From c75c7945cd49c05404b00358108084a175a5fb29 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 25 Nov 2024 12:06:44 +0100 Subject: selinux: use native iterator types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use types for iterators equal to the type of the to be compared values. Reported by clang: ../ss/sidtab.c:126:2: warning: comparison of integers of different signs: 'int' and 'unsigned long' 126 | hash_for_each_rcu(sidtab->context_to_sid, i, entry, list) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../hashtable.h:139:51: note: expanded from macro 'hash_for_each_rcu' 139 | for (... ; obj == NULL && (bkt) < HASH_SIZE(name);\ | ~~~ ^ ~~~~~~~~~~~~~~~ ../selinuxfs.c:1520:23: warning: comparison of integers of different signs: 'int' and 'unsigned int' 1520 | for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { | ~~~ ^ ~~~~~~~~~~ ../hooks.c:412:16: warning: comparison of integers of different signs: 'int' and 'unsigned long' 412 | for (i = 0; i < ARRAY_SIZE(tokens); i++) { | ~ ^ ~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche [PM: munged the clang output due to line length concerns] Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f5a08f94e094..2afc45f355a4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -407,7 +407,7 @@ static const struct { static int match_opt_prefix(char *s, int l, char **arg) { - int i; + unsigned int i; for (i = 0; i < ARRAY_SIZE(tokens); i++) { size_t len = tokens[i].len; -- cgit v1.2.3 From 034294fbfdf0ded4f931f9503d2ca5bbf8b9aebd Mon Sep 17 00:00:00 2001 From: Mikhail Ivanov Date: Tue, 12 Nov 2024 22:52:03 +0800 Subject: selinux: Fix SCTP error inconsistency in selinux_socket_bind() Check sk->sk_protocol instead of security class to recognize SCTP socket. SCTP socket is initialized with SECCLASS_SOCKET class if policy does not support EXTSOCKCLASS capability. In this case bind(2) hook wrongfully return EAFNOSUPPORT instead of EINVAL. The inconsistency was detected with help of Landlock tests: https://lore.kernel.org/all/b58680ca-81b2-7222-7287-0ac7f4227c3c@huawei-partners.com/ Fixes: 0f8db8cc73df ("selinux: add AF_UNSPEC and INADDR_ANY checks to selinux_socket_bind()") Signed-off-by: Mikhail Ivanov Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2afc45f355a4..5e5f3398f39d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4835,7 +4835,7 @@ out: return err; err_af: /* Note that SCTP services expect -EINVAL, others -EAFNOSUPPORT. */ - if (sksec->sclass == SECCLASS_SCTP_SOCKET) + if (sk->sk_protocol == IPPROTO_SCTP) return -EINVAL; return -EAFNOSUPPORT; } -- cgit v1.2.3 From 2ef6fc99e0d922a54073e7b6d6465c62f4d3b62b Mon Sep 17 00:00:00 2001 From: Thiébaud Weksteen Date: Thu, 5 Dec 2024 12:21:00 +1100 Subject: selinux: add netlink nlmsg_type audit message MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a new audit message type to capture nlmsg-related information. This is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other SELinux extended permission (ioctl). Adding a new type is preferred to adding to the existing lsm_network_audit structure which contains irrelevant information for the netlink sockets (i.e., dport, sport). Signed-off-by: Thiébaud Weksteen [PM: change "nlnk-msgtype" to "nl-msgtype" as discussed] Signed-off-by: Paul Moore --- include/linux/lsm_audit.h | 2 ++ security/lsm_audit.c | 3 +++ security/selinux/hooks.c | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index 97a8b21eb033..69d2b7bc00ed 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -77,6 +77,7 @@ struct common_audit_data { #define LSM_AUDIT_DATA_LOCKDOWN 15 #define LSM_AUDIT_DATA_NOTIFICATION 16 #define LSM_AUDIT_DATA_ANONINODE 17 +#define LSM_AUDIT_DATA_NLMSGTYPE 18 union { struct path path; struct dentry *dentry; @@ -98,6 +99,7 @@ struct common_audit_data { struct lsm_ibendport_audit *ibendport; int reason; const char *anonclass; + u16 nlmsg_type; } u; /* this union contains LSM specific data */ union { diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 9a8352972086..b2f565c0990a 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, case LSM_AUDIT_DATA_ANONINODE: audit_log_format(ab, " anonclass=%s", a->u.anonclass); break; + case LSM_AUDIT_DATA_NLMSGTYPE: + audit_log_format(ab, " nl-msgtype=%hu", a->u.nlmsg_type); + break; } /* switch (a->type) */ } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5e5f3398f39d..617f54abb640 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5939,14 +5939,14 @@ static int nlmsg_sock_has_extended_perms(struct sock *sk, u32 perms, u16 nlmsg_t { struct sk_security_struct *sksec = sk->sk_security; struct common_audit_data ad; - struct lsm_network_audit net; u8 driver; u8 xperm; if (sock_skip_has_perm(sksec->sid)) return 0; - ad_net_init_from_sk(&ad, &net, sk); + ad.type = LSM_AUDIT_DATA_NLMSGTYPE; + ad.u.nlmsg_type = nlmsg_type; driver = nlmsg_type >> 8; xperm = nlmsg_type & 0xff; -- cgit v1.2.3 From 046b85a993a19c992da317b2c19e168d1da795af Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 16 Dec 2024 17:40:00 +0100 Subject: selinux: avoid using types indicating user space interaction MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Integer types starting with a double underscore, like __u32, are intended for usage of variables interacting with user-space. Just use the plain variant. Signed-off-by: Christian Göttsche Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- security/selinux/ss/policydb.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 617f54abb640..7b2e2c60f0f4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3135,7 +3135,7 @@ static int selinux_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, const struct cred *cred = current_cred(); struct inode *inode = d_backing_inode(dentry); unsigned int ia_valid = iattr->ia_valid; - __u32 av = FILE__WRITE; + u32 av = FILE__WRITE; /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ if (ia_valid & ATTR_FORCE) { diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 4bba386264a3..5c11069121d3 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -144,7 +144,7 @@ struct range_trans { /* Boolean data type */ struct cond_bool_datum { - __u32 value; /* internal type value */ + u32 value; /* internal type value */ int state; }; -- cgit v1.2.3