From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 241ECC04AB6 for ; Fri, 31 May 2019 23:11:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E1D7926FE4 for ; Fri, 31 May 2019 23:11:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="JOPES5/c" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726593AbfEaXLy (ORCPT ); Fri, 31 May 2019 19:11:54 -0400 Received: from sonic310-31.consmr.mail.ne1.yahoo.com ([66.163.186.212]:40168 "EHLO sonic310-31.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726535AbfEaXLy (ORCPT ); Fri, 31 May 2019 19:11:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1559344311; bh=ZCT9uElDRTx+ICdatyCuPDJ03LmAmILNxQZ9h703pNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=JOPES5/c1QlBL0nCYFzoTRMINS4UvJ5EjFVjJ1BOq+YbKkayziZAGAWEpR4CCbQW4Sycgr3zz4QCT9v0mPX/vL85HeWaCOOa+dD/66V3q9+LdZ6BUs6oCEs0mRsy1Zux9ScDHPcYtr2uTg90gc8SxO+bve3nZkkpaGT3hnsqUBF0aeiF/XTh/+izrxU8CcCahoh7BWRvkpRp7feZtvpnhXje4b7Pe0LTx6W6x0c32Bh+w49U2rgk9e6oHIvaghi5YXLowivzEf7yZkAtLoVtPFiYWTCcEM0H4rUom5Ki6n+KTjYoaqRqa0FoRa5TMG1dbELM3vuLdbRL+AdLtg4mng== X-YMail-OSG: kezj4aIVM1n4.FuLZT5AWGpATIrnYsSSjElA5qKk8YFUfSO3B0At2_o1QZgVgTX feQ12f_M8BbubzoXT4iVv6tRBHg.cprLm.R86Xn_4C5zldGByvyNwkp4Z8uxzcwUPOgt9ga70Adh 9zNuCVb.jSyaQNDlyq5WFPb7SumIkiSMQJD1IodPx5U_QPjyV9Vtrx3hbMGihirfYq8teU3uxHbb bgwbdAekxVQ0cGbRYKHHU6rWzMr3lKkV.s2BMlVsvqJFcmILU9oA4hjCHesEJWZa1cLQ5_9f_CE3 Gyh6d1ucACIRnRsI_wC8GtX_id7Jv7bPHQpd5J7B_NE.gdvzm3_aClRdfaXVkg1zSJCaKwMDRKrS hnlpBzo0FgMZCZDjaGAK05ttppZ4bZujSfCgqOYPI6rE.FQnJufx8qYJepYK0.k1nf_8kVVXYcf1 X7Qnyq_z.BXtNqH0PAVtZeHL2zsSCywZGpjDYBy38sjkLWklQpsmxlE3RsFcHE91l.bI0uhfwD3a blbYEgnFRpwZQQ4q9T43bERXizaoGlLzshlVgXDA6g_rXh1ThKIStWOy_eTTMLuzT63UwUj_kA6W iSNKgkEAAHcleTRJvw3.rrk76DXaN4puhkOEntoJynUitCP1IgA8I8mELDFca8L02ws3LQ2ecdo_ lRWwueCHt1w33vLeskYiPmLpKtCQtB6gPzb1xZsM3UPo49i8esGhVyA2W96ENl2q.g5thELvS3TD gL7GcDSWi_By8ToIKv8USuM7A4H2miclrashFs_sBwqFtiu2AjGpddZxw79GjMt_ekMu1bsoJFn7 co2PRIs_aImJFuD3zPXDAecxxXiNAEU8W.iDiZ1wwOhwZUcmZUWDU1wx.zJ8mls0PKXsbneBQlaF UleVzXMiccTkHCM96EirOKCEQEeZHoF57y0vrBlc1mfOnW0ePU7OutVO_rpVMptylmlU985FEtz5 Kwj7GclAGda1U40YZADSOj5Y.f2aWFPcuLCliyRMnSER9_nUHa5W6LB6EE5uzMeG0I0paU4OE8SX F99Q17pwpxm7ObY5DdbI9Ms1kiy3WK_sLDMm.3CyLsELDZs7RZjYUo.Fe3fmTEVGTtuErBH6LqGQ V_e6STTTVAHbcNuCZRvDQpxD8aHoO9hNOVeDQfXYJaFrEb8GF5ztburNao_A7xVq186IAY1NNp16 4PTVLtkaS78KUlbfc_r4bJci_2mTNc_Yo27W5rEpdQ3RkwTl.RcZHrEjarXmrdIwzOgEXk2TZoVn cKh2fTmXRZMnb4SzdwULR7mUgXmcdE0dF1pBHrgmfVUnOr512e2ShbsxMVg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 31 May 2019 23:11:51 +0000 Received: from c-73-223-4-185.hsd1.ca.comcast.net (EHLO localhost.localdomain) ([73.223.4.185]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID ab3fd190e6a3abf4e978ef414dbc5f7b; Fri, 31 May 2019 23:11:50 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH 10/58] LSM: Use lsm_export in the audit_rule_match hooks Date: Fri, 31 May 2019 16:09:32 -0700 Message-Id: <20190531231020.628-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20190531231020.628-1-casey@schaufler-ca.com> References: <20190531231020.628-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Convert the audit_rule_match hooks to use the lsm_export structure instead of a u32 secid. There is quite a bit of scaffolding involved that will be removed when security_audit_rule_match() is updated. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 +++-- security/apparmor/audit.c | 4 ++-- security/apparmor/include/audit.h | 2 +- security/apparmor/include/secid.h | 2 +- security/apparmor/secid.c | 17 +++++++++++++++-- security/security.c | 7 ++++++- security/selinux/hooks.c | 17 ----------------- security/selinux/include/audit.h | 5 +++-- security/selinux/include/objsec.h | 17 +++++++++++++++++ security/selinux/ss/services.c | 6 +++++- security/smack/smack_lsm.c | 7 +++++-- 11 files changed, 58 insertions(+), 31 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index bcc628cffe6a..01296e4ce474 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1354,7 +1354,7 @@ * @audit_rule_match: * Determine if given @secid matches a rule previously approved * by @audit_rule_known. - * @secid contains the security id in question. + * @l points to the security data in question. * @field contains the field which relates to current LSM. * @op contains the operator that will be used for matching. * @lrule points to the audit rule that will be checked against. @@ -1778,7 +1778,8 @@ union security_list_options { int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule); int (*audit_rule_known)(struct audit_krule *krule); - int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule); + int (*audit_rule_match)(struct lsm_export *l, u32 field, u32 op, + void *lsmrule); void (*audit_rule_free)(void *lsmrule); #endif /* CONFIG_AUDIT */ diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 5a8b9cded4f2..bea59bfad332 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -225,13 +225,13 @@ int aa_audit_rule_known(struct audit_krule *rule) return 0; } -int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) +int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule) { struct aa_audit_rule *rule = vrule; struct aa_label *label; int found = 0; - label = aa_secid_to_label(sid); + label = aa_secid_to_label(l); if (!label) return -ENOENT; diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index ee559bc2acb8..372ba4fada9c 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -192,6 +192,6 @@ static inline int complain_error(int error) void aa_audit_rule_free(void *vrule); int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); int aa_audit_rule_known(struct audit_krule *rule); -int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); +int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule); #endif /* __AA_AUDIT_H */ diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index fa2062711b63..c283c620efe3 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -25,7 +25,7 @@ struct aa_label; /* secid value that matches any other secid */ #define AA_SECID_WILDCARD 1 -struct aa_label *aa_secid_to_label(u32 secid); +struct aa_label *aa_secid_to_label(struct lsm_export *l); int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void apparmor_release_secctx(char *secdata, u32 seclen); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index 05373d9a3d6a..1546c45a2a18 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -61,9 +61,12 @@ void aa_secid_update(u32 secid, struct aa_label *label) * * see label for inverse aa_label_to_secid */ -struct aa_label *aa_secid_to_label(u32 secid) +struct aa_label *aa_secid_to_label(struct lsm_export *l) { struct aa_label *label; + u32 secid; + + secid = (l->flags & LSM_EXPORT_APPARMOR) ? l->apparmor : 0; rcu_read_lock(); label = idr_find(&aa_secids, secid); @@ -72,12 +75,22 @@ struct aa_label *aa_secid_to_label(u32 secid) return label; } +static inline void aa_import_secid(struct lsm_export *l, u32 secid) +{ + l->flags = LSM_EXPORT_APPARMOR; + l->apparmor = secid; +} + int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { /* TODO: cache secctx and ref count so we don't have to recreate */ - struct aa_label *label = aa_secid_to_label(secid); + struct lsm_export data; + struct aa_label *label; int len; + aa_import_secid(&data, secid); + label = aa_secid_to_label(&data); + AA_BUG(!seclen); if (!label) diff --git a/security/security.c b/security/security.c index 2f1355d10e0d..60dd064c0531 100644 --- a/security/security.c +++ b/security/security.c @@ -2477,7 +2477,12 @@ void security_audit_rule_free(void *lsmrule) int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + int rc; + struct lsm_export data = { .flags = LSM_EXPORT_NONE }; + + rc = call_int_hook(audit_rule_match, 0, &data, field, op, lsmrule); + lsm_export_secid(&data, &secid); + return rc; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9db12f6b1221..bfd0f1f5979f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -213,23 +213,6 @@ static void cred_init_security(void) tsec->osid = tsec->sid = SECINITSID_KERNEL; } -/* - * Set the SELinux secid in an lsm_export structure - */ -static inline void selinux_export_secid(struct lsm_export *l, u32 secid) -{ - l->selinux = secid; - l->flags |= LSM_EXPORT_SELINUX; -} - -static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) -{ - if (l->flags & LSM_EXPORT_SELINUX) - *secid = l->selinux; - else - *secid = SECSID_NULL; -} - /* * get the security ID of a set of credentials */ diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 682e2b5de2a4..92dd5ab15fb2 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -39,7 +39,7 @@ void selinux_audit_rule_free(void *rule); /** * selinux_audit_rule_match - determine if a context ID matches a rule. - * @sid: the context ID to check + * @l: points to the context ID to check * @field: the field this rule refers to * @op: the operater the rule uses * @rule: pointer to the audit rule to check against @@ -47,7 +47,8 @@ void selinux_audit_rule_free(void *rule); * Returns 1 if the context id matches the rule, 0 if it does not, and * -errno on failure. */ -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule); +int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *rule); /** * selinux_audit_rule_known - check to see if rule contains selinux fields. diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 3b78aa4ee98f..59a3b1cd5ba9 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -50,6 +50,23 @@ static inline u32 current_sid(void) return tsec->sid; } +/* + * Set the SELinux secid in an lsm_export structure + */ +static inline void selinux_export_secid(struct lsm_export *l, u32 secid) +{ + l->selinux = secid; + l->flags |= LSM_EXPORT_SELINUX; +} + +static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) +{ + if (l->flags & LSM_EXPORT_SELINUX) + *secid = l->selinux; + else + *secid = SECSID_NULL; +} + enum label_initialized { LABEL_INVALID, /* invalid or not initialized */ LABEL_INITIALIZED, /* initialized */ diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e3f5d6aece66..626b877363fb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3395,13 +3395,15 @@ int selinux_audit_rule_known(struct audit_krule *rule) return 0; } -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) +int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *vrule) { struct selinux_state *state = &selinux_state; struct context *ctxt; struct mls_level *level; struct selinux_audit_rule *rule = vrule; int match = 0; + u32 sid; if (unlikely(!rule)) { WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n"); @@ -3415,6 +3417,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) goto out; } + selinux_import_secid(l, &sid); + ctxt = sidtab_search(state->ss->sidtab, sid); if (unlikely(!ctxt)) { WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n", diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3e3724bbd6ea..a3776501965d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4369,7 +4369,7 @@ static int smack_audit_rule_known(struct audit_krule *krule) /** * smack_audit_rule_match - Audit given object ? - * @secid: security id for identifying the object to test + * @l: security id for identifying the object to test * @field: audit rule flags given from user-space * @op: required testing operator * @vrule: smack internal rule presentation @@ -4377,10 +4377,12 @@ static int smack_audit_rule_known(struct audit_krule *krule) * The core Audit hook. It's used to take the decision of * whether to audit or not to audit a given object. */ -static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) +static int smack_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *vrule) { struct smack_known *skp; char *rule = vrule; + u32 secid; if (unlikely(!rule)) { WARN_ONCE(1, "Smack: missing rule\n"); @@ -4390,6 +4392,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) return 0; + smack_import_secid(l, &secid); skp = smack_from_secid(secid); /* -- 2.19.1