Re: [PATCH v12 04/25] LSM: Use lsmblob in security_kernel_act_as

Stephen Smalley <sds@xxxxxxxxxxxxx> · Tue, 17 Dec 2019 12:37:13 -0500

On 12/16/19 5:36 PM, Casey Schaufler wrote:
Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

Same question re the WARN_ON, but otherwise:

Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

---
  include/linux/cred.h     |  3 ++-
  include/linux/security.h |  5 +++--
  kernel/cred.c            | 10 ++++++----
  security/security.c      | 14 ++++++++++++--
  4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 18639c069263..03ae0182cba6 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -18,6 +18,7 @@
  
  struct cred;
  struct inode;
+struct lsmblob;
  
  /*
   * COW Supplementary groups list
@@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *);
  extern void revert_creds(const struct cred *);
  extern struct cred *prepare_kernel_cred(struct task_struct *);
  extern int change_create_files_as(struct cred *, struct inode *);
-extern int set_security_override(struct cred *, u32);
+extern int set_security_override(struct cred *, struct lsmblob *);
  extern int set_security_override_from_ctx(struct cred *, const char *);
  extern int set_create_files_as(struct cred *, struct inode *);
  extern int cred_fscmp(const struct cred *, const struct cred *);
diff --git a/include/linux/security.h b/include/linux/security.h
index 9c6dbe248eaf..322ed9622819 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -437,7 +437,7 @@ void security_cred_free(struct cred *cred);
  int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
  void security_transfer_creds(struct cred *new, const struct cred *old);
  void security_cred_getsecid(const struct cred *c, u32 *secid);
-int security_kernel_act_as(struct cred *new, u32 secid);
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
  int security_kernel_create_files_as(struct cred *new, struct inode *inode);
  int security_kernel_module_request(char *kmod_name);
  int security_kernel_load_data(enum kernel_load_data_id id);
@@ -1043,7 +1043,8 @@ static inline void security_transfer_creds(struct cred *new,
  {
  }
  
-static inline int security_kernel_act_as(struct cred *cred, u32 secid)
+static inline int security_kernel_act_as(struct cred *cred,
+					 struct lsmblob *blob)
  {
  	return 0;
  }
diff --git a/kernel/cred.c b/kernel/cred.c
index c0a4c12d38b2..846ac4b23c16 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -732,14 +732,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
  /**
   * set_security_override - Set the security ID in a set of credentials
   * @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @blob: The LSM security information to set
   *
   * Set the LSM security ID in a set of credentials so that the subjective
   * security is overridden when an alternative set of credentials is used.
   */
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsmblob *blob)
  {
-	return security_kernel_act_as(new, secid);
+	return security_kernel_act_as(new, blob);
  }
  EXPORT_SYMBOL(set_security_override);
  
@@ -755,6 +755,7 @@ EXPORT_SYMBOL(set_security_override);
   */
  int set_security_override_from_ctx(struct cred *new, const char *secctx)
  {
+	struct lsmblob blob;
  	u32 secid;
  	int ret;
  
@@ -762,7 +763,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
  	if (ret < 0)
  		return ret;
  
-	return set_security_override(new, secid);
+	lsmblob_init(&blob, secid);
+	return set_security_override(new, &blob);
  }
  EXPORT_SYMBOL(set_security_override_from_ctx);
  
diff --git a/security/security.c b/security/security.c
index bfea9739c084..cee032b5ce29 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1615,9 +1615,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
  }
  EXPORT_SYMBOL(security_cred_getsecid);
  
-int security_kernel_act_as(struct cred *new, u32 secid)
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob)
  {
-	return call_int_hook(kernel_act_as, 0, new, secid);
+	struct security_hook_list *hp;
+	int rc;
+
+	hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) {
+		if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+			continue;
+		rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]);
+		if (rc != 0)
+			return rc;
+	}
+	return 0;
  }
  
  int security_kernel_create_files_as(struct cred *new, struct inode *inode)








