* [PATCH 51/59] LSM: Add the release function to the lsm_context
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
In order to ensure that the release function for a
lsm_context matches the LSM that allocated it an element
is added to the lsm_context structure to contain a
pointer to it. This function is called in security_release_secctx
instead of relying on a value in a hook list.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 6 ------
include/linux/security.h | 1 +
security/apparmor/lsm.c | 1 -
security/apparmor/secid.c | 11 ++++++-----
security/security.c | 5 ++++-
security/selinux/hooks.c | 14 ++++++++------
security/smack/smack_lsm.c | 16 ++++++++--------
7 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 11bfa0a4f188..1d364e211639 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1329,10 +1329,6 @@
* @cp contains the security context.
* @l contains the pointer to the generated security data.
*
- * @release_secctx:
- * Release the security context.
- * @secdata contains the security context.
- *
* Security hooks for Audit
*
* @audit_rule_init:
@@ -1670,7 +1666,6 @@ union security_list_options {
int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
int (*secctx_to_secid)(const struct lsm_context *cp,
struct lsm_export *l);
- void (*release_secctx)(struct lsm_context *cp);
void (*inode_invalidate_secctx)(struct inode *inode);
int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
@@ -1947,7 +1942,6 @@ struct security_hook_heads {
struct hlist_head ismaclabel;
struct hlist_head secid_to_secctx;
struct hlist_head secctx_to_secid;
- struct hlist_head release_secctx;
struct hlist_head inode_invalidate_secctx;
struct hlist_head inode_notifysecctx;
struct hlist_head inode_setsecctx;
diff --git a/include/linux/security.h b/include/linux/security.h
index 0ec12fce69e2..76681aca95cb 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -124,6 +124,7 @@ extern struct lsm_export *lsm_export_skb(struct sk_buff *skb);
struct lsm_context {
char *context;
u32 len;
+ void (*release)(struct lsm_context *cp); /* frees .context */
};
static inline void lsm_context_init(struct lsm_context *cp)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 76c409737370..771b0ae24a5f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1225,7 +1225,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx),
LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid),
- LSM_HOOK_INIT(release_secctx, apparmor_release_secctx),
};
/*
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 9dc17903a936..30fd4ad80948 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -81,6 +81,11 @@ static inline void aa_export_secid(struct lsm_export *l, u32 secid)
l->apparmor = secid;
}
+void apparmor_release_secctx(struct lsm_context *cp)
+{
+ kfree(cp->context);
+}
+
int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
{
/* TODO: cache secctx and ref count so we don't have to recreate */
@@ -105,6 +110,7 @@ int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
return -ENOMEM;
cp->len = len;
+ cp->release = apparmor_release_secctx;
return 0;
}
@@ -122,11 +128,6 @@ int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
return 0;
}
-void apparmor_release_secctx(struct lsm_context *cp)
-{
- kfree(cp->context);
-}
-
/**
* aa_alloc_secid - allocate a new secid for a profile
* @label: the label to allocate a secid for
diff --git a/security/security.c b/security/security.c
index 7cc2ec984b7d..8bb1be7f2b85 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2002,7 +2002,10 @@ EXPORT_SYMBOL(security_secctx_to_secid);
void security_release_secctx(struct lsm_context *cp)
{
- call_one_void_hook(release_secctx, cp);
+ if (WARN_ON(cp->release == NULL))
+ return;
+ cp->release(cp);
+ lsm_context_init(cp);
}
EXPORT_SYMBOL(security_release_secctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7bf73493d10d..0e347a26c3d8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2812,6 +2812,11 @@ static void selinux_inode_free_security(struct inode *inode)
inode_free_security(inode);
}
+static void selinux_release_secctx(struct lsm_context *cp)
+{
+ kfree(cp->context);
+}
+
static int selinux_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name,
struct lsm_context *cp)
@@ -2826,6 +2831,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
if (rc)
return rc;
+ cp->release = selinux_release_secctx;
return security_sid_to_context(&selinux_state, newsid, &cp->context,
&cp->len);
}
@@ -6306,6 +6312,7 @@ static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
u32 secid;
selinux_import_secid(l, &secid);
+ cp->release = selinux_release_secctx;
if (l->flags & LSM_EXPORT_LENGTH)
return security_sid_to_context(&selinux_state, secid,
NULL, &cp->len);
@@ -6325,11 +6332,6 @@ static int selinux_secctx_to_secid(const struct lsm_context *cp,
return rc;
}
-static void selinux_release_secctx(struct lsm_context *cp)
-{
- kfree(cp->context);
-}
-
static void selinux_inode_invalidate_secctx(struct inode *inode)
{
struct inode_security_struct *isec = selinux_inode(inode);
@@ -6367,6 +6369,7 @@ static int selinux_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
if (len < 0)
return len;
cp->len = len;
+ cp->release = selinux_release_secctx;
return 0;
}
#ifdef CONFIG_KEYS
@@ -6781,7 +6784,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
- LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1b5b3e421bff..e00346799cdf 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4425,6 +4425,12 @@ static int smack_ismaclabel(const char *name)
return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
}
+/*
+ * The smack_release_secctx hook does nothing
+ */
+static void smack_release_secctx(struct lsm_context *cp)
+{
+}
/**
* smack_secid_to_secctx - return the smack label for a secid
@@ -4444,6 +4450,7 @@ static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
cp->context = (l->flags & LSM_EXPORT_LENGTH) ? NULL : skp->smk_known;
cp->len = strlen(skp->smk_known);
+ cp->release = smack_release_secctx;
return 0;
}
@@ -4467,13 +4474,6 @@ static int smack_secctx_to_secid(const struct lsm_context *cp,
return 0;
}
-/*
- * The smack_release_secctx hook does nothing
- */
-static void smack_release_secctx(struct lsm_context *cp)
-{
-}
-
static int smack_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
{
return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, cp->context,
@@ -4491,6 +4491,7 @@ static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
cp->context = skp->smk_known;
cp->len = strlen(skp->smk_known);
+ cp->release = smack_release_secctx;
return 0;
}
@@ -4713,7 +4714,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
- LSM_HOOK_INIT(release_secctx, smack_release_secctx),
LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
--
2.19.1
^ permalink raw reply related
* [PATCH 50/59] fs: remove lsm_context scaffolding
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
The conversion from secctx/seclen pairs to the lsm_context
structure used scaffolding in kernfs and nfs. Replace the
secctx/seclen pairs in the filesystem local datastructures
with a lsm_context.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/kernfs/dir.c | 9 +++------
fs/kernfs/inode.c | 13 +++++--------
fs/kernfs/kernfs-internal.h | 3 +--
fs/nfs/inode.c | 15 ++++++---------
fs/nfs/internal.h | 8 ++++----
fs/nfs/nfs4proc.c | 27 +++++++++++----------------
fs/nfs/nfs4xdr.c | 16 +++++++++-------
include/linux/nfs4.h | 8 ++++----
8 files changed, 43 insertions(+), 56 deletions(-)
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 11672c075a8b..48506e856573 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -532,12 +532,9 @@ void kernfs_put(struct kernfs_node *kn)
kfree_const(kn->name);
if (kn->iattr) {
- if (kn->iattr->ia_secdata) {
- struct lsm_context lc; /* Scaffolding -Casey */
- lc.context = kn->iattr->ia_secdata;
- lc.len = kn->iattr->ia_secdata_len;
- security_release_secctx(&lc);
- }
+ if (kn->iattr->ia_context.context)
+ security_release_secctx(
+ &kn->iattr->ia_context);
simple_xattrs_free(&kn->iattr->xattrs);
kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
}
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 45781f0da80f..4c7da446d210 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -141,11 +141,11 @@ static int kernfs_node_setsecdata(struct kernfs_iattrs *attrs, void **secdata,
void *old_secdata;
size_t old_secdata_len;
- old_secdata = attrs->ia_secdata;
- old_secdata_len = attrs->ia_secdata_len;
+ old_secdata = attrs->ia_context.context;
+ old_secdata_len = attrs->ia_context.len;
- attrs->ia_secdata = *secdata;
- attrs->ia_secdata_len = *secdata_len;
+ attrs->ia_context.context = *secdata;
+ attrs->ia_context.len = *secdata_len;
*secdata = old_secdata;
*secdata_len = old_secdata_len;
@@ -184,7 +184,6 @@ static inline void set_inode_attr(struct inode *inode, struct iattr *iattr)
static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
{
struct kernfs_iattrs *attrs = kn->iattr;
- struct lsm_context lc; /* Scaffolding -Casey */
inode->i_mode = kn->mode;
if (attrs) {
@@ -193,9 +192,7 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
* persistent copy in kernfs_node.
*/
set_inode_attr(inode, &attrs->ia_iattr);
- lc.context = attrs->ia_secdata;
- lc.len = attrs->ia_secdata_len;
- security_inode_notifysecctx(inode, &lc);
+ security_inode_notifysecctx(inode, &attrs->ia_context);
}
if (kernfs_type(kn) == KERNFS_DIR)
diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h
index 0b7d197a904c..2a870795bb3e 100644
--- a/fs/kernfs/kernfs-internal.h
+++ b/fs/kernfs/kernfs-internal.h
@@ -21,8 +21,7 @@
struct kernfs_iattrs {
struct iattr ia_iattr;
- void *ia_secdata;
- u32 ia_secdata_len;
+ struct lsm_context ia_context;
struct simple_xattrs xattrs;
};
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 8d0be9767b14..a9a3ec40a90c 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -340,22 +340,19 @@ static void nfs_clear_label_invalid(struct inode *inode)
void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,
struct nfs4_label *label)
{
- struct lsm_context lc; /* Scaffolding -Casey */
int error;
if (label == NULL)
return;
if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) {
- lc.context = label->label;
- lc.len = label->len;
- error = security_inode_notifysecctx(inode, &lc);
+ error = security_inode_notifysecctx(inode, &label->context);
if (error)
printk(KERN_ERR "%s() %s %d "
"security_inode_notifysecctx() %d\n",
__func__,
- (char *)label->label,
- label->len, error);
+ label->context.context,
+ label->context.len, error);
nfs_clear_label_invalid(inode);
}
}
@@ -375,12 +372,12 @@ struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags)
if (label == NULL)
return ERR_PTR(-ENOMEM);
- label->label = kzalloc(NFS4_MAXLABELLEN, flags);
- if (label->label == NULL) {
+ label->context.context = kzalloc(NFS4_MAXLABELLEN, flags);
+ if (label->context.context == NULL) {
kfree(label);
return ERR_PTR(-ENOMEM);
}
- label->len = NFS4_MAXLABELLEN;
+ label->context.len = NFS4_MAXLABELLEN;
return label;
}
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index c7cf23ae6597..63de73024b5f 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -307,20 +307,20 @@ nfs4_label_copy(struct nfs4_label *dst, struct nfs4_label *src)
if (!dst || !src)
return NULL;
- if (src->len > NFS4_MAXLABELLEN)
+ if (src->context.len > NFS4_MAXLABELLEN)
return NULL;
dst->lfs = src->lfs;
dst->pi = src->pi;
- dst->len = src->len;
- memcpy(dst->label, src->label, src->len);
+ dst->context.len = src->context.len;
+ memcpy(dst->context.context, src->context.context, src->context.len);
return dst;
}
static inline void nfs4_label_free(struct nfs4_label *label)
{
if (label) {
- kfree(label->label);
+ kfree(label->context.context);
kfree(label);
}
return;
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 8dee01eda643..b2480d0341f1 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -113,7 +113,6 @@ static inline struct nfs4_label *
nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
struct iattr *sattr, struct nfs4_label *label)
{
- struct lsm_context lc; /* Scaffolding -Casey */
int err;
if (label == NULL)
@@ -123,9 +122,7 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
return NULL;
err = security_dentry_init_security(dentry, sattr->ia_mode,
- &dentry->d_name, &lc);
- label->label = lc.context;
- label->len = lc.len;
+ &dentry->d_name, &label->context);
if (err == 0)
return label;
@@ -134,13 +131,8 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
static inline void
nfs4_label_release_security(struct nfs4_label *label)
{
- struct lsm_context lc; /* Scaffolding -Casey */
-
- if (label) {
- lc.context = label->label;
- lc.len = label->len;
- security_release_secctx(&lc);
- }
+ if (label)
+ security_release_secctx(&label->context);
}
static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
{
@@ -3556,7 +3548,9 @@ nfs4_atomic_open(struct inode *dir, struct nfs_open_context *ctx,
int open_flags, struct iattr *attr, int *opened)
{
struct nfs4_state *state;
- struct nfs4_label l = {0, 0, 0, NULL}, *label = NULL;
+ struct nfs4_label *label = NULL;
+ struct nfs4_label l = {0, 0,
+ .context = { .context = NULL, .len = 0, }, };
label = nfs4_label_init_security(dir, ctx->dentry, attr, &l);
@@ -5595,7 +5589,8 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
{
struct nfs_server *server = NFS_SERVER(inode);
struct nfs_fattr fattr;
- struct nfs4_label label = {0, 0, buflen, buf};
+ struct nfs4_label label = {0, 0,
+ .context = { .context = buf, .len = buflen, }, };
u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };
struct nfs4_getattr_arg arg = {
@@ -5621,7 +5616,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
return ret;
if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))
return -ENOENT;
- if (buflen < label.len)
+ if (buflen < label.context.len)
return -ERANGE;
return 0;
}
@@ -5713,8 +5708,8 @@ nfs4_set_security_label(struct inode *inode, const void *buf, size_t buflen)
ilabel.pi = 0;
ilabel.lfs = 0;
- ilabel.label = (char *)buf;
- ilabel.len = buflen;
+ ilabel.context.context = (char *)buf;
+ ilabel.context.len = buflen;
olabel = nfs4_label_alloc(NFS_SERVER(inode), GFP_KERNEL);
if (IS_ERR(olabel)) {
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index cfcabc33e24d..85a527ccd6d7 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -1141,7 +1141,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap,
}
if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) {
- len += 4 + 4 + 4 + (XDR_QUADLEN(label->len) << 2);
+ len += 4 + 4 + 4 + (XDR_QUADLEN(label->context.len) << 2);
bmval[2] |= FATTR4_WORD2_SECURITY_LABEL;
}
@@ -1175,8 +1175,9 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap,
if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
*p++ = cpu_to_be32(label->lfs);
*p++ = cpu_to_be32(label->pi);
- *p++ = cpu_to_be32(label->len);
- p = xdr_encode_opaque_fixed(p, label->label, label->len);
+ *p++ = cpu_to_be32(label->context.len);
+ p = xdr_encode_opaque_fixed(p, label->context.context,
+ label->context.len);
}
if (bmval[2] & FATTR4_WORD2_MODE_UMASK) {
*p++ = cpu_to_be32(iap->ia_mode & S_IALLUGO);
@@ -4163,8 +4164,8 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
return -EIO;
if (len < NFS4_MAXLABELLEN) {
if (label) {
- memcpy(label->label, p, len);
- label->len = len;
+ memcpy(label->context.context, p, len);
+ label->context.len = len;
label->pi = pi;
label->lfs = lfs;
status = NFS_ATTR_FATTR_V4_SECURITY_LABEL;
@@ -4174,9 +4175,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
printk(KERN_WARNING "%s: label too long (%u)!\n",
__func__, len);
}
- if (label && label->label)
+ if (label && label->context.context)
dprintk("%s: label=%s, len=%d, PI=%d, LFS=%d\n", __func__,
- (char *)label->label, label->len, label->pi, label->lfs);
+ (char *)label->context.context, label->context.len,
+ label->pi, label->lfs);
return status;
}
diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h
index 22494d170619..1189aad71592 100644
--- a/include/linux/nfs4.h
+++ b/include/linux/nfs4.h
@@ -15,6 +15,7 @@
#include <linux/list.h>
#include <linux/uidgid.h>
+#include <linux/security.h>
#include <uapi/linux/nfs4.h>
enum nfs4_acl_whotype {
@@ -43,10 +44,9 @@ struct nfs4_acl {
#define NFS4_MAXLABELLEN 2048
struct nfs4_label {
- uint32_t lfs;
- uint32_t pi;
- u32 len;
- char *label;
+ uint32_t lfs;
+ uint32_t pi;
+ struct lsm_context context;
};
typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier;
--
2.19.1
^ permalink raw reply related
* [PATCH 54/59] kernfs: remove lsm_context scaffolding
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Change the parameters to kernfs_node_setsecdata from a
data/length pair to a lsm_context struct as both the function
it calls and the function that calls it want that.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/kernfs/inode.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 4c7da446d210..d6e25cd7bf21 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -135,20 +135,15 @@ int kernfs_iop_setattr(struct dentry *dentry, struct iattr *iattr)
return error;
}
-static int kernfs_node_setsecdata(struct kernfs_iattrs *attrs, void **secdata,
- u32 *secdata_len)
+static int kernfs_node_setsecdata(struct kernfs_iattrs *attrs,
+ struct lsm_context *cp)
{
- void *old_secdata;
- size_t old_secdata_len;
+ struct lsm_context old_context;
- old_secdata = attrs->ia_context.context;
- old_secdata_len = attrs->ia_context.len;
+ old_context = attrs->ia_context;
+ attrs->ia_context = *cp;
+ *cp = old_context;
- attrs->ia_context.context = *secdata;
- attrs->ia_context.len = *secdata_len;
-
- *secdata = old_secdata;
- *secdata_len = old_secdata_len;
return 0;
}
@@ -363,7 +358,7 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler,
return error;
mutex_lock(&kernfs_mutex);
- error = kernfs_node_setsecdata(attrs, (void **)&lc.context, &lc.len);
+ error = kernfs_node_setsecdata(attrs, &lc);
mutex_unlock(&kernfs_mutex);
if (lc.context)
--
2.19.1
^ permalink raw reply related
* [PATCH 53/59] LSM: Use lsm_context in security_inode_setsecctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert security_inode_setsecctx to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/nfsd/nfs4proc.c | 8 ++++++--
fs/nfsd/vfs.c | 7 ++++++-
include/linux/security.h | 5 +++--
security/security.c | 8 ++------
4 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 0cfd257ffdaf..5b4ea2a317ed 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -54,12 +54,16 @@
static inline void
nfsd4_security_inode_setsecctx(struct svc_fh *resfh, struct xdr_netobj *label, u32 *bmval)
{
+ struct lsm_context lc;
struct inode *inode = d_inode(resfh->fh_dentry);
int status;
inode_lock(inode);
- status = security_inode_setsecctx(resfh->fh_dentry,
- label->data, label->len);
+
+ lsm_context_init(&lc);
+ lc.context = label->data;
+ lc.len = label->len;
+ status = security_inode_setsecctx(resfh->fh_dentry, &lc);
inode_unlock(inode);
if (status)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 7dc98e14655d..2d6dd4bb7247 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -531,6 +531,7 @@ __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
__be32 error;
int host_error;
struct dentry *dentry;
+ struct lsm_context lc;
error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR);
if (error)
@@ -539,7 +540,11 @@ __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
dentry = fhp->fh_dentry;
inode_lock(d_inode(dentry));
- host_error = security_inode_setsecctx(dentry, label->data, label->len);
+
+ lsm_context_init(&lc);
+ lc.context = label->data;
+ lc.len = label->len;
+ host_error = security_inode_setsecctx(dentry, &lc);
inode_unlock(d_inode(dentry));
return nfserrno(host_error);
}
diff --git a/include/linux/security.h b/include/linux/security.h
index 76681aca95cb..38bb4a5f52ce 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -441,7 +441,7 @@ void security_release_secctx(struct lsm_context *cp);
void security_inode_invalidate_secctx(struct inode *inode);
int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp);
-int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
+int security_inode_setsecctx(struct dentry *dentry, struct lsm_context *cp);
int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp);
#else /* CONFIG_SECURITY */
@@ -1239,7 +1239,8 @@ static inline int security_inode_notifysecctx(struct inode *inode,
{
return -EOPNOTSUPP;
}
-static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+static inline int security_inode_setsecctx(struct dentry *dentry,
+ struct lsm_context *cp)
{
return -EOPNOTSUPP;
}
diff --git a/security/security.c b/security/security.c
index 36a7034d1f91..1b4b74af0cb7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2021,13 +2021,9 @@ int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
}
EXPORT_SYMBOL(security_inode_notifysecctx);
-int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+int security_inode_setsecctx(struct dentry *dentry, struct lsm_context *cp)
{
- struct lsm_context lc;
-
- lc.context = ctx;
- lc.len = ctxlen;
- return call_int_hook(inode_setsecctx, 0, dentry, &lc);
+ return call_int_hook(inode_setsecctx, 0, dentry, cp);
}
EXPORT_SYMBOL(security_inode_setsecctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 49/59] LSM: Use lsm_context in security_secid_to_secctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_secid_to_secctx to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Add a flag for lsm_export to indicate that the caller of
security_secid_to_secctx() is only interested in the length
of the context.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
drivers/android/binder.c | 2 +-
include/linux/security.h | 13 +++++++------
include/net/scm.h | 2 +-
kernel/audit.c | 5 ++---
kernel/auditsc.c | 10 +++++-----
net/ipv4/ip_sockglue.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 11 ++++++-----
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nfnetlink_queue.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 12 ++++--------
net/netlabel/netlabel_user.c | 3 +--
security/apparmor/secid.c | 3 +--
security/security.c | 13 ++-----------
security/selinux/hooks.c | 3 +++
security/smack/smack_lsm.c | 2 +-
15 files changed, 37 insertions(+), 48 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index c2cfef13257c..58033c003cc2 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3121,7 +3121,7 @@ static void binder_transaction(struct binder_proc *proc,
struct lsm_export le;
security_task_getsecid(proc->tsk, &le);
- ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
+ ret = security_secid_to_secctx(&le, &lc);
if (ret) {
return_error = BR_FAILED_REPLY;
return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index 3b1e482f7b7a..0ec12fce69e2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -84,10 +84,11 @@ struct lsm_export {
u32 apparmor;
u32 flags;
};
-#define LSM_EXPORT_NONE 0x00
-#define LSM_EXPORT_SELINUX 0x01
-#define LSM_EXPORT_SMACK 0x02
-#define LSM_EXPORT_APPARMOR 0x04
+#define LSM_EXPORT_NONE 0x00000000
+#define LSM_EXPORT_SELINUX 0x00000001
+#define LSM_EXPORT_SMACK 0x00000002
+#define LSM_EXPORT_APPARMOR 0x00000004
+#define LSM_EXPORT_LENGTH 0x80000000 /* Only the length required */
static inline void lsm_export_init(struct lsm_export *l)
{
@@ -433,7 +434,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
-int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp);
int security_secctx_to_secid(struct lsm_context *cp, struct lsm_export *l);
void security_release_secctx(struct lsm_context *cp);
@@ -1213,7 +1214,7 @@ static inline int security_ismaclabel(const char *name)
}
static inline int security_secid_to_secctx(struct lsm_export *l,
- char **secdata, u32 *seclen)
+ struct lsm_seccontext *cp)
{
return -EOPNOTSUPP;
}
diff --git a/include/net/scm.h b/include/net/scm.h
index 7e242ebdd258..b25ca3b6a514 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -96,7 +96,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
int err;
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
- err = security_secid_to_secctx(&scm->le, &lc.context, &lc.len);
+ err = security_secid_to_secctx(&scm->le, &lc);
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY,
diff --git a/kernel/audit.c b/kernel/audit.c
index 269c76fefe40..203e5b14bea4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1428,8 +1428,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
case AUDIT_SIGNAL_INFO:
if (lsm_export_any(&audit_sig_lsm)) {
- err = security_secid_to_secctx(&audit_sig_lsm,
- &lc.context, &lc.len);
+ err = security_secid_to_secctx(&audit_sig_lsm, &lc);
if (err)
return err;
}
@@ -2076,7 +2075,7 @@ int audit_log_task_context(struct audit_buffer *ab)
if (!lsm_export_any(&le))
return 0;
- error = security_secid_to_secctx(&le, &lc.context, &lc.len);
+ error = security_secid_to_secctx(&le, &lc);
if (error) {
if (error != -EINVAL)
goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4dab81c7aca0..ceefd17467f9 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -938,7 +938,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
unsigned int sessionid,
struct lsm_export *l, char *comm)
{
- struct lsm_context lc = { .context = NULL, };
+ struct lsm_context lc;
struct audit_buffer *ab;
int rc = 0;
@@ -950,7 +950,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
if (lsm_export_any(l)) {
- if (security_secid_to_secctx(l, &lc.context, &lc.len)) {
+ if (security_secid_to_secctx(l, &lc)) {
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
@@ -1190,8 +1190,8 @@ static void show_special(struct audit_context *context, int *call_panic)
from_kgid(&init_user_ns, context->ipc.gid),
context->ipc.mode);
if (lsm_export_any(l)) {
- struct lsm_context lc = { .context = NULL, };
- if (security_secid_to_secctx(l, &lc.context, &lc.len)) {
+ struct lsm_context lc;
+ if (security_secid_to_secctx(l, &lc)) {
audit_log_format(ab, " osid=(unknown)");
*call_panic = 1;
} else {
@@ -1342,7 +1342,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
if (lsm_export_any(&n->olsm)) {
struct lsm_context lc;
- if (security_secid_to_secctx(&n->olsm, &lc.context, &lc.len)) {
+ if (security_secid_to_secctx(&n->olsm, &lc)) {
audit_log_format(ab, " osid=(unknown)");
if (call_panic)
*call_panic = 2;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 18a7fab8b2d3..56035b53952d 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -138,7 +138,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
if (err)
return;
- err = security_secid_to_secctx(&le, &lc.context, &lc.len);
+ err = security_secid_to_secctx(&le, &lc);
if (err)
return;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 49bce1b085ce..ea83909af6db 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -337,7 +337,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
le.selinux = ct->secmark;
le.smack = ct->secmark;
- ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
+ ret = security_secid_to_secctx(&le, &lc);
if (ret)
return 0;
@@ -620,20 +620,21 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct)
static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
{
#ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
+ int ret;
struct lsm_export le;
+ struct lsm_context lc;
lsm_export_init(&le);
- le.flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK;
+ le.flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK | LSM_EXPORT_LENGTH;
le.selinux = ct->secmark;
le.smack = ct->secmark;
- ret = security_secid_to_secctx(&le, NULL, &len);
+ ret = security_secid_to_secctx(&le, &lc);
if (ret)
return 0;
return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
+ + nla_total_size(sizeof(char) * lc.len); /* CTA_SECCTX_NAME */
#else
return 0;
#endif
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 97d16a51504b..797abf443a34 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -182,7 +182,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
le.selinux = ct->secmark;
le.smack = ct->secmark;
- ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
+ ret = security_secid_to_secctx(&le, &lc);
if (ret)
return;
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index b70871693368..4a3d4b52caef 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -322,7 +322,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
le.flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK;
le.selinux = skb->secmark;
le.smack = skb->secmark;
- security_secid_to_secctx(&le, &lc.context, &lc.len);
+ security_secid_to_secctx(&le, &lc);
*secdata = lc.context;
}
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 4c4a8f6df261..336d315ee8eb 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -450,7 +450,7 @@ int netlbl_unlhsh_add(struct net *net,
rcu_read_unlock();
if (audit_buf != NULL) {
struct lsm_context lc;
- if (security_secid_to_secctx(l, &lc.context, &lc.len) == 0) {
+ if (security_secid_to_secctx(l, &lc) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", lc.context);
security_release_secctx(&lc);
}
@@ -504,8 +504,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
if (dev != NULL)
dev_put(dev);
if (entry != NULL &&
- security_secid_to_secctx(&entry->le,
- &lc.context, &lc.len) == 0) {
+ security_secid_to_secctx(&entry->le, &lc) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", lc.context);
security_release_secctx(&lc);
}
@@ -544,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
struct netlbl_unlhsh_addr6 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
- char *secctx;
- u32 secctx_len;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
@@ -566,8 +563,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
if (dev != NULL)
dev_put(dev);
if (entry != NULL &&
- security_secid_to_secctx(&entry->le,
- &lc.context, &lc.len) == 0) {
+ security_secid_to_secctx(&entry->le, &lc) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", lc.context);
security_release_secctx(&lc);
}
@@ -1137,7 +1133,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
lep = (struct lsm_export *)&addr6->le;
}
- ret_val = security_secid_to_secctx(lep, &lc.context, &lc.len);
+ ret_val = security_secid_to_secctx(lep, &lc);
if (ret_val != 0)
goto list_cb_failure;
ret_val = nla_put(cb_arg->skb,
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 0418f0935199..11ea98525c4e 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -112,8 +112,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
audit_info->sessionid);
if (lsm_export_any(&audit_info->le) &&
- security_secid_to_secctx(&audit_info->le, &lc.context,
- &lc.len) == 0) {
+ security_secid_to_secctx(&audit_info->le, &lc) == 0) {
audit_log_format(audit_buf, " subj=%s", lc.context);
security_release_secctx(&lc);
}
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 46c8b9a67ac7..9dc17903a936 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -92,8 +92,7 @@ int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
if (!label)
return -EINVAL;
- /* scaffolding check - Casey */
- if (cp)
+ if (!(l->flags & LSM_EXPORT_LENGTH))
len = aa_label_asxprint(&cp->context, root_ns, label,
FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT,
diff --git a/security/security.c b/security/security.c
index fbfe20891a9f..7cc2ec984b7d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1987,18 +1987,9 @@ int security_ismaclabel(const char *name)
}
EXPORT_SYMBOL(security_ismaclabel);
-int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
+int security_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
{
- struct lsm_context lc = { .context = NULL, .len = 0, };
- int rc;
-
- rc = call_one_int_hook(secid_to_secctx, -EOPNOTSUPP, l, &lc);
- if (secdata)
- *secdata = lc.context;
- else
- security_release_secctx(&lc);
- *seclen = lc.len;
- return rc;
+ return call_one_int_hook(secid_to_secctx, -EOPNOTSUPP, l, cp);
}
EXPORT_SYMBOL(security_secid_to_secctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 332296f69f76..7bf73493d10d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6306,6 +6306,9 @@ static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
u32 secid;
selinux_import_secid(l, &secid);
+ if (l->flags & LSM_EXPORT_LENGTH)
+ return security_sid_to_context(&selinux_state, secid,
+ NULL, &cp->len);
return security_sid_to_context(&selinux_state, secid,
&cp->context, &cp->len);
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cf27905ccaa5..1b5b3e421bff 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4442,7 +4442,7 @@ static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
smack_import_secid(l, &secid);
skp = smack_from_secid(secid);
- cp->context = skp->smk_known;
+ cp->context = (l->flags & LSM_EXPORT_LENGTH) ? NULL : skp->smk_known;
cp->len = strlen(skp->smk_known);
return 0;
}
--
2.19.1
^ permalink raw reply related
* [PATCH 48/59] LSM: Use lsm_context in security_release_secctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_release_secctx to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
drivers/android/binder.c | 21 +++++++--------
fs/kernfs/dir.c | 9 ++++---
fs/kernfs/inode.c | 2 +-
fs/nfs/nfs4proc.c | 9 +++++--
fs/nfsd/nfs4xdr.c | 2 +-
include/linux/security.h | 4 +--
include/net/scm.h | 10 +++----
kernel/audit.c | 27 +++++++++----------
kernel/auditsc.c | 27 +++++++++----------
net/ipv4/ip_sockglue.c | 9 +++----
net/netfilter/nf_conntrack_netlink.c | 10 +++----
net/netfilter/nf_conntrack_standalone.c | 9 +++----
net/netfilter/nfnetlink_queue.c | 28 ++++++++++---------
net/netlabel/netlabel_unlabeled.c | 36 ++++++++++++-------------
net/netlabel/netlabel_user.c | 11 ++++----
security/security.c | 10 +++----
16 files changed, 109 insertions(+), 115 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 0eeb5b75da5b..c2cfef13257c 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2874,8 +2874,7 @@ static void binder_transaction(struct binder_proc *proc,
binder_size_t last_fixup_min_off = 0;
struct binder_context *context = proc->context;
int t_debug_id = atomic_inc_return(&binder_last_id);
- char *secctx = NULL;
- u32 secctx_sz = 0;
+ struct lsm_context lc = { .len = 0, .context = NULL, };
e = binder_transaction_log_add(&binder_transaction_log);
e->debug_id = t_debug_id;
@@ -3122,14 +3121,14 @@ static void binder_transaction(struct binder_proc *proc,
struct lsm_export le;
security_task_getsecid(proc->tsk, &le);
- ret = security_secid_to_secctx(&le, &secctx, &secctx_sz);
+ ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
if (ret) {
return_error = BR_FAILED_REPLY;
return_error_param = ret;
return_error_line = __LINE__;
goto err_get_secctx_failed;
}
- extra_buffers_size += ALIGN(secctx_sz, sizeof(u64));
+ extra_buffers_size += ALIGN(lc.len, sizeof(u64));
}
trace_binder_transaction(reply, t, target_node);
@@ -3148,18 +3147,18 @@ static void binder_transaction(struct binder_proc *proc,
t->buffer = NULL;
goto err_binder_alloc_buf_failed;
}
- if (secctx) {
+ if (lc.context) {
size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) +
ALIGN(tr->offsets_size, sizeof(void *)) +
ALIGN(extra_buffers_size, sizeof(void *)) -
- ALIGN(secctx_sz, sizeof(u64));
+ ALIGN(lc.len, sizeof(u64));
t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset;
binder_alloc_copy_to_buffer(&target_proc->alloc,
t->buffer, buf_offset,
- secctx, secctx_sz);
- security_release_secctx(secctx, secctx_sz);
- secctx = NULL;
+ lc.context, lc.len);
+ security_release_secctx(&lc);
+ lc.context = NULL;
}
t->buffer->debug_id = t->debug_id;
t->buffer->transaction = t;
@@ -3479,8 +3478,8 @@ static void binder_transaction(struct binder_proc *proc,
t->buffer->transaction = NULL;
binder_alloc_free_buf(&target_proc->alloc, t->buffer);
err_binder_alloc_buf_failed:
- if (secctx)
- security_release_secctx(secctx, secctx_sz);
+ if (lc.context)
+ security_release_secctx(&lc);
err_get_secctx_failed:
kfree(tcomplete);
binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index b84d635567d3..11672c075a8b 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -532,9 +532,12 @@ void kernfs_put(struct kernfs_node *kn)
kfree_const(kn->name);
if (kn->iattr) {
- if (kn->iattr->ia_secdata)
- security_release_secctx(kn->iattr->ia_secdata,
- kn->iattr->ia_secdata_len);
+ if (kn->iattr->ia_secdata) {
+ struct lsm_context lc; /* Scaffolding -Casey */
+ lc.context = kn->iattr->ia_secdata;
+ lc.len = kn->iattr->ia_secdata_len;
+ security_release_secctx(&lc);
+ }
simple_xattrs_free(&kn->iattr->xattrs);
kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
}
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 41c5afc698fc..45781f0da80f 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -370,7 +370,7 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler,
mutex_unlock(&kernfs_mutex);
if (lc.context)
- security_release_secctx(lc.context, lc.len);
+ security_release_secctx(&lc);
return error;
}
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index de000649f9f3..8dee01eda643 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -134,8 +134,13 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
static inline void
nfs4_label_release_security(struct nfs4_label *label)
{
- if (label)
- security_release_secctx(label->label, label->len);
+ struct lsm_context lc; /* Scaffolding -Casey */
+
+ if (label) {
+ lc.context = label->label;
+ lc.len = label->len;
+ security_release_secctx(&lc);
+ }
}
static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
{
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 1bf34730d054..3d1251bd588f 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2918,7 +2918,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
out:
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
if (lc.context)
- security_release_secctx(lc.context, lc.len);
+ security_release_secctx(&lc);
#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
kfree(acl);
if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index 9a842a20b4b7..3b1e482f7b7a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -435,7 +435,7 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen);
int security_secctx_to_secid(struct lsm_context *cp, struct lsm_export *l);
-void security_release_secctx(char *secdata, u32 seclen);
+void security_release_secctx(struct lsm_context *cp);
void security_inode_invalidate_secctx(struct inode *inode);
int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp);
@@ -1224,7 +1224,7 @@ static inline int security_secctx_to_secid(struct lsm_context *cp,
return -EOPNOTSUPP;
}
-static inline void security_release_secctx(char *secdata, u32 seclen)
+static inline void security_release_secctx(struct lsm_context *cp);
{
}
diff --git a/include/net/scm.h b/include/net/scm.h
index b5d1c24318e3..7e242ebdd258 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,16 +92,16 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
#ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{
- char *secdata;
- u32 seclen;
+ struct lsm_context lc;
int err;
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
- err = security_secid_to_secctx(&scm->le, &secdata, &seclen);
+ err = security_secid_to_secctx(&scm->le, &lc.context, &lc.len);
if (!err) {
- put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
- security_release_secctx(secdata, seclen);
+ put_cmsg(msg, SOL_SOCKET, SCM_SECURITY,
+ lc.len, lc.context);
+ security_release_secctx(&lc);
}
}
}
diff --git a/kernel/audit.c b/kernel/audit.c
index d83d1f05c95d..269c76fefe40 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1191,8 +1191,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
struct audit_buffer *ab;
u16 msg_type = nlh->nlmsg_type;
struct audit_sig_info *sig_data;
- char *ctx = NULL;
- u32 len;
+ struct lsm_context lc = { .context = NULL, .len = 0, };
err = audit_netlink_ok(skb, msg_type);
if (err)
@@ -1428,27 +1427,26 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
break;
}
case AUDIT_SIGNAL_INFO:
- len = 0;
if (lsm_export_any(&audit_sig_lsm)) {
- err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
- &len);
+ err = security_secid_to_secctx(&audit_sig_lsm,
+ &lc.context, &lc.len);
if (err)
return err;
}
- sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
+ sig_data = kmalloc(sizeof(*sig_data) + lc.len, GFP_KERNEL);
if (!sig_data) {
if (lsm_export_any(&audit_sig_lsm))
- security_release_secctx(ctx, len);
+ security_release_secctx(&lc);
return -ENOMEM;
}
sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
sig_data->pid = audit_sig_pid;
if (lsm_export_any(&audit_sig_lsm)) {
- memcpy(sig_data->ctx, ctx, len);
- security_release_secctx(ctx, len);
+ memcpy(sig_data->ctx, lc.context, lc.len);
+ security_release_secctx(&lc);
}
audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
- sig_data, sizeof(*sig_data) + len);
+ sig_data, sizeof(*sig_data) + lc.len);
kfree(sig_data);
break;
case AUDIT_TTY_GET: {
@@ -2070,24 +2068,23 @@ void audit_log_key(struct audit_buffer *ab, char *key)
int audit_log_task_context(struct audit_buffer *ab)
{
- char *ctx = NULL;
- unsigned len;
int error;
struct lsm_export le;
+ struct lsm_context lc = { .context = NULL, };
security_task_getsecid(current, &le);
if (!lsm_export_any(&le))
return 0;
- error = security_secid_to_secctx(&le, &ctx, &len);
+ error = security_secid_to_secctx(&le, &lc.context, &lc.len);
if (error) {
if (error != -EINVAL)
goto error_path;
return 0;
}
- audit_log_format(ab, " subj=%s", ctx);
- security_release_secctx(ctx, len);
+ audit_log_format(ab, " subj=%s", lc.context);
+ security_release_secctx(&lc);
return 0;
error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d64775f4bb1b..4dab81c7aca0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -938,9 +938,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
unsigned int sessionid,
struct lsm_export *l, char *comm)
{
+ struct lsm_context lc = { .context = NULL, };
struct audit_buffer *ab;
- char *ctx = NULL;
- u32 len;
int rc = 0;
ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
@@ -951,12 +950,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
if (lsm_export_any(l)) {
- if (security_secid_to_secctx(l, &ctx, &len)) {
+ if (security_secid_to_secctx(l, &lc.context, &lc.len)) {
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
- audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ audit_log_format(ab, " obj=%s", lc.context);
+ security_release_secctx(&lc);
}
}
audit_log_format(ab, " ocomm=");
@@ -1191,14 +1190,13 @@ static void show_special(struct audit_context *context, int *call_panic)
from_kgid(&init_user_ns, context->ipc.gid),
context->ipc.mode);
if (lsm_export_any(l)) {
- char *ctx = NULL;
- u32 len;
- if (security_secid_to_secctx(l, &ctx, &len)) {
+ struct lsm_context lc = { .context = NULL, };
+ if (security_secid_to_secctx(l, &lc.context, &lc.len)) {
audit_log_format(ab, " osid=(unknown)");
*call_panic = 1;
} else {
- audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ audit_log_format(ab, " obj=%s", lc.context);
+ security_release_secctx(&lc);
}
}
if (context->ipc.has_perm) {
@@ -1342,16 +1340,15 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
MAJOR(n->rdev),
MINOR(n->rdev));
if (lsm_export_any(&n->olsm)) {
- char *ctx = NULL;
- u32 len;
+ struct lsm_context lc;
- if (security_secid_to_secctx(&n->olsm, &ctx, &len)) {
+ if (security_secid_to_secctx(&n->olsm, &lc.context, &lc.len)) {
audit_log_format(ab, " osid=(unknown)");
if (call_panic)
*call_panic = 2;
} else {
- audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ audit_log_format(ab, " obj=%s", lc.context);
+ security_release_secctx(&lc);
}
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index a4f37ba6dbe2..18a7fab8b2d3 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -131,20 +131,19 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
{
struct lsm_export le;
- char *secdata;
- u32 seclen;
+ struct lsm_context lc;
int err;
err = security_socket_getpeersec_dgram(NULL, skb, &le);
if (err)
return;
- err = security_secid_to_secctx(&le, &secdata, &seclen);
+ err = security_secid_to_secctx(&le, &lc.context, &lc.len);
if (err)
return;
- put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
- security_release_secctx(secdata, seclen);
+ put_cmsg(msg, SOL_IP, SCM_SECURITY, lc.len, lc.context);
+ security_release_secctx(&lc);
}
static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index d10cc1924e46..49bce1b085ce 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -328,16 +328,16 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
{
struct nlattr *nest_secctx;
- int len, ret;
- char *secctx;
+ int ret;
struct lsm_export le;
+ struct lsm_context lc;
lsm_export_init(&le);
le.flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK;
le.selinux = ct->secmark;
le.smack = ct->secmark;
- ret = security_secid_to_secctx(&le, &secctx, &len);
+ ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
if (ret)
return 0;
@@ -346,13 +346,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
if (!nest_secctx)
goto nla_put_failure;
- if (nla_put_string(skb, CTA_SECCTX_NAME, secctx))
+ if (nla_put_string(skb, CTA_SECCTX_NAME, lc.context))
goto nla_put_failure;
nla_nest_end(skb, nest_secctx);
ret = 0;
nla_put_failure:
- security_release_secctx(secctx, len);
+ security_release_secctx(&lc);
return ret;
}
#else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index d353f3efc5a5..97d16a51504b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -173,9 +173,8 @@ static void ct_seq_stop(struct seq_file *s, void *v)
static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
{
int ret;
- u32 len;
- char *secctx;
struct lsm_export le;
+ struct lsm_context lc;
/* Whichever LSM may be using the secmark */
lsm_export_init(&le);
@@ -183,13 +182,13 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
le.selinux = ct->secmark;
le.smack = ct->secmark;
- ret = security_secid_to_secctx(&le, &secctx, &len);
+ ret = security_secid_to_secctx(&le, &lc.context, &lc.len);
if (ret)
return;
- seq_printf(s, "secctx=%s ", secctx);
+ seq_printf(s, "secctx=%s ", lc.context);
- security_release_secctx(secctx, len);
+ security_release_secctx(&lc);
}
#else
static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a0670137477b..b70871693368 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -307,9 +307,9 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk)
static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
{
- u32 seclen = 0;
#if IS_ENABLED(CONFIG_NETWORK_SECMARK)
struct lsm_export le;
+ struct lsm_context lc = { .context = NULL, .len = 0, };
if (!skb || !sk_fullsock(skb->sk))
return 0;
@@ -322,12 +322,15 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
le.flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK;
le.selinux = skb->secmark;
le.smack = skb->secmark;
- security_secid_to_secctx(&le, secdata, &seclen);
+ security_secid_to_secctx(&le, &lc.context, &lc.len);
+ *secdata = lc.context;
}
read_unlock_bh(&skb->sk->sk_callback_lock);
+ return lc.len;
+#else
+ return 0;
#endif
- return seclen;
}
static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
@@ -403,8 +406,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
enum ip_conntrack_info uninitialized_var(ctinfo);
struct nfnl_ct_hook *nfnl_ct;
bool csum_verify;
- char *secdata = NULL;
- u32 seclen = 0;
+ struct lsm_context lc = { .context = NULL, };
size = nlmsg_total_size(sizeof(struct nfgenmsg))
+ nla_total_size(sizeof(struct nfqnl_msg_packet_hdr))
@@ -470,9 +472,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
}
if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) {
- seclen = nfqnl_get_sk_secctx(entskb, &secdata);
- if (seclen)
- size += nla_total_size(seclen);
+ lc.len = nfqnl_get_sk_secctx(entskb, &lc.context);
+ if (lc.len)
+ size += nla_total_size(lc.len);
}
skb = alloc_skb(size, GFP_ATOMIC);
@@ -605,7 +607,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
nfqnl_put_sk_uidgid(skb, entskb->sk) < 0)
goto nla_put_failure;
- if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata))
+ if (lc.len && nla_put(skb, NFQA_SECCTX, lc.len, lc.context))
goto nla_put_failure;
if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0)
@@ -633,8 +635,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
}
nlh->nlmsg_len = skb->len;
- if (seclen)
- security_release_secctx(secdata, seclen);
+ if (lc.context)
+ security_release_secctx(&lc);
return skb;
nla_put_failure:
@@ -642,8 +644,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
kfree_skb(skb);
net_err_ratelimited("nf_queue: error creating packet message\n");
nlmsg_failure:
- if (seclen)
- security_release_secctx(secdata, seclen);
+ if (lc.context)
+ security_release_secctx(&lc);
return NULL;
}
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 707ea5a364b0..4c4a8f6df261 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -387,8 +387,6 @@ int netlbl_unlhsh_add(struct net *net,
struct net_device *dev;
struct netlbl_unlhsh_iface *iface;
struct audit_buffer *audit_buf = NULL;
- char *secctx = NULL;
- u32 secctx_len;
if (addr_len != sizeof(struct in_addr) &&
addr_len != sizeof(struct in6_addr))
@@ -451,9 +449,10 @@ int netlbl_unlhsh_add(struct net *net,
unlhsh_add_return:
rcu_read_unlock();
if (audit_buf != NULL) {
- if (security_secid_to_secctx(l, &secctx, &secctx_len) == 0) {
- audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ struct lsm_context lc;
+ if (security_secid_to_secctx(l, &lc.context, &lc.len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", lc.context);
+ security_release_secctx(&lc);
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
@@ -484,8 +483,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
struct netlbl_unlhsh_addr4 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
- char *secctx;
- u32 secctx_len;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
@@ -499,6 +496,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
audit_info);
if (audit_buf != NULL) {
+ struct lsm_context lc;
dev = dev_get_by_index(net, iface->ifindex);
netlbl_af4list_audit_addr(audit_buf, 1,
(dev != NULL ? dev->name : NULL),
@@ -507,9 +505,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
dev_put(dev);
if (entry != NULL &&
security_secid_to_secctx(&entry->le,
- &secctx, &secctx_len) == 0) {
- audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ &lc.context, &lc.len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", lc.context);
+ security_release_secctx(&lc);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
audit_log_end(audit_buf);
@@ -560,6 +558,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
audit_info);
if (audit_buf != NULL) {
+ struct lsm_context lc;
dev = dev_get_by_index(net, iface->ifindex);
netlbl_af6list_audit_addr(audit_buf, 1,
(dev != NULL ? dev->name : NULL),
@@ -568,9 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
dev_put(dev);
if (entry != NULL &&
security_secid_to_secctx(&entry->le,
- &secctx, &secctx_len) == 0) {
- audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ &lc.context, &lc.len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", lc.context);
+ security_release_secctx(&lc);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
audit_log_end(audit_buf);
@@ -1082,9 +1081,8 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
struct netlbl_unlhsh_walk_arg *cb_arg = arg;
struct net_device *dev;
void *data;
- char *secctx;
- u32 secctx_len;
struct lsm_export *lep;
+ struct lsm_context lc;
data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
cb_arg->seq, &netlbl_unlabel_gnl_family,
@@ -1139,14 +1137,14 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
lep = (struct lsm_export *)&addr6->le;
}
- ret_val = security_secid_to_secctx(lep, &secctx, &secctx_len);
+ ret_val = security_secid_to_secctx(lep, &lc.context, &lc.len);
if (ret_val != 0)
goto list_cb_failure;
ret_val = nla_put(cb_arg->skb,
NLBL_UNLABEL_A_SECCTX,
- secctx_len,
- secctx);
- security_release_secctx(secctx, secctx_len);
+ lc.len,
+ lc.context);
+ security_release_secctx(&lc);
if (ret_val != 0)
goto list_cb_failure;
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 2cc96305c841..0418f0935199 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -98,8 +98,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
- char *secctx;
- u32 secctx_len;
+ struct lsm_context lc;
if (audit_enabled == AUDIT_OFF)
return NULL;
@@ -113,10 +112,10 @@ struct audit_buffer *netlbl_audit_start_common(int type,
audit_info->sessionid);
if (lsm_export_any(&audit_info->le) &&
- security_secid_to_secctx(&audit_info->le, &secctx,
- &secctx_len) == 0) {
- audit_log_format(audit_buf, " subj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ security_secid_to_secctx(&audit_info->le, &lc.context,
+ &lc.len) == 0) {
+ audit_log_format(audit_buf, " subj=%s", lc.context);
+ security_release_secctx(&lc);
}
return audit_buf;
diff --git a/security/security.c b/security/security.c
index 149cceb5e366..fbfe20891a9f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1996,7 +1996,7 @@ int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
if (secdata)
*secdata = lc.context;
else
- security_release_secctx(lc.context, lc.len);
+ security_release_secctx(&lc);
*seclen = lc.len;
return rc;
}
@@ -2009,13 +2009,9 @@ int security_secctx_to_secid(struct lsm_context *cp, struct lsm_export *l)
}
EXPORT_SYMBOL(security_secctx_to_secid);
-void security_release_secctx(char *secdata, u32 seclen)
+void security_release_secctx(struct lsm_context *cp)
{
- struct lsm_context lc;
-
- lc.context = secdata;
- lc.len = seclen;
- call_one_void_hook(release_secctx, &lc);
+ call_one_void_hook(release_secctx, cp);
}
EXPORT_SYMBOL(security_release_secctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 52/59] LSM: Use lsm_context in inode_setsecctx hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert SELinux and Smack to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 5 ++---
security/security.c | 6 +++++-
security/selinux/hooks.c | 6 ++++--
security/smack/smack_lsm.c | 5 +++--
4 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1d364e211639..014791349bbd 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1390,8 +1390,7 @@
* Must be called with inode->i_mutex locked.
*
* @dentry contains the inode we wish to set the security context of.
- * @ctx contains the string which we wish to set in the inode.
- * @ctxlen contains the length of @ctx.
+ * @cp contains the string which we wish to set in the inode.
*
* @inode_getsecctx:
* On success, returns 0 and fills out @cp with the security
@@ -1669,7 +1668,7 @@ union security_list_options {
void (*inode_invalidate_secctx)(struct inode *inode);
int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
- int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
+ int (*inode_setsecctx)(struct dentry *dentry, struct lsm_context *cp);
int (*inode_getsecctx)(struct inode *inode, struct lsm_context *cp);
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/security/security.c b/security/security.c
index 8bb1be7f2b85..36a7034d1f91 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2023,7 +2023,11 @@ EXPORT_SYMBOL(security_inode_notifysecctx);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
{
- return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen);
+ struct lsm_context lc;
+
+ lc.context = ctx;
+ lc.len = ctxlen;
+ return call_int_hook(inode_setsecctx, 0, dentry, &lc);
}
EXPORT_SYMBOL(security_inode_setsecctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0e347a26c3d8..af0d98f4dd37 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6356,9 +6356,11 @@ static int selinux_inode_notifysecctx(struct inode *inode,
/*
* called with inode->i_mutex locked
*/
-static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+static int selinux_inode_setsecctx(struct dentry *dentry,
+ struct lsm_context *cp)
{
- return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
+ return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, cp->context,
+ cp->len, 0);
}
static int selinux_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index e00346799cdf..4570e8cac1b3 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4480,9 +4480,10 @@ static int smack_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
cp->len, 0);
}
-static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+static int smack_inode_setsecctx(struct dentry *dentry, struct lsm_context *cp)
{
- return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
+ return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, cp->context,
+ cp->len, 0);
}
static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
--
2.19.1
^ permalink raw reply related
* [PATCH 47/59] LSM: Use lsm_context in release_secctx hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert SELinux, Smack and AppAror to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 3 +--
security/apparmor/include/secid.h | 2 +-
security/apparmor/secid.c | 4 ++--
security/security.c | 7 +++++--
security/selinux/hooks.c | 4 ++--
security/smack/smack_lsm.c | 4 ++--
6 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index f60ec98596c8..11bfa0a4f188 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1332,7 +1332,6 @@
* @release_secctx:
* Release the security context.
* @secdata contains the security context.
- * @seclen contains the length of the security context.
*
* Security hooks for Audit
*
@@ -1671,7 +1670,7 @@ union security_list_options {
int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
int (*secctx_to_secid)(const struct lsm_context *cp,
struct lsm_export *l);
- void (*release_secctx)(char *secdata, u32 seclen);
+ void (*release_secctx)(struct lsm_context *cp);
void (*inode_invalidate_secctx)(struct inode *inode);
int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index acfcf99bff0e..a780e56d4f5b 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -29,7 +29,7 @@ struct aa_label *aa_secid_to_label(struct lsm_export *l);
int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp);
int apparmor_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l);
-void apparmor_release_secctx(char *secdata, u32 seclen);
+void apparmor_release_secctx(struct lsm_context *cp);
int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 35df38592b6e..46c8b9a67ac7 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -123,9 +123,9 @@ int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
return 0;
}
-void apparmor_release_secctx(char *secdata, u32 seclen)
+void apparmor_release_secctx(struct lsm_context *cp)
{
- kfree(secdata);
+ kfree(cp->context);
}
/**
diff --git a/security/security.c b/security/security.c
index f51ea4a134ae..149cceb5e366 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2004,7 +2004,6 @@ EXPORT_SYMBOL(security_secid_to_secctx);
int security_secctx_to_secid(struct lsm_context *cp, struct lsm_export *l)
{
-
lsm_export_init(l);
return call_one_int_hook(secctx_to_secid, 0, cp, l);
}
@@ -2012,7 +2011,11 @@ EXPORT_SYMBOL(security_secctx_to_secid);
void security_release_secctx(char *secdata, u32 seclen)
{
- call_one_void_hook(release_secctx, secdata, seclen);
+ struct lsm_context lc;
+
+ lc.context = secdata;
+ lc.len = seclen;
+ call_one_void_hook(release_secctx, &lc);
}
EXPORT_SYMBOL(security_release_secctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index fe09905d013c..332296f69f76 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6322,9 +6322,9 @@ static int selinux_secctx_to_secid(const struct lsm_context *cp,
return rc;
}
-static void selinux_release_secctx(char *secdata, u32 seclen)
+static void selinux_release_secctx(struct lsm_context *cp)
{
- kfree(secdata);
+ kfree(cp->context);
}
static void selinux_inode_invalidate_secctx(struct inode *inode)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3d24503029e5..cf27905ccaa5 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4468,9 +4468,9 @@ static int smack_secctx_to_secid(const struct lsm_context *cp,
}
/*
- * There smack_release_secctx hook does nothing
+ * The smack_release_secctx hook does nothing
*/
-static void smack_release_secctx(char *secdata, u32 seclen)
+static void smack_release_secctx(struct lsm_context *cp)
{
}
--
2.19.1
^ permalink raw reply related
* [PATCH 42/59] LSM: Use lsm_context in dentry_init_security hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert SELinux to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 7 +++----
security/security.c | 10 ++++++++--
security/selinux/hooks.c | 8 ++++----
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 3344d18ba9d0..f60ec98596c8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -166,8 +166,7 @@
* @dentry dentry to use in calculating the context.
* @mode mode used to determine resource type.
* @name name of the last path component used to create file
- * @ctx pointer to place the pointer to the resulting context in.
- * @ctxlen point to place the length of the resulting context.
+ * @cp pointer to place the pointer to the resulting context in.
* @dentry_create_files_as:
* Compute a context for a dentry as the inode is not yet available
* and set that context in passed in creds so that new files are
@@ -1500,8 +1499,8 @@ union security_list_options {
int (*sb_add_mnt_opt)(const char *option, const char *val, int len,
void **mnt_opts);
int (*dentry_init_security)(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen);
+ const struct qstr *name,
+ struct lsm_context *cp);
int (*dentry_create_files_as)(struct dentry *dentry, int mode,
struct qstr *name,
const struct cred *old,
diff --git a/security/security.c b/security/security.c
index ecaabc820d87..5e35adb43d65 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1032,8 +1032,14 @@ int security_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen)
{
- return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
- name, ctx, ctxlen);
+ struct lsm_context lc = { .context = NULL, .len = 0, };
+ int rc;
+
+ rc = call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
+ name, &lc);
+ *ctx = (void *)lc.context;
+ *ctxlen = lc.len;
+ return rc;
}
EXPORT_SYMBOL(security_dentry_init_security);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 633d62b97e90..fe09905d013c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2813,8 +2813,8 @@ static void selinux_inode_free_security(struct inode *inode)
}
static int selinux_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen)
+ const struct qstr *name,
+ struct lsm_context *cp)
{
u32 newsid;
int rc;
@@ -2826,8 +2826,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
if (rc)
return rc;
- return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
- ctxlen);
+ return security_sid_to_context(&selinux_state, newsid, &cp->context,
+ &cp->len);
}
static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
--
2.19.1
^ permalink raw reply related
* [PATCH 28/59] NET: Remove scaffolding on secmarks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Replace the lsm_export scaffolding in xt_SECMARK.c
This raises an issue, in that Smack users have been
using SECMARK_MODE_SEL, which is suppoed to be exclusively
for SELinux. This is worked around in the code, but not
fully addressed.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
net/netfilter/xt_SECMARK.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 2def8d8898e6..9a2a97c200a2 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -55,6 +55,7 @@ static int checkentry_lsm(struct xt_secmark_target_info *info)
info->secctx[SECMARK_SECCTX_MAX - 1] = '\0';
info->secid = 0;
+ lsm_export_init(&le);
err = security_secctx_to_secid(info->secctx, strlen(info->secctx), &le);
if (err) {
if (err == -EINVAL)
@@ -63,7 +64,12 @@ static int checkentry_lsm(struct xt_secmark_target_info *info)
return err;
}
- lsm_export_secid(&le, &info->secid);
+ /* Smack is cheating, using SECMARK_MODE_SEL */
+ if (le.selinux)
+ info->secid = le.selinux;
+ else
+ info->secid = le.smack;
+
if (!info->secid) {
pr_info_ratelimited("unable to map security context \'%s\'\n",
info->secctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 43/59] LSM: Use lsm_context in security_dentry_init_security
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert security_dentry_init_security to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/nfs/nfs4proc.c | 5 ++++-
include/linux/security.h | 7 +++----
security/security.c | 14 ++++----------
3 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 4dbb0ee23432..de000649f9f3 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -113,6 +113,7 @@ static inline struct nfs4_label *
nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
struct iattr *sattr, struct nfs4_label *label)
{
+ struct lsm_context lc; /* Scaffolding -Casey */
int err;
if (label == NULL)
@@ -122,7 +123,9 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
return NULL;
err = security_dentry_init_security(dentry, sattr->ia_mode,
- &dentry->d_name, (void **)&label->label, &label->len);
+ &dentry->d_name, &lc);
+ label->label = lc.context;
+ label->len = lc.len;
if (err == 0)
return label;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8dd21133ede8..ba9bcdbfaebe 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -304,8 +304,8 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
int security_add_mnt_opt(const char *option, const char *val,
int len, void **mnt_opts);
int security_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen);
+ const struct qstr *name,
+ struct lsm_context *cp);
int security_dentry_create_files_as(struct dentry *dentry, int mode,
struct qstr *name,
const struct cred *old,
@@ -676,8 +676,7 @@ static inline void security_inode_free(struct inode *inode)
static inline int security_dentry_init_security(struct dentry *dentry,
int mode,
const struct qstr *name,
- void **ctx,
- u32 *ctxlen)
+ struct lsm_context *cp)
{
return -EOPNOTSUPP;
}
diff --git a/security/security.c b/security/security.c
index 5e35adb43d65..7069ff857f58 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1029,17 +1029,11 @@ void security_inode_free(struct inode *inode)
}
int security_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen)
+ const struct qstr *name,
+ struct lsm_context *cp)
{
- struct lsm_context lc = { .context = NULL, .len = 0, };
- int rc;
-
- rc = call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
- name, &lc);
- *ctx = (void *)lc.context;
- *ctxlen = lc.len;
- return rc;
+ return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
+ name, cp);
}
EXPORT_SYMBOL(security_dentry_init_security);
--
2.19.1
^ permalink raw reply related
* [PATCH 45/59] LSM: Use lsm_context in security_inode_getsecctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert security_inode_getsecctx to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/kernfs/inode.c | 11 +++++------
fs/nfsd/nfs4xdr.c | 14 ++++++--------
include/linux/security.h | 5 +++--
security/security.c | 11 ++---------
4 files changed, 16 insertions(+), 25 deletions(-)
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 460e611b1938..41c5afc698fc 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -351,8 +351,7 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler,
{
struct kernfs_node *kn = inode->i_private;
struct kernfs_iattrs *attrs;
- void *secdata;
- u32 secdata_len = 0;
+ struct lsm_context lc = { .context = NULL, .len = 0, };
int error;
attrs = kernfs_iattrs(kn);
@@ -362,16 +361,16 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler,
error = security_inode_setsecurity(inode, suffix, value, size, flags);
if (error)
return error;
- error = security_inode_getsecctx(inode, &secdata, &secdata_len);
+ error = security_inode_getsecctx(inode, &lc);
if (error)
return error;
mutex_lock(&kernfs_mutex);
- error = kernfs_node_setsecdata(attrs, &secdata, &secdata_len);
+ error = kernfs_node_setsecdata(attrs, (void **)&lc.context, &lc.len);
mutex_unlock(&kernfs_mutex);
- if (secdata)
- security_release_secctx(secdata, secdata_len);
+ if (lc.context)
+ security_release_secctx(lc.context, lc.len);
return error;
}
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 3de42a729093..1bf34730d054 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2420,8 +2420,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
__be32 status;
int err;
struct nfs4_acl *acl = NULL;
- void *context = NULL;
- int contextlen;
+ struct lsm_context lc = { .context = NULL, .len = 0, };
bool contextsupport = false;
struct nfsd4_compoundres *resp = rqstp->rq_resp;
u32 minorversion = resp->cstate.minorversion;
@@ -2477,8 +2476,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) ||
bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
- err = security_inode_getsecctx(d_inode(dentry),
- &context, &contextlen);
+ err = security_inode_getsecctx(d_inode(dentry), &lc);
else
err = -EOPNOTSUPP;
contextsupport = (err == 0);
@@ -2907,8 +2905,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
}
if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
- status = nfsd4_encode_security_label(xdr, rqstp, context,
- contextlen);
+ status = nfsd4_encode_security_label(xdr, rqstp, lc.context,
+ lc.len);
if (status)
goto out;
}
@@ -2919,8 +2917,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
out:
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
- if (context)
- security_release_secctx(context, contextlen);
+ if (lc.context)
+ security_release_secctx(lc.context, lc.len);
#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
kfree(acl);
if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index 2abbaf72779e..b9f824952748 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -441,7 +441,7 @@ void security_release_secctx(char *secdata, u32 seclen);
void security_inode_invalidate_secctx(struct inode *inode);
int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp);
#else /* CONFIG_SECURITY */
static inline int call_lsm_notifier(enum lsm_event event, void *data)
@@ -1243,7 +1243,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32
{
return -EOPNOTSUPP;
}
-static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static inline int security_inode_getsecctx(struct inode *inode,
+ struct lsm_context *cp);
{
return -EOPNOTSUPP;
}
diff --git a/security/security.c b/security/security.c
index f5e332bfcdbe..b7e15cbd4021 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2038,16 +2038,9 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
}
EXPORT_SYMBOL(security_inode_setsecctx);
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
{
- struct lsm_context lc = { .context = NULL, .len = 0, };
- int rc;
-
- rc = call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, &lc);
-
- *ctx = (void *)lc.context;
- *ctxlen = lc.len;
- return rc;
+ return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, cp);
}
EXPORT_SYMBOL(security_inode_getsecctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 41/59] LSM: Use lsm_context in inode_notifysecctx hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert SELinux and Smack to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 5 ++---
security/security.c | 6 +++++-
security/selinux/hooks.c | 5 +++--
security/smack/smack_lsm.c | 5 +++--
4 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 34ed56be82b8..3344d18ba9d0 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1382,8 +1382,7 @@
* Must be called with inode->i_mutex locked.
*
* @inode we wish to set the security context of.
- * @ctx contains the string which we wish to set in the inode.
- * @ctxlen contains the length of @ctx.
+ * @cp contains the string which we wish to set in the inode.
*
* @inode_setsecctx:
* Change the security context of an inode. Updates the
@@ -1676,7 +1675,7 @@ union security_list_options {
void (*release_secctx)(char *secdata, u32 seclen);
void (*inode_invalidate_secctx)(struct inode *inode);
- int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
+ int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, struct lsm_context *cp);
diff --git a/security/security.c b/security/security.c
index 4625a9b00d1d..ecaabc820d87 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2028,7 +2028,11 @@ EXPORT_SYMBOL(security_inode_invalidate_secctx);
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
- return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
+ struct lsm_context lc;
+
+ lc.context = ctx;
+ lc.len = ctxlen;
+ return call_int_hook(inode_notifysecctx, 0, inode, &lc);
}
EXPORT_SYMBOL(security_inode_notifysecctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e881f42d3ff8..633d62b97e90 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6339,10 +6339,11 @@ static void selinux_inode_invalidate_secctx(struct inode *inode)
/*
* called with inode->i_mutex locked
*/
-static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+static int selinux_inode_notifysecctx(struct inode *inode,
+ struct lsm_context *cp)
{
int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
- ctx, ctxlen, 0);
+ cp->context, cp->len, 0);
/* Do not return error when suppressing label (SBLABEL_MNT not set). */
return rc == -EOPNOTSUPP ? 0 : rc;
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 46eead699e1d..3d24503029e5 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4474,9 +4474,10 @@ static void smack_release_secctx(char *secdata, u32 seclen)
{
}
-static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+static int smack_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
{
- return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
+ return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, cp->context,
+ cp->len, 0);
}
static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
--
2.19.1
^ permalink raw reply related
* [PATCH 36/59] LSM: Limit calls to certain module hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
LSM hooks dealing with security context strings should
only be called for one security module. Add call macros
that invoke a single module hook and us in for those cases.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/security.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/security/security.c b/security/security.c
index 015c38c882ba..7bf16c547010 100644
--- a/security/security.c
+++ b/security/security.c
@@ -713,6 +713,16 @@ int lsm_superblock_alloc(struct super_block *sb)
P->hook.FUNC(__VA_ARGS__); \
} while (0)
+#define call_one_void_hook(FUNC, ...) \
+ do { \
+ struct security_hook_list *P; \
+ \
+ hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
+ P->hook.FUNC(__VA_ARGS__); \
+ break; \
+ } \
+ } while (0)
+
#define call_int_hook(FUNC, IRC, ...) ({ \
int RC = IRC; \
do { \
@@ -727,6 +737,19 @@ int lsm_superblock_alloc(struct super_block *sb)
RC; \
})
+#define call_one_int_hook(FUNC, IRC, ...) ({ \
+ int RC = IRC; \
+ do { \
+ struct security_hook_list *P; \
+ \
+ hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
+ RC = P->hook.FUNC(__VA_ARGS__); \
+ break; \
+ } \
+ } while (0); \
+ RC; \
+})
+
/* Security operations */
int security_binder_set_context_mgr(struct task_struct *mgr)
@@ -1966,7 +1989,8 @@ EXPORT_SYMBOL(security_ismaclabel);
int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
{
- return call_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata, seclen);
+ return call_one_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata,
+ seclen);
}
EXPORT_SYMBOL(security_secid_to_secctx);
@@ -1974,13 +1998,13 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsm_export *l)
{
lsm_export_init(l);
- return call_int_hook(secctx_to_secid, 0, secdata, seclen, l);
+ return call_one_int_hook(secctx_to_secid, 0, secdata, seclen, l);
}
EXPORT_SYMBOL(security_secctx_to_secid);
void security_release_secctx(char *secdata, u32 seclen)
{
- call_void_hook(release_secctx, secdata, seclen);
+ call_one_void_hook(release_secctx, secdata, seclen);
}
EXPORT_SYMBOL(security_release_secctx);
@@ -2105,7 +2129,7 @@ EXPORT_SYMBOL(security_sock_rcv_skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
- return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
+ return call_one_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
optval, optlen, len);
}
--
2.19.1
^ permalink raw reply related
* [PATCH 20/59] LSM: Use lsm_export in security_task_getsecid
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_task_getsecid to use the lsm_export structure
instead of a u32 secid. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
drivers/android/binder.c | 4 +---
include/linux/security.h | 7 ++++---
kernel/audit.c | 4 ++--
kernel/auditfilter.c | 4 +---
kernel/auditsc.c | 18 +++++++++++-------
net/netlabel/netlabel_unlabeled.c | 4 +++-
net/netlabel/netlabel_user.h | 5 ++++-
security/integrity/ima/ima_appraise.c | 4 +++-
security/integrity/ima/ima_main.c | 16 ++++++++++++----
security/security.c | 8 +++-----
10 files changed, 44 insertions(+), 30 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 9119333f794b..0eeb5b75da5b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3119,11 +3119,9 @@ static void binder_transaction(struct binder_proc *proc,
t->priority = task_nice(current);
if (target_node && target_node->txn_security_ctx) {
- u32 secid;
struct lsm_export le;
- security_task_getsecid(proc->tsk, &secid);
- lsm_export_to_all(&le, secid);
+ security_task_getsecid(proc->tsk, &le);
ret = security_secid_to_secctx(&le, &secctx, &secctx_sz);
if (ret) {
return_error = BR_FAILED_REPLY;
diff --git a/include/linux/security.h b/include/linux/security.h
index 6ac48c7c4a41..ae4c058abc5e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -394,7 +394,7 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old,
int security_task_setpgid(struct task_struct *p, pid_t pgid);
int security_task_getpgid(struct task_struct *p);
int security_task_getsid(struct task_struct *p);
-void security_task_getsecid(struct task_struct *p, u32 *secid);
+void security_task_getsecid(struct task_struct *p, struct lsm_export *l);
int security_task_setnice(struct task_struct *p, int nice);
int security_task_setioprio(struct task_struct *p, int ioprio);
int security_task_getioprio(struct task_struct *p);
@@ -1023,9 +1023,10 @@ static inline int security_task_getsid(struct task_struct *p)
return 0;
}
-static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
+static inline void security_task_getsecid(struct task_struct *p,
+ struct lsm_export *l)
{
- *secid = 0;
+ lsm_export_init(l);
}
static inline int security_task_setnice(struct task_struct *p, int nice)
diff --git a/kernel/audit.c b/kernel/audit.c
index b5d96a0320fb..fa4c5544eb37 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2078,11 +2078,11 @@ int audit_log_task_context(struct audit_buffer *ab)
u32 sid;
struct lsm_export le;
- security_task_getsecid(current, &sid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &sid);
if (!sid)
return 0;
- lsm_export_to_all(&le, sid);
error = security_secid_to_secctx(&le, &ctx, &len);
if (error) {
if (error != -EINVAL)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 15771102919d..468dac2bdce5 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1323,7 +1323,6 @@ int audit_filter(int msgtype, unsigned int listtype)
for (i = 0; i < e->rule.field_count; i++) {
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
- u32 sid;
struct lsm_export le;
switch (f->type) {
@@ -1354,8 +1353,7 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR:
if (f->lsm_rule) {
- security_task_getsecid(current, &sid);
- lsm_export_to_all(&le, sid);
+ security_task_getsecid(current, &le);
result = security_audit_rule_match(&le,
f->type, f->op, f->lsm_rule);
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index eabbf78fee96..b06ffcf9bb9f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -444,7 +444,6 @@ static int audit_filter_rules(struct task_struct *tsk,
{
const struct cred *cred;
int i, need_sid = 1;
- u32 sid;
struct lsm_export le;
unsigned int sessionid;
@@ -628,10 +627,9 @@ static int audit_filter_rules(struct task_struct *tsk,
logged upon error */
if (f->lsm_rule) {
if (need_sid) {
- security_task_getsecid(tsk, &sid);
+ security_task_getsecid(tsk, &le);
need_sid = 0;
}
- lsm_export_to_all(&le, sid);
result = security_audit_rule_match(&le, f->type,
f->op,
f->lsm_rule);
@@ -2362,12 +2360,14 @@ int __audit_sockaddr(int len, void *a)
void __audit_ptrace(struct task_struct *t)
{
struct audit_context *context = audit_context();
+ struct lsm_export le;
context->target_pid = task_tgid_nr(t);
context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid(t, &context->target_sid);
+ security_task_getsecid(t, &le);
+ lsm_export_secid(&le, &context->target_sid);
memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
}
@@ -2384,6 +2384,7 @@ int audit_signal_info(int sig, struct task_struct *t)
struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context();
kuid_t uid = current_uid(), auid, t_uid = task_uid(t);
+ struct lsm_export le;
if (auditd_test_task(t) &&
(sig == SIGTERM || sig == SIGHUP ||
@@ -2394,7 +2395,8 @@ int audit_signal_info(int sig, struct task_struct *t)
audit_sig_uid = auid;
else
audit_sig_uid = uid;
- security_task_getsecid(current, &audit_sig_sid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &audit_sig_sid);
}
if (!audit_signals || audit_dummy_context())
@@ -2407,7 +2409,8 @@ int audit_signal_info(int sig, struct task_struct *t)
ctx->target_auid = audit_get_loginuid(t);
ctx->target_uid = t_uid;
ctx->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid(t, &ctx->target_sid);
+ security_task_getsecid(t, &le);
+ lsm_export_secid(&le, &ctx->target_sid);
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
return 0;
}
@@ -2428,7 +2431,8 @@ int audit_signal_info(int sig, struct task_struct *t)
axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
axp->target_uid[axp->pid_count] = t_uid;
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
- security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
+ security_task_getsecid(t, &le);
+ lsm_export_secid(&le, &axp->target_sid[axp->pid_count]);
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
axp->pid_count++;
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 00922f55dd9e..7f245d593c8f 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1554,11 +1554,13 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
+ struct lsm_export le;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_task_getsecid(current, &audit_info.secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &audit_info.secid);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 4a397cde1a48..2dbc4276bdcc 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -48,7 +48,10 @@
static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
struct netlbl_audit *audit_info)
{
- security_task_getsecid(current, &audit_info->secid);
+ struct lsm_export le;
+
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &audit_info->secid);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5fb7127bbe68..be714afc9fd2 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -51,11 +51,13 @@ bool is_ima_appraise_enabled(void)
int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
{
u32 secid;
+ struct lsm_export le;
if (!ima_appraise)
return 0;
- security_task_getsecid(current, &secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &secid);
return ima_match_policy(inode, current_cred(), secid, func, mask,
IMA_APPRAISE | IMA_HASH, NULL);
}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 357edd140c09..1e3cfaf0ee5c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -336,9 +336,11 @@ static int process_measurement(struct file *file, const struct cred *cred,
int ima_file_mmap(struct file *file, unsigned long prot)
{
u32 secid;
+ struct lsm_export le;
if (file && (prot & PROT_EXEC)) {
- security_task_getsecid(current, &secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &secid);
return process_measurement(file, current_cred(), secid, NULL,
0, MAY_EXEC, MMAP_CHECK);
}
@@ -363,8 +365,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
{
int ret;
u32 secid;
+ struct lsm_export le;
- security_task_getsecid(current, &secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &secid);
ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
MAY_EXEC, BPRM_CHECK);
if (ret)
@@ -388,8 +392,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
int ima_file_check(struct file *file, int mask)
{
u32 secid;
+ struct lsm_export le;
- security_task_getsecid(current, &secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &secid);
return process_measurement(file, current_cred(), secid, NULL, 0,
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
MAY_APPEND), FILE_CHECK);
@@ -500,6 +506,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
{
enum ima_hooks func;
u32 secid;
+ struct lsm_export le;
if (!file && read_id == READING_FIRMWARE) {
if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
@@ -521,7 +528,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
}
func = read_idmap[read_id] ?: FILE_CHECK;
- security_task_getsecid(current, &secid);
+ security_task_getsecid(current, &le);
+ lsm_export_secid(&le, &secid);
return process_measurement(file, current_cred(), secid, buf, size,
MAY_READ, func);
}
diff --git a/security/security.c b/security/security.c
index 6ba1187c9655..22ea709593f3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1690,12 +1690,10 @@ int security_task_getsid(struct task_struct *p)
return call_int_hook(task_getsid, 0, p);
}
-void security_task_getsecid(struct task_struct *p, u32 *secid)
+void security_task_getsecid(struct task_struct *p, struct lsm_export *l)
{
- struct lsm_export data = { .flags = LSM_EXPORT_NONE };
-
- call_void_hook(task_getsecid, p, &data);
- lsm_export_secid(&data, secid);
+ lsm_export_init(l);
+ call_void_hook(task_getsecid, p, l);
}
EXPORT_SYMBOL(security_task_getsecid);
--
2.19.1
^ permalink raw reply related
* [PATCH 15/59] LSM: Use lsm_export in security_kernel_act_as
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert security_kernel_act_as to use the lsm_export structure
instead of a u32 secid. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c | 10 ++++++----
security/security.c | 8 ++------
4 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/include/linux/cred.h b/include/linux/cred.h
index ddd45bb74887..023f422eefd6 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -22,6 +22,7 @@
struct cred;
struct inode;
+struct lsm_export;
/*
* COW Supplementary groups list
@@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *);
extern void revert_creds(const struct cred *);
extern struct cred *prepare_kernel_cred(struct task_struct *);
extern int change_create_files_as(struct cred *, struct inode *);
-extern int set_security_override(struct cred *, u32);
+extern int set_security_override(struct cred *, struct lsm_export *);
extern int set_security_override_from_ctx(struct cred *, const char *);
extern int set_create_files_as(struct cred *, struct inode *);
extern int cred_fscmp(const struct cred *, const struct cred *);
diff --git a/include/linux/security.h b/include/linux/security.h
index ea2c6c4e88db..7369cdc3a681 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -378,7 +378,7 @@ void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
void security_cred_getsecid(const struct cred *c, u32 *secid);
-int security_kernel_act_as(struct cred *new, u32 secid);
+int security_kernel_act_as(struct cred *new, struct lsm_export *l);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
int security_kernel_load_data(enum kernel_load_data_id id);
@@ -961,7 +961,8 @@ static inline void security_transfer_creds(struct cred *new,
{
}
-static inline int security_kernel_act_as(struct cred *cred, u32 secid)
+static inline int security_kernel_act_as(struct cred *cred,
+ struct lsm_export *l)
{
return 0;
}
diff --git a/kernel/cred.c b/kernel/cred.c
index 45d77284aed0..40a3fde22667 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -701,14 +701,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
/**
* set_security_override - Set the security ID in a set of credentials
* @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @l: The LSM security information to set
*
* Set the LSM security ID in a set of credentials so that the subjective
* security is overridden when an alternative set of credentials is used.
*/
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsm_export *l)
{
- return security_kernel_act_as(new, secid);
+ return security_kernel_act_as(new, l);
}
EXPORT_SYMBOL(set_security_override);
@@ -724,6 +724,7 @@ EXPORT_SYMBOL(set_security_override);
*/
int set_security_override_from_ctx(struct cred *new, const char *secctx)
{
+ struct lsm_export le;
u32 secid;
int ret;
@@ -731,7 +732,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
if (ret < 0)
return ret;
- return set_security_override(new, secid);
+ lsm_export_to_all(&le, secid);
+ return set_security_override(new, &le);
}
EXPORT_SYMBOL(set_security_override_from_ctx);
diff --git a/security/security.c b/security/security.c
index 1e819ecf26ff..edaaaef54239 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1615,13 +1615,9 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
}
EXPORT_SYMBOL(security_cred_getsecid);
-int security_kernel_act_as(struct cred *new, u32 secid)
+int security_kernel_act_as(struct cred *new, struct lsm_export *l)
{
- struct lsm_export data = { .flags = LSM_EXPORT_NONE };
-
- lsm_export_to_all(&data, secid);
-
- return call_int_hook(kernel_act_as, 0, new, &data);
+ return call_int_hook(kernel_act_as, 0, new, l);
}
int security_kernel_create_files_as(struct cred *new, struct inode *inode)
--
2.19.1
^ permalink raw reply related
* [PATCH 31/59] Netlabel: Replace secids with lsm_export
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert to lsm_export structures instead of u32 secids.
Clean out the associated scaffolding. This requires changes
to several internal interfaces, but no change in behavior.
Change the LOC tag type to pass an lsm_export instead of
a single u32. As this tag is only used locally there is
no change to externally exposed interfaces.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/net/netlabel.h | 10 ++---
net/ipv4/cipso_ipv4.c | 13 ++++---
net/netlabel/netlabel_kapi.c | 5 +--
net/netlabel/netlabel_unlabeled.c | 65 ++++++++++++-------------------
net/netlabel/netlabel_unlabeled.h | 2 +-
net/netlabel/netlabel_user.c | 7 ++--
net/netlabel/netlabel_user.h | 5 +--
security/selinux/netlabel.c | 2 +-
security/selinux/ss/services.c | 9 +++--
security/smack/smack_lsm.c | 5 ++-
security/smack/smackfs.c | 12 ++++--
11 files changed, 64 insertions(+), 71 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 72d6435fc16c..546c75f27d05 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -111,7 +111,7 @@ struct calipso_doi;
/* NetLabel audit information */
struct netlbl_audit {
- u32 secid;
+ struct lsm_export le;
kuid_t loginuid;
unsigned int sessionid;
};
@@ -180,7 +180,7 @@ struct netlbl_lsm_catmap {
* @attr.mls: MLS sensitivity label
* @attr.mls.cat: MLS category bitmap
* @attr.mls.lvl: MLS sensitivity level
- * @attr.secid: LSM specific secid token
+ * @attr.le: LSM specific data
*
* Description:
* This structure is used to pass security attributes between NetLabel and the
@@ -215,7 +215,7 @@ struct netlbl_lsm_secattr {
struct netlbl_lsm_catmap *cat;
u32 lvl;
} mls;
- u32 secid;
+ struct lsm_export le;
} attr;
};
@@ -429,7 +429,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
const void *addr,
const void *mask,
u16 family,
- u32 secid,
+ struct lsm_export *l,
struct netlbl_audit *audit_info);
int netlbl_cfg_unlbl_static_del(struct net *net,
const char *dev_name,
@@ -537,7 +537,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net,
const void *addr,
const void *mask,
u16 family,
- u32 secid,
+ struct lsm_export *l,
struct netlbl_audit *audit_info)
{
return -ENOSYS;
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index f0165c5f376b..1defea2488b3 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -122,13 +122,16 @@ int cipso_v4_rbm_strictvalid = 1;
*
* 0 8 16 24 32
* +----------+----------+----------+----------+
- * | 10000000 | 00000110 | 32-bit secid value |
+ * | 10000000 | 00000110 | SELinux secid |
* +----------+----------+----------+----------+
- * | in (host byte order)|
+ * | Smack secid | AppArmor secid |
+ * +----------+----------+----------+----------+
+ * | LSM export flags |
* +----------+----------+
*
+ * All secid and flag fields are in host byte order.
*/
-#define CIPSO_V4_TAG_LOC_BLEN 6
+#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsm_export))
/*
* Helper Functions
@@ -1481,7 +1484,7 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def,
buffer[0] = CIPSO_V4_TAG_LOCAL;
buffer[1] = CIPSO_V4_TAG_LOC_BLEN;
- *(u32 *)&buffer[2] = secattr->attr.secid;
+ memcpy(&buffer[2], &secattr->attr.le, sizeof(secattr->attr.le));
return CIPSO_V4_TAG_LOC_BLEN;
}
@@ -1501,7 +1504,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def,
const unsigned char *tag,
struct netlbl_lsm_secattr *secattr)
{
- secattr->attr.secid = *(u32 *)&tag[2];
+ memcpy(&secattr->attr.le, &tag[2], sizeof(secattr->attr.le));
secattr->flags |= NETLBL_SECATTR_SECID;
return 0;
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index ee3e5b6471a6..849064422e0b 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -224,7 +224,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
const void *addr,
const void *mask,
u16 family,
- u32 secid,
+ struct lsm_export *l,
struct netlbl_audit *audit_info)
{
u32 addr_len;
@@ -243,8 +243,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net,
}
return netlbl_unlhsh_add(net,
- dev_name, addr, mask, addr_len,
- secid, audit_info);
+ dev_name, addr, mask, addr_len, l, audit_info);
}
/**
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 7f245d593c8f..f79ab91bf25e 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -80,7 +80,7 @@ struct netlbl_unlhsh_tbl {
#define netlbl_unlhsh_addr4_entry(iter) \
container_of(iter, struct netlbl_unlhsh_addr4, list)
struct netlbl_unlhsh_addr4 {
- u32 secid;
+ struct lsm_export le;
struct netlbl_af4list list;
struct rcu_head rcu;
@@ -88,7 +88,7 @@ struct netlbl_unlhsh_addr4 {
#define netlbl_unlhsh_addr6_entry(iter) \
container_of(iter, struct netlbl_unlhsh_addr6, list)
struct netlbl_unlhsh_addr6 {
- u32 secid;
+ struct lsm_export le;
struct netlbl_af6list list;
struct rcu_head rcu;
@@ -244,7 +244,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
const struct in_addr *addr,
const struct in_addr *mask,
- u32 secid)
+ struct lsm_export *l)
{
int ret_val;
struct netlbl_unlhsh_addr4 *entry;
@@ -256,7 +256,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
entry->list.addr = addr->s_addr & mask->s_addr;
entry->list.mask = mask->s_addr;
entry->list.valid = 1;
- entry->secid = secid;
+ entry->le = *l;
spin_lock(&netlbl_unlhsh_lock);
ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list);
@@ -284,7 +284,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
const struct in6_addr *addr,
const struct in6_addr *mask,
- u32 secid)
+ struct lsm_export *l)
{
int ret_val;
struct netlbl_unlhsh_addr6 *entry;
@@ -300,7 +300,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
entry->list.mask = *mask;
entry->list.valid = 1;
- entry->secid = secid;
+ entry->le = *l;
spin_lock(&netlbl_unlhsh_lock);
ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list);
@@ -379,7 +379,7 @@ int netlbl_unlhsh_add(struct net *net,
const void *addr,
const void *mask,
u32 addr_len,
- u32 secid,
+ struct lsm_export *l,
struct netlbl_audit *audit_info)
{
int ret_val;
@@ -389,7 +389,6 @@ int netlbl_unlhsh_add(struct net *net,
struct audit_buffer *audit_buf = NULL;
char *secctx = NULL;
u32 secctx_len;
- struct lsm_export le;
if (addr_len != sizeof(struct in_addr) &&
addr_len != sizeof(struct in6_addr))
@@ -422,7 +421,7 @@ int netlbl_unlhsh_add(struct net *net,
const struct in_addr *addr4 = addr;
const struct in_addr *mask4 = mask;
- ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid);
+ ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, l);
if (audit_buf != NULL)
netlbl_af4list_audit_addr(audit_buf, 1,
dev_name,
@@ -435,7 +434,7 @@ int netlbl_unlhsh_add(struct net *net,
const struct in6_addr *addr6 = addr;
const struct in6_addr *mask6 = mask;
- ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid);
+ ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, l);
if (audit_buf != NULL)
netlbl_af6list_audit_addr(audit_buf, 1,
dev_name,
@@ -452,10 +451,7 @@ int netlbl_unlhsh_add(struct net *net,
unlhsh_add_return:
rcu_read_unlock();
if (audit_buf != NULL) {
- lsm_export_to_all(&le, secid);
- if (security_secid_to_secctx(&le,
- &secctx,
- &secctx_len) == 0) {
+ if (security_secid_to_secctx(l, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
security_release_secctx(secctx, secctx_len);
}
@@ -490,7 +486,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
struct net_device *dev;
char *secctx;
u32 secctx_len;
- struct lsm_export le;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
@@ -510,10 +505,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
addr->s_addr, mask->s_addr);
if (dev != NULL)
dev_put(dev);
- if (entry != NULL)
- lsm_export_to_all(&le, entry->secid);
if (entry != NULL &&
- security_secid_to_secctx(&le,
+ security_secid_to_secctx(&entry->le,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
security_release_secctx(secctx, secctx_len);
@@ -555,7 +548,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
struct net_device *dev;
char *secctx;
u32 secctx_len;
- struct lsm_export le;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
@@ -574,10 +566,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
addr, mask);
if (dev != NULL)
dev_put(dev);
- if (entry != NULL)
- lsm_export_to_all(&le, entry->secid);
if (entry != NULL &&
- security_secid_to_secctx(&le,
+ security_secid_to_secctx(&entry->le,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
security_release_secctx(secctx, secctx_len);
@@ -903,7 +893,6 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
void *addr;
void *mask;
u32 addr_len;
- u32 secid;
struct lsm_export le;
struct netlbl_audit audit_info;
@@ -932,9 +921,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
if (ret_val != 0)
return ret_val;
- lsm_export_secid(&le, &secid);
return netlbl_unlhsh_add(&init_net,
- dev_name, addr, mask, addr_len, secid,
+ dev_name, addr, mask, addr_len, &le,
&audit_info);
}
@@ -956,7 +944,6 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
void *addr;
void *mask;
u32 addr_len;
- u32 secid;
struct lsm_export le;
struct netlbl_audit audit_info;
@@ -983,10 +970,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
if (ret_val != 0)
return ret_val;
- lsm_export_secid(&le, &secid);
return netlbl_unlhsh_add(&init_net,
- NULL, addr, mask, addr_len, secid,
- &audit_info);
+ NULL, addr, mask, addr_len, &le, &audit_info);
}
/**
@@ -1097,10 +1082,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
struct netlbl_unlhsh_walk_arg *cb_arg = arg;
struct net_device *dev;
void *data;
- u32 secid;
char *secctx;
u32 secctx_len;
- struct lsm_export le;
+ struct lsm_export *lep;
data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
cb_arg->seq, &netlbl_unlabel_gnl_family,
@@ -1138,7 +1122,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
if (ret_val != 0)
goto list_cb_failure;
- secid = addr4->secid;
+ lep = (struct lsm_export *)&addr4->le;
} else {
ret_val = nla_put_in6_addr(cb_arg->skb,
NLBL_UNLABEL_A_IPV6ADDR,
@@ -1152,11 +1136,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
if (ret_val != 0)
goto list_cb_failure;
- secid = addr6->secid;
+ lep = (struct lsm_export *)&addr6->le;
}
- lsm_export_to_all(&le, secid);
- ret_val = security_secid_to_secctx(&le, &secctx, &secctx_len);
+ ret_val = security_secid_to_secctx(lep, &secctx, &secctx_len);
if (ret_val != 0)
goto list_cb_failure;
ret_val = nla_put(cb_arg->skb,
@@ -1501,26 +1484,30 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
case PF_INET: {
struct iphdr *hdr4;
struct netlbl_af4list *addr4;
+ struct lsm_export *lep;
hdr4 = ip_hdr(skb);
addr4 = netlbl_af4list_search(hdr4->saddr,
&iface->addr4_list);
if (addr4 == NULL)
goto unlabel_getattr_nolabel;
- secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid;
+ lep = &netlbl_unlhsh_addr4_entry(addr4)->le;
+ secattr->attr.le = *lep;
break;
}
#if IS_ENABLED(CONFIG_IPV6)
case PF_INET6: {
struct ipv6hdr *hdr6;
struct netlbl_af6list *addr6;
+ struct lsm_export *lep;
hdr6 = ipv6_hdr(skb);
addr6 = netlbl_af6list_search(&hdr6->saddr,
&iface->addr6_list);
if (addr6 == NULL)
goto unlabel_getattr_nolabel;
- secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid;
+ lep = &netlbl_unlhsh_addr6_entry(addr6)->le;
+ secattr->attr.le = *lep;
break;
}
#endif /* IPv6 */
@@ -1554,13 +1541,11 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
- struct lsm_export le;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_task_getsecid(current, &le);
- lsm_export_secid(&le, &audit_info.secid);
+ security_task_getsecid(current, &audit_info.le);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h
index 3a9e5dc9511b..0803f1e6e3c1 100644
--- a/net/netlabel/netlabel_unlabeled.h
+++ b/net/netlabel/netlabel_unlabeled.h
@@ -225,7 +225,7 @@ int netlbl_unlhsh_add(struct net *net,
const void *addr,
const void *mask,
u32 addr_len,
- u32 secid,
+ struct lsm_export *l,
struct netlbl_audit *audit_info);
int netlbl_unlhsh_remove(struct net *net,
const char *dev_name,
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 1079cdea872c..2cc96305c841 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -100,7 +100,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
struct audit_buffer *audit_buf;
char *secctx;
u32 secctx_len;
- struct lsm_export le;
if (audit_enabled == AUDIT_OFF)
return NULL;
@@ -113,9 +112,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
from_kuid(&init_user_ns, audit_info->loginuid),
audit_info->sessionid);
- lsm_export_to_all(&le, audit_info->secid);
- if (audit_info->secid != 0 &&
- security_secid_to_secctx(&le, &secctx, &secctx_len) == 0) {
+ if (lsm_export_any(&audit_info->le) &&
+ security_secid_to_secctx(&audit_info->le, &secctx,
+ &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
security_release_secctx(secctx, secctx_len);
}
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 2dbc4276bdcc..ee73711e0756 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -48,10 +48,7 @@
static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
struct netlbl_audit *audit_info)
{
- struct lsm_export le;
-
- security_task_getsecid(current, &le);
- lsm_export_secid(&le, &audit_info->secid);
+ security_task_getsecid(current, &audit_info->le);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index c40914a157b7..4bbd50237a8a 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -122,7 +122,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr(
return NULL;
if ((secattr->flags & NETLBL_SECATTR_SECID) &&
- (secattr->attr.secid == sid))
+ (secattr->attr.le.selinux == sid))
return secattr;
return NULL;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 626b877363fb..8a197b387056 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3596,8 +3596,9 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
if (secattr->flags & NETLBL_SECATTR_CACHE)
*sid = *(u32 *)secattr->cache->data;
- else if (secattr->flags & NETLBL_SECATTR_SECID)
- *sid = secattr->attr.secid;
+ else if (secattr->flags & NETLBL_SECATTR_SECID &&
+ (secattr->attr.le.flags & LSM_EXPORT_SELINUX))
+ *sid = secattr->attr.le.selinux;
else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
rc = -EIDRM;
ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
@@ -3670,7 +3671,9 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
if (secattr->domain == NULL)
goto out;
- secattr->attr.secid = sid;
+ lsm_export_init(&secattr->attr.le);
+ secattr->attr.le.flags = LSM_EXPORT_SELINUX;
+ secattr->attr.le.selinux = sid;
secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
mls_export_netlbl_lvl(policydb, ctx, secattr);
rc = mls_export_netlbl_cat(policydb, ctx, secattr);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ecd636e5c75c..38ea48d22547 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3756,11 +3756,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
return &smack_known_web;
return &smack_known_star;
}
- if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
+ if ((sap->flags & NETLBL_SECATTR_SECID) != 0 &&
+ (sap->attr.le.flags & LSM_EXPORT_SMACK))
/*
* Looks like a fallback, which gives us a secid.
*/
- return smack_from_secid(sap->attr.secid);
+ return smack_from_secid(sap->attr.le.smack);
/*
* Without guidance regarding the smack value
* for the packet fall back on the network
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index faf2ea3968b3..28c567465f6c 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -197,7 +197,8 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap)
nap->loginuid = audit_get_loginuid(current);
nap->sessionid = audit_get_sessionid(current);
- nap->secid = skp->smk_secid;
+ nap->le.flags = LSM_EXPORT_SMACK;
+ nap->le.smack = skp->smk_secid;
}
/*
@@ -1150,6 +1151,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new)
static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
+ struct lsm_export le;
struct smk_net4addr *snp;
struct sockaddr_in newname;
char *smack;
@@ -1281,10 +1283,14 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
* this host so that incoming packets get labeled.
* but only if we didn't get the special CIPSO option
*/
- if (rc == 0 && skp != NULL)
+ if (rc == 0 && skp != NULL) {
+ lsm_export_init(&le);
+ le.flags = LSM_EXPORT_SMACK;
+ le.smack = snp->smk_label->smk_secid;
rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
&snp->smk_host, &snp->smk_mask, PF_INET,
- snp->smk_label->smk_secid, &audit_info);
+ &le, &audit_info);
+ }
if (rc == 0)
rc = count;
--
2.19.1
^ permalink raw reply related
* [PATCH 44/59] LSM: Use lsm_context in security_inode_notifysecctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_inode_notifysecctx to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
fs/kernfs/inode.c | 6 ++++--
fs/nfs/inode.c | 6 ++++--
include/linux/security.h | 5 +++--
security/security.c | 8 ++------
4 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 0c1fd945ce42..460e611b1938 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -184,6 +184,7 @@ static inline void set_inode_attr(struct inode *inode, struct iattr *iattr)
static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
{
struct kernfs_iattrs *attrs = kn->iattr;
+ struct lsm_context lc; /* Scaffolding -Casey */
inode->i_mode = kn->mode;
if (attrs) {
@@ -192,8 +193,9 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
* persistent copy in kernfs_node.
*/
set_inode_attr(inode, &attrs->ia_iattr);
- security_inode_notifysecctx(inode, attrs->ia_secdata,
- attrs->ia_secdata_len);
+ lc.context = attrs->ia_secdata;
+ lc.len = attrs->ia_secdata_len;
+ security_inode_notifysecctx(inode, &lc);
}
if (kernfs_type(kn) == KERNFS_DIR)
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 414a90d48493..8d0be9767b14 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -340,14 +340,16 @@ static void nfs_clear_label_invalid(struct inode *inode)
void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,
struct nfs4_label *label)
{
+ struct lsm_context lc; /* Scaffolding -Casey */
int error;
if (label == NULL)
return;
if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) {
- error = security_inode_notifysecctx(inode, label->label,
- label->len);
+ lc.context = label->label;
+ lc.len = label->len;
+ error = security_inode_notifysecctx(inode, &lc);
if (error)
printk(KERN_ERR "%s() %s %d "
"security_inode_notifysecctx() %d\n",
diff --git a/include/linux/security.h b/include/linux/security.h
index ba9bcdbfaebe..2abbaf72779e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -439,7 +439,7 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
void security_release_secctx(char *secdata, u32 seclen);
void security_inode_invalidate_secctx(struct inode *inode);
-int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
+int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
#else /* CONFIG_SECURITY */
@@ -1234,7 +1234,8 @@ static inline void security_inode_invalidate_secctx(struct inode *inode)
{
}
-static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+static inline int security_inode_notifysecctx(struct inode *inode,
+ struct lsm_context *cp);
{
return -EOPNOTSUPP;
}
diff --git a/security/security.c b/security/security.c
index 7069ff857f58..f5e332bfcdbe 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2026,13 +2026,9 @@ void security_inode_invalidate_secctx(struct inode *inode)
}
EXPORT_SYMBOL(security_inode_invalidate_secctx);
-int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
{
- struct lsm_context lc;
-
- lc.context = ctx;
- lc.len = ctxlen;
- return call_int_hook(inode_notifysecctx, 0, inode, &lc);
+ return call_int_hook(inode_notifysecctx, 0, inode, cp);
}
EXPORT_SYMBOL(security_inode_notifysecctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 39/59] LSM: Use lsm_context in secctx_to_secid hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert SELinux, Smack and AppArmor to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 4 ++--
security/apparmor/include/secid.h | 2 +-
security/apparmor/secid.c | 7 +++----
security/security.c | 6 +++++-
security/selinux/hooks.c | 4 ++--
security/smack/smack_lsm.c | 4 ++--
6 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 566714aa0caf..8b842fd13fb4 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1327,8 +1327,8 @@
* context.
* @secctx_to_secid:
* Convert security context to exported lsm data.
+ * @cp contains the security context.
* @l contains the pointer to the generated security data.
- * @secdata contains the security context.
*
* @release_secctx:
* Release the security context.
@@ -1672,7 +1672,7 @@ union security_list_options {
int (*setprocattr)(const char *name, void *value, size_t size);
int (*ismaclabel)(const char *name);
int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
- int (*secctx_to_secid)(const char *secdata, u32 seclen,
+ int (*secctx_to_secid)(const struct lsm_context *cp,
struct lsm_export *l);
void (*release_secctx)(char *secdata, u32 seclen);
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index 964d3dc92635..acfcf99bff0e 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -27,7 +27,7 @@ struct aa_label;
struct aa_label *aa_secid_to_label(struct lsm_export *l);
int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp);
-int apparmor_secctx_to_secid(const char *secdata, u32 seclen,
+int apparmor_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l);
void apparmor_release_secctx(char *secdata, u32 seclen);
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 4e11434605d6..35df38592b6e 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -110,13 +110,12 @@ int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
return 0;
}
-int apparmor_secctx_to_secid(const char *secdata, u32 seclen,
- struct lsm_export *l)
+int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
{
struct aa_label *label;
- label = aa_label_strn_parse(&root_ns->unconfined->label, secdata,
- seclen, GFP_KERNEL, false, false);
+ label = aa_label_strn_parse(&root_ns->unconfined->label, cp->context,
+ cp->len, GFP_KERNEL, false, false);
if (IS_ERR(label))
return PTR_ERR(label);
aa_export_secid(l, label->secid);
diff --git a/security/security.c b/security/security.c
index 7cf8e268a45c..f3788840019a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2005,8 +2005,12 @@ EXPORT_SYMBOL(security_secid_to_secctx);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsm_export *l)
{
+ struct lsm_context lc;
+
+ lc.context = secdata;
+ lc.len = seclen;
lsm_export_init(l);
- return call_one_int_hook(secctx_to_secid, 0, secdata, seclen, l);
+ return call_one_int_hook(secctx_to_secid, 0, &lc, l);
}
EXPORT_SYMBOL(security_secctx_to_secid);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6a2a82dcd948..a2257ccaee5c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6310,13 +6310,13 @@ static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
&cp->context, &cp->len);
}
-static int selinux_secctx_to_secid(const char *secdata, u32 seclen,
+static int selinux_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l)
{
u32 secid;
int rc;
- rc = security_context_to_sid(&selinux_state, secdata, seclen,
+ rc = security_context_to_sid(&selinux_state, cp->context, cp->len,
&secid, GFP_KERNEL);
selinux_export_secid(l, secid);
return rc;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 10d6c6a1a001..78c01ef707eb 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4455,10 +4455,10 @@ static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
*
* Exists for audit and networking code.
*/
-static int smack_secctx_to_secid(const char *secdata, u32 seclen,
+static int smack_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l)
{
- struct smack_known *skp = smk_find_entry(secdata);
+ struct smack_known *skp = smk_find_entry(cp->context);
if (skp)
smack_export_secid(l, skp->smk_secid);
--
2.19.1
^ permalink raw reply related
* [PATCH 14/59] LSM: Use lsm_export in security_audit_rule_match
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_audit_rule_match to use the lsm_export structure
instead of a u32 secid. There is some scaffolding involved that
will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/security.h | 46 +++++++++++++++++++++++++--
kernel/auditfilter.c | 4 ++-
kernel/auditsc.c | 13 +++++---
security/integrity/ima/ima_policy.c | 7 +++--
security/security.c | 48 ++---------------------------
5 files changed, 63 insertions(+), 55 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index fb19f41d630b..ea2c6c4e88db 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -93,6 +93,45 @@ static inline void lsm_export_init(struct lsm_export *l)
memset(l, 0, sizeof(*l));
}
+/**
+ * lsm_export_secid - pull the useful secid out of a lsm_export
+ * @data: the containing data structure
+ * @secid: where to put the one that matters.
+ *
+ * Shim that will disappear when all lsm_export conversions are done.
+ */
+static inline void lsm_export_secid(struct lsm_export *data, u32 *secid)
+{
+ switch (data->flags) {
+ case LSM_EXPORT_NONE:
+ *secid = 0;
+ break;
+ case LSM_EXPORT_SELINUX:
+ *secid = data->selinux;
+ break;
+ case LSM_EXPORT_SMACK:
+ *secid = data->smack;
+ break;
+ case LSM_EXPORT_APPARMOR:
+ *secid = data->apparmor;
+ break;
+ default:
+ pr_warn("%s flags=0x%u - not a valid set\n", __func__,
+ data->flags);
+ *secid = 0;
+ break;
+ }
+}
+
+static inline void lsm_export_to_all(struct lsm_export *data, u32 secid)
+{
+ data->selinux = secid;
+ data->smack = secid;
+ data->apparmor = secid;
+ data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK |
+ LSM_EXPORT_APPARMOR;
+}
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
@@ -1712,7 +1751,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
+int security_audit_rule_match(struct lsm_export *l, u32 field, u32 op,
+ void *lsmrule);
void security_audit_rule_free(void *lsmrule);
#else
@@ -1728,8 +1768,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
return 0;
}
-static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
- void *lsmrule)
+static inline int security_audit_rule_match(struct lsm_export *l, u32 field,
+ u32 op, void *lsmrule)
{
return 0;
}
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 63f8b3f26fab..15771102919d 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1324,6 +1324,7 @@ int audit_filter(int msgtype, unsigned int listtype)
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
u32 sid;
+ struct lsm_export le;
switch (f->type) {
case AUDIT_PID:
@@ -1354,7 +1355,8 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_CLR:
if (f->lsm_rule) {
security_task_getsecid(current, &sid);
- result = security_audit_rule_match(sid,
+ lsm_export_to_all(&le, sid);
+ result = security_audit_rule_match(&le,
f->type, f->op, f->lsm_rule);
}
break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d1eab1d4a930..822ba35e4e64 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -445,6 +445,7 @@ static int audit_filter_rules(struct task_struct *tsk,
const struct cred *cred;
int i, need_sid = 1;
u32 sid;
+ struct lsm_export le;
unsigned int sessionid;
cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
@@ -630,7 +631,8 @@ static int audit_filter_rules(struct task_struct *tsk,
security_task_getsecid(tsk, &sid);
need_sid = 0;
}
- result = security_audit_rule_match(sid, f->type,
+ lsm_export_to_all(&le, sid);
+ result = security_audit_rule_match(&le, f->type,
f->op,
f->lsm_rule);
}
@@ -645,15 +647,17 @@ static int audit_filter_rules(struct task_struct *tsk,
if (f->lsm_rule) {
/* Find files that match */
if (name) {
+ lsm_export_to_all(&le, name->osid);
result = security_audit_rule_match(
- name->osid,
+ &le,
f->type,
f->op,
f->lsm_rule);
} else if (ctx) {
list_for_each_entry(n, &ctx->names_list, list) {
+ lsm_export_to_all(&le, n->osid);
if (security_audit_rule_match(
- n->osid,
+ &le,
f->type,
f->op,
f->lsm_rule)) {
@@ -665,7 +669,8 @@ static int audit_filter_rules(struct task_struct *tsk,
/* Find ipc objects that match */
if (!ctx || ctx->type != AUDIT_IPC)
break;
- if (security_audit_rule_match(ctx->ipc.osid,
+ lsm_export_to_all(&le, ctx->ipc.osid);
+ if (security_audit_rule_match(&le,
f->type, f->op,
f->lsm_rule))
++result;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index e0cc323f948f..090ef8ceb116 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -327,6 +327,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
for (i = 0; i < MAX_LSM_RULES; i++) {
int rc = 0;
u32 osid;
+ struct lsm_export le;
int retried = 0;
if (!rule->lsm[i].rule)
@@ -337,7 +338,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
case LSM_OBJ_ROLE:
case LSM_OBJ_TYPE:
security_inode_getsecid(inode, &osid);
- rc = security_filter_rule_match(osid,
+ lsm_export_to_all(&le, osid);
+ rc = security_filter_rule_match(&le,
rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rule);
@@ -345,7 +347,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
case LSM_SUBJ_USER:
case LSM_SUBJ_ROLE:
case LSM_SUBJ_TYPE:
- rc = security_filter_rule_match(secid,
+ lsm_export_to_all(&le, secid);
+ rc = security_filter_rule_match(&le,
rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rule);
diff --git a/security/security.c b/security/security.c
index 1645ebe06715..1e819ecf26ff 100644
--- a/security/security.c
+++ b/security/security.c
@@ -712,45 +712,6 @@ int lsm_superblock_alloc(struct super_block *sb)
RC; \
})
-/**
- * lsm_export_secid - pull the useful secid out of a lsm_export
- * @data: the containing data structure
- * @secid: where to put the one that matters.
- *
- * Shim that will disappear when all lsm_export conversions are done.
- */
-static inline void lsm_export_secid(struct lsm_export *data, u32 *secid)
-{
- switch (data->flags) {
- case LSM_EXPORT_NONE:
- *secid = 0;
- break;
- case LSM_EXPORT_SELINUX:
- *secid = data->selinux;
- break;
- case LSM_EXPORT_SMACK:
- *secid = data->smack;
- break;
- case LSM_EXPORT_APPARMOR:
- *secid = data->apparmor;
- break;
- default:
- pr_warn("%s flags=0x%u - not a valid set\n", __func__,
- data->flags);
- *secid = 0;
- break;
- }
-}
-
-static inline void lsm_export_to_all(struct lsm_export *data, u32 secid)
-{
- data->selinux = secid;
- data->smack = secid;
- data->apparmor = secid;
- data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK |
- LSM_EXPORT_APPARMOR;
-}
-
/* Security operations */
int security_binder_set_context_mgr(struct task_struct *mgr)
@@ -2482,14 +2443,11 @@ void security_audit_rule_free(void *lsmrule)
call_void_hook(audit_rule_free, lsmrule);
}
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
+int security_audit_rule_match(struct lsm_export *l, u32 field, u32 op,
+ void *lsmrule)
{
- int rc;
- struct lsm_export data = { .flags = LSM_EXPORT_NONE };
- rc = call_int_hook(audit_rule_match, 0, &data, field, op, lsmrule);
- lsm_export_secid(&data, &secid);
- return rc;
+ return call_int_hook(audit_rule_match, 0, l, field, op, lsmrule);
}
#endif /* CONFIG_AUDIT */
--
2.19.1
^ permalink raw reply related
* [PATCH 37/59] LSM: Create a data structure for a security context
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
A "security context" is the text representation of
the information used by LSMs. This provides a structure
so that the use can be made consistant.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/security.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 6c44aca19c65..8dd21133ede8 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -119,6 +119,17 @@ static inline bool lsm_export_equal(struct lsm_export *l, struct lsm_export *m)
extern struct lsm_export *lsm_export_skb(struct sk_buff *skb);
+/* Text representation of LSM specific security information - a "context" */
+struct lsm_context {
+ char *context;
+ u32 len;
+};
+
+static inline void lsm_context_init(struct lsm_context *cp)
+{
+ memset(cp, 0, sizeof(*cp));
+}
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
--
2.19.1
^ permalink raw reply related
* [PATCH 18/59] LSM: Use lsm_export in security_secid_to_secctx
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert security_secid_to_secctx to use the lsm_export structure
instead of a u32 secid. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
drivers/android/binder.c | 4 +++-
include/linux/security.h | 9 +++++++--
include/net/scm.h | 4 +---
kernel/audit.c | 9 +++++++--
kernel/auditsc.c | 13 +++++++++----
net/ipv4/ip_sockglue.c | 5 ++---
net/netfilter/nf_conntrack_netlink.c | 8 ++++++--
net/netfilter/nf_conntrack_standalone.c | 4 +++-
net/netfilter/nfnetlink_queue.c | 8 ++++++--
net/netlabel/netlabel_unlabeled.c | 18 ++++++++++++++----
net/netlabel/netlabel_user.c | 6 +++---
net/unix/af_unix.c | 9 ++++++---
security/security.c | 8 ++------
13 files changed, 69 insertions(+), 36 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 8685882da64c..9119333f794b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3120,9 +3120,11 @@ static void binder_transaction(struct binder_proc *proc,
if (target_node && target_node->txn_security_ctx) {
u32 secid;
+ struct lsm_export le;
security_task_getsecid(proc->tsk, &secid);
- ret = security_secid_to_secctx(secid, &secctx, &secctx_sz);
+ lsm_export_to_all(&le, secid);
+ ret = security_secid_to_secctx(&le, &secctx, &secctx_sz);
if (ret) {
return_error = BR_FAILED_REPLY;
return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index 991d2d2e290e..5cea6260bbd9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -115,6 +115,10 @@ static inline void lsm_export_secid(struct lsm_export *data, u32 *secid)
case LSM_EXPORT_APPARMOR:
*secid = data->apparmor;
break;
+ case LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK | LSM_EXPORT_APPARMOR:
+ /* For scaffolding only */
+ *secid = data->selinux;
+ break;
default:
pr_warn("%s flags=0x%u - not a valid set\n", __func__,
data->flags);
@@ -436,7 +440,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsm_export *l);
void security_release_secctx(char *secdata, u32 seclen);
@@ -1214,7 +1218,8 @@ static inline int security_ismaclabel(const char *name)
return 0;
}
-static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+static inline int security_secid_to_secctx(struct lsm_export *l,
+ char **secdata, u32 *seclen)
{
return -EOPNOTSUPP;
}
diff --git a/include/net/scm.h b/include/net/scm.h
index 13b8a369fd89..b5d1c24318e3 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -33,7 +33,6 @@ struct scm_cookie {
struct scm_fp_list *fp; /* Passed files */
struct scm_creds creds; /* Skb credentials */
#ifdef CONFIG_SECURITY_NETWORK
- u32 secid; /* Passed security ID */
struct lsm_export le; /* Passed LSM data */
#endif
};
@@ -48,7 +47,6 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
{
security_socket_getpeersec_dgram(sock, NULL, &scm->le);
- lsm_export_secid(&scm->le, &scm->secid);
}
#else
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
@@ -99,7 +97,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
int err;
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
- err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
+ err = security_secid_to_secctx(&scm->le, &secdata, &seclen);
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
diff --git a/kernel/audit.c b/kernel/audit.c
index c89ea48c70a6..b5d96a0320fb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1430,7 +1430,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
case AUDIT_SIGNAL_INFO:
len = 0;
if (audit_sig_sid) {
- err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
+ struct lsm_export le;
+
+ lsm_export_to_all(&le, audit_sig_sid);
+ err = security_secid_to_secctx(&le, &ctx, &len);
if (err)
return err;
}
@@ -2073,12 +2076,14 @@ int audit_log_task_context(struct audit_buffer *ab)
unsigned len;
int error;
u32 sid;
+ struct lsm_export le;
security_task_getsecid(current, &sid);
if (!sid)
return 0;
- error = security_secid_to_secctx(sid, &ctx, &len);
+ lsm_export_to_all(&le, sid);
+ error = security_secid_to_secctx(&le, &ctx, &len);
if (error) {
if (error != -EINVAL)
goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 822ba35e4e64..83aba0336eac 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -946,6 +946,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
char *ctx = NULL;
u32 len;
int rc = 0;
+ struct lsm_export le;
ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
if (!ab)
@@ -955,7 +956,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
if (sid) {
- if (security_secid_to_secctx(sid, &ctx, &len)) {
+ lsm_export_to_all(&le, sid);
+ if (security_secid_to_secctx(&le, &ctx, &len)) {
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
@@ -1197,7 +1199,9 @@ static void show_special(struct audit_context *context, int *call_panic)
if (osid) {
char *ctx = NULL;
u32 len;
- if (security_secid_to_secctx(osid, &ctx, &len)) {
+ struct lsm_export le;
+ lsm_export_to_all(&le, osid);
+ if (security_secid_to_secctx(&le, &ctx, &len)) {
audit_log_format(ab, " osid=%u", osid);
*call_panic = 1;
} else {
@@ -1348,9 +1352,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
if (n->osid != 0) {
char *ctx = NULL;
u32 len;
+ struct lsm_export le;
- if (security_secid_to_secctx(
- n->osid, &ctx, &len)) {
+ lsm_export_to_all(&le, n->osid);
+ if (security_secid_to_secctx(&le, &ctx, &len)) {
audit_log_format(ab, " osid=%u", n->osid);
if (call_panic)
*call_panic = 2;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index b8ef7677a7e5..a4f37ba6dbe2 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -132,15 +132,14 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
{
struct lsm_export le;
char *secdata;
- u32 seclen, secid;
+ u32 seclen;
int err;
err = security_socket_getpeersec_dgram(NULL, skb, &le);
if (err)
return;
- lsm_export_secid(&le, &secid);
- err = security_secid_to_secctx(secid, &secdata, &seclen);
+ err = security_secid_to_secctx(&le, &secdata, &seclen);
if (err)
return;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 66c596d287a5..b069277450c5 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -330,8 +330,10 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
struct nlattr *nest_secctx;
int len, ret;
char *secctx;
+ struct lsm_export le;
- ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
+ lsm_export_to_all(&le, ct->secmark);
+ ret = security_secid_to_secctx(&le, &secctx, &len);
if (ret)
return 0;
@@ -615,8 +617,10 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
{
#ifdef CONFIG_NF_CONNTRACK_SECMARK
int len, ret;
+ struct lsm_export le;
- ret = security_secid_to_secctx(ct->secmark, NULL, &len);
+ lsm_export_to_all(&le, ct->secmark);
+ ret = security_secid_to_secctx(&le, NULL, &len);
if (ret)
return 0;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index c2ae14c720b4..12318026d8d4 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -175,8 +175,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
int ret;
u32 len;
char *secctx;
+ struct lsm_export le;
- ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
+ lsm_export_to_all(&le, ct->secmark);
+ ret = security_secid_to_secctx(&le, &secctx, &len);
if (ret)
return;
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 0dcc3592d053..4c74c383e26b 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -309,13 +309,17 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
{
u32 seclen = 0;
#if IS_ENABLED(CONFIG_NETWORK_SECMARK)
+ struct lsm_export le;
+
if (!skb || !sk_fullsock(skb->sk))
return 0;
read_lock_bh(&skb->sk->sk_callback_lock);
- if (skb->secmark)
- security_secid_to_secctx(skb->secmark, secdata, &seclen);
+ if (skb->secmark) {
+ lsm_export_to_all(&le, skb->secmark);
+ security_secid_to_secctx(&le, secdata, &seclen);
+ }
read_unlock_bh(&skb->sk->sk_callback_lock);
#endif
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index fc38934ccb35..00922f55dd9e 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -389,6 +389,7 @@ int netlbl_unlhsh_add(struct net *net,
struct audit_buffer *audit_buf = NULL;
char *secctx = NULL;
u32 secctx_len;
+ struct lsm_export le;
if (addr_len != sizeof(struct in_addr) &&
addr_len != sizeof(struct in6_addr))
@@ -451,7 +452,8 @@ int netlbl_unlhsh_add(struct net *net,
unlhsh_add_return:
rcu_read_unlock();
if (audit_buf != NULL) {
- if (security_secid_to_secctx(secid,
+ lsm_export_to_all(&le, secid);
+ if (security_secid_to_secctx(&le,
&secctx,
&secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
@@ -488,6 +490,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
struct net_device *dev;
char *secctx;
u32 secctx_len;
+ struct lsm_export le;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
@@ -507,8 +510,10 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
addr->s_addr, mask->s_addr);
if (dev != NULL)
dev_put(dev);
+ if (entry != NULL)
+ lsm_export_to_all(&le, entry->secid);
if (entry != NULL &&
- security_secid_to_secctx(entry->secid,
+ security_secid_to_secctx(&le,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
security_release_secctx(secctx, secctx_len);
@@ -550,6 +555,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
struct net_device *dev;
char *secctx;
u32 secctx_len;
+ struct lsm_export le;
spin_lock(&netlbl_unlhsh_lock);
list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
@@ -568,8 +574,10 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
addr, mask);
if (dev != NULL)
dev_put(dev);
+ if (entry != NULL)
+ lsm_export_to_all(&le, entry->secid);
if (entry != NULL &&
- security_secid_to_secctx(entry->secid,
+ security_secid_to_secctx(&le,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
security_release_secctx(secctx, secctx_len);
@@ -1092,6 +1100,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
u32 secid;
char *secctx;
u32 secctx_len;
+ struct lsm_export le;
data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
cb_arg->seq, &netlbl_unlabel_gnl_family,
@@ -1146,7 +1155,8 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
secid = addr6->secid;
}
- ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len);
+ lsm_export_to_all(&le, secid);
+ ret_val = security_secid_to_secctx(&le, &secctx, &secctx_len);
if (ret_val != 0)
goto list_cb_failure;
ret_val = nla_put(cb_arg->skb,
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 4676f5bb16ae..1079cdea872c 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -100,6 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
struct audit_buffer *audit_buf;
char *secctx;
u32 secctx_len;
+ struct lsm_export le;
if (audit_enabled == AUDIT_OFF)
return NULL;
@@ -112,10 +113,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
from_kuid(&init_user_ns, audit_info->loginuid),
audit_info->sessionid);
+ lsm_export_to_all(&le, audit_info->secid);
if (audit_info->secid != 0 &&
- security_secid_to_secctx(audit_info->secid,
- &secctx,
- &secctx_len) == 0) {
+ security_secid_to_secctx(&le, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
security_release_secctx(secctx, secctx_len);
}
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index ddb838a1b74c..4d4107927ba2 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -143,17 +143,20 @@ static struct hlist_head *unix_sockets_unbound(void *addr)
#ifdef CONFIG_SECURITY_NETWORK
static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- UNIXCB(skb).secid = scm->secid;
+ lsm_export_secid(&scm->le, &(UNIXCB(skb).secid));
}
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- scm->secid = UNIXCB(skb).secid;
+ lsm_export_to_all(&scm->le, UNIXCB(skb).secid);
}
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
{
- return (scm->secid == UNIXCB(skb).secid);
+ u32 best_secid;
+
+ lsm_export_secid(&scm->le, &best_secid);
+ return (best_secid == UNIXCB(skb).secid);
}
#else
static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
diff --git a/security/security.c b/security/security.c
index 868e9ae6b48c..b6a096be95ac 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1957,13 +1957,9 @@ int security_ismaclabel(const char *name)
}
EXPORT_SYMBOL(security_ismaclabel);
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
{
- struct lsm_export data;
-
- lsm_export_to_all(&data, secid);
- return call_int_hook(secid_to_secctx, -EOPNOTSUPP, &data, secdata,
- seclen);
+ return call_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata, seclen);
}
EXPORT_SYMBOL(security_secid_to_secctx);
--
2.19.1
^ permalink raw reply related
* [PATCH 40/59] LSM: Use lsm_context in inode_getsecctx hooks
From: Casey Schaufler @ 2019-04-09 21:39 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Convert SELinux and Smack to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 7 +++----
security/security.c | 9 ++++++++-
security/selinux/hooks.c | 6 +++---
security/smack/smack_lsm.c | 6 +++---
4 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 8b842fd13fb4..34ed56be82b8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1401,12 +1401,11 @@
* @ctxlen contains the length of @ctx.
*
* @inode_getsecctx:
- * On success, returns 0 and fills out @ctx and @ctxlen with the security
+ * On success, returns 0 and fills out @cp with the security
* context for the given @inode.
*
* @inode we wish to get the security context of.
- * @ctx is a pointer in which to place the allocated security context.
- * @ctxlen points to the place to put the length of @ctx.
+ * @cp is a pointer in which to place the allocated security context.
*
* Security hooks for using the eBPF maps and programs functionalities through
* eBPF syscalls.
@@ -1679,7 +1678,7 @@ union security_list_options {
void (*inode_invalidate_secctx)(struct inode *inode);
int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
- int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+ int (*inode_getsecctx)(struct inode *inode, struct lsm_context *cp);
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
diff --git a/security/security.c b/security/security.c
index f3788840019a..4625a9b00d1d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2040,7 +2040,14 @@ EXPORT_SYMBOL(security_inode_setsecctx);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
- return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
+ struct lsm_context lc = { .context = NULL, .len = 0, };
+ int rc;
+
+ rc = call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, &lc);
+
+ *ctx = (void *)lc.context;
+ *ctxlen = lc.len;
+ return rc;
}
EXPORT_SYMBOL(security_inode_getsecctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a2257ccaee5c..e881f42d3ff8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6355,14 +6355,14 @@ static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
}
-static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static int selinux_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
{
int len = 0;
len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
- ctx, true);
+ (void **)&cp->context, true);
if (len < 0)
return len;
- *ctxlen = len;
+ cp->len = len;
return 0;
}
#ifdef CONFIG_KEYS
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 78c01ef707eb..46eead699e1d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4484,12 +4484,12 @@ static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
}
-static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
{
struct smack_known *skp = smk_of_inode(inode);
- *ctx = skp->smk_known;
- *ctxlen = strlen(skp->smk_known);
+ cp->context = skp->smk_known;
+ cp->len = strlen(skp->smk_known);
return 0;
}
--
2.19.1
^ permalink raw reply related
* [PATCH 04/59] LSM: Create an lsm_export data structure.
From: Casey Schaufler @ 2019-04-09 21:38 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/security.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 49f2685324b0..81f9f79f9a1e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -76,6 +76,18 @@ enum lsm_event {
LSM_POLICY_CHANGE,
};
+/* Data exported by the security modules */
+struct lsm_export {
+ u32 selinux;
+ u32 smack;
+ u32 apparmor;
+ u32 flags;
+};
+#define LSM_EXPORT_NONE 0x00
+#define LSM_EXPORT_SELINUX 0x01
+#define LSM_EXPORT_SMACK 0x02
+#define LSM_EXPORT_APPARMOR 0x04
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
--
2.19.1
^ permalink raw reply related
* [PATCH 11/59] LSM: Fix logical operation in lsm_export checks
From: Casey Schaufler @ 2019-04-09 21:38 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux; +Cc: casey
In-Reply-To: <20190409213946.1667-1-casey@schaufler-ca.com>
Fix the logic in Smack and SELinux when checking to
see if the secid is included.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/selinux/include/objsec.h | 2 +-
security/smack/smack_lsm.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index d7efc5f23c1e..59a3b1cd5ba9 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -61,7 +61,7 @@ static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
{
- if (l->flags | LSM_EXPORT_SELINUX)
+ if (l->flags & LSM_EXPORT_SELINUX)
*secid = l->selinux;
else
*secid = SECSID_NULL;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0e048c1456ed..a3776501965d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -477,7 +477,7 @@ static inline void smack_export_secid(struct lsm_export *l, u32 secid)
static inline void smack_import_secid(struct lsm_export *l, u32 *secid)
{
- if (l->flags | LSM_EXPORT_SMACK)
+ if (l->flags & LSM_EXPORT_SMACK)
*secid = l->smack;
else
*secid = 0;
--
2.19.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox