From 4162f006bd11db3af3a16c1048e204d0e55e593a Mon Sep 17 00:00:00 2001 From: Ram Muthiah Date: Mon, 28 Dec 2020 23:38:28 -0800 Subject: [PATCH] ANDROID: Revert "security,lockdown,selinux: implement SELinux lockdown" This reverts commit f1ee68a8f6bdddcc93b9a582bf49c3113ff4f180. Reason for revert: The change being reverted adds a new "lockdown" audit class. Support for this new class needs to be added to Android and the processes which need to be part of this class have to be annotated. While support for this class has not yet been added to Android, this lockdown class will be removed. Tracefs usage by Android triggers a violation with respect to this new audit class which prompted the need for this patch. Bug: 148822198 Change-Id: Ie06f4be699234fb671ec4bcfe11962b2055a0c60 Signed-off-by: Ram Muthiah --- include/linux/lsm_audit.h | 2 -- include/linux/security.h | 2 -- security/lockdown/lockdown.c | 27 ++++++++++++++++++++++++++ security/lsm_audit.c | 6 ------ security/selinux/hooks.c | 30 ----------------------------- security/selinux/include/classmap.h | 2 -- 6 files changed, 27 insertions(+), 42 deletions(-) diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index cd23355d2271..8004c474d0b7 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -74,7 +74,6 @@ struct common_audit_data { #define LSM_AUDIT_DATA_FILE 12 #define LSM_AUDIT_DATA_IBPKEY 13 #define LSM_AUDIT_DATA_IBENDPORT 14 -#define LSM_AUDIT_DATA_LOCKDOWN 15 #define LSM_AUDIT_DATA_NOTIFICATION 16 union { struct path path; @@ -95,7 +94,6 @@ struct common_audit_data { struct file *file; struct lsm_ibpkey_audit *ibpkey; struct lsm_ibendport_audit *ibendport; - int reason; } u; /* this union contains LSM specific data */ union { diff --git a/include/linux/security.h b/include/linux/security.h index c35ea0ffccd9..1b7dce81c5d7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -131,8 +131,6 @@ enum lockdown_reason { LOCKDOWN_CONFIDENTIALITY_MAX, }; -extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; - /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..3f38583bed06 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -16,6 +16,33 @@ static enum lockdown_reason kernel_locked_down; +static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { + [LOCKDOWN_NONE] = "none", + [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading", + [LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port", + [LOCKDOWN_EFI_TEST] = "/dev/efi_test access", + [LOCKDOWN_KEXEC] = "kexec of unsigned images", + [LOCKDOWN_HIBERNATION] = "hibernation", + [LOCKDOWN_PCI_ACCESS] = "direct PCI access", + [LOCKDOWN_IOPORT] = "raw io port access", + [LOCKDOWN_MSR] = "raw MSR access", + [LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables", + [LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage", + [LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO", + [LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters", + [LOCKDOWN_MMIOTRACE] = "unsafe mmio", + [LOCKDOWN_DEBUGFS] = "debugfs access", + [LOCKDOWN_XMON_WR] = "xmon write access", + [LOCKDOWN_INTEGRITY_MAX] = "integrity", + [LOCKDOWN_KCORE] = "/proc/kcore access", + [LOCKDOWN_KPROBES] = "use of kprobes", + [LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM", + [LOCKDOWN_PERF] = "unsafe use of perf", + [LOCKDOWN_TRACEFS] = "use of tracefs", + [LOCKDOWN_XMON_RW] = "xmon read and write access", + [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", +}; + static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX}; diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 70fd9576b150..cce1af24fe85 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -27,7 +27,6 @@ #include #include #include -#include /** * ipv4_skb_to_auditdata : fill auditdata from skb @@ -426,11 +425,6 @@ static void dump_common_audit_data(struct audit_buffer *ab, a->u.ibendport->dev_name, a->u.ibendport->port); break; - case LSM_AUDIT_DATA_LOCKDOWN: - audit_log_format(ab, " lockdown_reason=\"%s\"", - lockdown_reasons[a->u.reason]); - - break; } /* switch (a->type) */ } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 965c24582219..49d53acbc140 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6851,34 +6851,6 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) } #endif -static int selinux_lockdown(enum lockdown_reason what) -{ - struct common_audit_data ad; - u32 sid = current_sid(); - int invalid_reason = (what <= LOCKDOWN_NONE) || - (what == LOCKDOWN_INTEGRITY_MAX) || - (what >= LOCKDOWN_CONFIDENTIALITY_MAX); - - if (WARN(invalid_reason, "Invalid lockdown reason")) { - audit_log(audit_context(), - GFP_ATOMIC, AUDIT_SELINUX_ERR, - "lockdown_reason=invalid"); - return -EINVAL; - } - - ad.type = LSM_AUDIT_DATA_LOCKDOWN; - ad.u.reason = what; - - if (what <= LOCKDOWN_INTEGRITY_MAX) - return avc_has_perm(&selinux_state, - sid, sid, SECCLASS_LOCKDOWN, - LOCKDOWN__INTEGRITY, &ad); - else - return avc_has_perm(&selinux_state, - sid, sid, SECCLASS_LOCKDOWN, - LOCKDOWN__CONFIDENTIALITY, &ad); -} - struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_security_struct), .lbs_file = sizeof(struct file_security_struct), @@ -7184,8 +7156,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write), #endif - LSM_HOOK_INIT(locked_down, selinux_lockdown), - /* * PUT "CLONING" (ACCESSING + ALLOCATING) HOOKS HERE */ diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index ca9fa7791089..3e770d3f8e2b 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -247,8 +247,6 @@ struct security_class_mapping secclass_map[] = { { COMMON_SOCK_PERMS, NULL } }, { "perf_event", {"open", "cpu", "kernel", "tracepoint", "read", "write"} }, - { "lockdown", - { "integrity", "confidentiality", NULL } }, { NULL } };