Received: by 10.192.165.148 with SMTP id m20csp114483imm; Fri, 4 May 2018 07:31:59 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoUtagrBc/aSi0OzOuJ1t4OexcE3MCktYnUEfrAQ4+TyRpazUFQKzRJTNrbbi5XcCc5rOfF X-Received: by 2002:a63:2d83:: with SMTP id t125-v6mr10970295pgt.336.1525444319864; Fri, 04 May 2018 07:31:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525444319; cv=none; d=google.com; s=arc-20160816; b=N9sZGjZE/PXExfwMxs41fUEZpKPcI+WkZFp+fH68gg3eoNXyiDn5l8I7rvGurJxH+w 0hLfZLJs76lk/2JnL2+zODpJ3slFsiwhzgf26KmJyI1fKzNHA0z1dipQfQZuTRsaYMVr I+lzPsjEE90oWhrByHCfzxlCK5Npk7QRJwEYuuslRGpB/EPrtiIeXXL8pYpE/MximHde BfFp7sZtkI3Or6gpredgKLxhCMAZd7mBuoAipcMh6ymrBs0Iz27N7SUYizY6avVxXYby BcKSEl99qHCDstCMeVLiRuvWL8QrEKfXRXg9dEkyhUUuzxTgJoKPcFGSaXoOfBSNq/Cc 9irg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=PboVMWGJc5rAMdk6Q2kd/hwIwExYP8pQ3sOiDydGgUw=; b=ol8J9es6jcDP3aoTIWknYiKNM46m5BP6IfeaKfwNZjI0V/+6Vg2OVjvDsv+DJpckSg Cj0tpt77XDqhSBNd8qKuA/D08xjMjJeQY+mRrj8EhCjF/M16EmE6EtLmk+2hvUCYBDMq 9e+wHW7iU0K14N25HPCgFEn5xSxZvH+4hWBdu3ndPqnVhsJ3firHrPF9WaIqKVptbm+1 OrKr9iEL8iTjO0kImRz0Y2cwPIB2sA0fj4DsCk2/95zXity4NJUyHqHlxhv/gMupFOjQ Ljm3aU4UlOCqf9BoJgcpfSFErgWrd0QfdnASkSIJI2a1CUpGTfrCQ3MQPXO51QKX7Zkd eZBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=KE5I2iBS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 33-v6si16491825plf.308.2018.05.04.07.31.45; Fri, 04 May 2018 07:31:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=KE5I2iBS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751790AbeEDO3r (ORCPT + 99 others); Fri, 4 May 2018 10:29:47 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:41608 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751602AbeEDO3m (ORCPT ); Fri, 4 May 2018 10:29:42 -0400 Received: by mail-wr0-f196.google.com with SMTP id g21-v6so21291429wrb.8; Fri, 04 May 2018 07:29:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PboVMWGJc5rAMdk6Q2kd/hwIwExYP8pQ3sOiDydGgUw=; b=KE5I2iBSc2cHcLzypo9C3KeMmhfCsps+rwsZnGcqP1FgEofBW5SFNh0AXPOy5LpivD vYCIOPH0DhdQTyESf0ZLzMz+bNWxpuN1wk19uFYlCFfyFYAewgmgVJSvwlInrjDXGxCl bKDBS50NX25Aj23V2jw5CEm/DnVS7PV4Qqj8ctFXHzWu6/s9vHEoYj6Od7/lufQePsrD XSJhpWtgdpVK5xqALQ/oMcJAn95s7MPW6F4g+VsAJdHdfF8acx94/WKENgIyZVvxJKwO 4B0V9jh7ghdH3BxoNaubPi2TfHXBMCox12EnkvLM46rcwyNc26HGFMyRQFr+jCn1emAl lxDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PboVMWGJc5rAMdk6Q2kd/hwIwExYP8pQ3sOiDydGgUw=; b=UD5gYv6/T7DDHWrRJJoz+t/dLzNBDdrO86llsDR8PEhY5LLdhEE+lcOouzm+rmS2sV PJ+0+xop+7TC4P0cghE/JLMx3+8fRvv7NCkmvoukvbKmKSdwNWcRP/9tMzG9xkscywXz g4tV43mfO/kg5R42fbzcLd5TUhk9DWKLYo14IMdGoU3Aed5h/MwRjgkQL1z0JgOwbBft fGuzZo2ADqnIF16TXGNbHe2jgaaXrx/1i/6tkRAq8ecY3r+hL0rTBvQyRYYRDF8aNLN/ vydhKYUryDG5rT7KIM09M2tQqs4vra0ra1rFQaKhf7SOBL0XUiEAhZnzB7hq/Y1wy+1e QIZQ== X-Gm-Message-State: ALQs6tDv54ki2F98xKBI6BkGDvEmmhyenYzyuBA+38kTvss782uLZP7q 7l+AAzW9g9BTZBPusitMV6qcjg== X-Received: by 2002:adf:a158:: with SMTP id r24-v6mr22049451wrr.191.1525444180898; Fri, 04 May 2018 07:29:40 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3D634001758913C97055056.dip0.t-ipconnect.de. [2003:c2:a3d6:3400:1758:913c:9705:5056]) by smtp.gmail.com with ESMTPSA id h8-v6sm1474907wmc.16.2018.05.04.07.29.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 07:29:40 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, Casey Schaufler , davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH v2 1/4] security: add hook for socketpair() Date: Fri, 4 May 2018 16:28:19 +0200 Message-Id: <20180504142822.15233-2-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180504142822.15233-1-dh.herrmann@gmail.com> References: <20180504142822.15233-1-dh.herrmann@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior of socketpair() can be emulated by creating a listener socket, connecting to it, and then discarding the initial listener socket. With this workaround, SO_PEERSEC would return the caller's security context. However, with socketpair(), the uninitialized context is returned unconditionally. This is unexpected and makes socketpair() less useful in situations where the security context is crucial to the application. With the new socketpair-hook this disparity can be solved by making socketpair() return the expected security context. Acked-by: Serge Hallyn Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann --- include/linux/lsm_hooks.h | 7 +++++++ include/linux/security.h | 7 +++++++ security/security.c | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9d0b286f3dba..8f1131c8dd54 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -757,6 +757,11 @@ * @type contains the requested communications type. * @protocol contains the requested protocol. * @kern set to 1 if a kernel socket. + * @socket_socketpair: + * Check permissions before creating a fresh pair of sockets. + * @socka contains the first socket structure. + * @sockb contains the second socket structure. + * Return 0 if permission is granted and the connection was established. * @socket_bind: * Check permission before socket protocol layer bind operation is * performed and the socket @sock is bound to the address specified in the @@ -1656,6 +1661,7 @@ union security_list_options { int (*socket_create)(int family, int type, int protocol, int kern); int (*socket_post_create)(struct socket *sock, int family, int type, int protocol, int kern); + int (*socket_socketpair)(struct socket *socka, struct socket *sockb); int (*socket_bind)(struct socket *sock, struct sockaddr *address, int addrlen); int (*socket_connect)(struct socket *sock, struct sockaddr *address, @@ -1922,6 +1928,7 @@ struct security_hook_heads { struct hlist_head unix_may_send; struct hlist_head socket_create; struct hlist_head socket_post_create; + struct hlist_head socket_socketpair; struct hlist_head socket_bind; struct hlist_head socket_connect; struct hlist_head socket_listen; diff --git a/include/linux/security.h b/include/linux/security.h index 200920f521a1..4ff3ba457e56 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1191,6 +1191,7 @@ int security_unix_may_send(struct socket *sock, struct socket *other); int security_socket_create(int family, int type, int protocol, int kern); int security_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern); +int security_socket_socketpair(struct socket *socka, struct socket *sockb); int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); int security_socket_listen(struct socket *sock, int backlog); @@ -1262,6 +1263,12 @@ static inline int security_socket_post_create(struct socket *sock, return 0; } +static inline int security_socket_socketpair(struct socket *socka, + struct socket *sockb) +{ + return 0; +} + static inline int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) diff --git a/security/security.c b/security/security.c index 7bc2fde023a7..68f46d849abe 100644 --- a/security/security.c +++ b/security/security.c @@ -1358,6 +1358,12 @@ int security_socket_post_create(struct socket *sock, int family, protocol, kern); } +int security_socket_socketpair(struct socket *socka, struct socket *sockb) +{ + return call_int_hook(socket_socketpair, 0, socka, sockb); +} +EXPORT_SYMBOL(security_socket_socketpair); + int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { return call_int_hook(socket_bind, 0, sock, address, addrlen); -- 2.17.0