--- v28
+++ v32
@@ -5,33 +5,33 @@
context. Callers have been modified to use or save the
returned data from the new structure.
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
-Acked-by: Paul Moore <paul@paul-moore.com>
+security_secid_to_secctx() will now return the length value
+if the passed lsmcontext pointer is NULL.
+
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
---
- drivers/android/binder.c | 26 +++++++---------
+ drivers/android/binder.c | 26 ++++++---------
include/linux/security.h | 4 +--
include/net/scm.h | 9 ++----
- kernel/audit.c | 39 +++++++++++-------------
- kernel/auditsc.c | 31 +++++++------------
+ kernel/audit.c | 42 +++++++++++--------------
+ kernel/auditsc.c | 31 +++++++-----------
net/ipv4/ip_sockglue.c | 8 ++---
- net/netfilter/nf_conntrack_netlink.c | 18 +++++------
+ net/netfilter/nf_conntrack_netlink.c | 18 ++++-------
net/netfilter/nf_conntrack_standalone.c | 7 ++---
- net/netfilter/nfnetlink_queue.c | 5 +++-
- net/netlabel/netlabel_unlabeled.c | 40 ++++++++-----------------
+ net/netfilter/nfnetlink_queue.c | 5 ++-
+ net/netlabel/netlabel_unlabeled.c | 40 +++++++----------------
net/netlabel/netlabel_user.c | 7 ++---
- security/security.c | 10 +++++--
- 12 files changed, 81 insertions(+), 123 deletions(-)
+ security/security.c | 29 +++++++++++++++--
+ 12 files changed, 99 insertions(+), 127 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
-index 8976ac6a5adb..2c3a2348a144 100644
+index 2125b4b795da..b0b0c132a247 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
-@@ -2459,9 +2459,7 @@ static void binder_transaction(struct binder_proc *proc,
+@@ -2723,9 +2723,7 @@ static void binder_transaction(struct binder_proc *proc,
binder_size_t last_fixup_min_off = 0;
struct binder_context *context = proc->context;
int t_debug_id = atomic_inc_return(&binder_last_id);
@@ -39,13 +39,13 @@
- u32 secctx_sz = 0;
- struct lsmcontext scaff; /* scaffolding */
+ struct lsmcontext lsmctx = { };
-
- e = binder_transaction_log_add(&binder_transaction_log);
- e->debug_id = t_debug_id;
-@@ -2724,14 +2722,14 @@ static void binder_transaction(struct binder_proc *proc,
- * case well anyway.
- */
- security_task_getsecid_obj(proc->tsk, &blob);
+ struct list_head sgc_head;
+ struct list_head pf_head;
+ const void __user *user_buffer = (const void __user *)
+@@ -2985,14 +2983,14 @@ static void binder_transaction(struct binder_proc *proc,
+ size_t added_size;
+
+ security_cred_getsecid(proc->cred, &blob);
- ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
+ ret = security_secid_to_secctx(&blob, &lsmctx);
if (ret) {
@@ -59,7 +59,7 @@
extra_buffers_size += added_size;
if (extra_buffers_size < added_size) {
/* integer overflow of extra_buffers_size */
-@@ -2758,24 +2756,22 @@ static void binder_transaction(struct binder_proc *proc,
+@@ -3019,24 +3017,22 @@ static void binder_transaction(struct binder_proc *proc,
t->buffer = NULL;
goto err_binder_alloc_buf_failed;
}
@@ -88,7 +88,7 @@
}
t->buffer->debug_id = t->debug_id;
t->buffer->transaction = t;
-@@ -2832,7 +2828,7 @@ static void binder_transaction(struct binder_proc *proc,
+@@ -3080,7 +3076,7 @@ static void binder_transaction(struct binder_proc *proc,
off_end_offset = off_start_offset + tr->offsets_size;
sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
@@ -97,7 +97,7 @@
off_min = 0;
for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
buffer_offset += sizeof(binder_size_t)) {
-@@ -3116,10 +3112,8 @@ static void binder_transaction(struct binder_proc *proc,
+@@ -3435,10 +3431,8 @@ static void binder_transaction(struct binder_proc *proc,
binder_alloc_free_buf(&target_proc->alloc, t->buffer);
err_binder_alloc_buf_failed:
err_bad_extra_size:
@@ -111,10 +111,10 @@
kfree(tcomplete);
binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/include/linux/security.h b/include/linux/security.h
-index 041e87f3fe4e..b19bd9e1d583 100644
+index 72da145c1aad..79554e5adb4c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -578,7 +578,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
+@@ -596,7 +596,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
@@ -123,7 +123,7 @@
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsmblob *blob);
void security_release_secctx(struct lsmcontext *cp);
-@@ -1433,7 +1433,7 @@ static inline int security_ismaclabel(const char *name)
+@@ -1450,7 +1450,7 @@ static inline int security_ismaclabel(const char *name)
}
static inline int security_secid_to_secctx(struct lsmblob *blob,
@@ -162,10 +162,10 @@
}
}
diff --git a/kernel/audit.c b/kernel/audit.c
-index c17ec23158c4..841123390d41 100644
+index 5aa2ee06c9e4..03824cca058c 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
-@@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -1188,9 +1188,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
struct audit_buffer *ab;
u16 msg_type = nlh->nlmsg_type;
struct audit_sig_info *sig_data;
@@ -175,7 +175,7 @@
err = audit_netlink_ok(skb, msg_type);
if (err)
-@@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -1438,33 +1435,33 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
kfree(new);
break;
}
@@ -183,7 +183,6 @@
- len = 0;
+ case AUDIT_SIGNAL_INFO: {
+ struct lsmcontext context = { };
-+ int len = 0;
+
if (lsmblob_is_set(&audit_sig_lsm)) {
- err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
@@ -193,8 +192,9 @@
if (err)
return err;
}
-- sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
-+ sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL);
+- sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL);
++ sig_data = kmalloc(struct_size(sig_data, ctx, context.len),
++ GFP_KERNEL);
if (!sig_data) {
- if (lsmblob_is_set(&audit_sig_lsm)) {
- lsmcontext_init(&scaff, ctx, len, 0);
@@ -210,19 +210,20 @@
- memcpy(sig_data->ctx, ctx, len);
- lsmcontext_init(&scaff, ctx, len, 0);
- security_release_secctx(&scaff);
-+ len = context.len;
-+ memcpy(sig_data->ctx, context.context, len);
++ memcpy(sig_data->ctx, context.context, context.len);
+ security_release_secctx(&context);
}
- audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
- sig_data, sizeof(*sig_data) + len);
+- audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
+- sig_data, struct_size(sig_data, ctx, len));
++ audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data,
++ struct_size(sig_data, ctx, context.len));
kfree(sig_data);
break;
+ }
case AUDIT_TTY_GET: {
struct audit_tty_status s;
unsigned int t;
-@@ -2132,26 +2130,23 @@ void audit_log_key(struct audit_buffer *ab, char *key)
+@@ -2147,17 +2144,15 @@ void audit_log_key(struct audit_buffer *ab, char *key)
int audit_log_task_context(struct audit_buffer *ab)
{
@@ -233,15 +234,16 @@
- struct lsmcontext scaff; /* scaffolding */
+ struct lsmcontext context;
- security_task_getsecid_subj(current, &blob);
+ security_current_getsecid_subj(&blob);
if (!lsmblob_is_set(&blob))
return 0;
- error = security_secid_to_secctx(&blob, &ctx, &len);
+ error = security_secid_to_secctx(&blob, &context);
+
if (error) {
if (error != -EINVAL)
- goto error_path;
+@@ -2165,9 +2160,8 @@ int audit_log_task_context(struct audit_buffer *ab)
return 0;
}
@@ -254,10 +256,10 @@
error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 1b1ddd62de6c..d198f307a4d8 100644
+index 1626d8aabe83..7858da40a767 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -1002,9 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
+@@ -1121,9 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
struct lsmblob *blob, char *comm)
{
struct audit_buffer *ab;
@@ -268,7 +270,7 @@
int rc = 0;
ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
-@@ -1015,13 +1013,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
+@@ -1134,13 +1132,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
if (lsmblob_is_set(blob)) {
@@ -285,7 +287,7 @@
}
}
audit_log_format(ab, " ocomm=");
-@@ -1234,7 +1231,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
+@@ -1353,7 +1350,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
static void show_special(struct audit_context *context, int *call_panic)
{
@@ -293,7 +295,7 @@
struct audit_buffer *ab;
int i;
-@@ -1259,17 +1255,15 @@ static void show_special(struct audit_context *context, int *call_panic)
+@@ -1378,17 +1374,15 @@ static void show_special(struct audit_context *context, int *call_panic)
from_kgid(&init_user_ns, context->ipc.gid),
context->ipc.mode);
if (osid) {
@@ -314,7 +316,7 @@
security_release_secctx(&lsmcxt);
}
}
-@@ -1418,20 +1412,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
+@@ -1543,20 +1537,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
MAJOR(n->rdev),
MINOR(n->rdev));
if (n->osid != 0) {
@@ -340,7 +342,7 @@
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index a7e4c1b34b6c..ae073b642fa7 100644
+index 70ca4510ea35..ad5be7707bca 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
@@ -369,7 +371,7 @@
}
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
-index 89be957f26bd..668b31ecd638 100644
+index 212e12b53adb..9626e2b0ef12 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -339,8 +339,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
@@ -406,32 +408,30 @@
security_release_secctx(&context);
return ret;
}
-@@ -658,15 +656,15 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
+@@ -656,15 +654,11 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct)
+ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
+ {
#ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
- struct lsmblob blob;
-+ struct lsmcontext context;
+- int len, ret;
++ int len;
+ struct lsmblob blob;
- /* lsmblob_init() puts ct->secmark into all of the secids in blob.
- * security_secid_to_secctx() will know which security module
- * to use to create the secctx. */
- lsmblob_init(&blob, ct->secmark);
- ret = security_secid_to_secctx(&blob, NULL, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
+- if (ret)
++ len = security_secid_to_secctx(&blob, NULL);
++ if (len <= 0)
return 0;
-+ len = context.len;
-+ security_release_secctx(&context);
-+
return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
- #else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index ca2ae290d6ee..b5796a8e5e90 100644
+index 3b6ba86783f6..36338660df3c 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -173,19 +173,16 @@ static void ct_seq_stop(struct seq_file *s, void *v)
+@@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v)
static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
{
int ret;
@@ -454,7 +454,7 @@
}
#else
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
-index 005900a0c397..d5cff4559237 100644
+index d986bae1587b..625cd787ffc1 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
@@ -480,7 +480,7 @@
return seclen;
}
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
-index 61346aaa2898..9910d3e9d287 100644
+index a8e9ee202245..46706889a6f7 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net,
@@ -517,7 +517,7 @@
struct lsmblob blob;
spin_lock(&netlbl_unlhsh_lock);
-@@ -510,11 +503,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
+@@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
if (entry != NULL)
lsmblob_init(&blob, entry->secid);
if (entry != NULL &&
@@ -532,7 +532,7 @@
security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -553,8 +544,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
+@@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
struct audit_buffer *audit_buf;
struct net_device *dev;
struct lsmcontext context;
@@ -541,7 +541,7 @@
struct lsmblob blob;
spin_lock(&netlbl_unlhsh_lock);
-@@ -580,10 +569,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
+@@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
if (entry != NULL)
lsmblob_init(&blob, entry->secid);
if (entry != NULL &&
@@ -555,7 +555,7 @@
security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -1106,8 +1094,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
+@@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
struct lsmcontext context;
void *data;
u32 secid;
@@ -564,7 +564,7 @@
struct lsmblob blob;
data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
-@@ -1167,15 +1153,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
+@@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
* security_secid_to_secctx() will know which security module
* to use to create the secctx. */
lsmblob_init(&blob, secid);
@@ -609,26 +609,45 @@
}
diff --git a/security/security.c b/security/security.c
-index 4cb540d93ab8..713e0340a0d4 100644
+index 163cf0ae2429..d56fcb794ff4 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -2325,18 +2325,22 @@ int security_ismaclabel(const char *name)
+@@ -2330,18 +2330,41 @@ int security_ismaclabel(const char *name)
}
EXPORT_SYMBOL(security_ismaclabel);
-int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
++/**
++ * security_secid_to_secctx - convert secid to secctx
++ * @blob: set of secids
++ * @cp: lsm context into which result is put
++ *
++ * Translate secid information into a secctx string.
++ * Return a negative value on error.
++ * If cp is NULL return the length of the string.
++ * Otherwise, return 0.
++ */
+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
{
struct security_hook_list *hp;
int ilsm = lsm_task_ilsm(current);
-+ memset(cp, 0, sizeof(*cp));
++ if (cp)
++ memset(cp, 0, sizeof(*cp));
+
hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
- if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
+ if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
++ if (!cp) {
++ int len;
++ int rc;
++ rc = hp->hook.secid_to_secctx(
++ blob->secid[hp->lsmid->slot],
++ NULL, &len);
++ return rc ? rc : len;
++ }
+ cp->slot = hp->lsmid->slot;
return hp->hook.secid_to_secctx(
blob->secid[hp->lsmid->slot],