From: Casey Schaufler <casey@schaufler-ca.com>
To: Roberto Sassu <roberto.sassu@polito.it>
Cc: linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
dhowells@redhat.com, jmorris@namei.org, zohar@linux.vnet.ibm.com,
safford@watson.ibm.com, tyhicks@linux.vnet.ibm.com,
kirkland@canonical.com, ecryptfs-devel@lists.launchpad.net,
eparis@redhat.com, sds@tycho.nsa.gov, selinux@tycho.nsa.gov,
viro@zeniv.linux.org.uk, Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [RFC][PATCH 6/7] security: new LSM hook security_file_getsecid()
Date: Wed, 27 Apr 2011 16:50:58 -0700 [thread overview]
Message-ID: <4DB8ABE2.5080704@schaufler-ca.com> (raw)
In-Reply-To: <1303907657-18366-7-git-send-email-roberto.sassu@polito.it>
On 4/27/2011 5:34 AM, Roberto Sassu wrote:
> The new LSM hook security_file_getsecid() and its implementation in the
> capability module, SELinux and SMACK allows to obtain the security
> identifier associated to a file descriptor.
Why do you want a secid? You have the security information from
the file structure readily available.
What use to you intend to put this to?
> Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
> ---
> include/linux/security.h | 12 ++++++++++++
> security/capability.c | 6 ++++++
> security/security.c | 6 ++++++
> security/selinux/hooks.c | 7 +++++++
> security/smack/smack_lsm.c | 11 +++++++++++
> 5 files changed, 42 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index ca02f17..6e73a1a 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -630,6 +630,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * to receive an open file descriptor via socket IPC.
> * @file contains the file structure being received.
> * Return 0 if permission is granted.
> + * @file_getsecid:
> + * Get the secid associated with the file descriptor.
> + * @file contains a pointer to the file descriptor.
> + * @secid contains a pointer to the location where result will be saved.
> + * In case of failure, @secid will be set to zero.
> *
> * Security hook for dentry
> *
> @@ -1492,6 +1497,7 @@ struct security_operations {
> int (*file_send_sigiotask) (struct task_struct *tsk,
> struct fown_struct *fown, int sig);
> int (*file_receive) (struct file *file);
> + void (*file_getsecid)(const struct file *file, u32 *secid);
> int (*dentry_open) (struct file *file, const struct cred *cred);
>
> int (*task_create) (unsigned long clone_flags);
> @@ -1751,6 +1757,7 @@ int security_file_set_fowner(struct file *file);
> int security_file_send_sigiotask(struct task_struct *tsk,
> struct fown_struct *fown, int sig);
> int security_file_receive(struct file *file);
> +void security_file_getsecid(const struct file *file, u32 *secid);
> int security_dentry_open(struct file *file, const struct cred *cred);
> int security_task_create(unsigned long clone_flags);
> int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
> @@ -2251,6 +2258,11 @@ static inline int security_file_receive(struct file *file)
> return 0;
> }
>
> +static inline void security_file_getsecid(const struct file *file, u32 *secid)
> +{
> + *secid = 0;
> +}
> +
> static inline int security_dentry_open(struct file *file,
> const struct cred *cred)
> {
> diff --git a/security/capability.c b/security/capability.c
> index 2984ea4..fcb569d 100644
> --- a/security/capability.c
> +++ b/security/capability.c
> @@ -349,6 +349,11 @@ static int cap_file_receive(struct file *file)
> return 0;
> }
>
> +static void cap_file_getsecid(const struct file *file, u32 *secid)
> +{
> + *secid = 0;
> +}
> +
> static int cap_dentry_open(struct file *file, const struct cred *cred)
> {
> return 0;
> @@ -953,6 +958,7 @@ void __init security_fixup_ops(struct security_operations *ops)
> set_to_cap_if_null(ops, file_set_fowner);
> set_to_cap_if_null(ops, file_send_sigiotask);
> set_to_cap_if_null(ops, file_receive);
> + set_to_cap_if_null(ops, file_getsecid);
> set_to_cap_if_null(ops, dentry_open);
> set_to_cap_if_null(ops, task_create);
> set_to_cap_if_null(ops, cred_alloc_blank);
> diff --git a/security/security.c b/security/security.c
> index 1011423..9973dab 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -688,6 +688,12 @@ int security_file_receive(struct file *file)
> return security_ops->file_receive(file);
> }
>
> +void security_file_getsecid(const struct file *file, u32 *secid)
> +{
> + security_ops->file_getsecid(file, secid);
> +}
> +EXPORT_SYMBOL(security_file_getsecid);
> +
> int security_dentry_open(struct file *file, const struct cred *cred)
> {
> int ret;
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 6772687..e1e787c 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -3179,6 +3179,12 @@ static int selinux_file_receive(struct file *file)
> return file_has_perm(cred, file, file_to_av(file));
> }
>
> +static void selinux_file_getsecid(const struct file *file, u32 *secid)
> +{
> + struct file_security_struct *fsec = file->f_security;
> + *secid = fsec->sid;
> +}
> +
> static int selinux_dentry_open(struct file *file, const struct cred *cred)
> {
> struct file_security_struct *fsec;
> @@ -5498,6 +5504,7 @@ static struct security_operations selinux_ops = {
> .file_set_fowner = selinux_file_set_fowner,
> .file_send_sigiotask = selinux_file_send_sigiotask,
> .file_receive = selinux_file_receive,
> + .file_getsecid = selinux_file_getsecid,
>
> .dentry_open = selinux_dentry_open,
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 6612ba1..a583736 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1304,6 +1304,16 @@ static int smack_file_receive(struct file *file)
> return smk_curacc(file->f_security, may, &ad);
> }
>
> +/**
> + * smack_file_getsecid - Extract file descriptor's security id
> + * @file: file descriptor to extract the info from
> + * @secid: where result will be saved
> + */
> +static void smack_file_getsecid(const struct file *file, u32 *secid)
> +{
> + *secid = smack_to_secid(file->f_security);
> +}
> +
> /*
> * Task hooks
> */
> @@ -3434,6 +3444,7 @@ struct security_operations smack_ops = {
> .file_set_fowner = smack_file_set_fowner,
> .file_send_sigiotask = smack_file_send_sigiotask,
> .file_receive = smack_file_receive,
> + .file_getsecid = smack_file_getsecid,
>
> .cred_alloc_blank = smack_cred_alloc_blank,
> .cred_free = smack_cred_free,
next prev parent reply other threads:[~2011-04-27 23:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-27 12:34 [RFC][PATCH 0/7] File descriptor labeling Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 1/7] fs: initialize file->f_cred with credentials provided Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 2/7] selinux: label new file descriptors using file->f_cred Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 3/7] smack: assign the label set in file->f_cred to new file descriptors Roberto Sassu
2011-04-27 23:26 ` Casey Schaufler
2011-04-28 8:06 ` Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 4/7] smack: fix label check in smack_kernel_act_as() Roberto Sassu
2011-04-27 23:22 ` Casey Schaufler
2011-04-28 9:22 ` Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 5/7] smack: import the security label in smack_secctx_to_secid() Roberto Sassu
2011-04-27 23:47 ` Casey Schaufler
2011-04-27 12:34 ` [RFC][PATCH 6/7] security: new LSM hook security_file_getsecid() Roberto Sassu
2011-04-27 23:50 ` Casey Schaufler [this message]
2011-04-28 9:41 ` Roberto Sassu
2011-04-27 12:34 ` [RFC][PATCH 7/7] ima: added new LSM conditions in the policy Roberto Sassu
2011-04-28 13:32 ` Mimi Zohar
2011-04-28 13:52 ` Roberto Sassu
2011-04-27 15:52 ` [RFC][PATCH 0/7] File descriptor labeling Casey Schaufler
2011-04-27 20:19 ` Casey Schaufler
2011-04-27 23:27 ` Tyler Hicks
2011-04-27 23:57 ` Casey Schaufler
2011-04-28 0:06 ` Tyler Hicks
2011-04-28 12:35 ` Roberto Sassu
2011-04-28 17:37 ` Casey Schaufler
2011-04-28 17:56 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DB8ABE2.5080704@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=ecryptfs-devel@lists.launchpad.net \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=kirkland@canonical.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@polito.it \
--cc=safford@watson.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=tyhicks@linux.vnet.ibm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox