[PATCH v39 21/42] LSM: security_lsmblob_to_secctx module selection

From: Casey Schaufler
Date: Fri Dec 15 2023 - 17:33:08 EST


Add a parameter lsmid to security_lsmblob_to_secctx() to identify which
of the security modules that may be active should provide the security
context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing
a hook is used. security_secid_to_secctx() is unchanged, and will
always report the first LSM providing a hook.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
---
include/linux/security.h | 5 +++--
kernel/audit.c | 4 ++--
kernel/auditsc.c | 8 +++++---
net/netlabel/netlabel_user.c | 3 ++-
security/security.c | 11 ++++++-----
5 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 35604f43d4ff..360a454d5f8e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -563,7 +563,8 @@ int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
int security_secid_to_secctx(u32 secid, struct lsmcontext *cp);
-int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp);
+int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp,
+ int lsmid);
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
void security_release_secctx(struct lsmcontext *cp);
void security_inode_invalidate_secctx(struct inode *inode);
@@ -1491,7 +1492,7 @@ static inline int security_secid_to_secctx(u32 secid, struct lsmcontext *cp)
}

static inline int security_lsmblob_to_secctx(struct lsmblob *blob,
- struct lsmcontext *cp)
+ struct lsmcontext *cp, int lsmid)
{
return -EOPNOTSUPP;
}
diff --git a/kernel/audit.c b/kernel/audit.c
index a93a710c980e..edefb370a72e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1462,7 +1462,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)

if (lsmblob_is_set(&audit_sig_lsm)) {
err = security_lsmblob_to_secctx(&audit_sig_lsm,
- &lsmctx);
+ &lsmctx, LSM_ID_UNDEF);
if (err < 0)
return err;
}
@@ -2174,7 +2174,7 @@ int audit_log_task_context(struct audit_buffer *ab)
if (!lsmblob_is_set(&blob))
return 0;

- error = security_lsmblob_to_secctx(&blob, &ctx);
+ error = security_lsmblob_to_secctx(&blob, &ctx, LSM_ID_UNDEF);
if (error < 0) {
if (error != -EINVAL)
goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c37cc02ea4cc..3c0559b01677 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1109,7 +1109,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
if (lsmblob_is_set(blob)) {
- if (security_lsmblob_to_secctx(blob, &ctx) < 0) {
+ if (security_lsmblob_to_secctx(blob, &ctx, LSM_ID_UNDEF) < 0) {
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
@@ -1394,7 +1394,8 @@ static void show_special(struct audit_context *context, int *call_panic)
context->ipc.mode);
if (lsmblob_is_set(&context->ipc.oblob)) {
if (security_lsmblob_to_secctx(&context->ipc.oblob,
- &lsmctx) < 0) {
+ &lsmctx,
+ LSM_ID_UNDEF) < 0) {
*call_panic = 1;
} else {
audit_log_format(ab, " obj=%s", lsmctx.context);
@@ -1559,7 +1560,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
if (lsmblob_is_set(&n->oblob)) {
struct lsmcontext ctx;

- if (security_lsmblob_to_secctx(&n->oblob, &ctx) < 0) {
+ if (security_lsmblob_to_secctx(&n->oblob, &ctx,
+ LSM_ID_UNDEF) < 0) {
if (call_panic)
*call_panic = 2;
} else {
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 561e1e476a49..842a236540b0 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -98,7 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
audit_info->sessionid);

if (lsmblob_is_set(&audit_info->blob) &&
- security_lsmblob_to_secctx(&audit_info->blob, &ctx) >= 0) {
+ security_lsmblob_to_secctx(&audit_info->blob, &ctx,
+ LSM_ID_UNDEF) >= 0) {
audit_log_format(audit_buf, " subj=%s", ctx.context);
security_release_secctx(&ctx);
}
diff --git a/security/security.c b/security/security.c
index cea3c1b614a1..444051575793 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4203,6 +4203,7 @@ EXPORT_SYMBOL(security_secid_to_secctx);
* security_lsmblob_to_secctx() - Convert a lsmblob to a secctx
* @blob: lsm specific information
* @cp: the LSM context
+ * @lsmid: which security module to report
*
* Convert a @blob entry to security context. If @cp is NULL the
* length of the result will be returned, but no data will be returned.
@@ -4212,15 +4213,15 @@ EXPORT_SYMBOL(security_secid_to_secctx);
*
* Return: Return length of data on success, error on failure.
*/
-int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
+int security_lsmblob_to_secctx(struct lsmblob *blob, struct lsmcontext *cp,
+ int lsmid)
{
struct security_hook_list *hp;
- int rc;

hlist_for_each_entry(hp, &security_hook_heads.lsmblob_to_secctx, list) {
- rc = hp->hook.lsmblob_to_secctx(blob, cp);
- if (rc != LSM_RET_DEFAULT(lsmblob_to_secctx))
- return rc;
+ if (lsmid != hp->lsmid->id && lsmid != LSM_ID_UNDEF)
+ continue;
+ return hp->hook.lsmblob_to_secctx(blob, cp);
}

return LSM_RET_DEFAULT(lsmblob_to_secctx);
--
2.41.0