All of lore.kernel.org
 help / color / mirror / Atom feed
From: sargun@sargun.me (Sargun Dhillon)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v7 1/6] security: Move LSM registration arguments to struct lsm_info
Date: Tue, 1 May 2018 12:35:58 -0700	[thread overview]
Message-ID: <CAMp4zn9CfZ=nkC0iV-MHu6PjdSfmfkE7P8g=5yGv7gYPztQxkg@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5jJ7FTTvJ0SgFF9kshWaiqbpx4ESmD1_S3-wiUYL6+4ufw@mail.gmail.com>

On Tue, May 1, 2018 at 12:19 PM, Kees Cook <keescook@chromium.org> wrote:
> On Wed, Apr 25, 2018 at 1:58 AM, Sargun Dhillon <sargun@sargun.me> wrote:
>> Previously, when LSMs registered, they independently passed their name
>> and hook count. This had two implications:
>>
>> 1) Is required us to clone the name, so we could present it in
>>    security FS. This required memory allocation at start time.
>> 2) Every time we wanted to tie more information back from
>>    the security hooks, to the LSM, we would have to add
>>    duplicated fields in struct security_hook_list.
>>
>> It also introduces a new file -- security/security.h, which is meant
>> to be private headers to be shared only between pieces of security
>> "infrastructure".
>>
>> Signed-off-by: Sargun Dhillon <sargun@sargun.me>
>> ---
>>  include/linux/lsm_hooks.h  | 44 ++++++++++-------------
>>  security/apparmor/lsm.c    |  6 ++--
>>  security/commoncap.c       |  8 +++--
>>  security/inode.c           | 56 +++++++++++++++++++++++++----
>>  security/loadpin/loadpin.c |  4 ++-
>>  security/security.c        | 89 +++++++++++++++++++++++-----------------------
>>  security/security.h        | 10 ++++++
>>  security/selinux/hooks.c   |  6 ++--
>>  security/smack/smack_lsm.c |  3 +-
>>  security/tomoyo/tomoyo.c   |  4 ++-
>>  security/yama/yama_lsm.c   |  4 ++-
>>  11 files changed, 147 insertions(+), 87 deletions(-)
>>  create mode 100644 security/security.h
>>
>> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
>> index 9d0b286f3dba..65f346cb6639 100644
>> --- a/include/linux/lsm_hooks.h
>> +++ b/include/linux/lsm_hooks.h
>> @@ -2004,11 +2004,20 @@ struct security_hook_heads {
>>   * Security module hook list structure.
>>   * For use with generic list macros for common operations.
>>   */
>> +struct security_hook_list;
>> +struct lsm_info {
>> +       struct hlist_node               list;
>> +       const char                      *name;
>> +       const unsigned int              count;
>> +       struct security_hook_list       *hooks;
>> +} __randomize_layout;
>> +
>>  struct security_hook_list {
>>         struct hlist_node               list;
>>         struct hlist_head               *head;
>>         union security_list_options     hook;
>> -       char                            *lsm;
>> +       /* This field is not currently in use */
>> +       struct lsm_info                 *info;
>
> const?
>
>>  } __randomize_layout;
>>
>>  /*
>> @@ -2020,33 +2029,18 @@ struct security_hook_list {
>>  #define LSM_HOOK_INIT(HEAD, HOOK) \
>>         { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }
>>
>> -extern struct security_hook_heads security_hook_heads;
>> -extern char *lsm_names;
>> +#define LSM_MODULE_INIT(NAME, HOOKS)           \
>> +       {                                       \
>> +               .name   = NAME,                 \
>> +               .hooks  = HOOKS,                \
>> +               .count  = ARRAY_SIZE(HOOKS),    \
>> +       }
>
> Instead of leaving this so every LSM has to do all the declarations, how about:
>
> #define LSM_MODULE(NAME) \
>     static const struct lsm_info NAME ## _info = { \
>         .name = #NAME, \
>         .hooks = NAME ## _hooks, \
>         .count = ARRAY_SIZE(NAME ## _hooks), \
>     }
>
>> +static struct lsm_info apparmor_info =
>> +       LSM_MODULE_INIT("apparmor", apparmor_hooks);
>
> This becomes just:
>
> LSM_MODULE(apparmor);
>
>> +static struct lsm_info capability_info =
>> +       LSM_MODULE_INIT("capability", capability_hooks);
>
> LSM_MODULE(capability);
I thought about this, but I think that the implicit aspect of
statically defining "X_hooks" in the same file is kind of confusing.

>
> etc...
>
> -Kees
>
> --
> Kees Cook
> Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2018-05-01 19:35 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-25  8:58 [PATCH v7 0/6] Safe LSM (un)loading, and immutable hooks Sargun Dhillon
2018-04-25  8:58 ` [PATCH v7 1/6] security: Move LSM registration arguments to struct lsm_info Sargun Dhillon
2018-05-01 18:34   ` James Morris
2018-05-01 19:19   ` Kees Cook
2018-05-01 19:35     ` Sargun Dhillon [this message]
2018-04-25  8:59 ` [PATCH v7 2/6] security: Make security_hook_heads private Sargun Dhillon
2018-04-25  8:59 ` [PATCH v7 3/6] security: Introduce mutable (RW) hooks Sargun Dhillon
2018-04-25  8:59 ` [PATCH v7 4/6] security: Expose security_add_hooks externally and add error handling Sargun Dhillon
2018-04-25  8:59 ` [PATCH v7 5/6] security: Panic on forced unloading of security module Sargun Dhillon
2018-04-25  8:59 ` [PATCH v7 6/6] security: Add SECURITY_UNREGISTRABLE_HOOKS to allow for hook removal Sargun Dhillon
2018-04-26  7:15 ` [PATCH v7 0/6] Safe LSM (un)loading, and immutable hooks Tetsuo Handa
2018-04-26  7:41   ` Sargun Dhillon
2018-04-26 12:07     ` Tetsuo Handa
2018-04-26 16:40       ` Sargun Dhillon
2018-04-26 17:29         ` Sargun Dhillon
2018-04-27 13:25           ` Tetsuo Handa
2018-04-27 20:21             ` Sargun Dhillon
2018-04-27 20:45               ` Casey Schaufler
2018-04-29 11:49                 ` Tetsuo Handa
2018-04-29 21:23                   ` Casey Schaufler
2018-04-30 16:11                     ` Sargun Dhillon
2018-04-30 16:46                       ` Casey Schaufler
2018-04-30 18:25                         ` Sargun Dhillon
2018-04-30 19:37                           ` Casey Schaufler
     [not found]                           ` <f4f44e71-8df2-e5e6-d213-cf97eda6cb4a@digikod.net>
2018-05-01 20:42                             ` James Morris
2018-04-30 21:16                       ` James Morris
2018-04-30 21:29                         ` Sargun Dhillon
2018-05-01 18:49                           ` James Morris
2018-05-01 19:02                       ` James Morris
2018-04-27 20:32 ` Sargun Dhillon
2018-04-27 20:59   ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMp4zn9CfZ=nkC0iV-MHu6PjdSfmfkE7P8g=5yGv7gYPztQxkg@mail.gmail.com' \
    --to=sargun@sargun.me \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.