[PATCH 1/3] LSM: Add new hook for generic node initialization

Wed Jan 9 16:06:33 UTC 2019

On Wed, Jan 9, 2019 at 3:33 PM Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On 1/9/19 4:10 AM, Ondrej Mosnacek wrote:
> > This patch introduces a new security hook that is intended for
> > initializing the security data for newly created pseudo filesystem
> > objects (such as kernfs nodes) that provide a way of storing a
> > non-default security context, but need to operate independently from
> > mounts.
> >
> > The main motivation is to allow kernfs nodes to inherit the context of
> > the parent under SELinux, similar to the behavior of
> > security_inode_init_security(). Other LSMs may implement their own logic
> > for handling the creation of new nodes.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> > ---
> >   include/linux/lsm_hooks.h |  5 +++++
> >   include/linux/security.h  | 12 ++++++++++++
> >   security/security.c       |  8 ++++++++
> >   3 files changed, 25 insertions(+)
> >
> > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> > index aaeb7fa24dc4..f2b4c0bf4a7b 100644
> > --- a/include/linux/lsm_hooks.h
> > +++ b/include/linux/lsm_hooks.h
> > @@ -1556,6 +1556,10 @@ union security_list_options {
> >       int (*inode_copy_up)(struct dentry *src, struct cred **new);
> >       int (*inode_copy_up_xattr)(const char *name);
> >
> > +     int (*object_init_security)(void *parent_ctx, u32 parent_ctxlen,
> > +                                 const struct qstr *qstr, u16 mode,
> > +                                 void **ctx, u32 *ctxlen);
>
> You'll want to add a kerneldoc comment for the new hook; see the
> existing ones for the other hooks at the top of lsm_hooks.h.

Good point, will add that in v2, thanks.

>
> > +
> >       int (*file_permission)(struct file *file, int mask);
> >       int (*file_alloc_security)(struct file *file);
> >       void (*file_free_security)(struct file *file);
> > @@ -1855,6 +1859,7 @@ struct security_hook_heads {
> >       struct hlist_head inode_getsecid;
> >       struct hlist_head inode_copy_up;
> >       struct hlist_head inode_copy_up_xattr;
> > +     struct hlist_head object_init_security;
> >       struct hlist_head file_permission;
> >       struct hlist_head file_alloc_security;
> >       struct hlist_head file_free_security;
> > diff --git a/include/linux/security.h b/include/linux/security.h
> > index d170a5b031f3..e20d1f378ea4 100644
> > --- a/include/linux/security.h
> > +++ b/include/linux/security.h
> > @@ -315,6 +315,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
> >   void security_inode_getsecid(struct inode *inode, u32 *secid);
> >   int security_inode_copy_up(struct dentry *src, struct cred **new);
> >   int security_inode_copy_up_xattr(const char *name);
> > +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> > +                               const struct qstr *qstr, u16 mode,
> > +                               void **ctx, u32 *ctxlen);
> >   int security_file_permission(struct file *file, int mask);
> >   int security_file_alloc(struct file *file);
> >   void security_file_free(struct file *file);
> > @@ -815,6 +818,15 @@ static inline int security_inode_copy_up_xattr(const char *name)
> >       return -EOPNOTSUPP;
> >   }
> >
> > +static inline int security_object_init_security(void *parent_ctx,
> > +                                             u32 parent_ctxlen,
> > +                                             const struct qstr *qstr,
> > +                                             u16 mode, void **ctx,
> > +                                             u32 *ctxlen)
> > +{
> > +     return 0;

I just realized I will need to assign *ctx to NULL and *ctxlen to 0
here, since I chose to return 0 by default...

> > +}
> > +
> >   static inline int security_file_permission(struct file *file, int mask)
> >   {
> >       return 0;
> > diff --git a/security/security.c b/security/security.c
> > index 04d173eb93f6..56e77368b87f 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -879,6 +879,14 @@ int security_inode_copy_up_xattr(const char *name)
> >   }
> >   EXPORT_SYMBOL(security_inode_copy_up_xattr);
> >
> > +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> > +                               const struct qstr *qstr, u16 mode,
> > +                               void **ctx, u32 *ctxlen)
> > +{
> > +     return call_int_hook(object_init_security, 0, parent_ctx, parent_ctxlen,
> > +                          qstr, mode, ctx, ctxlen);

Same here, in case there is no object_init_security hook provided by the LSM.

> > +}
> > +
> >   int security_file_permission(struct file *file, int mask)
> >   {
> >       int ret;
> >
>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Associate Software Engineer, Security Technologies
Red Hat, Inc.