From patchwork Sun Nov 26 22:16:31 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sargun Dhillon <sargun@sargun.me>
X-Patchwork-Id: 10075603
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C62BA60211
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 26 Nov 2017 22:16:48 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7DD92894B
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 26 Nov 2017 22:16:48 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id ACBB628A50; Sun, 26 Nov 2017 22:16:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13C7328AAC
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 26 Nov 2017 22:16:48 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752276AbdKZWQf (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Sun, 26 Nov 2017 17:16:35 -0500
Received: from mail-io0-f194.google.com ([209.85.223.194]:33111 "EHLO
	mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752270AbdKZWQe (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Sun, 26 Nov 2017 17:16:34 -0500
Received: by mail-io0-f194.google.com with SMTP id i184so26910086ioa.0
	for <linux-security-module@vger.kernel.org>;
	Sun, 26 Nov 2017 14:16:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google;
	h=from:date:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=ey0BBaALRhZ2yEPOvC0OA6QaYiEnmCxalSDFKfYZGy0=;
	b=y56GvYzuj9pC0u9adx8Hr0Lc9w5rbDIf+Aq+4fsIeuT5F6J2Abc7z2uJshm0W1QBrn
	6+DPJcvilNNMyWVZTRabUuCrNIM0xDpEuhIz4owNywoZ2uKnH97txYeVcsk6X1HqUG8I
	ma3iE4+vCL2Eo2P0N4SxpQtVVoeG/qoVNzWw8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:date:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=ey0BBaALRhZ2yEPOvC0OA6QaYiEnmCxalSDFKfYZGy0=;
	b=kpU++LvHcZJnGMdSL/XtuZ5vxmWs6QcwOq9lAFTVqxKinLH/+iVmmKYddTfXcpeObD
	l9eB+au4L57+VZ77I4njL9k/CuhNHGRKRKrI67Fm0H6yyKq3u7pD2dZKW8O+Lp16MVug
	1XF46bZ+vPzdbw4z3l5k2/Hyjy4191bP1xqOV5RqZAumDCeNAnVGS5ddSrC6tx0dgLcK
	Bpd/sx4q1DvkunW1spo6u/KkViDarSEgOCqlKVf1EsgVL5zjwYUarMYS4Gb0Uap3a8Nt
	ZmQ2Of4lhdTbOdjzyUtazeUTsH4v32Sr9R+ijWmtTNjRLqikEMSFmPGoe6cvvCBTYTW5
	LJ1w==
X-Gm-Message-State: AJaThX72opR/CSwdA4iwsy2W8RemLD2DcWpHTJrQP/KYOUVqV0yKKkVr
	Xa49IIQLuw6So6aWn1tbum+kz1v5+QQ=
X-Google-Smtp-Source: 
 AGs4zMZBpJYvzLtek+BG2YynD+d5UqU0eeSX/Vda7gKk1Ip9L36jvJMmg8uOwLMBcCLmut/J2Hh9DQ==
X-Received: by 10.107.204.1 with SMTP id c1mr38206352iog.76.1511734593194;
	Sun, 26 Nov 2017 14:16:33 -0800 (PST)
Received: from ircssh-2.c.rugged-nimbus-611.internal
	(80.60.198.104.bc.googleusercontent.com. [104.198.60.80])
	by smtp.gmail.com with ESMTPSA id
	j67sm10994409iod.12.2017.11.26.14.16.32
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 26 Nov 2017 14:16:32 -0800 (PST)
From: Sargun Dhillon <sargun@sargun.me>
X-Google-Original-From: Sargun Dhillon <sargun@netflix.com>
Date: Sun, 26 Nov 2017 22:16:31 +0000
To: linux-security-module@vger.kernel.org
Cc: keescook@chromium.org, igor.stoppa@huawei.com,
	casey@schaufler-ca.com, linux-kernel@vger.kernel.org
Subject: [RFC 3/3] LSM: Add an example sample dynamic LSM
Message-ID: <20171126221629.GA13778@ircssh-2.c.rugged-nimbus-611.internal>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This adds an example LSM that utilizes the features added by the
dynamically loadable LSMs patch. Once the module is unloaded, the
command is once again allowed. It prevents the user from running:
date --set="October 21 2015 16:29:00 PDT

The behaviour can be verified by looking at:
/sys/kernel/security/dynamic_hooks/settime

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
---
 samples/Kconfig           |  6 ++++++
 samples/Makefile          |  2 +-
 samples/lsm/Makefile      |  4 ++++
 samples/lsm/lsm_example.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 samples/lsm/Makefile
 create mode 100644 samples/lsm/lsm_example.c

diff --git a/samples/Kconfig b/samples/Kconfig
index c332a3b..283f442 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -117,4 +117,10 @@ config SAMPLE_STATX
 	help
 	  Build example userspace program to use the new extended-stat syscall.
 
+config SAMPLE_DYNAMIC_LSM
+	tristate "Build LSM examples -- loadable modules only"
+	depends on SECURITY_DYNAMIC_HOOKS_FS && m
+	help
+	  This builds an example dynamic LSM
+
 endif # SAMPLES
diff --git a/samples/Makefile b/samples/Makefile
index db54e76..9d23835 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -3,4 +3,4 @@
 obj-$(CONFIG_SAMPLES)	+= kobject/ kprobes/ trace_events/ livepatch/ \
 			   hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/ \
 			   configfs/ connector/ v4l/ trace_printk/ blackfin/ \
-			   vfio-mdev/ statx/
+			   vfio-mdev/ statx/ lsm/
diff --git a/samples/lsm/Makefile b/samples/lsm/Makefile
new file mode 100644
index 0000000..d4ccb94
--- /dev/null
+++ b/samples/lsm/Makefile
@@ -0,0 +1,4 @@
+# builds the loadable LSM example kernel modules;
+# then to use one (as root):  insmod <module_name.ko>
+# and to unload: rmmod module_name
+obj-$(CONFIG_SAMPLE_DYNAMIC_LSM) += lsm_example.o
diff --git a/samples/lsm/lsm_example.c b/samples/lsm/lsm_example.c
new file mode 100644
index 0000000..509ae43
--- /dev/null
+++ b/samples/lsm/lsm_example.c
@@ -0,0 +1,46 @@
+/*
+ * This sample hooks into the "path_chroot"
+ *
+ * Once you run it, the following will not be allowed:
+ * date --set="October 21 2015 16:29:00 PDT"
+ */
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/lsm_hooks.h>
+
+static const char lsm_name[] = "example";
+
+static int settime_cb(const struct timespec *ts, const struct timezone *tz)
+{
+	/* We aren't allowed to travel to October 21 2015 16:29 PDT */
+	if (ts->tv_sec >= 1445470140 && ts->tv_sec < 1445470200)
+		return -EPERM;
+
+	return 0;
+}
+
+DYNAMIC_SECURITY_HOOK(my_hook, lsm_name, settime, settime_cb);
+
+static int __init lsm_init(void)
+{
+	int ret;
+
+	ret = security_add_dynamic_hook(&my_hook);
+	if (!ret)
+		pr_info("Successfully installed example dynamic LSM\n");
+	else
+		pr_err("Unable to install dynamic LSM - %d\n", ret);
+
+	return ret;
+}
+
+static void __exit lsm_exit(void)
+{
+	security_remove_dynamic_hook(&my_hook);
+	pr_info("Removed example dynamic LSM\n");
+}
+
+module_init(lsm_init)
+module_exit(lsm_exit)
+MODULE_LICENSE("GPL");