Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp11371imm; Fri, 21 Sep 2018 17:00:21 -0700 (PDT) X-Google-Smtp-Source: ACcGV62xYZ2KzTih4f+kydffIxlILoxC5mRSZqXSRpGGSrRdJjlC5liTpkd5sTWMeEsCWLzs3rzW X-Received: by 2002:a17:902:566:: with SMTP id 93-v6mr62262plf.184.1537574421733; Fri, 21 Sep 2018 17:00:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537574421; cv=none; d=google.com; s=arc-20160816; b=iCwhmEyIYzQItQkKHUDq4KXLj008PUv/E3OOs8He9j7MtulbunH4IoAJiCmVrKLEhS XObMUWs9EmYQ9ikWY/DElmDWqQ4+R9PXtxlq1E4VTESVC/9RjIcLSqBwgbT5c7ubujJg hMNE68KGfcqEOIQOhnOezT42xn2MVxJ45NM7QJqMz1ZUYEZJjxw6wy+GnNTSJw2MQw0s hjJMip7g631bf3ehlOYDP7f+tlIK2TMXRVCvUZQdQTGWC/nNz4A8jFMim5MzhVX65e88 2XXLzBl4HAZMRq430lO1/ZoAxtL92pR/tZcoGVi/vT82KoEbfNFZAZCNnl+Cw0hPywDu s/yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:mime-version:user-agent:date:message-id :subject:from:cc:to:dkim-signature; bh=yI3y1RAtSUaa5X1VvZSk6B45eg3cxiuzbkTHwex6+Dg=; b=w0LdXytnbydodPPESSUTtZquzGRJFWvxVf0Nt8N7OsR3zno3UBD0V0LSnsZLM4pA5q sXv5DD+ME1YYLexIuoJzXbIXeGEOANJaRSu7aRcrrpeaYSLG4RqjKmhoKS1cUvLMZgTo 0ST2mE5cTgSbk/TofNUozDBzjRv2W0O6WhzWDu28XgkyuwR6EiE42V3wnUGvAyXpQgB3 sGhQC+t9EAna3CfxQ/6YwshBfj8aSKP76rHWSEnavz02oJ7X96utiHHoDvsD5T8NzHjr p6vpYuJD2ghM/Tc6m7u/WGQwwlbILJlhKzEQsS9AmRgMHktmiPBPt8AZEOWAfvCyNEfK vttQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=eSVwyCor; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t7-v6si28007436pfh.3.2018.09.21.17.00.03; Fri, 21 Sep 2018 17:00:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=eSVwyCor; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391683AbeIVFul (ORCPT + 99 others); Sat, 22 Sep 2018 01:50:41 -0400 Received: from sonic304-18.consmr.mail.bf2.yahoo.com ([74.6.128.41]:42299 "EHLO sonic304-18.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725756AbeIVFul (ORCPT ); Sat, 22 Sep 2018 01:50:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537574367; bh=yI3y1RAtSUaa5X1VvZSk6B45eg3cxiuzbkTHwex6+Dg=; h=To:Cc:From:Subject:Date:From:Subject; b=eSVwyCor/lRzgf6+0y+9BIrJSnKB/tZeNCA8eMkBsd+MsJO4lrds+pVZVL9PmB4fIgaj8o67iPuINtvSZ6wVwXtQ6kC7OTePPm94xjrCW0kuq1MPq2dNJFJ12tbr1Fdb4apAh7zdeLy3BrCNB77HzL73zf1MEMePKL34mlwT0/Ili5AeWCQJaGalIqJAyQcylbTfayHn1Oj/eFitH5bmm/txPoHdXyM44TsTKSsfzEp5TeVAbx3RJHHWkeo7LzSGIQvsk6zzzWnjU84Vzp7mwcffKtqAZ91xmFB56PNiXPdp/tyhedkVQSRMiKejkRv7Y3p5t7FvSHtXzziZND+X7A== X-YMail-OSG: 2o2_My4VM1nj9fCc.p9RosUdWmqEZxrgtOGjHbebznsNMnV2UR.Ok56w2g4M0FW pnlwJdulbpztUwcUke63q1bmNnNLex.MrpGfiSZaJnLIdbLtMf0WlBW8Drb1T6tgSUZ0ucb2HiTy 8pfNWIhV5leT15aAidyvawKG47Nhl7VflF25q0WBijcvHgLLZhW4kpBZbpFHRRzIJQj1rpK7rLEV p6ITsW25.HQFMDIeWe2rrDORCBu95MP3bWjm.7JIkowWH566NsPRkIsUUJnwY68h6p9_Rw54pLtz 6BcKGsQzrYdntliXLV62oMrqNzK_fw1.lZ8z8BblyuxV_dHLoV_.Cz8IB91U1Yq9t3x5TtvSH47v BZ1.XWmf7ln9Nh_n2uEnEX59fokuph_6hlGcBoo5sehjzS2qmhy_TB.Dnj1ErTIr3ecZHbf9gXTn shNemP7mCPTu4eX4e8LzgEiV9n4B6uJ7sZmAs6xRQ5nH_tO4ny1TKTj7HBolBzYw8A5KQYPIo9Q0 8T2oMOvXimHNKyZGzyZHSN05UUuV6WRWCwHxvaCxfYZCSNWlL0dcPQsnfU7SBXRYmVYArwaUFE3M d6cKTwiPahzSmdv7pfbedlCCXagEjnlt_OrkeMtxg1B166DxzWFEnVtPfAsC_yVdioLCww7rPr78 DKGJAjzeKggDrBycgAgw6RI4_wwEVpTY2ywEf9dAvYZVpGzEytBKQ5YXmaYmyXqwNILmo5c0tmVY 9BgMEit1X00qzcqxuwS0Su7J3rqAhub2OduCcrAnN3DQ9k21mCYM7fcqclZ8xY2xD4KDy08ByiPL yHkt09LgpDajycxyj55ti7y5fsgP58XAfT4Njp9i306pxLgLjbiUJ5KSgESx8OlU5IG9YYjtTh6S XS1lQfZK03NQ1EgDGtgDk1Q5oIKiSIbBVtW8FYWJBl14l7II5fvrJuMBpc5DQA3n8clLWhN51tXl pXzUXcEENo3riv_hIZzUqAjbb62Oa4S6teUV8gIgGR4Kfp2ZUXgyE6K5ydC_OR4ET9ReRsz2jwZL hK3lZDmS8A0qciQhgTCTBbrR5fTidLRRTS9p3nQh1oSnYriIfbHW6B2MbDlOxtw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Fri, 21 Sep 2018 23:59:27 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp426.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2bea0198d08c0840eb41a19b0854a8e4; Fri, 21 Sep 2018 23:59:26 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca Cc: Casey Schaufler From: Casey Schaufler Subject: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock Message-ID: Date: Fri, 21 Sep 2018 16:59:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v4: Finer granularity in the patches and other cleanups suggested by Kees Cook. Removed dead code created by the removal of SELinux credential blob poisoning. v3: Add ipc blob for SARA and task blob for Landlock. Removing the SELinux cred blob pointer poisoning results selinux_is_enabled() being unused, so it and all it's overhead has been removed. Broke up the cred infrastructure patch. v2: Reduce the patchset to what is required to support the proposed SARA and LandLock security modules The SARA security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. It also uses the ipc security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr. The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file, inode and task security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs are provided. A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules. The mechanism for configuring which security modules are enabled has to change when stacking in enabled. Any module that uses just the security blobs that are shared can be selected. Additionally, one other "major" module can be selected. The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, SARA and LandLock. git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock-v4 Signed-off-by: Casey Schaufler --- Documentation/admin-guide/LSM/index.rst | 23 +- fs/proc/base.c | 64 ++++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 24 +- include/linux/security.h | 15 +- include/linux/selinux.h | 35 --- kernel/cred.c | 13 - security/Kconfig | 92 +++++++ security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 24 +- security/apparmor/include/file.h | 9 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/task.h | 18 +- security/apparmor/lsm.c | 68 +++-- security/apparmor/task.c | 6 +- security/security.c | 438 ++++++++++++++++++++++++++++++-- security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 -- security/selinux/hooks.c | 333 +++++++----------------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 48 +++- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 55 +++- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 315 ++++++++--------------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 26 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 57 ++++- 33 files changed, 1098 insertions(+), 651 deletions(-)