All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mqueue: security xattr setting on inode creation
@ 2016-11-03 18:11 David Graziano
  2016-11-03 20:36 ` Casey Schaufler
  0 siblings, 1 reply; 2+ messages in thread
From: David Graziano @ 2016-11-03 18:11 UTC (permalink / raw)
  To: selinux; +Cc: paul, seth.forshee, ebiederm, David Graziano

Adds generic xattr support by implementing initxattrs callback.
This enables setting of security attributes from LSM and EVM when
inode is created. Implementation based off tmpfs/shmem.

Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
---
 ipc/mqueue.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 0b13ace..512a546 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -35,6 +35,7 @@
 #include <linux/ipc_namespace.h>
 #include <linux/user_namespace.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
 
 #include <net/sock.h>
 #include "util.h"
@@ -70,6 +71,7 @@ struct mqueue_inode_info {
 	struct rb_root msg_tree;
 	struct posix_msg_tree_node *node_cache;
 	struct mq_attr attr;
+	struct simple_xattrs xattrs;	/* list of xattrs */
 
 	struct sigevent notify;
 	struct pid *notify_owner;
@@ -254,6 +256,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
 			info->attr.mq_maxmsg = attr->mq_maxmsg;
 			info->attr.mq_msgsize = attr->mq_msgsize;
 		}
+		simple_xattrs_init(&info->xattrs);
 		/*
 		 * We used to allocate a static array of pointers and account
 		 * the size of that array as well as one msg_msg struct per
@@ -413,6 +416,41 @@ static void mqueue_evict_inode(struct inode *inode)
 		put_ipc_ns(ipc_ns);
 }
 
+/*
+ * Callback for security_inode_init_security() for acquiring xattrs.
+ */
+static int mqueue_initxattrs(struct inode *inode,
+			    const struct xattr *xattr_array,
+			    void *fs_info)
+{
+	struct mqueue_inode_info *info = MQUEUE_I(inode);
+	const struct xattr *xattr;
+	struct simple_xattr *new_xattr;
+	size_t len;
+
+	for (xattr = xattr_array; xattr->name != NULL; xattr++) {
+		new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len);
+		if (!new_xattr)
+			return -ENOMEM;
+		len = strlen(xattr->name) + 1;
+		new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len,
+					  GFP_KERNEL);
+		if (!new_xattr->name) {
+			kfree(new_xattr);
+			return -ENOMEM;
+		}
+
+		memcpy(new_xattr->name, XATTR_SECURITY_PREFIX,
+		       XATTR_SECURITY_PREFIX_LEN);
+		memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN,
+		       xattr->name, len);
+
+		simple_xattr_list_add(&info->xattrs, new_xattr);
+	}
+
+	return 0;
+}
+
 static int mqueue_create(struct inode *dir, struct dentry *dentry,
 				umode_t mode, bool excl)
 {
@@ -443,6 +481,14 @@ static int mqueue_create(struct inode *dir, struct dentry *dentry,
 		ipc_ns->mq_queues_count--;
 		goto out_unlock;
 	}
+	error = security_inode_init_security(inode, dir,
+					     &dentry->d_name,
+					     mqueue_initxattrs, NULL);
+	if (error && error != -EOPNOTSUPP) {
+		spin_lock(&mq_lock);
+		ipc_ns->mq_queues_count--;
+		goto out_unlock;
+	}
 
 	put_ipc_ns(ipc_ns);
 	dir->i_size += DIRENT_SIZE;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] mqueue: security xattr setting on inode creation
  2016-11-03 18:11 [PATCH] mqueue: security xattr setting on inode creation David Graziano
@ 2016-11-03 20:36 ` Casey Schaufler
  0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2016-11-03 20:36 UTC (permalink / raw)
  To: selinux, linux-security-module@vger.kernel.org >> LSM

On 11/3/2016 11:11 AM, David Graziano wrote:
> Adds generic xattr support by implementing initxattrs callback.
> This enables setting of security attributes from LSM and EVM when
> inode is created. Implementation based off tmpfs/shmem.

This should go to the LSM linux-security-module@vger.kernel.org
I've cced that list.

>
> Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
> ---
>  ipc/mqueue.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 46 insertions(+)
>
> diff --git a/ipc/mqueue.c b/ipc/mqueue.c
> index 0b13ace..512a546 100644
> --- a/ipc/mqueue.c
> +++ b/ipc/mqueue.c
> @@ -35,6 +35,7 @@
>  #include <linux/ipc_namespace.h>
>  #include <linux/user_namespace.h>
>  #include <linux/slab.h>
> +#include <linux/xattr.h>
>  
>  #include <net/sock.h>
>  #include "util.h"
> @@ -70,6 +71,7 @@ struct mqueue_inode_info {
>  	struct rb_root msg_tree;
>  	struct posix_msg_tree_node *node_cache;
>  	struct mq_attr attr;
> +	struct simple_xattrs xattrs;	/* list of xattrs */
>  
>  	struct sigevent notify;
>  	struct pid *notify_owner;
> @@ -254,6 +256,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
>  			info->attr.mq_maxmsg = attr->mq_maxmsg;
>  			info->attr.mq_msgsize = attr->mq_msgsize;
>  		}
> +		simple_xattrs_init(&info->xattrs);
>  		/*
>  		 * We used to allocate a static array of pointers and account
>  		 * the size of that array as well as one msg_msg struct per
> @@ -413,6 +416,41 @@ static void mqueue_evict_inode(struct inode *inode)
>  		put_ipc_ns(ipc_ns);
>  }
>  
> +/*
> + * Callback for security_inode_init_security() for acquiring xattrs.
> + */
> +static int mqueue_initxattrs(struct inode *inode,
> +			    const struct xattr *xattr_array,
> +			    void *fs_info)
> +{
> +	struct mqueue_inode_info *info = MQUEUE_I(inode);
> +	const struct xattr *xattr;
> +	struct simple_xattr *new_xattr;
> +	size_t len;
> +
> +	for (xattr = xattr_array; xattr->name != NULL; xattr++) {
> +		new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len);
> +		if (!new_xattr)
> +			return -ENOMEM;
> +		len = strlen(xattr->name) + 1;
> +		new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len,
> +					  GFP_KERNEL);
> +		if (!new_xattr->name) {
> +			kfree(new_xattr);
> +			return -ENOMEM;
> +		}
> +
> +		memcpy(new_xattr->name, XATTR_SECURITY_PREFIX,
> +		       XATTR_SECURITY_PREFIX_LEN);
> +		memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN,
> +		       xattr->name, len);
> +
> +		simple_xattr_list_add(&info->xattrs, new_xattr);
> +	}
> +
> +	return 0;
> +}
> +
>  static int mqueue_create(struct inode *dir, struct dentry *dentry,
>  				umode_t mode, bool excl)
>  {
> @@ -443,6 +481,14 @@ static int mqueue_create(struct inode *dir, struct dentry *dentry,
>  		ipc_ns->mq_queues_count--;
>  		goto out_unlock;
>  	}
> +	error = security_inode_init_security(inode, dir,
> +					     &dentry->d_name,
> +					     mqueue_initxattrs, NULL);
> +	if (error && error != -EOPNOTSUPP) {
> +		spin_lock(&mq_lock);
> +		ipc_ns->mq_queues_count--;
> +		goto out_unlock;
> +	}
>  
>  	put_ipc_ns(ipc_ns);
>  	dir->i_size += DIRENT_SIZE;

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-03 20:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-03 18:11 [PATCH] mqueue: security xattr setting on inode creation David Graziano
2016-11-03 20:36 ` Casey Schaufler

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.