From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Z0rp=ZF=vger.kernel.org=linux-security-module-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.7 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1C700C432C3
	for <linux-security-module@archiver.kernel.org>; Wed, 13 Nov 2019 17:58:02 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id E6FF8206CB
	for <linux-security-module@archiver.kernel.org>; Wed, 13 Nov 2019 17:58:01 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="EanbumuK"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727343AbfKMR6B (ORCPT
        <rfc822;linux-security-module@archiver.kernel.org>);
        Wed, 13 Nov 2019 12:58:01 -0500
Received: from sonic306-27.consmr.mail.ne1.yahoo.com ([66.163.189.89]:36693
        "EHLO sonic306-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728423AbfKMR6B (ORCPT
        <rfc822;linux-security-module@vger.kernel.org>);
        Wed, 13 Nov 2019 12:58:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1573667879; bh=co4jpZY+mhudboH3Pzmlm1GU8BGwBGVp+kygYlsjIuI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=EanbumuKYrMag78yWrUqkTkjioA29+HOQ/YdFH9mQFZXpRbVrayZtpUD7Y6ng+2xYc359dtucAgpYh1EPn0uqbMf9Pn3b1YOE5nCrUF0LMUuswtysDZvEuzv73eFnwc4gGl0OD3JqOmJ1fD0OJYkCW2U3NpF5Hnw75r/hekEQ1yWf/L++2kGaKgzA3ejl4oHtdv7OFnVss3YnG18XwMdxCKg8hu/I2eX1z+iU8aM++UZaHxzM2enODKMbwkYyuJJx9xqJzc0J7ott8Yut50Z02Dqs3iQzDx92GWHUB8xieFrolM2PUn4sLGJQcrGXZiH9Wd2a/sOY/Ds/M1Z758kyQ==
X-YMail-OSG: w0mH830VM1mDAZttmL3ASjaAzfDFW5xyUBoPxzlIaEGAp3ruW.J4Bu6v3xJcsCM
 MQHVUTBlcMwO5HHbF30..WbCZvVG3RMRVdi98MoDwHLNuBseGepkdwVC72KwNHaURaNMpJqLZOhb
 ZokMun1lAH1TEcnvFJ83WI3jptVs_pIRGD.J4tcKrMIK1cMl95qzve5Silr4JvFRhAFrJf42E1pV
 B45GXn_W0kaf8k1DoOUbkFxCjs5TTmTJOuLGCslcSbBEv7_6feZXFQnZ2FTrk6eTC6Rlaf8tOTsL
 PdvA9kKv_AHyzHPRGxqPOv8PWC6LI3C.eTUzbJc0M8YCiFuXqgPyulJ7tqzOInFD1r3DRFfRM_l4
 htAcfe0mVT2mD7XFMZuX2F28qY8ufifmATxdp92cJ3olM2wNCoHoMN8E.XM5a4W7yz1kH21x8f4X
 A_0GL2uT4tGx_B5EcgGMVm9Tsq7Bwfba9opaNFngRDeLV5VN9vaJal.cVcan0H2TNGUDIy0c6grM
 BpFj20Cxtct4.K8WKF8UsLX8ffLXwLjIfboWaLgWvTW.hji0IVdvYamgY_V3Dbsi_rabFrIpq2P_
 FsekjKmggSb9H5d4cQ6FLunANmrdhpFQnWFICGRfGpLWojKO_UTH9_EDfTDZOM_j19Y9zJ74jYVq
 FSTJdiRiuWFTA6bTaB37TeO8JoW1vPRTSe0kv4DRoTJ9ILwpr_fB0ShRdL93x1UzGLPV0z5W1an2
 HpAXJwF95CMjWoDnNXdE7T94mTFDHvOaLT6LFYHFoQJRVaXulfEY.bmmRe.R7N_fWe0JHPRIqWtH
 lG8Z8bu6m7Vl2_auFMh2Brf7m8_xBNB.p.xlED5PQwJvtKO89aIEj7HlN5iYsfEHwHepu1l.kRCx
 6ogf4PX9p0mlgTcRwGyaJ75NWb602nZvzk1Wp6KOSOAc6jOuunmS1wkSkElir3L2Obb7pQQidYa8
 mSOCoXzPd3s_MOA_nAJ0LHufY6y.DanRJTT.gPzAiZkIajvrcfOyunlFEGgI1QzSk1KAlr6W_NUQ
 tKHUhVptWRphTxP02O.s8evDKA_2c5ji_l891iLy8xLSygldC7TqkZyqj5iMOx9BLBTyLhhFtYME
 S_B0ER3RFHw9m9rlukWl_h_70mha5STSzJMvjdoBBgpY5DDXY4UkF_JlUjyTh.A0p1e9P68wYRuZ
 k33XW8ZcuC.S3mxc9Apanj5lLdQVauBP.OzbmhldTIhH86SKO5gYTAUKUezuFovNfFfM3u5XTyK6
 BnGU73WoVwVs9yb.dIrO5WzDaT5a6sWAPClUZj_ASvYtvDUH453qa2n9UWG_7EbTuFXva7hiiKMl
 AxYXqDNRO2e26s2Vc4E7zfh4BZIGifmyct90dRYFlAx8gp3wAGi5JdV8BhjVAp.lIkc.SGnUfP_1
 cawtTF4umZHZgGJa.TBlcAkOom.b.fQG2iDWHdKLqrDAUnKjkRwvQcHO.1RinMJx9Itp.
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Wed, 13 Nov 2019 17:57:59 +0000
Received: by smtp405.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 8aedd18827384fcb8d31d3c5ee93475e;
          Wed, 13 Nov 2019 17:57:57 +0000 (UTC)
From:   Casey Schaufler <casey@schaufler-ca.com>
To:     casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc:     casey@schaufler-ca.com, keescook@chromium.org,
        john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
        paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH v11 06/25] LSM: Use lsmblob in security_secctx_to_secid
Date:   Wed, 13 Nov 2019 09:57:02 -0800
Message-Id: <20191113175721.2317-7-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20191113175721.2317-1-casey@schaufler-ca.com>
References: <20191113175721.2317-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>

Change security_secctx_to_secid() to fill in a lsmblob instead
of a u32 secid. Multiple LSMs may be able to interpret the
string, and this allows for setting whichever secid is
appropriate. In some cases there is scaffolding where other
interfaces have yet to be converted.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h          |  5 +++--
 kernel/cred.c                     |  4 +---
 net/netfilter/nft_meta.c          | 13 ++++++-------
 net/netfilter/xt_SECMARK.c        |  5 ++++-
 net/netlabel/netlabel_unlabeled.c | 14 ++++++++------
 security/security.c               | 18 +++++++++++++++---
 6 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index d57f400a307e..b69877a13efa 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -494,7 +494,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
-int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
+int security_secctx_to_secid(const char *secdata, u32 seclen,
+			     struct lsmblob *blob);
 void security_release_secctx(char *secdata, u32 seclen);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
@@ -1300,7 +1301,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle
 
 static inline int security_secctx_to_secid(const char *secdata,
 					   u32 seclen,
-					   u32 *secid)
+					   struct lsmblob *blob)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/kernel/cred.c b/kernel/cred.c
index 846ac4b23c16..7fef90f3f10b 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -756,14 +756,12 @@ EXPORT_SYMBOL(set_security_override);
 int set_security_override_from_ctx(struct cred *new, const char *secctx)
 {
 	struct lsmblob blob;
-	u32 secid;
 	int ret;
 
-	ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
+	ret = security_secctx_to_secid(secctx, strlen(secctx), &blob);
 	if (ret < 0)
 		return ret;
 
-	lsmblob_init(&blob, secid);
 	return set_security_override(new, &blob);
 }
 EXPORT_SYMBOL(set_security_override_from_ctx);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 317e3a9e8c5b..7c49397c33fd 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -617,21 +617,20 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = {
 
 static int nft_secmark_compute_secid(struct nft_secmark *priv)
 {
-	u32 tmp_secid = 0;
+	struct lsmblob blob;
 	int err;
 
-	err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid);
+	err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob);
 	if (err)
 		return err;
 
-	if (!tmp_secid)
-		return -ENOENT;
-
-	err = security_secmark_relabel_packet(tmp_secid);
+	/* Using le[0] is scaffolding */
+	err = security_secmark_relabel_packet(blob.secid[0]);
 	if (err)
 		return err;
 
-	priv->secid = tmp_secid;
+	/* Using le[0] is scaffolding */
+	priv->secid = blob.secid[0];
 	return 0;
 }
 
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 2317721f3ecb..2d68416b4552 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -45,13 +45,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
 
 static int checkentry_lsm(struct xt_secmark_target_info *info)
 {
+	struct lsmblob blob;
 	int err;
 
 	info->secctx[SECMARK_SECCTX_MAX - 1] = '\0';
 	info->secid = 0;
 
 	err = security_secctx_to_secid(info->secctx, strlen(info->secctx),
-				       &info->secid);
+				       &blob);
 	if (err) {
 		if (err == -EINVAL)
 			pr_info_ratelimited("invalid security context \'%s\'\n",
@@ -59,6 +60,8 @@ static int checkentry_lsm(struct xt_secmark_target_info *info)
 		return err;
 	}
 
+	/* scaffolding during the transition */
+	info->secid = blob.secid[0];
 	if (!info->secid) {
 		pr_info_ratelimited("unable to map security context \'%s\'\n",
 				    info->secctx);
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index d2e4ab8d1cb1..7a5a87f15736 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -881,7 +881,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
 	void *addr;
 	void *mask;
 	u32 addr_len;
-	u32 secid;
+	struct lsmblob blob;
 	struct netlbl_audit audit_info;
 
 	/* Don't allow users to add both IPv4 and IPv6 addresses for a
@@ -905,12 +905,13 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
 	ret_val = security_secctx_to_secid(
 		                  nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]),
 				  nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]),
-				  &secid);
+				  &blob);
 	if (ret_val != 0)
 		return ret_val;
 
+	/* scaffolding with the [0] */
 	return netlbl_unlhsh_add(&init_net,
-				 dev_name, addr, mask, addr_len, secid,
+				 dev_name, addr, mask, addr_len, blob.secid[0],
 				 &audit_info);
 }
 
@@ -932,7 +933,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
 	void *addr;
 	void *mask;
 	u32 addr_len;
-	u32 secid;
+	struct lsmblob blob;
 	struct netlbl_audit audit_info;
 
 	/* Don't allow users to add both IPv4 and IPv6 addresses for a
@@ -954,12 +955,13 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb,
 	ret_val = security_secctx_to_secid(
 		                  nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]),
 				  nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]),
-				  &secid);
+				  &blob);
 	if (ret_val != 0)
 		return ret_val;
 
+	/* scaffolding with the [0] */
 	return netlbl_unlhsh_add(&init_net,
-				 NULL, addr, mask, addr_len, secid,
+				 NULL, addr, mask, addr_len, blob.secid[0],
 				 &audit_info);
 }
 
diff --git a/security/security.c b/security/security.c
index 55837706e3ef..32bb5383de9b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1970,10 +1970,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 
-int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+int security_secctx_to_secid(const char *secdata, u32 seclen,
+			     struct lsmblob *blob)
 {
-	*secid = 0;
-	return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
+	struct security_hook_list *hp;
+	int rc;
+
+	lsmblob_init(blob, 0);
+	hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.secctx_to_secid(secdata, seclen,
+					      &blob->secid[hp->lsmid->slot]);
+		if (rc != 0)
+			return rc;
+	}
+	return 0;
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
-- 
2.20.1