From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from ucol19pa10.eemsg.mail.mil ([214.24.24.83]:3774 "EHLO
        UCOL19PA10.eemsg.mail.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730481AbfAIOg2 (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Wed, 9 Jan 2019 09:36:28 -0500
Subject: Re: [PATCH 1/3] LSM: Add new hook for generic node initialization
To: Ondrej Mosnacek <omosnace@redhat.com>, selinux@vger.kernel.org,
        Paul Moore <paul@paul-moore.com>
Cc: linux-security-module@vger.kernel.org,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Tejun Heo <tj@kernel.org>, linux-fsdevel@vger.kernel.org,
        cgroups@vger.kernel.org
References: <20190109091028.24485-1-omosnace@redhat.com>
 <20190109091028.24485-2-omosnace@redhat.com>
From: Stephen Smalley <sds@tycho.nsa.gov>
Message-ID: <34700932-359e-5b01-565c-0816dd4a1940@tycho.nsa.gov>
Date: Wed, 9 Jan 2019 09:35:39 -0500
MIME-Version: 1.0
In-Reply-To: <20190109091028.24485-2-omosnace@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On 1/9/19 4:10 AM, Ondrej Mosnacek wrote:
> This patch introduces a new security hook that is intended for
> initializing the security data for newly created pseudo filesystem
> objects (such as kernfs nodes) that provide a way of storing a
> non-default security context, but need to operate independently from
> mounts.
> 
> The main motivation is to allow kernfs nodes to inherit the context of
> the parent under SELinux, similar to the behavior of
> security_inode_init_security(). Other LSMs may implement their own logic
> for handling the creation of new nodes.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>   include/linux/lsm_hooks.h |  5 +++++
>   include/linux/security.h  | 12 ++++++++++++
>   security/security.c       |  8 ++++++++
>   3 files changed, 25 insertions(+)
> 
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index aaeb7fa24dc4..f2b4c0bf4a7b 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1556,6 +1556,10 @@ union security_list_options {
>   	int (*inode_copy_up)(struct dentry *src, struct cred **new);
>   	int (*inode_copy_up_xattr)(const char *name);
>   
> +	int (*object_init_security)(void *parent_ctx, u32 parent_ctxlen,
> +				    const struct qstr *qstr, u16 mode,
> +				    void **ctx, u32 *ctxlen);

You'll want to add a kerneldoc comment for the new hook; see the 
existing ones for the other hooks at the top of lsm_hooks.h.

> +
>   	int (*file_permission)(struct file *file, int mask);
>   	int (*file_alloc_security)(struct file *file);
>   	void (*file_free_security)(struct file *file);
> @@ -1855,6 +1859,7 @@ struct security_hook_heads {
>   	struct hlist_head inode_getsecid;
>   	struct hlist_head inode_copy_up;
>   	struct hlist_head inode_copy_up_xattr;
> +	struct hlist_head object_init_security;
>   	struct hlist_head file_permission;
>   	struct hlist_head file_alloc_security;
>   	struct hlist_head file_free_security;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index d170a5b031f3..e20d1f378ea4 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -315,6 +315,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
>   void security_inode_getsecid(struct inode *inode, u32 *secid);
>   int security_inode_copy_up(struct dentry *src, struct cred **new);
>   int security_inode_copy_up_xattr(const char *name);
> +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> +				  const struct qstr *qstr, u16 mode,
> +				  void **ctx, u32 *ctxlen);
>   int security_file_permission(struct file *file, int mask);
>   int security_file_alloc(struct file *file);
>   void security_file_free(struct file *file);
> @@ -815,6 +818,15 @@ static inline int security_inode_copy_up_xattr(const char *name)
>   	return -EOPNOTSUPP;
>   }
>   
> +static inline int security_object_init_security(void *parent_ctx,
> +						u32 parent_ctxlen,
> +						const struct qstr *qstr,
> +						u16 mode, void **ctx,
> +						u32 *ctxlen)
> +{
> +	return 0;
> +}
> +
>   static inline int security_file_permission(struct file *file, int mask)
>   {
>   	return 0;
> diff --git a/security/security.c b/security/security.c
> index 04d173eb93f6..56e77368b87f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -879,6 +879,14 @@ int security_inode_copy_up_xattr(const char *name)
>   }
>   EXPORT_SYMBOL(security_inode_copy_up_xattr);
>   
> +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> +				  const struct qstr *qstr, u16 mode,
> +				  void **ctx, u32 *ctxlen)
> +{
> +	return call_int_hook(object_init_security, 0, parent_ctx, parent_ctxlen,
> +			     qstr, mode, ctx, ctxlen);
> +}
> +
>   int security_file_permission(struct file *file, int mask)
>   {
>   	int ret;
>