From patchwork Thu Mar 16 23:36:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 1758022 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=UZm011sc; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Pd3ZH10xfz1yWp for ; Fri, 17 Mar 2023 10:36:54 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pcx9G-00016A-95; Thu, 16 Mar 2023 23:36:42 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pcx9D-00015y-G3 for kernel-team@lists.ubuntu.com; Thu, 16 Mar 2023 23:36:39 +0000 Received: from [192.168.192.83] (unknown [50.47.134.245]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 8C12341FBB for ; Thu, 16 Mar 2023 23:36:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1679009799; bh=C2aucj/5WHttuPP9ylbQ+X5IHS3L8dfrAHWEqYAVdHk=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=UZm011scN4SKUdMOVSBTXmXnIGuIESKqYugAwdsZ5Hhu2LTkGFnUhL7g5tTvRBtkz URqe/appA/m+v/HDhSPMp0l5A/hjJ2XZUBnsHvIglag3fnLFZbKinm4/VT1s7rK5oB bGGSO1Zy5RxvJh3wIKtyP72piVLDMTRjnogJy2tKp5zC69qaCy8sKREQbyQgUeQZnZ CugtkGjd+srRxpLKjUkfz9x1t0CzX7cRl05rWYBShxpqkYy0HOORCKKDQG5JkirhL1 TWTjJXI1O3GycS8OKW7B6xtl3ArNC1zLBKmAVw+0YGPHlteTTTkccNrJ2M0qpFmVJa 19i+0IWzMPRLg== Message-ID: <011b92b6-5769-7943-c472-54ef05ef29ae@canonical.com> Date: Thu, 16 Mar 2023 16:36:36 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 To: kernel-team@lists.ubuntu.com Content-Language: en-US From: John Johansen Subject: [Lunar][PULL] LSM stacking and AppArmor refresh for 6.2 kernel Organization: Canonical X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" This is the current stable prompting and refreshed LSM stacking patches based on master-next 6.2. The patch sequence, has 5 sections 1. Revert apparmor and lsm stacking changes to get to clean 6.2 patches 0001-0040 2. Apply base apparmor changes. Some of these patches are the same as previous, but most of them have bug fix patches folded into them to reduce the queue size, and make it less likely to drop them by accident. patches 0041-0047 3. The new LSM stacking patchset. This is the most recent version except the syscall patch at the end. There is a separate queue of 8 patches now for that, BUT Casey is making revisions to it so I am waiting on the newest version before doing the work to pull in its replacement. patches 0048-0086 4. The prompting patchset patches 0087-0096 5. Config changes. patch 0097 The following changes since commit 50a70463593be2729ee123334548ada1000ed7d2: UBUNTU: Ubuntu-6.2.0-16.16 (2023-03-10 18:34:28 +0100) are available in the Git repository at: https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt for you to fetch changes up to 9fb5679093a35bd102695963856d395a25db5ed2: UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-16 16:12:02 -0700) ---------------------------------------------------------------- Andrea Righi (1): UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS Casey Schaufler (39): UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure. UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call John Johansen (57): Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static"" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules UBUNTU: SAUCE: apparmor: add user namespace creation mediation UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions UBUNTU: SAUCE: apparmor: af_unix mediation UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data UBUNTU: SAUCE: apparmor: setup slab cache for audit data UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label UBUNTU: SAUCE: apparmor: pass cred through to audit info. UBUNTU: SAUCE: apparmor: Improve debug print infrastructure UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions UBUNTU: SAUCE: apparmor: advertise availability of exended perms Documentation/ABI/testing/ima_policy | 8 +- Documentation/security/lsm.rst | 28 -- arch/x86/entry/syscalls/syscall_64.tbl | 2 + drivers/android/binder.c | 23 +- drivers/android/binder_internal.h | 1 + fs/ceph/super.h | 3 +- fs/ceph/xattr.c | 19 +- fs/fuse/dir.c | 35 +- fs/nfs/dir.c | 2 +- fs/nfs/inode.c | 17 +- fs/nfs/internal.h | 8 +- fs/nfs/nfs4proc.c | 24 +- fs/nfs/nfs4xdr.c | 22 +- fs/proc/base.c | 31 +- fs/proc/internal.h | 2 +- include/linux/audit.h | 34 +- include/linux/lsm_hooks.h | 42 +-- include/linux/nfs4.h | 8 +- include/linux/nfs_fs.h | 2 +- include/linux/security.h | 190 ++++++---- include/linux/syscalls.h | 2 + include/net/af_unix.h | 2 +- include/net/netlabel.h | 2 +- include/net/scm.h | 16 +- include/net/xfrm.h | 4 +- include/uapi/asm-generic/unistd.h | 8 +- include/uapi/linux/apparmor.h | 106 ++++++ include/uapi/linux/audit.h | 4 +- include/uapi/linux/lsm.h | 67 ++++ include/uapi/linux/prctl.h | 4 + kernel/audit.c | 327 ++++++++++-------- kernel/audit.h | 19 +- kernel/auditfilter.c | 15 +- kernel/auditsc.c | 205 ++++------- kernel/sys_ni.c | 4 + net/ipv4/cipso_ipv4.c | 3 +- net/ipv4/ip_sockglue.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 10 +- net/netfilter/nfnetlink_queue.c | 24 +- net/netfilter/nft_meta.c | 12 +- net/netfilter/xt_SECMARK.c | 2 +- net/netlabel/netlabel_unlabeled.c | 2 +- net/netlabel/netlabel_user.c | 5 +- net/netlabel/netlabel_user.h | 2 +- net/unix/af_unix.c | 6 +- security/Makefile | 1 + security/apparmor/Kconfig | 4 +- security/apparmor/Makefile | 2 +- security/apparmor/af_unix.c | 183 +++++----- security/apparmor/apparmorfs.c | 200 ++++++++++- security/apparmor/audit.c | 299 ++++++++++++++-- security/apparmor/capability.c | 29 +- security/apparmor/crypto.c | 9 +- security/apparmor/domain.c | 134 ++++--- security/apparmor/file.c | 354 ++++++++++++++----- security/apparmor/include/af_unix.h | 53 +-- security/apparmor/include/apparmor.h | 2 +- security/apparmor/include/apparmorfs.h | 1 + security/apparmor/include/audit.h | 86 ++++- security/apparmor/include/capability.h | 3 +- security/apparmor/include/file.h | 19 +- security/apparmor/include/ipc.h | 9 +- security/apparmor/include/label.h | 1 + security/apparmor/include/lib.h | 42 ++- security/apparmor/include/mount.h | 21 +- security/apparmor/include/net.h | 19 +- security/apparmor/include/notify.h | 95 +++++ security/apparmor/include/perms.h | 8 +- security/apparmor/include/policy.h | 15 +- security/apparmor/include/policy_ns.h | 11 + security/apparmor/include/procattr.h | 2 +- security/apparmor/include/resource.h | 3 +- security/apparmor/include/task.h | 6 +- security/apparmor/ipc.c | 94 ++--- security/apparmor/label.c | 18 +- security/apparmor/lib.c | 143 ++++++-- security/apparmor/lsm.c | 353 ++++++++++++++----- security/apparmor/mount.c | 126 ++++--- security/apparmor/net.c | 88 ++--- security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++ security/apparmor/policy.c | 74 ++-- security/apparmor/policy_ns.c | 5 +- security/apparmor/policy_unpack.c | 57 +-- security/apparmor/procattr.c | 28 +- security/apparmor/resource.c | 54 +-- security/apparmor/secid.c | 2 - security/apparmor/task.c | 85 +++-- security/bpf/hooks.c | 6 +- security/commoncap.c | 6 +- security/integrity/ima/ima.h | 26 -- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_appraise.c | 7 +- security/integrity/ima/ima_main.c | 19 +- security/integrity/ima/ima_policy.c | 118 +++++-- security/integrity/integrity_audit.c | 2 +- security/landlock/cred.c | 7 +- security/landlock/fs.c | 7 +- security/landlock/ptrace.c | 7 +- security/landlock/setup.c | 7 + security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 6 +- security/lockdown/lockdown.c | 6 +- security/lsm_syscalls.c | 206 +++++++++++ security/safesetid/lsm.c | 6 +- security/security.c | 468 ++++++++++++------------- security/selinux/hooks.c | 46 ++- security/selinux/include/classmap.h | 3 +- security/smack/smack_access.c | 5 +- security/smack/smack_lsm.c | 32 +- security/smack/smack_netfilter.c | 2 +- security/smack/smackfs.c | 3 +- security/tomoyo/tomoyo.c | 6 +- security/yama/yama_lsm.c | 6 +- 113 files changed, 3997 insertions(+), 1721 deletions(-) create mode 100644 include/uapi/linux/apparmor.h create mode 100644 include/uapi/linux/lsm.h create mode 100644 security/apparmor/include/notify.h create mode 100644 security/apparmor/notify.c create mode 100644 security/lsm_syscalls.c