From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com
Subject: [PATCH 71/90] LSM: Infrastructure security blobs for mount options
Date: Thu, 18 Apr 2019 17:45:58 -0700 [thread overview]
Message-ID: <20190419004617.64627-72-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190419004617.64627-1-casey@schaufler-ca.com>
Manage LSM data for mount options in the infrastructure
rather than in the individual modules.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm_hooks.h | 5 +++++
security/security.c | 18 ++++++++++++++++++
security/selinux/hooks.c | 31 ++++++++++++++++++-------------
security/smack/smack_lsm.c | 19 +++++++++++++------
4 files changed, 54 insertions(+), 19 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5135b8d1d759..34f98cfe2ffd 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2066,6 +2066,7 @@ struct lsm_blob_sizes {
int lbs_key;
int lbs_msg_msg;
int lbs_task;
+ int lbs_mnt_opts;
};
/*
@@ -2139,4 +2140,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
extern int lsm_inode_alloc(struct inode *inode);
+#ifdef CONFIG_SECURITY
+void *lsm_mnt_opts_alloc(void);
+#endif
+
#endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/security/security.c b/security/security.c
index f1e2ffe81829..63b001e60b59 100644
--- a/security/security.c
+++ b/security/security.c
@@ -177,6 +177,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
#ifdef CONFIG_KEYS
lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
#endif
+ lsm_set_blob_size(&needed->lbs_mnt_opts, &blob_sizes.lbs_mnt_opts);
lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
@@ -315,6 +316,7 @@ static void __init ordered_lsm_init(void)
#ifdef CONFIG_KEYS
init_debug("key blob size = %d\n", blob_sizes.lbs_key);
#endif /* CONFIG_KEYS */
+ init_debug("mnt_opts blob size = %d\n", blob_sizes.lbs_mnt_opts);
init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
@@ -726,6 +728,21 @@ int lsm_superblock_alloc(struct super_block *sb)
return 0;
}
+/**
+ * lsm_mnt_opts_alloc - allocate a composite mnt_opts blob
+ *
+ * Allocate the mount options blob
+ *
+ * Returns the blob, or NULL if memory can't be allocated.
+ */
+void *lsm_mnt_opts_alloc(void)
+{
+ if (blob_sizes.lbs_mnt_opts == 0)
+ return NULL;
+
+ return kzalloc(blob_sizes.lbs_mnt_opts, GFP_KERNEL);
+}
+
/*
* Hook list operation macros.
*
@@ -939,6 +956,7 @@ void security_free_mnt_opts(void **mnt_opts)
if (!*mnt_opts)
return;
call_void_hook(sb_free_mnt_opts, *mnt_opts);
+ kfree(*mnt_opts);
*mnt_opts = NULL;
}
EXPORT_SYMBOL(security_free_mnt_opts);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 17ba47f9f4e2..86578f7de131 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -383,14 +383,20 @@ struct selinux_mnt_opts {
const char *fscontext, *context, *rootcontext, *defcontext;
};
+static void *selinux_mnt_opts(void *mnt_opts)
+{
+ if (mnt_opts)
+ return mnt_opts + selinux_blob_sizes.lbs_mnt_opts;
+ return NULL;
+}
+
static void selinux_free_mnt_opts(void *mnt_opts)
{
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
kfree(opts->fscontext);
kfree(opts->context);
kfree(opts->rootcontext);
kfree(opts->defcontext);
- kfree(opts);
}
static inline int inode_doinit(struct inode *inode)
@@ -638,7 +644,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
const struct cred *cred = current_cred();
struct superblock_security_struct *sbsec = selinux_superblock(sb);
struct dentry *root = sbsec->sb->s_root;
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
struct inode_security_struct *root_isec;
u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
u32 defcontext_sid = 0;
@@ -653,7 +659,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
server is ready to handle calls. */
goto out;
}
- rc = -EINVAL;
+ /* Don't set any SELinux options. Allow any other LSM
+ that's on the stack to do so. */
pr_warn("SELinux: Unable to set superblock options "
"before the security server is initialized\n");
goto out;
@@ -980,16 +987,17 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
static int selinux_add_opt(int token, const char *s, void **mnt_opts)
{
- struct selinux_mnt_opts *opts = *mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(*mnt_opts);
if (token == Opt_seclabel) /* eaten and completely ignored */
return 0;
if (!opts) {
- opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
+ opts = lsm_mnt_opts_alloc();
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
+ opts = selinux_mnt_opts(opts);
}
if (!s)
return -ENOMEM;
@@ -1042,10 +1050,8 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len,
rc = selinux_add_opt(token, val, mnt_opts);
if (unlikely(rc)) {
kfree(val);
- if (*mnt_opts) {
+ if (*mnt_opts)
selinux_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
- }
}
return rc;
}
@@ -2611,10 +2617,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
rc = selinux_add_opt(token, arg, mnt_opts);
if (unlikely(rc)) {
kfree(arg);
- if (*mnt_opts) {
+ if (*mnt_opts)
selinux_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
- }
return rc;
}
} else {
@@ -2637,7 +2641,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
{
- struct selinux_mnt_opts *opts = mnt_opts;
+ struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts);
struct superblock_security_struct *sbsec = selinux_superblock(sb);
u32 sid;
int rc;
@@ -6641,6 +6645,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
#ifdef CONFIG_KEYS
.lbs_key = sizeof(struct key_security_struct),
#endif /* CONFIG_KEYS */
+ .lbs_mnt_opts = sizeof(struct selinux_mnt_opts),
.lbs_msg_msg = sizeof(struct msg_security_struct),
.lbs_sock = sizeof(struct sk_security_struct),
.lbs_superblock = sizeof(struct superblock_security_struct),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0e2f68e5b895..3fd46cd2c4b1 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -574,26 +574,33 @@ struct smack_mnt_opts {
const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
};
+static void *smack_mnt_opts(void *opts)
+{
+ if (opts)
+ return opts + smack_blob_sizes.lbs_mnt_opts;
+ return NULL;
+}
+
static void smack_free_mnt_opts(void *mnt_opts)
{
- struct smack_mnt_opts *opts = mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts);
kfree(opts->fsdefault);
kfree(opts->fsfloor);
kfree(opts->fshat);
kfree(opts->fsroot);
kfree(opts->fstransmute);
- kfree(opts);
}
static int smack_add_opt(int token, const char *s, void **mnt_opts)
{
- struct smack_mnt_opts *opts = *mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(*mnt_opts);
if (!opts) {
- opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
+ opts = lsm_mnt_opts_alloc();
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
+ opts = smack_mnt_opts(opts);
}
if (!s)
return -ENOMEM;
@@ -741,7 +748,6 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
kfree(arg);
if (*mnt_opts)
smack_free_mnt_opts(*mnt_opts);
- *mnt_opts = NULL;
return rc;
}
} else {
@@ -784,7 +790,7 @@ static int smack_set_mnt_opts(struct super_block *sb,
struct superblock_smack *sp = smack_superblock(sb);
struct inode_smack *isp;
struct smack_known *skp;
- struct smack_mnt_opts *opts = mnt_opts;
+ struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts);
bool transmute = false;
if (sp->smk_flags & SMK_SB_INITIALIZED)
@@ -4586,6 +4592,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
#ifdef CONFIG_KEYS
.lbs_key = sizeof(struct smack_known *),
#endif /* CONFIG_KEYS */
+ .lbs_mnt_opts = sizeof(struct smack_mnt_opts),
.lbs_msg_msg = sizeof(struct smack_known *),
.lbs_sock = sizeof(struct socket_smack),
.lbs_superblock = sizeof(struct superblock_smack),
--
2.19.1
next prev parent reply other threads:[~2019-04-19 0:49 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-19 0:44 [PATCH 00/90] LSM: Module stacking for all Casey Schaufler
2019-04-19 0:44 ` [PATCH 01/90] LSM: Infrastructure management of the superblock Casey Schaufler
2019-04-19 0:44 ` [PATCH 02/90] LSM: Infrastructure management of the sock security Casey Schaufler
2019-04-19 0:44 ` [PATCH 03/90] LSM: Infrastructure management of the key security blob Casey Schaufler
2019-04-19 0:44 ` [PATCH 04/90] LSM: Create an lsm_export data structure Casey Schaufler
2019-04-19 0:44 ` [PATCH 05/90] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 06/90] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 07/90] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 08/90] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 09/90] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 10/90] LSM: Use lsm_export in the audit_rule_match hooks Casey Schaufler
2019-04-19 0:44 ` [PATCH 11/90] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-04-19 0:44 ` [PATCH 12/90] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 13/90] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 14/90] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-04-19 0:45 ` [PATCH 15/90] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-04-19 0:45 ` [PATCH 16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-04-19 0:45 ` [PATCH 17/90] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-04-19 0:45 ` [PATCH 18/90] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 19/90] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-04-19 0:45 ` [PATCH 20/90] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-04-19 0:45 ` [PATCH 21/90] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-04-19 0:45 ` [PATCH 22/90] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-04-19 0:45 ` [PATCH 23/90] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-04-19 0:45 ` [PATCH 24/90] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-04-19 0:45 ` [PATCH 25/90] Audit: Convert osid " Casey Schaufler
2019-04-19 0:45 ` [PATCH 26/90] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-04-19 0:45 ` [PATCH 27/90] NET: Change the UNIXCB from a secid to an lsm_export Casey Schaufler
2019-04-19 0:45 ` [PATCH 28/90] NET: Remove scaffolding on secmarks Casey Schaufler
2019-04-19 0:45 ` [PATCH 29/90] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-04-19 0:45 ` [PATCH 30/90] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-04-19 0:45 ` [PATCH 31/90] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-04-19 0:45 ` [PATCH 32/90] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-04-19 0:45 ` [PATCH 33/90] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-04-19 0:45 ` [PATCH 34/90] Smack: Restore the release_secctx hook Casey Schaufler
2019-04-19 0:45 ` [PATCH 35/90] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-04-19 0:45 ` [PATCH 36/90] LSM: Limit calls to certain module hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 37/90] LSM: Create a data structure for a security context Casey Schaufler
2019-04-19 0:45 ` [PATCH 38/90] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 39/90] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 40/90] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 41/90] LSM: Use lsm_context in inode_notifysecctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 42/90] LSM: Use lsm_context in dentry_init_security hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security Casey Schaufler
2019-04-19 0:45 ` [PATCH 44/90] LSM: Use lsm_context in security_inode_notifysecctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 45/90] LSM: Use lsm_context in security_inode_getsecctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 46/90] LSM: Use lsm_context in security_secctx_to_secid Casey Schaufler
2019-04-19 0:45 ` [PATCH 47/90] LSM: Use lsm_context in release_secctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 48/90] LSM: Use lsm_context in security_release_secctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 49/90] LSM: Use lsm_context in security_secid_to_secctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 50/90] fs: remove lsm_context scaffolding Casey Schaufler
2019-04-19 0:45 ` [PATCH 51/90] LSM: Add the release function to the lsm_context Casey Schaufler
2019-04-19 0:45 ` [PATCH 52/90] LSM: Use lsm_context in inode_setsecctx hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 53/90] LSM: Use lsm_context in security_inode_setsecctx Casey Schaufler
2019-04-19 0:45 ` [PATCH 54/90] kernfs: remove lsm_context scaffolding Casey Schaufler
2019-04-19 0:45 ` [PATCH 55/90] LSM: Remove unused macro Casey Schaufler
2019-04-19 0:45 ` [PATCH 56/90] LSM: Special handling for secctx lsm hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 57/90] SELinux: Use blob offset in current_sid Casey Schaufler
2019-04-19 0:45 ` [PATCH 58/90] LSM: Specify which LSM to display Casey Schaufler
2019-04-19 0:45 ` [PATCH 59/90] AppArmor: Remove the exclusive flag Casey Schaufler
2019-04-19 0:45 ` [PATCH 60/90] LSM: Add secmark_relabel_packet to the set of one call hooks Casey Schaufler
2019-04-19 0:45 ` [PATCH 61/90] LSM: Make getting the secmark right cleaner Casey Schaufler
2019-04-19 0:45 ` [PATCH 62/90] netfilter: Fix memory leak introduced with lsm_context Casey Schaufler
2019-04-19 0:45 ` [PATCH 63/90] Smack: Consolidate secmark conversions Casey Schaufler
2019-04-19 0:45 ` [PATCH 64/90] netfilter: Remove unnecessary NULL check in lsm_context Casey Schaufler
2019-04-19 0:45 ` [PATCH 65/90] LSM: Add secmark refcounting to call_one list Casey Schaufler
2019-04-19 0:45 ` [PATCH 66/90] LSM: refactor security_setprocattr Casey Schaufler
2019-04-19 0:45 ` [PATCH 67/90] Smack: Detect if secmarks can be safely used Casey Schaufler
2019-04-19 0:45 ` [PATCH 68/90] LSM: Support multiple LSMs using inode_init_security Casey Schaufler
2019-04-19 0:45 ` [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx Casey Schaufler
2019-04-22 13:13 ` Tetsuo Handa
2019-04-22 20:45 ` Casey Schaufler
2019-04-22 21:01 ` Tetsuo Handa
2019-04-19 0:45 ` [PATCH 70/90] LSM: Correct handling of ENOSYS in inode_setxattr Casey Schaufler
2019-04-19 0:45 ` Casey Schaufler [this message]
2019-04-19 0:45 ` [PATCH 72/90] LSM: Fix for security_init_inode_security Casey Schaufler
2019-04-19 0:46 ` [PATCH 73/90] Smack: Advertise the secid to netlabel Casey Schaufler
2019-04-19 0:46 ` [PATCH 74/90] LSM: Change error detection for UDP peer security Casey Schaufler
2019-04-19 0:46 ` [PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags Casey Schaufler
2019-04-19 0:46 ` [PATCH 76/90] Smack: Set netlabel flags properly on new label import Casey Schaufler
2019-04-19 0:46 ` [PATCH 77/90] Netlabel: Add a secattr comparison API function Casey Schaufler
2019-04-19 0:46 ` [PATCH 78/90] Smack: Let netlabel do the work on the ambient domain Casey Schaufler
2019-04-19 0:46 ` [PATCH 79/90] Smack: Don't set the socket label on each send Casey Schaufler
2019-04-19 0:46 ` [PATCH 80/90] Smack: Let netlabel do the work on connections Casey Schaufler
2019-04-19 0:46 ` [PATCH 81/90] Netlabel: Return the labeling type on socket Casey Schaufler
2019-04-19 15:27 ` [PATCH 00/90] LSM: Module stacking for all Stephen Smalley
2019-04-21 17:31 ` Casey Schaufler
2019-04-22 12:46 ` Stephen Smalley
2019-04-22 16:10 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190419004617.64627-72-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).