noack
2024-11-09 18:21 ` Günther Noack
2024-11-09 11:08 ` [PATCH v4 2/3] landlock: Refactor network " Mickaël Salaün
2024-11-09 18:23 ` Günther Noack
2024-11-09 11:08 ` [PATCH v4 3/3] landlock: Optimize scope enforcement Mickaël Salaün
2024-11-09 18:30 ` Günther Noack [this message]
2024-11-09 18:47 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zy-qROSRm1rb_pww@google.com \
--to=gnoack@google.com \
--cc=fahimitahera@gmail.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.