| From: |
| Casey Schaufler <casey-AT-schaufler-ca.com> |
| To: |
| James Morris <jmorris-AT-namei.org>,
LSM <linux-security-module-AT-vger.kernel.org> |
| Subject: |
| [PATCH v2 1/5] LSM: Infrastructure changes to allow LSM stacking |
| Date: |
| Thu, 13 Sep 2012 18:14:26 -0700 |
| Message-ID: |
| <505284F2.9040608@schaufler-ca.com> |
| Cc: |
| Casey Schaufler <casey-AT-schaufler-ca.com> |
Subject: LSM: Infrastructure changes to allow LSM stacking
Provide a pseudo file in securityfs named "lsm".
Reading lsm provides a comma separated list of the
registered security modules.
The traditional one-LSM-at-a-time scheme is still supported.
If CONFIG_SECURITY_COMPOSER is not selected all of the
existing behaviors are maintained. Minor changes to the
existing LSMs are required for them to go both ways. If an
LSM is not changed it will function just fine without
CONFIG_SECURITY_COMPOSER.
Add a field "order" to the security_operations structure.
Set this value at LSM registration indicating the order
in which this LSM was registered. This field is used to
match LSMs with their security blobs.
Replace the security_ops scalar with the composer_ops vector
of security_operations pointers. The "order" field of the
security_operations structure identifies the slot it occupies
in the composer_ops vector.
The first entry in the composer_ops vector (composer_ops[0])
is the capabilities operations. A hook that is provided by
another LSM is cleared in composer_ops[0]. The security_fixup_ops
function is replaced by security_fixdown_ops which performs this
clearing operation on LSM registration.
The security_hook functions check to see if composer_ops[0]->hook
has a value, in which case there are no LSM provided hooks. In
that case the composer_ops[0]->hook(args) is called and the
value returned. Otherwise the code iterates through composer_ops
calling all defined hooks.
If the hook has a void return all of the hooks are called.
If the hook has an interger return all of the hooks are called.
The usual case is that it will return 0 on success and an error
value otherwise. The security_hook function will return 0 if
all of the LSM hooks called returned 0. The code remembers
non-zero returns, but will return only the last non-zero value.
Some integer hooks return secids instead of status. The whole
business of secid based LSM interfaces needs to be changed
before these hooks can be mode to work for multiple LSMs.
Today only Smack and SELinux use these hooks. Simple collision
detection on these hooks is done during LSM registration.
Further, the simple expediant of disallowing these two LSMs to
be configured at the same time has been taken.
Each LSM retains responsibility for maintaining its own
security data blobs. Because the containing data structures
provide a single pointer (cred->security, inode->i_security, etc)
there needs to be a mechanism whereby these pointers can represent
all of the blobs required by the LSMs. This is accomplished using
a composer blob that contains pointers for the LSM blobs. The
blob for a particular LSM is identified in the composer blob by
the order field in the security_operations structure.
To make it easier to deal with this indirection and to support the
traditional one-lsm-at-a-time model with the same LSM code two sets
of functions are introduced.
lsm_get_inode() replaces direct reading of inode blobs.
isp = inode->i_security
isp = lsm_get_inode(inode, &smack_ops);
lsm_set_inode() replaces direct setting of inode blobs.
inode->i_security = newblob;
lsm_set_inode(inode, newblob, &smack_ops);
inode->i_security = NULL;
lsm_set_inode(inode, NULL, &smack_ops);
The lsm_set functions will allocate a composer blob if needed
and free the composer blob if all of LSM blobs are free.
They also free all blobs if there is an error allocating any
of the LSM blobs or the composer blob itself. Thus,
any LSM hook that frees its own blob is required to set the
blob value to NULL. This was not required before. AppArmor left
junk pointers in one case and SELinux had some cred debugging
values. These have been changed to reflect the new requirement.
The security= boot option is expanded to allow a list of LSMs.
If the security= option is not specified all LSMs built into the
kernel will be used. If the LSM name ("selinux", "apparmor", ...)
appears anywhere in the string it is registered and will be used.
The order does not matter. LSMs are registered in the order they
request registration.
security=selinux,apparmor,yama
security=selinux/apparmor/yama
security=yama,smack/apparmor
security=apparmor
are all accepted.
The /proc/.../attr/current interface is overloaded as Smack,
AppArmor and SELinux all present information using this file.
The kernel may be configured to present the information from
any of the LSMs or to provide the information from all the
LSMs in the format
/<lsm-name>=<value>/<lsm-name>=<value>/
Should the information be presented to /proc/self/attr/current
in this format it will always be accepted. Thus, if AppArmor
is the "presented" LSM and Smack is also registered
echo 'unconfined' > /proc/self/attr/current
echo '/apparmor=unconfined/' > /proc/self/attr/current
echo '/apparmor=unconfined/smack=Pop/' > /proc/self/attr/current
all have the same effect on AppArmor and the last one also
effects Smack.
The reset_security_ops() mechanism has been substantially revised.
The LSM making the request is now identified by passing an pointer to
its security_operations strucure. The resetting LSM's operations
vector is replaced with an empty set and the capability vector,
composer_ops[0] is recalculated using security_fixup_ops(). The
whole mechanism has been put under CONFIG_SECURITY_SELINUX_DISABLE
because that's the only case it's used, it requires large and
unpleasant functions to be declared without "__init" and I'd be
happier if no one got the idea that using it is a good idea.
Anyone who wants to make the scheme more generally useful gets to
deal with changing how the configuration is done.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/lsm.h | 274 +++++++++
include/linux/security.h | 37 +-
security/Kconfig | 68 ++-
security/capability.c | 223 ++++++++
security/inode.c | 51 +-
security/security.c | 1385 +++++++++++++++++++++++++++++++++++++++-------
security/selinux/hooks.c | 2 +-
7 files changed, 1827 insertions(+), 213 deletions(-)
diff --git a/include/linux/lsm.h b/include/linux/lsm.h
new file mode 100644
index 0000000..8c3c060
--- /dev/null
+++ b/include/linux/lsm.h
@@ -0,0 +1,274 @@
+/*
+ *
+ * Copyright (C) 2012 Casey Schaufler <casey@schaufler-ca.com>
+ * Copyright (C) 2012 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ *
+ * Author:
+ * Casey Schaufler <casey@schaufler-ca.com>
+ *
+ */
+#ifndef _LINUX_LSM_H
+#define _LINUX_LSM_H
+
+#include <linux/cred.h>
+#include <linux/fs.h>
+#include <linux/msg.h>
+#include <linux/key.h>
+#include <net/sock.h>
+
+#ifdef CONFIG_SECURITY_COMPOSER
+/*
+ * Maximum number of LSMs that can be used at a time.
+ * Realistically, this could be as small as 4.
+ */
+#define COMPOSER_MAX 10
+#include <linux/security.h>
+
+/*
+ * Just a set of slots for each LSM to keep its blob in.
+ */
+struct lsm_blob {
+ int lsm_setcount; /* Number of blobs set */
+ void *lsm_blobs[COMPOSER_MAX]; /* LSM specific blobs */
+};
+
+static inline struct lsm_blob *lsm_alloc_blob(gfp_t gfp)
+{
+ return kzalloc(sizeof(struct lsm_blob), gfp);
+}
+
+static inline void *lsm_get_blob(const struct lsm_blob *bp, const int lsm)
+{
+ if (bp == NULL)
+ return NULL;
+ return bp->lsm_blobs[lsm];
+}
+
+static inline void lsm_set_blob(void **vpp, void *value, const int lsm)
+{
+ struct lsm_blob *bp = *vpp;
+
+#ifdef CONFIG_SECURITY_COMPOSER_DEBUG
+ if (bp == NULL) {
+ bp = lsm_alloc_blob(GFP_KERNEL);
+ *vpp = bp;
+ pr_warn("LSM %d had no composer blob in %s.\n", lsm, __func__);
+ }
+#endif
+
+ if (value == NULL && bp->lsm_blobs[lsm] != NULL)
+ bp->lsm_setcount--;
+ if (value != NULL && bp->lsm_blobs[lsm] == NULL)
+ bp->lsm_setcount++;
+
+ bp->lsm_blobs[lsm] = value;
+}
+
+static inline void *lsm_get_cred(const struct cred *cred,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(cred->security, sop->order);
+}
+
+static inline void lsm_set_cred(struct cred *cred, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&cred->security, value, sop->order);
+}
+
+static inline void *lsm_get_file(const struct file *file,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(file->f_security, sop->order);
+}
+
+static inline void lsm_set_file(struct file *file, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&file->f_security, value, sop->order);
+}
+
+static inline void *lsm_get_inode(const struct inode *inode,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(inode->i_security, sop->order);
+}
+
+static inline void lsm_set_inode(struct inode *inode, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&inode->i_security, value, sop->order);
+}
+
+static inline void *lsm_get_super(const struct super_block *super,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(super->s_security, sop->order);
+}
+
+static inline void lsm_set_super(struct super_block *super, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&super->s_security, value, sop->order);
+}
+
+static inline void *lsm_get_ipc(const struct kern_ipc_perm *ipc,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(ipc->security, sop->order);
+}
+
+static inline void lsm_set_ipc(struct kern_ipc_perm *ipc, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&ipc->security, value, sop->order);
+}
+
+static inline void *lsm_get_msg(const struct msg_msg *msg,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(msg->security, sop->order);
+}
+
+static inline void lsm_set_msg(struct msg_msg *msg, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&msg->security, value, sop->order);
+}
+
+static inline void *lsm_get_key(const struct key *key,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(key->security, sop->order);
+}
+
+static inline void lsm_set_key(struct key *key, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&key->security, value, sop->order);
+}
+
+static inline void *lsm_get_sock(const struct sock *sock,
+ const struct security_operations *sop)
+{
+ return lsm_get_blob(sock->sk_security, sop->order);
+}
+
+static inline void lsm_set_sock(struct sock *sock, void *value,
+ const struct security_operations *sop)
+{
+ lsm_set_blob(&sock->sk_security, value, sop->order);
+}
+
+#else /* CONFIG_SECURITY_COMPOSER */
+
+struct security_operations;
+
+static inline struct lsm_blob *lsm_alloc_blob(gfp_t gfp)
+{
+ return NULL;
+}
+
+static inline void *lsm_get_cred(const struct cred *cred,
+ const struct security_operations *sop)
+{
+ return cred->security;
+}
+
+static inline void lsm_set_cred(struct cred *cred, void *value,
+ const struct security_operations *sop)
+{
+ cred->security = value;
+}
+
+static inline void *lsm_get_file(const struct file *file,
+ const struct security_operations *sop)
+{
+ return file->f_security;
+}
+
+static inline void lsm_set_file(struct file *file, void *value,
+ const struct security_operations *sop)
+{
+ file->f_security = value;
+}
+
+static inline void *lsm_get_inode(const struct inode *inode,
+ const struct security_operations *sop)
+{
+ return inode->i_security;
+}
+
+static inline void lsm_set_inode(struct inode *inode, void *value,
+ const struct security_operations *sop)
+{
+ inode->i_security = value;
+}
+
+static inline void *lsm_get_super(const struct super_block *super,
+ const struct security_operations *sop)
+{
+ return super->s_security;
+}
+
+static inline void lsm_set_super(struct super_block *super, void *value,
+ const struct security_operations *sop)
+{
+ super->s_security = value;
+}
+
+static inline void *lsm_get_ipc(const struct kern_ipc_perm *ipc,
+ const struct security_operations *sop)
+{
+ return ipc->security;
+}
+
+static inline void lsm_set_ipc(struct kern_ipc_perm *ipc, void *value,
+ const struct security_operations *sop)
+{
+ ipc->security = value;
+}
+
+static inline void *lsm_get_msg(const struct msg_msg *msg,
+ const struct security_operations *sop)
+{
+ return msg->security;
+}
+
+static inline void lsm_set_msg(struct msg_msg *msg, void *value,
+ const struct security_operations *sop)
+{
+ msg->security = value;
+}
+
+static inline void *lsm_get_key(const struct key *key,
+ const struct security_operations *sop)
+{
+ return key->security;
+}
+
+static inline void lsm_set_key(struct key *key, void *value,
+ const struct security_operations *sop)
+{
+ key->security = value;
+}
+
+static inline void *lsm_get_sock(const struct sock *sock,
+ const struct security_operations *sop)
+{
+ return sock->sk_security;
+}
+
+static inline void lsm_set_sock(struct sock *sock, void *value,
+ const struct security_operations *sop)
+{
+ sock->sk_security = value;
+}
+
+#endif /* CONFIG_SECURITY_COMPOSER */
+
+#endif /* ! _LINUX_LSM_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index 3dea6a9..89b2a35 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -112,7 +112,12 @@ struct seq_file;
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
-void reset_security_ops(void);
+#ifdef CONFIG_SECURITY_COMPOSER
+extern int lsm_count;
+extern struct security_operations *composer_ops[];
+#else
+extern struct security_operations *security_ops;
+#endif
#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr;
@@ -192,6 +197,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* A string that acts as a unique identifier for the LSM with max number
* of characters = SECURITY_NAME_MAX.
*
+ * @order:
+ * The numeric order in which this LSM will be invoked.
+ * Set during LSM initialization. Used to identify
+ * which security blob to use when there is more than one LSM.
+ *
* Security hooks for program execution operations.
*
* @bprm_set_creds:
@@ -1378,6 +1388,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
*/
struct security_operations {
char name[SECURITY_NAME_MAX + 1];
+ int order;
int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
int (*ptrace_traceme) (struct task_struct *parent);
@@ -1658,8 +1669,30 @@ struct security_operations {
extern int security_init(void);
extern int security_module_enable(struct security_operations *ops);
extern int register_security(struct security_operations *ops);
-extern void __init security_fixup_ops(struct security_operations *ops);
+/*
+ * If SELinux is permitted to remove itself from the
+ * set of LSMs in a multiple LSM stack these functions
+ * cannot be __init.
+ */
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+void reset_security_ops(struct security_operations *ops);
+#ifdef CONFIG_SECURITY_COMPOSER
+extern void security_fixdown_ops(struct security_operations *ops,
+ struct security_operations *ops0);
+extern void security_fixup_ops(struct security_operations *ops);
+#else /* CONFIG_SECURITY_COMPOSER */
+extern void __init security_fixup_ops(struct security_operations *ops);
+#endif /* CONFIG_SECURITY_COMPOSER */
+#else /* CONFIG_SECURITY_SELINUX_DISABLE */
+#ifdef CONFIG_SECURITY_COMPOSER
+extern void __init security_fixup_ops(struct security_operations *ops);
+extern void __init security_fixdown_ops(struct security_operations *ops,
+ struct security_operations *ops0);
+#else /* CONFIG_SECURITY_COMPOSER */
+extern void __init security_fixup_ops(struct security_operations *ops);
+#endif /* CONFIG_SECURITY_COMPOSER */
+#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
/* Security operations */
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
diff --git a/security/Kconfig b/security/Kconfig
index e9c6ac7..bdbd563 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -123,9 +123,36 @@ source security/tomoyo/Kconfig
source security/apparmor/Kconfig
source security/yama/Kconfig
+config SECURITY_COMPOSER
+ bool "Allow multiple concurrent LSMs"
+ depends on SECURITY && \
+ !SECURITY_SMACK && \
+ !SECURITY_TOMOYO && \
+ !SECURITY_APPARMOR && \
+ !SECURITY_SELINUX
+ default n
+ help
+ Allows multiple security modules to be used concurrently.
+ Only LSMs that have been made composer friendly may be used
+ when set. Yama is composer friendly.
+
+ If you are unsure how to answer this question, answer N.
+
+
+config SECURITY_COMPOSER_DEBUG
+ bool "Debugging information about LSM interactions"
+ depends on SECURITY_COMPOSER
+ default n
+ help
+ Provides run time information regarding possible
+ improper use of the LSM composer.
+
+ If you are unsure how to answer this question, answer N.
+
source security/integrity/Kconfig
choice
+ depends on !SECURITY_COMPOSER
prompt "Default security module"
default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
@@ -160,6 +187,7 @@ endchoice
config DEFAULT_SECURITY
string
+ default "composer" if SECURITY_COMPOSER
default "selinux" if DEFAULT_SECURITY_SELINUX
default "smack" if DEFAULT_SECURITY_SMACK
default "tomoyo" if DEFAULT_SECURITY_TOMOYO
@@ -167,5 +195,43 @@ config DEFAULT_SECURITY
default "yama" if DEFAULT_SECURITY_YAMA
default "" if DEFAULT_SECURITY_DAC
-endmenu
+choice
+ depends on SECURITY_COMPOSER
+ prompt "Presented security module"
+ default PRESENT_SECURITY_SELINUX if SECURITY_SELINUX
+ default PRESENT_SECURITY_SMACK if SECURITY_SMACK
+ default PRESENT_SECURITY_APPARMOR if SECURITY_APPARMOR
+ default PRESENT_SECURITY_FORMATTED
+ help
+ Select the security module that will be presented
+ with the /proc/*/attr interface.
+ If not specified the interfaces will expect input
+ to be specified as LSM name and value pairs, with
+ the specifications deliminated by "/" characters, as
+ "/smack=_/" or "/apparmor=unconfined/smack=_/".
+ The leading, separating, and terminating "/" are
+ all required.
+
+ config PRESENT_SECURITY_SELINUX
+ bool "SELinux" if SECURITY_SELINUX=y
+
+ config PRESENT_SECURITY_SMACK
+ bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
+
+ config PRESENT_SECURITY_APPARMOR
+ bool "AppArmor" if SECURITY_APPARMOR=y
+
+ config PRESENT_SECURITY_FORMATTED
+ bool "Use /lsm=.../lsm=.../ format"
+
+endchoice
+
+config PRESENT_SECURITY
+ string
+ default "selinux" if PRESENT_SECURITY_SELINUX
+ default "smack" if PRESENT_SECURITY_SMACK
+ default "apparmor" if PRESENT_SECURITY_APPARMOR
+ default "formatted"
+
+endmenu
diff --git a/security/capability.c b/security/capability.c
index 61095df..29aca6e 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -875,7 +875,15 @@ static void cap_audit_rule_free(void *lsmrule)
} \
} while (0)
+#ifdef CONFIG_SECURITY_COMPOSER
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+void security_fixup_ops(struct security_operations *ops)
+#else /* CONFIG_SECURITY_SELINUX_DISABLE */
void __init security_fixup_ops(struct security_operations *ops)
+#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
+#else /* CONFIG_SECURITY_COMPOSER */
+void __init security_fixup_ops(struct security_operations *ops)
+#endif /* CONFIG_SECURITY_COMPOSER */
{
set_to_cap_if_null(ops, ptrace_access_check);
set_to_cap_if_null(ops, ptrace_traceme);
@@ -1073,3 +1081,218 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, audit_rule_free);
#endif
}
+
+#ifdef CONFIG_SECURITY_COMPOSER
+
+#define set_op0_to_null_if_op(ops, ops0, function) \
+ do { \
+ if (ops->function) \
+ ops0->function = NULL; \
+ } while (0)
+
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+void security_fixdown_ops(struct security_operations *ops,
+ struct security_operations *ops0)
+#else
+void __init security_fixdown_ops(struct security_operations *ops,
+ struct security_operations *ops0)
+#endif
+{
+ set_op0_to_null_if_op(ops, ops0, ptrace_access_check);
+ set_op0_to_null_if_op(ops, ops0, ptrace_traceme);
+ set_op0_to_null_if_op(ops, ops0, capget);
+ set_op0_to_null_if_op(ops, ops0, capset);
+ set_op0_to_null_if_op(ops, ops0, capable);
+ set_op0_to_null_if_op(ops, ops0, quotactl);
+ set_op0_to_null_if_op(ops, ops0, quota_on);
+ set_op0_to_null_if_op(ops, ops0, syslog);
+ set_op0_to_null_if_op(ops, ops0, settime);
+ set_op0_to_null_if_op(ops, ops0, vm_enough_memory);
+ set_op0_to_null_if_op(ops, ops0, bprm_set_creds);
+ set_op0_to_null_if_op(ops, ops0, bprm_committing_creds);
+ set_op0_to_null_if_op(ops, ops0, bprm_committed_creds);
+ set_op0_to_null_if_op(ops, ops0, bprm_check_security);
+ set_op0_to_null_if_op(ops, ops0, bprm_secureexec);
+ set_op0_to_null_if_op(ops, ops0, sb_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, sb_free_security);
+ set_op0_to_null_if_op(ops, ops0, sb_copy_data);
+ set_op0_to_null_if_op(ops, ops0, sb_remount);
+ set_op0_to_null_if_op(ops, ops0, sb_kern_mount);
+ set_op0_to_null_if_op(ops, ops0, sb_show_options);
+ set_op0_to_null_if_op(ops, ops0, sb_statfs);
+ set_op0_to_null_if_op(ops, ops0, sb_mount);
+ set_op0_to_null_if_op(ops, ops0, sb_umount);
+ set_op0_to_null_if_op(ops, ops0, sb_pivotroot);
+ set_op0_to_null_if_op(ops, ops0, sb_set_mnt_opts);
+ set_op0_to_null_if_op(ops, ops0, sb_clone_mnt_opts);
+ set_op0_to_null_if_op(ops, ops0, sb_parse_opts_str);
+ set_op0_to_null_if_op(ops, ops0, inode_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, inode_free_security);
+ set_op0_to_null_if_op(ops, ops0, inode_init_security);
+ set_op0_to_null_if_op(ops, ops0, inode_create);
+ set_op0_to_null_if_op(ops, ops0, inode_link);
+ set_op0_to_null_if_op(ops, ops0, inode_unlink);
+ set_op0_to_null_if_op(ops, ops0, inode_symlink);
+ set_op0_to_null_if_op(ops, ops0, inode_mkdir);
+ set_op0_to_null_if_op(ops, ops0, inode_rmdir);
+ set_op0_to_null_if_op(ops, ops0, inode_mknod);
+ set_op0_to_null_if_op(ops, ops0, inode_rename);
+ set_op0_to_null_if_op(ops, ops0, inode_readlink);
+ set_op0_to_null_if_op(ops, ops0, inode_follow_link);
+ set_op0_to_null_if_op(ops, ops0, inode_permission);
+ set_op0_to_null_if_op(ops, ops0, inode_setattr);
+ set_op0_to_null_if_op(ops, ops0, inode_getattr);
+ set_op0_to_null_if_op(ops, ops0, inode_setxattr);
+ set_op0_to_null_if_op(ops, ops0, inode_post_setxattr);
+ set_op0_to_null_if_op(ops, ops0, inode_getxattr);
+ set_op0_to_null_if_op(ops, ops0, inode_listxattr);
+ set_op0_to_null_if_op(ops, ops0, inode_removexattr);
+ set_op0_to_null_if_op(ops, ops0, inode_need_killpriv);
+ set_op0_to_null_if_op(ops, ops0, inode_killpriv);
+ set_op0_to_null_if_op(ops, ops0, inode_getsecurity);
+ set_op0_to_null_if_op(ops, ops0, inode_setsecurity);
+ set_op0_to_null_if_op(ops, ops0, inode_listsecurity);
+ set_op0_to_null_if_op(ops, ops0, inode_getsecid);
+#ifdef CONFIG_SECURITY_PATH
+ set_op0_to_null_if_op(ops, ops0, path_mknod);
+ set_op0_to_null_if_op(ops, ops0, path_mkdir);
+ set_op0_to_null_if_op(ops, ops0, path_rmdir);
+ set_op0_to_null_if_op(ops, ops0, path_unlink);
+ set_op0_to_null_if_op(ops, ops0, path_symlink);
+ set_op0_to_null_if_op(ops, ops0, path_link);
+ set_op0_to_null_if_op(ops, ops0, path_rename);
+ set_op0_to_null_if_op(ops, ops0, path_truncate);
+ set_op0_to_null_if_op(ops, ops0, path_chmod);
+ set_op0_to_null_if_op(ops, ops0, path_chown);
+ set_op0_to_null_if_op(ops, ops0, path_chroot);
+#endif
+ set_op0_to_null_if_op(ops, ops0, file_permission);
+ set_op0_to_null_if_op(ops, ops0, file_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, file_free_security);
+ set_op0_to_null_if_op(ops, ops0, file_ioctl);
+ set_op0_to_null_if_op(ops, ops0, mmap_addr);
+ set_op0_to_null_if_op(ops, ops0, mmap_file);
+ set_op0_to_null_if_op(ops, ops0, file_mprotect);
+ set_op0_to_null_if_op(ops, ops0, file_lock);
+ set_op0_to_null_if_op(ops, ops0, file_fcntl);
+ set_op0_to_null_if_op(ops, ops0, file_set_fowner);
+ set_op0_to_null_if_op(ops, ops0, file_send_sigiotask);
+ set_op0_to_null_if_op(ops, ops0, file_receive);
+ set_op0_to_null_if_op(ops, ops0, file_open);
+ set_op0_to_null_if_op(ops, ops0, task_create);
+ set_op0_to_null_if_op(ops, ops0, task_free);
+ set_op0_to_null_if_op(ops, ops0, cred_alloc_blank);
+ set_op0_to_null_if_op(ops, ops0, cred_free);
+ set_op0_to_null_if_op(ops, ops0, cred_prepare);
+ set_op0_to_null_if_op(ops, ops0, cred_transfer);
+ set_op0_to_null_if_op(ops, ops0, kernel_act_as);
+ set_op0_to_null_if_op(ops, ops0, kernel_create_files_as);
+ set_op0_to_null_if_op(ops, ops0, kernel_module_request);
+ set_op0_to_null_if_op(ops, ops0, task_fix_setuid);
+ set_op0_to_null_if_op(ops, ops0, task_setpgid);
+ set_op0_to_null_if_op(ops, ops0, task_getpgid);
+ set_op0_to_null_if_op(ops, ops0, task_getsid);
+ set_op0_to_null_if_op(ops, ops0, task_getsecid);
+ set_op0_to_null_if_op(ops, ops0, task_setnice);
+ set_op0_to_null_if_op(ops, ops0, task_setioprio);
+ set_op0_to_null_if_op(ops, ops0, task_getioprio);
+ set_op0_to_null_if_op(ops, ops0, task_setrlimit);
+ set_op0_to_null_if_op(ops, ops0, task_setscheduler);
+ set_op0_to_null_if_op(ops, ops0, task_getscheduler);
+ set_op0_to_null_if_op(ops, ops0, task_movememory);
+ set_op0_to_null_if_op(ops, ops0, task_wait);
+ set_op0_to_null_if_op(ops, ops0, task_kill);
+ set_op0_to_null_if_op(ops, ops0, task_prctl);
+ set_op0_to_null_if_op(ops, ops0, task_to_inode);
+ set_op0_to_null_if_op(ops, ops0, ipc_permission);
+ set_op0_to_null_if_op(ops, ops0, ipc_getsecid);
+ set_op0_to_null_if_op(ops, ops0, msg_msg_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, msg_msg_free_security);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_free_security);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_associate);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_msgctl);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_msgsnd);
+ set_op0_to_null_if_op(ops, ops0, msg_queue_msgrcv);
+ set_op0_to_null_if_op(ops, ops0, shm_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, shm_free_security);
+ set_op0_to_null_if_op(ops, ops0, shm_associate);
+ set_op0_to_null_if_op(ops, ops0, shm_shmctl);
+ set_op0_to_null_if_op(ops, ops0, shm_shmat);
+ set_op0_to_null_if_op(ops, ops0, sem_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, sem_free_security);
+ set_op0_to_null_if_op(ops, ops0, sem_associate);
+ set_op0_to_null_if_op(ops, ops0, sem_semctl);
+ set_op0_to_null_if_op(ops, ops0, sem_semop);
+ set_op0_to_null_if_op(ops, ops0, netlink_send);
+ set_op0_to_null_if_op(ops, ops0, d_instantiate);
+ set_op0_to_null_if_op(ops, ops0, getprocattr);
+ set_op0_to_null_if_op(ops, ops0, setprocattr);
+ set_op0_to_null_if_op(ops, ops0, secid_to_secctx);
+ set_op0_to_null_if_op(ops, ops0, secctx_to_secid);
+ set_op0_to_null_if_op(ops, ops0, release_secctx);
+ set_op0_to_null_if_op(ops, ops0, inode_notifysecctx);
+ set_op0_to_null_if_op(ops, ops0, inode_setsecctx);
+ set_op0_to_null_if_op(ops, ops0, inode_getsecctx);
+#ifdef CONFIG_SECURITY_NETWORK
+ set_op0_to_null_if_op(ops, ops0, unix_stream_connect);
+ set_op0_to_null_if_op(ops, ops0, unix_may_send);
+ set_op0_to_null_if_op(ops, ops0, socket_create);
+ set_op0_to_null_if_op(ops, ops0, socket_post_create);
+ set_op0_to_null_if_op(ops, ops0, socket_bind);
+ set_op0_to_null_if_op(ops, ops0, socket_connect);
+ set_op0_to_null_if_op(ops, ops0, socket_listen);
+ set_op0_to_null_if_op(ops, ops0, socket_accept);
+ set_op0_to_null_if_op(ops, ops0, socket_sendmsg);
+ set_op0_to_null_if_op(ops, ops0, socket_recvmsg);
+ set_op0_to_null_if_op(ops, ops0, socket_getsockname);
+ set_op0_to_null_if_op(ops, ops0, socket_getpeername);
+ set_op0_to_null_if_op(ops, ops0, socket_setsockopt);
+ set_op0_to_null_if_op(ops, ops0, socket_getsockopt);
+ set_op0_to_null_if_op(ops, ops0, socket_shutdown);
+ set_op0_to_null_if_op(ops, ops0, socket_sock_rcv_skb);
+ set_op0_to_null_if_op(ops, ops0, socket_getpeersec_stream);
+ set_op0_to_null_if_op(ops, ops0, socket_getpeersec_dgram);
+ set_op0_to_null_if_op(ops, ops0, sk_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, sk_free_security);
+ set_op0_to_null_if_op(ops, ops0, sk_clone_security);
+ set_op0_to_null_if_op(ops, ops0, sk_getsecid);
+ set_op0_to_null_if_op(ops, ops0, sock_graft);
+ set_op0_to_null_if_op(ops, ops0, inet_conn_request);
+ set_op0_to_null_if_op(ops, ops0, inet_csk_clone);
+ set_op0_to_null_if_op(ops, ops0, inet_conn_established);
+ set_op0_to_null_if_op(ops, ops0, secmark_relabel_packet);
+ set_op0_to_null_if_op(ops, ops0, secmark_refcount_inc);
+ set_op0_to_null_if_op(ops, ops0, secmark_refcount_dec);
+ set_op0_to_null_if_op(ops, ops0, req_classify_flow);
+ set_op0_to_null_if_op(ops, ops0, tun_dev_create);
+ set_op0_to_null_if_op(ops, ops0, tun_dev_post_create);
+ set_op0_to_null_if_op(ops, ops0, tun_dev_attach);
+#endif /* CONFIG_SECURITY_NETWORK */
+#ifdef CONFIG_SECURITY_NETWORK_XFRM
+ set_op0_to_null_if_op(ops, ops0, xfrm_policy_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_policy_clone_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_policy_free_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_policy_delete_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_state_alloc_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_state_free_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_state_delete_security);
+ set_op0_to_null_if_op(ops, ops0, xfrm_policy_lookup);
+ set_op0_to_null_if_op(ops, ops0, xfrm_state_pol_flow_match);
+ set_op0_to_null_if_op(ops, ops0, xfrm_decode_session);
+#endif /* CONFIG_SECURITY_NETWORK_XFRM */
+#ifdef CONFIG_KEYS
+ set_op0_to_null_if_op(ops, ops0, key_alloc);
+ set_op0_to_null_if_op(ops, ops0, key_free);
+ set_op0_to_null_if_op(ops, ops0, key_permission);
+ set_op0_to_null_if_op(ops, ops0, key_getsecurity);
+#endif /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+ set_op0_to_null_if_op(ops, ops0, audit_rule_init);
+ set_op0_to_null_if_op(ops, ops0, audit_rule_known);
+ set_op0_to_null_if_op(ops, ops0, audit_rule_match);
+ set_op0_to_null_if_op(ops, ops0, audit_rule_free);
+#endif
+}
+
+#endif /* CONFIG_SECURITY_COMPOSER */
diff --git a/security/inode.c b/security/inode.c
index 43ce6e1..ae5493c 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -215,6 +215,49 @@ void securityfs_remove(struct dentry *dentry)
}
EXPORT_SYMBOL_GPL(securityfs_remove);
+static struct dentry *lsm_dentry;
+static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
+ loff_t *ppos)
+{
+ int len = 2;
+ int rc;
+ char *data;
+
+#ifdef CONFIG_SECURITY_COMPOSER
+ int i;
+
+ for (i = 1; i < lsm_count; i++)
+ len += strlen(composer_ops[i]->name) + 1;
+#else
+ len += strlen(security_ops->name);
+#endif
+ data = kzalloc(len, GFP_KERNEL);
+ if (data == NULL)
+ return -ENOMEM;
+
+#ifdef CONFIG_SECURITY_COMPOSER
+ for (i = 1; i < lsm_count; i++) {
+ strcat(data, composer_ops[i]->name);
+ strcat(data, ",");
+ }
+ len = strlen(data);
+ if (len > 1)
+ data[len-1] = '\n';
+#else
+ sprintf(data, "%s\n", security_ops->name);
+#endif
+
+ rc = simple_read_from_buffer(buf, count, ppos, data, len);
+ kfree(data);
+
+ return rc;
+}
+
+static const struct file_operations lsm_ops = {
+ .read = lsm_read,
+ .llseek = generic_file_llseek,
+};
+
static struct kobject *security_kobj;
static int __init securityfs_init(void)
@@ -226,9 +269,13 @@ static int __init securityfs_init(void)
return -EINVAL;
retval = register_filesystem(&fs_type);
- if (retval)
+ if (retval) {
kobject_put(security_kobj);
- return retval;
+ return retval;
+ }
+ lsm_dentry = securityfs_create_file("lsm", S_IRUGO, NULL, NULL,
+ &lsm_ops);
+ return 0;
}
core_initcall(securityfs_init);
diff --git a/security/security.c b/security/security.c
index 860aeb3..8a0d22b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -25,14 +25,41 @@
#include <linux/personality.h>
#include <linux/backing-dev.h>
#include <net/flow.h>
+#ifdef CONFIG_SECURITY_COMPOSER
+#include <linux/lsm.h>
+#include <linux/shm.h>
+#include <linux/string.h>
+#endif /* CONFIG_SECURITY_COMPOSER */
#define MAX_LSM_EVM_XATTR 2
/* Boot-time LSM user choice */
+#ifdef CONFIG_SECURITY_COMPOSER
+#define COMPOSER_NAMES_MAX ((SECURITY_NAME_MAX + 1) * COMPOSER_MAX)
+
+static __initdata char allowed_lsms[COMPOSER_NAMES_MAX];
+static __initdata char present_lsm[SECURITY_NAME_MAX + 1] =
+ CONFIG_PRESENT_SECURITY;
+#else /* CONFIG_SECURITY_COMPOSER */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
CONFIG_DEFAULT_SECURITY;
+#endif /* CONFIG_SECURITY_COMPOSER */
+
+
+#ifdef CONFIG_SECURITY_COMPOSER
+/*
+ * In the multiple LSM case these are the ops of the LSMs.
+ */
+struct security_operations *composer_ops[COMPOSER_MAX];
+int lsm_count;
+int lsm_present;
+#else /* CONFIG_SECURITY_COMPOSER */
+/*
+ * In the single LSM case these are the ops of the One True LSM.
+ */
+struct security_operations *security_ops;
+#endif /* CONFIG_SECURITY_COMPOSER */
-static struct security_operations *security_ops;
static struct security_operations default_security_ops = {
.name = "default",
};
@@ -42,6 +69,7 @@ static inline int __init verify(struct security_operations *ops)
/* verify the security_operations structure exists */
if (!ops)
return -EINVAL;
+
security_fixup_ops(ops);
return 0;
}
@@ -63,24 +91,70 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
- printk(KERN_INFO "Security Framework initialized\n");
+ pr_info("Security Framework initialized\n");
security_fixup_ops(&default_security_ops);
+#ifdef CONFIG_SECURITY_COMPOSER
+ composer_ops[0] = &default_security_ops;
+ lsm_count = 1;
+ lsm_present = 0;
+#else
security_ops = &default_security_ops;
+#endif /* CONFIG_SECURITY_COMPOSER */
do_security_initcalls();
return 0;
}
-void reset_security_ops(void)
+/*
+ * Only SELinux calls reset_security_ops.
+ * It's under ifdef because in the composer case it requires
+ * that security_fixup_ops and security_fixdown_ops be available
+ * without __init.
+ */
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+void reset_security_ops(struct security_operations *ops)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct security_operations *zero;
+ struct security_operations *empty;
+ int i;
+
+ empty = kzalloc(sizeof(struct security_operations), GFP_KERNEL);
+ if (empty == NULL)
+ return;
+ zero = kzalloc(sizeof(struct security_operations), GFP_KERNEL);
+ if (zero == NULL) {
+ kfree(empty);
+ return;
+ }
+
+ security_fixup_ops(zero);
+
+ for (i = 1; i < lsm_count; i++)
+ if (composer_ops[i] != ops)
+ security_fixdown_ops(composer_ops[i], zero);
+
+ if (lsm_present == ops->order)
+ lsm_present = 0;
+ strcpy(empty->name, ops->name);
+ empty->order = ops->order;
+ composer_ops[ops->order] = empty;
+ composer_ops[0] = zero;
+#else
security_ops = &default_security_ops;
+#endif /* CONFIG_SECURITY_COMPOSER */
}
+#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
-/* Save user chosen LSM */
+/* Save user chosen LSM(s) */
static int __init choose_lsm(char *str)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ strncpy(allowed_lsms, str, COMPOSER_NAMES_MAX);
+#else /* CONFIG_SECURITY_COMPOSER */
strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
+#endif /* CONFIG_SECURITY_COMPOSER */
return 1;
}
__setup("security=", choose_lsm);
@@ -95,13 +169,74 @@ __setup("security=", choose_lsm);
*
* Return true if:
* -The passed LSM is the one chosen by user at boot time,
- * -or the passed LSM is configured as the default and the user did not
- * choose an alternate LSM at boot time.
+ * -the passed LSM is configured as the default and the user did not
+ * choose an alternate LSM at boot time,
+ * -Multiple concurrent LSMs are allowed and the passed LSM is on
+ * the list of LSMs specified at boot time,
+ * -or multiple LSMs are allowed and no boot list was specified.
* Otherwise, return false.
*/
int __init security_module_enable(struct security_operations *ops)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ int i;
+
+ if (lsm_count >= COMPOSER_MAX) {
+ pr_warn("Too many security modules. %s not loaded.\n",
+ ops->name);
+ return 0;
+ }
+
+ if (allowed_lsms[0] != '\0' && strstr(allowed_lsms, ops->name) == NULL)
+ return 0;
+ /*
+ * Set up the operation vector early, but only once.
+ * This allows LSM specific file systems to check to see if they
+ * should come on line.
+ */
+ if (ops == NULL) {
+ pr_debug("%s could not verify security_operations.\n",
+ __func__);
+ return 0;
+ }
+ /*
+ * Return success if the LSM is already resistered
+ */
+ for (i = 0; i < lsm_count; i++)
+ if (!strcmp(ops->name, composer_ops[i]->name))
+ return 1;
+
+ /*
+ * Check for conflicting LSMs.
+ */
+#ifdef CONFIG_SECURITY_NETWORK_XFRM
+ if (ops->xfrm_policy_alloc_security != NULL &&
+ composer_ops[0]->xfrm_policy_alloc_security == NULL) {
+ pr_warn("LSM conflict on xfrm. %s not loaded.\n",
+ ops->name);
+ return 0;
+ }
+#endif
+ if (ops->secid_to_secctx != NULL &&
+ composer_ops[0]->secid_to_secctx == NULL) {
+ pr_warn("LSM conflict on secids. %s not loaded.\n",
+ ops->name);
+ return 0;
+ }
+ /*
+ * Return success after registering the LSM.
+ */
+ composer_ops[lsm_count] = ops;
+ ops->order = lsm_count++;
+ security_fixdown_ops(ops, composer_ops[0]);
+
+ if (!strcmp(ops->name, present_lsm))
+ lsm_present = ops->order;
+
+ return 1;
+#else /* CONFIG_SECURITY_COMPOSER */
return !strcmp(ops->name, chosen_lsm);
+#endif /* CONFIG_SECURITY_COMPOSER */
}
/**
@@ -118,9 +253,15 @@ int __init security_module_enable(struct security_operations *ops)
*/
int __init register_security(struct security_operations *ops)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ if (lsm_count >= COMPOSER_MAX) {
+ pr_warn("The %s LSM could not be loaded.\n", ops->name);
+ return -ERANGE;
+ }
+#else
if (verify(ops)) {
- printk(KERN_DEBUG "%s could not verify "
- "security_operations structure.\n", __func__);
+ pr_debug("%s could not verify security_operations.\n",
+ __func__);
return -EINVAL;
}
@@ -128,20 +269,123 @@ int __init register_security(struct security_operations *ops)
return -EAGAIN;
security_ops = ops;
+#endif /* CONFIG_SECURITY_COMPOSER */
return 0;
}
/* Security operations */
+#ifdef CONFIG_SECURITY_COMPOSER
+
+#ifdef CONFIG_SECURITY_COMPOSER_DEBUG
+static void lsm_blob_cleanup(int rc, struct lsm_blob *bp, const char *fn)
+{
+ int i;
+
+ if (rc != -ENOMEM && rc != 0)
+ pr_warn("%s lsm error %d unexpected\n", fn, -rc);
+ if (bp->lsm_setcount != 0) {
+ pr_warn("%s lsm counting error %d unexpected\n",
+ fn, bp->lsm_setcount);
+ for (i = 1; i < lsm_count; i++)
+ if (bp->lsm_blobs[i] != NULL)
+ pr_warn("%s lsm %s blob was not free.\n",
+ fn, composer_ops[i]->name);
+ bp->lsm_setcount = 0;
+ }
+}
+#else /* CONFIG_SECURITY_COMPOSER_DEBUG */
+static inline void lsm_blob_cleanup(int rc, struct lsm_blob *bp, const char *fn)
+{
+}
+#endif /* CONFIG_SECURITY_COMPOSER_DEBUG */
+
+#define call_int_hook(RC, FUNC, ...) \
+ do { \
+ int thisrc; \
+ int i; \
+ \
+ if (composer_ops[0]->FUNC) { \
+ RC = composer_ops[0]->FUNC(__VA_ARGS__); \
+ break; \
+ } \
+ RC = 0; \
+ for (i = 1; i < lsm_count; i++) { \
+ if (!composer_ops[i]->FUNC) \
+ continue; \
+ thisrc = composer_ops[i]->FUNC(__VA_ARGS__); \
+ if (thisrc) \
+ RC = thisrc; \
+ } \
+ } while (0)
+
+#define call_alloc_hook(RC, FUNC, ...) \
+ do { \
+ int i; \
+ \
+ for (RC = 0, i = 1; i < lsm_count && RC == 0; i++) { \
+ if (!composer_ops[i]->FUNC) \
+ continue; \
+ RC = composer_ops[i]->FUNC(__VA_ARGS__); \
+ } \
+ } while (0)
+
+#define call_void_hook(FUNC, ...) \
+ do { \
+ int i; \
+ \
+ if (composer_ops[0]->FUNC) { \
+ composer_ops[0]->FUNC(__VA_ARGS__); \
+ break; \
+ } \
+ for (i = 1; i < lsm_count; i++) { \
+ if (!composer_ops[i]->FUNC) \
+ continue; \
+ composer_ops[i]->FUNC(__VA_ARGS__); \
+ } \
+ } while (0)
+
+#define call_free_hook(FIELD, FUNC, ARG) \
+ do { \
+ struct lsm_blob *bp; \
+ int i; \
+ \
+ if (composer_ops[0]->FUNC) { \
+ composer_ops[0]->FUNC(ARG); \
+ break; \
+ } \
+ for (i = 1; i < lsm_count; i++) { \
+ if (!composer_ops[i]->FUNC) \
+ continue; \
+ composer_ops[i]->FUNC(ARG); \
+ } \
+ bp = ARG->FIELD; \
+ lsm_blob_cleanup(0, bp, __func__); \
+ ARG->FIELD = NULL; \
+ kfree(bp); \
+ } while (0)
+
+#else /* CONFIG_SECURITY_COMPOSER */
+
+#define call_int_hook(RC, FUNC, ...) (RC = security_ops->FUNC(__VA_ARGS__))
+#define call_void_hook(FUNC, ...) (security_ops->FUNC(__VA_ARGS__))
+#define call_free_hook(FIELD, FUNC, ARG) (security_ops->FUNC(ARG))
+
+#endif /* CONFIG_SECURITY_COMPOSER */
+
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
- return security_ops->ptrace_access_check(child, mode);
+ int rc;
+ call_int_hook(rc, ptrace_access_check, child, mode);
+ return rc;
}
int security_ptrace_traceme(struct task_struct *parent)
{
- return security_ops->ptrace_traceme(parent);
+ int rc;
+ call_int_hook(rc, ptrace_traceme, parent);
+ return rc;
}
int security_capget(struct task_struct *target,
@@ -149,7 +393,9 @@ int security_capget(struct task_struct *target,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- return security_ops->capget(target, effective, inheritable, permitted);
+ int rc;
+ call_int_hook(rc, capget, target, effective, inheritable, permitted);
+ return rc;
}
int security_capset(struct cred *new, const struct cred *old,
@@ -157,57 +403,74 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
{
- return security_ops->capset(new, old,
- effective, inheritable, permitted);
+ int rc;
+ call_int_hook(rc, capset, new, old, effective, inheritable, permitted);
+ return rc;
}
int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap)
{
- return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
+ int rc;
+ call_int_hook(rc, capable, cred, ns, cap, SECURITY_CAP_AUDIT);
+ return rc;
}
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int cap)
{
- return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+ int rc;
+ call_int_hook(rc, capable, cred, ns, cap, SECURITY_CAP_NOAUDIT);
+ return rc;
}
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
{
- return security_ops->quotactl(cmds, type, id, sb);
+ int rc;
+ call_int_hook(rc, quotactl, cmds, type, id, sb);
+ return rc;
}
int security_quota_on(struct dentry *dentry)
{
- return security_ops->quota_on(dentry);
+ int rc;
+ call_int_hook(rc, quota_on, dentry);
+ return rc;
}
int security_syslog(int type)
{
- return security_ops->syslog(type);
+ int rc;
+ call_int_hook(rc, syslog, type);
+ return rc;
}
int security_settime(const struct timespec *ts, const struct timezone *tz)
{
- return security_ops->settime(ts, tz);
+ int rc;
+ call_int_hook(rc, settime, ts, tz);
+ return rc;
}
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
{
- return security_ops->vm_enough_memory(mm, pages);
+ int rc;
+ call_int_hook(rc, vm_enough_memory, mm, pages);
+ return rc;
}
int security_bprm_set_creds(struct linux_binprm *bprm)
{
- return security_ops->bprm_set_creds(bprm);
+ int rc;
+ call_int_hook(rc, bprm_set_creds, bprm);
+ return rc;
}
int security_bprm_check(struct linux_binprm *bprm)
{
int ret;
- ret = security_ops->bprm_check_security(bprm);
+ call_int_hook(ret, bprm_check_security, bprm);
if (ret)
return ret;
return ima_bprm_check(bprm);
@@ -215,101 +478,174 @@ int security_bprm_check(struct linux_binprm *bprm)
void security_bprm_committing_creds(struct linux_binprm *bprm)
{
- security_ops->bprm_committing_creds(bprm);
+ call_void_hook(bprm_committing_creds, bprm);
}
void security_bprm_committed_creds(struct linux_binprm *bprm)
{
- security_ops->bprm_committed_creds(bprm);
+ call_void_hook(bprm_committed_creds, bprm);
}
int security_bprm_secureexec(struct linux_binprm *bprm)
{
- return security_ops->bprm_secureexec(bprm);
+ int rc;
+ call_int_hook(rc, bprm_secureexec, bprm);
+ return rc;
}
int security_sb_alloc(struct super_block *sb)
{
- return security_ops->sb_alloc_security(sb);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->sb_alloc_security)
+ return composer_ops[0]->sb_alloc_security(sb);
+
+ memset(&tblob, 0, sizeof(tblob));
+ sb->s_security = &tblob;
+ call_alloc_hook(rc, sb_alloc_security, sb);
+
+ sb->s_security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ sb->s_security = lsm_alloc_blob(GFP_KERNEL);
+ if (sb->s_security == NULL) {
+ call_void_hook(sb_free_security, sb);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(sb->s_security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->sb_alloc_security(sb);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_sb_free(struct super_block *sb)
{
- security_ops->sb_free_security(sb);
+ call_free_hook(s_security, sb_free_security, sb);
}
int security_sb_copy_data(char *orig, char *copy)
{
- return security_ops->sb_copy_data(orig, copy);
+ int rc;
+ call_int_hook(rc, sb_copy_data, orig, copy);
+ return rc;
}
EXPORT_SYMBOL(security_sb_copy_data);
int security_sb_remount(struct super_block *sb, void *data)
{
- return security_ops->sb_remount(sb, data);
+ int rc;
+ call_int_hook(rc, sb_remount, sb, data);
+ return rc;
}
int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
- return security_ops->sb_kern_mount(sb, flags, data);
+ int rc;
+ call_int_hook(rc, sb_kern_mount, sb, flags, data);
+ return rc;
}
int security_sb_show_options(struct seq_file *m, struct super_block *sb)
{
- return security_ops->sb_show_options(m, sb);
+ int rc;
+ call_int_hook(rc, sb_show_options, m, sb);
+ return rc;
}
int security_sb_statfs(struct dentry *dentry)
{
- return security_ops->sb_statfs(dentry);
+ int rc;
+ call_int_hook(rc, sb_statfs, dentry);
+ return rc;
}
int security_sb_mount(char *dev_name, struct path *path,
char *type, unsigned long flags, void *data)
{
- return security_ops->sb_mount(dev_name, path, type, flags, data);
+ int rc;
+ call_int_hook(rc, sb_mount, dev_name, path, type, flags, data);
+ return rc;
}
int security_sb_umount(struct vfsmount *mnt, int flags)
{
- return security_ops->sb_umount(mnt, flags);
+ int rc;
+ call_int_hook(rc, sb_umount, mnt, flags);
+ return rc;
}
int security_sb_pivotroot(struct path *old_path, struct path *new_path)
{
- return security_ops->sb_pivotroot(old_path, new_path);
+ int rc;
+ call_int_hook(rc, sb_pivotroot, old_path, new_path);
+ return rc;
}
int security_sb_set_mnt_opts(struct super_block *sb,
struct security_mnt_opts *opts)
{
- return security_ops->sb_set_mnt_opts(sb, opts);
+ int rc;
+ call_int_hook(rc, sb_set_mnt_opts, sb, opts);
+ return rc;
}
EXPORT_SYMBOL(security_sb_set_mnt_opts);
void security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb)
{
- security_ops->sb_clone_mnt_opts(oldsb, newsb);
+ call_void_hook(sb_clone_mnt_opts, oldsb, newsb);
}
EXPORT_SYMBOL(security_sb_clone_mnt_opts);
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
{
- return security_ops->sb_parse_opts_str(options, opts);
+ int rc;
+ call_int_hook(rc, sb_parse_opts_str, options, opts);
+ return rc;
}
EXPORT_SYMBOL(security_sb_parse_opts_str);
int security_inode_alloc(struct inode *inode)
{
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->inode_alloc_security)
+ return composer_ops[0]->inode_alloc_security(inode);
+
+ memset(&tblob, 0, sizeof(tblob));
+ inode->i_security = &tblob;
+ call_alloc_hook(rc, inode_alloc_security, inode);
+
inode->i_security = NULL;
- return security_ops->inode_alloc_security(inode);
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ inode->i_security = lsm_alloc_blob(GFP_KERNEL);
+ if (inode->i_security == NULL) {
+ call_void_hook(inode_free_security, inode);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(inode->i_security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->inode_alloc_security(inode);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_inode_free(struct inode *inode)
{
integrity_inode_free(inode);
- security_ops->inode_free_security(inode);
+ call_free_hook(i_security, inode_free_security, inode);
}
int security_inode_init_security(struct inode *inode, struct inode *dir,
@@ -324,14 +660,16 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
return 0;
memset(new_xattrs, 0, sizeof new_xattrs);
- if (!initxattrs)
- return security_ops->inode_init_security(inode, dir, qstr,
- NULL, NULL, NULL);
+ if (!initxattrs) {
+ call_int_hook(ret, inode_init_security, inode, dir, qstr,
+ NULL, NULL, NULL);
+ return ret;
+ }
+
lsm_xattr = new_xattrs;
- ret = security_ops->inode_init_security(inode, dir, qstr,
- &lsm_xattr->name,
- &lsm_xattr->value,
- &lsm_xattr->value_len);
+ call_int_hook(ret, inode_init_security, inode, dir, qstr,
+ &lsm_xattr->name, &lsm_xattr->value,
+ &lsm_xattr->value_len);
if (ret)
goto out;
@@ -353,10 +691,12 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, char **name,
void **value, size_t *len)
{
+ int rc;
if (unlikely(IS_PRIVATE(inode)))
return -EOPNOTSUPP;
- return security_ops->inode_init_security(inode, dir, qstr, name, value,
- len);
+ call_int_hook(rc, inode_init_security, inode, dir, qstr, name,
+ value, len);
+ return rc;
}
EXPORT_SYMBOL(security_old_inode_init_security);
@@ -364,171 +704,215 @@ EXPORT_SYMBOL(security_old_inode_init_security);
int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
return 0;
- return security_ops->path_mknod(dir, dentry, mode, dev);
+ call_int_hook(rc, path_mknod, dir, dentry, mode, dev);
+ return rc;
}
EXPORT_SYMBOL(security_path_mknod);
int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
return 0;
- return security_ops->path_mkdir(dir, dentry, mode);
+ call_int_hook(rc, path_mkdir, dir, dentry, mode);
+ return rc;
}
EXPORT_SYMBOL(security_path_mkdir);
int security_path_rmdir(struct path *dir, struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
return 0;
- return security_ops->path_rmdir(dir, dentry);
+ call_int_hook(rc, path_rmdir, dir, dentry);
+ return rc;
}
int security_path_unlink(struct path *dir, struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
return 0;
- return security_ops->path_unlink(dir, dentry);
+ call_int_hook(rc, path_unlink, dir, dentry);
+ return rc;
}
EXPORT_SYMBOL(security_path_unlink);
int security_path_symlink(struct path *dir, struct dentry *dentry,
const char *old_name)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
return 0;
- return security_ops->path_symlink(dir, dentry, old_name);
+ call_int_hook(rc, path_symlink, dir, dentry, old_name);
+ return rc;
}
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
return 0;
- return security_ops->path_link(old_dentry, new_dir, new_dentry);
+ call_int_hook(rc, path_link, old_dentry, new_dir, new_dentry);
+ return rc;
}
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
return 0;
- return security_ops->path_rename(old_dir, old_dentry, new_dir,
- new_dentry);
+ call_int_hook(rc, path_rename, old_dir, old_dentry, new_dir,
+ new_dentry);
+ return rc;
}
EXPORT_SYMBOL(security_path_rename);
int security_path_truncate(struct path *path)
{
+ int rc;
if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
return 0;
- return security_ops->path_truncate(path);
+ call_int_hook(rc, path_truncate, path);
+ return rc;
}
int security_path_chmod(struct path *path, umode_t mode)
{
+ int rc;
if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
return 0;
- return security_ops->path_chmod(path, mode);
+ call_int_hook(rc, path_chmod, path, mode);
+ return rc;
}
int security_path_chown(struct path *path, uid_t uid, gid_t gid)
{
+ int rc;
if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
return 0;
- return security_ops->path_chown(path, uid, gid);
+ call_int_hook(rc, path_chown, path, uid, gid);
+ return rc;
}
int security_path_chroot(struct path *path)
{
- return security_ops->path_chroot(path);
+ int rc;
+ call_int_hook(rc, path_chroot, path);
+ return rc;
}
#endif
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir)))
return 0;
- return security_ops->inode_create(dir, dentry, mode);
+ call_int_hook(rc, inode_create, dir, dentry, mode);
+ return rc;
}
EXPORT_SYMBOL_GPL(security_inode_create);
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
struct dentry *new_dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
return 0;
- return security_ops->inode_link(old_dentry, dir, new_dentry);
+ call_int_hook(rc, inode_link, old_dentry, dir, new_dentry);
+ return rc;
}
int security_inode_unlink(struct inode *dir, struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_unlink(dir, dentry);
+ call_int_hook(rc, inode_unlink, dir, dentry);
+ return rc;
}
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
const char *old_name)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir)))
return 0;
- return security_ops->inode_symlink(dir, dentry, old_name);
+ call_int_hook(rc, inode_symlink, dir, dentry, old_name);
+ return rc;
}
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir)))
return 0;
- return security_ops->inode_mkdir(dir, dentry, mode);
+ call_int_hook(rc, inode_mkdir, dir, dentry, mode);
+ return rc;
}
EXPORT_SYMBOL_GPL(security_inode_mkdir);
int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_rmdir(dir, dentry);
+ call_int_hook(rc, inode_rmdir, dir, dentry);
+ return rc;
}
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
+ int rc;
if (unlikely(IS_PRIVATE(dir)))
return 0;
- return security_ops->inode_mknod(dir, dentry, mode, dev);
+ call_int_hook(rc, inode_mknod, dir, dentry, mode, dev);
+ return rc;
}
int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
return 0;
- return security_ops->inode_rename(old_dir, old_dentry,
- new_dir, new_dentry);
+ call_int_hook(rc, inode_rename, old_dir, old_dentry, new_dir,
+ new_dentry);
+ return rc;
}
int security_inode_readlink(struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_readlink(dentry);
+ call_int_hook(rc, inode_readlink, dentry);
+ return rc;
}
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_follow_link(dentry, nd);
+ call_int_hook(rc, inode_follow_link, dentry, nd);
+ return rc;
}
int security_inode_permission(struct inode *inode, int mask)
{
+ int rc;
if (unlikely(IS_PRIVATE(inode)))
return 0;
- return security_ops->inode_permission(inode, mask);
+ call_int_hook(rc, inode_permission, inode, mask);
+ return rc;
}
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
@@ -537,7 +921,7 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- ret = security_ops->inode_setattr(dentry, attr);
+ call_int_hook(ret, inode_setattr, dentry, attr);
if (ret)
return ret;
return evm_inode_setattr(dentry, attr);
@@ -546,9 +930,11 @@ EXPORT_SYMBOL_GPL(security_inode_setattr);
int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_getattr(mnt, dentry);
+ call_int_hook(rc, inode_getattr, mnt, dentry);
+ return rc;
}
int security_inode_setxattr(struct dentry *dentry, const char *name,
@@ -558,7 +944,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
+ call_int_hook(ret, inode_setxattr, dentry, name, value, size, flags);
if (ret)
return ret;
return evm_inode_setxattr(dentry, name, value, size);
@@ -569,22 +955,26 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name,
{
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return;
- security_ops->inode_post_setxattr(dentry, name, value, size, flags);
+ call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
evm_inode_post_setxattr(dentry, name, value, size);
}
int security_inode_getxattr(struct dentry *dentry, const char *name)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_getxattr(dentry, name);
+ call_int_hook(rc, inode_getxattr, dentry, name);
+ return rc;
}
int security_inode_listxattr(struct dentry *dentry)
{
+ int rc;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- return security_ops->inode_listxattr(dentry);
+ call_int_hook(rc, inode_listxattr, dentry);
+ return rc;
}
int security_inode_removexattr(struct dentry *dentry, const char *name)
@@ -593,7 +983,7 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
- ret = security_ops->inode_removexattr(dentry, name);
+ call_int_hook(ret, inode_removexattr, dentry, name);
if (ret)
return ret;
return evm_inode_removexattr(dentry, name);
@@ -601,45 +991,55 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
int security_inode_need_killpriv(struct dentry *dentry)
{
- return security_ops->inode_need_killpriv(dentry);
+ int rc;
+ call_int_hook(rc, inode_need_killpriv, dentry);
+ return rc;
}
int security_inode_killpriv(struct dentry *dentry)
{
- return security_ops->inode_killpriv(dentry);
+ int rc;
+ call_int_hook(rc, inode_killpriv, dentry);
+ return rc;
}
int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool
alloc)
{
+ int rc;
if (unlikely(IS_PRIVATE(inode)))
return -EOPNOTSUPP;
- return security_ops->inode_getsecurity(inode, name, buffer, alloc);
+ call_int_hook(rc, inode_getsecurity, inode, name, buffer, alloc);
+ return rc;
}
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t
size, int flags)
{
+ int rc;
if (unlikely(IS_PRIVATE(inode)))
return -EOPNOTSUPP;
- return security_ops->inode_setsecurity(inode, name, value, size, flags);
+ call_int_hook(rc, inode_setsecurity, inode, name, value, size, flags);
+ return rc;
}
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
+ int rc;
if (unlikely(IS_PRIVATE(inode)))
return 0;
- return security_ops->inode_listsecurity(inode, buffer, buffer_size);
+ call_int_hook(rc, inode_listsecurity, inode, buffer, buffer_size);
+ return rc;
}
void security_inode_getsecid(const struct inode *inode, u32 *secid)
{
- security_ops->inode_getsecid(inode, secid);
+ call_void_hook(inode_getsecid, inode, secid);
}
int security_file_permission(struct file *file, int mask)
{
int ret;
- ret = security_ops->file_permission(file, mask);
+ call_int_hook(ret, file_permission, file, mask);
if (ret)
return ret;
@@ -648,17 +1048,45 @@ int security_file_permission(struct file *file, int mask)
int security_file_alloc(struct file *file)
{
- return security_ops->file_alloc_security(file);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->file_alloc_security)
+ return composer_ops[0]->file_alloc_security(file);
+
+ memset(&tblob, 0, sizeof(tblob));
+ file->f_security = &tblob;
+ call_alloc_hook(rc, file_alloc_security, file);
+
+ file->f_security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ file->f_security = lsm_alloc_blob(GFP_KERNEL);
+ if (file->f_security == NULL) {
+ call_void_hook(file_free_security, file);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(file->f_security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->file_alloc_security(file);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_file_free(struct file *file)
{
- security_ops->file_free_security(file);
+ call_free_hook(f_security, file_free_security, file);
}
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
- return security_ops->file_ioctl(file, cmd, arg);
+ int rc;
+ call_int_hook(rc, file_ioctl, file, cmd, arg);
+ return rc;
}
static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
@@ -699,8 +1127,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
unsigned long flags)
{
int ret;
- ret = security_ops->mmap_file(file, prot,
- mmap_prot(file, prot), flags);
+ call_int_hook(ret, mmap_file, file, prot, mmap_prot(file, prot), flags);
if (ret)
return ret;
return ima_file_mmap(file, prot);
@@ -708,46 +1135,60 @@ int security_mmap_file(struct file *file, unsigned long prot,
int security_mmap_addr(unsigned long addr)
{
- return security_ops->mmap_addr(addr);
+ int rc;
+ call_int_hook(rc, mmap_addr, addr);
+ return rc;
}
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot)
{
- return security_ops->file_mprotect(vma, reqprot, prot);
+ int rc;
+ call_int_hook(rc, file_mprotect, vma, reqprot, prot);
+ return rc;
}
int security_file_lock(struct file *file, unsigned int cmd)
{
- return security_ops->file_lock(file, cmd);
+ int rc;
+ call_int_hook(rc, file_lock, file, cmd);
+ return rc;
}
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
{
- return security_ops->file_fcntl(file, cmd, arg);
+ int rc;
+ call_int_hook(rc, file_fcntl, file, cmd, arg);
+ return rc;
}
int security_file_set_fowner(struct file *file)
{
- return security_ops->file_set_fowner(file);
+ int rc;
+ call_int_hook(rc, file_set_fowner, file);
+ return rc;
}
int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig)
{
- return security_ops->file_send_sigiotask(tsk, fown, sig);
+ int rc;
+ call_int_hook(rc, file_send_sigiotask, tsk, fown, sig);
+ return rc;
}
int security_file_receive(struct file *file)
{
- return security_ops->file_receive(file);
+ int rc;
+ call_int_hook(rc, file_receive, file);
+ return rc;
}
int security_file_open(struct file *file, const struct cred *cred)
{
int ret;
- ret = security_ops->file_open(file, cred);
+ call_int_hook(ret, file_open, file, cred);
if (ret)
return ret;
@@ -756,293 +1197,690 @@ int security_file_open(struct file *file, const struct cred *cred)
int security_task_create(unsigned long clone_flags)
{
- return security_ops->task_create(clone_flags);
+ int rc;
+ call_int_hook(rc, task_create, clone_flags);
+ return rc;
}
void security_task_free(struct task_struct *task)
{
- security_ops->task_free(task);
+ call_void_hook(task_free, task);
}
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
- return security_ops->cred_alloc_blank(cred, gfp);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob *bp;
+
+ if (composer_ops[0]->cred_alloc_blank)
+ return composer_ops[0]->cred_alloc_blank(cred, gfp);
+
+ bp = lsm_alloc_blob(gfp);
+ if (bp == NULL)
+ return -ENOMEM;
+
+ cred->security = bp;
+ call_alloc_hook(rc, cred_alloc_blank, cred, gfp);
+
+ if (rc != 0) {
+ call_void_hook(cred_free, cred);
+ lsm_blob_cleanup(rc, bp, __func__);
+ }
+ if (bp->lsm_setcount == 0) {
+ cred->security = NULL;
+ kfree(bp);
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->cred_alloc_blank(cred, gfp);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_cred_free(struct cred *cred)
{
- security_ops->cred_free(cred);
+#ifdef CONFIG_SECURITY_COMPOSER
+ int i;
+ struct lsm_blob *lbp;
+
+ call_void_hook(cred_free, cred);
+
+ if (cred->security == NULL)
+ return;
+
+ /*
+ * Verify that all blobs that where allocated
+ * and used lsm_set_cred(xxx, yyy) got cleared with
+ * lsm_set_cred(NULL, yyy).
+ * This should probably be under a CONFIG_DEBUG
+ */
+ lbp = cred->security;
+ for (i = 0; i < lsm_count; i++) {
+ if (!composer_ops[i]->cred_free)
+ continue;
+ if (!lbp->lsm_blobs[i])
+ continue;
+ pr_err("%s:%d cred security leftover from %s\n",
+ __func__, __LINE__, composer_ops[i]->name);
+ }
+ kfree(cred->security);
+ cred->security = NULL;
+#else /* CONFIG_SECURITY_COMPOSER */
+ call_void_hook(cred_free, cred);
+#endif /* CONFIG_SECURITY_COMPOSER */
}
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
{
- return security_ops->cred_prepare(new, old, gfp);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob *bp;
+
+ if (composer_ops[0]->cred_prepare)
+ return composer_ops[0]->cred_prepare(new, old, gfp);
+
+ /*
+ * cred->security will be NULL on entry, so an lsm_blob
+ * needs to get allocated.
+ */
+ bp = lsm_alloc_blob(gfp);
+ if (bp == NULL)
+ return -ENOMEM;
+
+ new->security = bp;
+ call_alloc_hook(rc, cred_prepare, new, old, gfp);
+
+ if (rc != 0) {
+ call_void_hook(cred_free, new);
+ lsm_blob_cleanup(rc, bp, __func__);
+ }
+ if (bp->lsm_setcount == 0) {
+ new->security = NULL;
+ kfree(bp);
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->cred_prepare(new, old, gfp);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_transfer_creds(struct cred *new, const struct cred *old)
{
- security_ops->cred_transfer(new, old);
+ call_void_hook(cred_transfer, new, old);
}
int security_kernel_act_as(struct cred *new, u32 secid)
{
- return security_ops->kernel_act_as(new, secid);
+ int rc;
+ call_int_hook(rc, kernel_act_as, new, secid);
+ return rc;
}
int security_kernel_create_files_as(struct cred *new, struct inode *inode)
{
- return security_ops->kernel_create_files_as(new, inode);
+ int rc;
+ call_int_hook(rc, kernel_create_files_as, new, inode);
+ return rc;
}
int security_kernel_module_request(char *kmod_name)
{
- return security_ops->kernel_module_request(kmod_name);
+ int rc;
+ call_int_hook(rc, kernel_module_request, kmod_name);
+ return rc;
}
int security_task_fix_setuid(struct cred *new, const struct cred *old,
int flags)
{
- return security_ops->task_fix_setuid(new, old, flags);
+ int rc;
+ call_int_hook(rc, task_fix_setuid, new, old, flags);
+ return rc;
}
int security_task_setpgid(struct task_struct *p, pid_t pgid)
{
- return security_ops->task_setpgid(p, pgid);
+ int rc;
+ call_int_hook(rc, task_setpgid, p, pgid);
+ return rc;
}
int security_task_getpgid(struct task_struct *p)
{
- return security_ops->task_getpgid(p);
+ int rc;
+ call_int_hook(rc, task_getpgid, p);
+ return rc;
}
int security_task_getsid(struct task_struct *p)
{
- return security_ops->task_getsid(p);
+ int rc;
+ call_int_hook(rc, task_getsid, p);
+ return rc;
}
void security_task_getsecid(struct task_struct *p, u32 *secid)
{
- security_ops->task_getsecid(p, secid);
+ call_void_hook(task_getsecid, p, secid);
}
EXPORT_SYMBOL(security_task_getsecid);
int security_task_setnice(struct task_struct *p, int nice)
{
- return security_ops->task_setnice(p, nice);
+ int rc;
+ call_int_hook(rc, task_setnice, p, nice);
+ return rc;
}
int security_task_setioprio(struct task_struct *p, int ioprio)
{
- return security_ops->task_setioprio(p, ioprio);
+ int rc;
+ call_int_hook(rc, task_setioprio, p, ioprio);
+ return rc;
}
int security_task_getioprio(struct task_struct *p)
{
- return security_ops->task_getioprio(p);
+ int rc;
+ call_int_hook(rc, task_getioprio, p);
+ return rc;
}
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
struct rlimit *new_rlim)
{
- return security_ops->task_setrlimit(p, resource, new_rlim);
+ int rc;
+ call_int_hook(rc, task_setrlimit, p, resource, new_rlim);
+ return rc;
}
int security_task_setscheduler(struct task_struct *p)
{
- return security_ops->task_setscheduler(p);
+ int rc;
+ call_int_hook(rc, task_setscheduler, p);
+ return rc;
}
int security_task_getscheduler(struct task_struct *p)
{
- return security_ops->task_getscheduler(p);
+ int rc;
+ call_int_hook(rc, task_getscheduler, p);
+ return rc;
}
int security_task_movememory(struct task_struct *p)
{
- return security_ops->task_movememory(p);
+ int rc;
+ call_int_hook(rc, task_movememory, p);
+ return rc;
}
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
- return security_ops->task_kill(p, info, sig, secid);
+ int rc;
+ call_int_hook(rc, task_kill, p, info, sig, secid);
+ return rc;
}
int security_task_wait(struct task_struct *p)
{
- return security_ops->task_wait(p);
+ int rc;
+ call_int_hook(rc, task_wait, p);
+ return rc;
}
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
- return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
+ int rc;
+ call_int_hook(rc, task_prctl, option, arg2, arg3, arg4, arg5);
+ return rc;
}
void security_task_to_inode(struct task_struct *p, struct inode *inode)
{
- security_ops->task_to_inode(p, inode);
+ call_void_hook(task_to_inode, p, inode);
}
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
{
- return security_ops->ipc_permission(ipcp, flag);
+ int rc;
+ call_int_hook(rc, ipc_permission, ipcp, flag);
+ return rc;
}
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
{
- security_ops->ipc_getsecid(ipcp, secid);
+ call_void_hook(ipc_getsecid, ipcp, secid);
}
int security_msg_msg_alloc(struct msg_msg *msg)
{
- return security_ops->msg_msg_alloc_security(msg);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->msg_msg_alloc_security)
+ return composer_ops[0]->msg_msg_alloc_security(msg);
+
+ memset(&tblob, 0, sizeof(tblob));
+ msg->security = &tblob;
+ call_alloc_hook(rc, msg_msg_alloc_security, msg);
+
+ msg->security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ msg->security = lsm_alloc_blob(GFP_KERNEL);
+ if (msg->security == NULL) {
+ call_void_hook(msg_msg_free_security, msg);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(msg->security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->msg_msg_alloc_security(msg);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_msg_msg_free(struct msg_msg *msg)
{
- security_ops->msg_msg_free_security(msg);
+ call_free_hook(security, msg_msg_free_security, msg);
}
int security_msg_queue_alloc(struct msg_queue *msq)
{
- return security_ops->msg_queue_alloc_security(msq);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+ struct kern_ipc_perm *kp = &msq->q_perm;
+
+ if (composer_ops[0]->msg_queue_alloc_security)
+ return composer_ops[0]->msg_queue_alloc_security(msq);
+
+ memset(&tblob, 0, sizeof(tblob));
+ kp->security = &tblob;
+ call_alloc_hook(rc, msg_queue_alloc_security, msq);
+
+ kp->security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ kp->security = lsm_alloc_blob(GFP_KERNEL);
+ if (kp->security == NULL) {
+ call_void_hook(msg_queue_free_security, msq);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(kp->security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->msg_queue_alloc_security(msq);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_msg_queue_free(struct msg_queue *msq)
{
- security_ops->msg_queue_free_security(msq);
+ call_free_hook(q_perm.security, msg_queue_free_security, msq);
}
int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
{
- return security_ops->msg_queue_associate(msq, msqflg);
+ int rc;
+ call_int_hook(rc, msg_queue_associate, msq, msqflg);
+ return rc;
}
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
{
- return security_ops->msg_queue_msgctl(msq, cmd);
+ int rc;
+ call_int_hook(rc, msg_queue_msgctl, msq, cmd);
+ return rc;
}
int security_msg_queue_msgsnd(struct msg_queue *msq,
struct msg_msg *msg, int msqflg)
{
- return security_ops->msg_queue_msgsnd(msq, msg, msqflg);
+ int rc;
+ call_int_hook(rc, msg_queue_msgsnd, msq, msg, msqflg);
+ return rc;
}
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
struct task_struct *target, long type, int mode)
{
- return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode);
+ int rc;
+ call_int_hook(rc, msg_queue_msgrcv, msq, msg, target, type, mode);
+ return rc;
}
int security_shm_alloc(struct shmid_kernel *shp)
{
- return security_ops->shm_alloc_security(shp);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+ struct kern_ipc_perm *kp = &shp->shm_perm;
+
+ if (composer_ops[0]->shm_alloc_security)
+ return composer_ops[0]->shm_alloc_security(shp);
+
+ memset(&tblob, 0, sizeof(tblob));
+ kp->security = &tblob;
+ call_alloc_hook(rc, shm_alloc_security, shp);
+
+ kp->security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ kp->security = lsm_alloc_blob(GFP_KERNEL);
+ if (kp->security == NULL) {
+ call_void_hook(shm_free_security, shp);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(kp->security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->shm_alloc_security(shp);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_shm_free(struct shmid_kernel *shp)
{
- security_ops->shm_free_security(shp);
+ call_free_hook(shm_perm.security, shm_free_security, shp);
}
int security_shm_associate(struct shmid_kernel *shp, int shmflg)
{
- return security_ops->shm_associate(shp, shmflg);
+ int rc;
+ call_int_hook(rc, shm_associate, shp, shmflg);
+ return rc;
}
int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
{
- return security_ops->shm_shmctl(shp, cmd);
+ int rc;
+ call_int_hook(rc, shm_shmctl, shp, cmd);
+ return rc;
}
int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
{
- return security_ops->shm_shmat(shp, shmaddr, shmflg);
+ int rc;
+ call_int_hook(rc, shm_shmat, shp, shmaddr, shmflg);
+ return rc;
}
int security_sem_alloc(struct sem_array *sma)
{
- return security_ops->sem_alloc_security(sma);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+ struct kern_ipc_perm *kp = &sma->sem_perm;
+
+ if (composer_ops[0]->sem_alloc_security)
+ return composer_ops[0]->sem_alloc_security(sma);
+
+ memset(&tblob, 0, sizeof(tblob));
+ kp->security = &tblob;
+ call_alloc_hook(rc, sem_alloc_security, sma);
+
+ kp->security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ kp->security = lsm_alloc_blob(GFP_KERNEL);
+ if (kp->security == NULL) {
+ call_void_hook(sem_free_security, sma);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(kp->security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->sem_alloc_security(sma);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_sem_free(struct sem_array *sma)
{
- security_ops->sem_free_security(sma);
+ call_free_hook(sem_perm.security, sem_free_security, sma);
}
int security_sem_associate(struct sem_array *sma, int semflg)
{
- return security_ops->sem_associate(sma, semflg);
+ int rc;
+ call_int_hook(rc, sem_associate, sma, semflg);
+ return rc;
}
int security_sem_semctl(struct sem_array *sma, int cmd)
{
- return security_ops->sem_semctl(sma, cmd);
+ int rc;
+ call_int_hook(rc, sem_semctl, sma, cmd);
+ return rc;
}
int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
unsigned nsops, int alter)
{
- return security_ops->sem_semop(sma, sops, nsops, alter);
+ int rc;
+ call_int_hook(rc, sem_semop, sma, sops, nsops, alter);
+ return rc;
}
void security_d_instantiate(struct dentry *dentry, struct inode *inode)
{
if (unlikely(inode && IS_PRIVATE(inode)))
return;
- security_ops->d_instantiate(dentry, inode);
+ call_void_hook(d_instantiate, dentry, inode);
}
EXPORT_SYMBOL(security_d_instantiate);
int security_getprocattr(struct task_struct *p, char *name, char **value)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ char *result = NULL;
+ char *values[COMPOSER_MAX];
+ int rcs[COMPOSER_MAX];
+ int rc = 0;
+ int only = 0;
+ int total = 0;
+ int i;
+ int j;
+
+ if (composer_ops[0]->getprocattr)
+ return composer_ops[0]->getprocattr(p, name, value);
+
+ if (lsm_present != 0)
+ return composer_ops[lsm_present]->getprocattr(p, name, value);
+
+ /*
+ * Find all the LSMs that produce procattrs and call them,
+ * saving the results. Note if more than one gets called
+ * and if there are any failures. Track how much space is
+ * going to be required to combine the strings.
+ */
+ for (i = 1; i < lsm_count; i++) {
+ rcs[i] = 0;
+ values[i] = NULL;
+ if (!composer_ops[i]->getprocattr)
+ continue;
+ if (only == 0)
+ only = i;
+ else
+ only = -1;
+ rcs[i] = composer_ops[i]->getprocattr(p, name, &values[i]);
+ if (rcs[i] < 0)
+ rc = rcs[i];
+ else if (rcs[i] > 0)
+ total += rcs[i] + strlen(composer_ops[i]->name) + 2;
+ }
+ /*
+ * Special cases for 0 and 1 LSMs getting called
+ * In the multiple called case compose a string.
+ */
+ if (only == 0)
+ result = NULL;
+ else if (only > 0) {
+ result = values[only];
+ values[only] = NULL;
+ } else {
+ result = kzalloc(total + 2, GFP_KERNEL);
+ for (i = 1; i < lsm_count; i++) {
+ for (j = 0; j < rcs[i]; j++)
+ if (values[i][j] == '\n')
+ values[i][j] = '\0';
+ if (rcs[i] <= 0)
+ continue;
+ strcat(result, "/");
+ strcat(result, composer_ops[i]->name);
+ strcat(result, "=");
+ strncat(result, values[i], rcs[i]);
+ }
+ strcat(result, "/");
+ rc = strlen(result);
+ }
+ for (i = 1; i < lsm_count; i++)
+ kfree(values[i]);
+ *value = result;
+
+ return rc;
+#else /* CONFIG_SECURITY_COMPOSER */
return security_ops->getprocattr(p, name, value);
+#endif /* CONFIG_SECURITY_COMPOSER */
}
int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
+#ifdef CONFIG_SECURITY_COMPOSER
+ char searches[COMPOSER_MAX][SECURITY_NAME_MAX + 4];
+ char *data = value;
+ char *values[COMPOSER_MAX];
+ int eos = 0;
+ int formatted = 0;
+ int only = 0;
+ int thisrc;
+ int rc = size;
+ int i;
+
+ if (composer_ops[0]->setprocattr)
+ return composer_ops[0]->setprocattr(p, name, value, size);
+
+ if (lsm_present != 0)
+ return composer_ops[lsm_present]->setprocattr(p, name,
+ value, size);
+
+ if (size > PAGE_SIZE - 1)
+ return -EINVAL;
+ if (size > 0)
+ eos = size - 1;
+ while (eos > 0 && (data[eos] == '\0' || data[eos] == '\n'))
+ eos--;
+
+ if (data[0] == '/' && data[eos] == '/') {
+ /*
+ * "/smack=Howdy/apparmor=confined/bandl=12/1,2,6/"
+ */
+ formatted = 1;
+ data[eos] = '\0';
+ for (i = 1; i < lsm_count; i++) {
+ sprintf(searches[i], "/%s=", composer_ops[i]->name);
+ values[i] = strnstr(data, searches[i], size);
+ }
+ for (i = 1; i < lsm_count; i++) {
+ if (values[i] != NULL) {
+ *values[i] = '\0';
+ values[i] = values[i] + strlen(searches[i]);
+ }
+ }
+ }
+ for (i = 1; i < lsm_count; i++) {
+ if (!composer_ops[i]->setprocattr)
+ continue;
+ if (formatted && values[i] == NULL)
+ continue;
+ if (only == 0)
+ only = i;
+ else
+ only = -1;
+
+ if (formatted)
+ thisrc = composer_ops[i]->setprocattr(p, name,
+ values[i], strlen(values[i]) + 1);
+ else
+ thisrc = composer_ops[i]->setprocattr(p, name,
+ value, size);
+
+ if (thisrc < 0)
+ rc = thisrc;
+ }
+
+ if (only == 0)
+ return -EINVAL;
+ return rc;
+
+#else /* CONFIG_SECURITY_COMPOSER */
return security_ops->setprocattr(p, name, value, size);
+#endif /* CONFIG_SECURITY_COMPOSER */
}
int security_netlink_send(struct sock *sk, struct sk_buff *skb)
{
- return security_ops->netlink_send(sk, skb);
+ int rc;
+ call_int_hook(rc, netlink_send, sk, skb);
+ return rc;
}
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
{
- return security_ops->secid_to_secctx(secid, secdata, seclen);
+ int rc;
+ call_int_hook(rc, secid_to_secctx, secid, secdata, seclen);
+ return rc;
}
EXPORT_SYMBOL(security_secid_to_secctx);
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
{
- return security_ops->secctx_to_secid(secdata, seclen, secid);
+ int rc;
+ call_int_hook(rc, secctx_to_secid, secdata, seclen, secid);
+ return rc;
}
EXPORT_SYMBOL(security_secctx_to_secid);
void security_release_secctx(char *secdata, u32 seclen)
{
- security_ops->release_secctx(secdata, seclen);
+ call_void_hook(release_secctx, secdata, seclen);
}
EXPORT_SYMBOL(security_release_secctx);
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
- return security_ops->inode_notifysecctx(inode, ctx, ctxlen);
+ int rc;
+ call_int_hook(rc, inode_notifysecctx, inode, ctx, ctxlen);
+ return rc;
}
EXPORT_SYMBOL(security_inode_notifysecctx);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
{
- return security_ops->inode_setsecctx(dentry, ctx, ctxlen);
+ int rc;
+ call_int_hook(rc, inode_setsecctx, dentry, ctx, ctxlen);
+ return rc;
}
EXPORT_SYMBOL(security_inode_setsecctx);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
- return security_ops->inode_getsecctx(inode, ctx, ctxlen);
+ int rc;
+ call_int_hook(rc, inode_getsecctx, inode, ctx, ctxlen);
+ return rc;
}
EXPORT_SYMBOL(security_inode_getsecctx);
@@ -1050,188 +1888,258 @@ EXPORT_SYMBOL(security_inode_getsecctx);
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
{
- return security_ops->unix_stream_connect(sock, other, newsk);
+ int rc;
+ call_int_hook(rc, unix_stream_connect, sock, other, newsk);
+ return rc;
}
EXPORT_SYMBOL(security_unix_stream_connect);
int security_unix_may_send(struct socket *sock, struct socket *other)
{
- return security_ops->unix_may_send(sock, other);
+ int rc;
+ call_int_hook(rc, unix_may_send, sock, other);
+ return rc;
}
EXPORT_SYMBOL(security_unix_may_send);
int security_socket_create(int family, int type, int protocol, int kern)
{
- return security_ops->socket_create(family, type, protocol, kern);
+ int rc;
+ call_int_hook(rc, socket_create, family, type, protocol, kern);
+ return rc;
}
int security_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern)
{
- return security_ops->socket_post_create(sock, family, type,
- protocol, kern);
+ int rc;
+ call_int_hook(rc, socket_post_create, sock, family, type,
+ protocol, kern);
+ return rc;
}
int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
{
- return security_ops->socket_bind(sock, address, addrlen);
+ int rc;
+ call_int_hook(rc, socket_bind, sock, address, addrlen);
+ return rc;
}
int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
{
- return security_ops->socket_connect(sock, address, addrlen);
+ int rc;
+ call_int_hook(rc, socket_connect, sock, address, addrlen);
+ return rc;
}
int security_socket_listen(struct socket *sock, int backlog)
{
- return security_ops->socket_listen(sock, backlog);
+ int rc;
+ call_int_hook(rc, socket_listen, sock, backlog);
+ return rc;
}
int security_socket_accept(struct socket *sock, struct socket *newsock)
{
- return security_ops->socket_accept(sock, newsock);
+ int rc;
+ call_int_hook(rc, socket_accept, sock, newsock);
+ return rc;
}
int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
{
- return security_ops->socket_sendmsg(sock, msg, size);
+ int rc;
+ call_int_hook(rc, socket_sendmsg, sock, msg, size);
+ return rc;
}
int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
int size, int flags)
{
- return security_ops->socket_recvmsg(sock, msg, size, flags);
+ int rc;
+ call_int_hook(rc, socket_recvmsg, sock, msg, size, flags);
+ return rc;
}
int security_socket_getsockname(struct socket *sock)
{
- return security_ops->socket_getsockname(sock);
+ int rc;
+ call_int_hook(rc, socket_getsockname, sock);
+ return rc;
}
int security_socket_getpeername(struct socket *sock)
{
- return security_ops->socket_getpeername(sock);
+ int rc;
+ call_int_hook(rc, socket_getpeername, sock);
+ return rc;
}
int security_socket_getsockopt(struct socket *sock, int level, int optname)
{
- return security_ops->socket_getsockopt(sock, level, optname);
+ int rc;
+ call_int_hook(rc, socket_getsockopt, sock, level, optname);
+ return rc;
}
int security_socket_setsockopt(struct socket *sock, int level, int optname)
{
- return security_ops->socket_setsockopt(sock, level, optname);
+ int rc;
+ call_int_hook(rc, socket_setsockopt, sock, level, optname);
+ return rc;
}
int security_socket_shutdown(struct socket *sock, int how)
{
- return security_ops->socket_shutdown(sock, how);
+ int rc;
+ call_int_hook(rc, socket_shutdown, sock, how);
+ return rc;
}
int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
{
- return security_ops->socket_sock_rcv_skb(sk, skb);
+ int rc;
+ call_int_hook(rc, socket_sock_rcv_skb, sk, skb);
+ return rc;
}
EXPORT_SYMBOL(security_sock_rcv_skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
- return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
+ int rc;
+ call_int_hook(rc, socket_getpeersec_stream, sock, optval, optlen, len);
+ return rc;
}
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
{
- return security_ops->socket_getpeersec_dgram(sock, skb, secid);
+ int rc;
+ call_int_hook(rc, socket_getpeersec_dgram, sock, skb, secid);
+ return rc;
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
{
- return security_ops->sk_alloc_security(sk, family, priority);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->sk_alloc_security)
+ return composer_ops[0]->sk_alloc_security(sk, family, priority);
+
+ memset(&tblob, 0, sizeof(tblob));
+ sk->sk_security = &tblob;
+ call_alloc_hook(rc, sk_alloc_security, sk, family, priority);
+
+ sk->sk_security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ sk->sk_security = lsm_alloc_blob(priority);
+ if (sk->sk_security == NULL) {
+ call_void_hook(sk_free_security, sk);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(sk->sk_security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->sk_alloc_security(sk, family, priority);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_sk_free(struct sock *sk)
{
- security_ops->sk_free_security(sk);
+ call_free_hook(sk_security, sk_free_security, sk);
}
void security_sk_clone(const struct sock *sk, struct sock *newsk)
{
- security_ops->sk_clone_security(sk, newsk);
+ call_void_hook(sk_clone_security, sk, newsk);
}
EXPORT_SYMBOL(security_sk_clone);
void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
{
- security_ops->sk_getsecid(sk, &fl->flowi_secid);
+ call_void_hook(sk_getsecid, sk, &fl->flowi_secid);
}
EXPORT_SYMBOL(security_sk_classify_flow);
void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
{
- security_ops->req_classify_flow(req, fl);
+ call_void_hook(req_classify_flow, req, fl);
}
EXPORT_SYMBOL(security_req_classify_flow);
void security_sock_graft(struct sock *sk, struct socket *parent)
{
- security_ops->sock_graft(sk, parent);
+ call_void_hook(sock_graft, sk, parent);
}
EXPORT_SYMBOL(security_sock_graft);
int security_inet_conn_request(struct sock *sk,
struct sk_buff *skb, struct request_sock *req)
{
- return security_ops->inet_conn_request(sk, skb, req);
+ int rc;
+ call_int_hook(rc, inet_conn_request, sk, skb, req);
+ return rc;
}
EXPORT_SYMBOL(security_inet_conn_request);
void security_inet_csk_clone(struct sock *newsk,
const struct request_sock *req)
{
- security_ops->inet_csk_clone(newsk, req);
+ call_void_hook(inet_csk_clone, newsk, req);
}
void security_inet_conn_established(struct sock *sk,
struct sk_buff *skb)
{
- security_ops->inet_conn_established(sk, skb);
+ call_void_hook(inet_conn_established, sk, skb);
}
int security_secmark_relabel_packet(u32 secid)
{
- return security_ops->secmark_relabel_packet(secid);
+ int rc;
+ call_int_hook(rc, secmark_relabel_packet, secid);
+ return rc;
}
EXPORT_SYMBOL(security_secmark_relabel_packet);
void security_secmark_refcount_inc(void)
{
- security_ops->secmark_refcount_inc();
+ call_void_hook(secmark_refcount_inc);
}
EXPORT_SYMBOL(security_secmark_refcount_inc);
void security_secmark_refcount_dec(void)
{
- security_ops->secmark_refcount_dec();
+ call_void_hook(secmark_refcount_dec);
}
EXPORT_SYMBOL(security_secmark_refcount_dec);
int security_tun_dev_create(void)
{
- return security_ops->tun_dev_create();
+ int rc;
+ call_int_hook(rc, tun_dev_create);
+ return rc;
}
EXPORT_SYMBOL(security_tun_dev_create);
void security_tun_dev_post_create(struct sock *sk)
{
- return security_ops->tun_dev_post_create(sk);
+ call_void_hook(tun_dev_post_create, sk);
}
EXPORT_SYMBOL(security_tun_dev_post_create);
int security_tun_dev_attach(struct sock *sk)
{
- return security_ops->tun_dev_attach(sk);
+ int rc;
+ call_int_hook(rc, tun_dev_attach, sk);
+ return rc;
}
EXPORT_SYMBOL(security_tun_dev_attach);
@@ -1239,78 +2147,105 @@ EXPORT_SYMBOL(security_tun_dev_attach);
#ifdef CONFIG_SECURITY_NETWORK_XFRM
+/*
+ * The xfrm hooks present special issues for composition
+ * as they don't user the usual scheme for passing in blobs.
+ * LSM registration checks ensure that only one xfrm using
+ * security module is loaded at a time.
+ * This shouldn't be much of an issue since SELinux is the
+ * only security module ever expected to use xfrm.
+ */
int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
{
- return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx);
+ int rc;
+ call_int_hook(rc, xfrm_policy_alloc_security, ctxp, sec_ctx);
+ return rc;
}
EXPORT_SYMBOL(security_xfrm_policy_alloc);
int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
struct xfrm_sec_ctx **new_ctxp)
{
- return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
+ int rc;
+ call_int_hook(rc, xfrm_policy_clone_security, old_ctx, new_ctxp);
+ return rc;
}
void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
- security_ops->xfrm_policy_free_security(ctx);
+ call_void_hook(xfrm_policy_free_security, ctx);
}
EXPORT_SYMBOL(security_xfrm_policy_free);
int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
- return security_ops->xfrm_policy_delete_security(ctx);
+ int rc;
+ call_int_hook(rc, xfrm_policy_delete_security, ctx);
+ return rc;
}
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
{
- return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0);
+ int rc;
+ call_int_hook(rc, xfrm_state_alloc_security, x, sec_ctx, 0);
+ return rc;
}
EXPORT_SYMBOL(security_xfrm_state_alloc);
int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
+ int rc;
if (!polsec)
return 0;
/*
* We want the context to be taken from secid which is usually
* from the sock.
*/
- return security_ops->xfrm_state_alloc_security(x, NULL, secid);
+ call_int_hook(rc, xfrm_state_alloc_security, x, NULL, secid);
+ return rc;
}
int security_xfrm_state_delete(struct xfrm_state *x)
{
- return security_ops->xfrm_state_delete_security(x);
+ int rc;
+ call_int_hook(rc, xfrm_state_delete_security, x);
+ return rc;
}
EXPORT_SYMBOL(security_xfrm_state_delete);
void security_xfrm_state_free(struct xfrm_state *x)
{
- security_ops->xfrm_state_free_security(x);
+ call_void_hook(xfrm_state_free_security, x);
}
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
{
- return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
+ int rc;
+ call_int_hook(rc, xfrm_policy_lookup, ctx, fl_secid, dir);
+ return rc;
}
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
const struct flowi *fl)
{
- return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
+ int rc;
+ call_int_hook(rc, xfrm_state_pol_flow_match, x, xp, fl);
+ return rc;
}
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
{
- return security_ops->xfrm_decode_session(skb, secid, 1);
+ int rc;
+ call_int_hook(rc, xfrm_decode_session, skb, secid, 1);
+ return rc;
}
void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
{
- int rc = security_ops->xfrm_decode_session(skb, &fl->flowi_secid, 0);
+ int rc;
+ call_int_hook(rc, xfrm_decode_session, skb, &fl->flowi_secid, 0);
BUG_ON(rc);
}
@@ -1323,23 +2258,53 @@ EXPORT_SYMBOL(security_skb_classify_flow);
int security_key_alloc(struct key *key, const struct cred *cred,
unsigned long flags)
{
- return security_ops->key_alloc(key, cred, flags);
+ int rc;
+#ifdef CONFIG_SECURITY_COMPOSER
+ struct lsm_blob tblob;
+
+ if (composer_ops[0]->key_alloc)
+ return composer_ops[0]->key_alloc(key, cred, flags);
+
+ memset(&tblob, 0, sizeof(tblob));
+ key->security = &tblob;
+ call_alloc_hook(rc, key_alloc, key, cred, flags);
+
+ key->security = NULL;
+ if (tblob.lsm_setcount > 0) {
+ if (rc == 0)
+ key->security = lsm_alloc_blob(GFP_KERNEL);
+ if (key->security == NULL) {
+ call_void_hook(key_free, key);
+ if (rc == 0)
+ rc = -ENOMEM;
+ lsm_blob_cleanup(rc, &tblob, __func__);
+ } else
+ memcpy(key->security, &tblob, sizeof(tblob));
+ }
+#else /* CONFIG_SECURITY_COMPOSER */
+ rc = security_ops->key_alloc(key, cred, flags);
+#endif /* CONFIG_SECURITY_COMPOSER */
+ return rc;
}
void security_key_free(struct key *key)
{
- security_ops->key_free(key);
+ call_void_hook(key_free, key);
}
int security_key_permission(key_ref_t key_ref,
const struct cred *cred, key_perm_t perm)
{
- return security_ops->key_permission(key_ref, cred, perm);
+ int rc;
+ call_int_hook(rc, key_permission, key_ref, cred, perm);
+ return rc;
}
int security_key_getsecurity(struct key *key, char **_buffer)
{
- return security_ops->key_getsecurity(key, _buffer);
+ int rc;
+ call_int_hook(rc, key_getsecurity, key, _buffer);
+ return rc;
}
#endif /* CONFIG_KEYS */
@@ -1348,23 +2313,29 @@ int security_key_getsecurity(struct key *key, char **_buffer)
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
- return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
+ int rc;
+ call_int_hook(rc, audit_rule_init, field, op, rulestr, lsmrule);
+ return rc;
}
int security_audit_rule_known(struct audit_krule *krule)
{
- return security_ops->audit_rule_known(krule);
+ int rc;
+ call_int_hook(rc, audit_rule_known, krule);
+ return rc;
}
void security_audit_rule_free(void *lsmrule)
{
- security_ops->audit_rule_free(lsmrule);
+ call_void_hook(audit_rule_free, lsmrule);
}
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx)
{
- return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
+ int rc;
+ call_int_hook(rc, audit_rule_match, secid, field, op, lsmrule, actx);
+ return rc;
}
#endif /* CONFIG_AUDIT */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63..0fff5ca 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5874,7 +5874,7 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
- reset_security_ops();
+ reset_security_ops(&selinux_ops);
/* Try to destroy the avc node cache */
avc_disable();
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
