Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4294895imm; Tue, 11 Sep 2018 09:42:26 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbwUbXoeVk5adQrDSy2EQT3OmrlMaCipuikB0sCwmFPxCb16UL1Iq1rU0q5aASqu/BZf1Ao X-Received: by 2002:a63:c912:: with SMTP id o18-v6mr28477858pgg.331.1536684146004; Tue, 11 Sep 2018 09:42:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536684145; cv=none; d=google.com; s=arc-20160816; b=cGQ8+umLCMk6jr3YnN5OpB5MQ0W9il7zRnni9Y0lzWvqEvuLs3z6eLgPWYLiGNG5s+ 9xCnVg9TyLuaOKvPwoN+4v3k5T0QSd3cZ2jDW7mp3Ix3CWalWNQpNL+V8IOtdZANaFfq r+CGW2UuZeLLtG09BSXcyNVPtqAwcuoe/RjDaqDVOhW+oyBTj9k8cN2L8Hdk9NlxxP9L e3uNXorBuXxgpUO7+tabQCrpzNzv56tFNW6MGmyrQDhTmk+o22Kdu1sU9pt9P1slF3zb h0rkUa/BYbDC60U0WHgI38e/JClP6I9a6qLorySTSMF0TIsGWFIvUUngRQBJEPyIImgq V9Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=efy+qsAF4giNeC+TrXXd0DX5z1LRzicKu/1nyCX3awQ=; b=YpFYQcFBXuCQp4Jzpc5bkDG9P0GSu7iBOFE5BpM9OVJSHGCq7UCvNRU6M2dg+7t/Ag 3YQ4RH6Mx8BuRRor3ND38SXfG6hCIPmme0RygAAJYFBfBDH5b020RNGR6PkHiRtved36 XLt21hSOT+FwoeA2CgYWJlXJ+M8hLH/+sB1jQby8a/wbMgIgdldgsAGewNAQajfPz+kU gvsR/+NGjkEEYLQANAmdUbrpUPZLk6izqJg62DM7o+F7RtnBcQiqifrydPgW9ACqCjrA ZIb8K7YGraeAwUa2dsjkx8lgprgo0moLcKBO8Cxmub1NlG+iDd8O3XXRcMrP65bBx3XK GAlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=VXrCEWtO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w4-v6si21499739pfb.52.2018.09.11.09.42.10; Tue, 11 Sep 2018 09:42:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=VXrCEWtO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728029AbeIKVl5 (ORCPT + 99 others); Tue, 11 Sep 2018 17:41:57 -0400 Received: from sonic303-27.consmr.mail.ne1.yahoo.com ([66.163.188.153]:36537 "EHLO sonic303-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726981AbeIKVl5 (ORCPT ); Tue, 11 Sep 2018 17:41:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536684108; bh=efy+qsAF4giNeC+TrXXd0DX5z1LRzicKu/1nyCX3awQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=VXrCEWtOp6oEKGVUINslX8ZdQjmIcPTMARPbAPI18GnSt8l918yb2AvLSHuvVH8aOUy0vohWnUFGoShvfbulnR/L2rzxIfYafGeKam0tIE3dwuWdJZbEQ7e1F117O2Pc8czwFA+WHJQPsWIV0qA3dus2FESlFnZvVF6Lf4Ed33Pc53KICO6ZwHpi7VvexQ/1t1lxLpVgOo1XFJkkvCRMfvUC8+pvHrNSFuT7BhburdMx/KgYCtBqWvkPVOvH2nDACtL/W31FxbSDRYhOoRFv+10Ir3bo879TrE7jNbMqk3406hqXGf7Y9rnqRTK255J77ffbPPVRYFQ7gfFW9BajMg== X-YMail-OSG: dZ0sr.YVM1nGGlBKGNRWNnGwqGRHXoIiD5OtHBh0_2GwmD.FOvi6aQ0kyzWzIyY VCu4M3bdKyAR1W6SxzhSY6xclqveUTDOfbLAc8EbdnulPkhyPYj7ugYPjdaJsJ8YTjQAu8V2azmi 9lCQjXXvF8HKq2Bp9wNH435Nof3FdrxrH6TpBCwo_YFx.rskYmP40ZiCu4vi0Jzvksld5tHGQiau eiEZh.Qi15vXalFtxLVKLFprZmcLwAh4o0ajnvhAOBdtod9MWodyfKbXqfdo0uCUj3hSCjZcN2Gb aAOdrwMTANL4eReh9cS2Q01SJwwqk7ngWoml8kcz2qLxGk5ejbd5.psdhI2QlNQMZa8avt4B8vKV Vg46YsdWYeL_MeSxaEvZV0hZZQUnkl6p9RdDs46t95pFVuP15w4LiOaufKk96VyRr8YDeoNmoQ.N g8H56_wjYNjPsdhUXjKnLyktQs_Hf8eKsEWCHF4zHhpxehJ2AqnoGNwWQWNs2z5vCFOaNBYI3Lp3 atQpJf.OkuvYtPjEoyWsuTlGWrHcrPwGEwTvoJodZp2FowBeS7yCXx8zGhYMdMTBOATR.koKd_eD oFuoMlqYhSXqriQGKf0rT5169PXAL3yOptqdIQRs5dokPcH4PIkcFrwDLK5OYdDbvRZSGlJvqxyr vue_axLPshAiIy3BNBKRKzGifX3I8Zyxg4aeN7Mq5I5n_Fox02oWiClyrbfmbjbpwabv33J1efrB oYSGEg8_Nxd.3Se29cQz_gDGFXG0ZQo6nGy_rHpYCGT5PJmvdyqfnEQadXmh0lqJqP1mxzlylQAl U8HCvjmXa0JMbi1tZQDKUqVxEol_dm8eKXMclx9UjzENsjwAW.FhUD2yqR2elogMMDv0Gd_m6nXT dRE4ElJYzSha4QnlkgIHDnHja7bbAkG8ezTuhC2wbTrAOfI0hyI7eNA.kW2XCIk45hR16N9QmNkd uWumAng8LpyQemN6qrdv62roK5msqVBdC4XCP_SXzjE6c2p0ppKsHZzmbAjWo4XPEbQ.pLW2TnD5 755LWnvt_gvkK7UTLfy.uQmKER3fDesd_UL3p Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:41:48 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp429.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID f2752b8eb39fa05cb2b42c74a9e475a4; Tue, 11 Sep 2018 16:41:47 +0000 (UTC) Subject: [PATCH 03/10] SELinux: Abstract use of cred security blob To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan Cc: "Schaufler, Casey" References: From: Casey Schaufler Message-ID: <39bcaa18-4c53-f386-5e89-8903a49a3256@schaufler-ca.com> Date: Tue, 11 Sep 2018 09:41:44 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 54 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 +++ security/selinux/xfrm.c | 4 +-- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..9d6cdd21acb6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -228,7 +228,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -464,7 +464,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, @@ -483,7 +483,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -1949,7 +1949,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -1971,7 +1971,7 @@ static int may_create(struct inode *dir, if (rc) return rc; - rc = selinux_determine_inode_label(current_security(), dir, + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, &dentry->d_name, tclass, &newsid); if (rc) return rc; @@ -2478,8 +2478,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2643,7 +2643,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2686,7 +2686,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2989,7 +2989,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, u32 newsid; int rc; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); @@ -3009,14 +3009,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, int rc; struct task_security_struct *tsec; - rc = selinux_determine_inode_label(old->security, + rc = selinux_determine_inode_label(selinux_cred(old), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); if (rc) return rc; - tsec = new->security; + tsec = selinux_cred(new); tsec->create_sid = newsid; return 0; } @@ -3026,7 +3026,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 newsid, clen; int rc; @@ -3036,7 +3036,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, newsid = tsec->create_sid; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, qstr, inode_mode_to_security_class(inode->i_mode), &newsid); @@ -3498,7 +3498,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) return -ENOMEM; } - tsec = new_creds->security; + tsec = selinux_cred(new_creds); /* Get label from overlay inode and set it in create_sid */ selinux_inode_getsecid(d_inode(src), &sid); tsec->create_sid = sid; @@ -3918,7 +3918,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3938,7 +3938,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3953,8 +3953,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3970,7 +3970,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3995,7 +3995,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4544,7 +4544,7 @@ static int sock_has_perm(struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4564,7 +4564,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; u16 sclass = socket_type_to_security_class(family, type, protocol); @@ -5442,7 +5442,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(&selinux_state, @@ -6379,7 +6379,7 @@ static int selinux_getprocattr(struct task_struct *p, unsigned len; rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (current != p) { error = avc_has_perm(&selinux_state, @@ -6502,7 +6502,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -6631,7 +6631,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cc5e26b0161b..734b6833bdff 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -158,4 +158,9 @@ struct bpf_security_struct { u32 sid; /*SID of bpf obj creater*/ }; +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 91dc3783ed94..8ffe7e1053c4 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -138,7 +138,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0; -- 2.17.1