Re: [PATCH v19 06/23] LSM: Use lsmblob in security_secctx_to_secid

On 7/24/20 1:32 PM, Casey Schaufler wrote: > Change security_secctx_to_secid() to fill in a lsmblob instead > of a u32 secid. Multiple LSMs may be able to interpret the > string, and this allows for setting whichever secid is > appropriate. Change security_secmark_relabel_packet() to use a > lsmblob instead of a u32 secid. In some other cases there is > scaffolding where interfaces have yet to be converted. > > Reviewed-by: Kees Cook <keescook(a)chromium.org&gt; > Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; > Cc: netdev(a)vger.kernel.org one comment below, but its a nice to have so Reviewed-by: John Johansen <john.johansen(a)canonical.com&gt; > --- > include/linux/security.h | 30 +++++++++++++++++++++++---- > include/net/scm.h | 7 +++++-- > kernel/cred.c | 4 +--- > net/ipv4/ip_sockglue.c | 6 ++++-- > net/netfilter/nft_meta.c | 18 +++++++++------- > net/netfilter/xt_SECMARK.c | 9 ++++++-- > net/netlabel/netlabel_unlabeled.c | 23 +++++++++++++-------- > security/security.c | 34 ++++++++++++++++++++++++++----- > 8 files changed, 98 insertions(+), 33 deletions(-) > > diff --git a/include/linux/security.h b/include/linux/security.h > index d81e8886d799..98176faaaba5 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -189,6 +189,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) > return !memcmp(bloba, blobb, sizeof(*bloba)); > } > > +/** > + * lsmblob_value - find the first non-zero value in an lsmblob structure. > + * @blob: Pointer to the data > + * > + * This needs to be used with extreme caution, as the cases where > + * it is appropriate are rare. > + * > + * Return the first secid value set in the lsmblob. > + * There should only be one. It would be really nice if we could have an LSM debug config, that would do things like checking there is indeed only one value when this fn is called.