diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2018-11-20 14:55:02 -0500 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:45 -0500 |
| commit | ecd5f82e05ddd9b06c258167ec7467ac79741d77 (patch) | |
| tree | 9cefea64fc40202a284fcb07ecf50f871f7562b0 /security/selinux | |
| parent | 019bcca4626a9ed119e1d9ebfadb9fdbdcf9b35b (diff) | |
LSM: Infrastructure management of the ipc security blob
Move management of the kern_ipc_perm->security and
msg_msg->security blobs out of the individual security
modules and into the security infrastructure. Instead
of allocating the blobs from within the modules the modules
tell the infrastructure how much space is required, and
the space is allocated there.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 98 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 4 |
2 files changed, 15 insertions, 87 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4b64ad31326f..d98e1d8d18f6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5626,51 +5626,22 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
| 5626 | return selinux_nlmsg_perm(sk, skb); | 5626 | return selinux_nlmsg_perm(sk, skb); |
| 5627 | } | 5627 | } |
| 5628 | 5628 | ||
| 5629 | static int ipc_alloc_security(struct kern_ipc_perm *perm, | 5629 | static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) |
| 5630 | u16 sclass) | ||
| 5631 | { | 5630 | { |
| 5632 | struct ipc_security_struct *isec; | ||
| 5633 | |||
| 5634 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | ||
| 5635 | if (!isec) | ||
| 5636 | return -ENOMEM; | ||
| 5637 | |||
| 5638 | isec->sclass = sclass; | 5631 | isec->sclass = sclass; |
| 5639 | isec->sid = current_sid(); | 5632 | isec->sid = current_sid(); |
| 5640 | perm->security = isec; | ||
| 5641 | |||
| 5642 | return 0; | ||
| 5643 | } | ||
| 5644 | |||
| 5645 | static void ipc_free_security(struct kern_ipc_perm *perm) | ||
| 5646 | { | ||
| 5647 | struct ipc_security_struct *isec = perm->security; | ||
| 5648 | perm->security = NULL; | ||
| 5649 | kfree(isec); | ||
| 5650 | } | 5633 | } |
| 5651 | 5634 | ||
| 5652 | static int msg_msg_alloc_security(struct msg_msg *msg) | 5635 | static int msg_msg_alloc_security(struct msg_msg *msg) |
| 5653 | { | 5636 | { |
| 5654 | struct msg_security_struct *msec; | 5637 | struct msg_security_struct *msec; |
| 5655 | 5638 | ||
| 5656 | msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); | 5639 | msec = selinux_msg_msg(msg); |
| 5657 | if (!msec) | ||
| 5658 | return -ENOMEM; | ||
| 5659 | |||
| 5660 | msec->sid = SECINITSID_UNLABELED; | 5640 | msec->sid = SECINITSID_UNLABELED; |
| 5661 | msg->security = msec; | ||
| 5662 | 5641 | ||
| 5663 | return 0; | 5642 | return 0; |
| 5664 | } | 5643 | } |
| 5665 | 5644 | ||
| 5666 | static void msg_msg_free_security(struct msg_msg *msg) | ||
| 5667 | { | ||
| 5668 | struct msg_security_struct *msec = msg->security; | ||
| 5669 | |||
| 5670 | msg->security = NULL; | ||
| 5671 | kfree(msec); | ||
| 5672 | } | ||
| 5673 | |||
| 5674 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 5645 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
| 5675 | u32 perms) | 5646 | u32 perms) |
| 5676 | { | 5647 | { |
| @@ -5692,11 +5663,6 @@ static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | |||
| 5692 | return msg_msg_alloc_security(msg); | 5663 | return msg_msg_alloc_security(msg); |
| 5693 | } | 5664 | } |
| 5694 | 5665 | ||
| 5695 | static void selinux_msg_msg_free_security(struct msg_msg *msg) | ||
| 5696 | { | ||
| 5697 | msg_msg_free_security(msg); | ||
| 5698 | } | ||
| 5699 | |||
| 5700 | /* message queue security operations */ | 5666 | /* message queue security operations */ |
| 5701 | static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | 5667 | static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) |
| 5702 | { | 5668 | { |
| @@ -5705,11 +5671,8 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | |||
| 5705 | u32 sid = current_sid(); | 5671 | u32 sid = current_sid(); |
| 5706 | int rc; | 5672 | int rc; |
| 5707 | 5673 | ||
| 5708 | rc = ipc_alloc_security(msq, SECCLASS_MSGQ); | 5674 | isec = selinux_ipc(msq); |
| 5709 | if (rc) | 5675 | ipc_init_security(isec, SECCLASS_MSGQ); |
| 5710 | return rc; | ||
| 5711 | |||
| 5712 | isec = msq->security; | ||
| 5713 | 5676 | ||
| 5714 | ad.type = LSM_AUDIT_DATA_IPC; | 5677 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5715 | ad.u.ipc_id = msq->key; | 5678 | ad.u.ipc_id = msq->key; |
| @@ -5717,16 +5680,7 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | |||
| 5717 | rc = avc_has_perm(&selinux_state, | 5680 | rc = avc_has_perm(&selinux_state, |
| 5718 | sid, isec->sid, SECCLASS_MSGQ, | 5681 | sid, isec->sid, SECCLASS_MSGQ, |
| 5719 | MSGQ__CREATE, &ad); | 5682 | MSGQ__CREATE, &ad); |
| 5720 | if (rc) { | 5683 | return rc; |
| 5721 | ipc_free_security(msq); | ||
| 5722 | return rc; | ||
| 5723 | } | ||
| 5724 | return 0; | ||
| 5725 | } | ||
| 5726 | |||
| 5727 | static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) | ||
| 5728 | { | ||
| 5729 | ipc_free_security(msq); | ||
| 5730 | } | 5684 | } |
| 5731 | 5685 | ||
| 5732 | static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) | 5686 | static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) |
| @@ -5856,11 +5810,8 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) | |||
| 5856 | u32 sid = current_sid(); | 5810 | u32 sid = current_sid(); |
| 5857 | int rc; | 5811 | int rc; |
| 5858 | 5812 | ||
| 5859 | rc = ipc_alloc_security(shp, SECCLASS_SHM); | 5813 | isec = selinux_ipc(shp); |
| 5860 | if (rc) | 5814 | ipc_init_security(isec, SECCLASS_SHM); |
| 5861 | return rc; | ||
| 5862 | |||
| 5863 | isec = shp->security; | ||
| 5864 | 5815 | ||
| 5865 | ad.type = LSM_AUDIT_DATA_IPC; | 5816 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5866 | ad.u.ipc_id = shp->key; | 5817 | ad.u.ipc_id = shp->key; |
| @@ -5868,16 +5819,7 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) | |||
| 5868 | rc = avc_has_perm(&selinux_state, | 5819 | rc = avc_has_perm(&selinux_state, |
| 5869 | sid, isec->sid, SECCLASS_SHM, | 5820 | sid, isec->sid, SECCLASS_SHM, |
| 5870 | SHM__CREATE, &ad); | 5821 | SHM__CREATE, &ad); |
| 5871 | if (rc) { | 5822 | return rc; |
| 5872 | ipc_free_security(shp); | ||
| 5873 | return rc; | ||
| 5874 | } | ||
| 5875 | return 0; | ||
| 5876 | } | ||
| 5877 | |||
| 5878 | static void selinux_shm_free_security(struct kern_ipc_perm *shp) | ||
| 5879 | { | ||
| 5880 | ipc_free_security(shp); | ||
| 5881 | } | 5823 | } |
| 5882 | 5824 | ||
| 5883 | static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) | 5825 | static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) |
| @@ -5953,11 +5895,8 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) | |||
| 5953 | u32 sid = current_sid(); | 5895 | u32 sid = current_sid(); |
| 5954 | int rc; | 5896 | int rc; |
| 5955 | 5897 | ||
| 5956 | rc = ipc_alloc_security(sma, SECCLASS_SEM); | 5898 | isec = selinux_ipc(sma); |
| 5957 | if (rc) | 5899 | ipc_init_security(isec, SECCLASS_SEM); |
| 5958 | return rc; | ||
| 5959 | |||
| 5960 | isec = sma->security; | ||
| 5961 | 5900 | ||
| 5962 | ad.type = LSM_AUDIT_DATA_IPC; | 5901 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5963 | ad.u.ipc_id = sma->key; | 5902 | ad.u.ipc_id = sma->key; |
| @@ -5965,16 +5904,7 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) | |||
| 5965 | rc = avc_has_perm(&selinux_state, | 5904 | rc = avc_has_perm(&selinux_state, |
| 5966 | sid, isec->sid, SECCLASS_SEM, | 5905 | sid, isec->sid, SECCLASS_SEM, |
| 5967 | SEM__CREATE, &ad); | 5906 | SEM__CREATE, &ad); |
| 5968 | if (rc) { | 5907 | return rc; |
| 5969 | ipc_free_security(sma); | ||
| 5970 | return rc; | ||
| 5971 | } | ||
| 5972 | return 0; | ||
| 5973 | } | ||
| 5974 | |||
| 5975 | static void selinux_sem_free_security(struct kern_ipc_perm *sma) | ||
| 5976 | { | ||
| 5977 | ipc_free_security(sma); | ||
| 5978 | } | 5908 | } |
| 5979 | 5909 | ||
| 5980 | static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) | 5910 | static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) |
| @@ -6607,6 +6537,8 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { | |||
| 6607 | .lbs_cred = sizeof(struct task_security_struct), | 6537 | .lbs_cred = sizeof(struct task_security_struct), |
| 6608 | .lbs_file = sizeof(struct file_security_struct), | 6538 | .lbs_file = sizeof(struct file_security_struct), |
| 6609 | .lbs_inode = sizeof(struct inode_security_struct), | 6539 | .lbs_inode = sizeof(struct inode_security_struct), |
| 6540 | .lbs_ipc = sizeof(struct ipc_security_struct), | ||
| 6541 | .lbs_msg_msg = sizeof(struct msg_security_struct), | ||
| 6610 | }; | 6542 | }; |
| 6611 | 6543 | ||
| 6612 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | 6544 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { |
| @@ -6718,24 +6650,20 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6718 | LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), | 6650 | LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), |
| 6719 | 6651 | ||
| 6720 | LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), | 6652 | LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), |
| 6721 | LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security), | ||
| 6722 | 6653 | ||
| 6723 | LSM_HOOK_INIT(msg_queue_alloc_security, | 6654 | LSM_HOOK_INIT(msg_queue_alloc_security, |
| 6724 | selinux_msg_queue_alloc_security), | 6655 | selinux_msg_queue_alloc_security), |
| 6725 | LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security), | ||
| 6726 | LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), | 6656 | LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), |
| 6727 | LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), | 6657 | LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), |
| 6728 | LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), | 6658 | LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), |
| 6729 | LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), | 6659 | LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), |
| 6730 | 6660 | ||
| 6731 | LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), | 6661 | LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), |
| 6732 | LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security), | ||
| 6733 | LSM_HOOK_INIT(shm_associate, selinux_shm_associate), | 6662 | LSM_HOOK_INIT(shm_associate, selinux_shm_associate), |
| 6734 | LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), | 6663 | LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), |
| 6735 | LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), | 6664 | LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), |
| 6736 | 6665 | ||
| 6737 | LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), | 6666 | LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), |
| 6738 | LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security), | ||
| 6739 | LSM_HOOK_INIT(sem_associate, selinux_sem_associate), | 6667 | LSM_HOOK_INIT(sem_associate, selinux_sem_associate), |
| 6740 | LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), | 6668 | LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), |
| 6741 | LSM_HOOK_INIT(sem_semop, selinux_sem_semop), | 6669 | LSM_HOOK_INIT(sem_semop, selinux_sem_semop), |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 539cacf4a572..231262d8eac9 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
| @@ -179,13 +179,13 @@ static inline struct inode_security_struct *selinux_inode( | |||
| 179 | static inline struct msg_security_struct *selinux_msg_msg( | 179 | static inline struct msg_security_struct *selinux_msg_msg( |
| 180 | const struct msg_msg *msg_msg) | 180 | const struct msg_msg *msg_msg) |
| 181 | { | 181 | { |
| 182 | return msg_msg->security; | 182 | return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; |
| 183 | } | 183 | } |
| 184 | 184 | ||
| 185 | static inline struct ipc_security_struct *selinux_ipc( | 185 | static inline struct ipc_security_struct *selinux_ipc( |
| 186 | const struct kern_ipc_perm *ipc) | 186 | const struct kern_ipc_perm *ipc) |
| 187 | { | 187 | { |
| 188 | return ipc->security; | 188 | return ipc->security + selinux_blob_sizes.lbs_ipc; |
| 189 | } | 189 | } |
| 190 | 190 | ||
| 191 | #endif /* _SELINUX_OBJSEC_H_ */ | 191 | #endif /* _SELINUX_OBJSEC_H_ */ |