ANDROID: Revert "security,lockdown,selinux: implement SELinux lockdown"
This reverts commit f1ee68a8f6.
Reason for revert:
The change being reverted adds a new "lockdown" audit class. Support
for this new class needs to be added to Android and the processes
which need to be part of this class have to be annotated. While support
for this class has not yet been added to Android, this lockdown class
will be removed.
Tracefs usage by Android triggers a violation with respect to this new
audit class which prompted the need for this patch.
Bug: 148822198
Change-Id: Ie06f4be699234fb671ec4bcfe11962b2055a0c60
Signed-off-by: Ram Muthiah <rammuthiah@google.com>
This commit is contained in:
Ram Muthiah
@@ -74,7 +74,6 @@ struct common_audit_data {
|
|||||||
#define LSM_AUDIT_DATA_FILE 12
|
#define LSM_AUDIT_DATA_FILE 12
|
||||||
#define LSM_AUDIT_DATA_IBPKEY 13
|
#define LSM_AUDIT_DATA_IBPKEY 13
|
||||||
#define LSM_AUDIT_DATA_IBENDPORT 14
|
#define LSM_AUDIT_DATA_IBENDPORT 14
|
||||||
#define LSM_AUDIT_DATA_LOCKDOWN 15
|
|
||||||
#define LSM_AUDIT_DATA_NOTIFICATION 16
|
#define LSM_AUDIT_DATA_NOTIFICATION 16
|
||||||
union {
|
union {
|
||||||
struct path path;
|
struct path path;
|
||||||
@@ -95,7 +94,6 @@ struct common_audit_data {
|
|||||||
struct file *file;
|
struct file *file;
|
||||||
struct lsm_ibpkey_audit *ibpkey;
|
struct lsm_ibpkey_audit *ibpkey;
|
||||||
struct lsm_ibendport_audit *ibendport;
|
struct lsm_ibendport_audit *ibendport;
|
||||||
int reason;
|
|
||||||
} u;
|
} u;
|
||||||
/* this union contains LSM specific data */
|
/* this union contains LSM specific data */
|
||||||
union {
|
union {
|
||||||
|
|||||||
@@ -131,8 +131,6 @@ enum lockdown_reason {
|
|||||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||||
};
|
};
|
||||||
|
|
||||||
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
|
|
||||||
|
|
||||||
/* These functions are in security/commoncap.c */
|
/* These functions are in security/commoncap.c */
|
||||||
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
|
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
|
||||||
int cap, unsigned int opts);
|
int cap, unsigned int opts);
|
||||||
|
|||||||
@@ -16,6 +16,33 @@
|
|||||||
|
|
||||||
static enum lockdown_reason kernel_locked_down;
|
static enum lockdown_reason kernel_locked_down;
|
||||||
|
|
||||||
|
static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
||||||
|
[LOCKDOWN_NONE] = "none",
|
||||||
|
[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
|
||||||
|
[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
|
||||||
|
[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
|
||||||
|
[LOCKDOWN_KEXEC] = "kexec of unsigned images",
|
||||||
|
[LOCKDOWN_HIBERNATION] = "hibernation",
|
||||||
|
[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
|
||||||
|
[LOCKDOWN_IOPORT] = "raw io port access",
|
||||||
|
[LOCKDOWN_MSR] = "raw MSR access",
|
||||||
|
[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
|
||||||
|
[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
|
||||||
|
[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
|
||||||
|
[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
|
||||||
|
[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
|
||||||
|
[LOCKDOWN_DEBUGFS] = "debugfs access",
|
||||||
|
[LOCKDOWN_XMON_WR] = "xmon write access",
|
||||||
|
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
|
||||||
|
[LOCKDOWN_KCORE] = "/proc/kcore access",
|
||||||
|
[LOCKDOWN_KPROBES] = "use of kprobes",
|
||||||
|
[LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM",
|
||||||
|
[LOCKDOWN_PERF] = "unsafe use of perf",
|
||||||
|
[LOCKDOWN_TRACEFS] = "use of tracefs",
|
||||||
|
[LOCKDOWN_XMON_RW] = "xmon read and write access",
|
||||||
|
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||||
|
};
|
||||||
|
|
||||||
static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
|
static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
|
||||||
LOCKDOWN_INTEGRITY_MAX,
|
LOCKDOWN_INTEGRITY_MAX,
|
||||||
LOCKDOWN_CONFIDENTIALITY_MAX};
|
LOCKDOWN_CONFIDENTIALITY_MAX};
|
||||||
|
|||||||
@@ -27,7 +27,6 @@
|
|||||||
#include <linux/dccp.h>
|
#include <linux/dccp.h>
|
||||||
#include <linux/sctp.h>
|
#include <linux/sctp.h>
|
||||||
#include <linux/lsm_audit.h>
|
#include <linux/lsm_audit.h>
|
||||||
#include <linux/security.h>
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ipv4_skb_to_auditdata : fill auditdata from skb
|
* ipv4_skb_to_auditdata : fill auditdata from skb
|
||||||
@@ -426,11 +425,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||||||
a->u.ibendport->dev_name,
|
a->u.ibendport->dev_name,
|
||||||
a->u.ibendport->port);
|
a->u.ibendport->port);
|
||||||
break;
|
break;
|
||||||
case LSM_AUDIT_DATA_LOCKDOWN:
|
|
||||||
audit_log_format(ab, " lockdown_reason=\"%s\"",
|
|
||||||
lockdown_reasons[a->u.reason]);
|
|
||||||
|
|
||||||
break;
|
|
||||||
} /* switch (a->type) */
|
} /* switch (a->type) */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6851,34 +6851,6 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int selinux_lockdown(enum lockdown_reason what)
|
|
||||||
{
|
|
||||||
struct common_audit_data ad;
|
|
||||||
u32 sid = current_sid();
|
|
||||||
int invalid_reason = (what <= LOCKDOWN_NONE) ||
|
|
||||||
(what == LOCKDOWN_INTEGRITY_MAX) ||
|
|
||||||
(what >= LOCKDOWN_CONFIDENTIALITY_MAX);
|
|
||||||
|
|
||||||
if (WARN(invalid_reason, "Invalid lockdown reason")) {
|
|
||||||
audit_log(audit_context(),
|
|
||||||
GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
||||||
"lockdown_reason=invalid");
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ad.type = LSM_AUDIT_DATA_LOCKDOWN;
|
|
||||||
ad.u.reason = what;
|
|
||||||
|
|
||||||
if (what <= LOCKDOWN_INTEGRITY_MAX)
|
|
||||||
return avc_has_perm(&selinux_state,
|
|
||||||
sid, sid, SECCLASS_LOCKDOWN,
|
|
||||||
LOCKDOWN__INTEGRITY, &ad);
|
|
||||||
else
|
|
||||||
return avc_has_perm(&selinux_state,
|
|
||||||
sid, sid, SECCLASS_LOCKDOWN,
|
|
||||||
LOCKDOWN__CONFIDENTIALITY, &ad);
|
|
||||||
}
|
|
||||||
|
|
||||||
struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
|
struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
|
||||||
.lbs_cred = sizeof(struct task_security_struct),
|
.lbs_cred = sizeof(struct task_security_struct),
|
||||||
.lbs_file = sizeof(struct file_security_struct),
|
.lbs_file = sizeof(struct file_security_struct),
|
||||||
@@ -7184,8 +7156,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
|||||||
LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
|
LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
LSM_HOOK_INIT(locked_down, selinux_lockdown),
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PUT "CLONING" (ACCESSING + ALLOCATING) HOOKS HERE
|
* PUT "CLONING" (ACCESSING + ALLOCATING) HOOKS HERE
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -247,8 +247,6 @@ struct security_class_mapping secclass_map[] = {
|
|||||||
{ COMMON_SOCK_PERMS, NULL } },
|
{ COMMON_SOCK_PERMS, NULL } },
|
||||||
{ "perf_event",
|
{ "perf_event",
|
||||||
{"open", "cpu", "kernel", "tracepoint", "read", "write"} },
|
{"open", "cpu", "kernel", "tracepoint", "read", "write"} },
|
||||||
{ "lockdown",
|
|
||||||
{ "integrity", "confidentiality", NULL } },
|
|
||||||
{ NULL }
|
{ NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user