From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints
Date: Fri, 9 Oct 2015 10:31:07 -0400
Message-ID: <5617CFAB.1050607@tycho.nsa.gov>
References: <20151007230615.7823.74519.stgit@localhost>
	<20151007230822.7823.96688.stgit@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20151007230822.7823.96688.stgit@localhost>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Paul Moore <pmoore@redhat.com>, linux-security-module@vger.kernel.org, linux-audit@redhat.com, selinux@tycho.nsa.gov
Cc: Paul Osmialowski <p.osmialowsk@samsung.com>
List-Id: linux-audit@redhat.com

On 10/07/2015 07:08 PM, Paul Moore wrote:
> In order to effectively enforce LSM based access controls we need to
> have more information about the kdbus endpoint creator than the
> uid/gid currently stored in the kdbus_node_type struct.  This patch
> replaces the uid/gid values with a reference to the node creator's
> credential struct which serves the needs of both the kdbus DAC access
> controls as well as the LSM's access controls.
>
> Two macros have also been created, kdbus_node_[uid,gid](), which can
> be used to easily extract the euid/egid information from the new
> credential reference.  The effective uid/gid is used as it was used
> in all areas of the previous kdbus code except for areas where the
> uid/gid was never set beyond the basic initialization to zero/root;
> I expect this was a bug that was never caught as the node creator in
> these cases was always expect to be root.
>
> Signed-off-by: Paul Moore <pmoore@redhat.com>
>
> ---
> ChangeLog:
> - v3
>   * Ported to the 4.3-rc4 based kdbus tree
> - v2
>   * Initial draft
> ---
>   ipc/kdbus/bus.c      |   13 +++++--------
>   ipc/kdbus/endpoint.c |   14 ++++----------
>   ipc/kdbus/endpoint.h |    3 +--
>   ipc/kdbus/fs.c       |    4 ++--
>   ipc/kdbus/node.c     |   11 ++++-------
>   ipc/kdbus/node.h     |    5 +++--
>   6 files changed, 19 insertions(+), 31 deletions(-)
>

> diff --git a/ipc/kdbus/node.c b/ipc/kdbus/node.c
> index 89f58bc..cd0c1a0 100644
> --- a/ipc/kdbus/node.c
> +++ b/ipc/kdbus/node.c
> @@ -12,6 +12,7 @@
>    */
>
>   #include <linux/atomic.h>
> +#include <linux/cred.h>
>   #include <linux/fs.h>
>   #include <linux/idr.h>
>   #include <linux/kdev_t.h>
> @@ -170,13 +171,7 @@
>    *                         node initialization. They must remain constant. If
>    *                         NULL, they're skipped.
>    *
> - *     * node->mode: filesystem access modes

mode still remains