[PATCH v26 20/25] LSM: Verify LSM display sanity in binder

(off-list ancestor, not in this archive)
[PATCH v26 00/25] LSM: Module stacking for AppArmor · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 01/25] LSM: Infrastructure management of the sock security · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 02/25] LSM: Add the lsmblob data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. · Mickaël Salaün <mic@digikod.net> · 2021-05-22
Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-25
Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. · Mickaël Salaün <mic@digikod.net> · 2021-05-26
[PATCH v26 03/25] LSM: provide lsm name and id slot mappings · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 03/25] LSM: provide lsm name and id slot mappings · Kees Cook <hidden> · 2021-05-14
Re: [PATCH v26 03/25] LSM: provide lsm name and id slot mappings · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 04/25] IMA: avoid label collisions with stacked LSMs · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 04/25] IMA: avoid label collisions with stacked LSMs · Kees Cook <hidden> · 2021-05-14
[PATCH v26 05/25] LSM: Use lsmblob in security_audit_rule_match · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 06/25] LSM: Use lsmblob in security_kernel_act_as · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid · Kees Cook <hidden> · 2021-05-14
Re: [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx · Kees Cook <hidden> · 2021-05-14
Re: [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 09/25] LSM: Use lsmblob in security_ipc_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 10/25] LSM: Use lsmblob in security_task_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 11/25] LSM: Use lsmblob in security_inode_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 12/25] LSM: Use lsmblob in security_cred_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 13/25] IMA: Change internal interfaces to use lsmblobs · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 14/25] LSM: Specify which LSM to display · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 14/25] LSM: Specify which LSM to display · Kees Cook <hidden> · 2021-05-14
Re: [PATCH v26 14/25] LSM: Specify which LSM to display · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-17
Re: [PATCH v26 14/25] LSM: Specify which LSM to display · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 15/25] LSM: Ensure the correct LSM context releaser · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 15/25] LSM: Ensure the correct LSM context releaser · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 16/25] LSM: Use lsmcontext in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 17/25] LSM: Use lsmcontext in security_inode_getsecctx · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 17/25] LSM: Use lsmcontext in security_inode_getsecctx · Kees Cook <hidden> · 2021-05-14
[PATCH v26 18/25] LSM: security_secid_to_secctx in netlink netfilter · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 18/25] LSM: security_secid_to_secctx in netlink netfilter · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 19/25] NET: Store LSM netlabel data in a lsmblob · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 20/25] LSM: Verify LSM display sanity in binder · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 21/25] audit: add support for non-syscall auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 21/25] audit: add support for non-syscall auxiliary records · Paul Moore <paul@paul-moore.com> · 2021-05-21
[PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Paul Moore <paul@paul-moore.com> · 2021-05-21
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Richard Guy Briggs <hidden> · 2021-05-21
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-21
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Paul Moore <paul@paul-moore.com> · 2021-05-22
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Richard Guy Briggs <hidden> · 2021-05-22
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-25
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-25
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Richard Guy Briggs <hidden> · 2021-05-25
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-25
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Richard Guy Briggs <hidden> · 2021-05-25
Re: [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-25
[PATCH v26 23/25] Audit: Add a new record for multiple object LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 24/25] LSM: Add /proc attr entry for full LSM context · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13
[PATCH v26 25/25] AppArmor: Remove the exclusive flag · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-13

Trailers: 2 Reviewed-by, 2 Acked-by (1 maintainer)
Series revisions: v1 (2019-04-09) [diff vs current] → v1 (2019-04-09) [diff vs current] → v1 (2019-04-09) [diff vs current] → v1 (2019-05-31) [diff vs current] → v1 (2019-06-02) [diff vs current] → v2 (2019-06-18) [diff vs current] → v3 (2019-06-21) [diff vs current] → v3 (2019-06-24) [diff vs current] → v4 (2019-06-26) [diff vs current] → v5 (2019-07-03) [diff vs current] → v5 (2019-07-26) [diff vs current] → v7 (2019-08-07) [diff vs current] → v8 (2019-08-29) [diff vs current] → v10 (2019-10-24) [diff vs current] → v10 (2019-11-13) [diff vs current] → v11 (2019-11-13) [diff vs current] → v11 (2019-11-27) [diff vs current] → v12 (2019-12-16) [diff vs current] → v12 (2019-12-16) [diff vs current] → v12 (2019-12-24) [diff vs current] → v13 (2019-12-25) [diff vs current] → v14 (2020-01-24) [diff vs current] → v15 (2020-02-14) [diff vs current] → v16 (2020-04-07) [diff vs current] → v17 (2020-05-14) [diff vs current] → v18 (2020-07-09) [diff vs current] → v19 (2020-07-24) [diff vs current] → v20 (2020-08-26) [diff vs current] → v21 (2020-10-12) [diff vs current] → v22 (2020-11-05) [diff vs current] → v22 (2020-11-20) [diff vs current] → v24 (2021-01-27) [diff vs current] → v25 (2021-03-09) [diff vs current] → v26 (2021-05-13) → v27 (2021-06-11) [diff vs current] → v28 (2021-07-22) [diff vs current] → v29 (2021-09-24) [diff vs current] → v30 (2021-11-24) [diff vs current] → v31 (2021-12-14) [diff vs current] → v32 (2022-02-03) [diff vs current] → v33 (2022-03-10) [diff vs current] → v34 (2022-04-07) [diff vs current] → v34 (2022-04-15) [diff vs current] → v35 (2022-04-18) [diff vs current] → v36 (2022-06-09) [diff vs current] → v37 (2022-06-28) [diff vs current] → v38 (2022-09-27) [diff vs current]
Activity: Last reply 1823 days ago

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2021-05-13 20:30:27
Also in: linux-security-module, lkml
Subsystem: security subsystem, the rest · Maintainers: Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Verify that the tasks on the ends of a binder transaction
use the same "interface_lsm" security module. This prevents
confusion of security "contexts".

Reviewed-by: Kees Cook <redacted>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <redacted>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/security.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/security/security.c b/security/security.c
index 1e441c3491b5..d1e9a54e22b4 100644
--- a/security/security.c
+++ b/security/security.c

@@ -857,9 +857,38 @@ int security_binder_set_context_mgr(struct task_struct *mgr)
 	return call_int_hook(binder_set_context_mgr, 0, mgr);
 }
 
+/**
+ * security_binder_transaction - Binder driver transaction check
+ * @from: source of the transaction
+ * @to: destination of the transaction
+ *
+ * Verify that the tasks have the same LSM "display", then
+ * call the security module hooks.
+ *
+ * Returns -EINVAL if the displays don't match, or the
+ * result of the security module checks.
+ */
 int security_binder_transaction(struct task_struct *from,
 				struct task_struct *to)
 {
+	int from_ilsm = lsm_task_ilsm(from);
+	int to_ilsm = lsm_task_ilsm(to);
+
+	/*
+	 * If the ilsm is LSMBLOB_INVALID the first module that has
+	 * an entry is used. This will be in the 0 slot.
+	 *
+	 * This is currently only required if the server has requested
+	 * peer contexts, but it would be unwieldly to have too much of
+	 * the binder driver detail here.
+	 */
+	if (from_ilsm == LSMBLOB_INVALID)
+		from_ilsm = 0;
+	if (to_ilsm == LSMBLOB_INVALID)
+		to_ilsm = 0;
+	if (from_ilsm != to_ilsm)
+		return -EINVAL;
+
 	return call_int_hook(binder_transaction, 0, from, to);
 }

-- 
2.29.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help