| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250320190717.2287696-7-mic@digikod.net>
Date: Thu, 20 Mar 2025 20:06:55 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Eric Paris <eparis@...hat.com>,
Paul Moore <paul@...l-moore.com>,
Günther Noack <gnoack@...gle.com>,
"Serge E . Hallyn" <serge@...lyn.com>
Cc: Mickaël Salaün <mic@...ikod.net>,
Ben Scarlato <akhna@...gle.com>,
Casey Schaufler <casey@...aufler-ca.com>,
Charles Zaffery <czaffery@...lox.com>,
Daniel Burgener <dburgener@...ux.microsoft.com>,
Francis Laniel <flaniel@...ux.microsoft.com>,
James Morris <jmorris@...ei.org>,
Jann Horn <jannh@...gle.com>,
Jeff Xu <jeffxu@...gle.com>,
Jorge Lucangeli Obes <jorgelo@...gle.com>,
Kees Cook <kees@...nel.org>,
Konstantin Meskhidze <konstantin.meskhidze@...wei.com>,
Matt Bobrowski <mattbobrowski@...gle.com>,
Matthieu Buffet <matthieu@...fet.re>,
Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>,
Phil Sutter <phil@....cc>,
Praveen K Paladugu <prapal@...ux.microsoft.com>,
Robert Salvet <robert.salvet@...lox.com>,
Shervin Oloumi <enlightened@...gle.com>,
Song Liu <song@...nel.org>,
Tahera Fahimi <fahimitahera@...il.com>,
Tingmao Wang <m@...wtm.org>,
Tyler Hicks <code@...icks.com>,
audit@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [PATCH v7 06/28] landlock: Prepare to use credential instead of domain for scope
This cosmetic change that is needed for audit support, specifically to
be able to filter according to cross-execution boundaries.
Replace hardcoded LANDLOCK_SCOPE_SIGNAL with the signal_scope.scope
variable.
Use scoped guards for RCU read-side critical sections.
Cc: Günther Noack <gnoack@...gle.com>
Signed-off-by: Mickaël Salaün <mic@...ikod.net>
---
Changes since v6:
- Rebase on the signal scoping fix.
Changes since v4:
- New patch.
---
security/landlock/task.c | 49 +++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 23 deletions(-)
diff --git a/security/landlock/task.c b/security/landlock/task.c
index e04646d80e78..a44b8e4a6ea6 100644
--- a/security/landlock/task.c
+++ b/security/landlock/task.c
@@ -7,6 +7,7 @@
*/
#include <asm/current.h>
+#include <linux/cleanup.h>
#include <linux/cred.h>
#include <linux/errno.h>
#include <linux/kernel.h>
@@ -214,15 +215,15 @@ static int hook_unix_stream_connect(struct sock *const sock,
struct sock *const other,
struct sock *const newsk)
{
- const struct landlock_ruleset *const dom =
- landlock_get_applicable_domain(landlock_get_current_domain(),
- unix_scope);
+ const struct landlock_cred_security *const subject =
+ landlock_get_applicable_subject(current_cred(), unix_scope,
+ NULL);
/* Quick return for non-landlocked tasks. */
- if (!dom)
+ if (!subject)
return 0;
- if (is_abstract_socket(other) && sock_is_scoped(other, dom))
+ if (is_abstract_socket(other) && sock_is_scoped(other, subject->domain))
return -EPERM;
return 0;
@@ -231,11 +232,11 @@ static int hook_unix_stream_connect(struct sock *const sock,
static int hook_unix_may_send(struct socket *const sock,
struct socket *const other)
{
- const struct landlock_ruleset *const dom =
- landlock_get_applicable_domain(landlock_get_current_domain(),
- unix_scope);
+ const struct landlock_cred_security *const subject =
+ landlock_get_applicable_subject(current_cred(), unix_scope,
+ NULL);
- if (!dom)
+ if (!subject)
return 0;
/*
@@ -245,7 +246,8 @@ static int hook_unix_may_send(struct socket *const sock,
if (unix_peer(sock->sk) == other->sk)
return 0;
- if (is_abstract_socket(other->sk) && sock_is_scoped(other->sk, dom))
+ if (is_abstract_socket(other->sk) &&
+ sock_is_scoped(other->sk, subject->domain))
return -EPERM;
return 0;
@@ -257,15 +259,12 @@ static const struct access_masks signal_scope = {
static int hook_task_kill(struct task_struct *const p,
struct kernel_siginfo *const info, const int sig,
- const struct cred *const cred)
+ const struct cred *cred)
{
bool is_scoped;
- const struct landlock_ruleset *dom;
+ const struct landlock_cred_security *subject;
- if (cred) {
- /* Dealing with USB IO. */
- dom = landlock_cred(cred)->domain;
- } else {
+ if (!cred) {
/*
* Always allow sending signals between threads of the same process.
* This is required for process credential changes by the Native POSIX
@@ -277,18 +276,22 @@ static int hook_task_kill(struct task_struct *const p,
if (same_thread_group(p, current))
return 0;
- dom = landlock_get_current_domain();
+ /* Not dealing with USB IO. */
+ cred = current_cred();
}
- dom = landlock_get_applicable_domain(dom, signal_scope);
+
+ subject = landlock_get_applicable_subject(cred, signal_scope, NULL);
/* Quick return for non-landlocked tasks. */
- if (!dom)
+ if (!subject)
return 0;
- rcu_read_lock();
- is_scoped = domain_is_scoped(dom, landlock_get_task_domain(p),
- LANDLOCK_SCOPE_SIGNAL);
- rcu_read_unlock();
+ scoped_guard(rcu)
+ {
+ is_scoped = domain_is_scoped(subject->domain,
+ landlock_get_task_domain(p),
+ signal_scope.scope);
+ }
if (is_scoped)
return -EPERM;
--
2.49.0
Powered by blists - more mailing lists