The attached patch synchronizes lsm-2.5 with a few changes made in the patches that have been posted recently for mainline 2.5, particularly: 1) The changes to the private file patch (open_private_file / close_private_file, mode -> flags) based on Andi Kleen's comments and Christoph Hellwig's comments. I've also added corresponding changes to the SELinux and DTE modules since they use private files. 2) The changes to the syslog hook patch (moving the existing capable check into the hook functions) based on Christoph's earlier comments. I've also added corresponding updates to the SELinux and DTE modules to call the secondary module's syslog hook so that they retain the same combined logic with the capable check. The patch also cleans up the calls to the sysctl and syslog hooks, making them consistent with the patches that were submitted, and rearranges the security_fixup_ops function for consistency with the submitted patches. Any objections to this patch? Should we apply equivalent changes to the lsm-2.4 tree for consistency? -- Stephen Smalley, NSA sdsat_private Index: lsm-2.5/fs/file_table.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/file_table.c,v retrieving revision 1.18 diff -u -r1.18 file_table.c --- lsm-2.5/fs/file_table.c 4 Dec 2002 21:58:25 -0000 1.18 +++ lsm-2.5/fs/file_table.c 24 Jan 2003 18:55:57 -0000 @@ -93,15 +93,16 @@ /* * Clear and initialize a (private) struct file for the given dentry, - * and call the open function (if any). The caller must verify that - * inode->i_fop is not NULL. + * allocate the security structure, and call the open function (if any). + * The file should be released using close_private_file. */ -int init_private_file(struct file *filp, struct dentry *dentry, int mode) +int open_private_file(struct file *filp, struct dentry *dentry, int flags) { int error; memset(filp, 0, sizeof(*filp)); eventpoll_init_file(filp); - filp->f_mode = mode; + filp->f_flags = flags; + filp->f_mode = (flags+1) & O_ACCMODE; atomic_set(&filp->f_count, 1); filp->f_dentry = dentry; filp->f_uid = current->fsuid; @@ -109,7 +110,7 @@ filp->f_op = dentry->d_inode->i_fop; error = security_file_alloc(filp); if (!error) - if (filp->f_op->open) { + if (filp->f_op && filp->f_op->open) { error = filp->f_op->open(dentry->d_inode, filp); if (error) security_file_free(filp); @@ -117,7 +118,11 @@ return error; } -void release_private_file(struct file *file) +/* + * Release a private file by calling the release function (if any) and + * freeing the security structure. + */ +void close_private_file(struct file *file) { struct inode * inode = file->f_dentry->d_inode; Index: lsm-2.5/fs/exportfs/expfs.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/exportfs/expfs.c,v retrieving revision 1.3 diff -u -r1.3 expfs.c --- lsm-2.5/fs/exportfs/expfs.c 8 Nov 2002 13:20:09 -0000 1.3 +++ lsm-2.5/fs/exportfs/expfs.c 24 Jan 2003 18:55:57 -0000 @@ -353,7 +353,7 @@ /* * Open the directory ... */ - error = init_private_file(&file, dentry, FMODE_READ); + error = open_private_file(&file, dentry, O_RDONLY); if (error) goto out; error = -EINVAL; @@ -381,7 +381,7 @@ } out_close: - release_private_file(&file); + close_private_file(&file); out: return error; } Index: lsm-2.5/fs/nfsd/vfs.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/nfsd/vfs.c,v retrieving revision 1.9 diff -u -r1.9 vfs.c --- lsm-2.5/fs/nfsd/vfs.c 13 Jan 2003 20:47:58 -0000 1.9 +++ lsm-2.5/fs/nfsd/vfs.c 24 Jan 2003 18:55:57 -0000 @@ -426,7 +426,7 @@ { struct dentry *dentry; struct inode *inode; - int flags = O_RDONLY|O_LARGEFILE, mode = FMODE_READ, err; + int flags = O_RDONLY|O_LARGEFILE, err; /* * If we get here, then the client has already done an "open", @@ -463,14 +463,12 @@ goto out_nfserr; flags = O_WRONLY|O_LARGEFILE; - mode = FMODE_WRITE; DQUOT_INIT(inode); } - err = init_private_file(filp, dentry, mode); + err = open_private_file(filp, dentry, flags); if (!err) { - filp->f_flags = flags; filp->f_vfsmnt = fhp->fh_export->ex_mnt; } else if (access & MAY_WRITE) put_write_access(inode); @@ -491,7 +489,7 @@ struct dentry *dentry = filp->f_dentry; struct inode *inode = dentry->d_inode; - release_private_file(filp); + close_private_file(filp); if (filp->f_mode & FMODE_WRITE) put_write_access(inode); } Index: lsm-2.5/include/linux/fs.h =================================================================== RCS file: /home/pal/CVS/lsm-2.5/include/linux/fs.h,v retrieving revision 1.40 diff -u -r1.40 fs.h --- lsm-2.5/include/linux/fs.h 17 Jan 2003 15:22:45 -0000 1.40 +++ lsm-2.5/include/linux/fs.h 24 Jan 2003 18:55:57 -0000 @@ -489,8 +489,10 @@ #define get_file(x) atomic_inc(&(x)->f_count) #define file_count(x) atomic_read(&(x)->f_count) -extern int init_private_file(struct file *, struct dentry *, int); -extern void release_private_file(struct file *file); +/* Initialize and open a private file and allocate its security structure. */ +extern int open_private_file(struct file *, struct dentry *, int); +/* Release a private file and free its security structure. */ +extern void close_private_file(struct file *file); #define MAX_NON_LFS ((1UL<<31) - 1) Index: lsm-2.5/include/linux/security.h =================================================================== RCS file: /home/pal/CVS/lsm-2.5/include/linux/security.h,v retrieving revision 1.34 diff -u -r1.34 security.h --- lsm-2.5/include/linux/security.h 16 Jan 2003 15:20:07 -0000 1.34 +++ lsm-2.5/include/linux/security.h 24 Jan 2003 16:21:12 -0000 @@ -53,6 +53,7 @@ extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_kmod_set_label (void); extern void cap_task_reparent_to_init (struct task_struct *p); +extern int cap_syslog (int type); /* * Values used in the task_security_ops calls @@ -2369,7 +2370,7 @@ static inline int security_syslog(int type) { - return 0; + return cap_syslog(type); } static inline int security_settime(struct timeval *tv, struct timezone *tz) Index: lsm-2.5/kernel/ksyms.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/ksyms.c,v retrieving revision 1.25 diff -u -r1.25 ksyms.c --- lsm-2.5/kernel/ksyms.c 14 Jan 2003 18:20:43 -0000 1.25 +++ lsm-2.5/kernel/ksyms.c 24 Jan 2003 18:55:57 -0000 @@ -179,8 +179,8 @@ EXPORT_SYMBOL(end_buffer_io_sync); EXPORT_SYMBOL(__mark_inode_dirty); EXPORT_SYMBOL(get_empty_filp); -EXPORT_SYMBOL(init_private_file); -EXPORT_SYMBOL(release_private_file); +EXPORT_SYMBOL(open_private_file); +EXPORT_SYMBOL(close_private_file); EXPORT_SYMBOL(filp_open); EXPORT_SYMBOL(filp_close); EXPORT_SYMBOL(put_filp); Index: lsm-2.5/kernel/printk.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/printk.c,v retrieving revision 1.17 diff -u -r1.17 printk.c --- lsm-2.5/kernel/printk.c 9 Jan 2003 15:01:58 -0000 1.17 +++ lsm-2.5/kernel/printk.c 24 Jan 2003 16:20:20 -0000 @@ -163,7 +163,7 @@ int error = 0; error = security_syslog(type); - if( error ) + if (error) return error; switch (type) { @@ -288,8 +288,6 @@ asmlinkage long sys_syslog(int type, char * buf, int len) { - if ((type != 3) && !capable(CAP_SYS_ADMIN)) - return -EPERM; return do_syslog(type, buf, len); } Index: lsm-2.5/kernel/sysctl.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/sysctl.c,v retrieving revision 1.19 diff -u -r1.19 sysctl.c --- lsm-2.5/kernel/sysctl.c 16 Dec 2002 18:43:15 -0000 1.19 +++ lsm-2.5/kernel/sysctl.c 24 Jan 2003 18:52:57 -0000 @@ -435,9 +435,8 @@ { int error; error = security_sysctl(table, op); - if(error) { + if (error) return error; - } return test_perm(table->mode, op); } Index: lsm-2.5/security/capability.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/capability.c,v retrieving revision 1.31 diff -u -r1.31 capability.c --- lsm-2.5/security/capability.c 10 Dec 2002 14:39:21 -0000 1.31 +++ lsm-2.5/security/capability.c 24 Jan 2003 16:22:06 -0000 @@ -279,6 +279,13 @@ return; } +int cap_syslog (int type) +{ + if ((type != 3) && !capable(CAP_SYS_ADMIN)) + return -EPERM; + return 0; +} + int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr) { @@ -302,6 +309,7 @@ EXPORT_SYMBOL(cap_netlink_send); EXPORT_SYMBOL(cap_netlink_recv); EXPORT_SYMBOL(cap_ip_decode_options); +EXPORT_SYMBOL(cap_syslog); #ifdef CONFIG_SECURITY @@ -320,6 +328,8 @@ .task_post_setuid = cap_task_post_setuid, .task_kmod_set_label = cap_task_kmod_set_label, .task_reparent_to_init = cap_task_reparent_to_init, + + .syslog = cap_syslog, .ip_decode_options = cap_ip_decode_options, }; Index: lsm-2.5/security/dummy.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/dummy.c,v retrieving revision 1.34 diff -u -r1.34 dummy.c --- lsm-2.5/security/dummy.c 16 Jan 2003 15:20:08 -0000 1.34 +++ lsm-2.5/security/dummy.c 24 Jan 2003 18:51:48 -0000 @@ -126,6 +126,8 @@ static int dummy_syslog (int type) { + if ((type != 3) && current->euid) + return -EPERM; return 0; } @@ -901,6 +903,8 @@ set_to_dummy_if_null(ops, capable); set_to_dummy_if_null(ops, quotactl); set_to_dummy_if_null(ops, quota_on); + set_to_dummy_if_null(ops, sysctl); + set_to_dummy_if_null(ops, syslog); set_to_dummy_if_null(ops, bprm_alloc_security); set_to_dummy_if_null(ops, bprm_free_security); set_to_dummy_if_null(ops, bprm_compute_creds); @@ -908,6 +912,7 @@ set_to_dummy_if_null(ops, bprm_check_security); set_to_dummy_if_null(ops, sb_alloc_security); set_to_dummy_if_null(ops, sb_free_security); + set_to_dummy_if_null(ops, sb_kern_mount); set_to_dummy_if_null(ops, sb_statfs); set_to_dummy_if_null(ops, sb_mount); set_to_dummy_if_null(ops, sb_check_sb); @@ -1002,14 +1007,11 @@ set_to_dummy_if_null(ops, reboot); set_to_dummy_if_null(ops, ioperm); set_to_dummy_if_null(ops, iopl); - set_to_dummy_if_null(ops, sysctl); set_to_dummy_if_null(ops, swapon); set_to_dummy_if_null(ops, swapoff); - set_to_dummy_if_null(ops, syslog); set_to_dummy_if_null(ops, settime); set_to_dummy_if_null(ops, netlink_send); set_to_dummy_if_null(ops, netlink_recv); - set_to_dummy_if_null(ops, sb_kern_mount); set_to_dummy_if_null(ops, ip_fragment); set_to_dummy_if_null(ops, ip_defragment); set_to_dummy_if_null(ops, ip_decapsulate); Index: lsm-2.5/security/dte/dte.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/dte/dte.c,v retrieving revision 1.24 diff -u -r1.24 dte.c --- lsm-2.5/security/dte/dte.c 8 Jan 2003 13:22:31 -0000 1.24 +++ lsm-2.5/security/dte/dte.c 24 Jan 2003 16:27:47 -0000 @@ -146,6 +146,8 @@ static int dte_syslog (int type) { + if (dte_secondary_ops) + return dte_secondary_ops->syslog(type); return 0; } Index: lsm-2.5/security/dte/mount.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/dte/mount.c,v retrieving revision 1.10 diff -u -r1.10 mount.c --- lsm-2.5/security/dte/mount.c 3 Jan 2003 13:57:18 -0000 1.10 +++ lsm-2.5/security/dte/mount.c 24 Jan 2003 19:08:50 -0000 @@ -147,9 +147,8 @@ } } - err = init_private_file(sb_sec->fp, dentry, FMODE_READ|FMODE_WRITE); + err = open_private_file(sb_sec->fp, dentry, O_RDWR | O_SYNC); fp = sb_sec->fp; - fp->f_flags = O_RDWR | O_SYNC; if (err) { printk(KERN_NOTICE "dte_setup_eafile: no dte ea file for %s, %d.\n", @@ -158,6 +157,7 @@ printk(KERN_NOTICE "dte_setup_eafile: no rw support for %s's ea file.\n", devname); dput(fp->f_dentry); + close_private_file(fp); } else { /* read type table from the ea file */ offset = 0; @@ -465,6 +465,7 @@ printk(KERN_NOTICE "dte_umount: dput'ing eafp.\n"); dput(sb_sec->fp->f_dentry); sb_sec->fp_ready = 0; + close_private_file(sb_sec->fp); printk(KERN_NOTICE "dte_umount: dput'ed eafp.\n"); } if (sb_sec->fp) { Index: lsm-2.5/security/selinux/hooks.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/selinux/hooks.c,v retrieving revision 1.91 diff -u -r1.91 hooks.c --- lsm-2.5/security/selinux/hooks.c 16 Jan 2003 15:23:03 -0000 1.91 +++ lsm-2.5/security/selinux/hooks.c 24 Jan 2003 16:26:47 -0000 @@ -1523,6 +1523,10 @@ { int rc; + rc = secondary_ops->syslog(type); + if (rc) + return rc; + switch (type) { case 3: /* Read last kernel messages */ rc = task_has_system(current, SYSTEM__SYSLOG_READ); Index: lsm-2.5/security/selinux/psid.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/selinux/psid.c,v retrieving revision 1.15 diff -u -r1.15 psid.c --- lsm-2.5/security/selinux/psid.c 9 Jan 2003 15:17:17 -0000 1.15 +++ lsm-2.5/security/selinux/psid.c 24 Jan 2003 19:23:41 -0000 @@ -172,7 +172,7 @@ for (i = 0; i < PSEC_NFILES; i++) { if (t->files[i].f_dentry) { dput(t->files[i].f_dentry); - release_private_file(&t->files[i]); + close_private_file(&t->files[i]); } } @@ -565,12 +565,11 @@ inode_security_set_sid(file->d_inode, SECINITSID_FILE_LABELS); /* "Open" the file and set it for synchronous writes */ - rc = init_private_file(&t->files[index], file, 3); - t->files[index].f_flags = O_RDWR; + rc = open_private_file(&t->files[index], file, O_RDWR); if (index == PSEC_CONTEXTS || index == PSEC_INDEX) t->files[index].f_flags |= O_SYNC; if (rc) { - printk("psidfiles_init: init_private_file returned %d\n", -rc); + printk("psidfiles_init: open_private_file returned %d\n", -rc); goto bad_file; } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 11:48:20 PST