linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [RFC PATCH] tee: add support for application-based session login methods
@ 2020-09-17 15:38 Elvira Khabirova
  2020-09-28 13:43 ` Jens Wiklander
  0 siblings, 1 reply; 5+ messages in thread
From: Elvira Khabirova @ 2020-09-17 15:38 UTC (permalink / raw)
  To: op-tee
  Cc: jens.wiklander, linux-kernel, vesa.jaaskelainen, s.shtylyov, k.karasev

GP TEE Client API in addition to login methods already supported
in the kernel also defines several application-based methods:
TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
TEEC_LOGIN_GROUP_APPLICATION.

It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
depending on the identity of the program, being persistent within one
implementation, across multiple invocations of the application
and across power cycles, enabling them to be used to disambiguate
persistent storage. The exact nature is REE-specific.

As the exact method of generating application identifier strings may
vary between vendors, setups and installations, add two suggested
methods and an exact framework for vendors to extend upon.

Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
---
 drivers/tee/Kconfig    |  29 +++++++++
 drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 164 insertions(+), 1 deletion(-)

diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
index e99d840c2511..4cd6e0d2aad5 100644
--- a/drivers/tee/Kconfig
+++ b/drivers/tee/Kconfig
@@ -11,6 +11,35 @@ config TEE
 	  This implements a generic interface towards a Trusted Execution
 	  Environment (TEE).
 
+choice
+	prompt "Application ID for client UUID"
+	depends on TEE
+	default TEE_APPID_PATH
+	help
+	  This option allows to choose which method will be used to generate
+	  application identifiers for client UUID generation when login methods
+	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
+	  and TEE_LOGIN_GROUP_APPLICATION are used.
+	  Please be mindful of the security of each method in your particular
+	  installation.
+
+	config TEE_APPID_PATH
+		bool "Path-based application ID"
+		help
+		  Use the executable's path as an application ID.
+
+	config TEE_APPID_SECURITY
+		bool "Security extended attribute based application ID"
+		help
+		  Use the executable's security extended attribute as an application ID.
+endchoice
+
+config TEE_APPID_SECURITY_XATTR
+	string "Security extended attribute to use for application ID"
+	depends on TEE_APPID_SECURITY
+	help
+	  Attribute to be used as an application ID (with the security prefix removed).
+
 if TEE
 
 menu "TEE drivers"
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 64637e09a095..19c965dd212b 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -7,8 +7,10 @@
 
 #include <linux/cdev.h>
 #include <linux/cred.h>
+#include <linux/file.h>
 #include <linux/fs.h>
 #include <linux/idr.h>
+#include <linux/mm.h>
 #include <linux/module.h>
 #include <linux/slab.h>
 #include <linux/tee_drv.h>
@@ -17,11 +19,15 @@
 #include <crypto/sha.h>
 #include "tee_private.h"
 
+#ifdef CONFIG_TEE_APPID_SECURITY
+#include <linux/security.h>
+#endif
+
 #define TEE_NUM_DEVICES	32
 
 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
 
-#define TEE_UUID_NS_NAME_SIZE	128
+#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
 
 /*
  * TEE Client UUID name space identifier (UUIDv4)
@@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
 	return 0;
 }
 
+#ifdef CONFIG_TEE_APPID_SECURITY
+static const char *tee_session_get_application_id(void **data)
+{
+	struct file *exe_file;
+	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
+	int len;
+
+	exe_file = get_mm_exe_file(current->mm);
+	if (!exe_file)
+		return ERR_PTR(-ENOENT);
+
+	if (!exe_file->f_inode) {
+		fput(exe_file);
+		return ERR_PTR(-ENOENT);
+	}
+
+	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
+	if (len < 0)
+		return ERR_PTR(len);
+
+	fput(exe_file);
+
+	return *data;
+}
+#endif /* CONFIG_TEE_APPID_SECURITY */
+
+#ifdef CONFIG_TEE_APPID_PATH
+static const char *tee_session_get_application_id(void **data)
+{
+	struct file *exe_file;
+	char *path;
+
+	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
+	if (!*data)
+		return ERR_PTR(-ENOMEM);
+
+	exe_file = get_mm_exe_file(current->mm);
+	if (!exe_file) {
+		kfree(*data);
+		return ERR_PTR(-ENOENT);
+	}
+
+	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
+	if (IS_ERR(path)) {
+		kfree(*data);
+		return path;
+	}
+
+	fput(exe_file);
+
+	return path;
+}
+#endif /* CONFIG_TEE_APPID_PATH */
+
+#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
+static void tee_session_free_application_id(void *data)
+{
+	kfree(data);
+}
+#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
+
 /**
  * uuid_v5() - Calculate UUIDv5
  * @uuid: Resulting UUID
@@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
 	gid_t ns_grp = (gid_t)-1;
 	kgid_t grp = INVALID_GID;
 	char *name = NULL;
+	void *application_id_data = NULL;
+	const char *application_id = NULL;
 	int name_len;
 	int rc;
 
@@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
 	 * For TEEC_LOGIN_GROUP:
 	 * gid=<gid>
 	 *
+	 * For TEEC_LOGIN_APPLICATION:
+	 * app=<application id>
+	 *
+	 * For TEEC_LOGIN_USER_APPLICATION:
+	 * uid=<uid>:app=<application id>
+	 *
+	 * For TEEC_LOGIN_GROUP_APPLICATION:
+	 * gid=<gid>:app=<application id>
 	 */
 
 	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
@@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
 		}
 		break;
 
+	case TEE_IOCTL_LOGIN_APPLICATION:
+		application_id = tee_session_get_application_id(&application_id_data);
+		if (IS_ERR(application_id)) {
+			rc = PTR_ERR(application_id);
+			goto out_free_name;
+		}
+
+		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
+				    application_id);
+		tee_session_free_application_id(application_id_data);
+
+		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
+			rc = -E2BIG;
+			goto out_free_name;
+		}
+		break;
+
+	case TEE_IOCTL_LOGIN_USER_APPLICATION:
+		application_id = tee_session_get_application_id(&application_id_data);
+		if (IS_ERR(application_id)) {
+			rc = PTR_ERR(application_id);
+			goto out_free_name;
+		}
+
+		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
+				    current_euid().val, application_id);
+		tee_session_free_application_id(application_id_data);
+
+		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
+			rc = -E2BIG;
+			goto out_free_name;
+		}
+		break;
+
+	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
+		memcpy(&ns_grp, connection_data, sizeof(gid_t));
+		grp = make_kgid(current_user_ns(), ns_grp);
+		if (!gid_valid(grp) || !in_egroup_p(grp)) {
+			rc = -EPERM;
+			goto out_free_name;
+		}
+
+		application_id = tee_session_get_application_id(&application_id_data);
+		if (IS_ERR(application_id)) {
+			rc = PTR_ERR(application_id);
+			goto out_free_name;
+		}
+		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
+				    grp.val, application_id);
+		tee_session_free_application_id(application_id_data);
+
+		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
+			rc = -E2BIG;
+			goto out_free_name;
+		}
+		break;
+
 	default:
 		rc = -EINVAL;
 		goto out_free_name;
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH] tee: add support for application-based session login methods
  2020-09-17 15:38 [RFC PATCH] tee: add support for application-based session login methods Elvira Khabirova
@ 2020-09-28 13:43 ` Jens Wiklander
  2020-09-30  2:01   ` Elvira Khabirova
  0 siblings, 1 reply; 5+ messages in thread
From: Jens Wiklander @ 2020-09-28 13:43 UTC (permalink / raw)
  To: Elvira Khabirova
  Cc: op-tee, linux-kernel, vesa.jaaskelainen, s.shtylyov, k.karasev

Hi Elvira,

On Thu, Sep 17, 2020 at 06:38:03PM +0300, Elvira Khabirova wrote:
> GP TEE Client API in addition to login methods already supported
> in the kernel also defines several application-based methods:
> TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
> TEEC_LOGIN_GROUP_APPLICATION.
> 
> It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
> depending on the identity of the program, being persistent within one
> implementation, across multiple invocations of the application
> and across power cycles, enabling them to be used to disambiguate
> persistent storage. The exact nature is REE-specific.
> 
> As the exact method of generating application identifier strings may
> vary between vendors, setups and installations, add two suggested
> methods and an exact framework for vendors to extend upon.
> 
> Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
> ---
>  drivers/tee/Kconfig    |  29 +++++++++
>  drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 164 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index e99d840c2511..4cd6e0d2aad5 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -11,6 +11,35 @@ config TEE
>  	  This implements a generic interface towards a Trusted Execution
>  	  Environment (TEE).
>  
> +choice
> +	prompt "Application ID for client UUID"
> +	depends on TEE
> +	default TEE_APPID_PATH
> +	help
> +	  This option allows to choose which method will be used to generate
> +	  application identifiers for client UUID generation when login methods
> +	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
> +	  and TEE_LOGIN_GROUP_APPLICATION are used.
> +	  Please be mindful of the security of each method in your particular
> +	  installation.
> +
> +	config TEE_APPID_PATH
> +		bool "Path-based application ID"
> +		help
> +		  Use the executable's path as an application ID.
> +
> +	config TEE_APPID_SECURITY
> +		bool "Security extended attribute based application ID"
> +		help
> +		  Use the executable's security extended attribute as an application ID.
> +endchoice
> +
> +config TEE_APPID_SECURITY_XATTR
> +	string "Security extended attribute to use for application ID"
> +	depends on TEE_APPID_SECURITY
> +	help
> +	  Attribute to be used as an application ID (with the security prefix removed).
> +
>  if TEE
>  
>  menu "TEE drivers"
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index 64637e09a095..19c965dd212b 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -7,8 +7,10 @@
>  
>  #include <linux/cdev.h>
>  #include <linux/cred.h>
> +#include <linux/file.h>
>  #include <linux/fs.h>
>  #include <linux/idr.h>
> +#include <linux/mm.h>
>  #include <linux/module.h>
>  #include <linux/slab.h>
>  #include <linux/tee_drv.h>
> @@ -17,11 +19,15 @@
>  #include <crypto/sha.h>
>  #include "tee_private.h"
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
No need for the ifdef, just inlude the file unconditionally above.

> +#include <linux/security.h>
> +#endif
> +
>  #define TEE_NUM_DEVICES	32
>  
>  #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
>  
> -#define TEE_UUID_NS_NAME_SIZE	128
> +#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
>  
>  /*
>   * TEE Client UUID name space identifier (UUIDv4)
> @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
>  	return 0;
>  }
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
> +static const char *tee_session_get_application_id(void **data)
static char *get_app_id(void) should be enough.

> +{
> +	struct file *exe_file;
> +	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
> +	int len;
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file)
> +		return ERR_PTR(-ENOENT);
> +
> +	if (!exe_file->f_inode) {
> +		fput(exe_file);
> +		return ERR_PTR(-ENOENT);
> +	}
> +

You could perhaps add a comment here on the expected properties of this
data. Something along (don't know if I'm even close) "string
representation of the the hash of the binary and time stamp".

> +	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
> +	if (len < 0)
> +		return ERR_PTR(len);
> +
> +	fput(exe_file);
> +
> +	return *data;
> +}
> +#endif /* CONFIG_TEE_APPID_SECURITY */
> +
> +#ifdef CONFIG_TEE_APPID_PATH
> +static const char *tee_session_get_application_id(void **data)
> +{
> +	struct file *exe_file;
> +	char *path;
> +
> +	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> +	if (!*data)
> +		return ERR_PTR(-ENOMEM);
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file) {
> +		kfree(*data);
> +		return ERR_PTR(-ENOENT);
> +	}
> +
> +	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
> +	if (IS_ERR(path)) {
> +		kfree(*data);
> +		return path;
> +	}
> +
> +	fput(exe_file);
> +
> +	return path;
> +}
> +#endif /* CONFIG_TEE_APPID_PATH */
> +
> +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
> +static void tee_session_free_application_id(void *data)
> +{
> +	kfree(data);
> +}
This function isn't needed, we can call kfree() directly.

> +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
> +
>  /**
>   * uuid_v5() - Calculate UUIDv5
>   * @uuid: Resulting UUID
> @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	gid_t ns_grp = (gid_t)-1;
>  	kgid_t grp = INVALID_GID;
>  	char *name = NULL;
> +	void *application_id_data = NULL;
This isn't needed

> +	const char *application_id = NULL;
char *app_id = NULL;

>  	int name_len;
>  	int rc;
>  
> @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	 * For TEEC_LOGIN_GROUP:
>  	 * gid=<gid>
>  	 *
> +	 * For TEEC_LOGIN_APPLICATION:
> +	 * app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_USER_APPLICATION:
> +	 * uid=<uid>:app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_GROUP_APPLICATION:
> +	 * gid=<gid>:app=<application id>
>  	 */
>  
>  	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  		}
>  		break;
>  
> +	case TEE_IOCTL_LOGIN_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
> +				    application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
It looks like we remove these tests and replace them with
if (name_len < TEE_UUID_NS_NAME_SIZE)
        rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
else
        rc = -E2BIG

below, just above the "out_free_name:" label.

This function is small and simple enough that it should be easy to see
what's going on any way.

Thanks,
Jens

> +		break;
> +
> +	case TEE_IOCTL_LOGIN_USER_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
> +				    current_euid().val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
> +	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
> +		memcpy(&ns_grp, connection_data, sizeof(gid_t));
> +		grp = make_kgid(current_user_ns(), ns_grp);
> +		if (!gid_valid(grp) || !in_egroup_p(grp)) {
> +			rc = -EPERM;
> +			goto out_free_name;
> +		}
> +
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
> +				    grp.val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
>  	default:
>  		rc = -EINVAL;
>  		goto out_free_name;
> -- 
> 2.28.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH] tee: add support for application-based session login methods
  2020-09-28 13:43 ` Jens Wiklander
@ 2020-09-30  2:01   ` Elvira Khabirova
  2020-09-30  6:11     ` Jens Wiklander
  0 siblings, 1 reply; 5+ messages in thread
From: Elvira Khabirova @ 2020-09-30  2:01 UTC (permalink / raw)
  To: Jens Wiklander
  Cc: op-tee, linux-kernel, vesa.jaaskelainen, s.shtylyov, k.karasev

On Mon, 28 Sep 2020 15:43:47 +0200
Jens Wiklander <jens.wiklander@linaro.org> wrote:

> Hi Elvira,
> 
> On Thu, Sep 17, 2020 at 06:38:03PM +0300, Elvira Khabirova wrote:
> > GP TEE Client API in addition to login methods already supported
> > in the kernel also defines several application-based methods:
> > TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
> > TEEC_LOGIN_GROUP_APPLICATION.
> > 
> > It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
> > depending on the identity of the program, being persistent within one
> > implementation, across multiple invocations of the application
> > and across power cycles, enabling them to be used to disambiguate
> > persistent storage. The exact nature is REE-specific.
> > 
> > As the exact method of generating application identifier strings may
> > vary between vendors, setups and installations, add two suggested
> > methods and an exact framework for vendors to extend upon.
> > 
> > Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
> > ---
> >  drivers/tee/Kconfig    |  29 +++++++++
> >  drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
> >  2 files changed, 164 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> > index e99d840c2511..4cd6e0d2aad5 100644
> > --- a/drivers/tee/Kconfig
> > +++ b/drivers/tee/Kconfig
> > @@ -11,6 +11,35 @@ config TEE
> >  	  This implements a generic interface towards a Trusted Execution
> >  	  Environment (TEE).
> >  
> > +choice
> > +	prompt "Application ID for client UUID"
> > +	depends on TEE
> > +	default TEE_APPID_PATH
> > +	help
> > +	  This option allows to choose which method will be used to generate
> > +	  application identifiers for client UUID generation when login methods
> > +	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
> > +	  and TEE_LOGIN_GROUP_APPLICATION are used.
> > +	  Please be mindful of the security of each method in your particular
> > +	  installation.
> > +
> > +	config TEE_APPID_PATH
> > +		bool "Path-based application ID"
> > +		help
> > +		  Use the executable's path as an application ID.
> > +
> > +	config TEE_APPID_SECURITY
> > +		bool "Security extended attribute based application ID"
> > +		help
> > +		  Use the executable's security extended attribute as an application ID.
> > +endchoice
> > +
> > +config TEE_APPID_SECURITY_XATTR
> > +	string "Security extended attribute to use for application ID"
> > +	depends on TEE_APPID_SECURITY
> > +	help
> > +	  Attribute to be used as an application ID (with the security prefix removed).
> > +
> >  if TEE
> >  
> >  menu "TEE drivers"
> > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > index 64637e09a095..19c965dd212b 100644
> > --- a/drivers/tee/tee_core.c
> > +++ b/drivers/tee/tee_core.c
> > @@ -7,8 +7,10 @@
> >  
> >  #include <linux/cdev.h>
> >  #include <linux/cred.h>
> > +#include <linux/file.h>
> >  #include <linux/fs.h>
> >  #include <linux/idr.h>
> > +#include <linux/mm.h>
> >  #include <linux/module.h>
> >  #include <linux/slab.h>
> >  #include <linux/tee_drv.h>
> > @@ -17,11 +19,15 @@
> >  #include <crypto/sha.h>
> >  #include "tee_private.h"
> >  
> > +#ifdef CONFIG_TEE_APPID_SECURITY
> No need for the ifdef, just inlude the file unconditionally above.
> 
> > +#include <linux/security.h>
> > +#endif
> > +
> >  #define TEE_NUM_DEVICES	32
> >  
> >  #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
> >  
> > -#define TEE_UUID_NS_NAME_SIZE	128
> > +#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
> >  
> >  /*
> >   * TEE Client UUID name space identifier (UUIDv4)
> > @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
> >  	return 0;
> >  }
> >  
> > +#ifdef CONFIG_TEE_APPID_SECURITY
> > +static const char *tee_session_get_application_id(void **data)
> static char *get_app_id(void) should be enough.
> 
> > +{
> > +	struct file *exe_file;
> > +	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
> > +	int len;
> > +
> > +	exe_file = get_mm_exe_file(current->mm);
> > +	if (!exe_file)
> > +		return ERR_PTR(-ENOENT);
> > +
> > +	if (!exe_file->f_inode) {
> > +		fput(exe_file);
> > +		return ERR_PTR(-ENOENT);
> > +	}
> > +
> 
> You could perhaps add a comment here on the expected properties of this
> data. Something along (don't know if I'm even close) "string
> representation of the the hash of the binary and time stamp".
> 
> > +	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
> > +	if (len < 0)
> > +		return ERR_PTR(len);
> > +
> > +	fput(exe_file);
> > +
> > +	return *data;
> > +}
> > +#endif /* CONFIG_TEE_APPID_SECURITY */
> > +
> > +#ifdef CONFIG_TEE_APPID_PATH
> > +static const char *tee_session_get_application_id(void **data)
> > +{
> > +	struct file *exe_file;
> > +	char *path;
> > +
> > +	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> > +	if (!*data)
> > +		return ERR_PTR(-ENOMEM);
> > +
> > +	exe_file = get_mm_exe_file(current->mm);
> > +	if (!exe_file) {
> > +		kfree(*data);
> > +		return ERR_PTR(-ENOENT);
> > +	}
> > +
> > +	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
> > +	if (IS_ERR(path)) {
> > +		kfree(*data);
> > +		return path;
> > +	}
> > +
> > +	fput(exe_file);
> > +
> > +	return path;
> > +}
> > +#endif /* CONFIG_TEE_APPID_PATH */
> > +
> > +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
> > +static void tee_session_free_application_id(void *data)
> > +{
> > +	kfree(data);
> > +}
> This function isn't needed, we can call kfree() directly.
> 
> > +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
> > +
> >  /**
> >   * uuid_v5() - Calculate UUIDv5
> >   * @uuid: Resulting UUID
> > @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> >  	gid_t ns_grp = (gid_t)-1;
> >  	kgid_t grp = INVALID_GID;
> >  	char *name = NULL;
> > +	void *application_id_data = NULL;
> This isn't needed
The only reason application_id_data exists (and get_application_id has a parameter)
is because when defined(CONFIG_TEE_APPID_PATH), file_path() returns a pointer
that often starts at an offset into the buffer (see the comment above d_path()).
Therefore we end up with a buffer that's not equal to application_id which we
want to free later. The other way (other than having a void **data parameter)
would be to allocate a new buffer, copy the resulting path there, and return
the new buffer instead of the one used by file_path().
Let me know which solution is preferred.

> > +	const char *application_id = NULL;
> char *app_id = NULL;
> 
> >  	int name_len;
> >  	int rc;
> >  
> > @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> >  	 * For TEEC_LOGIN_GROUP:
> >  	 * gid=<gid>
> >  	 *
> > +	 * For TEEC_LOGIN_APPLICATION:
> > +	 * app=<application id>
> > +	 *
> > +	 * For TEEC_LOGIN_USER_APPLICATION:
> > +	 * uid=<uid>:app=<application id>
> > +	 *
> > +	 * For TEEC_LOGIN_GROUP_APPLICATION:
> > +	 * gid=<gid>:app=<application id>
> >  	 */
> >  
> >  	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> > @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> >  		}
> >  		break;
> >  
> > +	case TEE_IOCTL_LOGIN_APPLICATION:
> > +		application_id = tee_session_get_application_id(&application_id_data);
> > +		if (IS_ERR(application_id)) {
> > +			rc = PTR_ERR(application_id);
> > +			goto out_free_name;
> > +		}
> > +
> > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
> > +				    application_id);
> > +		tee_session_free_application_id(application_id_data);
> > +
> > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > +			rc = -E2BIG;
> > +			goto out_free_name;
> > +		}
> It looks like we remove these tests and replace them with
> if (name_len < TEE_UUID_NS_NAME_SIZE)
>         rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> else
>         rc = -E2BIG
> 
> below, just above the "out_free_name:" label.
> 
> This function is small and simple enough that it should be easy to see
> what's going on any way.
> 
> Thanks,
> Jens
> 
> > +		break;
> > +
> > +	case TEE_IOCTL_LOGIN_USER_APPLICATION:
> > +		application_id = tee_session_get_application_id(&application_id_data);
> > +		if (IS_ERR(application_id)) {
> > +			rc = PTR_ERR(application_id);
> > +			goto out_free_name;
> > +		}
> > +
> > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
> > +				    current_euid().val, application_id);
> > +		tee_session_free_application_id(application_id_data);
> > +
> > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > +			rc = -E2BIG;
> > +			goto out_free_name;
> > +		}
> > +		break;
> > +
> > +	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
> > +		memcpy(&ns_grp, connection_data, sizeof(gid_t));
> > +		grp = make_kgid(current_user_ns(), ns_grp);
> > +		if (!gid_valid(grp) || !in_egroup_p(grp)) {
> > +			rc = -EPERM;
> > +			goto out_free_name;
> > +		}
> > +
> > +		application_id = tee_session_get_application_id(&application_id_data);
> > +		if (IS_ERR(application_id)) {
> > +			rc = PTR_ERR(application_id);
> > +			goto out_free_name;
> > +		}
> > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
> > +				    grp.val, application_id);
> > +		tee_session_free_application_id(application_id_data);
> > +
> > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > +			rc = -E2BIG;
> > +			goto out_free_name;
> > +		}
> > +		break;
> > +
> >  	default:
> >  		rc = -EINVAL;
> >  		goto out_free_name;
> > -- 
> > 2.28.0
> > 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH] tee: add support for application-based session login methods
  2020-09-30  2:01   ` Elvira Khabirova
@ 2020-09-30  6:11     ` Jens Wiklander
  0 siblings, 0 replies; 5+ messages in thread
From: Jens Wiklander @ 2020-09-30  6:11 UTC (permalink / raw)
  To: Elvira Khabirova
  Cc: op-tee, linux-kernel, vesa.jaaskelainen, s.shtylyov, k.karasev

On Wed, Sep 30, 2020 at 05:01:01AM +0300, Elvira Khabirova wrote:
> On Mon, 28 Sep 2020 15:43:47 +0200
> Jens Wiklander <jens.wiklander@linaro.org> wrote:
> 
> > Hi Elvira,
> > 
> > On Thu, Sep 17, 2020 at 06:38:03PM +0300, Elvira Khabirova wrote:
> > > GP TEE Client API in addition to login methods already supported
> > > in the kernel also defines several application-based methods:
> > > TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
> > > TEEC_LOGIN_GROUP_APPLICATION.
> > > 
> > > It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
> > > depending on the identity of the program, being persistent within one
> > > implementation, across multiple invocations of the application
> > > and across power cycles, enabling them to be used to disambiguate
> > > persistent storage. The exact nature is REE-specific.
> > > 
> > > As the exact method of generating application identifier strings may
> > > vary between vendors, setups and installations, add two suggested
> > > methods and an exact framework for vendors to extend upon.
> > > 
> > > Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
> > > ---
> > >  drivers/tee/Kconfig    |  29 +++++++++
> > >  drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
> > >  2 files changed, 164 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> > > index e99d840c2511..4cd6e0d2aad5 100644
> > > --- a/drivers/tee/Kconfig
> > > +++ b/drivers/tee/Kconfig
> > > @@ -11,6 +11,35 @@ config TEE
> > >  	  This implements a generic interface towards a Trusted Execution
> > >  	  Environment (TEE).
> > >  
> > > +choice
> > > +	prompt "Application ID for client UUID"
> > > +	depends on TEE
> > > +	default TEE_APPID_PATH
> > > +	help
> > > +	  This option allows to choose which method will be used to generate
> > > +	  application identifiers for client UUID generation when login methods
> > > +	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
> > > +	  and TEE_LOGIN_GROUP_APPLICATION are used.
> > > +	  Please be mindful of the security of each method in your particular
> > > +	  installation.
> > > +
> > > +	config TEE_APPID_PATH
> > > +		bool "Path-based application ID"
> > > +		help
> > > +		  Use the executable's path as an application ID.
> > > +
> > > +	config TEE_APPID_SECURITY
> > > +		bool "Security extended attribute based application ID"
> > > +		help
> > > +		  Use the executable's security extended attribute as an application ID.
> > > +endchoice
> > > +
> > > +config TEE_APPID_SECURITY_XATTR
> > > +	string "Security extended attribute to use for application ID"
> > > +	depends on TEE_APPID_SECURITY
> > > +	help
> > > +	  Attribute to be used as an application ID (with the security prefix removed).
> > > +
> > >  if TEE
> > >  
> > >  menu "TEE drivers"
> > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > > index 64637e09a095..19c965dd212b 100644
> > > --- a/drivers/tee/tee_core.c
> > > +++ b/drivers/tee/tee_core.c
> > > @@ -7,8 +7,10 @@
> > >  
> > >  #include <linux/cdev.h>
> > >  #include <linux/cred.h>
> > > +#include <linux/file.h>
> > >  #include <linux/fs.h>
> > >  #include <linux/idr.h>
> > > +#include <linux/mm.h>
> > >  #include <linux/module.h>
> > >  #include <linux/slab.h>
> > >  #include <linux/tee_drv.h>
> > > @@ -17,11 +19,15 @@
> > >  #include <crypto/sha.h>
> > >  #include "tee_private.h"
> > >  
> > > +#ifdef CONFIG_TEE_APPID_SECURITY
> > No need for the ifdef, just inlude the file unconditionally above.
> > 
> > > +#include <linux/security.h>
> > > +#endif
> > > +
> > >  #define TEE_NUM_DEVICES	32
> > >  
> > >  #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
> > >  
> > > -#define TEE_UUID_NS_NAME_SIZE	128
> > > +#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
> > >  
> > >  /*
> > >   * TEE Client UUID name space identifier (UUIDv4)
> > > @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
> > >  	return 0;
> > >  }
> > >  
> > > +#ifdef CONFIG_TEE_APPID_SECURITY
> > > +static const char *tee_session_get_application_id(void **data)
> > static char *get_app_id(void) should be enough.
> > 
> > > +{
> > > +	struct file *exe_file;
> > > +	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
> > > +	int len;
> > > +
> > > +	exe_file = get_mm_exe_file(current->mm);
> > > +	if (!exe_file)
> > > +		return ERR_PTR(-ENOENT);
> > > +
> > > +	if (!exe_file->f_inode) {
> > > +		fput(exe_file);
> > > +		return ERR_PTR(-ENOENT);
> > > +	}
> > > +
> > 
> > You could perhaps add a comment here on the expected properties of this
> > data. Something along (don't know if I'm even close) "string
> > representation of the the hash of the binary and time stamp".
> > 
> > > +	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
> > > +	if (len < 0)
> > > +		return ERR_PTR(len);
> > > +
> > > +	fput(exe_file);
> > > +
> > > +	return *data;
> > > +}
> > > +#endif /* CONFIG_TEE_APPID_SECURITY */
> > > +
> > > +#ifdef CONFIG_TEE_APPID_PATH
> > > +static const char *tee_session_get_application_id(void **data)
> > > +{
> > > +	struct file *exe_file;
> > > +	char *path;
> > > +
> > > +	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> > > +	if (!*data)
> > > +		return ERR_PTR(-ENOMEM);
> > > +
> > > +	exe_file = get_mm_exe_file(current->mm);
> > > +	if (!exe_file) {
> > > +		kfree(*data);
> > > +		return ERR_PTR(-ENOENT);
> > > +	}
> > > +
> > > +	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
> > > +	if (IS_ERR(path)) {
> > > +		kfree(*data);
> > > +		return path;
> > > +	}
> > > +
> > > +	fput(exe_file);
> > > +
> > > +	return path;
> > > +}
> > > +#endif /* CONFIG_TEE_APPID_PATH */
> > > +
> > > +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
> > > +static void tee_session_free_application_id(void *data)
> > > +{
> > > +	kfree(data);
> > > +}
> > This function isn't needed, we can call kfree() directly.
> > 
> > > +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
> > > +
> > >  /**
> > >   * uuid_v5() - Calculate UUIDv5
> > >   * @uuid: Resulting UUID
> > > @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> > >  	gid_t ns_grp = (gid_t)-1;
> > >  	kgid_t grp = INVALID_GID;
> > >  	char *name = NULL;
> > > +	void *application_id_data = NULL;
> > This isn't needed
> The only reason application_id_data exists (and get_application_id has a parameter)
> is because when defined(CONFIG_TEE_APPID_PATH), file_path() returns a pointer
> that often starts at an offset into the buffer (see the comment above d_path()).
> Therefore we end up with a buffer that's not equal to application_id which we
> want to free later. The other way (other than having a void **data parameter)
> would be to allocate a new buffer, copy the resulting path there, and return
> the new buffer instead of the one used by file_path().
> Let me know which solution is preferred.

Good point. Please use the pattern you're already using. I'd prefer a slightly
shorter name though. app_id_data perhaps?

Thanks,
Jens

> 
> > > +	const char *application_id = NULL;
> > char *app_id = NULL;
> > 
> > >  	int name_len;
> > >  	int rc;
> > >  
> > > @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> > >  	 * For TEEC_LOGIN_GROUP:
> > >  	 * gid=<gid>
> > >  	 *
> > > +	 * For TEEC_LOGIN_APPLICATION:
> > > +	 * app=<application id>
> > > +	 *
> > > +	 * For TEEC_LOGIN_USER_APPLICATION:
> > > +	 * uid=<uid>:app=<application id>
> > > +	 *
> > > +	 * For TEEC_LOGIN_GROUP_APPLICATION:
> > > +	 * gid=<gid>:app=<application id>
> > >  	 */
> > >  
> > >  	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> > > @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> > >  		}
> > >  		break;
> > >  
> > > +	case TEE_IOCTL_LOGIN_APPLICATION:
> > > +		application_id = tee_session_get_application_id(&application_id_data);
> > > +		if (IS_ERR(application_id)) {
> > > +			rc = PTR_ERR(application_id);
> > > +			goto out_free_name;
> > > +		}
> > > +
> > > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
> > > +				    application_id);
> > > +		tee_session_free_application_id(application_id_data);
> > > +
> > > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > > +			rc = -E2BIG;
> > > +			goto out_free_name;
> > > +		}
> > It looks like we remove these tests and replace them with
> > if (name_len < TEE_UUID_NS_NAME_SIZE)
> >         rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> > else
> >         rc = -E2BIG
> > 
> > below, just above the "out_free_name:" label.
> > 
> > This function is small and simple enough that it should be easy to see
> > what's going on any way.
> > 
> > Thanks,
> > Jens
> > 
> > > +		break;
> > > +
> > > +	case TEE_IOCTL_LOGIN_USER_APPLICATION:
> > > +		application_id = tee_session_get_application_id(&application_id_data);
> > > +		if (IS_ERR(application_id)) {
> > > +			rc = PTR_ERR(application_id);
> > > +			goto out_free_name;
> > > +		}
> > > +
> > > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
> > > +				    current_euid().val, application_id);
> > > +		tee_session_free_application_id(application_id_data);
> > > +
> > > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > > +			rc = -E2BIG;
> > > +			goto out_free_name;
> > > +		}
> > > +		break;
> > > +
> > > +	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
> > > +		memcpy(&ns_grp, connection_data, sizeof(gid_t));
> > > +		grp = make_kgid(current_user_ns(), ns_grp);
> > > +		if (!gid_valid(grp) || !in_egroup_p(grp)) {
> > > +			rc = -EPERM;
> > > +			goto out_free_name;
> > > +		}
> > > +
> > > +		application_id = tee_session_get_application_id(&application_id_data);
> > > +		if (IS_ERR(application_id)) {
> > > +			rc = PTR_ERR(application_id);
> > > +			goto out_free_name;
> > > +		}
> > > +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
> > > +				    grp.val, application_id);
> > > +		tee_session_free_application_id(application_id_data);
> > > +
> > > +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> > > +			rc = -E2BIG;
> > > +			goto out_free_name;
> > > +		}
> > > +		break;
> > > +
> > >  	default:
> > >  		rc = -EINVAL;
> > >  		goto out_free_name;
> > > -- 
> > > 2.28.0
> > > 
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH] tee: add support for application-based session login methods
       [not found] <010001749cbe8c36-0330f6a3-10a0-4835-b799-570cb9bfa1e0-000000@email.amazonses.com>
@ 2020-09-28  9:49 ` Elvira Khabirova
  0 siblings, 0 replies; 5+ messages in thread
From: Elvira Khabirova @ 2020-09-28  9:49 UTC (permalink / raw)
  To: Elvira Khabirova via OP-TEE
  Cc: Elvira Khabirova, k.karasev, s.shtylyov, linux-kernel, jens.wiklander

Hello,

On Thu, 17 Sep 2020 15:46:07 +0000
Elvira Khabirova via OP-TEE <op-tee@lists.trustedfirmware.org> wrote:

> GP TEE Client API in addition to login methods already supported
> in the kernel also defines several application-based methods:
> TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and
> TEEC_LOGIN_GROUP_APPLICATION.
> 
> It specifies credentials generated for TEEC_LOGIN_APPLICATION as only
> depending on the identity of the program, being persistent within one
> implementation, across multiple invocations of the application
> and across power cycles, enabling them to be used to disambiguate
> persistent storage. The exact nature is REE-specific.
> 
> As the exact method of generating application identifier strings may
> vary between vendors, setups and installations, add two suggested
> methods and an exact framework for vendors to extend upon.

If there are no comments on this, I will resend this and drop [RFC]
from the subject.

> Signed-off-by: Elvira Khabirova <e.khabirova@omprussia.ru>
> ---
>  drivers/tee/Kconfig    |  29 +++++++++
>  drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 164 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index e99d840c2511..4cd6e0d2aad5 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -11,6 +11,35 @@ config TEE
>  	  This implements a generic interface towards a Trusted Execution
>  	  Environment (TEE).
>  
> +choice
> +	prompt "Application ID for client UUID"
> +	depends on TEE
> +	default TEE_APPID_PATH
> +	help
> +	  This option allows to choose which method will be used to generate
> +	  application identifiers for client UUID generation when login methods
> +	  TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION
> +	  and TEE_LOGIN_GROUP_APPLICATION are used.
> +	  Please be mindful of the security of each method in your particular
> +	  installation.
> +
> +	config TEE_APPID_PATH
> +		bool "Path-based application ID"
> +		help
> +		  Use the executable's path as an application ID.
> +
> +	config TEE_APPID_SECURITY
> +		bool "Security extended attribute based application ID"
> +		help
> +		  Use the executable's security extended attribute as an application ID.
> +endchoice
> +
> +config TEE_APPID_SECURITY_XATTR
> +	string "Security extended attribute to use for application ID"
> +	depends on TEE_APPID_SECURITY
> +	help
> +	  Attribute to be used as an application ID (with the security prefix removed).
> +
>  if TEE
>  
>  menu "TEE drivers"
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index 64637e09a095..19c965dd212b 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -7,8 +7,10 @@
>  
>  #include <linux/cdev.h>
>  #include <linux/cred.h>
> +#include <linux/file.h>
>  #include <linux/fs.h>
>  #include <linux/idr.h>
> +#include <linux/mm.h>
>  #include <linux/module.h>
>  #include <linux/slab.h>
>  #include <linux/tee_drv.h>
> @@ -17,11 +19,15 @@
>  #include <crypto/sha.h>
>  #include "tee_private.h"
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
> +#include <linux/security.h>
> +#endif
> +
>  #define TEE_NUM_DEVICES	32
>  
>  #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
>  
> -#define TEE_UUID_NS_NAME_SIZE	128
> +#define TEE_UUID_NS_NAME_SIZE	PATH_MAX
>  
>  /*
>   * TEE Client UUID name space identifier (UUIDv4)
> @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp)
>  	return 0;
>  }
>  
> +#ifdef CONFIG_TEE_APPID_SECURITY
> +static const char *tee_session_get_application_id(void **data)
> +{
> +	struct file *exe_file;
> +	const char *name = CONFIG_TEE_APPID_SECURITY_XATTR;
> +	int len;
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file)
> +		return ERR_PTR(-ENOENT);
> +
> +	if (!exe_file->f_inode) {
> +		fput(exe_file);
> +		return ERR_PTR(-ENOENT);
> +	}
> +
> +	len = security_inode_getsecurity(exe_file->f_inode, name, data, true);
> +	if (len < 0)
> +		return ERR_PTR(len);
> +
> +	fput(exe_file);
> +
> +	return *data;
> +}
> +#endif /* CONFIG_TEE_APPID_SECURITY */
> +
> +#ifdef CONFIG_TEE_APPID_PATH
> +static const char *tee_session_get_application_id(void **data)
> +{
> +	struct file *exe_file;
> +	char *path;
> +
> +	*data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> +	if (!*data)
> +		return ERR_PTR(-ENOMEM);
> +
> +	exe_file = get_mm_exe_file(current->mm);
> +	if (!exe_file) {
> +		kfree(*data);
> +		return ERR_PTR(-ENOENT);
> +	}
> +
> +	path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE);
> +	if (IS_ERR(path)) {
> +		kfree(*data);
> +		return path;
> +	}
> +
> +	fput(exe_file);
> +
> +	return path;
> +}
> +#endif /* CONFIG_TEE_APPID_PATH */
> +
> +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY)
> +static void tee_session_free_application_id(void *data)
> +{
> +	kfree(data);
> +}
> +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */
> +
>  /**
>   * uuid_v5() - Calculate UUIDv5
>   * @uuid: Resulting UUID
> @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	gid_t ns_grp = (gid_t)-1;
>  	kgid_t grp = INVALID_GID;
>  	char *name = NULL;
> +	void *application_id_data = NULL;
> +	const char *application_id = NULL;
>  	int name_len;
>  	int rc;
>  
> @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  	 * For TEEC_LOGIN_GROUP:
>  	 * gid=<gid>
>  	 *
> +	 * For TEEC_LOGIN_APPLICATION:
> +	 * app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_USER_APPLICATION:
> +	 * uid=<uid>:app=<application id>
> +	 *
> +	 * For TEEC_LOGIN_GROUP_APPLICATION:
> +	 * gid=<gid>:app=<application id>
>  	 */
>  
>  	name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL);
> @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
>  		}
>  		break;
>  
> +	case TEE_IOCTL_LOGIN_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s",
> +				    application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
> +	case TEE_IOCTL_LOGIN_USER_APPLICATION:
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s",
> +				    current_euid().val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
> +	case TEE_IOCTL_LOGIN_GROUP_APPLICATION:
> +		memcpy(&ns_grp, connection_data, sizeof(gid_t));
> +		grp = make_kgid(current_user_ns(), ns_grp);
> +		if (!gid_valid(grp) || !in_egroup_p(grp)) {
> +			rc = -EPERM;
> +			goto out_free_name;
> +		}
> +
> +		application_id = tee_session_get_application_id(&application_id_data);
> +		if (IS_ERR(application_id)) {
> +			rc = PTR_ERR(application_id);
> +			goto out_free_name;
> +		}
> +		name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s",
> +				    grp.val, application_id);
> +		tee_session_free_application_id(application_id_data);
> +
> +		if (name_len >= TEE_UUID_NS_NAME_SIZE) {
> +			rc = -E2BIG;
> +			goto out_free_name;
> +		}
> +		break;
> +
>  	default:
>  		rc = -EINVAL;
>  		goto out_free_name;


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-09-30  6:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-17 15:38 [RFC PATCH] tee: add support for application-based session login methods Elvira Khabirova
2020-09-28 13:43 ` Jens Wiklander
2020-09-30  2:01   ` Elvira Khabirova
2020-09-30  6:11     ` Jens Wiklander
     [not found] <010001749cbe8c36-0330f6a3-10a0-4835-b799-570cb9bfa1e0-000000@email.amazonses.com>
2020-09-28  9:49 ` Elvira Khabirova

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).