From patchwork Mon Apr 23 13:30:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 902935 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="qBEsFqSV"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40V6nn6k2gz9rxs for ; Mon, 23 Apr 2018 23:32:13 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755214AbeDWNcD (ORCPT ); Mon, 23 Apr 2018 09:32:03 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:38983 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755200AbeDWNa6 (ORCPT ); Mon, 23 Apr 2018 09:30:58 -0400 Received: by mail-wr0-f193.google.com with SMTP id q3-v6so31315007wrj.6; Mon, 23 Apr 2018 06:30:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MwmycSb2Z3vLqKx7Jk6MaqeWFf7bSrL18ppFc7RjFwU=; b=qBEsFqSVWenEPIPYn9LnsIQugC5F7mYDGObFbtiCtOxwYG92q6+ajHLAtqYJRNt0ZM 3k72A5iwruFIqsOZkAA9TalYM/K9KBOzp/IWiilN/BBvdq6YC1Ke9YY1NQL34wDv0Zao fBoafDF/ebFauww/GmnYxy5vJTIsRPpcOXz2fdqmJkC1aYyfns7bOR8A6eWiGrjzIp4p ztkj8/LdeXJslNCZBEwnYzJKy9rGaWrFbKu4RqROFaE/aEXJu8aqfAixBLMQ++UoMAG3 3azY7ETUHv4FMzIs6VLfyUMPC3SMx818KKNuWZX/UziEIOnxBQgg99hSFcAMe+r5qJyq K4RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MwmycSb2Z3vLqKx7Jk6MaqeWFf7bSrL18ppFc7RjFwU=; b=Mhi/UkHq85ozSYMLxNvp+S3C/kKutGPOUHmm0TUQ9JyEed2uiU6SP5TqUgx1qREkyT /Xg5LH/zf0jl18Vc8oC/AfRFALC25GZ5ZC6mJ4IXEDf8jzJRgC9nRKl51zZffxdJjX1y Cm+s8Pfx6SMkttTJJKh3JQfU3aIJUtAb+aLwfp1YTGxICt/J5CF/Yip1Tm+TnAilutSj YtAJSJj42wsFwQ7c+98b7Q66+DxSzG3Rk7wY3mDU+YhhqPrzkGrZFr2ZpEtnyU1gm9+u bwSn26U6Vv/MLe1iL3zFJwAt6nQ+45wAqksI7zeKGQuhFaOdMR2wSI9sMcc5r9TWEe+R 4bjw== X-Gm-Message-State: ALQs6tBk93Whah6eG8bzUMFTI+1FNimGpZ7C0a4qzrgY9bilZo3reqVI sV2iUEskHEKl3CQ8jteSxBG4Jw== X-Google-Smtp-Source: AIpwx49DLuKS5xxa2oNupuVI7CMu/7HMipNtx8MY8FWsh9OUBEIP0WiUVThiu3dbuuIu50xIikyr2A== X-Received: by 2002:adf:b859:: with SMTP id u25-v6mr17799384wrf.162.1524490256058; Mon, 23 Apr 2018 06:30:56 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3FE3000ECB787D771B96788.dip0.t-ipconnect.de. [2003:c2:a3fe:3000:ecb7:87d7:71b9:6788]) by smtp.gmail.com with ESMTPSA id 78sm10262548wmm.19.2018.04.23.06.30.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Apr 2018 06:30:55 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH 1/3] security: add hook for socketpair(AF_UNIX, ...) Date: Mon, 23 Apr 2018 15:30:13 +0200 Message-Id: <20180423133015.5455-2-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180423133015.5455-1-dh.herrmann@gmail.com> References: <20180423133015.5455-1-dh.herrmann@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior of socketpair() can be emulated by creating a listener socket, connecting to it, and then discarding the initial listener socket. With this workaround, SO_PEERSEC would return the caller's security context. However, with socketpair(), the uninitialized context is returned unconditionally. This is unexpected and makes socketpair() less useful in situations where the security context is crucial to the application. With the new socketpair-hook this disparity can be solved by making socketpair() return the expected security context. Signed-off-by: David Herrmann --- include/linux/lsm_hooks.h | 8 ++++++++ include/linux/security.h | 7 +++++++ security/security.c | 6 ++++++ 3 files changed, 21 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9d0b286f3dba..2a23c75c1541 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -717,6 +717,12 @@ * @other contains the peer sock structure. * @newsk contains the new sock structure. * Return 0 if permission is granted. + * @unix_stream_socketpair: + * Check permissions before establishing a Unix domain stream connection + * for a fresh pair of sockets. + * @socka contains the first sock structure. + * @sockb contains the second sock structure. + * Return 0 if permission is granted and the connection was established. * @unix_may_send: * Check permissions before connecting or sending datagrams from @sock to * @other. @@ -1651,6 +1657,7 @@ union security_list_options { #ifdef CONFIG_SECURITY_NETWORK int (*unix_stream_connect)(struct sock *sock, struct sock *other, struct sock *newsk); + int (*unix_stream_socketpair)(struct sock *socka, struct sock *sockb); int (*unix_may_send)(struct socket *sock, struct socket *other); int (*socket_create)(int family, int type, int protocol, int kern); @@ -1919,6 +1926,7 @@ struct security_hook_heads { struct hlist_head inode_getsecctx; #ifdef CONFIG_SECURITY_NETWORK struct hlist_head unix_stream_connect; + struct hlist_head unix_stream_socketpair; struct hlist_head unix_may_send; struct hlist_head socket_create; struct hlist_head socket_post_create; diff --git a/include/linux/security.h b/include/linux/security.h index 200920f521a1..be275deeda10 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1187,6 +1187,7 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 #ifdef CONFIG_SECURITY_NETWORK int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); +int security_unix_stream_socketpair(struct sock *socka, struct sock *sockb); int security_unix_may_send(struct socket *sock, struct socket *other); int security_socket_create(int family, int type, int protocol, int kern); int security_socket_post_create(struct socket *sock, int family, @@ -1242,6 +1243,12 @@ static inline int security_unix_stream_connect(struct sock *sock, return 0; } +static inline int security_unix_stream_socketpair(struct sock *socka, + struct sock *sockb) +{ + return 0; +} + static inline int security_unix_may_send(struct socket *sock, struct socket *other) { diff --git a/security/security.c b/security/security.c index 7bc2fde023a7..3dfd374e84e5 100644 --- a/security/security.c +++ b/security/security.c @@ -1340,6 +1340,12 @@ int security_unix_stream_connect(struct sock *sock, struct sock *other, struct s } EXPORT_SYMBOL(security_unix_stream_connect); +int security_unix_stream_socketpair(struct sock *socka, struct sock *sockb) +{ + return call_int_hook(unix_stream_socketpair, 0, socka, sockb); +} +EXPORT_SYMBOL(security_unix_stream_socketpair); + int security_unix_may_send(struct socket *sock, struct socket *other) { return call_int_hook(unix_may_send, 0, sock, other); From patchwork Mon Apr 23 13:30:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 902933 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="PE/Pmu4n"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40V6mZ3Wxyz9rxx for ; Mon, 23 Apr 2018 23:31:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755329AbeDWNbG (ORCPT ); Mon, 23 Apr 2018 09:31:06 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:33911 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755228AbeDWNa7 (ORCPT ); Mon, 23 Apr 2018 09:30:59 -0400 Received: by mail-wr0-f196.google.com with SMTP id p18-v6so22134016wrm.1; Mon, 23 Apr 2018 06:30:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ieEdAnuMLZ5lJ/1rGi7E9evpvBsQXDTsyLR6auhnP8M=; b=PE/Pmu4nwuhFa5LjTeJkfopVzkJBD9csQP+I3kXxlSG66WPc0ZZwNYME8tVSK4RUSc LWcDaQza6I4mmShXGqsxwaPDToq8hQXRl2uVt9KndS16JJ4oJX7Ia+oJIuaX1pfF49tL 7C/gRYEhO1uP/y5npA697XFlnpuZkTdDS2DFZH6c/pfisqOfXJ5uThQmF2VFTBheyOAj VoSulwParJXHjNiqS+ZlKlbZSkEqc4gax7TdhsvsR46jG0iiD0nu49Bu2Hr4H3ZqOnAU qX8DVVGZ8QAbEL5Rsg2zfNz/ElThFn6uSqPxTfjrqkEtCFmgKtxf6oH8JcfhoJqHHnw1 Z7NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ieEdAnuMLZ5lJ/1rGi7E9evpvBsQXDTsyLR6auhnP8M=; b=K+ls5A+HNfmjKNcX2RwiZvd2BN5nNCjOgycMSu+vONBPYRnyz9+7yncyzuzLUPDsp5 bl7+38P+kCCbyRLgCYQtdAxS+/WtnCblqgzkqjTDqZKoRR1jQGNkggjdSLMojO0rfd8i Zj/+89XWPVYZIwrAhvqDzAhxwsSqeHWBr7njyjyZRg4ZwEnocjflhh0jcrynHN+e4wtG 4ab0OjZJZUWYeWYKN4DPl43IDoJx5uLHVut0wHfn+/Z4mUVWOoYjhxmuFAScdB7JAdy8 LtpmqOLD+jT8b+QoJn6v4cPR2CuXsjWd03MiBr1+al1C4EB3Z1z/ckd6cI8sUViNDW0C jKhA== X-Gm-Message-State: ALQs6tAj2Gt2BRYvt9ci3AANgxY2rWWywb/nvYrBkmmxK+yZi3VtBEPk 9iiDnhHLk2BQSotx3MiT6aSWYw== X-Google-Smtp-Source: AIpwx49/8o0TaHHH0Wr5Hu6t6XvXke6CI7EdeRuEZXLS879plpk3URxF+i35uAneeIp2Uk+pZqjAIg== X-Received: by 2002:adf:9d15:: with SMTP id k21-v6mr15260133wre.213.1524490257408; Mon, 23 Apr 2018 06:30:57 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3FE3000ECB787D771B96788.dip0.t-ipconnect.de. [2003:c2:a3fe:3000:ecb7:87d7:71b9:6788]) by smtp.gmail.com with ESMTPSA id 78sm10262548wmm.19.2018.04.23.06.30.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Apr 2018 06:30:56 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH 2/3] net/unix: hook unix_socketpair() into LSM Date: Mon, 23 Apr 2018 15:30:14 +0200 Message-Id: <20180423133015.5455-3-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180423133015.5455-1-dh.herrmann@gmail.com> References: <20180423133015.5455-1-dh.herrmann@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Use the newly created LSM-hook for unix_socketpair(). The default hook return-value is 0, so behavior stays the same unless LSMs start using this hook. Signed-off-by: David Herrmann --- net/unix/af_unix.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 68bb70a62afe..bc9705ace9b1 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1371,6 +1371,11 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, static int unix_socketpair(struct socket *socka, struct socket *sockb) { struct sock *ska = socka->sk, *skb = sockb->sk; + int err; + + err = security_unix_stream_socketpair(ska, skb); + if (err) + return err; /* Join our sockets back to back */ sock_hold(ska); From patchwork Mon Apr 23 13:30:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 902934 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="aQ6rQxOd"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40V6mr5nkXz9rxs for ; Mon, 23 Apr 2018 23:31:24 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755345AbeDWNbJ (ORCPT ); Mon, 23 Apr 2018 09:31:09 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:42461 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755059AbeDWNbA (ORCPT ); Mon, 23 Apr 2018 09:31:00 -0400 Received: by mail-wr0-f196.google.com with SMTP id s18-v6so41301800wrg.9; Mon, 23 Apr 2018 06:31:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BWXPXjWiEQD+a58osTk1tBXulHZ8/HrYkd6QUVi/1NE=; b=aQ6rQxOdgcqg2WBmqGYVAHtkp5ghLbzl7/2IHSt8eqE1Q9yBPmkAfCOPRBfltD9vtN rt7gaS8YaKpTlgrN2j2jYqksnzmWiWBsJqMx3NXF1wQFkU8xjOjDUUvmnpe1mzSYmOip fhS4mzNvjVQodHMeC51j8eIkcxle/q4UsHwJqSxMtyXA45GpTx6N37md4SSYpqRM6fWF AOS/TtJs6PaeH2PagDMpGIpE9zSlw6l44t6WWI6WZMCOnOa0kiOvn7RgQ8MbTMSsLctd 7Iu9oYmdaX2YHHCB2wh65mnUL6jC4nt7FM2vrYLgscCsJdRcT+3LfN1uJSZISHcmL+be zjJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BWXPXjWiEQD+a58osTk1tBXulHZ8/HrYkd6QUVi/1NE=; b=kivZSe1Gk/Bbgg1+Z8DQnJVT8rvxxWp9ZEEO6EIeJSOXVu/dIE0jM36fUqc7rfOJl1 1ZqpoewilxjES10qwEU28yfsk+5LW8crs4SFkvAisDScMY7ODFKwcSxeOkSt75/Eun/e VldIlWCzZ04u9OCNpGUktWCMKVXDz09k99WzNWYMjKwappq5/Vccq0S4drcmN9/myqEO MbzOeSmfX5edUrOOHTHVnwnIVDuju/QkFOIXw+t9oVHuD9qC/MLwXINvrLiTZzf6xRQM A1zHAER3eP5VoK0r03Pv3oUxCucMDUZQbej7ntDPLzzRBeqyT2gES1KNyN1SZYDYEckV n1pA== X-Gm-Message-State: ALQs6tAzWAmzVgjhKIxWsZC9sx+YUPYXaPQyS3mx1Qdt/r4PzsyaB4u8 ufbKN/Sm3w6hazPX6CumknNVWg== X-Google-Smtp-Source: AIpwx49yLZ2T7Qa6/EhKvjbVWpz6czRwj+vDBzV+M9EaujhABMpT03x7lhOnwYC3NgBrrMpEzVvQ2g== X-Received: by 2002:adf:c908:: with SMTP id m8-v6mr16775966wrh.6.1524490258755; Mon, 23 Apr 2018 06:30:58 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3FE3000ECB787D771B96788.dip0.t-ipconnect.de. [2003:c2:a3fe:3000:ecb7:87d7:71b9:6788]) by smtp.gmail.com with ESMTPSA id 78sm10262548wmm.19.2018.04.23.06.30.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Apr 2018 06:30:58 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH 3/3] selinux: provide unix_stream_socketpair callback Date: Mon, 23 Apr 2018 15:30:15 +0200 Message-Id: <20180423133015.5455-4-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180423133015.5455-1-dh.herrmann@gmail.com> References: <20180423133015.5455-1-dh.herrmann@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make sure to implement the new unix_stream_socketpair callback so the SO_PEERSEC call on socketpair(2)s will return correct information. Signed-off-by: David Herrmann Acked-by: Stephen Smalley --- security/selinux/hooks.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4cafe6a19167..828881d9a41d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4905,6 +4905,18 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, return 0; } +static int selinux_socket_unix_stream_socketpair(struct sock *socka, + struct sock *sockb) +{ + struct sk_security_struct *sksec_a = socka->sk_security; + struct sk_security_struct *sksec_b = sockb->sk_security; + + sksec_a->peer_sid = sksec_b->sid; + sksec_b->peer_sid = sksec_a->sid; + + return 0; +} + static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { @@ -6995,6 +7007,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx), LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect), + LSM_HOOK_INIT(unix_stream_socketpair, + selinux_socket_unix_stream_socketpair), LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send), LSM_HOOK_INIT(socket_create, selinux_socket_create),