linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Elvira Khabirova <e.khabirova@omprussia.ru>
To: Elvira Khabirova via OP-TEE <op-tee@lists.trustedfirmware.org>
Cc: Elvira Khabirova <e.khabirova@omprussia.ru>,
	<k.karasev@omprussia.ru>, <s.shtylyov@omprussia.ru>,
	<linux-kernel@vger.kernel.org>, <jens.wiklander@linaro.org>
Subject: Re: [RFC PATCH] tee: add support for application-based session login methods
Date: Mon, 28 Sep 2020 12:49:52 +0300	[thread overview]
Message-ID: <20200928124952.38f09300@akathisia> (raw)
In-Reply-To: <010001749cbe8c36-0330f6a3-10a0-4835-b799-570cb9bfa1e0-000000@email.amazonses.com>

Hello,

On Thu, 17 Sep 2020 15:46:07 +0000
Elvira Khabirova via OP-TEE <op-tee@lists.trustedfirmware.org> wrote:

> GP TEE Client API in addition to login methods already supported
> in the kernel also defines several application-based methods:
> TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
> TEEC_LOGIN_GROUP_APPLICATION.
> 
> It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
> depending on the identity of the program, being persistent within one
> implementation, across multiple invocations of the application
> and across power cycles, enabling them to be used to disambiguate
> persistent storage. The exact nature is REE-specific.
> 
> As the exact method of generating application identifier strings may
> vary between vendors, setups and installations, add two suggested
> methods and an exact framework for vendors to extend upon.

If there are no comments on this, I will resend this and drop [RFC]
from the subject.

> Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
> ---
>  drivers/tee/Kconfig    |  29 +++++++++
>  drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 164 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index e99d840c2511..4cd6e0d2aad5 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -11,6 +11,35 @@ config TEE
>  	  This implements a generic interface towards a Trusted Execution
>  	  Environment (TEE).
>  
> +choice
> +	prompt "Application ID for client UUID"
> +	depends on TEE
> +	default TEE_APPID_PATH
> +	help
> +	  This option allows to choose which method will be used to generate
> +	  application identifiers for client UUID generation when login methods
> +	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
> +	  and TEE_LOGIN_GROUP_APPLICATION are used.
> +	  Please be mindful of the security of each method in your particular
> +	  installation.
> +
> +	config TEE_APPID_PATH
> +		bool "Path-based application ID"
> +		help
> +		  Use the executable's path as an application ID.
> +
> +	config TEE_APPID_SECURITY
> +		bool "Security extended attribute based application ID"
> +		help
> +		  Use the executable's security extended attribute as an application ID.
> +endchoice
> +
> +config TEE_APPID_SECURITY_XATTR
> +	string "Security extended attribute to use for application ID"
> +	depends on TEE_APPID_SECURITY
> +	help
> +	  Attribute to be used as an application ID (with the security prefix removed).
> +
>  if TEE
>  
>  menu "TEE drivers"
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index 64637e09a095..19c965dd212b 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -7,8 +7,10 @@
>  
>  #include <linux/cdev.h>
>  #include <linux/cred.h>
> +#include <linux/file.h>
>  #include <linux/fs.h>
>  #include <linux/idr.h>
> +#include <linux/mm.h>
>  #include <linux/module.h>
>  #include <linux/slab.h>
>  #include <linux/tee_drv.h>
> @@ -17,11 +19,15 @@
>  #include <crypto/sha.h>
>  #include "tee_private.h"
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
> +#include <linux/security.h>
> +#endif
> +
>  #define TEE_NUM_DEVICES	32
>  
>  #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
>  
> -#define TEE_UUID_NS_NAME_SIZE	128
> +#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
>  
>  /*
>   * TEE Client UUID name space identifier (UUIDv4)
> @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
>  	return 0;
>  }
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
> +static const char *tee_session_get_application_id(void **data)
> +{
> +	struct file *exe_file;
> +	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
> +	int len;
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file)
> +		return ERR_PTR(-ENOENT);
> +
> +	if (!exe_file->f_inode) {
> +		fput(exe_file);
> +		return ERR_PTR(-ENOENT);
> +	}
> +
> +	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
> +	if (len < 0)
> +		return ERR_PTR(len);
> +
> +	fput(exe_file);
> +
> +	return *data;
> +}
> +#endif /* CONFIG_TEE_APPID_SECURITY */
> +
> +#ifdef CONFIG_TEE_APPID_PATH
> +static const char *tee_session_get_application_id(void **data)
> +{
> +	struct file *exe_file;
> +	char *path;
> +
> +	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> +	if (!*data)
> +		return ERR_PTR(-ENOMEM);
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file) {
> +		kfree(*data);
> +		return ERR_PTR(-ENOENT);
> +	}
> +
> +	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
> +	if (IS_ERR(path)) {
> +		kfree(*data);
> +		return path;
> +	}
> +
> +	fput(exe_file);
> +
> +	return path;
> +}
> +#endif /* CONFIG_TEE_APPID_PATH */
> +
> +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
> +static void tee_session_free_application_id(void *data)
> +{
> +	kfree(data);
> +}
> +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
> +
>  /**
>   * uuid_v5() - Calculate UUIDv5
>   * @uuid: Resulting UUID
> @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	gid_t ns_grp = (gid_t)-1;
>  	kgid_t grp = INVALID_GID;
>  	char *name = NULL;
> +	void *application_id_data = NULL;
> +	const char *application_id = NULL;
>  	int name_len;
>  	int rc;
>  
> @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	 * For TEEC_LOGIN_GROUP:
>  	 * gid=<gid>
>  	 *
> +	 * For TEEC_LOGIN_APPLICATION:
> +	 * app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_USER_APPLICATION:
> +	 * uid=<uid>:app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_GROUP_APPLICATION:
> +	 * gid=<gid>:app=<application id>
>  	 */
>  
>  	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  		}
>  		break;
>  
> +	case TEE_IOCTL_LOGIN_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
> +				    application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
> +	case TEE_IOCTL_LOGIN_USER_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
> +				    current_euid().val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
> +	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
> +		memcpy(&ns_grp, connection_data, sizeof(gid_t));
> +		grp = make_kgid(current_user_ns(), ns_grp);
> +		if (!gid_valid(grp) || !in_egroup_p(grp)) {
> +			rc = -EPERM;
> +			goto out_free_name;
> +		}
> +
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
> +				    grp.val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
>  	default:
>  		rc = -EINVAL;
>  		goto out_free_name;


       reply	other threads:[~2020-09-28  9:50 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <010001749cbe8c36-0330f6a3-10a0-4835-b799-570cb9bfa1e0-000000@email.amazonses.com>
2020-09-28  9:49 ` Elvira Khabirova [this message]
2020-09-17 15:38 [RFC PATCH] tee: add support for application-based session login methods Elvira Khabirova
2020-09-28 13:43 ` Jens Wiklander
2020-09-30  2:01   ` Elvira Khabirova
2020-09-30  6:11     ` Jens Wiklander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200928124952.38f09300@akathisia \
    --to=e.khabirova@omprussia.ru \
    --cc=jens.wiklander@linaro.org \
    --cc=k.karasev@omprussia.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=op-tee@lists.trustedfirmware.org \
    --cc=s.shtylyov@omprussia.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).