From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935019AbdDZPtS (ORCPT <rfc822;w@1wt.eu>);
        Wed, 26 Apr 2017 11:49:18 -0400
Received: from mail-he1eur01on0058.outbound.protection.outlook.com ([104.47.0.58]:44544
        "EHLO EUR01-HE1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S934146AbdDZPs7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 26 Apr 2017 11:48:59 -0400
From: Daniel Jurgens <danielj@mellanox.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
        Sebastien Buisson <sbuisson.ddn@gmail.com>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
CC: "serge@hallyn.com" <serge@hallyn.com>,
        "james.l.morris@oracle.com" <james.l.morris@oracle.com>,
        "eparis@parisplace.org" <eparis@parisplace.org>,
        "sds@tycho.nsa.gov" <sds@tycho.nsa.gov>,
        "paul@paul-moore.com" <paul@paul-moore.com>,
        Sebastien Buisson <sbuisson@ddn.com>
Subject: Re: [PATCH 1/3] selinux: Implement LSM notification system
Thread-Topic: [PATCH 1/3] selinux: Implement LSM notification system
Thread-Index: AQHSvp44TpWydMnGAE2qGyIHAmHjzA==
Date: Wed, 26 Apr 2017 15:48:53 +0000
Message-ID: <DB5PR05MB09975186A082246C7649C94CC4110@DB5PR05MB0997.eurprd05.prod.outlook.com>
References: <1493218936-18522-1-git-send-email-sbuisson@ddn.com>
 <8d4c5ab6-8c15-312a-398b-c3ee9d7e8cb6@schaufler-ca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: schaufler-ca.com; dkim=none (message not signed)
 header.d=none;schaufler-ca.com; dmarc=none action=none
 header.from=mellanox.com;
x-originating-ip: [172.87.190.14]
x-microsoft-exchange-diagnostics: 1;DB5PR05MB1000;7:WzXJgADFrSqZSzbgbjOXHdZZa8DGFfkQYRF2yIwx+Mw3jcKSJjLvuz+3GZReuD3OSRINMQgDaFiWzR8lxypiOLowfqe+rRMN10m+JIbLcJSMavhdqbX+6CEJUMcP/0U2D2WHUsfnrmPW64J9meQFCKWjX9p1ePzRvI892a+Q5OXSBqhYMEwFf4VSoEHGujgah6huDk8i1UXvNN3MlVxMQ09Va9b7B2p25bGY+Nnlt2pvrSbvuXzNeuIMf/GpB9HpAhYrXHoiKUDnbU0kAq2h4+RLYualJtpofOaXGTa77cEGBwDRQV8pnIGqiEy5GkOag4F6alAMr21lznNLa24EeQ==
x-ms-office365-filtering-correlation-id: b73bdddb-a63c-4356-4c3b-08d48cbbbdd2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075);SRVR:DB5PR05MB1000;
x-microsoft-antispam-prvs: <DB5PR05MB1000B19E168B469F5DBF9329C4110@DB5PR05MB1000.eurprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(20161123560025)(20161123555025)(20161123564025)(6072148);SRVR:DB5PR05MB1000;BCL:0;PCL:0;RULEID:;SRVR:DB5PR05MB1000;
x-forefront-prvs: 0289B6431E
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(39400400002)(39850400002)(39410400002)(39860400002)(39840400002)(39450400003)(24454002)(377454003)(2201001)(6246003)(229853002)(8666007)(54906002)(53936002)(305945005)(5660300001)(7416002)(33656002)(8676002)(5250100002)(39060400002)(2900100001)(86362001)(7696004)(189998001)(25786009)(38730400002)(6116002)(3846002)(2906002)(102836003)(3280700002)(99286003)(74316002)(76176999)(54356999)(4326008)(81166006)(66066001)(6436002)(55016002)(9686003)(3660700001)(8936002)(15650500001)(7736002)(2501003)(6506006)(53546009)(50986999);DIR:OUT;SFP:1101;SCL:1;SRVR:DB5PR05MB1000;H:DB5PR05MB0997.eurprd05.prod.outlook.com;FPR:;SPF:None;MLV:ovrnspm;PTR:InfoNoRecords;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-OriginatorOrg: Mellanox.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2017 15:48:53.4048
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR05MB1000
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v3QFoQu4026814

On 4/26/2017 10:38 AM, Casey Schaufler wrote:
> On 4/26/2017 8:02 AM, Sebastien Buisson wrote:
>> From: Daniel Jurgens <danielj@mellanox.com>
>>
>> Add a generic notification mechanism in the LSM. Interested consumers
>> can register a callback with the LSM and security modules can produce
>> events.
> Why is this a generic mechanism? Do you ever see anyone
> other than SELinux using it?
I had created an SELinux specific mechanism, Paul Moore requested I make it generic.
>> Add a call to the notification mechanism from SELinux when the AVC
>> cache changes.
> This seems like a whole lot of mechanism for
> something you could accomplish with a log message.
> What am I missing?
This was part of a larger patch set that hasn't been accepted yet.  SELinux support for Inifiniband.  Subsequent patches in that patch set will use it as well.
>> Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
>> Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
>> ---
>>  include/linux/security.h | 23 +++++++++++++++++++++++
>>  security/security.c      | 20 ++++++++++++++++++++
>>  security/selinux/hooks.c | 12 ++++++++++++
>>  3 files changed, 55 insertions(+)
>>
>> diff --git a/include/linux/security.h b/include/linux/security.h
>> index af675b5..73a9c93 100644
>> --- a/include/linux/security.h
>> +++ b/include/linux/security.h
>> @@ -68,6 +68,10 @@
>>  struct user_namespace;
>>  struct timezone;
>>  
>> +enum lsm_event {
>> +	LSM_POLICY_CHANGE,
>> +};
>> +
>>  /* These functions are in security/commoncap.c */
>>  extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
>>  		       int cap, int audit);
>> @@ -163,6 +167,10 @@ struct security_mnt_opts {
>>  	int num_mnt_opts;
>>  };
>>  
>> +int call_lsm_notifier(enum lsm_event event, void *data);
>> +int register_lsm_notifier(struct notifier_block *nb);
>> +int unregister_lsm_notifier(struct notifier_block *nb);
>> +
>>  static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
>>  {
>>  	opts->mnt_opts = NULL;
>> @@ -381,6 +389,21 @@ int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
>>  struct security_mnt_opts {
>>  };
>>  
>> +static inline int call_lsm_notifier(enum lsm_event event, void *data)
>> +{
>> +	return 0;
>> +}
>> +
>> +static inline int register_lsm_notifier(struct notifier_block *nb)
>> +{
>> +	return 0;
>> +}
>> +
>> +static inline  int unregister_lsm_notifier(struct notifier_block *nb)
>> +{
>> +	return 0;
>> +}
>> +
>>  static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
>>  {
>>  }
>> diff --git a/security/security.c b/security/security.c
>> index b9fea39..ef9d9e1 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -32,6 +32,8 @@
>>  /* Maximum number of letters for an LSM name string */
>>  #define SECURITY_NAME_MAX	10
>>  
>> +static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain);
>> +
>>  struct security_hook_heads security_hook_heads __lsm_ro_after_init;
>>  char *lsm_names;
>>  /* Boot-time LSM user choice */
>> @@ -146,6 +148,24 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
>>  		panic("%s - Cannot get early memory.\n", __func__);
>>  }
>>  
>> +int call_lsm_notifier(enum lsm_event event, void *data)
>> +{
>> +	return atomic_notifier_call_chain(&lsm_notifier_chain, event, data);
>> +}
>> +EXPORT_SYMBOL(call_lsm_notifier);
>> +
>> +int register_lsm_notifier(struct notifier_block *nb)
>> +{
>> +	return atomic_notifier_chain_register(&lsm_notifier_chain, nb);
>> +}
>> +EXPORT_SYMBOL(register_lsm_notifier);
>> +
>> +int unregister_lsm_notifier(struct notifier_block *nb)
>> +{
>> +	return atomic_notifier_chain_unregister(&lsm_notifier_chain, nb);
>> +}
>> +EXPORT_SYMBOL(unregister_lsm_notifier);
>> +
>>  /*
>>   * Hook list operation macros.
>>   *
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index e67a526..a4d36f8 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -171,6 +171,14 @@ static int selinux_netcache_avc_callback(u32 event)
>>  	return 0;
>>  }
>>  
>> +static int selinux_lsm_notifier_avc_callback(u32 event)
>> +{
>> +	if (event == AVC_CALLBACK_RESET)
>> +		call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
>> +
>> +	return 0;
>> +}
>> +
>>  /*
>>   * initialise the security for the init task
>>   */
>> @@ -6379,6 +6387,10 @@ static __init int selinux_init(void)
>>  	if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
>>  		panic("SELinux: Unable to register AVC netcache callback\n");
>>  
>> +	if (avc_add_callback(selinux_lsm_notifier_avc_callback,
>> +			     AVC_CALLBACK_RESET))
>> +		panic("SELinux: Unable to register AVC LSM notifier callback\n");
>> +
>>  	if (selinux_enforcing)
>>  		printk(KERN_DEBUG "SELinux:  Starting in enforcing mode\n");
>>  	else
>