Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1177303imm; Fri, 12 Oct 2018 13:09:58 -0700 (PDT) X-Google-Smtp-Source: ACcGV60eP1mhLxB+ZxMRj7baZm4iYvBqWytssLcRm2G4wv1dbjIe4wQ4Zj0VTm6wt0Py9LgLRszf X-Received: by 2002:a63:f005:: with SMTP id k5-v6mr6847540pgh.259.1539374998362; Fri, 12 Oct 2018 13:09:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539374998; cv=none; d=google.com; s=arc-20160816; b=FY/5YY1xdiAA7n7nr9FcFdMqgDDrJBjDaD+r3R8WNXTSBoy74ZYtJGEcIUDy6AC0H2 qBZ6bsfhDbCjTe0eDmmI75LHBT9CuWO773PCGoiENAhy6cKWHPcNed0QDTTRlfQi07TZ YWLUV4VmfUtAHODB8ZCFsukX4XyUG3FMB5pqYE+bOz+lb5yPfaQUPNqLk1XFJnFq/CPz XmGJgRy7SXVL/aZ67/tsy8bDPCpb4Kb2Rkw2SA8iohNekEY55slfQsSMRQsCPbV9EXeE DbV9qjPUOW3OlyZFWixH0GGrv+tqHWtBUZ4gGR/iSu1h5zquFb7IXB9VxJZEqGKS8+nY c7yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=VsdDRCUqon7Z23teRbW7qQSFBgJ8uBghNMLixUZDntI=; b=NjkKjRlE6VrKrO54GvantJ9pHdfhvT0pWT0Ngan9nfQCNB4Sdtxk0g9kNffU9xLyG0 zHTNXXT7cLSF71opAlnOkCMjpKsgsu5DLT16XMCCQ7r9lzh4G6EXuS1wOl/CSrEbBnYF +B1ZwoTtj9seZsKHtROiqf9UUHI8f13MXASbbwZubW5ZC/4nFc8OCvQ230g1iJq//wCF Cql8PJaRDe5nLrVCYA/OOof82uWhIew2kZc/akpZPGQtM0mov4Utd21jaxYNDqLnKY2d l9RbQGIV5Z8iNxjdXOEK7AbqKsuoHiE/agRIE7V2Q9WEYa6U6o6A9t+M+m7i/LuX8fzE ujig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PZeRNXeM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l4-v6si2001614pgg.503.2018.10.12.13.09.42; Fri, 12 Oct 2018 13:09:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PZeRNXeM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726774AbeJMDl7 (ORCPT + 99 others); Fri, 12 Oct 2018 23:41:59 -0400 Received: from mail-yw1-f66.google.com ([209.85.161.66]:42814 "EHLO mail-yw1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726290AbeJMDl7 (ORCPT ); Fri, 12 Oct 2018 23:41:59 -0400 Received: by mail-yw1-f66.google.com with SMTP id a197-v6so5405948ywh.9 for ; Fri, 12 Oct 2018 13:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VsdDRCUqon7Z23teRbW7qQSFBgJ8uBghNMLixUZDntI=; b=PZeRNXeMAVVsgiVBD1qq1ljaOyjh4ctxO0IwL3jxwPK1WsLQStqkNZYOk5pJ9V2HmE alu3s50W5LLOmkg2QRwy6PLMA74sH54A2Le7RUJWMgOP/eKlhobOaUfrEzkQ9uZXaaN+ 65V7z+ugsyVB5LabpURmSuLhRjGy8KE33/G1E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VsdDRCUqon7Z23teRbW7qQSFBgJ8uBghNMLixUZDntI=; b=I1kM0i9EBWGkk+hkQQ5O+hJ1cy6oQ7EDqnB0dlwSTAU6GJVKwyhl8XZf9XhHJ5CsNc 8wTFM7FVnzDFC2mpdwL/Qg90FiWnO8Vv8GfQcFxqRVnoCly54KICtqoerOQCJAoDOzNh At//2nEbxsn1na3vtOLZMs/Dw/wTYonrk4WoDpdgUXHkJqioOkjl0+hEHaD2KeATGtz8 CH7JVztm2k5CAXtrOgQIfuCF4Kz3aJDUP98HRH4YbH264jlk4F0ItGP4rXf1KWhG0GpT TjAmdpd5aeApolQkVLUSodIkdVLrO0gwaK8qsx1EyUhwCN+6zECGC/+NsUHPU0I/HpYX XrXw== X-Gm-Message-State: ABuFfoiOEm/kB+YVYpVdqLy5+gVwRA7csQwNTGDPYpZrlO8gGscgSg9p mBj1xLDHAG796maikJdNduo3NSeiy/4= X-Received: by 2002:a0d:fec6:: with SMTP id o189-v6mr4474684ywf.237.1539374870242; Fri, 12 Oct 2018 13:07:50 -0700 (PDT) Received: from mail-yw1-f41.google.com (mail-yw1-f41.google.com. [209.85.161.41]) by smtp.gmail.com with ESMTPSA id 84-v6sm536990ywn.83.2018.10.12.13.07.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 13:07:48 -0700 (PDT) Received: by mail-yw1-f41.google.com with SMTP id m127-v6so5419489ywb.0 for ; Fri, 12 Oct 2018 13:07:48 -0700 (PDT) X-Received: by 2002:a0d:d302:: with SMTP id v2-v6mr4531436ywd.124.1539374867898; Fri, 12 Oct 2018 13:07:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Fri, 12 Oct 2018 13:07:46 -0700 (PDT) In-Reply-To: References: <8010a7d0-c6a0-b327-d5dd-6857d6d42561@schaufler-ca.com> From: Kees Cook Date: Fri, 12 Oct 2018 13:07:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 21/19] LSM: Cleanup and fixes from Tetsuo Handa To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 1, 2018 at 2:48 PM, Kees Cook wrote: > On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler wrote: >> lsm_early_cred()/lsm_early_task() are called from only __init functions. >> >> lsm_cred_alloc()/lsm_file_alloc() are called from only security/security.c . >> >> lsm_early_inode() should be avoided because it is not appropriate to >> call panic() when lsm_early_inode() is called after __init phase. >> >> Since all free hooks are called when one of init hooks failed, each >> free hook needs to check whether init hook was called. >> >> The original changes are from Tetsuo Handa. I have made minor >> changes in some places, but this is mostly his code. >> >> Signed-off-by: Casey Schaufler >> --- >> include/linux/lsm_hooks.h | 6 ++---- >> security/security.c | 27 ++++----------------------- >> security/selinux/hooks.c | 5 ++++- >> security/selinux/include/objsec.h | 2 ++ >> security/smack/smack_lsm.c | 8 +++++++- >> 5 files changed, 19 insertions(+), 29 deletions(-) > > I've split this across the various commits they touch: > > Infrastructure management of the cred security blob > LSM: Infrastructure management of the file security > LSM: Infrastructure management of the inode security > LSM: Infrastructure management of the task security > LSM: Blob sharing support for S.A.R.A and LandLock > > Based on these changes, I've uploaded the "v4.1", or "Casey is on > vacation", tree here: > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/blob-sharing-v4.1 > > I'm going to work on a merged series for the "arbitrary ordering" and > "blob-sharing" trees next... Here is my v6 (v5 plus small fix I noticed) with my refactoring of Casey's blob-sharing series on top: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/ordering-v6-blob-sharing procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob TOMOYO: Update LSM flags to no longer be exclusive Notably, the last patch from Casey's series is entirely removed. Additionally all the per-LSM initialization changes were removed since the blob size calculations now stay internal to security.c, done during the "prepare" phase. -Kees -- Kees Cook Pixel Security