From patchwork Thu Mar 21 01:19:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 1059699 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44PpqQ1kJYz9sRD; Thu, 21 Mar 2019 12:19:46 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1h6mMp-00018U-7i; Thu, 21 Mar 2019 01:19:35 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1h6mMn-00018O-Pc for kernel-team@lists.ubuntu.com; Thu, 21 Mar 2019 01:19:33 +0000 Received: from static-50-53-47-167.bvtn.or.frontiernet.net ([50.53.47.167] helo=[192.168.192.153]) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1h6mMn-0001d8-0U for kernel-team@lists.ubuntu.com; Thu, 21 Mar 2019 01:19:33 +0000 To: Kernel team list From: John Johansen Subject: [PULL][Disco] LSM stacking Openpgp: preference=signencrypt Autocrypt: addr=john.johansen@canonical.com; prefer-encrypt=mutual; keydata= xsFNBE5mrPoBEADAk19PsgVgBKkImmR2isPQ6o7KJhTTKjJdwVbkWSnNn+o6Up5knKP1f49E BQlceWg1yp/NwbR8ad+eSEO/uma/K+PqWvBptKC9SWD97FG4uB4/caomLEU97sLQMtnvGWdx rxVRGM4anzWYMgzz5TZmIiVTZ43Ou5VpaS1Vz1ZSxP3h/xKNZr/TcW5WQai8u3PWVnbkjhSZ PHv1BghN69qxEPomrJBm1gmtx3ZiVmFXluwTmTgJOkpFol7nbJ0ilnYHrA7SX3CtR1upeUpM a/WIanVO96WdTjHHIa43fbhmQube4txS3FcQLOJVqQsx6lE9B7qAppm9hQ10qPWwdfPy/+0W 6AWtNu5ASiGVCInWzl2HBqYd/Zll93zUq+NIoCn8sDAM9iH+wtaGDcJywIGIn+edKNtK72AM gChTg/j1ZoWH6ZeWPjuUfubVzZto1FMoGJ/SF4MmdQG1iQNtf4sFZbEgXuy9cGi2bomF0zvy BJSANpxlKNBDYKzN6Kz09HUAkjlFMNgomL/cjqgABtAx59L+dVIZfaF281pIcUZzwvh5+JoG eOW5uBSMbE7L38nszooykIJ5XrAchkJxNfz7k+FnQeKEkNzEd2LWc3QF4BQZYRT6PHHga3Rg ykW5+1wTMqJILdmtaPbXrF3FvnV0LRPcv4xKx7B3fGm7ygdoowARAQABzR1Kb2huIEpvaGFu c2VuIDxqb2huQGpqbXgubmV0PsLBegQTAQoAJAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIX gAUCTo0YVwIZAQAKCRAFLzZwGNXD2LxJD/9TJZCpwlncTgYeraEMeDfkWv8c1IsM1j0AmE4V tL+fE780ZVP9gkjgkdYSxt7ecETPTKMaZSisrl1RwqU0oogXdXQSpxrGH01icu/2n0jcYSqY KggPxy78BGs2LZq4XPfJTZmHZGnXGq/eDr/mSnj0aavBJmMZ6jbiPz6yHtBYPZ9fdo8btczw P41YeWoIu26/8II6f0Xm3VC5oAa8v7Rd+RWZa8TMwlhzHExxel3jtI7IzzOsnmE9/8Dm0ARD 5iTLCXwR1cwI/J9BF/S1Xv8PN1huT3ItCNdatgp8zqoJkgPVjmvyL64Q3fEkYbfHOWsaba9/ kAVtBNz9RTFh7IHDfECVaToujBd7BtPqr+qIjWFadJD3I5eLCVJvVrrolrCATlFtN3YkQs6J n1AiIVIU3bHR8Gjevgz5Ll6SCGHgRrkyRpnSYaU/uLgn37N6AYxi/QAL+by3CyEFLjzWAEvy Q8bq3Iucn7JEbhS/J//dUqLoeUf8tsGi00zmrITZYeFYARhQMtsfizIrVDtz1iPf/ZMp5gRB niyjpXn131cm3M3gv6HrQsAGnn8AJru8GDi5XJYIco/1+x/qEiN2nClaAOpbhzN2eUvPDY5W 0q3bA/Zp2mfG52vbRI+tQ0Br1Hd/vsntUHO903mMZep2NzN3BZ5qEvPvG4rW5Zq2DpybWc7B TQROZqz6ARAAoqw6kkBhWyM1fvgamAVjeZ6nKEfnRWbkC94L1EsJLup3Wb2X0ABNOHSkbSD4 pAuC2tKF/EGBt5CP7QdVKRGcQzAd6b2c1Idy9RLw6w4gi+nn/d1Pm1kkYhkSi5zWaIg0m5RQ Uk+El8zkf5tcE/1N0Z5OK2JhjwFu5bX0a0l4cFGWVQEciVMDKRtxMjEtk3SxFalm6ZdQ2pp2 822clnq4zZ9mWu1d2waxiz+b5Ia4weDYa7n41URcBEUbJAgnicJkJtCTwyIxIW2KnVyOrjvk QzIBvaP0FdP2vvZoPMdlCIzOlIkPLgxE0IWueTXeBJhNs01pb8bLqmTIMlu4LvBELA/veiaj j5s8y542H/aHsfBf4MQUhHxO/BZV7h06KSUfIaY7OgAgKuGNB3UiaIUS5+a9gnEOQLDxKRy/ a7Q1v9S+Nvx+7j8iH3jkQJhxT6ZBhZGRx0gkH3T+F0nNDm5NaJUsaswgJrqFZkUGd2Mrm1qn KwXiAt8SIcENdq33R0KKKRC80Xgwj8Jn30vXLSG+NO1GH0UMcAxMwy/pvk6LU5JGjZR73J5U LVhH4MLbDggD3mPaiG8+fotTrJUPqqhg9hyUEPpYG7sqt74Xn79+CEZcjLHzyl6vAFE2W0kx lLtQtUZUHO36afFv8qGpO3ZqPvjBUuatXF6tvUQCwf3H6XMAEQEAAcLBXwQYAQoACQUCTmas +gIbDAAKCRAFLzZwGNXD2D/XD/0ddM/4ai1b+Tl1jznKajX3kG+MeEYeI4f40vco3rOLrnRG FOcbyyfVF69MKepie4OwoI1jcTU0ADecnbWnDNHpr0SczxBMro3bnrLhsmvjunTYIvssBZtB 4aVJjuLILPUlnhFqa7fbVq0ZQjbiV/rt2jBENdm9pbJZ6GjnpYIcAbPCCa/ffL4/SQRSYHXo hGiiS4y5jBTmK5ltfewLOw02fkexH+IJFrrGBXDSg6n2Sgxnn++NF34fXcm9piaw3mKsICm+ 0hdNh4afGZ6IWV8PG2teooVDp4dYih++xX/XS8zBCc1O9w4nzlP2gKzlqSWbhiWpifRJBFa4 WtAeJTdXYd37j/BI4RWWhnyw7aAPNGj33ytGHNUf6Ro2/jtj4tF1y/QFXqjJG/wGjpdtRfbt UjqLHIsvfPNNJq/958p74ndACidlWSHzj+Op26KpbFnmwNO0psiUsnhvHFwPO/vAbl3RsR5+ 0Ro+hvs2cEmQuv9r/bDlCfpzp2t3cK+rhxUqisOx8DZfz1BnkaoCRFbvvvk+7L/fomPntGPk qJciYE8TGHkZw1hOku+4OoM2GB5nEDlj+2TF/jLQ+EipX9PkPJYvxfRlC6dK8PKKfX9KdfmA IcgHfnV1jSn+8yH2djBPtKiqW0J69aIsyx7iV/03paPCjJh7Xq9vAzydN5U/UA== Organization: Canonical Message-ID: <6735099f-bc8e-c633-b9ed-6dc9d01f2e06@canonical.com> Date: Wed, 20 Mar 2019 18:19:30 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Language: en-GB X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" The following patch set brings 5.1 LSM stacking to the Disco kernel. The cherry-picked patches have been refreshed to use the sha1s from upstream 5.1-rc2. The rest of the patch series makes it so that apparmor can stack with selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the bulk of this is reverting apparmor features that are currently unused in Ubuntu and require secid support. The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f: UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300) are available in the Git repository at: https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd: UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700) ---------------------------------------------------------------- Casey Schaufler (22): LSM: Add all exclusive LSMs to ordered initialization procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob UBUNTU: SAUCE: LSM: Limit calls to certain module hooks UBUNTU: SAUCE: LSM: Special handling for secctx lsm hooks UBUNTU: SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display Chris Coulson (1): apparmor: delete the dentry in aafs_remove() to avoid a leak John Johansen (21): apparmor: fix double free when unpack of secmark rules fails UBUNTU: SAUCE: LSM: Infrastructure management of the sock security UBUNTU: SAUCE: Fix-up af_unix mediation for sock infrastructure management UBUNTU: SAUCE: Revert "apparmor: Fix warning about unused function apparmor_ipv6_postroute" UBUNTU: SAUCE: Revert "apparmor: fix checkpatch error in Parse secmark policy" UBUNTU: SAUCE: Revert "apparmor: add #ifdef checks for secmark filtering" UBUNTU: SAUCE: Revert "apparmor: Allow filtering based on secmark policy" UBUNTU: SAUCE: Revert "apparmor: Parse secmark policy" UBUNTU: SAUCE: Revert "apparmor: Add a wildcard secid" UBUNTU: SAUCE: Revert "apparmor: fix bad debug check in apparmor_secid_to_secctx()" UBUNTU: SAUCE: Revert "apparmor: fixup secid map conversion to using IDR" UBUNTU: SAUCE: Revert "apparmor: Use an IDR to allocate apparmor secids" UBUNTU: SAUCE: Revert "apparmor: Fix memory leak of rule on error exit path" UBUNTU: SAUCE: Revert "apparmor: modify audit rule support to support profile stacks" UBUNTU: SAUCE: Revert "apparmor: Add support for audit rule filtering" UBUNTU: SAUCE: Revert "apparmor: add the ability to get a task's secid" UBUNTU: SAUCE: Revert "apparmor: add support for mapping secids and using secctxes" UBUNTU: SAUCE: apparmor: add proc subdir to attrs UBUNTU: SAUCE: apparmor: add an apparmorfs entry to access current attrs UBUNTU: SAUCE: apparmor: update flags to no longer be exclusive UBUNTU: SAUCE: update configs and annotations for LSM stacking Kees Cook (20): LSM: Introduce LSM_FLAG_LEGACY_MAJOR LSM: Provide separate ordered initialization LSM: Plumb visibility into optional "enabled" state LSM: Lift LSM selection out of individual LSMs LSM: Build ordered list of LSMs to initialize LSM: Introduce CONFIG_LSM LSM: Introduce "lsm=" for boottime LSM selection LSM: Tie enabling logic to presence in ordered list LSM: Prepare for reorganizing "security=" logic LSM: Refactor "security=" in terms of enable/disable LSM: Separate idea of "major" LSM from "exclusive" LSM apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE LSM: Split LSM preparation from initialization LoadPin: Initialize as ordered LSM Yama: Initialize as ordered LSM LSM: Introduce enum lsm_order capability: Initialize as LSM_ORDER_FIRST TOMOYO: Update LSM flags to no longer be exclusive LSM: Ignore "security=" when "lsm=" is specified Micah Morton (1): LSM: generalize flag passing to security_capable Petr Vorel (1): LSM: Update list of SECURITYFS users in Kconfig Tetsuo Handa (2): LSM: Make lsm_early_cred() and lsm_early_task() local functions. apparmor: Adjust offset when accessing task blob. Wei Yongjun (1): LSM: Make some functions static Documentation/admin-guide/LSM/index.rst | 13 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- debian.master/config/annotations | 12 +- debian.master/config/config.common.ubuntu | 8 +- fs/proc/base.c | 78 ++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 56 +- include/linux/security.h | 43 +- include/linux/selinux.h | 35 - kernel/capability.c | 22 +- kernel/cred.c | 13 - kernel/seccomp.c | 4 +- security/Kconfig | 44 +- security/apparmor/Kconfig | 16 - security/apparmor/af_unix.c | 14 +- security/apparmor/apparmorfs.c | 67 ++ security/apparmor/audit.c | 90 +-- security/apparmor/capability.c | 14 +- security/apparmor/domain.c | 2 +- security/apparmor/include/apparmorfs.h | 3 + security/apparmor/include/audit.h | 6 - security/apparmor/include/capability.h | 2 +- security/apparmor/include/cred.h | 16 +- security/apparmor/include/file.h | 5 +- security/apparmor/include/label.h | 2 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/net.h | 16 +- security/apparmor/include/policy.h | 3 - security/apparmor/include/secid.h | 20 +- security/apparmor/include/task.h | 18 +- security/apparmor/ipc.c | 3 +- security/apparmor/label.c | 7 +- security/apparmor/lsm.c | 257 ++----- security/apparmor/net.c | 68 -- security/apparmor/policy.c | 5 +- security/apparmor/policy_unpack.c | 61 -- security/apparmor/resource.c | 2 +- security/apparmor/secid.c | 149 +---- security/apparmor/task.c | 6 +- security/commoncap.c | 26 +- security/loadpin/loadpin.c | 8 +- security/security.c | 850 ++++++++++++++++++++++-- security/selinux/Kconfig | 15 - security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 - security/selinux/hooks.c | 440 ++++-------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 43 +- security/selinux/netlabel.c | 23 +- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 49 +- security/smack/smack_access.c | 6 +- security/smack/smack_lsm.c | 378 ++++------- security/smack/smack_netfilter.c | 8 +- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 22 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 48 +- security/yama/yama_lsm.c | 8 +- 63 files changed, 1642 insertions(+), 1554 deletions(-) delete mode 100644 include/linux/selinux.h delete mode 100644 security/selinux/exports.c