Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3563623yba; Mon, 8 Apr 2019 23:22:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqwzxt5oOE5+ocvosxyb4TyvTxWxsEgR2NmOh2N9py9YVfIHBv2/Z69sgnEsTeaPUTDXFgPm X-Received: by 2002:a17:902:7c8c:: with SMTP id y12mr34819703pll.209.1554790948265; Mon, 08 Apr 2019 23:22:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554790948; cv=none; d=google.com; s=arc-20160816; b=CjHAPYre3KBGM2s2JJ5RnyjCYQygmhWKOtz+zORWyk8ivbqZla+xE/3dnqqx6rx74j mJwbH+Wz1KY2H6hCy+cP0G6SGSPGuX0U4oD1V8rQN3+y+4d9z+JVhwNabBh513/FQLMR Xhdg2qtnh/2cwU5dHMMAgdc41A+7FFhV2pnSGgSRwKJs6MdHU3Al4AP4wcPDuT71w/lB MI5KxBAO06LDKnVf/xTn2qtdgxJlV0IjGPdH6jUqOTRIXkxBv/pU6w+82QYYG+EBRJ1J C5CTU7TARh3Jpw/Qc6c5x4p2OEuxcBkhnFsvGd8HovaVUqMt2ph4/0UXJmB3uSewZLow 1j2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=5hvlNivR8VkvART7uyUNxm4Yu7jNqlP3IBinQFJAIRc=; b=VtDP20hADvW76+2JBUfMUvozQreiTU1jy2tcIiYAKygAfBmx+n4WS4UCAQzFc/jmYa Ych18eHScD6/RStGFO3DPFwaFg+qkjpNQebylKQt/Okje71nfEJESl0y1nClOhKhTUuA TOI4xW7veGOz2LqzGQiUS7H6ehtYIi9mEgUzXYm9BODI0Uv206lMcoVn59sZU5jxhfWs U0QHWSEPLApmUTbCzCcXTLrOvKSQ1fokzOVyQWz9qP2ZTGVRYtuzcedGRRG6TbLTsa/l WUY8DlCSSInlN2nb3SvsfVkK3FhAKTzk8x6orqxyUxhQqwHth3EhVtCKGOqlNUkywdEe ycAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b30B1H1w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q1si30037879pfb.68.2019.04.08.23.22.11; Mon, 08 Apr 2019 23:22:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b30B1H1w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726388AbfDIGVg (ORCPT + 99 others); Tue, 9 Apr 2019 02:21:36 -0400 Received: from mail-io1-f67.google.com ([209.85.166.67]:38992 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbfDIGVg (ORCPT ); Tue, 9 Apr 2019 02:21:36 -0400 Received: by mail-io1-f67.google.com with SMTP id e13so13247917ioq.6; Mon, 08 Apr 2019 23:21:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5hvlNivR8VkvART7uyUNxm4Yu7jNqlP3IBinQFJAIRc=; b=b30B1H1whGteyy1JzywdfR7b050WfwRtu6icxC4WvMiEp4eG7Nv7AQ2Z3nxiFhDFN9 FlqSKGZJhiKGqYQ4Rxk4VxD8Famlg1G5SY72sdv7IYmeb8Ohlda57OIk6PmTOgXFPU1m ajW7H8QNcrCTxpK40Shur25fak8H6vDML47J4rQ2zVCTh36/QVXGaAw8c3nJ7SvAiKm2 rcEQOZ1TTlBFJx8/9ebzM6aj3GnctJiVkbpWKtp8oFq5zBOy7KuH6c7wXr1aqbNJqq6Z KJXCrZEvy0K2DJHEBZha3YJLcHsf8c80+GgC+K00Gq2O4JIDm810zshJoSo20rpzd/c/ TFnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5hvlNivR8VkvART7uyUNxm4Yu7jNqlP3IBinQFJAIRc=; b=VhzxonHN8fSFtGl4aPb0/aQzzkLFVjNi8bpjvvdyCHTT3w6eejQY5MOJDrIDfcWP3B xgvWYxnZuFrghQ/EHxhhB8L73TWkW+L+DOBDUVTMkAc19C3D0LJXQy9edlQtBcgRphMV c+PBtS7qByHB9CujCC96XQye1wqxdu5MeNzky+S16WcxgOd70GaXPYCT/v4WpGxpamfh cpwMtxuElu0qC2vhN0ykfwJubvGwY0MO2WehunMjRaYAV7iXEfX59Y2UI675la0usTbo EgVOZH5s1pJ4Biqy8Axb0EwmZ7pT3E6VV/6rRiH/Emv3hUR8/16zNfrlLIj+D1idhLDg 38eg== X-Gm-Message-State: APjAAAXAoNVNF8Q3FOop3z5bFQOKi1PrHs7qn8q5E+qv104+hKrGkDjH bdPlNSGpJ6Z82LE3JSYZeERLTRhvOvQ+dyoYSqI= X-Received: by 2002:a5e:9912:: with SMTP id t18mr22383532ioj.157.1554790895426; Mon, 08 Apr 2019 23:21:35 -0700 (PDT) MIME-Version: 1.0 References: <20190408160706.GA18786@beast> In-Reply-To: <20190408160706.GA18786@beast> From: David Rheinsberg Date: Tue, 9 Apr 2019 08:21:23 +0200 Message-ID: Subject: Re: [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled" To: Kees Cook Cc: James Morris , John Johansen , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi On Mon, Apr 8, 2019 at 6:07 PM Kees Cook wrote: > > Before commit c5459b829b71 ("LSM: Plumb visibility into optional "enabled" > state"), /sys/module/apparmor/parameters/enabled would show "Y" or "N" > since it was using the "bool" handler. After being changed to "int", > this switched to "1" or "0", breaking the userspace AppArmor detection > of dbus-broker. This restores the Y/N output while keeping the LSM > infrastructure happy. > > Before: > $ cat /sys/module/apparmor/parameters/enabled > 1 > > After: > $ cat /sys/module/apparmor/parameters/enabled > Y > > Reported-by: David Rheinsberg > Link: https://lkml.kernel.org/r/CADyDSO6k8vYb1eryT4g6+EHrLCvb68GAbHVWuULkYjcZcYNhhw@mail.gmail.com > Fixes: c5459b829b71 ("LSM: Plumb visibility into optional "enabled" state") > Signed-off-by: Kees Cook > --- > This fix, if John is okay with it, is needed in v5.1 to correct the > userspace regression reported by David. > --- > security/apparmor/lsm.c | 49 ++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 48 insertions(+), 1 deletion(-) This looks good to me. Thanks a lot! If this makes v5.1, I will leave the apparmor-detection in dbus-broker as it is, unless someone asks me to parse 0/1 as well? I cannot judge whether the apparmor_initialized check is correct, but for the parameter parsing: Reviewed-by: David Rheinsberg Thanks David > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 49d664ddff44..87500bde5a92 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1336,9 +1336,16 @@ module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR); > bool aa_g_paranoid_load = true; > module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); > > +static int param_get_aaintbool(char *buffer, const struct kernel_param *kp); > +static int param_set_aaintbool(const char *val, const struct kernel_param *kp); > +#define param_check_aaintbool param_check_int > +static const struct kernel_param_ops param_ops_aaintbool = { > + .set = param_set_aaintbool, > + .get = param_get_aaintbool > +}; > /* Boot time disable flag */ > static int apparmor_enabled __lsm_ro_after_init = 1; > -module_param_named(enabled, apparmor_enabled, int, 0444); > +module_param_named(enabled, apparmor_enabled, aaintbool, 0444); > > static int __init apparmor_enabled_setup(char *str) > { > @@ -1413,6 +1420,46 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp) > return param_get_uint(buffer, kp); > } > > +/* Can only be set before AppArmor is initialized (i.e. on boot cmdline). */ > +static int param_set_aaintbool(const char *val, const struct kernel_param *kp) > +{ > + struct kernel_param kp_local; > + bool value; > + int error; > + > + if (apparmor_initialized) > + return -EPERM; > + > + /* Create local copy, with arg pointing to bool type. */ > + value = !!*((int *)kp->arg); > + memcpy(&kp_local, kp, sizeof(kp_local)); > + kp_local.arg = &value; > + > + error = param_set_bool(val, &kp_local); > + if (!error) > + *((int *)kp->arg) = *((bool *)kp_local.arg); > + return error; > +} > + > +/* > + * To avoid changing /sys/module/apparmor/parameters/enabled from Y/N to > + * 1/0, this converts the "int that is actually bool" back to bool for > + * display in the /sys filesystem, while keeping it "int" for the LSM > + * infrastructure. > + */ > +static int param_get_aaintbool(char *buffer, const struct kernel_param *kp) > +{ > + struct kernel_param kp_local; > + bool value; > + > + /* Create local copy, with arg pointing to bool type. */ > + value = !!*((int *)kp->arg); > + memcpy(&kp_local, kp, sizeof(kp_local)); > + kp_local.arg = &value; > + > + return param_get_bool(buffer, &kp_local); > +} > + > static int param_get_audit(char *buffer, const struct kernel_param *kp) > { > if (!apparmor_enabled) > -- > 2.17.1 > > > -- > Kees Cook