Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5825a95f authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull selinux updates from Paul Moore:

 - Add LSM hooks, and SELinux access control hooks, for dnotify,
   fanotify, and inotify watches. This has been discussed with both the
   LSM and fs/notify folks and everybody is good with these new hooks.

 - The LSM stacking changes missed a few calls to current_security() in
   the SELinux code; we fix those and remove current_security() for
   good.

 - Improve our network object labeling cache so that we always return
   the object's label, even when under memory pressure. Previously we
   would return an error if we couldn't allocate a new cache entry, now
   we always return the label even if we can't create a new cache entry
   for it.

 - Convert the sidtab atomic_t counter to a normal u32 with
   READ/WRITE_ONCE() and memory barrier protection.

 - A few patches to policydb.c to clean things up (remove forward
   declarations, long lines, bad variable names, etc)

* tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  lsm: remove current_security()
  selinux: fix residual uses of current_security() for the SELinux blob
  selinux: avoid atomic_t usage in sidtab
  fanotify, inotify, dnotify, security: add security hook for fs notifications
  selinux: always return a secid from the network caches if we find one
  selinux: policydb - rename type_val_to_struct_array
  selinux: policydb - fix some checkpatch.pl warnings
  selinux: shuffle around policydb.c to get rid of forward declarations
parents 3c6a6910 15322a0d

fs/notify/dnotify/dnotify.c

+12 −3
Original line number Diff line number Diff line
@@ -13,6 +13,7 @@ 
#include <linux/sched/signal.h>

#include <linux/dnotify.h>

#include <linux/init.h>

#include <linux/security.h>

#include <linux/spinlock.h>

#include <linux/slab.h>

#include <linux/fdtable.h>
@@ -279,6 +280,17 @@ int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg) 
		goto out_err;

	}



	/*

	 * convert the userspace DN_* "arg" to the internal FS_*

	 * defined in fsnotify

	 */

	mask = convert_arg(arg);



	error = security_path_notify(&filp->f_path, mask,

			FSNOTIFY_OBJ_TYPE_INODE);

	if (error)

		goto out_err;



	/* expect most fcntl to add new rather than augment old */

	dn = kmem_cache_alloc(dnotify_struct_cache, GFP_KERNEL);

	if (!dn) {
@@ -293,9 +305,6 @@ int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg) 
		goto out_err;

	}



	/* convert the userspace DN_* "arg" to the internal FS_* defines in fsnotify */

	mask = convert_arg(arg);



	/* set up the new_fsn_mark and new_dn_mark */

	new_fsn_mark = &new_dn_mark->fsn_mark;

	fsnotify_init_mark(new_fsn_mark, dnotify_group);

fs/notify/fanotify/fanotify_user.c

+17 −2
Original line number Diff line number Diff line
@@ -528,7 +528,8 @@ static const struct file_operations fanotify_fops = { 
};



static int fanotify_find_path(int dfd, const char __user *filename,

			      struct path *path, unsigned int flags)

			      struct path *path, unsigned int flags, __u64 mask,

			      unsigned int obj_type)

{

	int ret;
@@ -567,8 +568,15 @@ static int fanotify_find_path(int dfd, const char __user *filename, 


	/* you can only watch an inode if you have read permissions on it */

	ret = inode_permission(path->dentry->d_inode, MAY_READ);

	if (ret) {

		path_put(path);

		goto out;

	}



	ret = security_path_notify(path, mask, obj_type);

	if (ret)

		path_put(path);



out:

	return ret;

}
@@ -947,6 +955,7 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, 
	__kernel_fsid_t __fsid, *fsid = NULL;

	u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS;

	unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;

	unsigned int obj_type;

	int ret;



	pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
@@ -961,8 +970,13 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, 


	switch (mark_type) {

	case FAN_MARK_INODE:

		obj_type = FSNOTIFY_OBJ_TYPE_INODE;

		break;

	case FAN_MARK_MOUNT:

		obj_type = FSNOTIFY_OBJ_TYPE_VFSMOUNT;

		break;

	case FAN_MARK_FILESYSTEM:

		obj_type = FSNOTIFY_OBJ_TYPE_SB;

		break;

	default:

		return -EINVAL;
@@ -1030,7 +1044,8 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, 
		goto fput_and_out;

	}



	ret = fanotify_find_path(dfd, pathname, &path, flags);

	ret = fanotify_find_path(dfd, pathname, &path, flags,

			(mask & ALL_FSNOTIFY_EVENTS), obj_type);

	if (ret)

		goto fput_and_out;

fs/notify/inotify/inotify_user.c

+12 −2
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ 
#include <linux/poll.h>

#include <linux/wait.h>

#include <linux/memcontrol.h>

#include <linux/security.h>



#include "inotify.h"

#include "../fdinfo.h"
@@ -331,7 +332,8 @@ static const struct file_operations inotify_fops = { 
/*

 * find_inode - resolve a user-given path to a specific inode

 */

static int inotify_find_inode(const char __user *dirname, struct path *path, unsigned flags)

static int inotify_find_inode(const char __user *dirname, struct path *path,

						unsigned int flags, __u64 mask)

{

	int error;
@@ -340,8 +342,15 @@ static int inotify_find_inode(const char __user *dirname, struct path *path, uns 
		return error;

	/* you can only watch an inode if you have read permissions on it */

	error = inode_permission(path->dentry->d_inode, MAY_READ);

	if (error) {

		path_put(path);

		return error;

	}

	error = security_path_notify(path, mask,

				FSNOTIFY_OBJ_TYPE_INODE);

	if (error)

		path_put(path);



	return error;

}
@@ -733,7 +742,8 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname, 
	if (mask & IN_ONLYDIR)

		flags |= LOOKUP_DIRECTORY;



	ret = inotify_find_inode(pathname, &path, flags);

	ret = inotify_find_inode(pathname, &path, flags,

			(mask & IN_ALL_EVENTS));

	if (ret)

		goto fput_and_out;

include/linux/cred.h

+0 −1
Original line number Diff line number Diff line
@@ -386,7 +386,6 @@ static inline void put_cred(const struct cred *_cred) 
#define current_fsgid() 	(current_cred_xxx(fsgid))

#define current_cap()		(current_cred_xxx(cap_effective))

#define current_user()		(current_cred_xxx(user))

#define current_security()	(current_cred_xxx(security))



extern struct user_namespace init_user_ns;

#ifdef CONFIG_USER_NS

include/linux/lsm_hooks.h

+8 −1
Original line number Diff line number Diff line
@@ -339,6 +339,9 @@ 
 *	Check for permission to change root directory.

 *	@path contains the path structure.

 *	Return 0 if permission is granted.

 * @path_notify:

 *	Check permissions before setting a watch on events as defined by @mask,

 *	on an object at @path, whose type is defined by @obj_type.

 * @inode_readlink:

 *	Check the permission to read the symbolic link.

 *	@dentry contains the dentry structure for the file link.
@@ -1535,7 +1538,9 @@ union security_list_options { 
	int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);

	int (*path_chroot)(const struct path *path);

#endif



	/* Needed for inode based security check */

	int (*path_notify)(const struct path *path, u64 mask,

				unsigned int obj_type);

	int (*inode_alloc_security)(struct inode *inode);

	void (*inode_free_security)(struct inode *inode);

	int (*inode_init_security)(struct inode *inode, struct inode *dir,
@@ -1860,6 +1865,8 @@ struct security_hook_heads { 
	struct hlist_head path_chown;

	struct hlist_head path_chroot;

#endif

	/* Needed for inode based modules as well */

	struct hlist_head path_notify;

	struct hlist_head inode_alloc_security;

	struct hlist_head inode_free_security;

	struct hlist_head inode_init_security;