diff options
Diffstat (limited to 'meta-app-framework')
10 files changed, 413 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend new file mode 100644 index 000000000..c1c657201 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.1:" + +#------------------------------------------------------------------------- +# smack patches for handling bluetooth + +SRC_URI_append_smack = "\ + file://0001-Smack-File-receive-for-sockets.patch \ + file://0002-smack-fix-cache-of-access-labels.patch \ + file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ + file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ +" + diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend new file mode 100644 index 000000000..66c37400f --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.4:" + +#------------------------------------------------------------------------- +# smack patches for handling bluetooth + +SRC_URI_append_smack = "\ + file://0001-Smack-File-receive-for-sockets.patch \ + file://0002-smack-fix-cache-of-access-labels.patch \ + file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ + file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ +" + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch new file mode 100644 index 000000000..b0c5ee8f4 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch @@ -0,0 +1,62 @@ +From 2e65b888820ea372984d412cee3bd7dcba05d7d2 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler <casey@schaufler-ca.com> +Date: Mon, 7 Dec 2015 14:34:32 -0800 +Subject: [PATCH 1/4] Smack: File receive for sockets + +The existing file receive hook checks for access on +the file inode even for UDS. This is not right, as +the inode is not used by Smack to make access checks +for sockets. This change checks for an appropriate +access relationship between the receiving (current) +process and the socket. If the process can't write +to the socket's send label or the socket's receive +label can't write to the process fail. + +This will allow the legitimate cases, where the +socket sender and socket receiver can freely communicate. +Only strangly set socket labels should cause a problem. + +Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b644757..487b2f3 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1672,9 +1672,31 @@ static int smack_file_receive(struct file *file) + int may = 0; + struct smk_audit_info ad; + struct inode *inode = file_inode(file); ++ struct socket *sock; ++ struct task_smack *tsp; ++ struct socket_smack *ssp; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ ++ if (S_ISSOCK(inode->i_mode)) { ++ sock = SOCKET_I(inode); ++ ssp = sock->sk->sk_security; ++ tsp = current_security(); ++ /* ++ * If the receiving process can't write to the ++ * passed socket or if the passed socket can't ++ * write to the receiving process don't accept ++ * the passed socket. ++ */ ++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ if (rc < 0) ++ return rc; ++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ return rc; ++ } + /* + * This code relies on bitmasks. + */ +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..51c3b31ec --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 5bcea0fc4e5360deca133e211fdc76717a1693a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo <jobol@nonadev.net> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 487b2f3..b9393e3 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1256,9 +1256,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..67761ae46 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From aa63c4f8ece0c54a9be735ac38667f11fcd6f44a Mon Sep 17 00:00:00 2001 +From: Rafal Krypa <r.krypa@samsung.com> +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa <r.krypa@samsung.com> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b9393e3..c916f58 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2056,6 +2056,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch new file mode 100644 index 000000000..4281c201c --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch @@ -0,0 +1,49 @@ +From b2b9e7ec8e79ede841104f76464f4b77c057b011 Mon Sep 17 00:00:00 2001 +From: jooseong lee <jooseong.lee@samsung.com> +Date: Thu, 3 Nov 2016 10:55:43 +0100 +Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook + +Creating struct sock by sk_alloc function in various kernel subsystems +like bluetooth dosen't call smack_socket_post_create(). In such case, +received sock label is the floor('_') label and makes access deny. + +Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 + +Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 +Signed-off-by: jooseong lee <jooseong.lee@samsung.com> +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +--- + security/smack/smack_lsm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index c916f58..cc6769b 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2138,8 +2138,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) + if (ssp == NULL) + return -ENOMEM; + +- ssp->smk_in = skp; +- ssp->smk_out = skp; ++ /* ++ * Sockets created by kernel threads receive web label. ++ */ ++ if (unlikely(current->flags & PF_KTHREAD)) { ++ ssp->smk_in = &smack_known_web; ++ ssp->smk_out = &smack_known_web; ++ } else { ++ ssp->smk_in = skp; ++ ssp->smk_out = skp; ++ } + ssp->smk_packet = NULL; + + sk->sk_security = ssp; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch new file mode 100644 index 000000000..4021e5d38 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch @@ -0,0 +1,65 @@ +From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler <casey@schaufler-ca.com> +Date: Mon, 7 Dec 2015 14:34:32 -0800 +Subject: [PATCH 1/4] Smack: File receive for sockets + +The existing file receive hook checks for access on +the file inode even for UDS. This is not right, as +the inode is not used by Smack to make access checks +for sockets. This change checks for an appropriate +access relationship between the receiving (current) +process and the socket. If the process can't write +to the socket's send label or the socket's receive +label can't write to the process fail. + +This will allow the legitimate cases, where the +socket sender and socket receiver can freely communicate. +Only strangly set socket labels should cause a problem. + +Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index ff81026..b20ef06 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) + int may = 0; + struct smk_audit_info ad; + struct inode *inode = file_inode(file); ++ struct socket *sock; ++ struct task_smack *tsp; ++ struct socket_smack *ssp; + + if (unlikely(IS_PRIVATE(inode))) + return 0; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ ++ if (S_ISSOCK(inode->i_mode)) { ++ sock = SOCKET_I(inode); ++ ssp = sock->sk->sk_security; ++ tsp = current_security(); ++ /* ++ * If the receiving process can't write to the ++ * passed socket or if the passed socket can't ++ * write to the receiving process don't accept ++ * the passed socket. ++ */ ++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ if (rc < 0) ++ return rc; ++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ return rc; ++ } + /* + * This code relies on bitmasks. + */ +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..c516f3aa5 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo <jobol@nonadev.net> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b20ef06..b2bcb14 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..c9180bb9f --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 +From: Rafal Krypa <r.krypa@samsung.com> +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa <r.krypa@samsung.com> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b2bcb14..cf8a93f 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch new file mode 100644 index 000000000..a1eeac3d7 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch @@ -0,0 +1,49 @@ +From c8bbb0f916de54610513e376070aea531af19dd6 Mon Sep 17 00:00:00 2001 +From: jooseong lee <jooseong.lee@samsung.com> +Date: Thu, 3 Nov 2016 10:55:43 +0100 +Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook + +Creating struct sock by sk_alloc function in various kernel subsystems +like bluetooth dosen't call smack_socket_post_create(). In such case, +received sock label is the floor('_') label and makes access deny. + +Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 + +Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 +Signed-off-by: jooseong lee <jooseong.lee@samsung.com> +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +--- + security/smack/smack_lsm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index cf8a93f..21651bc 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2321,8 +2321,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) + if (ssp == NULL) + return -ENOMEM; + +- ssp->smk_in = skp; +- ssp->smk_out = skp; ++ /* ++ * Sockets created by kernel threads receive web label. ++ */ ++ if (unlikely(current->flags & PF_KTHREAD)) { ++ ssp->smk_in = &smack_known_web; ++ ssp->smk_out = &smack_known_web; ++ } else { ++ ssp->smk_in = skp; ++ ssp->smk_out = skp; ++ } + ssp->smk_packet = NULL; + + sk->sk_security = ssp; +-- +2.7.4 + |