From: Jan-Simon Möller Date: Fri, 6 Jan 2017 00:26:50 +0000 (+0100) Subject: Apply bluetooth/smack patches also to rpi kernel X-Git-Tag: chinook/3.0.0 X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Ftags%2Fchinook%2F3.0.0;p=AGL%2Fmeta-agl.git Apply bluetooth/smack patches also to rpi kernel This changeset patches the rpi with the needed changes to allow bluetooth to work together with smack. The patches were developed for porter and are a backport of patches submitted for 4.10+ . Bug-AGL: SPEC-293 Change-Id: I96d04a709de6ad7843840d9ae154f041173948a2 Signed-off-by: Jan-Simon Möller --- diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch new file mode 100644 index 000000000..4021e5d38 --- /dev/null +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch @@ -0,0 +1,65 @@ +From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler +Date: Mon, 7 Dec 2015 14:34:32 -0800 +Subject: [PATCH 1/4] Smack: File receive for sockets + +The existing file receive hook checks for access on +the file inode even for UDS. This is not right, as +the inode is not used by Smack to make access checks +for sockets. This change checks for an appropriate +access relationship between the receiving (current) +process and the socket. If the process can't write +to the socket's send label or the socket's receive +label can't write to the process fail. + +This will allow the legitimate cases, where the +socket sender and socket receiver can freely communicate. +Only strangly set socket labels should cause a problem. + +Signed-off-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index ff81026..b20ef06 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) + int may = 0; + struct smk_audit_info ad; + struct inode *inode = file_inode(file); ++ struct socket *sock; ++ struct task_smack *tsp; ++ struct socket_smack *ssp; + + if (unlikely(IS_PRIVATE(inode))) + return 0; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ ++ if (S_ISSOCK(inode->i_mode)) { ++ sock = SOCKET_I(inode); ++ ssp = sock->sk->sk_security; ++ tsp = current_security(); ++ /* ++ * If the receiving process can't write to the ++ * passed socket or if the passed socket can't ++ * write to the receiving process don't accept ++ * the passed socket. ++ */ ++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ if (rc < 0) ++ return rc; ++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ return rc; ++ } + /* + * This code relies on bitmasks. + */ +-- +2.7.4 + diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..c516f3aa5 --- /dev/null +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b20ef06..b2bcb14 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..c9180bb9f --- /dev/null +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 +From: Rafal Krypa +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b2bcb14..cf8a93f 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch new file mode 100644 index 000000000..a1eeac3d7 --- /dev/null +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch @@ -0,0 +1,49 @@ +From c8bbb0f916de54610513e376070aea531af19dd6 Mon Sep 17 00:00:00 2001 +From: jooseong lee +Date: Thu, 3 Nov 2016 10:55:43 +0100 +Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook + +Creating struct sock by sk_alloc function in various kernel subsystems +like bluetooth dosen't call smack_socket_post_create(). In such case, +received sock label is the floor('_') label and makes access deny. + +Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 + +Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 +Signed-off-by: jooseong lee +Signed-off-by: José Bollo +--- + security/smack/smack_lsm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index cf8a93f..21651bc 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2321,8 +2321,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) + if (ssp == NULL) + return -ENOMEM; + +- ssp->smk_in = skp; +- ssp->smk_out = skp; ++ /* ++ * Sockets created by kernel threads receive web label. ++ */ ++ if (unlikely(current->flags & PF_KTHREAD)) { ++ ssp->smk_in = &smack_known_web; ++ ssp->smk_out = &smack_known_web; ++ } else { ++ ssp->smk_in = skp; ++ ssp->smk_out = skp; ++ } + ssp->smk_packet = NULL; + + sk->sk_security = ssp; +-- +2.7.4 + diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend index e5cdb2aff..a2b2a42f2 100644 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend @@ -8,6 +8,18 @@ SRC_URI_append = "\ ${@base_conditional('USE_FAYTECH_MONITOR', '1', 'file://0002-faytech-fix-rpi.patch', '', d)} \ " +#------------------------------------------------------------------------- +# smack patches for handling bluetooth + +SRC_URI_append_smack = "\ + file://0001-Smack-File-receive-for-sockets.patch \ + file://0002-smack-fix-cache-of-access-labels.patch \ + file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ + file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ +" + + + do_configure_append_smack() { # SMACK and Co kernel_configure_variable IP_NF_SECURITY m