On Mon, Oct 1, 2018 at 2:48 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> lsm_early_cred()/lsm_early_task() are called from only __init functions. >> >> lsm_cred_alloc()/lsm_file_alloc() are called from only security/security.c . >> >> lsm_early_inode() should be avoided because it is not appropriate to >> call panic() when lsm_early_inode() is called after __init phase. >> >> Since all free hooks are called when one of init hooks failed, each >> free hook needs to check whether init hook was called. >> >> The original changes are from Tetsuo Handa. I have made minor >> changes in some places, but this is mostly his code. >> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> >> --- >> include/linux/lsm_hooks.h | 6 ++---- >> security/security.c | 27 ++++----------------------- >> security/selinux/hooks.c | 5 ++++- >> security/selinux/include/objsec.h | 2 ++ >> security/smack/smack_lsm.c | 8 +++++++- >> 5 files changed, 19 insertions(+), 29 deletions(-) > > I've split this across the various commits they touch: > > Infrastructure management of the cred security blob > LSM: Infrastructure management of the file security > LSM: Infrastructure management of the inode security > LSM: Infrastructure management of the task security > LSM: Blob sharing support for S.A.R.A and LandLock > > Based on these changes, I've uploaded the "v4.1", or "Casey is on > vacation", tree here: > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/blob-sharing-v4.1 > > I'm going to work on a merged series for the "arbitrary ordering" and > "blob-sharing" trees next... Here is my v6 (v5 plus small fix I noticed) with my refactoring of Casey's blob-sharing series on top: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/ordering-v6-blob-sharing procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob TOMOYO: Update LSM flags to no longer be exclusive Notably, the last patch from Casey's series is entirely removed. Additionally all the per-LSM initialization changes were removed since the blob size calculations now stay internal to security.c, done during the "prepare" phase. -Kees -- Kees Cook Pixel Security
