Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp219530pxb; Wed, 4 Nov 2020 20:27:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJyW8BPsoxGy/SyLEWqWn5JGNhg7UQrblEEGiiapYHohdZIsSSI+csw3scRaHGrK4XClaqCF X-Received: by 2002:a50:f98b:: with SMTP id q11mr691781edn.345.1604550455529; Wed, 04 Nov 2020 20:27:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604550455; cv=none; d=google.com; s=arc-20160816; b=T8nLJetYdVIvVapxxPS59KQ8Av5emDrzNxnM+SRJwds0iqvEupIhweP+s9ynaVsdbb gKvgSMtLgKVui000UDwZ2tgSXH7CUjApUfMGdOknswcIUniaJKGAteGdmAASz5K7TdnS jXvAQrVzm1SoLYQcT7d3eiW+9cn0FzEU4ljL6faKOSqrb2ZpTkCzyTrairsNLrNzYNPE fSjJMF1KxNMDtr93PP/jucSPNFhS2oAZ93mxWZYwOOISKxkyTZK5quFBtne1C9NHLwuV dHqMwZ0TU1DbOstvkDhG+cWwoOMxAZQRMdXfNg1JRAvgL9MLc/2zlN9rtNoqFXQCd8ZL JXfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4i+kcv8akOTQUE9hmm6XfDFksnqK9So86R8nxAIOwmo=; b=PVF6OwCjF8NV7AGF6J2e2IO1Rgt0kDiqfdfcACyLHFA8GSxiBkcfvjGpGHIB9AA6HP SjWaOqN4Wit2vuopMlGc+FexMYNa2Q/mXGK7sKM21hCsRsL11gUm2hJxjTa2ZBIQ4x3G BB2n2ZnN6kEDF2Z/W7Hv/KQth7yDqLm03nuu0WwkhPy1f1EokEGjW4rZKtLLqST2JrWl njECUQq6ENyihs4qG465VtNJKsCa7oz2RjfmEnQjttg90TCAkAa5H3Rej7E7beDJ11px Ichcdnp4DSCWf5EuGOks/57jhaZE4wnO0V/AqRbM5I+GnJ/LyJ50jxtO1W8NCTzovEQ5 Wjrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=BbjA3W4S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d14si322237edv.394.2020.11.04.20.27.13; Wed, 04 Nov 2020 20:27:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=BbjA3W4S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730705AbgKEBK1 (ORCPT + 99 others); Wed, 4 Nov 2020 20:10:27 -0500 Received: from sonic313-16.consmr.mail.ne1.yahoo.com ([66.163.185.39]:41686 "EHLO sonic313-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729866AbgKEBK0 (ORCPT ); Wed, 4 Nov 2020 20:10:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538625; bh=4i+kcv8akOTQUE9hmm6XfDFksnqK9So86R8nxAIOwmo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=BbjA3W4SGTn3jCTgWo7aA5ib7bVfoxLRcDuO6BzNAl/iK4W335lmqcI7IgbV7NFXKLH25N4I4TTvtpoGDcUuMuAap55wm4SsvkMISQ4lXxNkmasVqigJ8n0VAHAo91x5FmhRFHY3LROrHQUNrIUnqZ2YAxJjtH9yiiFPykjlRRHgKLHYAlylg7rZzwG1cxGVjkq7A1POROi9R/62agoZ72miL0Dlg5yk1UYvpP9tyCARR8o+cfKD1tEbuSW7ox5d5o0VnpUn8maYh4C9tZILcRWY3xqdzRZV1LTS/hxaaw9B/VvSb2XtphRz/rfis6XrDNzMnk8TjNIQ0TaWO4BfYg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1604538625; bh=rj7z0LJRoXFE0SUhho0f7Ghxg/nDRpm8ZPm/PLzu42T=; h=From:To:Subject:Date; b=k1k133Glcg7trLYLN8cAlQSrVThx1hzjwvtlFP/UV8QinqfcMKD+WxzXOlAwRulciPvpdZJd8YB9BRKgibI8ZaO9flte2hgl044bt44SmiiYfLenjYdf/ntDZvpYUiucZMW0ajGa5sl/oTGLY7ukMJcsmURabTdz+uXB5zwF4btE4kOyddSnXP2zxDJKldTd/4CCVU+1GOMom/pvW/Z1lGRL+1x74+1rymlbtxlGvD2XMc8dcxCvNdxbPCqkotF74mApQVNkUKKZf+GzO1rTFrOSrtz7UexGKx4GwFYB4dft3rguf7MnH6XtkS858+HrN9USDKHnvjp44M72ufaAVg== X-YMail-OSG: IECdtoAVM1kw_pORLL3D9Lo6xYsaZz9JhKJiMsSwZ0DslY2Rl8NxsvWPUucCe3i _QFXUBRvQUSfKYGjWrW53s6U7eURxPXJg1QlpWjL0Hanwb_jo.5a7_keWlVMknOyV8IT5Vc3Rd_I rWbtMDhqtsZ2NKQY4x77Zt2drlFZ29ICQDGICut13Ot.Spzxu9RaJoie6Ut.hCHVVFHYzaJ6L0gR XtJn_GLn4Ex0aivsoFBsj86a_SV8E5fLzETxqSOlT5kMuaQmGgstR7qYVtg7zvHEZWzmlEv8FzO9 7rcs2x9PxOCTcMn7EfHlHuo8JZ1Wyu1fyEv80Qwd_hNggR3W5BMXcZKRdAFUT2F65kySc_gtD39T jMn_ec2yvtPjuPnr7V.Zd3Dfp3nU6lUKbSgRi2GxZ.JcrN1uSTgjMHh_3ufInC67Jy_nFm36382j yBm1q18IydqtrHNPWpo0UVF8GY_lw1NQXHZd6bNWnL04wmD8I4_kuqdc2fn9N536CUp99t3NK6r4 C3f.8W_VkHN1PyR4P3t1FunqAoPPwG0yUWMHrLd8WErsdfGaXT5V0sGAAzvtEu633TFVZYLWhqg7 ODwxLWiZRI2TK7AJ0Z3QZ9clvWp7WHyD7ZyZxgpGzrS6DVEHo6TCPmI8RMB.wlts_KAVCGiBExIo 27k7Lc8yxIpLSDI2nre7sMXQs9MY9y1zwyAtN67yeiT0BZBUAqTGjO.jcCQ1U3cS0VbDOKfwLyzd NcZA.sDRQYHfSD9Mf9VGLHYe0itSoWyfKOecKLKqgl1WAwNjzcrcol5nlup1d7NjdYyvw3uh5HDb Tz_pOBj5TrRuTsJXh1jNiB1n0qXs8JGsixSDaSqKipO1Y6Y9mLPEOp8CwhN3ZUUUSgDrR8xmbWo4 ArAn3IoN5xLnWodkBGwG2hKI9r.Th9yX0yrjY.3bUvj0qmvseNCXZuXQJLb.n0vLUi1zk7SWsTje GfQZvF0ROP41idpq7A2eLQncNxYL98vPYaCTIVjEw6WlTqp02Tf9FY0vh1SD_Y5V5cx1GCdD9eAx d08jg.ymKoFs48s65THf01m95Ne88tymjNwHFO0bSmBqcNJlR5TVpOtzgGyu1pVY0FoVPiTOzc61 AjLmxv92MkVr0g_J8tnKPerykpGg.hpVXTGIao9NJToYliTMO4TtyGfYLm__mkF1Tp0kO2yRAlQY 8pTr1su6Xtpb1okG2i1bTxbB2R.CbsJhgcok2vCxA6HZoZahEmPP1rtIxfTVT8mxHzS_flBEKOjU pWRhlo0o_C6X0zQ2wcZ3ybaEbL9ZpHsUciAQH5DBFArEEC2zX1ekF7Dqdqi5YAXhgxmV4dI7smV2 vbRK2atExV9mqSHlShxv6sOwMQfzZG6MZFvo1gsxQnzRtI_HX8NmFdNMwx1DJD3jSkurFJ_EsLKK OGrnsHRg6esQyvI8yX_OD4gSaPv3LioSiKLOJy3JffURhD3xw7j0Gv.ohNinpYLSpLxhx14L_k5m 2TNQIrkOM4esFmjZz86pkq8c4JVgaX0ojGsAhqUGaHVAp_lHH8gBzIwPlfIA0nJ2NmqLYCngqWlM Op0ooOVUmljiFKJegFViX3Jwa5RpkYZ9PeR0.vejrx9R56M7ewTQYxXBv0EmcQzXK4ZVDpysLTpS W1Xmff9J155xkEKDtow6MNDjMdSxUiq6T.rUpRcqhHLJRYC6xjVEzJZjBzW6T.bu5y.GJampXK3H 9xWhz1ShW2VxvsGwuOaN_LJpZViVRaIicXNHdShEyK68U_f2dWv__MoRVlHiliEeQPqlZVGaWjXm e.mnB6_vtJndHTHbOufP0tKCEnnFbKmwp53312xx72nWEN1HTdRJhZ5WqCppHvBeTvfbHsyCKoxS BAyd9SQKTPUgKU_XxRe3cX1x7M21oEGhJ4F7miCwUzUasUJVkLMeZAs9IQfKh2KVmUdEYrZs_QEE 2KFPmTzQZ4RYu.mgmN0yurPZ4H_XL6rVmZRHI4sb9XOorifKAMgQpmtyn4Sk0BOWPnAc9TAqGuRV y6aDC8GNi6gu2FRsvjKFgDxBeQ1l.A_MjwgDvoqLaKPkLPVugFdfOcXGQMdjjq3VScqgE7dpAt1t RZWucUTRIVoVKLmRNWjt0yK8NFJcipFxDIMKcdwh1qlYMm0ycfk.bjVIpGX4gEhaRkJDLX92kdyF _d4V3AprtKU8stKhp7Yap6ZplOaCrr_yLcT0IvzNTrnp8nOr3HhVf99wG7y2x3To5DVGjjHRf7hs uLrmGSohr4EqYOqLRNv1rbMwWLBelEbmOrYEzvQa7qEW1L57KzUzpADgbhP7Tu0aa2OhkuryfbgJ TQjIY8hkwVG2.Idg03VMH548zG8Trmp4E_CJjlrO16zSOcqKlyWZN8YwIxOqfHl4H_QvFjI2gCvE KJj0uSZqlfPoIk4vYkQNSFdQzro8j83Q159K1R4ddLaygYt7w5F0yRORmjXFyVLi3DvXxrzU4AyS ZTSAMXVFAycGuibvXgf1bkOmTMkP0YXslzoOFuVyMxZjTD4q0Ob5TYkIRyGUzaHme_8d0qb6B.tv S_NzJgQtJG_pFUIBZxND5iGviH.zbNfVhQjExFXUIdmQqDKoaGxqS6bXb3EoaBCyVlswwsT81pRs cSgof3NFw4mLD4rpwZCniwxNMIcs2W_SppWAscTMPqZglq1Zly3LA8QMS3X5U98tVCB0LTlF.AF1 FmTQcVrnh3.U.IKqFoCHgD5loees5jR7_of6BFb3nKYFLOQu6U9Cjixw9XZeYxauEnZfNqc2tOEB okvDQCrUhQuhw3WPfulnprfE6G0jiozbjy3HdgNjImImedE9xVJwCIqftqRvKBs28sm_fUSmkRKP Fn8BSsgAT2cNMg75gW46bjW8Q1I6C3Ng3VkpNnnK49BFaUiNL6lkgiH9mOuwwdk1XTZ.ZTjqiTgs rjeR77HqtP7T_EhSD65BtDDCJQrIZpWJ2p9cxngMgsri58VQLDMbxFjnWWJ0rRaJRBwyGiURu.OP FHwhQjPbUzCQ2PpKy2DG20KT.VhcCST8TvPwfh26aNEXuUGxQNtHVyCB1cl7304I7tMhcYOZjjZz rIOD06NPlsZ8xizsgUQmIy1IpejEQxYzuytZAXk36BA.IXmLdUb2d0KNzRfUTtdorA0SZG80dQw2 ktjGamk8qQFtWyLvY.9jwxgE6.Lh4fgpzN9mkIF33jUMY6XDII8.o0hZvsZOJx4ns5DxUPx93.FR MoZ0l0Cj7jNfu9p.1RreX6Gke6C0gWz7ZkxFElr9hQiuXag5ayddW7EN1hWkKnAAK6Yy3Cegjp9U FDwRssgzwHeLufHMEy88NM8SpRhQd5n3AIWsuAHUAWR7p7OR7tBVcOqx347tYWjrlzlchz5sCz3h jSifp410- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Thu, 5 Nov 2020 01:10:25 +0000 Received: by smtp422.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 4b27f7017aa0de7d88a033876570fde1; Thu, 05 Nov 2020 01:10:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v22 18/23] LSM: Verify LSM display sanity in binder Date: Wed, 4 Nov 2020 16:49:19 -0800 Message-Id: <20201105004924.11651-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201105004924.11651-1-casey@schaufler-ca.com> References: <20201105004924.11651-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Length: 1859 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Verify that the tasks on the ends of a binder transaction use the same "display" security module. This prevents confusion of security "contexts". Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- security/security.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/security.c b/security/security.c index 6c8debdfd629..c6b0f854c4a3 100644 --- a/security/security.c +++ b/security/security.c @@ -791,9 +791,38 @@ int security_binder_set_context_mgr(struct task_struct *mgr) return call_int_hook(binder_set_context_mgr, 0, mgr); } +/** + * security_binder_transaction - Binder driver transaction check + * @from: source of the transaction + * @to: destination of the transaction + * + * Verify that the tasks have the same LSM "display", then + * call the security module hooks. + * + * Returns -EINVAL if the displays don't match, or the + * result of the security module checks. + */ int security_binder_transaction(struct task_struct *from, struct task_struct *to) { + int from_display = lsm_task_display(from); + int to_display = lsm_task_display(to); + + /* + * If the display is LSMBLOB_INVALID the first module that has + * an entry is used. This will be in the 0 slot. + * + * This is currently only required if the server has requested + * peer contexts, but it would be unwieldly to have too much of + * the binder driver detail here. + */ + if (from_display == LSMBLOB_INVALID) + from_display = 0; + if (to_display == LSMBLOB_INVALID) + to_display = 0; + if (from_display != to_display) + return -EINVAL; + return call_int_hook(binder_transaction, 0, from, to); } -- 2.24.1