Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753207AbbH0B6j (ORCPT ); Wed, 26 Aug 2015 21:58:39 -0400 Received: from mailout1.samsung.com ([203.254.224.24]:45906 "EHLO mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751744AbbH0B6f (ORCPT ); Wed, 26 Aug 2015 21:58:35 -0400 X-AuditID: cbfee690-f796f6d000005054-56-55de6ec7590c From: Jonghwa Lee To: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, james.l.morris@oracle.com, serge@hallyn.com, sangbae90.lee@samsung.com, inki.dae@samsung.com, Jonghwa Lee Subject: [PATCH] [RFC] security: smack: Add support automatic Smack labeling Date: Thu, 27 Aug 2015 10:58:23 +0900 Message-id: <1440640704-21730-1-git-send-email-jonghwa3.lee@samsung.com> X-Mailer: git-send-email 1.7.9.5 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGLMWRmVeSWpSXmKPExsWyRsSkUPd43r1QgxOzuSzubfvFZjHp/gQW i77HQRadZ58wW1zeNYfN4kPPIzaL458Oslicv3CO3YHD49ruSI+PT2+xePRtWcXocXT/IjaP z5vkAlijuGxSUnMyy1KL9O0SuDKuHHrIUnBBtKJryXK2BsaTgl2MnBwSAiYSU/c8YIOwxSQu 3FsPZHNxCAmsYJT4vuITO0zRgcZWqMQsRokVz++wQzg/GCWufD/FAlLFJqAj8X/fTaAEB4eI gLvEjTuKIDXMAksYJVovbwKrERbwkWg7dx5sKouAqsTOvQuZQWxeAQ+Ja0c/soD0SggoSMyZ ZAPSKyHQzS7x5/dJJoh6AYlvkw9B1chKbDrADHGcpMTBFTdYJjAKLmBkWMUomlqQXFCclF5k olecmFtcmpeul5yfu4kRGLyn/z2bsIPx3gHrQ4wCHIxKPLwSGfdChVgTy4orcw8xmgJtmMgs JZqcD4yRvJJ4Q2MzIwtTE1NjI3NLMyVx3tdSP4OFBNITS1KzU1MLUovii0pzUosPMTJxcEo1 ME7Zte1mo+8fFk3BORPuLys89rw5SVdX4Y1gVrxptL6L8JXyT60eSgaa7ZUXA06U5ylnBC1v jPYWK0l1LmftM6uQOK2+4cucmIoLMtPOBCb926AfaX+5WN6Nt/zr96DpZ5fdFa8vKSxbH5c7 YbfFb+bDN75cmpv1wdYjU0Lkec95xyWntuaKKbEUZyQaajEXFScCAM3KRudZAgAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprMIsWRmVeSWpSXmKPExsVy+t9jQd3jefdCDb5sZbG4t+0Xm8Wk+xNY LPoeB1l0nn3CbHF51xw2iw89j9gsjn86yGJx/sI5dgcOj2u7Iz0+Pr3F4tG3ZRWjx9H9i9g8 Pm+SC2CNamC0yUhNTEktUkjNS85PycxLt1XyDo53jjc1MzDUNbS0MFdSyEvMTbVVcvEJ0HXL zAE6RUmhLDGnFCgUkFhcrKRvh2lCaIibrgVMY4Sub0gQXI+RARpIWMOYceXQQ5aCC6IVXUuW szUwnhTsYuTkkBAwkTjQ2MoGYYtJXLi3Hsjm4hASmMUoseL5HXYI5wejxJXvp1hAqtgEdCT+ 77sJlODgEBFwl7hxRxGkhllgCaNE6+VNYDXCAj4SbefOs4PYLAKqEjv3LmQGsXkFPCSuHf3I AtIrIaAgMWeSzQRG7gWMDKsYJVILkguKk9JzDfNSy/WKE3OLS/PS9ZLzczcxgiPkmdQOxoO7 3A8xCnAwKvHwSmTcCxViTSwrrsw9xCjBwawkwsvNBRTiTUmsrEotyo8vKs1JLT7EaAq0fyKz lGhyPjB680riDY1NzIwsjcwNLYyMzZXEeWU3bA4VEkhPLEnNTk0tSC2C6WPi4JRqYAw+e6VD pXFRzPHZfDIxykUVnFF31lf1nr0UGaW44kOKfczD071PG9yyVJ3X252YOe3D42nvPI1Xec3s uHrTcU2IEnf1gxkKWjeS67oNHt7O+XdRIPLDa46JB74siTk8d9exC5v3mqfcO72X/em/TVxf /PdXrXqoF8Zu+ERte3XwSpk94o//qQsrsRRnJBpqMRcVJwIAaqx1faYCAAA= DLP-Filter: Pass X-MTR: 20000000000000000@CPGS X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2958 Lines: 60 Smack labeling is always done in user space, not in kernel space. Because kernel can't know which node or preocess should has the certain label and it shouldn't be neither. Therefore there is a distinct time gap between file creation and the labeling which might be about few miliseconds or even indefinite period. This unavoidable and imprecise time gap produces unintended Smack denial time to time. If it guerantees that labeling is done before any other access, the time gap doesn't make matter. However if not, the system will suffer from false alarm. I've already exeperienced the situation with specific cases. Mostly, it happens with devtmpfs where udevd applies xattr with defined udev rules. When kernel module is loaded, device node is newly created and it sends uevent and notification to processes in wait. However, somtimes uevent may be handled lately then other processes's access. So, Smack module checks the authority with uninitialized label, and prohibits the access even the access authority exists in Smack rule. At the first time of encounting the problem, I tries to fix the system and user process to prevent the accesses in ahead of labeling but it wasn't the solution. Performance is degraded because of compulsory delay. Another candidate of solution is given label from kernel side. However, kernel should not be aware of the label, the string, and the relationship between specific node and label. So I left it in user space. Label is still given from user space. Kernel only checks there is a pre-assigned labeling rule for the node. If so, the file will acquire the label as default at the creation. A file is created with pre-assigend label as like it's done automatically. So it's called 'Auto Smack labeling' Pre-assigned label can be given via additional file, 'autolabel' in smackfs. echo ' ' > /sys/fs/smackfs/autolabel The label only activates when the file isn't created yet. If file already exists, then just add the label relationship to table and deactivate it. When the label is applied, it'll also be deactivated. The label turns to be enabled again only when the file is removed. This is a candidate of solution for the specific problem, and might be buggy or hamful for system-wide security. So I gently request your opinion for more clear and wise solution for the case that I faced. Jonghwa Lee (1): security: smack: Add support automatic Smack labeling security/smack/Kconfig | 11 ++++ security/smack/smack.h | 23 ++++++++ security/smack/smack_lsm.c | 66 +++++++++++++++++++++ security/smack/smackfs.c | 136 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 236 insertions(+) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/