From f96c6e2fdf356414d97685cd75b12f22ac1be89f Mon Sep 17 00:00:00 2001 From: Karol Lewandowski Date: Thu, 23 Jun 2016 15:02:50 +0200 Subject: [PATCH] Remove kdbus Linux Security Module hooks This commit removes support for kdbus-LSM hooks as policy decisions are handled solely by userspace (libdbuspolicy library). This commit reverts following: - 802de9506 ("lsm: smack: smack callbacks for kdbus security hooks") - f13b7e7bd ("kdbus: use LSM hooks in kdbus code") - 067afa709 ("lsm: smack: Make ipc/kdbus includes visible so smack callbacks could see them") - 442f047fd ("lsm: make security_file_receive available for external modules") - 3b556db4b ("lsm: kdbus security hooks") Change-Id: Iae90cdb9577a9e706288b28d70bd57574398276e Signed-off-by: Karol Lewandowski Signed-off-by: Seung-Woo Kim --- include/linux/security.h | 50 ------------------------------------- ipc/kdbus/connection.c | 25 ++----------------- ipc/kdbus/connection.h | 5 ---- ipc/kdbus/names.c | 3 --- ipc/kdbus/queue.c | 30 ++++++++--------------- security/capability.c | 24 ------------------ security/security.c | 24 ------------------ security/smack/Makefile | 2 -- security/smack/smack_lsm.c | 61 ---------------------------------------------- 9 files changed, 12 insertions(+), 212 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index bf6e5dc..18264ea 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -53,7 +53,6 @@ struct msg_queue; struct xattr; struct xfrm_sec_ctx; struct mm_struct; -struct kdbus_conn; /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 @@ -1456,20 +1455,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @inode we wish to get the security context of. * @ctx is a pointer in which to place the allocated security context. * @ctxlen points to the place to put the length of @ctx. - * - * Security hooks for kdbus - * - * @kdbus_conn_alloc: - * Allocate and initialize security related part of kdbus connection. - * Return 0 on success. - * - * @kdbus_conn_free: - * Deallocate security related part of kdbus connection. - * - * @kdbus_talk: - * Check if peers can talk to each other. - * Return 0 if permission is granted. - * * This is the main security structure. */ struct security_operations { @@ -1687,13 +1672,6 @@ struct security_operations { int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen); int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); -#ifdef CONFIG_KDBUS - int (*kdbus_conn_alloc)(struct kdbus_conn *conn); - void (*kdbus_conn_free)(struct kdbus_conn *conn); - int (*kdbus_talk)(const struct kdbus_conn *src, - const struct kdbus_conn *dst); -#endif /* CONFIG_KDBUS */ - #ifdef CONFIG_SECURITY_NETWORK int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk); int (*unix_may_send) (struct socket *sock, struct socket *other); @@ -3116,34 +3094,6 @@ static inline int security_path_chroot(struct path *path) } #endif /* CONFIG_SECURITY_PATH */ -#ifdef CONFIG_KDBUS -#ifdef CONFIG_SECURITY - -int security_kdbus_conn_alloc(struct kdbus_conn *conn); -void security_kdbus_conn_free(struct kdbus_conn *conn); -int security_kdbus_talk(const struct kdbus_conn *src, - const struct kdbus_conn *dst); - -#else /* CONFIG_SECURITY */ - -static inline int security_kdbus_conn_alloc(struct kdbus_conn *conn) -{ - return 0; -} - -static inline void security_kdbus_conn_free(struct kdbus_conn *conn) -{ -} - -static inline int security_kdbus_talk(const struct kdbus_conn *src, - const struct kdbus_conn *dst) -{ - return 0; -} - -#endif /* CONFIG_SECURITY */ -#endif /* CONFIG_KDBUS */ - #ifdef CONFIG_KEYS #ifdef CONFIG_SECURITY diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c index 8800077..02a6872 100644 --- a/ipc/kdbus/connection.c +++ b/ipc/kdbus/connection.c @@ -31,7 +31,6 @@ #include #include #include -#include #include "bus.h" #include "connection.h" @@ -54,7 +53,7 @@ #define KDBUS_CONN_ACTIVE_NEW (INT_MIN + 1) /* Disable internal kdbus policy - possibilities of connections to own, see and - * talk to names are restricted by libdbuspolicy library and LSM hooks + * talk to names are restricted by libdbuspolicy library */ #define DISABLE_KDBUS_POLICY @@ -228,10 +227,6 @@ static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep, bool privileged, } } - ret = security_kdbus_conn_alloc(conn); - if (ret) - goto exit_unref; - if (atomic_inc_return(&conn->user->connections) > KDBUS_USER_MAX_CONN) { /* decremented by destructor as conn->user is valid */ ret = -EMFILE; @@ -286,7 +281,6 @@ static void __kdbus_conn_free(struct kref *kref) kdbus_pool_free(conn->pool); kdbus_ep_unref(conn->ep); put_cred(conn->cred); - security_kdbus_conn_free(conn); kfree(conn->description); kfree(conn->quota); kfree(conn); @@ -1126,10 +1120,6 @@ static int kdbus_conn_reply(struct kdbus_conn *src, struct kdbus_kmsg *kmsg) if (ret < 0) goto exit; - ret = security_kdbus_talk(src, dst); - if (ret) - goto exit; - mutex_lock(&dst->lock); reply = kdbus_reply_find(src, dst, kmsg->msg.cookie_reply); if (reply) { @@ -1219,12 +1209,8 @@ static struct kdbus_reply *kdbus_conn_call(struct kdbus_conn *src, if (ret < 0) goto exit; - ret = security_kdbus_talk(src, dst); - if (ret) - goto exit; - /* Disable internal kdbus policy - possibilities of connections to own, - * see and talk to well-known names are restricted by LSM hooks + * see and talk to well-known names are restricted by libdbuspolicy if (!kdbus_conn_policy_talk(src, current_cred(), dst)) { ret = -EPERM; goto exit; @@ -1296,10 +1282,6 @@ static int kdbus_conn_unicast(struct kdbus_conn *src, struct kdbus_kmsg *kmsg) if (ret < 0) goto exit; - ret = security_kdbus_talk(src, dst); - if (ret) - goto exit; - if (is_signal) { /* like broadcasts we eavesdrop even if the msg is dropped */ kdbus_bus_eavesdrop(bus, src, kmsg); @@ -1308,12 +1290,9 @@ static int kdbus_conn_unicast(struct kdbus_conn *src, struct kdbus_kmsg *kmsg) if (!kdbus_match_db_match_kmsg(dst->match_db, src, kmsg) || !kdbus_conn_policy_talk(dst, NULL, src)) goto exit; - /* Disable internal kdbus policy - possibilities of connections to own, - * see and talk to well-known names are restricted by LSM hooks } else if (!kdbus_conn_policy_talk(src, current_cred(), dst)) { ret = -EPERM; goto exit; - */ } else if (kmsg->msg.flags & KDBUS_MSG_EXPECT_REPLY) { wait = kdbus_reply_new(dst, src, &kmsg->msg, name, false); if (IS_ERR(wait)) { diff --git a/ipc/kdbus/connection.h b/ipc/kdbus/connection.h index 4a5c120..d1ffe90 100644 --- a/ipc/kdbus/connection.h +++ b/ipc/kdbus/connection.h @@ -73,7 +73,6 @@ struct kdbus_kmsg; * @names_queue_list: Well-known names this connection waits for * @privileged: Whether this connection is privileged on the bus * @faked_meta: Whether the metadata was faked on HELLO - * @security: LSM security blob */ struct kdbus_conn { struct kref kref; @@ -114,10 +113,6 @@ struct kdbus_conn { bool privileged:1; bool faked_meta:1; - -#ifdef CONFIG_SECURITY - void *security; -#endif }; struct kdbus_conn *kdbus_conn_ref(struct kdbus_conn *conn); diff --git a/ipc/kdbus/names.c b/ipc/kdbus/names.c index 90e0c01..df99e4d 100644 --- a/ipc/kdbus/names.c +++ b/ipc/kdbus/names.c @@ -290,13 +290,10 @@ int kdbus_name_acquire(struct kdbus_name_registry *reg, down_write(®->rwlock); - /* Disable internal kdbus policy - possibilities of connections to own, - * see and talk to well-known names are restricted by LSM hooks if (!kdbus_conn_policy_own_name(conn, current_cred(), name)) { ret = -EPERM; goto exit_unlock; } - */ hash = kdbus_strhash(name); e = kdbus_name_find(reg, hash, name); diff --git a/ipc/kdbus/queue.c b/ipc/kdbus/queue.c index e04aee6..a449464 100644 --- a/ipc/kdbus/queue.c +++ b/ipc/kdbus/queue.c @@ -28,7 +28,6 @@ #include #include #include -#include #include "util.h" #include "domain.h" @@ -515,17 +514,12 @@ int kdbus_queue_entry_install(struct kdbus_queue_entry *entry, for (i = 0; i < res->fds_count; i++) { if (install_fds) { - if (security_file_receive(res->fds[i])) { - fds[i] = -1; + fds[i] = get_unused_fd_flags(O_CLOEXEC); + if (fds[i] >= 0) + fd_install(fds[i], + get_file(res->fds[i])); + else incomplete_fds = true; - } else { - fds[i] = get_unused_fd_flags(O_CLOEXEC); - if (fds[i] >= 0) - fd_install(fds[i], - get_file(res->fds[i])); - else - incomplete_fds = true; - } } else { fds[i] = -1; } @@ -563,17 +557,13 @@ int kdbus_queue_entry_install(struct kdbus_queue_entry *entry, m.fd = -1; if (install_fds) { - if (security_file_receive(d->memfd.file)) { + m.fd = get_unused_fd_flags(O_CLOEXEC); + if (m.fd < 0) { + m.fd = -1; incomplete_fds = true; } else { - m.fd = get_unused_fd_flags(O_CLOEXEC); - if (m.fd < 0) { - m.fd = -1; - incomplete_fds = true; - } else { - fd_install(m.fd, - get_file(d->memfd.file)); - } + fd_install(m.fd, + get_file(d->memfd.file)); } } diff --git a/security/capability.c b/security/capability.c index 4b01edd..0d03fcc 100644 --- a/security/capability.c +++ b/security/capability.c @@ -595,25 +595,6 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops, return 0; } -#ifdef CONFIG_KDBUS - -static int cap_kdbus_conn_alloc(struct kdbus_conn *conn) -{ - return 0; -} - -static void cap_kdbus_conn_free(struct kdbus_conn *conn) -{ -} - -static int cap_kdbus_talk(const struct kdbus_conn *src, - const struct kdbus_conn *dst) -{ - return 0; -} - -#endif /* CONFIG_KDBUS */ - #ifdef CONFIG_SECURITY_NETWORK static int cap_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) @@ -1111,11 +1092,6 @@ void __init security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, inode_notifysecctx); set_to_cap_if_null(ops, inode_setsecctx); set_to_cap_if_null(ops, inode_getsecctx); -#ifdef CONFIG_KDBUS - set_to_cap_if_null(ops, kdbus_conn_alloc); - set_to_cap_if_null(ops, kdbus_conn_free); - set_to_cap_if_null(ops, kdbus_talk); -#endif /* CONFIG_KDBUS */ #ifdef CONFIG_SECURITY_NETWORK set_to_cap_if_null(ops, unix_stream_connect); set_to_cap_if_null(ops, unix_may_send); diff --git a/security/security.c b/security/security.c index f244302..8e9b1f4 100644 --- a/security/security.c +++ b/security/security.c @@ -812,7 +812,6 @@ int security_file_receive(struct file *file) { return security_ops->file_receive(file); } -EXPORT_SYMBOL(security_file_receive); int security_file_open(struct file *file, const struct cred *cred) { @@ -1153,29 +1152,6 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } EXPORT_SYMBOL(security_inode_getsecctx); -#ifdef CONFIG_KDBUS - -int security_kdbus_conn_alloc(struct kdbus_conn *conn) -{ - return security_ops->kdbus_conn_alloc(conn); -} -EXPORT_SYMBOL(security_kdbus_conn_alloc); - -void security_kdbus_conn_free(struct kdbus_conn *conn) -{ - security_ops->kdbus_conn_free(conn); -} -EXPORT_SYMBOL(security_kdbus_conn_free); - -int security_kdbus_talk(const struct kdbus_conn *src, - const struct kdbus_conn *dst) -{ - return security_ops->kdbus_talk(src, dst); -} -EXPORT_SYMBOL(security_kdbus_talk); - -#endif /* CONFIG_KDBUS */ - #ifdef CONFIG_SECURITY_NETWORK int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) diff --git a/security/smack/Makefile b/security/smack/Makefile index bd6927c..ee2ebd5 100644 --- a/security/smack/Makefile +++ b/security/smack/Makefile @@ -6,5 +6,3 @@ obj-$(CONFIG_SECURITY_SMACK) := smack.o smack-y := smack_lsm.o smack_access.o smackfs.o smack-$(CONFIG_SECURITY_SMACK_NETFILTER) += smack_netfilter.o - -ccflags-y += -Iipc diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e111490..793c23a 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -42,7 +42,6 @@ #include #include #include -#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -3616,60 +3615,6 @@ static int smack_setprocattr(struct task_struct *p, char *name, return size; } -#ifdef CONFIG_KDBUS - -/** - * smack_kdbus_conn_alloc - Set the security blob for a KDBus connection - * @conn: the connection - * - * Returns 0 - */ -static int smack_kdbus_conn_alloc(struct kdbus_conn *conn) -{ - conn->security = smk_of_current(); - - return 0; -} - -/** - * smack_kdbus_conn_free - Clear the security blob for a KDBus connection - * @conn: the connection - * - * Clears the blob pointer - */ -static void smack_kdbus_conn_free(struct kdbus_conn *conn) -{ - conn->security = NULL; -} - -/** - * smack_kdbus_talk - Smack access on KDBus - * @src: source kdbus connection - * @dst: destination kdbus connection - * - * Return 0 if a subject with the smack of sock could access - * an object with the smack of other, otherwise an error code - */ -static int smack_kdbus_talk(const struct kdbus_conn *src, - const struct kdbus_conn *dst) -{ - struct smk_audit_info ad; - struct smack_known *sskp = src->security; - struct smack_known *dskp = dst->security; - int rc; - - if (smack_privileged(CAP_MAC_OVERRIDE)) - return 0; - - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NONE); - - rc = smk_access(sskp, dskp, MAY_WRITE, &ad); - rc = smk_bu_note("kdbus talk", sskp, dskp, MAY_WRITE, rc); - return rc; -} - -#endif /* CONFIG_KDBUS */ - /** * smack_unix_stream_connect - Smack access on UDS * @sock: one sock @@ -4691,12 +4636,6 @@ struct security_operations smack_ops = { .getprocattr = smack_getprocattr, .setprocattr = smack_setprocattr, -#ifdef CONFIG_KDBUS - .kdbus_conn_alloc = smack_kdbus_conn_alloc, - .kdbus_conn_free = smack_kdbus_conn_free, - .kdbus_talk = smack_kdbus_talk, -#endif - .unix_stream_connect = smack_unix_stream_connect, .unix_may_send = smack_unix_may_send, -- 2.7.4