From: Casey Schaufler <casey.schaufler@intel.com>
To: kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
casey.schaufler@intel.com, dave.hansen@intel.com,
deneen.t.dock@intel.com, kristen@linux.intel.com,
arjan@linux.intel.com
Subject: [PATCH v3 4/5] Smack: Support determination of side-channel
Date: Mon, 20 Aug 2018 17:04:43 -0700 [thread overview]
Message-ID: <20180821000444.7004-5-casey.schaufler@intel.com> (raw)
In-Reply-To: <20180821000444.7004-1-casey.schaufler@intel.com>
Smack considers its private task data safe if the current task
has read access to the passed task.
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
---
security/smack/smack_lsm.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 91750205a5de..85dc053e610c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2299,6 +2299,23 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
isp->smk_inode = skp;
}
+/**
+ * smack_task_safe_sidechannel - Are the task and current sidechannel safe?
+ * @p: task to check on
+ *
+ * A crude value for sidechannel safety is that the current task is
+ * already allowed to read from the other.
+ *
+ * Returns 0 if the tasks are sidechannel safe, -EACCES otherwise.
+ */
+static int smack_task_safe_sidechannel(struct task_struct *p)
+{
+ struct smack_known *skp = smk_of_task_struct(p);
+ struct smack_known *ckp = smk_of_task_struct(current);
+
+ return smk_access(ckp, skp, MAY_READ, NULL);
+}
+
/*
* Socket hooks.
*/
@@ -4718,6 +4735,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(task_movememory, smack_task_movememory),
LSM_HOOK_INIT(task_kill, smack_task_kill),
LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
+ LSM_HOOK_INIT(task_safe_sidechannel, smack_task_safe_sidechannel),
LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: casey.schaufler@intel.com (Casey Schaufler)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v3 4/5] Smack: Support determination of side-channel
Date: Mon, 20 Aug 2018 17:04:43 -0700 [thread overview]
Message-ID: <20180821000444.7004-5-casey.schaufler@intel.com> (raw)
In-Reply-To: <20180821000444.7004-1-casey.schaufler@intel.com>
Smack considers its private task data safe if the current task
has read access to the passed task.
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
---
security/smack/smack_lsm.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 91750205a5de..85dc053e610c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2299,6 +2299,23 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
isp->smk_inode = skp;
}
+/**
+ * smack_task_safe_sidechannel - Are the task and current sidechannel safe?
+ * @p: task to check on
+ *
+ * A crude value for sidechannel safety is that the current task is
+ * already allowed to read from the other.
+ *
+ * Returns 0 if the tasks are sidechannel safe, -EACCES otherwise.
+ */
+static int smack_task_safe_sidechannel(struct task_struct *p)
+{
+ struct smack_known *skp = smk_of_task_struct(p);
+ struct smack_known *ckp = smk_of_task_struct(current);
+
+ return smk_access(ckp, skp, MAY_READ, NULL);
+}
+
/*
* Socket hooks.
*/
@@ -4718,6 +4735,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(task_movememory, smack_task_movememory),
LSM_HOOK_INIT(task_kill, smack_task_kill),
LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
+ LSM_HOOK_INIT(task_safe_sidechannel, smack_task_safe_sidechannel),
LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
--
2.17.1
next prev parent reply other threads:[~2018-08-21 0:05 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-21 0:04 [PATCH RFC v3 0/5] LSM: Add and use a hook for side-channel safety checks Casey Schaufler
2018-08-21 0:04 ` Casey Schaufler
2018-08-21 0:04 ` [PATCH v3 1/5] LSM: Introduce a hook for side-channel danger Casey Schaufler
2018-08-21 0:04 ` Casey Schaufler
2018-08-21 0:04 ` [PATCH v3 2/5] X86: Support LSM determination of side-channel Casey Schaufler
2018-08-21 0:04 ` Casey Schaufler
2018-08-21 0:04 ` [PATCH v3 3/5] LSM: Security module checking for side-channel dangers Casey Schaufler
2018-08-21 0:04 ` Casey Schaufler
2018-08-21 17:23 ` Jann Horn
2018-08-21 17:23 ` Jann Horn
2018-08-21 23:44 ` Schaufler, Casey
2018-08-21 23:44 ` Schaufler, Casey
2018-08-22 1:01 ` Jann Horn
2018-08-22 1:01 ` Jann Horn
2018-08-22 16:39 ` Schaufler, Casey
2018-08-22 16:39 ` Schaufler, Casey
2018-08-22 17:03 ` Jann Horn
2018-08-22 17:03 ` Jann Horn
2018-08-22 17:48 ` Schaufler, Casey
2018-08-22 17:48 ` Schaufler, Casey
2018-08-21 0:04 ` Casey Schaufler [this message]
2018-08-21 0:04 ` [PATCH v3 4/5] Smack: Support determination of side-channel Casey Schaufler
2018-08-21 0:04 ` [PATCH v3 5/5] SELinux: Support SELinux " Casey Schaufler
2018-08-21 0:04 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180821000444.7004-5-casey.schaufler@intel.com \
--to=casey.schaufler@intel.com \
--cc=arjan@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=deneen.t.dock@intel.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.