2015-04-10 11:25:37

by Tetsuo Handa

[permalink] [raw]
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs

This patchset seems to be blocked for waiting for an ACK from AppArmor
people. John, can you give us ACK?

Apart from ACK from John, I wrote a cleanup patch (shown below) which
we might want to append to this patchset, though we anyway need to
refresh this patchset with commit 58bc19542455 in linux-next.git included.
----------------------------------------
>From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <[email protected]>
Date: Fri, 10 Apr 2015 13:57:45 +0900
Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs

(1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
include/linux/lsm_hooks.h to security/security.c.

(2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
all files which include this file depend on CONFIG_SECURITY=y.

(3) Drop comment of removed "union security_list_options"->name member.

(4) Drop cap_netlink_send() which always returns 0.

(5) Simplify security_add_hooks(), and move it from security/security.c
to include/linux/lsm_hooks.h as an inline function.

(6) Move prototype of yama_add_hooks() and capability_add_hooks() from
include/linux/security.h to include/linux/lsm_hooks.h, and mark them
as __init functions.

(7) Move security_delete_hooks() from security/security.c to
security/selinux/hooks.c.

(8) Update comment of prototype of commoncap functions.

Signed-off-by: Tetsuo Handa <[email protected]>
---
include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
include/linux/security.h | 17 ++---------------
security/commoncap.c | 7 +------
security/security.c | 28 +++-------------------------
security/selinux/hooks.c | 8 ++++++++
security/yama/yama_lsm.c | 2 +-
6 files changed, 30 insertions(+), 65 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index c86aaf0..3b805de 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -25,19 +25,10 @@
#define __LINUX_LSM_HOOKS_H

#include <linux/security.h>
-
-/* Maximum number of letters for an LSM name string */
-#define SECURITY_NAME_MAX 10
-
-#ifdef CONFIG_SECURITY
+#include <linux/init.h>
+#include <linux/rculist.h>

/**
- * Security module identifier.
- *
- * @name:
- * A string that acts as a unique identifier for the LSM with max number
- * of characters = SECURITY_NAME_MAX.
- *
* Security hooks for program execution operations.
*
* @bprm_set_creds:
@@ -1859,14 +1850,20 @@ struct security_hook_list {

extern struct security_hook_heads security_hook_heads;

+static inline void security_add_hooks(struct security_hook_list *hooks,
+ int count)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ list_add_tail_rcu(&hooks[i].list, hooks[i].head);
+}
+
/* prototypes */
-extern int security_module_enable(const char *module);
-extern void security_add_hooks(struct security_hook_list *hooks, int count);
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-extern void security_delete_hooks(struct security_hook_list *hooks, int count);
+extern int __init security_module_enable(const char *module);
+extern void __init capability_add_hooks(void);
+#ifdef CONFIG_SECURITY_YAMA_STACKED
+void __init yama_add_hooks(void);
#endif

-#endif /* CONFIG_SECURITY */
-
#endif /* ! __LINUX_LSM_HOOKS_H */
-
diff --git a/include/linux/security.h b/include/linux/security.h
index 04e2a3e..337105f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -55,9 +55,6 @@ struct xattr;
struct xfrm_sec_ctx;
struct mm_struct;

-/* Maximum number of letters for an LSM name string */
-#define SECURITY_NAME_MAX 10
-
/* If capable should audit the security request */
#define SECURITY_CAP_NOAUDIT 0
#define SECURITY_CAP_AUDIT 1
@@ -70,10 +67,7 @@ struct audit_krule;
struct user_namespace;
struct timezone;

-/*
- * These functions are in security/capability.c and are used
- * as the default capabilities functions
- */
+/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit);
extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
@@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
extern int cap_task_setnice(struct task_struct *p, int nice);
extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
-extern void capability_add_hooks(void);

struct msghdr;
struct sk_buff;
@@ -116,8 +109,6 @@ struct xfrm_state;
struct xfrm_user_sec_ctx;
struct seq_file;

-extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
-
#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr;
extern unsigned long dac_mmap_min_addr;
@@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *

static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
{
- return cap_netlink_send(sk, skb);
+ return 0;
}

static inline int security_ismaclabel(const char *name)
@@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
{ }
#endif /* CONFIG_SECURITY */

-#ifdef CONFIG_SECURITY_YAMA_STACKED
-void yama_add_hooks(void);
-#endif
-
#endif /* ! __LINUX_SECURITY_H */

diff --git a/security/commoncap.c b/security/commoncap.c
index b7f341f..fe76865 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
}
}

-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
- return 0;
-}
-
/**
* cap_capable - Determine whether a task has a particular effective capability
* @cred: The credentials to use
@@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
};

-void capability_add_hooks(void)
+void __init capability_add_hooks(void)
{
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
}
diff --git a/security/security.c b/security/security.c
index be10ea4..e9d7171 100644
--- a/security/security.c
+++ b/security/security.c
@@ -29,6 +29,9 @@

#define MAX_LSM_EVM_XATTR 2

+/* Maximum number of letters for an LSM name string */
+#define SECURITY_NAME_MAX 10
+
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
CONFIG_DEFAULT_SECURITY;
@@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
#endif /* CONFIG_AUDIT */
};
-
-void security_add_hooks(struct security_hook_list *hooks, int count)
-{
- struct security_hook_list *shp;
- int i;
-
- for (i = 0; i < count; i++) {
- INIT_LIST_HEAD(&hooks[i].list);
- shp = list_last_entry(hooks[i].head,
- struct security_hook_list, list);
- list_add_rcu(&hooks[i].list, &shp->list);
- }
-}
-
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-
-void security_delete_hooks(struct security_hook_list *hooks, int count)
-{
- int i;
-
- for (i = 0; i < count; i++)
- list_del_rcu(&hooks[i].list);
-}
-
-#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3fd8610..cea78f2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static int selinux_disabled;

+static void security_delete_hooks(struct security_hook_list *hooks, int count)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ list_del_rcu(&hooks[i].list);
+}
+
int selinux_disable(void)
{
if (ss_initialized) {
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index a6b876d..9ed3250 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
LSM_HOOK_INIT(task_free, yama_task_free),
};

-void yama_add_hooks(void)
+void __init yama_add_hooks(void)
{
security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
}
--
1.8.3.1


2015-04-10 18:22:16

by John Johansen

[permalink] [raw]
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs

On 04/10/2015 04:24 AM, Tetsuo Handa wrote:
> This patchset seems to be blocked for waiting for an ACK from AppArmor
> people. John, can you give us ACK?
>
Give me a couple of hours to jump back into this and finish up my testing.

2015-04-10 18:27:12

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs

On 4/10/2015 4:24 AM, Tetsuo Handa wrote:
> This patchset seems to be blocked for waiting for an ACK from AppArmor
> people. John, can you give us ACK?
>
> Apart from ACK from John, I wrote a cleanup patch (shown below) which
> we might want to append to this patchset, though we anyway need to
> refresh this patchset with commit 58bc19542455 in linux-next.git included.

I'm good with all of this except #7. I'll incorporate it in the next
version.

> ----------------------------------------
> >From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <[email protected]>
> Date: Fri, 10 Apr 2015 13:57:45 +0900
> Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs
>
> (1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
> include/linux/lsm_hooks.h to security/security.c.
>
> (2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
> all files which include this file depend on CONFIG_SECURITY=y.
>
> (3) Drop comment of removed "union security_list_options"->name member.
>
> (4) Drop cap_netlink_send() which always returns 0.
>
> (5) Simplify security_add_hooks(), and move it from security/security.c
> to include/linux/lsm_hooks.h as an inline function.
>
> (6) Move prototype of yama_add_hooks() and capability_add_hooks() from
> include/linux/security.h to include/linux/lsm_hooks.h, and mark them
> as __init functions.
>
> (7) Move security_delete_hooks() from security/security.c to
> security/selinux/hooks.c.

I don't like this bit as it moves understanding of the module
list mechanism into a security module.

>
> (8) Update comment of prototype of commoncap functions.
>
> Signed-off-by: Tetsuo Handa <[email protected]>
> ---
> include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
> include/linux/security.h | 17 ++---------------
> security/commoncap.c | 7 +------
> security/security.c | 28 +++-------------------------
> security/selinux/hooks.c | 8 ++++++++
> security/yama/yama_lsm.c | 2 +-
> 6 files changed, 30 insertions(+), 65 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index c86aaf0..3b805de 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -25,19 +25,10 @@
> #define __LINUX_LSM_HOOKS_H
>
> #include <linux/security.h>
> -
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> -#ifdef CONFIG_SECURITY
> +#include <linux/init.h>
> +#include <linux/rculist.h>
>
> /**
> - * Security module identifier.
> - *
> - * @name:
> - * A string that acts as a unique identifier for the LSM with max number
> - * of characters = SECURITY_NAME_MAX.
> - *
> * Security hooks for program execution operations.
> *
> * @bprm_set_creds:
> @@ -1859,14 +1850,20 @@ struct security_hook_list {
>
> extern struct security_hook_heads security_hook_heads;
>
> +static inline void security_add_hooks(struct security_hook_list *hooks,
> + int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_add_tail_rcu(&hooks[i].list, hooks[i].head);
> +}
> +
> /* prototypes */
> -extern int security_module_enable(const char *module);
> -extern void security_add_hooks(struct security_hook_list *hooks, int count);
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -extern void security_delete_hooks(struct security_hook_list *hooks, int count);
> +extern int __init security_module_enable(const char *module);
> +extern void __init capability_add_hooks(void);
> +#ifdef CONFIG_SECURITY_YAMA_STACKED
> +void __init yama_add_hooks(void);
> #endif
>
> -#endif /* CONFIG_SECURITY */
> -
> #endif /* ! __LINUX_LSM_HOOKS_H */
> -
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 04e2a3e..337105f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -55,9 +55,6 @@ struct xattr;
> struct xfrm_sec_ctx;
> struct mm_struct;
>
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> /* If capable should audit the security request */
> #define SECURITY_CAP_NOAUDIT 0
> #define SECURITY_CAP_AUDIT 1
> @@ -70,10 +67,7 @@ struct audit_krule;
> struct user_namespace;
> struct timezone;
>
> -/*
> - * These functions are in security/capability.c and are used
> - * as the default capabilities functions
> - */
> +/* These functions are in security/commoncap.c */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> int cap, int audit);
> extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
> @@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
> extern int cap_task_setioprio(struct task_struct *p, int ioprio);
> extern int cap_task_setnice(struct task_struct *p, int nice);
> extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
> -extern void capability_add_hooks(void);
>
> struct msghdr;
> struct sk_buff;
> @@ -116,8 +109,6 @@ struct xfrm_state;
> struct xfrm_user_sec_ctx;
> struct seq_file;
>
> -extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> -
> #ifdef CONFIG_MMU
> extern unsigned long mmap_min_addr;
> extern unsigned long dac_mmap_min_addr;
> @@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
>
> static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
> {
> - return cap_netlink_send(sk, skb);
> + return 0;
> }
>
> static inline int security_ismaclabel(const char *name)
> @@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
> { }
> #endif /* CONFIG_SECURITY */
>
> -#ifdef CONFIG_SECURITY_YAMA_STACKED
> -void yama_add_hooks(void);
> -#endif
> -
> #endif /* ! __LINUX_SECURITY_H */
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index b7f341f..fe76865 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> }
> }
>
> -int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
> -{
> - return 0;
> -}
> -
> /**
> * cap_capable - Determine whether a task has a particular effective capability
> * @cred: The credentials to use
> @@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
> LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
> };
>
> -void capability_add_hooks(void)
> +void __init capability_add_hooks(void)
> {
> security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
> }
> diff --git a/security/security.c b/security/security.c
> index be10ea4..e9d7171 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -29,6 +29,9 @@
>
> #define MAX_LSM_EVM_XATTR 2
>
> +/* Maximum number of letters for an LSM name string */
> +#define SECURITY_NAME_MAX 10
> +
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> CONFIG_DEFAULT_SECURITY;
> @@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
> #endif /* CONFIG_AUDIT */
> };
> -
> -void security_add_hooks(struct security_hook_list *hooks, int count)
> -{
> - struct security_hook_list *shp;
> - int i;
> -
> - for (i = 0; i < count; i++) {
> - INIT_LIST_HEAD(&hooks[i].list);
> - shp = list_last_entry(hooks[i].head,
> - struct security_hook_list, list);
> - list_add_rcu(&hooks[i].list, &shp->list);
> - }
> -}
> -
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -
> -void security_delete_hooks(struct security_hook_list *hooks, int count)
> -{
> - int i;
> -
> - for (i = 0; i < count; i++)
> - list_del_rcu(&hooks[i].list);
> -}
> -
> -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3fd8610..cea78f2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static int selinux_disabled;
>
> +static void security_delete_hooks(struct security_hook_list *hooks, int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_del_rcu(&hooks[i].list);
> +}
> +
> int selinux_disable(void)
> {
> if (ss_initialized) {
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index a6b876d..9ed3250 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
> LSM_HOOK_INIT(task_free, yama_task_free),
> };
>
> -void yama_add_hooks(void)
> +void __init yama_add_hooks(void)
> {
> security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
> }

2015-04-11 10:47:34

by John Johansen

[permalink] [raw]
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs

On 04/10/2015 04:24 AM, Tetsuo Handa wrote:
> This patchset seems to be blocked for waiting for an ACK from AppArmor
> people. John, can you give us ACK?
>
yep, I've been through the patches a couple of times, and run our regression
tests, etc. I'll keep stressing it for a few days but I don't expect anything
to fallout from that.

Acked-by: John Johansen <[email protected]>

> Apart from ACK from John, I wrote a cleanup patch (shown below) which
> we might want to append to this patchset, though we anyway need to
> refresh this patchset with commit 58bc19542455 in linux-next.git included.
> ----------------------------------------
>>From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <[email protected]>
> Date: Fri, 10 Apr 2015 13:57:45 +0900
> Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs
>
> (1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
> include/linux/lsm_hooks.h to security/security.c.
>
> (2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
> all files which include this file depend on CONFIG_SECURITY=y.
>
> (3) Drop comment of removed "union security_list_options"->name member.
>
> (4) Drop cap_netlink_send() which always returns 0.
>
> (5) Simplify security_add_hooks(), and move it from security/security.c
> to include/linux/lsm_hooks.h as an inline function.
>
> (6) Move prototype of yama_add_hooks() and capability_add_hooks() from
> include/linux/security.h to include/linux/lsm_hooks.h, and mark them
> as __init functions.
>
> (7) Move security_delete_hooks() from security/security.c to
> security/selinux/hooks.c.
>
> (8) Update comment of prototype of commoncap functions.
>
> Signed-off-by: Tetsuo Handa <[email protected]>
> ---
> include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
> include/linux/security.h | 17 ++---------------
> security/commoncap.c | 7 +------
> security/security.c | 28 +++-------------------------
> security/selinux/hooks.c | 8 ++++++++
> security/yama/yama_lsm.c | 2 +-
> 6 files changed, 30 insertions(+), 65 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index c86aaf0..3b805de 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -25,19 +25,10 @@
> #define __LINUX_LSM_HOOKS_H
>
> #include <linux/security.h>
> -
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> -#ifdef CONFIG_SECURITY
> +#include <linux/init.h>
> +#include <linux/rculist.h>
>
> /**
> - * Security module identifier.
> - *
> - * @name:
> - * A string that acts as a unique identifier for the LSM with max number
> - * of characters = SECURITY_NAME_MAX.
> - *
> * Security hooks for program execution operations.
> *
> * @bprm_set_creds:
> @@ -1859,14 +1850,20 @@ struct security_hook_list {
>
> extern struct security_hook_heads security_hook_heads;
>
> +static inline void security_add_hooks(struct security_hook_list *hooks,
> + int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_add_tail_rcu(&hooks[i].list, hooks[i].head);
> +}
> +
> /* prototypes */
> -extern int security_module_enable(const char *module);
> -extern void security_add_hooks(struct security_hook_list *hooks, int count);
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -extern void security_delete_hooks(struct security_hook_list *hooks, int count);
> +extern int __init security_module_enable(const char *module);
> +extern void __init capability_add_hooks(void);
> +#ifdef CONFIG_SECURITY_YAMA_STACKED
> +void __init yama_add_hooks(void);
> #endif
>
> -#endif /* CONFIG_SECURITY */
> -
> #endif /* ! __LINUX_LSM_HOOKS_H */
> -
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 04e2a3e..337105f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -55,9 +55,6 @@ struct xattr;
> struct xfrm_sec_ctx;
> struct mm_struct;
>
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> /* If capable should audit the security request */
> #define SECURITY_CAP_NOAUDIT 0
> #define SECURITY_CAP_AUDIT 1
> @@ -70,10 +67,7 @@ struct audit_krule;
> struct user_namespace;
> struct timezone;
>
> -/*
> - * These functions are in security/capability.c and are used
> - * as the default capabilities functions
> - */
> +/* These functions are in security/commoncap.c */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> int cap, int audit);
> extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
> @@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
> extern int cap_task_setioprio(struct task_struct *p, int ioprio);
> extern int cap_task_setnice(struct task_struct *p, int nice);
> extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
> -extern void capability_add_hooks(void);
>
> struct msghdr;
> struct sk_buff;
> @@ -116,8 +109,6 @@ struct xfrm_state;
> struct xfrm_user_sec_ctx;
> struct seq_file;
>
> -extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> -
> #ifdef CONFIG_MMU
> extern unsigned long mmap_min_addr;
> extern unsigned long dac_mmap_min_addr;
> @@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
>
> static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
> {
> - return cap_netlink_send(sk, skb);
> + return 0;
> }
>
> static inline int security_ismaclabel(const char *name)
> @@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
> { }
> #endif /* CONFIG_SECURITY */
>
> -#ifdef CONFIG_SECURITY_YAMA_STACKED
> -void yama_add_hooks(void);
> -#endif
> -
> #endif /* ! __LINUX_SECURITY_H */
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index b7f341f..fe76865 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> }
> }
>
> -int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
> -{
> - return 0;
> -}
> -
> /**
> * cap_capable - Determine whether a task has a particular effective capability
> * @cred: The credentials to use
> @@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
> LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
> };
>
> -void capability_add_hooks(void)
> +void __init capability_add_hooks(void)
> {
> security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
> }
> diff --git a/security/security.c b/security/security.c
> index be10ea4..e9d7171 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -29,6 +29,9 @@
>
> #define MAX_LSM_EVM_XATTR 2
>
> +/* Maximum number of letters for an LSM name string */
> +#define SECURITY_NAME_MAX 10
> +
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> CONFIG_DEFAULT_SECURITY;
> @@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
> #endif /* CONFIG_AUDIT */
> };
> -
> -void security_add_hooks(struct security_hook_list *hooks, int count)
> -{
> - struct security_hook_list *shp;
> - int i;
> -
> - for (i = 0; i < count; i++) {
> - INIT_LIST_HEAD(&hooks[i].list);
> - shp = list_last_entry(hooks[i].head,
> - struct security_hook_list, list);
> - list_add_rcu(&hooks[i].list, &shp->list);
> - }
> -}
> -
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -
> -void security_delete_hooks(struct security_hook_list *hooks, int count)
> -{
> - int i;
> -
> - for (i = 0; i < count; i++)
> - list_del_rcu(&hooks[i].list);
> -}
> -
> -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3fd8610..cea78f2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static int selinux_disabled;
>
> +static void security_delete_hooks(struct security_hook_list *hooks, int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_del_rcu(&hooks[i].list);
> +}
> +
> int selinux_disable(void)
> {
> if (ss_initialized) {
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index a6b876d..9ed3250 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
> LSM_HOOK_INIT(task_free, yama_task_free),
> };
>
> -void yama_add_hooks(void)
> +void __init yama_add_hooks(void)
> {
> security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
> }
>

2015-04-20 16:24:45

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs

On 4/10/2015 4:24 AM, Tetsuo Handa wrote:
> This patchset seems to be blocked for waiting for an ACK from AppArmor
> people. John, can you give us ACK?
>
> Apart from ACK from John, I wrote a cleanup patch (shown below) which
> we might want to append to this patchset, though we anyway need to
> refresh this patchset with commit 58bc19542455 in linux-next.git included.
> ----------------------------------------
> >From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <[email protected]>
> Date: Fri, 10 Apr 2015 13:57:45 +0900
> Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs
>
> (1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
> include/linux/lsm_hooks.h to security/security.c.
>
> (2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
> all files which include this file depend on CONFIG_SECURITY=y.
>
> (3) Drop comment of removed "union security_list_options"->name member.
>
> (4) Drop cap_netlink_send() which always returns 0.
>
> (5) Simplify security_add_hooks(), and move it from security/security.c
> to include/linux/lsm_hooks.h as an inline function.
>
> (6) Move prototype of yama_add_hooks() and capability_add_hooks() from
> include/linux/security.h to include/linux/lsm_hooks.h, and mark them
> as __init functions.
>
> (7) Move security_delete_hooks() from security/security.c to
> security/selinux/hooks.c.
>
> (8) Update comment of prototype of commoncap functions.
>
> Signed-off-by: Tetsuo Handa <[email protected]>

Added to git://github.com/cschaufler/smack-next#stacking-v21

> ---
> include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
> include/linux/security.h | 17 ++---------------
> security/commoncap.c | 7 +------
> security/security.c | 28 +++-------------------------
> security/selinux/hooks.c | 8 ++++++++
> security/yama/yama_lsm.c | 2 +-
> 6 files changed, 30 insertions(+), 65 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index c86aaf0..3b805de 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -25,19 +25,10 @@
> #define __LINUX_LSM_HOOKS_H
>
> #include <linux/security.h>
> -
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> -#ifdef CONFIG_SECURITY
> +#include <linux/init.h>
> +#include <linux/rculist.h>
>
> /**
> - * Security module identifier.
> - *
> - * @name:
> - * A string that acts as a unique identifier for the LSM with max number
> - * of characters = SECURITY_NAME_MAX.
> - *
> * Security hooks for program execution operations.
> *
> * @bprm_set_creds:
> @@ -1859,14 +1850,20 @@ struct security_hook_list {
>
> extern struct security_hook_heads security_hook_heads;
>
> +static inline void security_add_hooks(struct security_hook_list *hooks,
> + int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_add_tail_rcu(&hooks[i].list, hooks[i].head);
> +}
> +
> /* prototypes */
> -extern int security_module_enable(const char *module);
> -extern void security_add_hooks(struct security_hook_list *hooks, int count);
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -extern void security_delete_hooks(struct security_hook_list *hooks, int count);
> +extern int __init security_module_enable(const char *module);
> +extern void __init capability_add_hooks(void);
> +#ifdef CONFIG_SECURITY_YAMA_STACKED
> +void __init yama_add_hooks(void);
> #endif
>
> -#endif /* CONFIG_SECURITY */
> -
> #endif /* ! __LINUX_LSM_HOOKS_H */
> -
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 04e2a3e..337105f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -55,9 +55,6 @@ struct xattr;
> struct xfrm_sec_ctx;
> struct mm_struct;
>
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> /* If capable should audit the security request */
> #define SECURITY_CAP_NOAUDIT 0
> #define SECURITY_CAP_AUDIT 1
> @@ -70,10 +67,7 @@ struct audit_krule;
> struct user_namespace;
> struct timezone;
>
> -/*
> - * These functions are in security/capability.c and are used
> - * as the default capabilities functions
> - */
> +/* These functions are in security/commoncap.c */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> int cap, int audit);
> extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
> @@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
> extern int cap_task_setioprio(struct task_struct *p, int ioprio);
> extern int cap_task_setnice(struct task_struct *p, int nice);
> extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
> -extern void capability_add_hooks(void);
>
> struct msghdr;
> struct sk_buff;
> @@ -116,8 +109,6 @@ struct xfrm_state;
> struct xfrm_user_sec_ctx;
> struct seq_file;
>
> -extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> -
> #ifdef CONFIG_MMU
> extern unsigned long mmap_min_addr;
> extern unsigned long dac_mmap_min_addr;
> @@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
>
> static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
> {
> - return cap_netlink_send(sk, skb);
> + return 0;
> }
>
> static inline int security_ismaclabel(const char *name)
> @@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
> { }
> #endif /* CONFIG_SECURITY */
>
> -#ifdef CONFIG_SECURITY_YAMA_STACKED
> -void yama_add_hooks(void);
> -#endif
> -
> #endif /* ! __LINUX_SECURITY_H */
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index b7f341f..fe76865 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> }
> }
>
> -int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
> -{
> - return 0;
> -}
> -
> /**
> * cap_capable - Determine whether a task has a particular effective capability
> * @cred: The credentials to use
> @@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
> LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
> };
>
> -void capability_add_hooks(void)
> +void __init capability_add_hooks(void)
> {
> security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
> }
> diff --git a/security/security.c b/security/security.c
> index be10ea4..e9d7171 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -29,6 +29,9 @@
>
> #define MAX_LSM_EVM_XATTR 2
>
> +/* Maximum number of letters for an LSM name string */
> +#define SECURITY_NAME_MAX 10
> +
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> CONFIG_DEFAULT_SECURITY;
> @@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
> #endif /* CONFIG_AUDIT */
> };
> -
> -void security_add_hooks(struct security_hook_list *hooks, int count)
> -{
> - struct security_hook_list *shp;
> - int i;
> -
> - for (i = 0; i < count; i++) {
> - INIT_LIST_HEAD(&hooks[i].list);
> - shp = list_last_entry(hooks[i].head,
> - struct security_hook_list, list);
> - list_add_rcu(&hooks[i].list, &shp->list);
> - }
> -}
> -
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -
> -void security_delete_hooks(struct security_hook_list *hooks, int count)
> -{
> - int i;
> -
> - for (i = 0; i < count; i++)
> - list_del_rcu(&hooks[i].list);
> -}
> -
> -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3fd8610..cea78f2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static int selinux_disabled;
>
> +static void security_delete_hooks(struct security_hook_list *hooks, int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_del_rcu(&hooks[i].list);
> +}
> +
> int selinux_disable(void)
> {
> if (ss_initialized) {
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index a6b876d..9ed3250 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
> LSM_HOOK_INIT(task_free, yama_task_free),
> };
>
> -void yama_add_hooks(void)
> +void __init yama_add_hooks(void)
> {
> security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
> }