diff options
author | Yannick GICQUEL <yannick.gicquel@iot.bzh> | 2015-10-19 15:57:07 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.200> | 2015-11-06 15:23:36 +0000 |
commit | ede19ea0c47fb23f3fc779833d1e57cf76f3371e (patch) | |
tree | 47d6fae2283c54def1871aaf2a73828ac68b1b34 /meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch | |
parent | 1cd8ab18abca96e4ee108f80225058d875b28347 (diff) |
kernel: smack security backport from kernel 4
Here is the backport of all patches relating to smack support
on kernel side. For more details, see file:
meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README
Please note that patches are applied only if "smack" is in the
ditro features. Here are the 2 lines to add in the local.conf
OVERRIDES .= ":smack"
DISTRO_FEATURES_append = " smack"
Change-Id: I147a3532aec531f977d6ec34c576261835711f1e
Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch')
-rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch new file mode 100644 index 0000000..065734d --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0013-Smack-Implement-lock-security-mode.patch @@ -0,0 +1,189 @@ +From a62902f65798858d0f8b7549ba70304ee047b2d6 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler <casey@schaufler-ca.com> +Date: Fri, 11 Oct 2013 18:06:39 -0700 +Subject: [PATCH 13/54] Smack: Implement lock security mode + +Linux file locking does not follow the same rules +as other mechanisms. Even though it is a write operation +a process can set a read lock on files which it has open +only for read access. Two programs with read access to +a file can use read locks to communicate. + +This is not acceptable in a Mandatory Access Control +environment. Smack treats setting a read lock as the +write operation that it is. Unfortunately, many programs +assume that setting a read lock is a read operation. +These programs are unhappy in the Smack environment. + +This patch introduces a new access mode (lock) to address +this problem. A process with lock access to a file can +set a read lock. A process with write access to a file can +set a read lock or a write lock. This prevents a situation +where processes are granted write access just so they can +set read locks. + +Targeted for git://git.gitorious.org/smack-next/kernel.git + +Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack.h | 12 ++++++++---- + security/smack/smack_access.c | 10 ++++++++++ + security/smack/smack_lsm.c | 9 +++++++-- + security/smack/smackfs.c | 10 ++++++++-- + 4 files changed, 33 insertions(+), 8 deletions(-) + +diff --git a/security/smack/smack.h b/security/smack/smack.h +index 076b8e8..364cc64 100644 +--- a/security/smack/smack.h ++++ b/security/smack/smack.h +@@ -177,9 +177,13 @@ struct smk_port_label { + #define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */ + + /* +- * Flag for transmute access ++ * Flags for untraditional access modes. ++ * It shouldn't be necessary to avoid conflicts with definitions ++ * in fs.h, but do so anyway. + */ +-#define MAY_TRANSMUTE 64 ++#define MAY_TRANSMUTE 0x00001000 /* Controls directory labeling */ ++#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */ ++ + /* + * Just to make the common cases easier to deal with + */ +@@ -188,9 +192,9 @@ struct smk_port_label { + #define MAY_NOT 0 + + /* +- * Number of access types used by Smack (rwxat) ++ * Number of access types used by Smack (rwxatl) + */ +-#define SMK_NUM_ACCESS_TYPE 5 ++#define SMK_NUM_ACCESS_TYPE 6 + + /* SMACK data */ + struct smack_audit_data { +diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c +index b3b59b1..14293cd 100644 +--- a/security/smack/smack_access.c ++++ b/security/smack/smack_access.c +@@ -84,6 +84,8 @@ int log_policy = SMACK_AUDIT_DENIED; + * + * Do the object check first because that is more + * likely to differ. ++ * ++ * Allowing write access implies allowing locking. + */ + int smk_access_entry(char *subject_label, char *object_label, + struct list_head *rule_list) +@@ -99,6 +101,11 @@ int smk_access_entry(char *subject_label, char *object_label, + } + } + ++ /* ++ * MAY_WRITE implies MAY_LOCK. ++ */ ++ if ((may & MAY_WRITE) == MAY_WRITE) ++ may |= MAY_LOCK; + return may; + } + +@@ -245,6 +252,7 @@ out_audit: + static inline void smack_str_from_perm(char *string, int access) + { + int i = 0; ++ + if (access & MAY_READ) + string[i++] = 'r'; + if (access & MAY_WRITE) +@@ -255,6 +263,8 @@ static inline void smack_str_from_perm(char *string, int access) + string[i++] = 'a'; + if (access & MAY_TRANSMUTE) + string[i++] = 't'; ++ if (access & MAY_LOCK) ++ string[i++] = 'l'; + string[i] = '\0'; + } + /** +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 8825375..88d366e5 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1146,7 +1146,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, + * @file: the object + * @cmd: unused + * +- * Returns 0 if current has write access, error code otherwise ++ * Returns 0 if current has lock access, error code otherwise + */ + static int smack_file_lock(struct file *file, unsigned int cmd) + { +@@ -1154,7 +1154,7 @@ static int smack_file_lock(struct file *file, unsigned int cmd) + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); +- return smk_curacc(file->f_security, MAY_WRITE, &ad); ++ return smk_curacc(file->f_security, MAY_LOCK, &ad); + } + + /** +@@ -1178,8 +1178,13 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, + + switch (cmd) { + case F_GETLK: ++ break; + case F_SETLK: + case F_SETLKW: ++ smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); ++ smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ rc = smk_curacc(file->f_security, MAY_LOCK, &ad); ++ break; + case F_SETOWN: + case F_SETSIG: + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); +diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c +index 80f4b4a..160aa08e 100644 +--- a/security/smack/smackfs.c ++++ b/security/smack/smackfs.c +@@ -139,7 +139,7 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION; + * SMK_LOADLEN: Smack rule length + */ + #define SMK_OACCESS "rwxa" +-#define SMK_ACCESS "rwxat" ++#define SMK_ACCESS "rwxatl" + #define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) + #define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) + #define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) +@@ -282,6 +282,10 @@ static int smk_perm_from_str(const char *string) + case 'T': + perm |= MAY_TRANSMUTE; + break; ++ case 'l': ++ case 'L': ++ perm |= MAY_LOCK; ++ break; + default: + return perm; + } +@@ -452,7 +456,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, + /* + * Minor hack for backward compatibility + */ +- if (count != SMK_OLOADLEN && count != SMK_LOADLEN) ++ if (count < SMK_OLOADLEN || count > SMK_LOADLEN) + return -EINVAL; + } else { + if (count >= PAGE_SIZE) { +@@ -592,6 +596,8 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max) + seq_putc(s, 'a'); + if (srp->smk_access & MAY_TRANSMUTE) + seq_putc(s, 't'); ++ if (srp->smk_access & MAY_LOCK) ++ seq_putc(s, 'l'); + + seq_putc(s, '\n'); + } +-- +2.1.4 + |