From mboxrd@z Thu Jan 1 00:00:00 1970 From: mortonm@chromium.org (Micah Morton) Date: Tue, 28 Aug 2018 14:32:17 -0700 Subject: [PATCH] SELinux: allow other LSMs to use custom mount args Message-ID: <20180828213217.67080-1-mortonm@chromium.org> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org The security_sb_copy_data LSM hook allows LSMs to copy custom string name/value args passed to mount_fs() into a temporary buffer (called "secdata") that will be accessible to LSM code during the security_sb_kern_mount hook further down in mount_fs(). Currently, SELinux effectively prevents any other LSMs from copying custom mount args into the temporary buffer (and being able to access them during security_sb_kern_mount), as it will fail with -EINVAL and print "SELinux: unknown mount option" to the kernel message buffer if args it doesn't recognize are present in the temporary buffer when selinux_sb_kern_mount is called. This change adds an arg to the list of those accepted by SELinux during security_sb_kern_mount. SELinux won't do anything with this arg besides allow the name/value pair to be passed along to any other LSM that is stacked after SELinux. Developed on v4.18. Signed-off-by: Micah Morton --- security/selinux/hooks.c | 7 ++++++- security/selinux/include/security.h | 11 ++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2b5ee5fbd652..e70ccc701eb8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -445,6 +445,7 @@ enum { Opt_rootcontext = 4, Opt_labelsupport = 5, Opt_nextmntopt = 6, + Opt_lsm_custom_arg = 7, }; #define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1) @@ -455,6 +456,7 @@ static const match_table_t tokens = { {Opt_defcontext, DEFCONTEXT_STR "%s"}, {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, {Opt_labelsupport, LABELSUPP_STR}, + {Opt_lsm_custom_arg, LSM_CUSTOM_ARG_STR "%s"}, {Opt_error, NULL}, }; @@ -1156,6 +1158,8 @@ static int selinux_parse_opts_str(char *options, break; case Opt_labelsupport: break; + case Opt_lsm_custom_arg: + break; default: rc = -EINVAL; printk(KERN_WARNING "SELinux: unknown mount option\n"); @@ -2758,7 +2762,8 @@ static inline int selinux_option(char *option, int len) match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) || - match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len)); + match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len) || + match_prefix(LSM_CUSTOM_ARG_STR, sizeof(LSM_CUSTOM_ARG_STR)-1, option, len)); } static inline void take_option(char **to, char *from, int *first, int len) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 23e762d529fa..0ead836a0625 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -59,11 +59,12 @@ #define SE_SBPROC 0x0200 #define SE_SBGENFS 0x0400 -#define CONTEXT_STR "context=" -#define FSCONTEXT_STR "fscontext=" -#define ROOTCONTEXT_STR "rootcontext=" -#define DEFCONTEXT_STR "defcontext=" -#define LABELSUPP_STR "seclabel" +#define CONTEXT_STR "context=" +#define FSCONTEXT_STR "fscontext=" +#define ROOTCONTEXT_STR "rootcontext=" +#define DEFCONTEXT_STR "defcontext=" +#define LABELSUPP_STR "seclabel" +#define LSM_CUSTOM_ARG_STR "lsm_custom_arg=" struct netlbl_lsm_secattr; -- 2.19.0.rc0.228.g281dcd1b4d0-goog