Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
	john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
	paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH v8 18/28] LSM: Use lsmcontext in security_dentry_init_security
Date: Thu, 29 Aug 2019 16:29:25 -0700
Message-ID: <20190829232935.7099-19-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190829232935.7099-1-casey@schaufler-ca.com>

Change the security_dentry_init_security() interface to
fill an lsmcontext structure instead of a void * data area
and a length. The lone caller of this interface is NFS4,
which may make copies of the data using its own mechanisms.
A rework of the nfs4 code to use the lsmcontext properly
is a significant project, so the coward's way out is taken,
and the lsmcontext data from security_dentry_init_security()
is copied, then released directly.

This interface does not use the "display". There is currently
not case where that is useful or reasonable.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 fs/nfs/nfs4proc.c        | 26 ++++++++++++++++----------
 include/linux/security.h |  7 +++----
 security/security.c      | 29 +++++++++++++++++++++++++----
 3 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index af1c0db29c39..952f805965bb 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -113,6 +113,7 @@ static inline struct nfs4_label *
 nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
 	struct iattr *sattr, struct nfs4_label *label)
 {
+	struct lsmcontext context;
 	int err;
 
 	if (label == NULL)
@@ -122,21 +123,26 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
 		return NULL;
 
 	err = security_dentry_init_security(dentry, sattr->ia_mode,
-				&dentry->d_name, (void **)&label->label, &label->len);
-	if (err == 0)
-		return label;
+					    &dentry->d_name, &context);
+
+	if (err)
+		return NULL;
+
+	label->label = kmemdup(context.context, context.len, GFP_KERNEL);
+	if (label->label == NULL)
+		label = NULL;
+	else
+		label->len = context.len;
+
+	security_release_secctx(&context);
+
+	return label;
 
-	return NULL;
 }
 static inline void
 nfs4_label_release_security(struct nfs4_label *label)
 {
-	struct lsmcontext scaff; /* scaffolding */
-
-	if (label) {
-		lsmcontext_init(&scaff, label->label, label->len, 0);
-		security_release_secctx(&scaff);
-	}
+	kfree(label->label);
 }
 static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
 {
diff --git a/include/linux/security.h b/include/linux/security.h
index 7255825aa697..2674eb70c2d7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -352,8 +352,8 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
 int security_add_mnt_opt(const char *option, const char *val,
 				int len, void **mnt_opts);
 int security_dentry_init_security(struct dentry *dentry, int mode,
-					const struct qstr *name, void **ctx,
-					u32 *ctxlen);
+					const struct qstr *name,
+					struct lsmcontext *ctx);
 int security_dentry_create_files_as(struct dentry *dentry, int mode,
 					struct qstr *name,
 					const struct cred *old,
@@ -724,8 +724,7 @@ static inline void security_inode_free(struct inode *inode)
 static inline int security_dentry_init_security(struct dentry *dentry,
 						 int mode,
 						 const struct qstr *name,
-						 void **ctx,
-						 u32 *ctxlen)
+						 struct lsmcontext *ctx)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/security/security.c b/security/security.c
index 38e10f92dae3..7bbc17cc212d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1029,12 +1029,33 @@ void security_inode_free(struct inode *inode)
 				inode_free_by_rcu);
 }
 
+/*
+ * security_dentry_init_security - initial context for a dentry
+ * @dentry: directory entry
+ * @mode: access mode
+ * @name: path name
+ * @context: resulting security context
+ *
+ * Use at most one security module to get the initial
+ * security context. Do not use the "display".
+ *
+ * Returns -EOPNOTSUPP if not supplied by any module or the module result.
+ */
 int security_dentry_init_security(struct dentry *dentry, int mode,
-					const struct qstr *name, void **ctx,
-					u32 *ctxlen)
+				  const struct qstr *name,
+				  struct lsmcontext *cp)
 {
-	return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
-				name, ctx, ctxlen);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security,
+			     list) {
+		cp->slot = hp->lsmid->slot;
+		return hp->hook.dentry_init_security(dentry, mode, name,
+						     (void **)&cp->context,
+						     &cp->len);
+	}
+
+	return -EOPNOTSUPP;
 }
 EXPORT_SYMBOL(security_dentry_init_security);
 
-- 
2.20.1


  parent reply index

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-29 23:29 [PATCH v8 00/28] LSM: Module stacking for AppArmor Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 01/28] LSM: Infrastructure management of the superblock Casey Schaufler
2019-09-16 18:19   ` Stephen Smalley
2019-08-29 23:29 ` [PATCH v8 02/28] LSM: Infrastructure management of the sock security Casey Schaufler
2019-09-16 18:42   ` Stephen Smalley
2019-09-18  7:19     ` John Johansen
2019-08-29 23:29 ` [PATCH v8 03/28] LSM: Infrastructure management of the key blob Casey Schaufler
2019-09-16 18:47   ` Stephen Smalley
2019-08-29 23:29 ` [PATCH v8 04/28] LSM: Create and manage the lsmblob data structure Casey Schaufler
2019-09-16 19:15   ` Stephen Smalley
2019-09-23 15:56     ` Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 05/28] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 06/28] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 07/28] net: Prepare UDS for security module stacking Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 08/28] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 09/28] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 10/28] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 11/28] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 12/28] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 13/28] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 14/28] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 15/28] LSM: Specify which LSM to display Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 16/28] LSM: Ensure the correct LSM context releaser Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 17/28] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2019-08-29 23:29 ` Casey Schaufler [this message]
2019-08-29 23:29 ` [PATCH v8 19/28] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 20/28] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 21/28] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 22/28] SELinux: Verify LSM display sanity in binder Casey Schaufler
2019-09-18 17:43   ` Stephen Smalley
2019-08-29 23:29 ` [PATCH v8 23/28] Audit: Add subj_LSM fields when necessary Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 24/28] Audit: Include object data for all security modules Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 25/28] LSM: Provide an user space interface for the default display Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 26/28] NET: Add SO_PEERCONTEXT for multiple LSMs Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 27/28] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2019-08-29 23:29 ` [PATCH v8 28/28] AppArmor: Remove the exclusive flag Casey Schaufler
2019-09-04 19:13 ` [PATCH v8 00/28] LSM: Module stacking for AppArmor Casey Schaufler
2019-09-06 13:46   ` Stephen Smalley

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190829232935.7099-19-casey@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=casey.schaufler@intel.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=keescook@chromium.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git