mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-23 01:10:04 +00:00
c269497d24
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmI473AUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXPaMBAAuxb+RBG0Wqlt0ktUYHF0ZxDVJOTK
YGGmaDp657YJ349+c0U3mrhm7Wj8Mn7Eoz3tAYUWRQ5xPziJQRX7PfxFzT/qpPUz
XYLRppwCWpLSB5NdpNzK3RdGNv+/9BzZ6gmjTj2wfsUCOA8cfpB1pYwyIWm6M9B+
FXMTZ7WOqiuJ3wJa5nD1PPM1z+99nPkYiE6/iKsDidbQgSl8NX6mJY/yUsVxcZ6A
c45n0Pf6Fj9w1XKdVDPfiRY4nekmPCwqbrn7QVtiuCYyC54JcZNmuCQnoN8dy5XY
s/j2M2DBxT6M9rjOqQznL5jGdNKFCWydCAso06JO/13pfakvPpSS6v95Iltqkbtw
1oHf3j5URIirAhyqcyPGoQz+g5c6krgx/Z2GOpvDs9r/AQ80GlpOBYhN3x61lVT5
MLYq0ylV1Vfosnv7a6+AQZ9lJAkmIqws1WtG28adn7/zMPyD/hWwQ7736k/50CMl
oC6zi3G6jCZueWdHZviqf96bjW20ZmNL2DQRy0n8ZSQQGgrsQnFgYMpXtB1Zv8+m
XaDOPo20Ne68rzmTsEp2gVgcnXFc5/KQBDvaUta9etrbTEWqQqqTWiP8mA2QiGme
JwKMgprV0uVDd6s9TC/O0as02xoKrWuGaL7czhlFxuL45k0nYDmk7ea/gz9MrcWV
Y5pzAxs4LVMwVzs=
=5E1v
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20220321' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"We've got a number of SELinux patches queued up, the highlights are:
- Fixup the security_fs_context_parse_param() LSM hook so it executes
all of the LSM hook implementations unless a serious error occurs.
We also correct the SELinux hook implementation so that it returns
zero on success.
- In addition to a few SELinux mount option parsing fixes, we
simplified the parsing by moving it earlier in the process.
The logic was that it was unlikely an admin/user would use the new
mount API and not have the policy loaded before passing the SELinux
options.
- Properly fixed the LSM/SELinux/SCTP hooks with the addition of the
security_sctp_assoc_established() hook.
This work was done in conjunction with the netdev folks and should
complete the move of the SCTP labeling from the endpoints to the
associations.
- Fixed a variety of sparse warnings caused by changes in the "__rcu"
markings of some core kernel structures.
- Ensure we access the superblock's LSM security blob using the
stacking-safe accessors.
- Added the ability for the kernel to always allow FIOCLEX and
FIONCLEX if the "ioctl_skip_cloexec" policy capability is
specified.
- Various constifications improvements, type casting improvements,
additional return value checks, and dead code/parameter removal.
- Documentation fixes"
* tag 'selinux-pr-20220321' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: (23 commits)
selinux: shorten the policy capability enum names
docs: fix 'make htmldocs' warning in SCTP.rst
selinux: allow FIOCLEX and FIONCLEX with policy capability
selinux: use correct type for context length
selinux: drop return statement at end of void functions
security: implement sctp_assoc_established hook in selinux
security: add sctp_assoc_established hook
selinux: parse contexts for mount options early
selinux: various sparse fixes
selinux: try to use preparsed sid before calling parse_sid()
selinux: Fix selinux_sb_mnt_opts_compat()
LSM: general protection fault in legacy_parse_param
selinux: fix a type cast problem in cred_init_security()
selinux: drop unused macro
selinux: simplify cred_init_security
selinux: do not discard const qualifier in cast
selinux: drop unused parameter of avtab_insert_node
selinux: drop cast to same type
selinux: enclose macro arguments in parenthesis
selinux: declare name parameter of hash_eval const
...
125 lines
2.9 KiB
C
125 lines
2.9 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2021 Microsoft Corporation
|
|
*
|
|
* Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com)
|
|
*
|
|
* Measure critical data structures maintainted by SELinux
|
|
* using IMA subsystem.
|
|
*/
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/ima.h>
|
|
#include "security.h"
|
|
#include "ima.h"
|
|
|
|
/*
|
|
* selinux_ima_collect_state - Read selinux configuration settings
|
|
*
|
|
* @state: selinux_state
|
|
*
|
|
* On success returns the configuration settings string.
|
|
* On error, returns NULL.
|
|
*/
|
|
static char *selinux_ima_collect_state(struct selinux_state *state)
|
|
{
|
|
const char *on = "=1;", *off = "=0;";
|
|
char *buf;
|
|
int buf_len, len, i, rc;
|
|
|
|
buf_len = strlen("initialized=0;enforcing=0;checkreqprot=0;") + 1;
|
|
|
|
len = strlen(on);
|
|
for (i = 0; i < __POLICYDB_CAP_MAX; i++)
|
|
buf_len += strlen(selinux_policycap_names[i]) + len;
|
|
|
|
buf = kzalloc(buf_len, GFP_KERNEL);
|
|
if (!buf)
|
|
return NULL;
|
|
|
|
rc = strscpy(buf, "initialized", buf_len);
|
|
WARN_ON(rc < 0);
|
|
|
|
rc = strlcat(buf, selinux_initialized(state) ? on : off, buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
rc = strlcat(buf, "enforcing", buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
rc = strlcat(buf, enforcing_enabled(state) ? on : off, buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
rc = strlcat(buf, "checkreqprot", buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
rc = strlcat(buf, checkreqprot_get(state) ? on : off, buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
for (i = 0; i < __POLICYDB_CAP_MAX; i++) {
|
|
rc = strlcat(buf, selinux_policycap_names[i], buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
|
|
rc = strlcat(buf, state->policycap[i] ? on : off, buf_len);
|
|
WARN_ON(rc >= buf_len);
|
|
}
|
|
|
|
return buf;
|
|
}
|
|
|
|
/*
|
|
* selinux_ima_measure_state_locked - Measure SELinux state and hash of policy
|
|
*
|
|
* @state: selinux state struct
|
|
*/
|
|
void selinux_ima_measure_state_locked(struct selinux_state *state)
|
|
{
|
|
char *state_str = NULL;
|
|
void *policy = NULL;
|
|
size_t policy_len;
|
|
int rc = 0;
|
|
|
|
lockdep_assert_held(&state->policy_mutex);
|
|
|
|
state_str = selinux_ima_collect_state(state);
|
|
if (!state_str) {
|
|
pr_err("SELinux: %s: failed to read state.\n", __func__);
|
|
return;
|
|
}
|
|
|
|
ima_measure_critical_data("selinux", "selinux-state",
|
|
state_str, strlen(state_str), false,
|
|
NULL, 0);
|
|
|
|
kfree(state_str);
|
|
|
|
/*
|
|
* Measure SELinux policy only after initialization is completed.
|
|
*/
|
|
if (!selinux_initialized(state))
|
|
return;
|
|
|
|
rc = security_read_state_kernel(state, &policy, &policy_len);
|
|
if (rc) {
|
|
pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc);
|
|
return;
|
|
}
|
|
|
|
ima_measure_critical_data("selinux", "selinux-policy-hash",
|
|
policy, policy_len, true,
|
|
NULL, 0);
|
|
|
|
vfree(policy);
|
|
}
|
|
|
|
/*
|
|
* selinux_ima_measure_state - Measure SELinux state and hash of policy
|
|
*
|
|
* @state: selinux state struct
|
|
*/
|
|
void selinux_ima_measure_state(struct selinux_state *state)
|
|
{
|
|
lockdep_assert_not_held(&state->policy_mutex);
|
|
|
|
mutex_lock(&state->policy_mutex);
|
|
selinux_ima_measure_state_locked(state);
|
|
mutex_unlock(&state->policy_mutex);
|
|
}
|