From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753533AbdDZRcp (ORCPT ); Wed, 26 Apr 2017 13:32:45 -0400 Received: from smtp.nsa.gov ([8.44.101.8]:20300 "EHLO emsm-gh1-uea10.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753506AbdDZRch (ORCPT ); Wed, 26 Apr 2017 13:32:37 -0400 X-IronPort-AV: E=Sophos;i="5.37,255,1488844800"; d="scan'208";a="6372950" IronPort-PHdr: =?us-ascii?q?9a23=3A7CURhBdzrO/TgROHgzixTd4plGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc24bBGN2/xhgRfzUJnB7Loc0qyN4v6mBTBLuM/d+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG3oAnLucQbjoRuJrssxhbGv3BFZ/?= =?us-ascii?q?lYyWR0KFyJgh3y/N2w/Jlt8yRRv/Iu6ctNWrjkcqo7ULJVEi0oP3g668P3uxbD?= =?us-ascii?q?SxCP5mYHXWUNjhVIGQnF4wrkUZr3ryD3q/By2CiePc3xULA0RTGv5LplRRP0lC?= =?us-ascii?q?sKMSMy/XrJgcJskq1UvBOhpwR+w4HKZoGVKOF+db7Zcd8DWGZNQtpdWylHD4yy?= =?us-ascii?q?dYsPC/cKM/heoYfzulACqQKyCRewCO/qzDJDm3340rAg0+k5Eg/IwQwuEcwAvn?= =?us-ascii?q?vWotX1M7sdX+e6w6fH1jjDc/Bb1C3h5IXSbhwso/eBVq9wf8rLzkkvEhvIgEiM?= =?us-ascii?q?qYP7JzOV1voCs26G5OR9UOKgkWonqwVvrTmv28whjZLJiZ8Oyl3f6SV4wJo6Jd?= =?us-ascii?q?2/SEJhZ96kC4FfuzuVN4txXMMvWmdlszs5xL0eoZO3YScHxZs9yxPfdvCLaZaE?= =?us-ascii?q?7x39WOqLPDt1gm9udqiliBao60egz/XxVsyz0FlXsCVIisLMtnUR1xzL7ciHV+?= =?us-ascii?q?d98l+h2TmR0wDT7flJIVwumqrBKp4h36UwmoAPsUXDAiD2mEL2gLWQdko44ein?= =?us-ascii?q?9/7rYrDnpp+YL4N0iwf+PboymsGnHOg1PQcDU3Kb9OihzrHv40L0TKtQgvEriq?= =?us-ascii?q?XZtYrVJcUfpq63GQ9V1YMj5g6kDzi7y9QVhmUHLVJZdxKHiIjlIVfOIOviAvul?= =?us-ascii?q?jFSslylry+jcPrL9GpXNMmTDkLD5cLZ/8UFczRQ8zctF65JQEL0BJfXzWlXrtN?= =?us-ascii?q?zZFR80KAu0w/z9B9ph0oMRR3iDDbOeMKPXqVWI/P4gI/GQZI8JvzbwM+Ml6OXz?= =?us-ascii?q?jX84gl8dZq6p3Z0MZX+lA/tmJV+VbmbrgtcECW0KpBYxTPT2iF2eVj5ef3KyX6?= =?us-ascii?q?M65jEmB4OqFITDSZ63gLyHwii7GoZbZn5JCl+SC3fkbYaEVOkWaCKUPMBhliYI?= =?us-ascii?q?Vb+7S48uzRuurhP1y6J7LurI/S0VrZbj1Nlz5+3OmhA+7Cd0ANqB3GGQVWF0n3?= =?us-ascii?q?8IRj8v0KB6pkxy10qD0axmjPFDC9xT6O1GUh0gOZ7f0eN6EdbyVRzFftuTT1am?= =?us-ascii?q?WNqmCykrTt0t298Of1p9G9K6gxDYxCWqHr4Vl6eQBJwz9KLQxWX+KNt7y3vd26?= =?us-ascii?q?khikMpQspLNWG8mqF/8A3TDZbTk0qFj6aqabgc3CnV+Wif12WOp19XUQ5rXKXe?= =?us-ascii?q?QX8fZlHZrcn35kPGUbCuE60rPRdbxsKYNqRKbdjp3h16Q6LIMc/TciqKkGe5GB?= =?us-ascii?q?iMy6nEOIHjYGgM9D7WCEEZnQQe5zONPE41ASL35yrlATZnDk7ubkWk2/R/s2i8?= =?us-ascii?q?SAdg1AuXblZ60Lzz9hITrfOZQvIXmLkDvXFl4zF1GkutmsnbAMeaphZwOaBbbc?= =?us-ascii?q?457X9Z2m/D8Q9wJJqtK+ZlnFFaOwB2uV7+khZ6EINNleA0o34wigl/M6SV1BVG?= =?us-ascii?q?bTzclYv9PrzRN3na4AGka6mQ3ErXltmR5PQh8vM9/m7/sRmpG0xqyHBu191Ywj?= =?us-ascii?q?PI/ZnRJBYDWpL2FEAs/l51oK+MMXp13J/dyXA5afr8iTTFwd98QbJ/khs=3D?= X-IPAS-Result: =?us-ascii?q?A2GvBQDR2ABZ/wHyM5BbGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?BgwEpgW2DaJouAQEBAQEBBoEml3qGJAKEKlcBAQEBAQEBAQIBAmgogjMiAYI/A?= =?us-ascii?q?QEBAQIBIwQLAUQCEAkCDQgDAgImAgJXBgESiAWCCQUIjH2dYYFsOiYCin4BAQE?= =?us-ascii?q?BAQEEAQEBAQEBIoELhQOCJIMah2WCXwEEkA6NQJMLggKJEIZMiHSLM1iBBx4JA?= =?us-ascii?q?hsIHw9EhG0cgX8kNYh1AQEB?= Message-ID: <1493228201.32540.8.camel@tycho.nsa.gov> Subject: Re: [PATCH 1/3] selinux: Implement LSM notification system From: Stephen Smalley To: Casey Schaufler , Sebastien Buisson , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov Cc: Sebastien Buisson , james.l.morris@oracle.com Date: Wed, 26 Apr 2017 13:36:41 -0400 In-Reply-To: <8d4c5ab6-8c15-312a-398b-c3ee9d7e8cb6@schaufler-ca.com> References: <1493218936-18522-1-git-send-email-sbuisson@ddn.com> <8d4c5ab6-8c15-312a-398b-c3ee9d7e8cb6@schaufler-ca.com> Organization: National Security Agency Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6 (3.22.6-2.fc25) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote: > On 4/26/2017 8:02 AM, Sebastien Buisson wrote: > > From: Daniel Jurgens > > > > Add a generic notification mechanism in the LSM. Interested > > consumers > > can register a callback with the LSM and security modules can > > produce > > events. > > Why is this a generic mechanism? Do you ever see anyone > other than SELinux using it? I do - any security module that wants to support access control over Lustre filesystems or Infiniband. Seems ironic for you to be arguing for a SELinux-specific interface rather than a LSM interface. > > > Add a call to the notification mechanism from SELinux when the AVC > > cache changes. > > This seems like a whole lot of mechanism for > something you could accomplish with a log message. > What am I missing? It's a notification to a kernel subsystem that policy has changed so that the subsystem can update any cached state. > > > > > Signed-off-by: Daniel Jurgens > > Signed-off-by: Sebastien Buisson > > --- > >  include/linux/security.h | 23 +++++++++++++++++++++++ > >  security/security.c      | 20 ++++++++++++++++++++ > >  security/selinux/hooks.c | 12 ++++++++++++ > >  3 files changed, 55 insertions(+) > > > > diff --git a/include/linux/security.h b/include/linux/security.h > > index af675b5..73a9c93 100644 > > --- a/include/linux/security.h > > +++ b/include/linux/security.h > > @@ -68,6 +68,10 @@ > >  struct user_namespace; > >  struct timezone; > >   > > +enum lsm_event { > > + LSM_POLICY_CHANGE, > > +}; > > + > >  /* These functions are in security/commoncap.c */ > >  extern int cap_capable(const struct cred *cred, struct > > user_namespace *ns, > >          int cap, int audit); > > @@ -163,6 +167,10 @@ struct security_mnt_opts { > >   int num_mnt_opts; > >  }; > >   > > +int call_lsm_notifier(enum lsm_event event, void *data); > > +int register_lsm_notifier(struct notifier_block *nb); > > +int unregister_lsm_notifier(struct notifier_block *nb); > > + > >  static inline void security_init_mnt_opts(struct security_mnt_opts > > *opts) > >  { > >   opts->mnt_opts = NULL; > > @@ -381,6 +389,21 @@ int security_sem_semop(struct sem_array *sma, > > struct sembuf *sops, > >  struct security_mnt_opts { > >  }; > >   > > +static inline int call_lsm_notifier(enum lsm_event event, void > > *data) > > +{ > > + return 0; > > +} > > + > > +static inline int register_lsm_notifier(struct notifier_block *nb) > > +{ > > + return 0; > > +} > > + > > +static inline  int unregister_lsm_notifier(struct notifier_block > > *nb) > > +{ > > + return 0; > > +} > > + > >  static inline void security_init_mnt_opts(struct security_mnt_opts > > *opts) > >  { > >  } > > diff --git a/security/security.c b/security/security.c > > index b9fea39..ef9d9e1 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -32,6 +32,8 @@ > >  /* Maximum number of letters for an LSM name string */ > >  #define SECURITY_NAME_MAX 10 > >   > > +static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); > > + > >  struct security_hook_heads security_hook_heads > > __lsm_ro_after_init; > >  char *lsm_names; > >  /* Boot-time LSM user choice */ > > @@ -146,6 +148,24 @@ void __init security_add_hooks(struct > > security_hook_list *hooks, int count, > >   panic("%s - Cannot get early memory.\n", > > __func__); > >  } > >   > > +int call_lsm_notifier(enum lsm_event event, void *data) > > +{ > > + return atomic_notifier_call_chain(&lsm_notifier_chain, > > event, data); > > +} > > +EXPORT_SYMBOL(call_lsm_notifier); > > + > > +int register_lsm_notifier(struct notifier_block *nb) > > +{ > > + return atomic_notifier_chain_register(&lsm_notifier_chain, > > nb); > > +} > > +EXPORT_SYMBOL(register_lsm_notifier); > > + > > +int unregister_lsm_notifier(struct notifier_block *nb) > > +{ > > + return > > atomic_notifier_chain_unregister(&lsm_notifier_chain, nb); > > +} > > +EXPORT_SYMBOL(unregister_lsm_notifier); > > + > >  /* > >   * Hook list operation macros. > >   * > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index e67a526..a4d36f8 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -171,6 +171,14 @@ static int selinux_netcache_avc_callback(u32 > > event) > >   return 0; > >  } > >   > > +static int selinux_lsm_notifier_avc_callback(u32 event) > > +{ > > + if (event == AVC_CALLBACK_RESET) > > + call_lsm_notifier(LSM_POLICY_CHANGE, NULL); > > + > > + return 0; > > +} > > + > >  /* > >   * initialise the security for the init task > >   */ > > @@ -6379,6 +6387,10 @@ static __init int selinux_init(void) > >   if (avc_add_callback(selinux_netcache_avc_callback, > > AVC_CALLBACK_RESET)) > >   panic("SELinux: Unable to register AVC netcache > > callback\n"); > >   > > + if (avc_add_callback(selinux_lsm_notifier_avc_callback, > > +      AVC_CALLBACK_RESET)) > > + panic("SELinux: Unable to register AVC LSM > > notifier callback\n"); > > + > >   if (selinux_enforcing) > >   printk(KERN_DEBUG "SELinux:  Starting in enforcing > > mode\n"); > >   else