From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS
Date: Tue, 9 Apr 2019 12:58:52 -0700 [thread overview]
Message-ID: <20190409195924.1509-28-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190409195924.1509-1-casey@schaufler-ca.com>
UNIX domain socket connections don't have sufficient
space in the socket buffer (skb) secmark for more than
one Linux security module (LSM) to pass data. Expanding
the secmark has been ruled out as an option. Store the
necessary data in the socket security blob pointed to
by the skb socket.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/security.h | 20 +++++++++++++++++++-
net/unix/af_unix.c | 14 ++++++++------
security/security.c | 17 ++++++++++++++++-
3 files changed, 43 insertions(+), 8 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index e76d7a9dbe50..c413dcc1905a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -71,6 +71,7 @@ struct ctl_table;
struct audit_krule;
struct user_namespace;
struct timezone;
+struct sk_buff;
enum lsm_event {
LSM_POLICY_CHANGE,
@@ -100,6 +101,22 @@ static inline bool lsm_export_any(struct lsm_export *l)
((l->flags & LSM_EXPORT_APPARMOR) && l->apparmor));
}
+static inline bool lsm_export_equal(struct lsm_export *l, struct lsm_export *m)
+{
+ if (l->flags != m->flags || l->flags == LSM_EXPORT_NONE)
+ return false;
+ if (l->flags & LSM_EXPORT_SELINUX &&
+ (l->selinux != m->selinux || l->selinux == 0))
+ return false;
+ if (l->flags & LSM_EXPORT_SMACK &&
+ (l->smack != m->smack || l->smack == 0))
+ return false;
+ if (l->flags & LSM_EXPORT_APPARMOR &&
+ (l->apparmor != m->apparmor || l->apparmor == 0))
+ return false;
+ return true;
+}
+
/**
* lsm_export_secid - pull the useful secid out of a lsm_export
* @data: the containing data structure
@@ -143,6 +160,8 @@ static inline void lsm_export_to_all(struct lsm_export *data, u32 secid)
LSM_EXPORT_APPARMOR;
}
+extern struct lsm_export *lsm_export_skb(struct sk_buff *skb);
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
@@ -174,7 +193,6 @@ extern int cap_task_setnice(struct task_struct *p, int nice);
extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
struct msghdr;
-struct sk_buff;
struct sock;
struct sockaddr;
struct socket;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 4d4107927ba2..afe9c9f1adeb 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -143,21 +143,23 @@ static struct hlist_head *unix_sockets_unbound(void *addr)
#ifdef CONFIG_SECURITY_NETWORK
static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- lsm_export_secid(&scm->le, &(UNIXCB(skb).secid));
+ struct lsm_export *ble = lsm_export_skb(skb);
+
+ *ble = scm->le;
}
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{
- lsm_export_to_all(&scm->le, UNIXCB(skb).secid);
+ struct lsm_export *ble = lsm_export_skb(skb);
+
+ scm->le = *ble;
}
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
{
- u32 best_secid;
-
- lsm_export_secid(&scm->le, &best_secid);
- return (best_secid == UNIXCB(skb).secid);
+ return lsm_export_equal(&scm->le, lsm_export_skb(skb));
}
+
#else
static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
{ }
diff --git a/security/security.c b/security/security.c
index 69983ad68233..015c38c882ba 100644
--- a/security/security.c
+++ b/security/security.c
@@ -46,7 +46,22 @@ static struct kmem_cache *lsm_file_cache;
static struct kmem_cache *lsm_inode_cache;
char *lsm_names;
-static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;
+
+/* Socket blobs include infrastructure managed data */
+static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = {
+ .lbs_sock = sizeof(struct lsm_export),
+};
+
+/**
+ * lsm_export_skb - pointer to the lsm_export associated with the skb
+ * @skb: the socket buffer
+ *
+ * Returns a pointer to the LSM managed data.
+ */
+struct lsm_export *lsm_export_skb(struct sk_buff *skb)
+{
+ return skb->sk->sk_security;
+}
/* Boot-time LSM user choice */
static __initdata const char *chosen_lsm_order;
--
2.19.1
next prev parent reply other threads:[~2019-04-09 20:00 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-09 19:58 [PATCH 00/59] LSM: Module stacking for AppArmor Casey Schaufler
2019-04-09 19:58 ` [PATCH 01/59] LSM: Infrastructure management of the superblock Casey Schaufler
2019-04-09 19:58 ` [PATCH 02/59] LSM: Infrastructure management of the sock security Casey Schaufler
2019-04-09 19:58 ` [PATCH 03/59] LSM: Infrastructure management of the key security blob Casey Schaufler
2019-04-09 19:58 ` [PATCH 04/59] LSM: Create an lsm_export data structure Casey Schaufler
2019-04-09 19:58 ` [PATCH 05/59] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 06/59] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 07/59] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 08/59] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 09/59] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 10/59] LSM: Use lsm_export in the audit_rule_match hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 11/59] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-04-09 19:58 ` [PATCH 12/59] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 13/59] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-04-09 19:58 ` [PATCH 14/59] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-04-09 19:58 ` [PATCH 15/59] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-04-09 19:58 ` [PATCH 16/59] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-04-09 19:58 ` [PATCH 17/59] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-04-09 19:58 ` [PATCH 18/59] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-04-09 19:58 ` [PATCH 19/59] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-04-09 19:58 ` [PATCH 20/59] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-04-09 19:58 ` [PATCH 21/59] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-04-09 19:58 ` [PATCH 22/59] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-04-09 19:58 ` [PATCH 23/59] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-04-09 19:58 ` [PATCH 24/59] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-04-09 19:58 ` [PATCH 25/59] Audit: Convert osid " Casey Schaufler
2019-04-09 19:58 ` [PATCH 26/59] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-04-09 19:58 ` Casey Schaufler [this message]
2019-04-09 19:58 ` [PATCH 28/59] NET: Remove scaffolding on secmarks Casey Schaufler
2019-04-09 19:58 ` [PATCH 29/59] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-04-09 19:58 ` [PATCH 30/59] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-04-09 19:58 ` [PATCH 31/59] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-04-09 19:58 ` [PATCH 32/59] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-04-09 19:58 ` [PATCH 33/59] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-04-09 19:58 ` [PATCH 34/59] Smack: Restore the release_secctx hook Casey Schaufler
2019-04-09 19:59 ` [PATCH 35/59] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-04-09 19:59 ` [PATCH 36/59] LSM: Limit calls to certain module hooks Casey Schaufler
2019-04-09 19:59 ` [PATCH 37/59] LSM: Create a data structure for a security context Casey Schaufler
2019-04-09 19:59 ` [PATCH 38/59] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-04-09 19:59 ` [PATCH 39/59] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-04-09 19:59 ` [PATCH 40/59] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
-- strict thread matches above, loose matches on Subject: below --
2019-04-09 21:38 [PATCH 00/59] LSM: Module stacking for AppArmor Casey Schaufler
2019-04-09 21:39 ` [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS Casey Schaufler
2019-04-10 12:28 ` Stephen Smalley
2019-04-09 19:17 [PATCH 00/59] LSM: Module stacking for AppArmor Casey Schaufler
2019-04-09 19:18 ` [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190409195924.1509-28-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.