Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2567828imm; Thu, 16 Aug 2018 11:37:36 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyZkNNUE7oVYWqdQW3IPQEXirot/jS2AaZ49hPDMZPxqxIsMvizQ+H/0nZp/bWro4Z4Ja5Q X-Received: by 2002:a63:e60c:: with SMTP id g12-v6mr30415621pgh.308.1534444656459; Thu, 16 Aug 2018 11:37:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534444656; cv=none; d=google.com; s=arc-20160816; b=pNXbtAB7TXn8and0ZYozC6+PbpNYc84CRYfiibtvD8n2lt96DsZEyhhfbvvWm+tibB TIrMoDQtaXRfHuYAAYIzxFTPrvqEEnUfE5dImgVq8sR7UmamMCWVeguBkicV1mZw0i9d UdNLNcx3b7EsloAzbzrRAungFt5IRMNjjB1sjDTJZYph4h5pR1iCBF8CbKkD5zgcJD1s V8U4st+FrtNWtKmdBYWLFtADkA2Fv5rVytyrZ5oTNeMYM/5lmKvNV2GhnKEtJq2gDsPd Ucv9ZiAcwKr1VFMjb1ud4odFPmPF877zLQgF4fz7AIBNLakWBPSDgPvu8lY4xTQ/bo3f kxDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=4pzI73aVQK34I0le6F39OSJR6QjAySQDcjKJqpm/U08=; b=eO3gBWPTrBnj2sHlBZVCdbjB3nxX7ppm0GXPidJnBXW7CzDuf1lQtEaY02PECvH9Id 1Jo1QCuKHwPu1RsLrSLU6/4wMWADCZzJ9ZFgICi+asKjF7Kp9Ushzoj1ENy6c40SddGG Ur7Z74zxWGajeOD8ZCwvXF+jKbDaHP7fsSegIEzhb0RDGBJpv0YZANkRIsAHzwZufh4o n7Ln1VVSemNHR962FvGzvfERAaak2dEkBvCH0TcObvcGrUU53BkJX07lxajyypuRHIYK kvwht8Jcm5U7fWdgf3W7MZNY7QvoCiosuhrJe1d+tBDJk/OLizsPwJHleY+7HX0nActu G7bA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lWlez8Qa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g31-v6si22450pld.158.2018.08.16.11.37.21; Thu, 16 Aug 2018 11:37:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lWlez8Qa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391820AbeHPRVc (ORCPT + 99 others); Thu, 16 Aug 2018 13:21:32 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:42386 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391810AbeHPRVa (ORCPT ); Thu, 16 Aug 2018 13:21:30 -0400 Received: by mail-oi0-f68.google.com with SMTP id b16-v6so8291998oic.9 for ; Thu, 16 Aug 2018 07:22:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4pzI73aVQK34I0le6F39OSJR6QjAySQDcjKJqpm/U08=; b=lWlez8QaRwPpFqyTYfIrgaGWSM79qZ/D/1bqmwFIvoIv4eRL5xncIdrItKqGJtn4Ry hCrORUdCxF32WBdzBJV5R7fRYYNvafmRg4684iagMQiD1ftf4PwHVR/Ywaov0L68p1c0 kX5NXPdANvgjtp7jt1qYBzKKEKQvSjInlgtvHCufsVfhv3tieLI288Dbd9LTLO/kM20l YUwQNpetIHaC0BcJysqK7vNNDg5OFXEW4sHJHJPfNiQdAEDqSs7xanrL2gqxGnxIUbp2 b11qY37JtDU22/g219XcnoE9bDDN7l8iXqKwM+HVRAMWgMtdoIMLWmgbUmzwRVe4vhhh UG8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4pzI73aVQK34I0le6F39OSJR6QjAySQDcjKJqpm/U08=; b=BqKDlsHCDxFwkYPSAZpAyfFEGokgYUORLBn48jtStnqBq7fOJOepF2qNnXstNkCDGN 2bj61a2g9u4OJ8FUGT12YgtZTcJjghdJWvTP/UIpjD8OOi3oYByvY7gUH4Pgik6cKhPI ddnrMC/ALE74NJvec7jVZH5Kz7723/TytI98M95kVNpzHQ1sPu3vwzjX4SGlAcUO0QbV A9VI7392L2O+SO7cb4o5SCL8kKhT2EOBMZMEH6H3VMU3hcqQ/gY8RM9OfKl1zL1yNYan frClH3Nz9PrBY8TKilNYr+I0tk7IclB2khhtREPWGlhOHTSexPRdy4eIiXsee8XxE8GB NJ7g== X-Gm-Message-State: AOUpUlFzYtHNCIjp8MSzT/LTUES02LIqhmSSOcBSNLCNNtUOgDkMNgP+ jlrd0jtyx18tvdmutFhpj0gft7qv4Px9wZaJqtyb8A== X-Received: by 2002:aca:3882:: with SMTP id f124-v6mr30188934oia.195.1534429354622; Thu, 16 Aug 2018 07:22:34 -0700 (PDT) MIME-Version: 1.0 References: <20180815235355.14908-1-casey.schaufler@intel.com> <20180815235355.14908-6-casey.schaufler@intel.com> In-Reply-To: <20180815235355.14908-6-casey.schaufler@intel.com> From: Jann Horn Date: Thu, 16 Aug 2018 16:22:08 +0200 Message-ID: Subject: Re: [PATCH RFC 5/5] SELinux: Support SELinux determination of side-channel vulnerability To: casey.schaufler@intel.com Cc: Kernel Hardening , kernel list , linux-security-module , selinux@tycho.nsa.gov, SMACK-discuss@lists.01.org, Dave Hansen , deneen.t.dock@intel.com, kristen@linux.intel.com, Arjan van de Ven Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 16, 2018 at 11:52 AM Casey Schaufler wrote: > > SELinux considers tasks to be side-channel safe if they > have PROCESS_SHARE access. > > Signed-off-by: Casey Schaufler > --- > security/selinux/hooks.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index a8bf324130f5..7fbd7d7ac1cb 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -4219,6 +4219,14 @@ static void selinux_task_to_inode(struct task_struct *p, > spin_unlock(&isec->lock); > } > > +static int selinux_task_safe_sidechannel(struct task_struct *p) > +{ > + struct av_decision avd; > + > + return avc_has_perm_noaudit(&selinux_state, current_sid(), task_sid(p), > + SECCLASS_PROCESS, PROCESS__SHARE, 0, &avd); > +} current_sid() -> current_security() -> current_cred_xxx() -> current_cred() accesses current->cred, the subjective credentials associated with the current syscall context, affected by override_creds(). You probably want to look at objective credentials here, since what you're interested in is not the security context of the current syscall, but the security context of the userspace code running in the current address space. task_sid() does the right thing and looks at the objective creds.