Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp27316imm; Fri, 21 Sep 2018 17:22:02 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbQtw+2qYaS4eryN+odDi1HfafyE/ipM0y68t2DbVdX39SjonNDTLSBSB1m9F6AV7H9pIwP X-Received: by 2002:a62:1391:: with SMTP id 17-v6mr159289pft.34.1537575722547; Fri, 21 Sep 2018 17:22:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537575722; cv=none; d=google.com; s=arc-20160816; b=lLJfnIlZ6BNGN1uHyGYXqcw56T8rOKZ4aldVqCm6Ffaww+ekUoxvypDyAiC7I7aMRz XWoyn2E4bSkSt21DC/gzRx3WCx44Eh/XLrhWjjFyTU3B+XyuBxLXK1NTvyKC1YCxDIPa 4NrtrG1/0dfPT0qLyyPiAlIDujLREU4hAYw5+uaWO/sDNTSQhsBEkpSKsrs6iPnrmSxB vT0BGddFVhSxKVQeyU2HJnYTnelYbTXTRgMMOFqtfq9nTUU7tUdwDHLnVKyda2a0/Tcm vhv6nLA6fx2FR7t1/s4PpNst0NA2z8iDePoXu+l485UvRs8eIkVjySpiNuRKQAWjJn5+ s37g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature; bh=i/FeXI6VaSffmX1y1gpuicpe9EtDrQAWHmEzOnUriC0=; b=sbYKKcWCHvCsfl0uUOGY7TR9ljveUfv0a7TZHCiOFrrFLUNdSjaUbac3dZiBTHBvKo XFGTbu7hZQ6+fTNYdLQ32xWVrYNNzX58yPh+uusXm6KnEgPlNLcuLPW4iTxbqA+qK3Zf c70XCLbCZJvhJt+Rl5uSZuwGBPit/vI3NHF3LpDTZwb5gwJm4ggMWl2DkY1GkRZ0HOa9 It6sPSJpEFwo6ilr6xMzRz31lKy2/AV0Ka83KBGQU5KuBhNFfRMGq55MBJ1rtsepEDff qRBdhUo/Q4+B5PcBAh7JWBv+QR90TcUsUrEM8gkLlolDekVYfaQ9yvPYXcge8vfLK2Hv J6hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=FATU+veu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u69-v6si26286130pgd.547.2018.09.21.17.21.46; Fri, 21 Sep 2018 17:22:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=FATU+veu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392213AbeIVGLN (ORCPT + 99 others); Sat, 22 Sep 2018 02:11:13 -0400 Received: from sonic306-10.consmr.mail.bf2.yahoo.com ([74.6.132.49]:34571 "EHLO sonic306-10.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391758AbeIVGLM (ORCPT ); Sat, 22 Sep 2018 02:11:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537575594; bh=i/FeXI6VaSffmX1y1gpuicpe9EtDrQAWHmEzOnUriC0=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=FATU+veusBAp8RqgiYFYB8uBdP/nTVGcHrDWb3KefwqQsHUnRf9W3GDiJ5QIkYTl4CIaUuOsu5+nuZWaW5pShWncSLDJrlME48sXRDpiDee1fR7vYE+/FnvL11UEpza/6zQ4O3H4r5Peo92RX8pBX3glh2LUegLLevzmdWZVeue1dCs7Ciby1Y0rEsQvWlaO1WIua1IMifJ7jP5xuAdB+W8hixwBM9YUcHpKNafgnA5s/Lt3gS63yJAHHEYnvmVEJkPzctN/XDY940IQlLlLxcDzLPWXgAQu7zvGnSXn3QIDFk1FglV2yzmeFFZeSirNkLs/untperhR4/GECDP2bw== X-YMail-OSG: XuaOVtEVM1mikCscWceS8.HCm.CdAuEC6YfliI6G_vFCTRqznqbIa6p8F0rskD7 uZvg1h9_7b8ihb6tZHQZY979Su_pKSuzDFR1hvr6ZEWCJG1j_C02Rgc8e_thtwgp_QDWbImMAgOe G3xevsva0JwZKTo3151ZcNtHAXzKY8JbbRdiPYMlEDU_J8cEgM5Ssu_IF6OGLVLEM5H4cTZtMl2R OsnOYOj6RjsV4qZ9e9RhSD6vnWvxDb71S8Uz_sGuJ.DDldaM4SHvz2GMcVLJzFc.PoPaB.E.7W3A 0kOC_ND9kI9CO.vZKBLojJLD.Ft2u5iEqvh0U8U5SbzZ4R7xobeMxn8PM1pKeBYw68dfeMSd7WR4 gPlu2XvaMeM64k2W_gtTq8qqnbCOLWgN7df2PsLL7H8HzVs315KB7ZAyoE.FC09GGP64s333M3fK TVsDdrBxl66JEHrWwEX88oL7rdfEUrisC75ZT2H.c8d_RgGvD2YzR1Gi.JUAXb7xBf0HvMxl2dz9 PykWeApB33u2ggXRc5XpTw2fBTQD8ZfRxFdp9zyc_U1rF37lWWYh1Rqb34LWN2msUAJLq1PtbPHZ J4nJuEr4ApvAiauVhi4tMcKRGhEnjo7FwIjCiMVCcLYO5i00g0Vnp..WlNEqlgl8A1Jdd3Eoza_h SAxReyWoE.f3jO8i0dUjqJaP62YmoyAJ7dMmUoLunvWb2BaYbIcqdp394bdlSxYNUAglQrJzBYrr DS4O6r6zEnAWYOoYaKAgtWr.8F15zPQS1MAerCeHtZ4G6Yskc99Fk7WUIY8WgODPq.KKqOXSDHuj Bo3LqnCG1jzlsa8n_c2VR3yq7Bqq0iwjNEptm9ZWIL3fYW_aY6XTbE8gXOuDLdXnXc437pVFRtAm xPVi3ssbbn71fxgucZSMOz6VgFTsFZ1aakVETYj1XJgdPDfEK3HUFdLscGrDpighGCWoa7zyuZHr SeRbkgGMPfq8X7BGzKyzKdHIuOo8J1UNa2bAK9VFuQtD0wcPQRp4dOM__37DQPzLj04D8SXX46H8 rpGLlOwkqCZep8g_Exhscyw63C7ynnGW8bDqxBBo9ZQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.bf2.yahoo.com with HTTP; Sat, 22 Sep 2018 00:19:54 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp409.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID c77f6ae516e03a89627c63bd722d43d2; Sat, 22 Sep 2018 00:19:49 +0000 (UTC) Subject: [PATCH v4 16/19] SELinux: Abstract use of ipc security blobs To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca References: From: Casey Schaufler Message-ID: <383f1b1a-3d7c-46d2-a553-3a09f25bc1c4@schaufler-ca.com> Date: Fri, 21 Sep 2018 17:19:45 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 18 +++++++++--------- security/selinux/include/objsec.h | 13 +++++++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 389e51ef48a5..e6cb5fce5437 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5884,7 +5884,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, struct common_audit_data ad; u32 sid = current_sid(); - isec = ipc_perms->security; + isec = selinux_ipc(ipc_perms); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = ipc_perms->key; @@ -5941,7 +5941,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = msq->security; + isec = selinux_ipc(msq); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -5990,8 +5990,8 @@ static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = current_sid(); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); /* * First time through, need to assign label to the message @@ -6038,8 +6038,8 @@ static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = task_sid(target); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -6092,7 +6092,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = shp->security; + isec = selinux_ipc(shp); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = shp->key; @@ -6189,7 +6189,7 @@ static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = sma->security; + isec = selinux_ipc(sma); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = sma->key; @@ -6275,7 +6275,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) { - struct ipc_security_struct *isec = ipcp->security; + struct ipc_security_struct *isec = selinux_ipc(ipcp); *secid = isec->sid; } diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 591adb374d69..5bf9f280e9b2 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -26,6 +26,7 @@ #include #include #include +#include #include #include "flask.h" #include "avc.h" @@ -173,4 +174,16 @@ static inline struct inode_security_struct *selinux_inode( return inode->i_security; } +static inline struct msg_security_struct *selinux_msg_msg( + const struct msg_msg *msg_msg) +{ + return msg_msg->security; +} + +static inline struct ipc_security_struct *selinux_ipc( + const struct kern_ipc_perm *ipc) +{ + return ipc->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ -- 2.17.1