#include <linux/personality.h>
#include <linux/backing-dev.h>
#include <linux/string.h>
-#include <linux/msg.h>
#include <linux/prctl.h>
#include <net/flow.h>
-#include <net/sock.h>
#define MAX_LSM_EVM_XATTR 2
*/
static struct lsm_blob_sizes blob_sizes = {
#ifdef CONFIG_SECURITY_STACKING
- .lbs_task = SECURITY_NAME_MAX + 2,
+ .lbs_task = SECURITY_NAME_MAX + 6,
#endif
};
#else
CONFIG_DEFAULT_SECURITY;
#endif
+static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1]
+#ifdef CONFIG_SECURITY_STACKING
+ = CONFIG_SECURITY_DEFAULT_DISPLAY_NAME
+#endif
+;
+static char default_display_lsm[SECURITY_NAME_MAX + 1];
static void __init do_security_initcalls(void)
{
#ifdef CONFIG_SECURITY_LSM_DEBUG
pr_info("LSM: cred blob size = %d\n", blob_sizes.lbs_cred);
pr_info("LSM: file blob size = %d\n", blob_sizes.lbs_file);
- pr_info("LSM: inode blob size = %d\n", blob_sizes.lbs_inode);
- pr_info("LSM: ipc blob size = %d\n", blob_sizes.lbs_ipc);
-#ifdef CONFIG_KEYS
- pr_info("LSM: key blob size = %d\n", blob_sizes.lbs_key);
-#endif /* CONFIG_KEYS */
- pr_info("LSM: msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
- pr_info("LSM: sock blob size = %d\n", blob_sizes.lbs_sock);
- pr_info("LSM: superblock blob size = %d\n", blob_sizes.lbs_superblock);
pr_info("LSM: task blob size = %d\n", blob_sizes.lbs_task);
-#endif /* CONFIG_SECURITY_LSM_DEBUG */
+#endif
return 0;
}
}
__setup("security=", choose_lsm);
+static int __init choose_display_lsm(char *str)
+{
+ strncpy(chosen_display_lsm, str, SECURITY_NAME_MAX);
+ pr_info("LSM: command line set default display lsm %s'\n",
+ chosen_display_lsm);
+ return 1;
+}
+__setup("security.display=", choose_display_lsm);
+
static bool match_last_lsm(const char *list, const char *lsm)
{
const char *last;
/*
* Module defined on the command line security=XXXX
*/
- if (strcmp(chosen_lsms, MODULE_STACK))
- return cmp_lsms(lsm);
-
+ if (strcmp(chosen_lsms, MODULE_STACK)) {
+ if (cmp_lsms(lsm)) {
+ /* set to first LSM registered and then override */
+ if (!*default_display_lsm)
+ strcpy(default_display_lsm, lsm);
+ else if (*chosen_display_lsm && !strcmp(chosen_display_lsm, lsm)) {
+ strcpy(default_display_lsm, lsm);
+ pr_info("LSM: default display lsm '%s'\n", default_display_lsm);
+ }
+ return true;
+ }
+ return false;
+ }
/*
* Module configured as stacked.
*/
+ if (stacked && !*default_display_lsm)
+ strcpy(default_display_lsm, lsm);
+ else if (stacked && *chosen_display_lsm && !strcmp(chosen_display_lsm, lsm)) {
+ strcpy(default_display_lsm, lsm);
+ pr_info("LSM: default display lsm '%s'\n", default_display_lsm);
+ }
+
return stacked;
#else
- if (strcmp(lsm, chosen_lsms) == 0)
+ if (strcmp(lsm, chosen_lsms) == 0) {
+ strcpy(default_display_lsm, lsm);
return true;
+ }
return false;
#endif
}
+/*
+ * Keep the order of major modules for mapping secids.
+ */
+static int lsm_next_major;
+
/**
* security_add_hooks - Add a modules hooks to the hook lists.
* @hooks: the hooks to add
char *lsm)
{
int i;
+ int lsm_index = lsm_next_major++;
+
+#ifdef CONFIG_SECURITY_LSM_DEBUG
+ pr_info("LSM: Security module %s gets index %d\n", lsm, lsm_index);
+#endif
for (i = 0; i < count; i++) {
hooks[i].lsm = lsm;
+ hooks[i].lsm_index = lsm_index;
list_add_tail_rcu(&hooks[i].list, hooks[i].head);
}
if (lsm_append(lsm, &lsm_names) < 0)
{
lsm_set_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
lsm_set_size(&needed->lbs_file, &blob_sizes.lbs_file);
- lsm_set_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
- lsm_set_size(&needed->lbs_key, &blob_sizes.lbs_key);
- lsm_set_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
- lsm_set_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
- lsm_set_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
lsm_set_size(&needed->lbs_task, &blob_sizes.lbs_task);
- /*
- * The inode blob gets an rcu_head in addition to
- * what the modules might need.
- */
- if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
- blob_sizes.lbs_inode = sizeof(struct rcu_head);
- lsm_set_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
}
/**
#ifdef CONFIG_SECURITY_STACKING
if (current->security)
strcpy(task->security, lsm_of_task(current));
+ else
+ strcpy(task->security, default_display_lsm);
#endif
return 0;
}
-/**
- * lsm_inode_alloc - allocate a composite inode blob
- * @inode: the inode that needs a blob
- *
- * Allocate the inode blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_inode_alloc(struct inode *inode)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (inode->i_security)
- pr_info("%s: Inbound inode blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_inode == 0)
- return 0;
-
- inode->i_security = kzalloc(blob_sizes.lbs_inode, GFP_KERNEL);
- if (inode->i_security == NULL)
- return -ENOMEM;
- return 0;
-}
-
-/**
- * lsm_early_inode - during initialization allocate a composite inode blob
- * @inode: the inode that needs a blob
- *
- * Allocate the inode blob for all the modules if it's not already there
- */
-void lsm_early_inode(struct inode *inode)
-{
- int rc;
-
- if (inode == NULL)
- panic("%s: NULL inode.\n", __func__);
- if (inode->i_security != NULL)
- return;
- rc = lsm_inode_alloc(inode);
- if (rc)
- panic("%s: Early inode alloc failed.\n", __func__);
-}
-
-/**
- * lsm_ipc_alloc - allocate a composite ipc blob
- * @kip: the ipc that needs a blob
- *
- * Allocate the ipc blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_ipc_alloc(struct kern_ipc_perm *kip)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (kip->security)
- pr_info("%s: Inbound ipc blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_ipc == 0)
- return 0;
-
- kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL);
- if (kip->security == NULL)
- return -ENOMEM;
- return 0;
-}
-
-#ifdef CONFIG_KEYS
-/**
- * lsm_key_alloc - allocate a composite key blob
- * @key: the key that needs a blob
- *
- * Allocate the key blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_key_alloc(struct key *key)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (key->security)
- pr_info("%s: Inbound key blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_key == 0)
- return 0;
-
- key->security = kzalloc(blob_sizes.lbs_key, GFP_KERNEL);
- if (key->security == NULL)
- return -ENOMEM;
- return 0;
-}
-#endif /* CONFIG_KEYS */
-
-/**
- * lsm_msg_msg_alloc - allocate a composite msg_msg blob
- * @mp: the msg_msg that needs a blob
- *
- * Allocate the ipc blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_msg_msg_alloc(struct msg_msg *mp)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (mp->security)
- pr_info("%s: Inbound msg_msg blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_msg_msg == 0)
- return 0;
-
- mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL);
- if (mp->security == NULL)
- return -ENOMEM;
- return 0;
-}
-
-/**
- * lsm_sock_alloc - allocate a composite sock blob
- * @sock: the sock that needs a blob
- * @priority: allocation mode
- *
- * Allocate the sock blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_sock_alloc(struct sock *sock, gfp_t priority)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (sock->sk_security)
- pr_info("%s: Inbound sock blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_sock == 0)
- return 0;
-
- sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
- if (sock->sk_security == NULL)
- return -ENOMEM;
- return 0;
-}
-
-/**
- * lsm_superblock_alloc - allocate a composite superblock blob
- * @sb: the superblock that needs a blob
- *
- * Allocate the superblock blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-int lsm_superblock_alloc(struct super_block *sb)
-{
-#ifdef CONFIG_SECURITY_LSM_DEBUG
- if (sb->s_security)
- pr_info("%s: Inbound superblock blob is not NULL.\n", __func__);
-#endif
- if (blob_sizes.lbs_superblock == 0)
- return 0;
-
- sb->s_security = kzalloc(blob_sizes.lbs_superblock, GFP_KERNEL);
- if (sb->s_security == NULL)
- return -ENOMEM;
- return 0;
-}
-
/*
* Hook list operation macros.
*
int security_sb_alloc(struct super_block *sb)
{
- int rc = lsm_superblock_alloc(sb);
-
- if (rc)
- return rc;
return call_int_hook(sb_alloc_security, 0, sb);
}
void security_sb_free(struct super_block *sb)
{
call_void_hook(sb_free_security, sb);
- kfree(sb->s_security);
- sb->s_security = NULL;
}
int security_sb_copy_data(char *orig, char *copy)
int security_inode_alloc(struct inode *inode)
{
- int rc = lsm_inode_alloc(inode);
-
- if (rc)
- return rc;
+ inode->i_security = NULL;
return call_int_hook(inode_alloc_security, 0, inode);
}
-static void inode_free_by_rcu(struct rcu_head *head)
-{
- /*
- * The rcu head is at the start of the inode blob
- */
- kfree(head);
-}
-
void security_inode_free(struct inode *inode)
{
integrity_inode_free(inode);
call_void_hook(inode_free_security, inode);
- /*
- * The inode may still be referenced in a path walk and
- * a call to security_inode_permission() can be made
- * after inode_free_security() is called. Ideally, the VFS
- * wouldn't do this, but fixing that is a much harder
- * job. For now, simply free the i_security via RCU, and
- * leave the current inode->i_security pointer intact.
- * The inode will be freed after the RCU grace period too.
- */
- if (inode->i_security != NULL) {
- call_rcu((struct rcu_head *)inode->i_security,
- inode_free_by_rcu);
- inode->i_security = NULL;
- }
}
int security_dentry_init_security(struct dentry *dentry, int mode,
static char *nolsm = "-default";
#define NOLSMLEN 9
+static bool is_registered_lsm(const char *str, size_t size)
+{
+ struct security_hook_list *hp;
+
+ list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
+ if (size == strlen(hp->lsm) && !strncmp(str, hp->lsm, size))
+ return true;
+ }
+
+ return false;
+}
+
+static bool set_lsm_of_current(const char *str, size_t size)
+{
+ char *lsm = lsm_of_task(current);
+
+ if (is_registered_lsm(str, size)) {
+ strncpy(lsm, str, size);
+ lsm[size] = '\0';
+ } else if (size == NOLSMLEN && !strncmp(str, nolsm, size)) {
+ lsm[0] = '\0';
+ } else {
+ return false;
+ }
+ return true;
+}
+
static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
if (copy_from_user(buffer, optval, len))
return -EFAULT;
buffer[len] = '\0';
- /*
- * Trust the caller to know what lsm name(s) are available.
- */
- if (!strncmp(buffer, nolsm, NOLSMLEN))
- lsm[0] = '\0';
- else
- strcpy(lsm, buffer);
+ /* verify the requested LSM is registered */
+ if (!set_lsm_of_current(buffer, len))
+ return -ENOENT;
break;
default:
return -ENOSYS;
int security_msg_msg_alloc(struct msg_msg *msg)
{
- int rc = lsm_msg_msg_alloc(msg);
-
- if (rc)
- return rc;
return call_int_hook(msg_msg_alloc_security, 0, msg);
}
void security_msg_msg_free(struct msg_msg *msg)
{
call_void_hook(msg_msg_free_security, msg);
- kfree(msg->security);
- msg->security = NULL;
}
int security_msg_queue_alloc(struct msg_queue *msq)
{
- int rc = lsm_ipc_alloc(&msq->q_perm);
-
- if (rc)
- return rc;
return call_int_hook(msg_queue_alloc_security, 0, msq);
}
void security_msg_queue_free(struct msg_queue *msq)
{
- struct kern_ipc_perm *kip = &msq->q_perm;
-
call_void_hook(msg_queue_free_security, msq);
- kfree(kip->security);
- kip->security = NULL;
}
int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
int security_shm_alloc(struct shmid_kernel *shp)
{
- int rc = lsm_ipc_alloc(&shp->shm_perm);
-
- if (rc)
- return rc;
return call_int_hook(shm_alloc_security, 0, shp);
}
void security_shm_free(struct shmid_kernel *shp)
{
- struct kern_ipc_perm *kip = &shp->shm_perm;
-
call_void_hook(shm_free_security, shp);
- kfree(kip->security);
- kip->security = NULL;
}
int security_shm_associate(struct shmid_kernel *shp, int shmflg)
int security_sem_alloc(struct sem_array *sma)
{
- int rc = lsm_ipc_alloc(&sma->sem_perm);
-
- if (rc)
- return rc;
return call_int_hook(sem_alloc_security, 0, sma);
}
void security_sem_free(struct sem_array *sma)
{
- struct kern_ipc_perm *kip = &sma->sem_perm;
-
call_void_hook(sem_free_security, sma);
- kfree(kip->security);
- kip->security = NULL;
}
int security_sem_associate(struct sem_array *sma, int semflg)
if (rc > 0)
return strlen(*value);
return rc;
+ } else if (strcmp(name, "display_lsm") == 0) {
+ *value = kstrdup(current->security, GFP_KERNEL);
+ if (*value == NULL)
+ return -ENOMEM;
+ return strlen(*value);
}
list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
char *temp;
char *cp;
+ if (!size)
+ return -EINVAL;
+
/*
* If lsm is NULL look at all the modules to find one
* that processes name. If lsm is not NULL only look at
if (rc >= 0)
return size;
return rc;
+ } else if (strcmp(name, "display_lsm") == 0) {
+#ifdef CONFIG_SECURITY_STACKING
+ if (set_lsm_of_current(value, size))
+ return size;
+#endif
+ return -EINVAL;
}
list_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
{
- int rc = lsm_sock_alloc(sk, priority);
-
- if (rc)
- return rc;
return call_int_hook(sk_alloc_security, 0, sk, family, priority);
}
void security_sk_free(struct sock *sk)
{
call_void_hook(sk_free_security, sk);
- kfree(sk->sk_security);
- sk->sk_security = NULL;
}
void security_sk_clone(const struct sock *sk, struct sock *newsk)
int security_key_alloc(struct key *key, const struct cred *cred,
unsigned long flags)
{
- int rc = lsm_key_alloc(key);
-
- if (rc)
- return rc;
return call_int_hook(key_alloc, 0, key, cred, flags);
}
void security_key_free(struct key *key)
{
call_void_hook(key_free, key);
- kfree(key->security);
- key->security = NULL;
}
int security_key_permission(key_ref_t key_ref,
projects / mirror_ubuntu-artful-kernel.git / blobdiff