Re: [PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx
On Wed, 4 Nov 2020, Casey Schaufler wrote: > Change security_secid_to_secctx() to take a lsmblob as input > instead of a u32 secid. It will then call the LSM hooks > using the lsmblob element allocated for that module. The > callers have been updated as well. This allows for the > possibility that more than one module may be called upon > to translate a secid to a string, as can occur in the > audit code. > > Signed-off-by: Casey Schaufler > Cc: net...@vger.kernel.org > Cc: linux-au...@redhat.com Ditto with this, + audit. Also, you should put primary maintainers on the To: line or they may miss the email. -- James Morris
[PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx
Change security_secid_to_secctx() to take a lsmblob as input
instead of a u32 secid. It will then call the LSM hooks
using the lsmblob element allocated for that module. The
callers have been updated as well. This allows for the
possibility that more than one module may be called upon
to translate a secid to a string, as can occur in the
audit code.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
---
drivers/android/binder.c| 12 +-
include/linux/security.h| 5 +++--
include/net/scm.h | 7 +-
kernel/audit.c | 20 +++--
kernel/auditsc.c| 28 +++
net/ipv4/ip_sockglue.c | 4 +++-
net/netfilter/nf_conntrack_netlink.c| 14 ++--
net/netfilter/nf_conntrack_standalone.c | 4 +++-
net/netfilter/nfnetlink_queue.c | 11 +++--
net/netlabel/netlabel_unlabeled.c | 30 +
net/netlabel/netlabel_user.c| 6 ++---
security/security.c | 11 +
12 files changed, 123 insertions(+), 29 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index b5117576792b..55f3fa073c7b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3088,10 +3088,20 @@ static void binder_transaction(struct binder_proc *proc,
if (target_node && target_node->txn_security_ctx) {
u32 secid;
+ struct lsmblob blob;
size_t added_size;
security_task_getsecid(proc->tsk, );
- ret = security_secid_to_secctx(secid, , _sz);
+ /*
+* Later in this patch set security_task_getsecid() will
+* provide a lsmblob instead of a secid. lsmblob_init
+* is used to ensure that all the secids in the lsmblob
+* get the value returned from security_task_getsecid(),
+* which means that the one expected by
+* security_secid_to_secctx() will be set.
+*/
+ lsmblob_init(, secid);
+ ret = security_secid_to_secctx(, , _sz);
if (ret) {
return_error = BR_FAILED_REPLY;
return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index 0766725a6b21..fad361bf320e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -528,7 +528,7 @@ int security_setprocattr(const char *lsm, const char *name,
void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32
*seclen);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsmblob *blob);
void security_release_secctx(char *secdata, u32 seclen);
@@ -1350,7 +1350,8 @@ static inline int security_ismaclabel(const char *name)
return 0;
}
-static inline int security_secid_to_secctx(u32 secid, char **secdata, u32
*seclen)
+static inline int security_secid_to_secctx(struct lsmblob *blob,
+ char **secdata, u32 *seclen)
{
return -EOPNOTSUPP;
}
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..23a35ff1b3f2 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct
msghdr *msg,
#ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct
scm_cookie *scm)
{
+ struct lsmblob lb;
char *secdata;
u32 seclen;
int err;
if (test_bit(SOCK_PASSSEC, >flags)) {
- err = security_secid_to_secctx(scm->secid, , );
+ /* There can only be one security module using the secid,
+* and the infrastructure will know which it is.
+*/
+ lsmblob_init(, scm->secid);
+ err = security_secid_to_secctx(, , );
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen,
secdata);
diff --git a/kernel/audit.c b/kernel/audit.c
index 68cee3bc8cfe..4cd6339e513d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
case AUDIT_SIGNAL_INFO:
len = 0;
if (audit_sig_sid) {
- err = security_secid_to_secctx(audit_sig_sid, ,
);
+ struct lsmblob blob;
+
+ /*
+* lsmblob_init sets all values in the lsmblob
+* to audit_sig_sid.
[PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx
Change security_secid_to_secctx() to take a lsmblob as input
instead of a u32 secid. It will then call the LSM hooks
using the lsmblob element allocated for that module. The
callers have been updated as well. This allows for the
possibility that more than one module may be called upon
to translate a secid to a string, as can occur in the
audit code.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
---
drivers/android/binder.c| 12 +-
include/linux/security.h| 5 +++--
include/net/scm.h | 7 +-
kernel/audit.c | 20 +++--
kernel/auditsc.c| 28 +++
net/ipv4/ip_sockglue.c | 4 +++-
net/netfilter/nf_conntrack_netlink.c| 14 ++--
net/netfilter/nf_conntrack_standalone.c | 4 +++-
net/netfilter/nfnetlink_queue.c | 11 +++--
net/netlabel/netlabel_unlabeled.c | 30 +
net/netlabel/netlabel_user.c| 6 ++---
security/security.c | 11 +
12 files changed, 123 insertions(+), 29 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index b5117576792b..55f3fa073c7b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3088,10 +3088,20 @@ static void binder_transaction(struct binder_proc *proc,
if (target_node && target_node->txn_security_ctx) {
u32 secid;
+ struct lsmblob blob;
size_t added_size;
security_task_getsecid(proc->tsk, );
- ret = security_secid_to_secctx(secid, , _sz);
+ /*
+* Later in this patch set security_task_getsecid() will
+* provide a lsmblob instead of a secid. lsmblob_init
+* is used to ensure that all the secids in the lsmblob
+* get the value returned from security_task_getsecid(),
+* which means that the one expected by
+* security_secid_to_secctx() will be set.
+*/
+ lsmblob_init(, secid);
+ ret = security_secid_to_secctx(, , _sz);
if (ret) {
return_error = BR_FAILED_REPLY;
return_error_param = ret;
diff --git a/include/linux/security.h b/include/linux/security.h
index 0766725a6b21..fad361bf320e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -528,7 +528,7 @@ int security_setprocattr(const char *lsm, const char *name,
void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32
*seclen);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsmblob *blob);
void security_release_secctx(char *secdata, u32 seclen);
@@ -1350,7 +1350,8 @@ static inline int security_ismaclabel(const char *name)
return 0;
}
-static inline int security_secid_to_secctx(u32 secid, char **secdata, u32
*seclen)
+static inline int security_secid_to_secctx(struct lsmblob *blob,
+ char **secdata, u32 *seclen)
{
return -EOPNOTSUPP;
}
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..23a35ff1b3f2 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct
msghdr *msg,
#ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct
scm_cookie *scm)
{
+ struct lsmblob lb;
char *secdata;
u32 seclen;
int err;
if (test_bit(SOCK_PASSSEC, >flags)) {
- err = security_secid_to_secctx(scm->secid, , );
+ /* There can only be one security module using the secid,
+* and the infrastructure will know which it is.
+*/
+ lsmblob_init(, scm->secid);
+ err = security_secid_to_secctx(, , );
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen,
secdata);
diff --git a/kernel/audit.c b/kernel/audit.c
index 68cee3bc8cfe..4cd6339e513d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
case AUDIT_SIGNAL_INFO:
len = 0;
if (audit_sig_sid) {
- err = security_secid_to_secctx(audit_sig_sid, ,
);
+ struct lsmblob blob;
+
+ /*
+* lsmblob_init sets all values in the lsmblob
+* to audit_sig_sid.
