From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62C1AC48BE5 for ; Fri, 11 Jun 2021 00:17:02 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EFA7161287 for ; Fri, 11 Jun 2021 00:17:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EFA7161287 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-496-GzWBoS12Nmqfa1ZrpsXDfw-1; Thu, 10 Jun 2021 20:16:59 -0400 X-MC-Unique: GzWBoS12Nmqfa1ZrpsXDfw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8EAC21927801; Fri, 11 Jun 2021 00:16:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7512510AFEBF; Fri, 11 Jun 2021 00:16:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 37F0F1832DAD; Fri, 11 Jun 2021 00:16:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15B0BapY025348 for ; Thu, 10 Jun 2021 20:11:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id AE2DD204796F; Fri, 11 Jun 2021 00:11:36 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A8F4321A384B for ; Fri, 11 Jun 2021 00:11:33 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 25004101A55F for ; Fri, 11 Jun 2021 00:11:33 +0000 (UTC) Received: from sonic311-31.consmr.mail.ne1.yahoo.com (sonic311-31.consmr.mail.ne1.yahoo.com [66.163.188.212]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-308-WKadVwWDNs-P9suov_bvEw-1; Thu, 10 Jun 2021 20:11:30 -0400 X-MC-Unique: WKadVwWDNs-P9suov_bvEw-1 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1623370290; bh=qoe6H3Xh0zecLzigCJFBppLKzLvxNKL4/Ld8Oct6Pza=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=iexfKrjEFWKun8/Mw27lNxk6VuPSpkqXaIZWn7sqUk66Uky2voFrsFJKSaUhwDtl4CQvxfY8VSEOUh0uCb4uNr50UvG/7BuPot09U82F+UlS1cL725cqSimTHXycuASIHLsDKkRtNpwLY6/Y8PR0k/J/lAVAlXqxWJAaaUPcQHnm4X3E1EDK1bCV0dW4OGxL+c0oRKeyIEK1/rXrFHyWiFjRD5oQKn3zlfV8m6Hh5BZMJ25FRvpdP6pfVApyGeYBsmuJtj5Kj3vPS5y7FVM4KYtdnQmVuBhbWuYNpblCOC63hE/ejyIH0h0/R+PCJhJsqM+s/dWGWTLo0g01ioVn/Q== X-YMail-OSG: 6V4Uk5QVM1mxoYuxXKQ.9ySpbx6vFgbe_dHvW8uNoMDOtsQH29zokvopuzRYjsq gIMDpZ6J.eiZQoxAFYCkcgQfYcXtPI3oZdGY12hEPKbJpAaGl7pQCK5aOaDZaSaPtT1k.paQFrFZ jdFXVBF1GjU_g81FBc0mk.K5eWERecK_B_pvlHhFJRuHIXQc0bpnFkBu1Lu10EXTwY0ne.GeVaYX KNXbeDbnjQ_2KOK.SD69jBavd4i2mjXG.NgHusdTYS0YOHO5s9zYNxC0zx2phS8xcBswUQSdTzH5 hD9QTH1lJO5J8UtnPyKFGiDxDqWWWbf5wCXXY6ioy2dEVAwbaCH4_2Z.NH2vp3teM1gBcm6z6dUz 3U6_dkaCArf0uBhucKygIo0zoyQNc6ZB6dq6eHbXripnqtZhwHHHyzgjEI4FqCzHeQwww2OY6jYa ghvsx1LUCJgWOM_VBPSgi03ApFmQ9k2Lfr3yDXjkiPJWWyWaSC7dy2_j6OGV1E6zihm542D8g3Tw J1z2KWPG9iF.cI4IPZAYmQSw3H4T5f8ktvIETWEwUkVspwq33Vk4oCN_BH9Y73M3LuDqihItqtTy nzLYVrboTYMWAqKWP5gEA1GWcZSM.r3.sobw7LmiK8pw5kQMZvQrAfr9AivIV01Uy8Bc.huF8NWg 3F1Pv0Vmvaxz0kdX429SEtok363ItzUEX0QhX.mHn5wQl.NFVxDYyRWBPeeYuLD4YCMB9gRzTu2y nXuHQETHRS8Gqo.OXi4NbN8tMi25LWOhnbRJWRnG7u_Dld6TM231JpfrX_bvF450TW9bxg2z_39p GrvXR09zvHuELr9HPmDz.U3CqOpPZQLwHybnltU1GF.pIoJvM8_KBGpkzb4XQXAVbCiKaK782JnG zsXAdtnbP8l20Id1hITfLzocm9asqgjkPzeJIb_hPH2MSzNnfb.o6vOXjTCP1jWtXIYAdOUE8.Pw kkwywA.ha9gaaI9vHjaYIQCa7UQbBeOMjh86SBkP3cWGo.IpqhM1hvey4olExF_AMSRbWF65qEzf nYXv5k41lSIQ5zIFFShdzhztpwMdvpchcNraGxIMEpX.IzsWFtHtmiXUV2oIu.nY8HzxrV.k4W0G D4Kz9dKQJeZftF6BvMNrhB4sM0_IQmGsWTb7oxCAwzaB6tZ5ULWBEO9XqhIoqlgk6DnJjiHakxj8 LSfb8G8I4TkMnpczUyhQ_TeB.KeRf951qT3y9kO7WUAeIgKghtupfM1vDRwRFIFG8ntftH8p9ohy 2X8KCTAWyT1mnET6ZKbhOF3W0ryh6r502Uzzg10wUmUqCFXBPC3zsftiPryPpB_N_Rz4UxaOiI0p KkP4N_enyXPQ0P7FV2FnyQ.KTiA8pms4M7mhReqvhGFDivcxkuQW2njaPchitym8mUoQG64PKZZH VwpCUNSXOijD.aAXGNUM.Cj86pPF.AHfAllQC64RFEly_b2jp0zrfIASN_6wnb3Twi4gSS88aEZU aebdwDj.ejKK2BNRJLc8NlYrQvn2o6m4yYng3EhKEEChJEc91aaedNVd1RAQVVRE6gfP4wqtN5dF A53VDZ.S7z7Xci4JFjcx_maWP7LCwq_D34rSPm6nji8E0eDIxKGVumUne.BiuMdvqek8VOO0OSKo Z1NriWqZDoYbzbqLR5rbRTrO1cYPLEmvgUu8eJgKRh64IA1u0Y1cnvoehGPBIOkV.tcvy0eXzLiz U9utRMOKGbribcFHb1PBk9B_gbrsT2j6ZGuLWdZMOyvnWbhtGmsgA7lQN80PolxYxAc3Zef1ZQFz XohsXUPoIXca1tinbVzZ6dzcAVCXTq_hx0jAYiBf_jGbPnfuhcTZrjSrMLysHhzAwvINFgkIFWjm plrHPzu_GSCj045_nMy1_UVGndehhTPFcNH8_vKm5LkJiZ589j00sIK_xlqKkzG.._kZr9FA0A7i bbxS4j9yPianGmLyjPNSD755b1sspHAG5qJjmDauS.eLcIAKI9x5GYAtf02V8t83nt2KKdsHjJtK fa6W2r22QzH4u3XRSpto6ru2rAnACN.w7MJenQDji0ptPUM8wqH6GqiqLw5jMAP7HSygtP78H8yE cCG7l4ZQxl0Wawo9vAJgICpSo_0DjgrvgGiWGUr13nZ3eBedCMncFlGbneTYMOmaVfwgJoLuYIeF 39EVQePbsimuSv5NGGM9IbLFj6jYgmwo6zWpvDQ5fp.naJVFcbx6OFu9iHVseBUcQfu.b7Pcd5Wl EntYMnVNIbU2iPK6AO02fYmu1JHknLKmpGN.NWisfY5gxh0Ne.6TVU53XOeY3tZ5fvVrhQcfKxrt oJY0qUgen8qqm3sRvurVDPBqgUSMch1TjVKg5zTNaIXkCarhuBnlqVbIB5tB026WbLsXrCJh1K16 sZwNdgCFNMAhfarGwni8YGfe4qUFbc1w9h6gnoPhQPD6gm.keyjYZ4qVsNjgLkB_DeE11uB0_Yhp lJijpnSQmGBfq9ht5sW7rLl0_Rjw6yrNtSfvMtTP8rwZzL4PrXDQAr7a5LorV.EpzVQDX8aLt4cW mfH4qiRGMZdkbRQdj0Es59htqCTPFATipjTqigAm_OgcIloAItVM_o.JFcv2ZO0Xd_rBhvklsLx. oW0PVI6kygqGs7daTvp2_0lRz_9wbAnKmmy3okoRD2g7wl3BU5E1MOifXtDAA4c30yazTtrVwJ.E CDQR3BxDnS_pMNdSevJ.YarE6NcGyd1S_kySaEAeYt6Ee6av747pUKCTt7pLM3_QyAFYY76W3JcM e.tAw5hCxRCt5xO222QWy.nbXjmnv15T6gBzUDaXHXzPaF.ayiLEZ5YXlg0pcZmX9FHsUSNXCSzM h0i76UeQru93_6NaZ3LHmG1YUW.nrK23Py371TkOWPyzcFmZwP_kUcRFA04JZtCTkh7jPV6LgMp1 7Oowq7uInYZ5evS8m0Im4IL3xvuUXrZzQb4dGSzlg677WKSL3x20dlZoVQ.j7Ro6P3DJzEzgwQZ7 IpX41EoeFvIZ1LVblHcz5r7vRIlttgV5ZQV714mYCm5NYBCrhdBIgx30QgbNhp3mW9gGR5YF1oi9 w4nhwq1tesspL41UkTkmhbyEQsvJ1DXQ50cgZnYFnIurGDctuhPtx X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Fri, 11 Jun 2021 00:11:30 +0000 Received: by kubenode567.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 4152b76121a5a39c38d12a14db81df6e; Fri, 11 Jun 2021 00:11:24 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v27 06/25] LSM: Use lsmblob in security_kernel_act_as Date: Thu, 10 Jun 2021 17:04:16 -0700 Message-Id: <20210611000435.36398-7-casey@schaufler-ca.com> In-Reply-To: <20210611000435.36398-1-casey@schaufler-ca.com> References: <20210611000435.36398-1-casey@schaufler-ca.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: linux-audit@redhat.com Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org, linux-audit@redhat.com, sds@tycho.nsa.gov X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 14971322e1a0..5a3f0fc3090d 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -164,7 +165,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 916a0f606035..5c664ba0fbc3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -461,7 +461,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1103,7 +1103,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index e1d274cd741b..ad845c99e2d1 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -733,14 +733,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -756,6 +756,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -763,7 +764,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index d467231342da..5ec929f97963 100644 --- a/security/security.c +++ b/security/security.c @@ -1798,9 +1798,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) -- 2.29.2 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit