selinux/stable-6.2 PR 20221212

-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmOXmvkUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNP8BAA0jhzbzMXynz7es7dQTdE2J22umMe CzGoNxyMAPEYRPlTZmqqwSUaDPhtt4Z0MDkAG1Fn46qn3W8b0L31Z5kXTpanl+1P ZMP2WRCiuBS8V90XrMhQ9qvUjnIJwe/RRbwiyaSBxRUrN4MU6RA/q9suyYu/aKvo sueRJJtJgcwb8fGpKbaoGU4NiSeCCzabT7E+ofPYt4joCAdbLzokszbWrqEYInh/ yb6V03Mad/wl7jz3BwSwY+cVdEuJV+mDcfIg1yB7O9pr/H8HpIcXvYIyEICrVdGw nstkI76w22HcbHkWWbLWNAdPRUcMRA8Bf3GAXuhV+8gr2g8bt5ePEXsqkc1Oh75z o59TaBwCGxsE6qffBcytdBueqaf+CFWXv0kTIRGS9SMMCe6r3y8UIYxzdebOEB3v uJVWOUZTI3FqFdHl6v9I2d1R5FQurh2yX01JIe5vk2I5Oswy8hHVvDFxnJ5AEeUW Mcl/zV2lGgdfLrxQ+qideiTx/d71Dw/BExlyaFP8b1/ccX0X6vnOtvt6z3vw4KsR QDffPbFZhtApJuHBf05iYMXaUS41RU55sAaDtFh94eWRD5EZ9298qGpP6+weJvlz ofBvKaZswQj6ZdymoZB+A+vbwUKItp2ApijyLbOMtaP1RNY1/47aO0kQkmPRuHe7 5+cKG8cjyrruZXw= =4AGR -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: "Two SELinux patches: one increases the sleep time on deprecated functionality, and one removes the indirect calls in the sidtab context conversion code" * tag 'selinux-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: remove the sidtab context conversion indirect calls selinux: increase the deprecation sleep for checkreqprot and runtime disable
2024-11-10 14:11:52 +00:00 · 2022-12-13 09:32:05 -08:00 · 2022-12-13 09:32:05 -08:00 · 57888f7b95
commit 57888f7b95
parent bbdf4d5461 048be15649
5 changed files with 52 additions and 47 deletions
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
 	 */
 	pr_err("SELinux:  Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
 	pr_err("SELinux:  https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
-	ssleep(5);
+	ssleep(15);

 	if (count >= PAGE_SIZE)
 		return -ENOMEM;
@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,

 	checkreqprot_set(fsi->state, (new_value ? 1 : 0));
 	if (new_value)
-		ssleep(5);
+		ssleep(15);
 	length = count;

 	selinux_ima_measure_state(fsi->state);
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -68,12 +68,6 @@
 #include "policycap_names.h"
 #include "ima.h"

-struct convert_context_args {
-	struct selinux_state *state;
-	struct policydb *oldp;
-	struct policydb *newp;
-};
-
 struct selinux_policy_convert_data {
 	struct convert_context_args args;
 	struct sidtab_convert_params sidtab_params;
@ -2014,18 +2008,22 @@ static inline int convert_context_handle_invalid_context(
 	return 0;
 }

-/*
- * Convert the values in the security context
- * structure `oldc' from the values specified
- * in the policy `p->oldp' to the values specified
- * in the policy `p->newp', storing the new context
- * in `newc'.  Verify that the context is valid
- * under the new policy.
+/**
+ * services_convert_context - Convert a security context across policies.
+ * @args: populated convert_context_args struct
+ * @oldc: original context
+ * @newc: converted context
+ * @gfp_flags: allocation flags
+ *
+ * Convert the values in the security context structure @oldc from the values
+ * specified in the policy @args->oldp to the values specified in the policy
+ * @args->newp, storing the new context in @newc, and verifying that the
+ * context is valid under the new policy.
 */
-static int convert_context(struct context *oldc, struct context *newc, void *p,
-			   gfp_t gfp_flags)
+int services_convert_context(struct convert_context_args *args,
+			     struct context *oldc, struct context *newc,
+			     gfp_t gfp_flags)
 {
-	struct convert_context_args *args;
 	struct ocontext *oc;
 	struct role_datum *role;
 	struct type_datum *typdatum;
@ -2034,15 +2032,12 @@ static int convert_context(struct context *oldc, struct context *newc, void *p,
 	u32 len;
 	int rc;

-	args = p;
-
 	if (oldc->str) {
 		s = kstrdup(oldc->str, gfp_flags);
 		if (!s)
 			return -ENOMEM;

-		rc = string_to_context_struct(args->newp, NULL, s,
-					      newc, SECSID_NULL);
+		rc = string_to_context_struct(args->newp, NULL, s, newc, SECSID_NULL);
 		if (rc == -EINVAL) {
 			/*
 			 * Retain string representation for later mapping.
@ -2073,8 +2068,7 @@ static int convert_context(struct context *oldc, struct context *newc, void *p,

 	/* Convert the user. */
 	usrdatum = symtab_search(&args->newp->p_users,
-				 sym_name(args->oldp,
-					  SYM_USERS, oldc->user - 1));
+				 sym_name(args->oldp, SYM_USERS, oldc->user - 1));
 	if (!usrdatum)
 		goto bad;
 	newc->user = usrdatum->value;
@ -2088,8 +2082,7 @@ static int convert_context(struct context *oldc, struct context *newc, void *p,

 	/* Convert the type. */
 	typdatum = symtab_search(&args->newp->p_types,
-				 sym_name(args->oldp,
-					  SYM_TYPES, oldc->type - 1));
+				 sym_name(args->oldp, SYM_TYPES, oldc->type - 1));
 	if (!typdatum)
 		goto bad;
 	newc->type = typdatum->value;
@ -2123,8 +2116,7 @@ static int convert_context(struct context *oldc, struct context *newc, void *p,
 	/* Check the validity of the new context. */
 	if (!policydb_context_isvalid(args->newp, newc)) {
 		rc = convert_context_handle_invalid_context(args->state,
-							args->oldp,
-							oldc);
+							    args->oldp, oldc);
 		if (rc)
 			goto bad;
 	}
@ -2333,21 +2325,21 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
 		goto err_free_isids;
 	}

+	/*
+	 * Convert the internal representations of contexts
+	 * in the new SID table.
+	 */
+
 	convert_data = kmalloc(sizeof(*convert_data), GFP_KERNEL);
 	if (!convert_data) {
 		rc = -ENOMEM;
 		goto err_free_isids;
 	}

-	/*
-	 * Convert the internal representations of contexts
-	 * in the new SID table.
-	 */
 	convert_data->args.state = state;
 	convert_data->args.oldp = &oldpolicy->policydb;
 	convert_data->args.newp = &newpolicy->policydb;

-	convert_data->sidtab_params.func = convert_context;
 	convert_data->sidtab_params.args = &convert_data->args;
 	convert_data->sidtab_params.target = newpolicy->sidtab;

--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@ -29,10 +29,19 @@ struct selinux_policy {
 	u32 latest_granting;
 } __randomize_layout;

-void services_compute_xperms_drivers(struct extended_perms *xperms,
-				struct avtab_node *node);
+struct convert_context_args {
+	struct selinux_state *state;
+	struct policydb *oldp;
+	struct policydb *newp;
+};

+void services_compute_xperms_drivers(struct extended_perms *xperms,
+				     struct avtab_node *node);
 void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
-					struct avtab_node *node);
+				      struct avtab_node *node);
+
+int services_convert_context(struct convert_context_args *args,
+			     struct context *oldc, struct context *newc,
+			     gfp_t gfp_flags);

 #endif	/* _SS_SERVICES_H_ */
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@ -18,6 +18,7 @@
 #include "flask.h"
 #include "security.h"
 #include "sidtab.h"
+#include "services.h"

 struct sidtab_str_cache {
 	struct rcu_head rcu_member;
@ -292,7 +293,6 @@ int sidtab_context_to_sid(struct sidtab *s, struct context *context,
 	}

 	count = s->count;
-	convert = s->convert;

 	/* bail out if we already reached max entries */
 	rc = -EOVERFLOW;
@ -316,25 +316,29 @@ int sidtab_context_to_sid(struct sidtab *s, struct context *context,
 	 * if we are building a new sidtab, we need to convert the context
 	 * and insert it there as well
 	 */
+	convert = s->convert;
 	if (convert) {
+		struct sidtab *target = convert->target;
+
 		rc = -ENOMEM;
-		dst_convert = sidtab_do_lookup(convert->target, count, 1);
+		dst_convert = sidtab_do_lookup(target, count, 1);
 		if (!dst_convert) {
 			context_destroy(&dst->context);
 			goto out_unlock;
 		}

-		rc = convert->func(context, &dst_convert->context,
-				   convert->args, GFP_ATOMIC);
+		rc = services_convert_context(convert->args,
+					      context, &dst_convert->context,
+					      GFP_ATOMIC);
 		if (rc) {
 			context_destroy(&dst->context);
 			goto out_unlock;
 		}
 		dst_convert->sid = index_to_sid(count);
 		dst_convert->hash = context_compute_hash(&dst_convert->context);
-		convert->target->count = count + 1;
+		target->count = count + 1;

-		hash_add_rcu(convert->target->context_to_sid,
+		hash_add_rcu(target->context_to_sid,
 			     &dst_convert->list, dst_convert->hash);
 	}

@ -402,9 +406,10 @@ static int sidtab_convert_tree(union sidtab_entry_inner *edst,
 		}
 		i = 0;
 		while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
-			rc = convert->func(&esrc->ptr_leaf->entries[i].context,
-					   &edst->ptr_leaf->entries[i].context,
-					   convert->args, GFP_KERNEL);
+			rc = services_convert_context(convert->args,
+					&esrc->ptr_leaf->entries[i].context,
+					&edst->ptr_leaf->entries[i].context,
+					GFP_KERNEL);
 			if (rc)
 				return rc;
 			(*pos)++;
--- a/security/selinux/ss/sidtab.h
+++ b/security/selinux/ss/sidtab.h
@ -65,8 +65,7 @@ struct sidtab_isid_entry {
 };

 struct sidtab_convert_params {
-	int (*func)(struct context *oldc, struct context *newc, void *args, gfp_t gfp_flags);
-	void *args;
+	struct convert_context_args *args;
 	struct sidtab *target;
 };