Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: - Extend LSM stacking to allow sharing of cred, file, ipc, inode, and task blobs. This paves the way for more full-featured LSMs to be merged, and is specifically aimed at LandLock and SARA LSMs. This work is from Casey and Kees. - There's a new LSM from Micah Morton: "SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist." This feature is currently shipping in ChromeOS. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits) keys: fix missing __user in KEYCTL_PKEY_QUERY LSM: Update list of SECURITYFS users in Kconfig LSM: Ignore "security=" when "lsm=" is specified LSM: Update function documentation for cap_capable security: mark expected switch fall-throughs and add a missing break tomoyo: Bump version. LSM: fix return value check in safesetid_init_securityfs() LSM: SafeSetID: add selftest LSM: SafeSetID: remove unused include LSM: SafeSetID: 'depend' on CONFIG_SECURITY LSM: Add 'name' field for SafeSetID in DEFINE_LSM LSM: add SafeSetID module that gates setid calls LSM: add SafeSetID module that gates setid calls tomoyo: Allow multiple use_group lines. tomoyo: Coding style fix. tomoyo: Swicth from cred->security to task_struct->security. security: keys: annotate implicit fall throughs security: keys: annotate implicit fall throughs security: keys: annotate implicit fall through capabilities:: annotate implicit fall through ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 14:44:01 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 14:44:01 -0500
commit: ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch)
tree: 841a11c6d3c3afcf7e4d57be370ebcf57aab214a /fs/proc
parent: 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff)
parent: 468e91cecb3218afd684b8c422490dfebe0691bb (diff)
2 files changed, 56 insertions, 9 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 511b279ec69c..fca9fa5f23d8 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -140,9 +140,13 @@ struct pid_entry {
 #define REG(NAME, MODE, fops)                           \
        NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {})
 #define ONE(NAME, MODE, show)                           \
-        NOD(NAME, (S_IFREG|(MODE)),                     \
+        NOD(NAME, (S_IFREG|(MODE)),                     \
                NULL, &proc_single_file_operations,     \
                { .proc_show = show } )
+#define ATTR(LSM, NAME, MODE)                           \
+        NOD(NAME, (S_IFREG|(MODE)),                     \
+                NULL, &proc_pid_attr_operations,        \
+                { .lsm = LSM })
 /*
 * Count the number of hardlinks for the pid_entry table, excluding the .
@@ -2521,7 +2525,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
        if (!task)
                return -ESRCH;
-        length = security_getprocattr(task,
+        length = security_getprocattr(task, PROC_I(inode)->op.lsm,
                                      (char*)file->f_path.dentry->d_name.name,
                                      &p);
        put_task_struct(task);
@@ -2570,7 +2574,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
        if (rv < 0)
                goto out_free;
-        rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count);
+        rv = security_setprocattr(PROC_I(inode)->op.lsm,
+                                  file->f_path.dentry->d_name.name, page,
+                                  count);
        mutex_unlock(&current->signal->cred_guard_mutex);
 out_free:
        kfree(page);
@@ -2584,13 +2590,53 @@ static const struct file_operations proc_pid_attr_operations = {
        .llseek         = generic_file_llseek,
 };
+#define LSM_DIR_OPS(LSM) \
+static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
+                             struct dir_context *ctx) \
+{ \
+        return proc_pident_readdir(filp, ctx, \
+                                   LSM##_attr_dir_stuff, \
+                                   ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+} \
+\
+static const struct file_operations proc_##LSM##_attr_dir_ops = { \
+        .read           = generic_read_dir, \
+        .iterate        = proc_##LSM##_attr_dir_iterate, \
+        .llseek         = default_llseek, \
+}; \
+\
+static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
+                                struct dentry *dentry, unsigned int flags) \
+{ \
+        return proc_pident_lookup(dir, dentry, \
+                                  LSM##_attr_dir_stuff, \
+                                  ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+} \
+\
+static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
+        .lookup         = proc_##LSM##_attr_dir_lookup, \
+        .getattr        = pid_getattr, \
+        .setattr        = proc_setattr, \
+}
+#ifdef CONFIG_SECURITY_SMACK
+static const struct pid_entry smack_attr_dir_stuff[] = {
+        ATTR("smack", "current",        0666),
+};
+LSM_DIR_OPS(smack);
+#endif
 static const struct pid_entry attr_dir_stuff[] = {
-        REG("current",    S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+        ATTR(NULL, "current",           0666),
-        REG("prev",       S_IRUGO,         proc_pid_attr_operations),
+        ATTR(NULL, "prev",              0444),
-        REG("exec",       S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+        ATTR(NULL, "exec",              0666),
-        REG("fscreate",   S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+        ATTR(NULL, "fscreate",          0666),
-        REG("keycreate",  S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+        ATTR(NULL, "keycreate",         0666),
-        REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+        ATTR(NULL, "sockcreate",        0666),
+#ifdef CONFIG_SECURITY_SMACK
+        DIR("smack",                    0555,
+            proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
+#endif
 };
 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 4fc5a9b68f76..ea575375f210 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -82,6 +82,7 @@ union proc_op {
        int (*proc_show)(struct seq_file *m,
                struct pid_namespace *ns, struct pid *pid,
                struct task_struct *task);
+        const char *lsm;
 };
 struct proc_inode {
author	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 14:44:01 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 14:44:01 -0500
commit	ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch)
tree	841a11c6d3c3afcf7e4d57be370ebcf57aab214a /fs/proc
parent	1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff)
parent	468e91cecb3218afd684b8c422490dfebe0691bb (diff)

diff --git a/fs/proc/base.c b/fs/proc/base.c index 511b279ec69c..fca9fa5f23d8 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -140,9 +140,13 @@ struct pid_entry {
140	#define REG(NAME, MODE, fops) \	140	#define REG(NAME, MODE, fops) \
141	NOD(NAME, (S_IFREG\|(MODE)), NULL, &fops, {})	141	NOD(NAME, (S_IFREG\|(MODE)), NULL, &fops, {})
142	#define ONE(NAME, MODE, show) \	142	#define ONE(NAME, MODE, show) \
143	NOD(NAME, (S_IFREG\|(MODE)), \	143	NOD(NAME, (S_IFREG\|(MODE)), \
144	NULL, &proc_single_file_operations, \	144	NULL, &proc_single_file_operations, \
145	{ .proc_show = show } )	145	{ .proc_show = show } )
		146	#define ATTR(LSM, NAME, MODE) \
		147	NOD(NAME, (S_IFREG\|(MODE)), \
		148	NULL, &proc_pid_attr_operations, \
		149	{ .lsm = LSM })
146		150
147	/*	151	/*
148	* Count the number of hardlinks for the pid_entry table, excluding the .	152	* Count the number of hardlinks for the pid_entry table, excluding the .
@@ -2521,7 +2525,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
2521	if (!task)	2525	if (!task)
2522	return -ESRCH;	2526	return -ESRCH;
2523		2527
2524	length = security_getprocattr(task,	2528	length = security_getprocattr(task, PROC_I(inode)->op.lsm,
2525	(char*)file->f_path.dentry->d_name.name,	2529	(char*)file->f_path.dentry->d_name.name,
2526	&p);	2530	&p);
2527	put_task_struct(task);	2531	put_task_struct(task);
@@ -2570,7 +2574,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
2570	if (rv < 0)	2574	if (rv < 0)
2571	goto out_free;	2575	goto out_free;
2572		2576
2573	rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count);	2577	rv = security_setprocattr(PROC_I(inode)->op.lsm,
		2578	file->f_path.dentry->d_name.name, page,
		2579	count);
2574	mutex_unlock(&current->signal->cred_guard_mutex);	2580	mutex_unlock(&current->signal->cred_guard_mutex);
2575	out_free:	2581	out_free:
2576	kfree(page);	2582	kfree(page);
@@ -2584,13 +2590,53 @@ static const struct file_operations proc_pid_attr_operations = {
2584	.llseek = generic_file_llseek,	2590	.llseek = generic_file_llseek,
2585	};	2591	};
2586		2592
		2593	#define LSM_DIR_OPS(LSM) \
		2594	static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
		2595	struct dir_context *ctx) \
		2596	{ \
		2597	return proc_pident_readdir(filp, ctx, \
		2598	LSM##_attr_dir_stuff, \
		2599	ARRAY_SIZE(LSM##_attr_dir_stuff)); \
		2600	} \
		2601	\
		2602	static const struct file_operations proc_##LSM##_attr_dir_ops = { \
		2603	.read = generic_read_dir, \
		2604	.iterate = proc_##LSM##_attr_dir_iterate, \
		2605	.llseek = default_llseek, \
		2606	}; \
		2607	\
		2608	static struct dentry proc_##LSM##_attr_dir_lookup(struct inode dir, \
		2609	struct dentry *dentry, unsigned int flags) \
		2610	{ \
		2611	return proc_pident_lookup(dir, dentry, \
		2612	LSM##_attr_dir_stuff, \
		2613	ARRAY_SIZE(LSM##_attr_dir_stuff)); \
		2614	} \
		2615	\
		2616	static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
		2617	.lookup = proc_##LSM##_attr_dir_lookup, \
		2618	.getattr = pid_getattr, \
		2619	.setattr = proc_setattr, \
		2620	}
		2621
		2622	#ifdef CONFIG_SECURITY_SMACK
		2623	static const struct pid_entry smack_attr_dir_stuff[] = {
		2624	ATTR("smack", "current", 0666),
		2625	};
		2626	LSM_DIR_OPS(smack);
		2627	#endif
		2628
2587	static const struct pid_entry attr_dir_stuff[] = {	2629	static const struct pid_entry attr_dir_stuff[] = {
2588	REG("current", S_IRUGO\|S_IWUGO, proc_pid_attr_operations),	2630	ATTR(NULL, "current", 0666),
2589	REG("prev", S_IRUGO, proc_pid_attr_operations),	2631	ATTR(NULL, "prev", 0444),
2590	REG("exec", S_IRUGO\|S_IWUGO, proc_pid_attr_operations),	2632	ATTR(NULL, "exec", 0666),
2591	REG("fscreate", S_IRUGO\|S_IWUGO, proc_pid_attr_operations),	2633	ATTR(NULL, "fscreate", 0666),
2592	REG("keycreate", S_IRUGO\|S_IWUGO, proc_pid_attr_operations),	2634	ATTR(NULL, "keycreate", 0666),
2593	REG("sockcreate", S_IRUGO\|S_IWUGO, proc_pid_attr_operations),	2635	ATTR(NULL, "sockcreate", 0666),
		2636	#ifdef CONFIG_SECURITY_SMACK
		2637	DIR("smack", 0555,
		2638	proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
		2639	#endif
2594	};	2640	};
2595		2641
2596	static int proc_attr_dir_readdir(struct file file, struct dir_context ctx)	2642	static int proc_attr_dir_readdir(struct file file, struct dir_context ctx)


diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 4fc5a9b68f76..ea575375f210 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h
@@ -82,6 +82,7 @@ union proc_op {
82	int (proc_show)(struct seq_file m,	82	int (proc_show)(struct seq_file m,
83	struct pid_namespace ns, struct pid pid,	83	struct pid_namespace ns, struct pid pid,
84	struct task_struct *task);	84	struct task_struct *task);
		85	const char *lsm;
85	};	86	};
86		87
87	struct proc_inode {	88	struct proc_inode {