From: John Johansen <john.johansen@canonical.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, sds@tycho.nsa.gov
Subject: Re: [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid
Date: Wed, 26 Jun 2019 16:57:34 -0700 [thread overview]
Message-ID: <d5e22394-2f4c-5d38-6c28-1594f7587e68@canonical.com> (raw)
In-Reply-To: <20190626192234.11725-14-casey@schaufler-ca.com>
On 6/26/19 12:22 PM, Casey Schaufler wrote:
> Change the security_cred_getsecid() interface to fill in a
> lsmblob instead of a u32 secid. The associated data elements
> in the audit sub-system are changed from a secid to a lsmblob
> to accomodate multiple possible LSM audit users.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
> ---
> include/linux/security.h | 2 +-
> kernel/audit.c | 14 +++++-------
> kernel/audit.h | 5 +++--
> kernel/auditsc.c | 37 +++++++++++--------------------
> security/integrity/ima/ima_main.c | 8 +++----
> security/security.c | 12 +++++++---
> 6 files changed, 36 insertions(+), 42 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 2d81cac418e3..d310fa3942ce 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -387,7 +387,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
> void security_cred_free(struct cred *cred);
> int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
> void security_transfer_creds(struct cred *new, const struct cred *old);
> -void security_cred_getsecid(const struct cred *c, u32 *secid);
> +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob);
> int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
> int security_kernel_create_files_as(struct cred *new, struct inode *inode);
> int security_kernel_module_request(char *kmod_name);
> diff --git a/kernel/audit.c b/kernel/audit.c
> index a0205f3c23c7..1b51e907f131 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -137,7 +137,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
> /* The identity of the user shutting down the audit system. */
> kuid_t audit_sig_uid = INVALID_UID;
> pid_t audit_sig_pid = -1;
> -u32 audit_sig_sid = 0;
> +struct lsmblob audit_sig_lsm;
>
> /* Records can be lost in several ways:
> 0) [suppressed in audit_alloc]
> @@ -1429,23 +1429,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> }
> case AUDIT_SIGNAL_INFO:
> len = 0;
> - if (audit_sig_sid) {
> - struct lsmblob blob;
> -
> - lsmblob_init(&blob, audit_sig_sid);
> - err = security_secid_to_secctx(&blob, &ctx, &len);
> + if (lsmblob_is_set(&audit_sig_lsm)) {
> + err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
> + &len);
> if (err)
> return err;
> }
> sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
> if (!sig_data) {
> - if (audit_sig_sid)
> + if (lsmblob_is_set(&audit_sig_lsm))
> security_release_secctx(ctx, len);
> return -ENOMEM;
> }
> sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
> sig_data->pid = audit_sig_pid;
> - if (audit_sig_sid) {
> + if (lsmblob_is_set(&audit_sig_lsm)) {
> memcpy(sig_data->ctx, ctx, len);
> security_release_secctx(ctx, len);
> }
> diff --git a/kernel/audit.h b/kernel/audit.h
> index 958d5b8fc1b3..29e29c6f4afb 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -22,6 +22,7 @@
> #include <linux/fs.h>
> #include <linux/audit.h>
> #include <linux/skbuff.h>
> +#include <linux/security.h>
> #include <uapi/linux/mqueue.h>
> #include <linux/tty.h>
>
> @@ -147,7 +148,7 @@ struct audit_context {
> kuid_t target_auid;
> kuid_t target_uid;
> unsigned int target_sessionid;
> - u32 target_sid;
> + struct lsmblob target_lsm;
> char target_comm[TASK_COMM_LEN];
>
> struct audit_tree_refs *trees, *first_trees;
> @@ -338,7 +339,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len);
>
> extern pid_t audit_sig_pid;
> extern kuid_t audit_sig_uid;
> -extern u32 audit_sig_sid;
> +extern struct lsmblob audit_sig_lsm;
>
> extern int audit_filter(int msgtype, unsigned int listtype);
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 54797c0fc3b7..c7aa39bda5cc 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -112,7 +112,7 @@ struct audit_aux_data_pids {
> kuid_t target_auid[AUDIT_AUX_PIDS];
> kuid_t target_uid[AUDIT_AUX_PIDS];
> unsigned int target_sessionid[AUDIT_AUX_PIDS];
> - u32 target_sid[AUDIT_AUX_PIDS];
> + struct lsmblob target_lsm[AUDIT_AUX_PIDS];
> char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
> int pid_count;
> };
> @@ -938,14 +938,14 @@ static inline void audit_free_context(struct audit_context *context)
> }
>
> static int audit_log_pid_context(struct audit_context *context, pid_t pid,
> - kuid_t auid, kuid_t uid, unsigned int sessionid,
> - u32 sid, char *comm)
> + kuid_t auid, kuid_t uid,
> + unsigned int sessionid,
> + struct lsmblob *blob, char *comm)
> {
> struct audit_buffer *ab;
> char *ctx = NULL;
> u32 len;
> int rc = 0;
> - struct lsmblob blob;
>
> ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
> if (!ab)
> @@ -954,9 +954,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
> audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
> from_kuid(&init_user_ns, auid),
> from_kuid(&init_user_ns, uid), sessionid);
> - if (sid) {
> - lsmblob_init(&blob, sid);
> - if (security_secid_to_secctx(&blob, &ctx, &len)) {
> + if (lsmblob_is_set(blob)) {
> + if (security_secid_to_secctx(blob, &ctx, &len)) {
> audit_log_format(ab, " obj=(none)");
> rc = 1;
> } else {
> @@ -1527,7 +1526,7 @@ static void audit_log_exit(void)
> axs->target_auid[i],
> axs->target_uid[i],
> axs->target_sessionid[i],
> - axs->target_sid[i],
> + &axs->target_lsm[i],
> axs->target_comm[i]))
> call_panic = 1;
> }
> @@ -1536,7 +1535,7 @@ static void audit_log_exit(void)
> audit_log_pid_context(context, context->target_pid,
> context->target_auid, context->target_uid,
> context->target_sessionid,
> - context->target_sid, context->target_comm))
> + &context->target_lsm, context->target_comm))
> call_panic = 1;
>
> if (context->pwd.dentry && context->pwd.mnt) {
> @@ -1713,7 +1712,7 @@ void __audit_syscall_exit(int success, long return_code)
> context->aux = NULL;
> context->aux_pids = NULL;
> context->target_pid = 0;
> - context->target_sid = 0;
> + lsmblob_init(&context->target_lsm, 0);
> context->sockaddr_len = 0;
> context->type = 0;
> context->fds[0] = -1;
> @@ -2367,15 +2366,12 @@ int __audit_sockaddr(int len, void *a)
> void __audit_ptrace(struct task_struct *t)
> {
> struct audit_context *context = audit_context();
> - struct lsmblob blob;
>
> context->target_pid = task_tgid_nr(t);
> context->target_auid = audit_get_loginuid(t);
> context->target_uid = task_uid(t);
> context->target_sessionid = audit_get_sessionid(t);
> - security_task_getsecid(t, &blob);
> - /* scaffolding - until target_sid is converted */
> - context->target_sid = blob.secid[0];
> + security_task_getsecid(t, &context->target_lsm);
> memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
> }
>
> @@ -2392,7 +2388,6 @@ int audit_signal_info(int sig, struct task_struct *t)
> struct audit_aux_data_pids *axp;
> struct audit_context *ctx = audit_context();
> kuid_t uid = current_uid(), auid, t_uid = task_uid(t);
> - struct lsmblob blob;
>
> if (auditd_test_task(t) &&
> (sig == SIGTERM || sig == SIGHUP ||
> @@ -2403,9 +2398,7 @@ int audit_signal_info(int sig, struct task_struct *t)
> audit_sig_uid = auid;
> else
> audit_sig_uid = uid;
> - security_task_getsecid(current, &blob);
> - /* scaffolding until audit_sig_sid is converted */
> - audit_sig_sid = blob.secid[0];
> + security_task_getsecid(current, &audit_sig_lsm);
> }
>
> if (!audit_signals || audit_dummy_context())
> @@ -2418,9 +2411,7 @@ int audit_signal_info(int sig, struct task_struct *t)
> ctx->target_auid = audit_get_loginuid(t);
> ctx->target_uid = t_uid;
> ctx->target_sessionid = audit_get_sessionid(t);
> - security_task_getsecid(t, &blob);
> - /* scaffolding until target_sid is converted */
> - ctx->target_sid = blob.secid[0];
> + security_task_getsecid(t, &ctx->target_lsm);
> memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
> return 0;
> }
> @@ -2441,9 +2432,7 @@ int audit_signal_info(int sig, struct task_struct *t)
> axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
> axp->target_uid[axp->pid_count] = t_uid;
> axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
> - security_task_getsecid(t, &blob);
> - /* scaffolding until target_sid is converted */
> - axp->target_sid[axp->pid_count] = blob.secid[0];
> + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]);
> memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
> axp->pid_count++;
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index fefa848cf0c7..1afb75a893af 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -363,7 +363,6 @@ int ima_file_mmap(struct file *file, unsigned long prot)
> int ima_bprm_check(struct linux_binprm *bprm)
> {
> int ret;
> - u32 secid;
> struct lsmblob blob;
>
> security_task_getsecid(current, &blob);
> @@ -373,9 +372,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
> if (ret)
> return ret;
>
> - security_cred_getsecid(bprm->cred, &secid);
> - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
> - MAY_EXEC, CREDS_CHECK);
> + security_cred_getsecid(bprm->cred, &blob);
> + /* scaffolding until process_measurement changes */
> + return process_measurement(bprm->file, bprm->cred, blob.secid[0],
> + NULL, 0, MAY_EXEC, CREDS_CHECK);
> }
>
> /**
> diff --git a/security/security.c b/security/security.c
> index 91388553d3d7..3180a6f30625 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1627,10 +1627,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
> call_void_hook(cred_transfer, new, old);
> }
>
> -void security_cred_getsecid(const struct cred *c, u32 *secid)
> +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob)
> {
> - *secid = 0;
> - call_void_hook(cred_getsecid, c, secid);
> + struct security_hook_list *hp;
> +
> + lsmblob_init(blob, 0);
> + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) {
> + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
> + continue;
> + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]);
> + }
> }
> EXPORT_SYMBOL(security_cred_getsecid);
>
>
next prev parent reply other threads:[~2019-06-26 23:57 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-26 19:22 [PATCH v4 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 01/23] LSM: Infrastructure management of the superblock Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 02/23] LSM: Infrastructure management of the sock security Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 03/23] LSM: Infrastructure management of the key blob Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 04/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2019-06-26 23:39 ` John Johansen
2019-06-27 17:43 ` Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 05/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2019-06-26 23:07 ` Kees Cook
2019-06-26 23:45 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 06/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2019-06-26 23:07 ` Kees Cook
2019-06-26 23:47 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 07/23] net: Prepare UDS for secuirty module stacking Casey Schaufler
2019-06-26 23:07 ` Kees Cook
2019-06-26 23:48 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 08/23] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2019-06-26 23:07 ` Kees Cook
2019-06-26 23:50 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 09/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2019-06-26 23:07 ` Kees Cook
2019-06-26 23:51 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 10/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2019-06-26 23:08 ` Kees Cook
2019-06-26 23:53 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 11/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2019-06-26 23:08 ` Kees Cook
2019-06-26 23:55 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 12/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2019-06-26 23:08 ` Kees Cook
2019-06-26 23:56 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2019-06-26 23:09 ` Kees Cook
2019-06-26 23:57 ` John Johansen [this message]
2019-06-26 19:22 ` [PATCH v4 14/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2019-06-26 23:09 ` Kees Cook
2019-06-26 23:58 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 15/23] LSM: Specify which LSM to display Casey Schaufler
2019-06-26 23:12 ` Kees Cook
2019-06-27 21:33 ` John Johansen
2019-06-28 14:45 ` Stephen Smalley
2019-06-28 16:15 ` Casey Schaufler
2019-06-28 18:08 ` John Johansen
[not found] ` <CAB9W1A1nwE7WBZqTe-GV8xNb83_B2ybV7cco++nfMjtDz9NJrg@mail.gmail.com>
2019-06-29 1:01 ` Fwd: " Stephen Smalley
2019-06-29 19:45 ` Casey Schaufler
2019-07-02 0:49 ` James Morris
2019-07-02 1:20 ` Casey Schaufler
2019-06-26 19:22 ` [PATCH v4 16/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2019-06-26 23:14 ` Kees Cook
2019-06-27 21:34 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 17/23] " Casey Schaufler
2019-06-26 23:15 ` Kees Cook
2019-06-27 3:53 ` Kees Cook
2019-06-27 16:29 ` Casey Schaufler
2019-06-27 17:17 ` Kees Cook
2019-06-27 17:36 ` Casey Schaufler
2019-06-27 21:34 ` John Johansen
2019-06-27 21:36 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security Casey Schaufler
2019-06-26 23:15 ` Kees Cook
2019-06-27 21:34 ` John Johansen
2019-06-28 10:07 ` Ondrej Mosnacek
2019-06-26 19:22 ` [PATCH v4 19/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2019-06-26 23:16 ` Kees Cook
2019-06-27 21:36 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 20/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2019-06-26 23:16 ` Kees Cook
2019-06-27 21:37 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 21/23] Audit: Store LSM audit information in an lsmblob Casey Schaufler
2019-06-26 23:16 ` Kees Cook
2019-06-27 21:37 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 22/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2019-06-26 23:18 ` Kees Cook
2019-06-27 21:38 ` John Johansen
2019-06-26 19:22 ` [PATCH v4 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2019-06-26 23:18 ` Kees Cook
2019-06-27 2:22 ` James Morris
2019-06-27 3:28 ` Kees Cook
2019-06-27 3:44 ` John Johansen
2019-06-27 3:49 ` James Morris
2019-06-27 21:38 ` John Johansen
2019-06-26 21:04 ` [PATCH v4 00/23] LSM: Module stacking for AppArmor Kees Cook
2019-06-26 21:11 ` John Johansen
2019-06-26 23:04 ` Kees Cook
2019-06-26 21:25 ` Casey Schaufler
2019-06-27 2:41 ` James Morris
2019-06-27 2:46 ` James Morris
2019-06-27 3:45 ` James Morris
2019-06-27 4:10 ` James Morris
2019-06-27 17:07 ` Kees Cook
2019-06-27 18:10 ` James Morris
2019-06-27 3:51 ` Kees Cook
2019-06-27 21:52 ` John Johansen
2019-06-27 22:33 ` Casey Schaufler
2019-06-27 23:16 ` James Morris
2019-06-27 23:44 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5e22394-2f4c-5d38-6c28-1594f7587e68@canonical.com \
--to=john.johansen@canonical.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).