SELinux Archive on lore.kernel.org
 help / color / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com
Subject: [PATCH 51/90] LSM: Add the release function to the lsm_context
Date: Thu, 18 Apr 2019 17:45:38 -0700
Message-ID: <20190419004617.64627-52-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190419004617.64627-1-casey@schaufler-ca.com>

In order to ensure that the release function for a
lsm_context matches the LSM that allocated it an element
is added to the lsm_context structure to contain a
pointer to it. This function is called in security_release_secctx
instead of relying on a value in a hook list.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/lsm_hooks.h  |  6 ------
 include/linux/security.h   |  1 +
 security/apparmor/lsm.c    |  1 -
 security/apparmor/secid.c  | 11 ++++++-----
 security/security.c        |  5 ++++-
 security/selinux/hooks.c   | 14 ++++++++------
 security/smack/smack_lsm.c | 16 ++++++++--------
 7 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 11bfa0a4f188..1d364e211639 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1329,10 +1329,6 @@
  *	@cp contains the security context.
  *	@l contains the pointer to the generated security data.
  *
- * @release_secctx:
- *	Release the security context.
- *	@secdata contains the security context.
- *
  * Security hooks for Audit
  *
  * @audit_rule_init:
@@ -1670,7 +1666,6 @@ union security_list_options {
 	int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
 	int (*secctx_to_secid)(const struct lsm_context *cp,
 				struct lsm_export *l);
-	void (*release_secctx)(struct lsm_context *cp);
 
 	void (*inode_invalidate_secctx)(struct inode *inode);
 	int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
@@ -1947,7 +1942,6 @@ struct security_hook_heads {
 	struct hlist_head ismaclabel;
 	struct hlist_head secid_to_secctx;
 	struct hlist_head secctx_to_secid;
-	struct hlist_head release_secctx;
 	struct hlist_head inode_invalidate_secctx;
 	struct hlist_head inode_notifysecctx;
 	struct hlist_head inode_setsecctx;
diff --git a/include/linux/security.h b/include/linux/security.h
index 9a9de2bafa55..94c714310ab7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -121,6 +121,7 @@ static inline bool lsm_export_equal(struct lsm_export *l, struct lsm_export *m)
 struct lsm_context {
 	char	*context;
 	u32	len;
+	void	(*release)(struct lsm_context *cp); /* frees .context */
 };
 
 static inline void lsm_context_init(struct lsm_context *cp)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 76c409737370..771b0ae24a5f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1225,7 +1225,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 
 	LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx),
 	LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid),
-	LSM_HOOK_INIT(release_secctx, apparmor_release_secctx),
 };
 
 /*
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 9dc17903a936..30fd4ad80948 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -81,6 +81,11 @@ static inline void aa_export_secid(struct lsm_export *l, u32 secid)
 	l->apparmor = secid;
 }
 
+void apparmor_release_secctx(struct lsm_context *cp)
+{
+	kfree(cp->context);
+}
+
 int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 {
 	/* TODO: cache secctx and ref count so we don't have to recreate */
@@ -105,6 +110,7 @@ int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 		return -ENOMEM;
 
 	cp->len = len;
+	cp->release = apparmor_release_secctx;
 
 	return 0;
 }
@@ -122,11 +128,6 @@ int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
 	return 0;
 }
 
-void apparmor_release_secctx(struct lsm_context *cp)
-{
-	kfree(cp->context);
-}
-
 /**
  * aa_alloc_secid - allocate a new secid for a profile
  * @label: the label to allocate a secid for
diff --git a/security/security.c b/security/security.c
index 6588172b3ec8..c8ce190dcdda 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1987,7 +1987,10 @@ EXPORT_SYMBOL(security_secctx_to_secid);
 
 void security_release_secctx(struct lsm_context *cp)
 {
-	call_one_void_hook(release_secctx, cp);
+	if (WARN_ON(cp->release == NULL))
+		return;
+	cp->release(cp);
+	lsm_context_init(cp);
 }
 EXPORT_SYMBOL(security_release_secctx);
 
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7bf73493d10d..0e347a26c3d8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2812,6 +2812,11 @@ static void selinux_inode_free_security(struct inode *inode)
 	inode_free_security(inode);
 }
 
+static void selinux_release_secctx(struct lsm_context *cp)
+{
+	kfree(cp->context);
+}
+
 static int selinux_dentry_init_security(struct dentry *dentry, int mode,
 					const struct qstr *name,
 					struct lsm_context *cp)
@@ -2826,6 +2831,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
 	if (rc)
 		return rc;
 
+	cp->release = selinux_release_secctx;
 	return security_sid_to_context(&selinux_state, newsid, &cp->context,
 				       &cp->len);
 }
@@ -6306,6 +6312,7 @@ static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 	u32 secid;
 
 	selinux_import_secid(l, &secid);
+	cp->release = selinux_release_secctx;
 	if (l->flags & LSM_EXPORT_LENGTH)
 		return security_sid_to_context(&selinux_state, secid,
 					       NULL, &cp->len);
@@ -6325,11 +6332,6 @@ static int selinux_secctx_to_secid(const struct lsm_context *cp,
 	return rc;
 }
 
-static void selinux_release_secctx(struct lsm_context *cp)
-{
-	kfree(cp->context);
-}
-
 static void selinux_inode_invalidate_secctx(struct inode *inode)
 {
 	struct inode_security_struct *isec = selinux_inode(inode);
@@ -6367,6 +6369,7 @@ static int selinux_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
 	if (len < 0)
 		return len;
 	cp->len = len;
+	cp->release = selinux_release_secctx;
 	return 0;
 }
 #ifdef CONFIG_KEYS
@@ -6781,7 +6784,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
 	LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
 	LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
-	LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
 	LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
 	LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
 	LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1b5b3e421bff..e00346799cdf 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4425,6 +4425,12 @@ static int smack_ismaclabel(const char *name)
 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
 }
 
+/*
+ * The smack_release_secctx hook does nothing
+ */
+static void smack_release_secctx(struct lsm_context *cp)
+{
+}
 
 /**
  * smack_secid_to_secctx - return the smack label for a secid
@@ -4444,6 +4450,7 @@ static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 
 	cp->context = (l->flags & LSM_EXPORT_LENGTH) ? NULL : skp->smk_known;
 	cp->len = strlen(skp->smk_known);
+	cp->release = smack_release_secctx;
 	return 0;
 }
 
@@ -4467,13 +4474,6 @@ static int smack_secctx_to_secid(const struct lsm_context *cp,
 	return 0;
 }
 
-/*
- * The smack_release_secctx hook does nothing
- */
-static void smack_release_secctx(struct lsm_context *cp)
-{
-}
-
 static int smack_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
 {
 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, cp->context,
@@ -4491,6 +4491,7 @@ static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
 
 	cp->context = skp->smk_known;
 	cp->len = strlen(skp->smk_known);
+	cp->release = smack_release_secctx;
 	return 0;
 }
 
@@ -4713,7 +4714,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
 	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
 	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
-	LSM_HOOK_INIT(release_secctx, smack_release_secctx),
 	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
 	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
 	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
-- 
2.19.1


  parent reply index

Thread overview: 89+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-19  0:44 [PATCH 00/90] LSM: Module stacking for all Casey Schaufler
2019-04-19  0:44 ` [PATCH 01/90] LSM: Infrastructure management of the superblock Casey Schaufler
2019-04-19  0:44 ` [PATCH 02/90] LSM: Infrastructure management of the sock security Casey Schaufler
2019-04-19  0:44 ` [PATCH 03/90] LSM: Infrastructure management of the key security blob Casey Schaufler
2019-04-19  0:44 ` [PATCH 04/90] LSM: Create an lsm_export data structure Casey Schaufler
2019-04-19  0:44 ` [PATCH 05/90] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 06/90] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 07/90] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 08/90] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 09/90] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 10/90] LSM: Use lsm_export in the audit_rule_match hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 11/90] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-04-19  0:44 ` [PATCH 12/90] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 13/90] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 14/90] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-04-19  0:45 ` [PATCH 15/90] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-04-19  0:45 ` [PATCH 16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-04-19  0:45 ` [PATCH 17/90] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-04-19  0:45 ` [PATCH 18/90] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 19/90] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 20/90] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 21/90] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 22/90] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 23/90] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-04-19  0:45 ` [PATCH 24/90] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-04-19  0:45 ` [PATCH 25/90] Audit: Convert osid " Casey Schaufler
2019-04-19  0:45 ` [PATCH 26/90] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-04-19  0:45 ` [PATCH 27/90] NET: Change the UNIXCB from a secid to an lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 28/90] NET: Remove scaffolding on secmarks Casey Schaufler
2019-04-19  0:45 ` [PATCH 29/90] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-04-19  0:45 ` [PATCH 30/90] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 31/90] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 32/90] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-04-19  0:45 ` [PATCH 33/90] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 34/90] Smack: Restore the release_secctx hook Casey Schaufler
2019-04-19  0:45 ` [PATCH 35/90] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-04-19  0:45 ` [PATCH 36/90] LSM: Limit calls to certain module hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 37/90] LSM: Create a data structure for a security context Casey Schaufler
2019-04-19  0:45 ` [PATCH 38/90] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 39/90] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 40/90] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 41/90] LSM: Use lsm_context in inode_notifysecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 42/90] LSM: Use lsm_context in dentry_init_security hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security Casey Schaufler
2019-04-19  0:45 ` [PATCH 44/90] LSM: Use lsm_context in security_inode_notifysecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 45/90] LSM: Use lsm_context in security_inode_getsecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 46/90] LSM: Use lsm_context in security_secctx_to_secid Casey Schaufler
2019-04-19  0:45 ` [PATCH 47/90] LSM: Use lsm_context in release_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 48/90] LSM: Use lsm_context in security_release_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 49/90] LSM: Use lsm_context in security_secid_to_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 50/90] fs: remove lsm_context scaffolding Casey Schaufler
2019-04-19  0:45 ` Casey Schaufler [this message]
2019-04-19  0:45 ` [PATCH 52/90] LSM: Use lsm_context in inode_setsecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 53/90] LSM: Use lsm_context in security_inode_setsecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 54/90] kernfs: remove lsm_context scaffolding Casey Schaufler
2019-04-19  0:45 ` [PATCH 55/90] LSM: Remove unused macro Casey Schaufler
2019-04-19  0:45 ` [PATCH 56/90] LSM: Special handling for secctx lsm hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 57/90] SELinux: Use blob offset in current_sid Casey Schaufler
2019-04-19  0:45 ` [PATCH 58/90] LSM: Specify which LSM to display Casey Schaufler
2019-04-19  0:45 ` [PATCH 59/90] AppArmor: Remove the exclusive flag Casey Schaufler
2019-04-19  0:45 ` [PATCH 60/90] LSM: Add secmark_relabel_packet to the set of one call hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 61/90] LSM: Make getting the secmark right cleaner Casey Schaufler
2019-04-19  0:45 ` [PATCH 62/90] netfilter: Fix memory leak introduced with lsm_context Casey Schaufler
2019-04-19  0:45 ` [PATCH 63/90] Smack: Consolidate secmark conversions Casey Schaufler
2019-04-19  0:45 ` [PATCH 64/90] netfilter: Remove unnecessary NULL check in lsm_context Casey Schaufler
2019-04-19  0:45 ` [PATCH 65/90] LSM: Add secmark refcounting to call_one list Casey Schaufler
2019-04-19  0:45 ` [PATCH 66/90] LSM: refactor security_setprocattr Casey Schaufler
2019-04-19  0:45 ` [PATCH 67/90] Smack: Detect if secmarks can be safely used Casey Schaufler
2019-04-19  0:45 ` [PATCH 68/90] LSM: Support multiple LSMs using inode_init_security Casey Schaufler
2019-04-19  0:45 ` [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx Casey Schaufler
2019-04-22 13:13   ` Tetsuo Handa
2019-04-22 20:45     ` Casey Schaufler
2019-04-22 21:01       ` Tetsuo Handa
2019-04-19  0:45 ` [PATCH 70/90] LSM: Correct handling of ENOSYS in inode_setxattr Casey Schaufler
2019-04-19  0:45 ` [PATCH 71/90] LSM: Infrastructure security blobs for mount options Casey Schaufler
2019-04-19  0:45 ` [PATCH 72/90] LSM: Fix for security_init_inode_security Casey Schaufler
2019-04-19  0:46 ` [PATCH 73/90] Smack: Advertise the secid to netlabel Casey Schaufler
2019-04-19  0:46 ` [PATCH 74/90] LSM: Change error detection for UDP peer security Casey Schaufler
2019-04-19  0:46 ` [PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags Casey Schaufler
2019-04-19  0:46 ` [PATCH 76/90] Smack: Set netlabel flags properly on new label import Casey Schaufler
2019-04-19  0:46 ` [PATCH 77/90] Netlabel: Add a secattr comparison API function Casey Schaufler
2019-04-19  0:46 ` [PATCH 78/90] Smack: Let netlabel do the work on the ambient domain Casey Schaufler
2019-04-19  0:46 ` [PATCH 79/90] Smack: Don't set the socket label on each send Casey Schaufler
2019-04-19  0:46 ` [PATCH 80/90] Smack: Let netlabel do the work on connections Casey Schaufler
2019-04-19  0:46 ` [PATCH 81/90] Netlabel: Return the labeling type on socket Casey Schaufler
2019-04-19 15:27 ` [PATCH 00/90] LSM: Module stacking for all Stephen Smalley
2019-04-21 17:31   ` Casey Schaufler
2019-04-22 12:46     ` Stephen Smalley
2019-04-22 16:10       ` Casey Schaufler

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190419004617.64627-52-casey@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=casey.schaufler@intel.com \
    --cc=jmorris@namei.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox