From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH v14 05/23] net: Prepare UDS for security module stacking
Date: Thu, 23 Jan 2020 16:22:48 -0800 [thread overview]
Message-ID: <20200124002306.3552-6-casey@schaufler-ca.com> (raw)
In-Reply-To: <20200124002306.3552-1-casey@schaufler-ca.com>
Change the data used in UDS SO_PEERSEC processing from a
secid to a more general struct lsmblob. Update the
security_socket_getpeersec_dgram() interface to use the
lsmblob. There is a small amount of scaffolding code
that will come out when the security_secid_to_secctx()
code is brought in line with the lsmblob.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: netdev@vger.kernel.org
---
include/linux/security.h | 7 +++++--
include/net/af_unix.h | 2 +-
include/net/scm.h | 8 +++++---
net/ipv4/ip_sockglue.c | 8 +++++---
net/unix/af_unix.c | 6 +++---
security/security.c | 18 +++++++++++++++---
6 files changed, 34 insertions(+), 15 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 4f01878ca5d8..e53ff7eebcc5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1356,7 +1356,8 @@ int security_socket_shutdown(struct socket *sock, int how);
int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
+int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+ struct lsmblob *blob);
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
@@ -1494,7 +1495,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
return -ENOPROTOOPT;
}
-static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+static inline int security_socket_getpeersec_dgram(struct socket *sock,
+ struct sk_buff *skb,
+ struct lsmblob *blob)
{
return -ENOPROTOOPT;
}
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 3426d6dacc45..933492c08b8c 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -36,7 +36,7 @@ struct unix_skb_parms {
kgid_t gid;
struct scm_fp_list *fp; /* Passed files */
#ifdef CONFIG_SECURITY_NETWORK
- u32 secid; /* Security ID */
+ struct lsmblob lsmblob; /* Security LSM data */
#endif
u32 consumed;
} __randomize_layout;
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..e2e71c4bf9d0 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -33,7 +33,7 @@ struct scm_cookie {
struct scm_fp_list *fp; /* Passed files */
struct scm_creds creds; /* Skb credentials */
#ifdef CONFIG_SECURITY_NETWORK
- u32 secid; /* Passed security ID */
+ struct lsmblob lsmblob; /* Passed LSM data */
#endif
};
@@ -46,7 +46,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
#ifdef CONFIG_SECURITY_NETWORK
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
{
- security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
+ security_socket_getpeersec_dgram(sock, NULL, &scm->lsmblob);
}
#else
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
@@ -97,7 +97,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
int err;
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
- err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
+ /* Scaffolding - it has to be element 0 for now */
+ err = security_secid_to_secctx(scm->lsmblob.secid[0],
+ &secdata, &seclen);
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index aa3fd61818c4..6cf57d5ac899 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,15 +130,17 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
{
+ struct lsmblob lb;
char *secdata;
- u32 seclen, secid;
+ u32 seclen;
int err;
- err = security_socket_getpeersec_dgram(NULL, skb, &secid);
+ err = security_socket_getpeersec_dgram(NULL, skb, &lb);
if (err)
return;
- err = security_secid_to_secctx(secid, &secdata, &seclen);
+ /* Scaffolding - it has to be element 0 */
+ err = security_secid_to_secctx(lb.secid[0], &secdata, &seclen);
if (err)
return;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 774babbee045..f0b1d741ab6c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -138,17 +138,17 @@ static struct hlist_head *unix_sockets_unbound(void *addr)
#ifdef CONFIG_SECURITY_NETWORK
static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- UNIXCB(skb).secid = scm->secid;
+ UNIXCB(skb).lsmblob = scm->lsmblob;
}
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- scm->secid = UNIXCB(skb).secid;
+ scm->lsmblob = UNIXCB(skb).lsmblob;
}
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
{
- return (scm->secid == UNIXCB(skb).secid);
+ return lsmblob_equal(&scm->lsmblob, &(UNIXCB(skb).lsmblob));
}
#else
static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
diff --git a/security/security.c b/security/security.c
index f53805de4343..b7404bfc8938 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2108,10 +2108,22 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
optval, optlen, len);
}
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+ struct lsmblob *blob)
{
- return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
- skb, secid);
+ struct security_hook_list *hp;
+ int rc = -ENOPROTOOPT;
+
+ hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram,
+ list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ rc = hp->hook.socket_getpeersec_dgram(sock, skb,
+ &blob->secid[hp->lsmid->slot]);
+ if (rc != 0)
+ break;
+ }
+ return rc;
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
--
2.24.1
next prev parent reply other threads:[~2020-01-24 0:23 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200124002306.3552-1-casey.ref@schaufler-ca.com>
2020-01-24 0:22 ` [PATCH v14 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-01-24 14:21 ` Stephen Smalley
2020-01-24 0:22 ` [PATCH v14 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 04/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2020-01-24 0:22 ` Casey Schaufler [this message]
2020-01-24 0:22 ` [PATCH v14 06/23] Use lsmblob in security_secctx_to_secid Casey Schaufler
2020-01-24 14:29 ` Stephen Smalley
2020-01-24 0:22 ` [PATCH v14 07/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 08/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 09/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 10/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 11/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 12/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 13/23] LSM: Specify which LSM to display Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 14/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 15/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-01-24 0:22 ` [PATCH v14 16/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2020-01-24 0:23 ` [PATCH v14 17/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2020-01-24 0:23 ` [PATCH v14 18/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2020-01-24 14:36 ` Stephen Smalley
2020-01-24 0:23 ` [PATCH v14 19/23] LSM: Verify LSM display sanity in binder Casey Schaufler
2020-01-24 0:23 ` [PATCH v14 20/23] Audit: Add subj_LSM fields when necessary Casey Schaufler
2020-01-24 0:23 ` [PATCH v14 21/23] Audit: Include object data for all security modules Casey Schaufler
2020-01-24 0:23 ` [PATCH v14 22/23] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2020-01-24 14:42 ` Stephen Smalley
2020-01-24 16:20 ` Stephen Smalley
2020-01-24 19:28 ` Casey Schaufler
2020-01-24 20:16 ` Stephen Smalley
2020-01-27 20:05 ` Simon McVittie
2020-02-03 20:54 ` John Johansen
2020-01-27 22:49 ` Casey Schaufler
2020-01-31 22:10 ` Casey Schaufler
2020-02-03 18:54 ` Stephen Smalley
2020-02-03 19:37 ` Stephen Smalley
2020-02-03 21:39 ` Casey Schaufler
2020-02-04 13:37 ` Stephen Smalley
2020-02-04 17:14 ` Casey Schaufler
2020-02-10 11:56 ` Simon McVittie
2020-02-10 13:25 ` Stephen Smalley
2020-02-10 14:55 ` Stephen Smalley
2020-02-10 18:32 ` Casey Schaufler
2020-02-10 19:00 ` John Johansen
2020-02-11 15:59 ` Stephen Smalley
2020-02-11 17:58 ` John Johansen
2020-02-11 18:35 ` Casey Schaufler
2020-02-11 19:11 ` John Johansen
2020-02-10 18:56 ` John Johansen
2020-02-03 21:02 ` John Johansen
2020-02-03 21:43 ` Casey Schaufler
2020-02-03 22:49 ` John Johansen
2020-02-03 20:59 ` John Johansen
2020-01-24 0:23 ` [PATCH v14 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2020-01-24 15:05 ` [PATCH v14 00/23] LSM: Module stacking for AppArmor Stephen Smalley
2020-01-24 21:04 ` Stephen Smalley
2020-01-24 21:49 ` Casey Schaufler
2020-01-27 16:14 ` Stephen Smalley
2020-01-27 16:56 ` KASAN slab-out-of-bounds in tun_chr_open/sock_init_data (Was: Re: [PATCH v14 00/23] LSM: Module stacking for AppArmor) Stephen Smalley
2020-01-27 17:34 ` Casey Schaufler
2020-01-27 17:16 ` [PATCH v14 00/23] LSM: Module stacking for AppArmor Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200124002306.3552-6-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).