diff options
author | James Morris <james.morris@microsoft.com> | 2019-01-10 11:42:58 -0800 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2019-01-10 11:42:58 -0800 |
commit | 2233975cd7927672525361c4c6eebc0b8d018a74 (patch) | |
tree | 94817828eb739a1ac2a659d73baf2d633b07c0ea /security/smack/smack.h | |
parent | Merge tag 'v5.0-rc1' into next-general (diff) | |
parent | TOMOYO: Update LSM flags to no longer be exclusive (diff) | |
download | linux-dev-2233975cd7927672525361c4c6eebc0b8d018a74.tar.xz linux-dev-2233975cd7927672525361c4c6eebc0b8d018a74.zip |
Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general
LSM: Module stacking for SARA and Landlock
The combined series of LSM refactoring and addition of blob-sharing for
SARA and Landlock.
From Casey:
v5: Include Kees Cook's rework of the lsm command
line interface.
v4: Finer granularity in the patches and other
cleanups suggested by Kees Cook.
Removed dead code created by the removal of SELinux
credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
Removing the SELinux cred blob pointer poisoning
results selinux_is_enabled() being unused, so it and
all it's overhead has been removed.
Broke up the cred infrastructure patch.
v2: Reduce the patchset to what is required to support
the proposed SARA and LandLock security modules
The SARA security module is intended to be used
in conjunction with other security modules. It requires
state to be maintained for the credential, which
in turn requires a mechanism for sharing the credential
security blob. It also uses the ipc security blob. The
module also requires mechanism for user space manipulation
of the credential information, hence an additional
subdirectory in /proc/.../attr.
The LandLock security module provides user configurable
policy in the secmark mechanism. It requires data in
the credential, file, inode and task security blobs. For
this to be used along side the existing "major" security
modules mechanism for sharing these blobs are provided.
A side effect of providing sharing of the crendential
security blob is that the TOMOYO module can be used at
the same time as the other "major" modules.
The mechanism for configuring which security modules are
enabled has to change when stacking in enabled. Any
module that uses just the security blobs that are shared
can be selected. Additionally, one other "major" module
can be selected.
The security module stacking issues around networking and
IPC are not addressed here as they are beyond what is
required for TOMOYO, SARA and LandLock.
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..9c7c95a5c497 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -24,6 +24,7 @@ #include <linux/list.h> #include <linux/rculist.h> #include <linux/lsm_audit.h> +#include <linux/msg.h> /* * Use IPv6 port labeling if IPv6 is enabled and secmarks @@ -336,6 +337,7 @@ extern struct smack_known *smack_syslog_label; extern struct smack_known *smack_unconfined; #endif extern int smack_ptrace_rule; +extern struct lsm_blob_sizes smack_blob_sizes; extern struct smack_known smack_known_floor; extern struct smack_known smack_known_hat; @@ -356,12 +358,38 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security + smack_blob_sizes.lbs_cred; +} + +static inline struct smack_known **smack_file(const struct file *file) +{ + return (struct smack_known **)(file->f_security + + smack_blob_sizes.lbs_file); +} + +static inline struct inode_smack *smack_inode(const struct inode *inode) +{ + return inode->i_security + smack_blob_sizes.lbs_inode; +} + +static inline struct smack_known **smack_msg_msg(const struct msg_msg *msg) +{ + return msg->security + smack_blob_sizes.lbs_msg_msg; +} + +static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) +{ + return ipc->security + smack_blob_sizes.lbs_ipc; +} + /* * Is the directory transmuting? */ static inline int smk_inode_transmutable(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; } @@ -370,7 +398,7 @@ static inline int smk_inode_transmutable(const struct inode *isp) */ static inline struct smack_known *smk_of_inode(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return sip->smk_inode; } @@ -382,13 +410,19 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + + cred = __task_cred(t); + skp = smk_of_task(smack_cred(cred)); + rcu_read_unlock(); + return skp; } @@ -405,7 +439,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* |