From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH v15 05/23] net: Prepare UDS for security module stacking
Date: Fri, 14 Feb 2020 15:41:45 -0800 [thread overview]
Message-ID: <20200214234203.7086-6-casey@schaufler-ca.com> (raw)
In-Reply-To: <20200214234203.7086-1-casey@schaufler-ca.com>
Change the data used in UDS SO_PEERSEC processing from a
secid to a more general struct lsmblob. Update the
security_socket_getpeersec_dgram() interface to use the
lsmblob. There is a small amount of scaffolding code
that will come out when the security_secid_to_secctx()
code is brought in line with the lsmblob.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: netdev@vger.kernel.org
---
include/linux/security.h | 7 +++++--
include/net/af_unix.h | 2 +-
include/net/scm.h | 8 +++++---
net/ipv4/ip_sockglue.c | 8 +++++---
net/unix/af_unix.c | 6 +++---
security/security.c | 18 +++++++++++++++---
6 files changed, 34 insertions(+), 15 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 1bfaf9ece13e..2ad58e2900e7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1358,7 +1358,8 @@ int security_socket_shutdown(struct socket *sock, int how);
int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
+int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+ struct lsmblob *blob);
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
@@ -1496,7 +1497,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
return -ENOPROTOOPT;
}
-static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+static inline int security_socket_getpeersec_dgram(struct socket *sock,
+ struct sk_buff *skb,
+ struct lsmblob *blob)
{
return -ENOPROTOOPT;
}
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 17e10fba2152..59af08ca802f 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -36,7 +36,7 @@ struct unix_skb_parms {
kgid_t gid;
struct scm_fp_list *fp; /* Passed files */
#ifdef CONFIG_SECURITY_NETWORK
- u32 secid; /* Security ID */
+ struct lsmblob lsmblob; /* Security LSM data */
#endif
u32 consumed;
} __randomize_layout;
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..e2e71c4bf9d0 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -33,7 +33,7 @@ struct scm_cookie {
struct scm_fp_list *fp; /* Passed files */
struct scm_creds creds; /* Skb credentials */
#ifdef CONFIG_SECURITY_NETWORK
- u32 secid; /* Passed security ID */
+ struct lsmblob lsmblob; /* Passed LSM data */
#endif
};
@@ -46,7 +46,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
#ifdef CONFIG_SECURITY_NETWORK
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
{
- security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
+ security_socket_getpeersec_dgram(sock, NULL, &scm->lsmblob);
}
#else
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
@@ -97,7 +97,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
int err;
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
- err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
+ /* Scaffolding - it has to be element 0 for now */
+ err = security_secid_to_secctx(scm->lsmblob.secid[0],
+ &secdata, &seclen);
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index aa3fd61818c4..6cf57d5ac899 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,15 +130,17 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
{
+ struct lsmblob lb;
char *secdata;
- u32 seclen, secid;
+ u32 seclen;
int err;
- err = security_socket_getpeersec_dgram(NULL, skb, &secid);
+ err = security_socket_getpeersec_dgram(NULL, skb, &lb);
if (err)
return;
- err = security_secid_to_secctx(secid, &secdata, &seclen);
+ /* Scaffolding - it has to be element 0 */
+ err = security_secid_to_secctx(lb.secid[0], &secdata, &seclen);
if (err)
return;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 62c12cb5763e..5bed7361ec4c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -138,17 +138,17 @@ static struct hlist_head *unix_sockets_unbound(void *addr)
#ifdef CONFIG_SECURITY_NETWORK
static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- UNIXCB(skb).secid = scm->secid;
+ UNIXCB(skb).lsmblob = scm->lsmblob;
}
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- scm->secid = UNIXCB(skb).secid;
+ scm->lsmblob = UNIXCB(skb).lsmblob;
}
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
{
- return (scm->secid == UNIXCB(skb).secid);
+ return lsmblob_equal(&scm->lsmblob, &(UNIXCB(skb).lsmblob));
}
#else
static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
diff --git a/security/security.c b/security/security.c
index 914aecd89822..2fa826000889 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2140,10 +2140,22 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
optval, optlen, len);
}
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+ struct lsmblob *blob)
{
- return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
- skb, secid);
+ struct security_hook_list *hp;
+ int rc = -ENOPROTOOPT;
+
+ hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram,
+ list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ rc = hp->hook.socket_getpeersec_dgram(sock, skb,
+ &blob->secid[hp->lsmid->slot]);
+ if (rc != 0)
+ break;
+ }
+ return rc;
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
--
2.24.1
next prev parent reply other threads:[~2020-02-14 23:42 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200214234203.7086-1-casey.ref@schaufler-ca.com>
2020-02-14 23:41 ` [PATCH v15 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-03-06 20:37 ` Paul Moore
2020-02-14 23:41 ` [PATCH v15 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-02-18 17:56 ` Stephen Smalley
2020-02-24 17:56 ` Mimi Zohar
2020-02-14 23:41 ` [PATCH v15 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-02-24 18:26 ` Mimi Zohar
2020-02-14 23:41 ` [PATCH v15 04/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2020-03-06 22:06 ` Paul Moore
2020-02-14 23:41 ` Casey Schaufler [this message]
2020-03-06 22:14 ` [PATCH v15 05/23] net: Prepare UDS for security module stacking Paul Moore
2020-03-10 0:13 ` Casey Schaufler
2020-03-10 1:02 ` Paul Moore
2020-02-14 23:41 ` [PATCH v15 06/23] Use lsmblob in security_secctx_to_secid Casey Schaufler
2020-03-07 0:58 ` Paul Moore
2020-03-10 1:13 ` Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 07/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 08/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 09/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 10/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 11/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 12/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 13/23] LSM: Specify which LSM to display Casey Schaufler
2020-03-07 1:49 ` Paul Moore
2020-02-14 23:41 ` [PATCH v15 14/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 15/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 16/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 17/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2020-03-07 2:06 ` Paul Moore
2020-02-14 23:41 ` [PATCH v15 18/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2020-03-07 2:14 ` Paul Moore
2020-03-10 1:21 ` Casey Schaufler
2020-02-14 23:41 ` [PATCH v15 19/23] LSM: Verify LSM display sanity in binder Casey Schaufler
2020-02-14 23:42 ` [PATCH v15 20/23] Audit: Add subj_LSM fields when necessary Casey Schaufler
2020-02-14 23:42 ` [PATCH v15 21/23] Audit: Include object data for all security modules Casey Schaufler
2020-02-14 23:42 ` [PATCH v15 22/23] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2020-02-18 18:17 ` Stephen Smalley
2020-02-14 23:42 ` [PATCH v15 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2020-02-18 18:19 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200214234203.7086-6-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).