[PATCH] [RFC] security: smack: Add support automatic Smack labeling

From: Jonghwa Lee
Date: Wed Aug 26 2015 - 21:58:43 EST

Next message: Viresh Kumar: "[PATCH V4] thermal: cpu_cooling: Add MAINTAINERS entry"
Previous message: Jonghwa Lee: "[PATCH] security: smack: Add support automatic Smack labeling"
Next in thread: Jonghwa Lee: "[PATCH] security: smack: Add support automatic Smack labeling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Smack labeling is always done in user space, not in kernel space.
Because kernel can't know which node or preocess should has the certain label
and it shouldn't be neither. Therefore there is a distinct time gap between
file creation and the labeling which might be about few miliseconds or even
indefinite period. This unavoidable and imprecise time gap produces unintended
Smack denial time to time. If it guerantees that labeling is done before any
other access, the time gap doesn't make matter. However if not, the system
will suffer from false alarm.

I've already exeperienced the situation with specific cases.
Mostly, it happens with devtmpfs where udevd applies xattr with defined udev
rules. When kernel module is loaded, device node is newly created and it sends
uevent and notification to processes in wait. However, somtimes uevent may be
handled lately then other processes's access. So, Smack module checks the
authority with uninitialized label, and prohibits the access even the access
authority exists in Smack rule.

At the first time of encounting the problem, I tries to fix the system and user
process to prevent the accesses in ahead of labeling but it wasn't the solution.
Performance is degraded because of compulsory delay.

Another candidate of solution is given label from kernel side.
However, kernel should not be aware of the label, the string, and the
relationship between specific node and label. So I left it in user space.

Label is still given from user space. Kernel only checks there is a pre-assigned
labeling rule for the node. If so, the file will acquire the label as default at
the creation. A file is created with pre-assigend label as like it's done
automatically. So it's called 'Auto Smack labeling'

Pre-assigned label can be given via additional file, 'autolabel' in smackfs.

echo '<File path> <Smack Label>' > /sys/fs/smackfs/autolabel

The label only activates when the file isn't created yet. If file already
exists, then just add the label relationship to table and deactivate it.
When the label is applied, it'll also be deactivated. The label turns to be
enabled again only when the file is removed.

This is a candidate of solution for the specific problem, and might be buggy or
hamful for system-wide security. So I gently request your opinion for more clear
and wise solution for the case that I faced.

Jonghwa Lee (1):
security: smack: Add support automatic Smack labeling

security/smack/Kconfig | 11 ++++
security/smack/smack.h | 23 ++++++++
security/smack/smack_lsm.c | 66 +++++++++++++++++++++
security/smack/smackfs.c | 136 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 236 insertions(+)

--
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Viresh Kumar: "[PATCH V4] thermal: cpu_cooling: Add MAINTAINERS entry"
Previous message: Jonghwa Lee: "[PATCH] security: smack: Add support automatic Smack labeling"
Next in thread: Jonghwa Lee: "[PATCH] security: smack: Add support automatic Smack labeling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]