Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp35239701rwd; Mon, 10 Jul 2023 04:51:10 -0700 (PDT) X-Google-Smtp-Source: APBJJlFJUDEnRRohC9IzBpzM91ePVCIyA5owvAn+k3sFZTHMmPlOPWB7Z8bpsYlgzQPygIhPjO9t X-Received: by 2002:a17:906:c0cf:b0:98e:f13:e908 with SMTP id bn15-20020a170906c0cf00b0098e0f13e908mr12255153ejb.60.1688989869729; Mon, 10 Jul 2023 04:51:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688989869; cv=none; d=google.com; s=arc-20160816; b=MuZRMkf3PnJoAUNZixEFezDLegGOzU7YVugEaSpWuI4FWQHQOeZTRySGUA4n8SOFmG sxHfXNxmKWZ0elXTfSTbQ6FlqaIRz/YTF/81Wt2Us7pnZ/p27D+dmCRR7Q/yxmwX4Ak1 EpVsvK4xD7t02hdRXEOZodkXme5Gjdi1saMz6ozy+d5cfKT3+JSTBsfrrYN0HUV/8qcK 1uJyNxfdSkZT5Q4qbzNo7Ajr3Ft+kJ3dTclJ1W7Wuy5UQiFQgxncwck8NmK8HGTcpV2G QvbiQKhjF3j5OYH5shKKZ+k0pDR7nmzwHxAwteXqe+aWNbW0k6lbX6fW55eluBg6Twtw y+sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from; bh=tVbn+vNPzrlWDwoUS5/1RjOB7sgf9Wr7sYdcGONYHnM=; fh=XmWF9XfVxriV9HvdKqMb6KHEGw2y762qN7GZzdFCqto=; b=WrQaF+P74KWf+pfolGBzd3JIOk6xYgVFJsYwT0TdyV32C6eTWo5+Mfzxk9h4f5/k+F amb3xdzNRTgVEM8AQzjY3yaKsX2n2A+FpPur+pTNZ6I+BPpUgMHgBhqJBnD+sJhrQMcI aVHBvwGxnmHTkw81Y5d6WfM0OKbCShjL7msxSb6KLMcDYLmdeAv76VYTsAxzUKVyly1L RNWyGqMniuyoN6K6kUXmuUwnQD2dBeUMUEBhJD6n3cuOP415ez/KfmvwEhBHx6aG8UWe 806z77QV7LmEkgD5nHPD0PIJqwhJfN7zUPSJdrAtVBsI7HWMWx47CSQ0sDsCvs39GlKx FHjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr24-20020a170906fb9800b00993d5cdf483si7489969ejb.807.2023.07.10.04.50.43; Mon, 10 Jul 2023 04:51:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232167AbjGJLDZ (ORCPT + 99 others); Mon, 10 Jul 2023 07:03:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229959AbjGJLDW (ORCPT ); Mon, 10 Jul 2023 07:03:22 -0400 Received: from blizzard.enjellic.com (wind.enjellic.com [76.10.64.91]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 19F1BE5; Mon, 10 Jul 2023 04:03:01 -0700 (PDT) Received: from blizzard.enjellic.com (localhost [127.0.0.1]) by blizzard.enjellic.com (8.15.2/8.15.2) with ESMTP id 36AANS4r019794; Mon, 10 Jul 2023 05:23:28 -0500 Received: (from greg@localhost) by blizzard.enjellic.com (8.15.2/8.15.2/Submit) id 36AANSso019792; Mon, 10 Jul 2023 05:23:28 -0500 X-Authentication-Warning: blizzard.enjellic.com: greg set sender to greg@enjellic.com using -f From: "Dr. Greg" To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, corbet@lwn.net Subject: [PATCH 11/13] Implement security event mapping. Date: Mon, 10 Jul 2023 05:23:17 -0500 Message-Id: <20230710102319.19716-12-greg@enjellic.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230710102319.19716-1-greg@enjellic.com> References: <20230710102319.19716-1-greg@enjellic.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The map.c file is responsible for implenting the description of a security event into a security state coefficient. The following documentation file provided as a part of the TSEM implementation contains a description of this mapping process: Documentation/admin-guide/LSM/tsem.rst The mapping process takes a security event description, that was described in the event.c file, and uses that to drive the mapping process. The allocation and mapping of the event is unified through the tsem_map_event() function provided in this file. The function for a security event state coefficient mapping is as follows: Sp = HF(HF(EVENT_ID) || TASK_ID || HF(COE) || HF(CELL)) Where HF is the cryptographic hash function that has been designated for use by a security modeling namespace. This function is fully described in the previously noted documentation file. The TASK_ID is the security state coefficient for the bprm_creds_for_exec security event hook. It is generated by the tsem_map_task() function that is implemented in this file. The TASK_ID mapping function uses the same functional expression as the security state coefficient mapping but substitutes a TASK_ID that consists of a buffer of null bytes equal in size to the digest size of the cryptographic hash function being used in the model. Signed-off-by: Greg Wettstein --- security/tsem/map.c | 531 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 531 insertions(+) create mode 100644 security/tsem/map.c diff --git a/security/tsem/map.c b/security/tsem/map.c new file mode 100644 index 000000000000..45f8ee6eca89 --- /dev/null +++ b/security/tsem/map.c @@ -0,0 +1,531 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright (C) 2023 Enjellic Systems Development, LLC + * Author: Dr. Greg Wettstein + * + * This file implements mapping of events into security event points. + */ + +#include "tsem.h" + +static int get_COE_mapping(struct tsem_event *ep, u8 *mapping) +{ + int retn = 0, size; + u8 *p; + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tsem_digest(); + retn = crypto_shash_init(shash); + if (retn) + goto done; + + p = (u8 *) &ep->COE.uid; + size = sizeof(ep->COE.uid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.euid; + size = sizeof(ep->COE.euid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.suid; + size = sizeof(ep->COE.suid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.gid; + size = sizeof(ep->COE.gid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.egid; + size = sizeof(ep->COE.egid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.sgid; + size = sizeof(ep->COE.sgid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.fsuid; + size = sizeof(ep->COE.fsuid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.fsgid; + size = sizeof(ep->COE.fsgid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->COE.capeff; + size = sizeof(ep->COE.capeff); + retn = crypto_shash_finup(shash, p, size, mapping); + + done: + return retn; +} + +static int get_cell_mapping(struct tsem_event *ep, u8 *mapping) +{ + int retn = 0, size; + u8 *p; + struct sockaddr_in *ipv4; + struct sockaddr_in6 *ipv6; + struct tsem_mmap_file_args *mm_args = &ep->CELL.mmap_file; + struct tsem_socket_connect_args *scp = &ep->CELL.socket_connect; + struct tsem_socket_accept_args *sap = &ep->CELL.socket_accept; + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tsem_digest(); + retn = crypto_shash_init(shash); + if (retn) + goto done; + + if (ep->event == TSEM_MMAP_FILE) { + p = (u8 *) &mm_args->reqprot; + size = sizeof(mm_args->reqprot); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &mm_args->prot; + size = sizeof(mm_args->prot); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &mm_args->flags; + size = sizeof(mm_args->flags); + if (!mm_args->file) { + retn = crypto_shash_finup(shash, p, size, mapping); + goto done; + } + + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + } + + switch (ep->event) { + case TSEM_FILE_OPEN: + case TSEM_MMAP_FILE: + case TSEM_BPRM_SET_CREDS: + p = (u8 *) &ep->file.flags; + size = sizeof(ep->file.flags); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.uid; + size = sizeof(ep->file.uid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.gid; + size = sizeof(ep->file.gid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.mode; + size = sizeof(ep->file.mode); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.name_length; + size = sizeof(ep->file.name_length); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.name; + size = tsem_digestsize(); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.s_magic; + size = sizeof(ep->file.s_magic); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.s_id; + size = sizeof(ep->file.s_id); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.s_uuid; + size = sizeof(ep->file.s_uuid); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->file.digest; + size = tsem_digestsize(); + retn = crypto_shash_finup(shash, p, size, mapping); + break; + + case TSEM_SOCKET_CREATE: + p = (u8 *) &ep->CELL.socket_create.family; + size = sizeof(ep->CELL.socket_create.family); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->CELL.socket_create.type; + size = sizeof(ep->CELL.socket_create.type); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->CELL.socket_create.protocol; + size = sizeof(ep->CELL.socket_create.protocol); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->CELL.socket_create.kern; + size = sizeof(ep->CELL.socket_create.kern); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + case TSEM_SOCKET_CONNECT: + case TSEM_SOCKET_BIND: + p = (u8 *) &scp->family; + size = sizeof(scp->family); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + switch (scp->family) { + case AF_INET: + ipv4 = (struct sockaddr_in *) &scp->u.ipv4; + p = (u8 *) &ipv4->sin_port; + size = sizeof(ipv4->sin_port); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ipv4->sin_addr.s_addr; + size = sizeof(ipv4->sin_addr.s_addr); + retn = crypto_shash_finup(shash, p, size, mapping); + break; + + case AF_INET6: + ipv6 = (struct sockaddr_in6 *) &scp->u.ipv6; + p = (u8 *) &ipv6->sin6_port; + size = sizeof(ipv6->sin6_port); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) ipv6->sin6_addr.in6_u.u6_addr8; + size = sizeof(ipv6->sin6_addr.in6_u.u6_addr8); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ipv6->sin6_flowinfo; + size = sizeof(ipv6->sin6_flowinfo); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ipv6->sin6_scope_id; + size = sizeof(ipv6->sin6_scope_id); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + case AF_UNIX: + p = scp->u.path; + size = strlen(scp->u.path); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + default: + p = (u8 *) scp->u.mapping; + size = tsem_digestsize(); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + } + break; + + case TSEM_SOCKET_ACCEPT: + p = (u8 *) &sap->family; + size = sizeof(sap->family); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &sap->type; + size = sizeof(sap->type); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &sap->port; + size = sizeof(sap->port); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + switch (sap->family) { + case AF_INET: + p = (u8 *) &sap->u.ipv4; + size = sizeof(sap->u.ipv4); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + case AF_INET6: + p = (u8 *) sap->u.ipv6.in6_u.u6_addr8; + size = sizeof(sap->u.ipv6.in6_u.u6_addr8); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + case AF_UNIX: + p = sap->u.path; + size = strlen(sap->u.path); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + default: + p = sap->u.mapping; + size = tsem_digestsize(); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + } + break; + + case TSEM_TASK_KILL: + p = (u8 *) &ep->CELL.task_kill.cross_model; + size = sizeof(ep->CELL.task_kill.cross_model); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->CELL.task_kill.signal; + size = sizeof(ep->CELL.task_kill.signal); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = (u8 *) &ep->CELL.task_kill.target; + size = sizeof(ep->CELL.task_kill.target); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + case TSEM_GENERIC_EVENT: + p = (u8 *) tsem_names[ep->CELL.event_type]; + size = strlen(tsem_names[ep->CELL.event_type]); + retn = crypto_shash_update(shash, p, size); + if (retn) + goto done; + + p = tsem_context(current)->zero_digest; + size = tsem_digestsize(); + retn = crypto_shash_finup(shash, p, size, mapping); + if (retn) + goto done; + break; + + default: + break; + } + + done: + return retn; +} + +static int get_event_mapping(int event, u8 *task_id, u8 *COE_id, u8 *cell_id, + u8 *mapping) +{ + int retn = 0; + u32 event_id = (u32) event; + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tsem_digest(); + retn = crypto_shash_init(shash); + if (retn) + goto done; + + retn = crypto_shash_update(shash, tsem_names[event_id], + strlen(tsem_names[event_id])); + if (retn) + goto done; + if (task_id) { + retn = crypto_shash_update(shash, task_id, tsem_digestsize()); + if (retn) + goto done; + } + retn = crypto_shash_update(shash, COE_id, tsem_digestsize()); + if (retn) + goto done; + retn = crypto_shash_finup(shash, cell_id, tsem_digestsize(), mapping); + + done: + return retn; +} + +static int map_event(enum tsem_event_type event, struct tsem_event *ep, + u8 *task_id, u8 *event_mapping) +{ + int retn; + u8 COE_mapping[HASH_MAX_DIGESTSIZE]; + u8 cell_mapping[HASH_MAX_DIGESTSIZE]; + + retn = get_COE_mapping(ep, COE_mapping); + if (retn) + goto done; + + retn = get_cell_mapping(ep, cell_mapping); + if (retn) + goto done; + + retn = get_event_mapping(event, task_id, COE_mapping, cell_mapping, + event_mapping); + done: + return retn; +} + +/** + * tsem_map_task() - Create the task identity description structure. + * @file: A pointer to the file structure defining the executable. + * @task_id: Pointer to the buffer that the task id will be copied to. + * + * This function creates the security event state point that will be used + * as the task identifier for the generation of security state points + * that are created by the process that task identifier is assigned to. + * + * Return: This function returns 0 if the mapping was successfully + * created and an error value otherwise. + */ +int tsem_map_task(struct file *file, u8 *task_id) +{ + int retn = 0; + u8 null_taskid[HASH_MAX_DIGESTSIZE]; + struct tsem_event *ep; + struct tsem_event_parameters params; + + params.u.file = file; + ep = tsem_event_init(TSEM_BPRM_SET_CREDS, ¶ms, false); + if (IS_ERR(ep)) { + retn = PTR_ERR(ep); + ep = NULL; + goto done; + } + + memset(null_taskid, '\0', tsem_digestsize()); + retn = map_event(TSEM_BPRM_SET_CREDS, ep, null_taskid, task_id); + tsem_event_put(ep); + + done: + return retn; +} + +/** + * tsem_map_event() - Create a security event mapping. + * @event: The number of the event to be mapped. + * @params: A pointer to the structure containing the event description + * parameters. + * + * This function creates a structure to describe a security event + * and maps the event into a security state coefficient. + * + * Return: On success the function returns a pointer to the tsem_event + * structure that describes the event. If an error is encountered + * an error return value is encoded in the pointer. + */ +struct tsem_event *tsem_map_event(enum tsem_event_type event, + struct tsem_event_parameters *params) +{ + int retn = 0; + struct tsem_event *ep; + struct tsem_task *task = tsem_task(current); + + ep = tsem_event_init(event, params, false); + if (IS_ERR(ep)) + goto done; + + if (task->context->external) + goto done; + + retn = map_event(event, ep, task->task_id, ep->mapping); + if (retn) { + tsem_event_put(ep); + ep = ERR_PTR(retn); + } + + done: + return ep; +} + + +/** + * tsem_map_event_locked() - Create a security event mapping while atomic. + * @event: The number of the event to be mapped. + * @params: A pointer to the structure containing the event description + * parameters. + * + * This function creates a structure to describe a security event + * and maps the event into a security state coefficient. + * + * Return: On success the function returns a pointer to the tsem_event + * structure that describes the event. If an error is encountered + * an error return value is encoded in the pointer. + */ +struct tsem_event *tsem_map_event_locked(enum tsem_event_type event, + struct tsem_event_parameters *params) +{ + int retn = 0; + struct tsem_event *ep; + struct tsem_task *task = tsem_task(current); + + ep = tsem_event_init(event, params, true); + if (IS_ERR(ep)) + goto done; + + if (task->context->external) + goto done; + + retn = map_event(event, ep, task->task_id, ep->mapping); + if (retn) { + tsem_event_put(ep); + ep = ERR_PTR(retn); + } + + done: + return ep; +} -- 2.39.1