From: Casey Schaufler <casey@schaufler-ca.com>
To: jmorris@namei.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Cc: keescook@chromium.org, john.johansen@canonical.com,
penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com
Subject: [PATCH 13/97] LSM: Use lsm_export in the audit_rule_match hooks
Date: Thu, 28 Feb 2019 14:18:09 -0800 [thread overview]
Message-ID: <20190228221933.2551-14-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190228221933.2551-1-casey@schaufler-ca.com>
From: Casey Schaufler <cschaufler@schaufler-ca.com>
Convert the audit_rule_match hooks to use the lsm_export
structure instead of a u32 secid. There is quite a bit of scaffolding
involved that will be removed when security_audit_rule_match()
is updated.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 6 +++---
security/apparmor/audit.c | 4 ++--
security/apparmor/include/audit.h | 2 +-
security/apparmor/include/secid.h | 2 +-
security/apparmor/secid.c | 17 +++++++++++++++--
security/security.c | 7 ++++++-
security/selinux/hooks.c | 17 -----------------
security/selinux/include/audit.h | 6 +++---
security/selinux/include/objsec.h | 17 +++++++++++++++++
security/selinux/ss/services.c | 7 +++++--
security/smack/smack_lsm.c | 8 +++++---
11 files changed, 58 insertions(+), 35 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d4f260812c20..932af86333b4 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1341,7 +1341,7 @@
* @audit_rule_match:
* Determine if given @secid matches a rule previously approved
* by @audit_rule_known.
- * @secid contains the security id in question.
+ * @l points to the security data in question.
* @field contains the field which relates to current LSM.
* @op contains the operator that will be used for matching.
* @rule points to the audit rule that will be checked against.
@@ -1768,8 +1768,8 @@ union security_list_options {
int (*audit_rule_init)(u32 field, u32 op, char *rulestr,
void **lsmrule);
int (*audit_rule_known)(struct audit_krule *krule);
- int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
- struct audit_context *actx);
+ int (*audit_rule_match)(struct lsm_export *l, u32 field, u32 op,
+ void *lsmrule, struct audit_context *actx);
void (*audit_rule_free)(void *lsmrule);
#endif /* CONFIG_AUDIT */
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index eeaddfe0c0fb..9a726892a068 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -225,14 +225,14 @@ int aa_audit_rule_known(struct audit_krule *rule)
return 0;
}
-int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule,
struct audit_context *actx)
{
struct aa_audit_rule *rule = vrule;
struct aa_label *label;
int found = 0;
- label = aa_secid_to_label(sid);
+ label = aa_secid_to_label(l);
if (!label)
return -ENOENT;
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index b8c8b1066b0a..5e4632bacd32 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -192,7 +192,7 @@ static inline int complain_error(int error)
void aa_audit_rule_free(void *vrule);
int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
int aa_audit_rule_known(struct audit_krule *rule);
-int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule,
struct audit_context *actx);
#endif /* __AA_AUDIT_H */
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index fa2062711b63..c283c620efe3 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -25,7 +25,7 @@ struct aa_label;
/* secid value that matches any other secid */
#define AA_SECID_WILDCARD 1
-struct aa_label *aa_secid_to_label(u32 secid);
+struct aa_label *aa_secid_to_label(struct lsm_export *l);
int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
void apparmor_release_secctx(char *secdata, u32 seclen);
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 05373d9a3d6a..1546c45a2a18 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -61,9 +61,12 @@ void aa_secid_update(u32 secid, struct aa_label *label)
*
* see label for inverse aa_label_to_secid
*/
-struct aa_label *aa_secid_to_label(u32 secid)
+struct aa_label *aa_secid_to_label(struct lsm_export *l)
{
struct aa_label *label;
+ u32 secid;
+
+ secid = (l->flags & LSM_EXPORT_APPARMOR) ? l->apparmor : 0;
rcu_read_lock();
label = idr_find(&aa_secids, secid);
@@ -72,12 +75,22 @@ struct aa_label *aa_secid_to_label(u32 secid)
return label;
}
+static inline void aa_import_secid(struct lsm_export *l, u32 secid)
+{
+ l->flags = LSM_EXPORT_APPARMOR;
+ l->apparmor = secid;
+}
+
int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
{
/* TODO: cache secctx and ref count so we don't have to recreate */
- struct aa_label *label = aa_secid_to_label(secid);
+ struct lsm_export data;
+ struct aa_label *label;
int len;
+ aa_import_secid(&data, secid);
+ label = aa_secid_to_label(&data);
+
AA_BUG(!seclen);
if (!label)
diff --git a/security/security.c b/security/security.c
index bbb206b01e8e..51491fda1bc2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2467,8 +2467,13 @@ void security_audit_rule_free(void *lsmrule)
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx)
{
- return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule,
+ int rc;
+ struct lsm_export data = { .flags = LSM_EXPORT_NONE };
+
+ rc = call_int_hook(audit_rule_match, 0, &data, field, op, lsmrule,
actx);
+ lsm_export_secid(&data, &secid);
+ return rc;
}
#endif /* CONFIG_AUDIT */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1004aa4fc5db..1cde918e4140 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -211,23 +211,6 @@ static void cred_init_security(void)
tsec->osid = tsec->sid = SECINITSID_KERNEL;
}
-/*
- * Set the SELinux secid in an lsm_export structure
- */
-static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
-{
- l->selinux = secid;
- l->flags |= LSM_EXPORT_SELINUX;
-}
-
-static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
-{
- if (l->flags | LSM_EXPORT_SELINUX)
- *secid = l->selinux;
- else
- *secid = SECSID_NULL;
-}
-
/*
* get the security ID of a set of credentials
*/
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h
index 36e1d44c0209..7daa44d188f7 100644
--- a/security/selinux/include/audit.h
+++ b/security/selinux/include/audit.h
@@ -39,7 +39,7 @@ void selinux_audit_rule_free(void *rule);
/**
* selinux_audit_rule_match - determine if a context ID matches a rule.
- * @sid: the context ID to check
+ * @l: points to the context ID to check
* @field: the field this rule refers to
* @op: the operater the rule uses
* @rule: pointer to the audit rule to check against
@@ -48,8 +48,8 @@ void selinux_audit_rule_free(void *rule);
* Returns 1 if the context id matches the rule, 0 if it does not, and
* -errno on failure.
*/
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
- struct audit_context *actx);
+int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op,
+ void *rule, struct audit_context *actx);
/**
* selinux_audit_rule_known - check to see if rule contains selinux fields.
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 3b78aa4ee98f..d7efc5f23c1e 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -50,6 +50,23 @@ static inline u32 current_sid(void)
return tsec->sid;
}
+/*
+ * Set the SELinux secid in an lsm_export structure
+ */
+static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
+{
+ l->selinux = secid;
+ l->flags |= LSM_EXPORT_SELINUX;
+}
+
+static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
+{
+ if (l->flags | LSM_EXPORT_SELINUX)
+ *secid = l->selinux;
+ else
+ *secid = SECSID_NULL;
+}
+
enum label_initialized {
LABEL_INVALID, /* invalid or not initialized */
LABEL_INITIALIZED, /* initialized */
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4190c5e9e66c..fcd11105fafa 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3376,14 +3376,15 @@ int selinux_audit_rule_known(struct audit_krule *rule)
return 0;
}
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
- struct audit_context *actx)
+int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op,
+ void *vrule, struct audit_context *actx)
{
struct selinux_state *state = &selinux_state;
struct context *ctxt;
struct mls_level *level;
struct selinux_audit_rule *rule = vrule;
int match = 0;
+ u32 sid;
if (unlikely(!rule)) {
WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
@@ -3397,6 +3398,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
goto out;
}
+ selinux_import_secid(l, &sid);
+
ctxt = sidtab_search(state->ss->sidtab, sid);
if (unlikely(!ctxt)) {
WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0bed974b833b..d26a5e77a92c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4283,7 +4283,7 @@ static int smack_audit_rule_known(struct audit_krule *krule)
/**
* smack_audit_rule_match - Audit given object ?
- * @secid: security id for identifying the object to test
+ * @l: security id for identifying the object to test
* @field: audit rule flags given from user-space
* @op: required testing operator
* @vrule: smack internal rule presentation
@@ -4292,11 +4292,12 @@ static int smack_audit_rule_known(struct audit_krule *krule)
* The core Audit hook. It's used to take the decision of
* whether to audit or not to audit a given object.
*/
-static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
- struct audit_context *actx)
+static int smack_audit_rule_match(struct lsm_export *l, u32 field, u32 op,
+ void *vrule, struct audit_context *actx)
{
struct smack_known *skp;
char *rule = vrule;
+ u32 secid;
if (unlikely(!rule)) {
WARN_ONCE(1, "Smack: missing rule\n");
@@ -4306,6 +4307,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
return 0;
+ smack_import_secid(l, &secid);
skp = smack_from_secid(secid);
/*
--
2.17.0
next prev parent reply other threads:[~2019-02-28 22:19 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 22:17 [PATCH 00/97] LSM: Complete module stacking Casey Schaufler
2019-02-28 22:17 ` [PATCH 01/97] LSM: Infrastructure management of the superblock Casey Schaufler
2019-03-01 14:02 ` Edwin Zimmerman
2019-03-01 16:50 ` Casey Schaufler
2019-02-28 22:17 ` [PATCH 02/97] LSM: Infrastructure management of the sock security Casey Schaufler
2019-02-28 22:17 ` [PATCH 03/97] LSM: Infrastructure management of the key security blob Casey Schaufler
2019-02-28 22:18 ` [PATCH 04/97] SCAFFOLD: Move sock_graft out of sock.h Casey Schaufler
2019-02-28 22:18 ` [PATCH 05/97] LSM: Create an lsm_export data structure Casey Schaufler
2019-03-01 14:00 ` Stephen Smalley
2019-03-01 16:46 ` Casey Schaufler
2019-02-28 22:18 ` [PATCH 06/97] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 07/97] SCAFFOLD: Move security.h out of route.h Casey Schaufler
2019-02-28 22:18 ` [PATCH 08/97] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 09/97] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 10/97] LSM: Use lsm_export in the sk_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-03-01 14:59 ` Edwin Zimmerman
2019-03-01 16:59 ` Casey Schaufler
2019-02-28 22:18 ` [PATCH 12/97] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-02-28 22:18 ` Casey Schaufler [this message]
2019-02-28 22:18 ` [PATCH 14/97] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-02-28 22:18 ` [PATCH 15/97] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 16/97] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 17/97] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-02-28 22:18 ` [PATCH 18/97] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-02-28 22:18 ` [PATCH 19/97] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-02-28 22:18 ` [PATCH 20/97] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 21/97] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 22/97] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 23/97] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 24/97] LSM: FIXUP - security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 25/97] LSM: FIXUP - security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 26/97] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 27/97] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 28/97] LSM: REVERT Use lsm_export in the sk_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 29/97] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-02-28 22:18 ` [PATCH 30/97] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-02-28 22:18 ` [PATCH 31/97] Audit: Convert osid " Casey Schaufler
2019-02-28 22:18 ` [PATCH 32/97] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 33/97] NET: Store LSM access information in the socket blob for UDS Casey Schaufler
2019-02-28 22:18 ` [PATCH 34/97] NET: Remove scaffolding on secmarks Casey Schaufler
2019-02-28 22:18 ` [PATCH 35/97] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-02-28 22:18 ` [PATCH 36/97] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 37/97] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 38/97] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-02-28 22:18 ` [PATCH 39/97] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 40/97] Smack: Restore the release_secctx hook Casey Schaufler
2019-02-28 22:18 ` [PATCH 41/97] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-02-28 22:18 ` [PATCH 42/97] LSM: Limit calls to certain module hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 43/97] LSM: Create a data structure for a security context Casey Schaufler
2019-02-28 22:18 ` [PATCH 44/97] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 45/97] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 46/97] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 47/97] LSM: Use lsm_context in inode_notifysecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 48/97] LSM: Use lsm_context in dentry_init_security hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 49/97] LSM: Use lsm_context in security_dentry_init_security Casey Schaufler
2019-02-28 22:18 ` [PATCH 50/97] LSM: Use lsm_context in security_inode_notifysecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 51/97] LSM: Use lsm_context in security_inode_getsecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 52/97] LSM: Use lsm_context in security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 53/97] LSM: Use lsm_context in release_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 54/97] LSM: Use lsm_context in security_release_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 55/97] LSM: Use lsm_context in security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 56/97] fs: remove lsm_context scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 57/97] LSM: Add the release function to the lsm_context Casey Schaufler
2019-02-28 22:18 ` [PATCH 58/97] LSM: Use lsm_context in inode_setsecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 59/97] LSM: Use lsm_context in security_inode_setsecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 60/97] kernfs: remove lsm_context scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 61/97] LSM: Remove unused macro Casey Schaufler
2019-02-28 22:18 ` [PATCH 62/97] LSM: Special handling for secctx lsm hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 63/97] SELinux: Use blob offset in current_sid Casey Schaufler
2019-02-28 22:19 ` [PATCH 64/97] LSM: Specify which LSM to display with /proc/self/attr/display Casey Schaufler
2019-02-28 22:19 ` [PATCH 65/97] AppArmor: Remove the exclusive flag Casey Schaufler
2019-02-28 22:19 ` [PATCH 66/97] LSM: Add secmark_relabel_packet to the set of one call hooks Casey Schaufler
2019-02-28 22:19 ` [PATCH 67/97] LSM: Make getting the secmark right cleaner with lsm_export_one_secid Casey Schaufler
2019-02-28 22:19 ` [PATCH 68/97] netfilter: Fix memory leak introduced with lsm_context Casey Schaufler
2019-02-28 22:19 ` [PATCH 69/97] Smack: Consolidate secmark conversions Casey Schaufler
2019-02-28 22:19 ` [PATCH 70/97] netfilter: Remove unnecessary NULL check in lsm_context Casey Schaufler
2019-03-01 14:17 ` [PATCH 00/97] LSM: Complete module stacking Stephen Smalley
2019-03-01 17:06 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228221933.2551-14-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).