From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAE7BC433DB for ; Mon, 8 Mar 2021 19:27:10 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6090C6521F for ; Mon, 8 Mar 2021 19:27:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6090C6521F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615231629; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=M3A+tgkJ/V2OpZr5Z5BUinv0oVg0+0u46S8Vwoa+34Q=; b=HtyZgr9eTQyZT3U/IOJg02VQbH/cPiZn3FX1dywY3mdMqoqJJ/IRSf97R8Z/WDan/0WZYH GsxySQDyvzUIG9C1xYbNL57v+Hswh0tpdLI2ejaFpX78Rlq0V+uhIvqiVKIH+E7DYKa4Kx C4QItrvpFk6R6wBoKmkC1CVgCVTDMeI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-38-958TE1amMDidWvpuJ9Atcg-1; Mon, 08 Mar 2021 14:27:07 -0500 X-MC-Unique: 958TE1amMDidWvpuJ9Atcg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7225610866A6; Mon, 8 Mar 2021 19:27:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 45C7B5944B; Mon, 8 Mar 2021 19:27:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DB0A257DC0; Mon, 8 Mar 2021 19:27:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 128JR3gw006592 for ; Mon, 8 Mar 2021 14:27:03 -0500 Received: by smtp.corp.redhat.com (Postfix) id 28AD750DD2; Mon, 8 Mar 2021 19:27:03 +0000 (UTC) Received: from madcap2.tricolour.ca (unknown [10.10.110.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2E0E6062F; Mon, 8 Mar 2021 19:26:53 +0000 (UTC) Date: Mon, 8 Mar 2021 14:26:51 -0500 From: Richard Guy Briggs To: Paul Moore Subject: Re: [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials Message-ID: <20210308192651.GA2015948@madcap2.tricolour.ca> References: <161377712068.87807.12246856567527156637.stgit@sifl> <161377735771.87807.8998552586584751981.stgit@sifl> MIME-Version: 1.0 In-Reply-To: <161377735771.87807.8998552586584751981.stgit@sifl> User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: linux-audit@redhat.com Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, John Johansen , linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 2021-02-19 18:29, Paul Moore wrote: > With the split of the security_task_getsecid() into subjective and > objective variants it's time to update Smack to ensure it is using > the correct task creds. > > Signed-off-by: Paul Moore FWIW Reviewed-by: Richard Guy Briggs > --- > security/smack/smack.h | 18 +++++++++++++++++- > security/smack/smack_lsm.c | 40 +++++++++++++++++++++++++++------------- > 2 files changed, 44 insertions(+), 14 deletions(-) > > diff --git a/security/smack/smack.h b/security/smack/smack.h > index a9768b12716bf..08f9cb80655ce 100644 > --- a/security/smack/smack.h > +++ b/security/smack/smack.h > @@ -383,7 +383,23 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) > return tsp->smk_task; > } > > -static inline struct smack_known *smk_of_task_struct( > +static inline struct smack_known *smk_of_task_struct_subj( > + const struct task_struct *t) > +{ > + struct smack_known *skp; > + const struct cred *cred; > + > + rcu_read_lock(); > + > + cred = rcu_dereference(t->cred); > + skp = smk_of_task(smack_cred(cred)); > + > + rcu_read_unlock(); > + > + return skp; > +} > + > +static inline struct smack_known *smk_of_task_struct_obj( > const struct task_struct *t) > { > struct smack_known *skp; > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 2bb354ef2c4a9..ea1a82742e8ba 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -159,7 +159,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, > static int smk_bu_task(struct task_struct *otp, int mode, int rc) > { > struct task_smack *tsp = smack_cred(current_cred()); > - struct smack_known *smk_task = smk_of_task_struct(otp); > + struct smack_known *smk_task = smk_of_task_struct_obj(otp); > char acc[SMK_NUM_ACCESS_TYPE + 1]; > > if (rc <= 0) > @@ -479,7 +479,7 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) > { > struct smack_known *skp; > > - skp = smk_of_task_struct(ctp); > + skp = smk_of_task_struct_obj(ctp); > > return smk_ptrace_rule_check(current, skp, mode, __func__); > } > @@ -2031,7 +2031,7 @@ static int smk_curacc_on_task(struct task_struct *p, int access, > const char *caller) > { > struct smk_audit_info ad; > - struct smack_known *skp = smk_of_task_struct(p); > + struct smack_known *skp = smk_of_task_struct_subj(p); > int rc; > > smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); > @@ -2076,15 +2076,29 @@ static int smack_task_getsid(struct task_struct *p) > } > > /** > - * smack_task_getsecid - get the secid of the task > - * @p: the object task > + * smack_task_getsecid_subj - get the subjective secid of the task > + * @p: the task > * @secid: where to put the result > * > - * Sets the secid to contain a u32 version of the smack label. > + * Sets the secid to contain a u32 version of the task's subjective smack label. > + */ > +static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid) > +{ > + struct smack_known *skp = smk_of_task_struct_subj(p); > + > + *secid = skp->smk_secid; > +} > + > +/** > + * smack_task_getsecid_obj - get the objective secid of the task > + * @p: the task > + * @secid: where to put the result > + * > + * Sets the secid to contain a u32 version of the task's objective smack label. > */ > -static void smack_task_getsecid(struct task_struct *p, u32 *secid) > +static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid) > { > - struct smack_known *skp = smk_of_task_struct(p); > + struct smack_known *skp = smk_of_task_struct_obj(p); > > *secid = skp->smk_secid; > } > @@ -2172,7 +2186,7 @@ static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, > { > struct smk_audit_info ad; > struct smack_known *skp; > - struct smack_known *tkp = smk_of_task_struct(p); > + struct smack_known *tkp = smk_of_task_struct_obj(p); > int rc; > > if (!sig) > @@ -2210,7 +2224,7 @@ static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info, > static void smack_task_to_inode(struct task_struct *p, struct inode *inode) > { > struct inode_smack *isp = smack_inode(inode); > - struct smack_known *skp = smk_of_task_struct(p); > + struct smack_known *skp = smk_of_task_struct_obj(p); > > isp->smk_inode = skp; > isp->smk_flags |= SMK_INODE_INSTANT; > @@ -3481,7 +3495,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) > */ > static int smack_getprocattr(struct task_struct *p, char *name, char **value) > { > - struct smack_known *skp = smk_of_task_struct(p); > + struct smack_known *skp = smk_of_task_struct_subj(p); > char *cp; > int slen; > > @@ -4755,8 +4769,8 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { > LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), > LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), > LSM_HOOK_INIT(task_getsid, smack_task_getsid), > - LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid), > - LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid), > + LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid_subj), > + LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj), > LSM_HOOK_INIT(task_setnice, smack_task_setnice), > LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), > LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://listman.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit