From: Casey Schaufler <casey@schaufler-ca.com>
To: jmorris@namei.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Cc: keescook@chromium.org, john.johansen@canonical.com,
penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com
Subject: [PATCH 78/97] LSM: Infrastructure security blobs for mount options
Date: Thu, 28 Feb 2019 14:43:37 -0800 [thread overview]
Message-ID: <20190228224356.2608-9-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190228224356.2608-1-casey@schaufler-ca.com>
Manage LSM data for mount options in the infrastructure
rather than in the individual modules.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 5 +++++
security/security.c | 18 ++++++++++++++++++
security/selinux/hooks.c | 31 ++++++++++++++++++-------------
security/smack/smack_lsm.c | 19 +++++++++++++------
4 files changed, 54 insertions(+), 19 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 4020e13f0669..58e5465fdd79 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2046,6 +2046,7 @@ struct lsm_blob_sizes {
int lbs_key;
int lbs_msg_msg;
int lbs_task;
+ int lbs_mnt_opts;
};
/*
@@ -2119,4 +2120,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
extern int lsm_inode_alloc(struct inode *inode);
+#ifdef CONFIG_SECURITY
+void *lsm_mnt_opts_alloc(void);
+#endif
+
#endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/security/security.c b/security/security.c
index 105b5ee22bcf..780c914df9fb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -194,6 +194,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
#ifdef CONFIG_KEYS
lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
#endif
+ lsm_set_blob_size(&needed->lbs_mnt_opts, &blob_sizes.lbs_mnt_opts);
lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
@@ -328,6 +329,7 @@ static void __init ordered_lsm_init(void)
#ifdef CONFIG_KEYS
init_debug("key blob size = %d\n", blob_sizes.lbs_key);
#endif /* CONFIG_KEYS */
+ init_debug("mnt_opts blob size = %d\n", blob_sizes.lbs_mnt_opts);
init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
@@ -738,6 +740,21 @@ int lsm_superblock_alloc(struct super_block *sb)
return 0;
}
+/**
+ * lsm_mnt_opts_alloc - allocate a composite mnt_opts blob
+ *
+ * Allocate the mount options blob
+ *
+ * Returns the blob, or NULL if memory can't be allocated.
+ */
+void *lsm_mnt_opts_alloc(void)
+{
+ if (blob_sizes.lbs_mnt_opts == 0)
+ return NULL;
+
+ return kzalloc(blob_sizes.lbs_mnt_opts, GFP_KERNEL);
+}
+
/*
* Hook list operation macros.
*
@@ -941,6 +958,7 @@ void security_free_mnt_opts(void **mnt_opts)
if (!*mnt_opts)
return;
call_void_hook(sb_free_mnt_opts, *mnt_opts);
+ kfree(*mnt_opts);
*mnt_opts = NULL;
}
EXPORT_SYMBOL(security_free_mnt_opts);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 501aed18f100..e149be6226d6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -381,14 +381,20 @@ struct selinux_mnt_opts {
const char *fscontext, *context, *rootcontext, *defcontext;
};
+static void *selinux_mnt_opts(void *mnt_opts)
+{
+ if (mnt_opts)
+ return mnt_opts + selinux_blob_sizes.lbs_mnt_opts;
+ return NULL;
+}
+
static void selinux_free_mnt_opts(void *mnt_opts)
{
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
kfree(opts->fscontext);
kfree(opts->context);
kfree(opts->rootcontext);
kfree(opts->defcontext);
- kfree(opts);
}
static inline int inode_doinit(struct inode *inode)
@@ -614,7 +620,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
const struct cred *cred = current_cred();
struct superblock_security_struct *sbsec = selinux_superblock(sb);
struct dentry *root = sbsec->sb->s_root;
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
struct inode_security_struct *root_isec;
u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
u32 defcontext_sid = 0;
@@ -629,7 +635,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
server is ready to handle calls. */
goto out;
}
- rc = -EINVAL;
+ /* Don't set any SELinux options. Allow any other LSM
+ that's on the stack to do so. */
pr_warn("SELinux: Unable to set superblock options "
"before the security server is initialized\n");
goto out;
@@ -953,16 +960,17 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
static int selinux_add_opt(int token, const char *s, void **mnt_opts)
{
- struct selinux_mnt_opts *opts = *mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(*mnt_opts);
if (token == Opt_seclabel) /* eaten and completely ignored */
return 0;
if (!opts) {
- opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
+ opts = lsm_mnt_opts_alloc();
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
+ opts = selinux_mnt_opts(opts);
}
if (!s)
return -ENOMEM;
@@ -1015,10 +1023,8 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len,
rc = selinux_add_opt(token, val, mnt_opts);
if (unlikely(rc)) {
kfree(val);
- if (*mnt_opts) {
+ if (*mnt_opts)
selinux_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
- }
}
return rc;
}
@@ -2583,10 +2589,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
rc = selinux_add_opt(token, arg, mnt_opts);
if (unlikely(rc)) {
kfree(arg);
- if (*mnt_opts) {
+ if (*mnt_opts)
selinux_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
- }
return rc;
}
} else {
@@ -2609,7 +2613,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
{
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
struct superblock_security_struct *sbsec = selinux_superblock(sb);
u32 sid;
int rc;
@@ -6532,6 +6536,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
#ifdef CONFIG_KEYS
.lbs_key = sizeof(struct key_security_struct),
#endif /* CONFIG_KEYS */
+ .lbs_mnt_opts = sizeof(struct selinux_mnt_opts),
.lbs_msg_msg = sizeof(struct msg_security_struct),
.lbs_sock = sizeof(struct sk_security_struct),
.lbs_superblock = sizeof(struct superblock_security_struct),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c84c71a31b80..f1e0f1378666 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -573,26 +573,33 @@ struct smack_mnt_opts {
const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
};
+static void *smack_mnt_opts(void *opts)
+{
+ if (opts)
+ return opts + smack_blob_sizes.lbs_mnt_opts;
+ return NULL;
+}
+
static void smack_free_mnt_opts(void *mnt_opts)
{
- struct smack_mnt_opts *opts = mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts);
kfree(opts->fsdefault);
kfree(opts->fsfloor);
kfree(opts->fshat);
kfree(opts->fsroot);
kfree(opts->fstransmute);
- kfree(opts);
}
static int smack_add_opt(int token, const char *s, void **mnt_opts)
{
- struct smack_mnt_opts *opts = *mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(*mnt_opts);
if (!opts) {
- opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
+ opts = lsm_mnt_opts_alloc();
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
+ opts = smack_mnt_opts(opts);
}
if (!s)
return -ENOMEM;
@@ -654,7 +661,6 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
kfree(arg);
if (*mnt_opts)
smack_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
return rc;
}
} else {
@@ -697,7 +703,7 @@ static int smack_set_mnt_opts(struct super_block *sb,
struct superblock_smack *sp = smack_superblock(sb);
struct inode_smack *isp;
struct smack_known *skp;
- struct smack_mnt_opts *opts = mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts);
bool transmute = false;
if (sp->smk_flags & SMK_SB_INITIALIZED)
@@ -4501,6 +4507,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
#ifdef CONFIG_KEYS
.lbs_key = sizeof(struct smack_known *),
#endif /* CONFIG_KEYS */
+ .lbs_mnt_opts = sizeof(struct smack_mnt_opts),
.lbs_msg_msg = sizeof(struct smack_known *),
.lbs_sock = sizeof(struct socket_smack),
.lbs_superblock = sizeof(struct superblock_smack),
--
2.17.0
next prev parent reply other threads:[~2019-02-28 22:44 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 22:43 [PATCH 00/97] LSM: Complete module stacking Casey Schaufler
2019-02-28 22:43 ` [PATCH 71/97] LSM: Add secmark refcounting to call_one list Casey Schaufler
2019-02-28 22:43 ` [PATCH 72/97] LSM: Add secmark refcounting to call_one list - part 2 Casey Schaufler
2019-02-28 22:43 ` [PATCH 73/97] LSM: refactor security_setprocattr Casey Schaufler
2019-02-28 22:43 ` [PATCH 74/97] Smack: Detect if secmarks can be safely used Casey Schaufler
2019-02-28 22:43 ` [PATCH 75/97] LSM: Support multiple LSMs using inode_init_security Casey Schaufler
2019-02-28 22:43 ` [PATCH 76/97] LSM: Use full security context in security_inode_setsecctx Casey Schaufler
2019-02-28 22:43 ` [PATCH 77/97] LSM: Correct handling of ENOSYS in inode_setxattr Casey Schaufler
2019-02-28 22:43 ` Casey Schaufler [this message]
2019-02-28 22:43 ` [PATCH 79/97] LSM: Fix for security_init_inode_security Casey Schaufler
2019-02-28 22:43 ` [PATCH 80/97] Smack: Advertise the secid to netlabel Casey Schaufler
2019-02-28 22:43 ` [PATCH 81/97] LSM: Change error detection for UDP peer security Casey Schaufler
2019-02-28 22:43 ` [PATCH 82/97] Smack: Fix setting of the CIPSO MLS_CAT flags Casey Schaufler
2019-02-28 22:43 ` [PATCH 83/97] Smack: Set netlabel flags properly on new label import Casey Schaufler
2019-02-28 22:43 ` [PATCH 84/97] Netlabel: Add a secattr comparison API function Casey Schaufler
2019-02-28 22:43 ` [PATCH 85/97] Smack: Let netlabel do the work on the ambient domain Casey Schaufler
2019-02-28 22:43 ` [PATCH 86/97] Smack: Don't set the socket label on each send Casey Schaufler
2019-02-28 22:43 ` [PATCH 87/97] Smack: Let netlabel do the work on connections Casey Schaufler
2019-02-28 22:43 ` [PATCH 88/97] Netlabel: Return the labeling type on socket Casey Schaufler
2019-02-28 22:43 ` [PATCH 89/97] " Casey Schaufler
2019-02-28 22:43 ` [PATCH 90/97] " Casey Schaufler
2019-02-28 22:43 ` [PATCH 91/97] " Casey Schaufler
2019-02-28 22:43 ` [PATCH 92/97] LSM: Remember the NLTYPE of netlabel sockets Casey Schaufler
2019-02-28 22:43 ` [PATCH 93/97] Smack: Use the NLTYPE on output Casey Schaufler
2019-02-28 22:43 ` [PATCH 94/97] LSM: Hook for netlabel reconciliation Casey Schaufler
2019-02-28 22:43 ` [PATCH 95/97] LSM: Avoid network conflicts in SELinux and Smack Casey Schaufler
2019-02-28 22:43 ` [PATCH 96/97] LSM: Apply Netlabel consitancy checks on send and connect Casey Schaufler
2019-02-28 22:43 ` [PATCH 97/97] Smack: Remove the exclusive bit Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228224356.2608-9-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).