From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01AF8C35669 for ; Sat, 22 Feb 2020 00:05:48 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 97EDD20828 for ; Sat, 22 Feb 2020 00:05:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="jAX+HBS7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 97EDD20828 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582329946; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=U5YAnttg+s/3mN2n0pUNEiI2qLHRqoTrCd276khFz8c=; b=jAX+HBS7UVxIhg5b1MmBm1DshRCbH4PrLIr4A/6+o08TO65wWazD2uh6I+Vnt9YSe2Ncqe PlOUFimCsMzGJJpi453HN73Pr9cLcmDW/QnZumHmA0uMwPXuezIXnhUbeqKAhg7EyqN+OY M1G1VSLFx9EAG1R5di2t8nr5pOk6Ab4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-40-6HDMBIh7OR2Kj0z5NBBRRQ-1; Fri, 21 Feb 2020 19:05:44 -0500 X-MC-Unique: 6HDMBIh7OR2Kj0z5NBBRRQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E33AA107ACC9; Sat, 22 Feb 2020 00:05:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C537E5C28E; Sat, 22 Feb 2020 00:05:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9695418089CD; Sat, 22 Feb 2020 00:05:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01M05dMQ001581 for ; Fri, 21 Feb 2020 19:05:39 -0500 Received: by smtp.corp.redhat.com (Postfix) id F11AE2166B30; Sat, 22 Feb 2020 00:05:38 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECEE52166B2E for ; Sat, 22 Feb 2020 00:05:37 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E0B3A101A55F for ; Sat, 22 Feb 2020 00:05:36 +0000 (UTC) Received: from sonic309-28.consmr.mail.ne1.yahoo.com (sonic309-28.consmr.mail.ne1.yahoo.com [66.163.184.154]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-435-PFGUBkagPLCXNn-KhAI96w-1; Fri, 21 Feb 2020 19:05:31 -0500 X-MC-Unique: PFGUBkagPLCXNn-KhAI96w-1 X-YMail-OSG: QKmkZ7sVM1nINgdxG.oyfYunw.9JfDjtzZ4rWfrsvbtZXOgQTVDkkchxeBsILxV Haeie1XDwzAaM4acEfOxjTzj5d1YJH6KFRcGT_Vc8U6QOcFXkjnO45187AiQXLjGB9qEl5yDnqpH 30_rjFFNhZEk7UsrPDpJjTxlxJ5LY3NtZYLfuWbWCL8xsPKr8bOIO_MDYAgDbXkIDqbTx9x4PDFh D6StepOW9ws3tAgc4PtahCZbY8Do_RmF1tRDgo.EYl0Ckt5AwvsDRbPMP5TQH02J_7h9B0rTgII6 VIh6hNJWXL1zd4G0rlAcAezODwYKcbj4FWb6H9Oh0bJynbhgufWHli03uC8zdXyPNQmDqIJO_jjI saxDftvUvcLhGTkprQfk2ei8ROh0UyK.mYUIRWY23fD8Z0s.YTMih4_Tml92PGS.yNufk5V3IAuV JcwYqFmfs6C9GZ_I.VK6zl4lI.I6TNZfFBGh.3IvYQjKIohNaMkQACRslDm_pzgb.lakBx.EumfS WqGkD2i6DuDG91LfImrMPMBkXZ9s1lXS_mIVXfh5BzR.13liUS9Q0fPuW2pWtFbwd8bJVanPEYeA IKT7cEl3KCSxoedH1HoB37DkbZdxR1eqDYHBv25Cw9Un5uR.hIsOaAfrGofGfK6rIQLmejo.5k0m vBu2ExkAPn_P9iiCUpjPEzh2aXbab8qv5xStSLpFrk9Z3jZujSaPiImdZ35CH0kjnWT0qo_iujEW 2tcNFBf5R.FCq88kkmlISdxor6pInGv3RmSKnX9SYynlQQwR0MPsfp4F2OzQEKm_hMNE0gDRLuz1 pJIym44oxRFBmiNlTnld4nF6SGRuEQJfbtDxzlDed_AK9ETav5w2cXGWvi6W_TmaCUyuwLHvDEKC o5TGusVqNEDTtRDgB6CpUj1i9bml.MicR2yBdIoZUE7mHnA7ZSeknwB240Mesrbu.bolPyyzWiGr Rq4OvlZ8GWIPi24OB3b7mfJL163tz0iiUG.UGl8xvXcALM3F1XtjNy.nzHDjhZR7snTq3NK37Hkh Ye.QaMgpoptINsP76.pST03zgJTXOdF.h4wczdk7rYeoxE82hby3aneEwVYieP.IuB8kQCzKNgQi Vlo.XSUf1JjsmmYuCADJf3m9nUNKM1RG3Fa0Oq7UQtizw9VnnBde06jF39.3JcKUlYw1D8KGXlbq aqQqk7ybBA8uKku0VxL5Euvdev3hgwd31jVmKSRWqDhBOzoTSTf9gB0TTQ4E0hWPkhjBx46iRLIg MZYquMByk.d6EjNiauTofyzG9dB27TyCLFh90RR_rMlluq5aLi5F7TPaRIB9A2hKOpTm8vl0ta5Z kfMZNhWJ8.K0KmwYisK_tE4WYn1u9L29jmP5JA.4gUMF3Nrq5gqgDYpicxkI_EH9O0uETVME4Jvo qWmPFNhc0oW.k054n.aPH6nyOj27Nr.qQ2XSuue4lg_j045DXJljhir8- Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Sat, 22 Feb 2020 00:05:30 +0000 Received: by smtp407.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID bc004ae203dd3a2252190e464b196e15; Sat, 22 Feb 2020 00:05:29 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, linux-audit@redhat.com Subject: [PATCH v15 11/23] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 21 Feb 2020 16:04:02 -0800 Message-Id: <20200222000407.110158-9-casey@schaufler-ca.com> In-Reply-To: <20200222000407.110158-1-casey@schaufler-ca.com> References: <20200222000407.110158-1-casey@schaufler-ca.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 01M05dMQ001581 X-loop: linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <20200222000402.BHhgwEm6aW4GWHoQtPAPdAoIHzOygAEKeWW7avnhnC8@z> Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 19 +++++++----------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 43 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 62e095c34bcf..92a783f5ae1f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -438,7 +438,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d7d51ad5d234..1bc0e1264115 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1417,23 +1417,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2276,7 +2274,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2287,9 +2284,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 6fb7160412d4..f65f516913c6 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -329,7 +330,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b55e66c2451d..d52ae228ad3d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -112,7 +112,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -957,14 +957,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -973,9 +973,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1546,7 +1545,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1555,7 +1554,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1733,7 +1732,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2384,15 +2383,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2408,7 +2404,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2420,9 +2415,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2443,9 +2436,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1f50f68a6f5b..8ad399ea7883 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -412,7 +412,6 @@ int ima_file_mmap(struct file *file, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -422,9 +421,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 116800662a0f..2218abab789a 100644 --- a/security/security.c +++ b/security/security.c @@ -1647,10 +1647,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); -- 2.24.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit