| Message ID | 20230629195535.2590-8-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | LSM: Three basic syscalls | expand |
On Jun 29, 2023 Casey Schaufler <casey@schaufler-ca.com> wrote: > > Add lsm_name_to_attr(), which translates a text string to a > LSM_ATTR value if one is available. > > Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including > the trailing attribute value. > > All are used in module specific components of LSM system calls. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > Reviewed-by: Serge Hallyn <serge@hallyn.com> > --- > include/linux/security.h | 14 +++++++++++++ > security/lsm_syscalls.c | 24 ++++++++++++++++++++++ > security/security.c | 44 ++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 82 insertions(+) ... > diff --git a/security/security.c b/security/security.c > index 199db23581f1..72ad7197b2c9 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -770,6 +770,50 @@ static int lsm_superblock_alloc(struct super_block *sb) > return 0; > } > > +/** > + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure > + * @ctx: an LSM context to be filled > + * @context: the new context value > + * @context_size: the size of the new context value > + * @id: LSM id > + * @flags: LSM defined flags > + * > + * Fill all of the fields in a user space lsm_ctx structure. > + * Caller is assumed to have verified that @ctx has enough space > + * for @context. > + * > + * The total length is padded to a multiple of 64 bits to > + * accomodate possible alignment issues. We should drop the sentence above now that alignment is the caller's responsibility, but since that was largely my fault I can fix this up during the merge assuming you're okay with that Casey. > + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM > + * if memory can't be allocated. > + */ > +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, > + size_t context_size, u64 id, u64 flags) > +{ > + struct lsm_ctx *lctx; > + size_t locallen = struct_size(lctx, ctx, context_size); > + int rc = 0; > + > + lctx = kzalloc(locallen, GFP_KERNEL); > + if (lctx == NULL) > + return -ENOMEM; > + > + lctx->id = id; > + lctx->flags = flags; > + lctx->ctx_len = context_size; > + lctx->len = locallen; > + > + memcpy(lctx->ctx, context, context_size); > + > + if (copy_to_user(ctx, lctx, locallen)) > + rc = -EFAULT; > + > + kfree(lctx); > + > + return rc; > +} > + > /* > * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and > * can be accessed with: > -- > 2.40.1 -- paul-moore.com
On 6/29/2023 7:14 PM, Paul Moore wrote: > On Jun 29, 2023 Casey Schaufler <casey@schaufler-ca.com> wrote: >> Add lsm_name_to_attr(), which translates a text string to a >> LSM_ATTR value if one is available. >> >> Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including >> the trailing attribute value. >> >> All are used in module specific components of LSM system calls. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> Reviewed-by: Serge Hallyn <serge@hallyn.com> >> --- >> include/linux/security.h | 14 +++++++++++++ >> security/lsm_syscalls.c | 24 ++++++++++++++++++++++ >> security/security.c | 44 ++++++++++++++++++++++++++++++++++++++++ >> 3 files changed, 82 insertions(+) > .. > >> diff --git a/security/security.c b/security/security.c >> index 199db23581f1..72ad7197b2c9 100644 >> --- a/security/security.c >> +++ b/security/security.c >> @@ -770,6 +770,50 @@ static int lsm_superblock_alloc(struct super_block *sb) >> return 0; >> } >> >> +/** >> + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure >> + * @ctx: an LSM context to be filled >> + * @context: the new context value >> + * @context_size: the size of the new context value >> + * @id: LSM id >> + * @flags: LSM defined flags >> + * >> + * Fill all of the fields in a user space lsm_ctx structure. >> + * Caller is assumed to have verified that @ctx has enough space >> + * for @context. >> + * >> + * The total length is padded to a multiple of 64 bits to >> + * accomodate possible alignment issues. > We should drop the sentence above now that alignment is the caller's > responsibility, but since that was largely my fault I can fix this up > during the merge assuming you're okay with that Casey. I have to fix the error in patch 8/11 anyway. I can fix this, too. > >> + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM >> + * if memory can't be allocated. >> + */ >> +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, >> + size_t context_size, u64 id, u64 flags) >> +{ >> + struct lsm_ctx *lctx; >> + size_t locallen = struct_size(lctx, ctx, context_size); >> + int rc = 0; >> + >> + lctx = kzalloc(locallen, GFP_KERNEL); >> + if (lctx == NULL) >> + return -ENOMEM; >> + >> + lctx->id = id; >> + lctx->flags = flags; >> + lctx->ctx_len = context_size; >> + lctx->len = locallen; >> + >> + memcpy(lctx->ctx, context, context_size); >> + >> + if (copy_to_user(ctx, lctx, locallen)) >> + rc = -EFAULT; >> + >> + kfree(lctx); >> + >> + return rc; >> +} >> + >> /* >> * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and >> * can be accessed with: >> -- >> 2.40.1 > -- > paul-moore.com
On Fri, Jun 30, 2023 at 1:11 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > On 6/29/2023 7:14 PM, Paul Moore wrote: > > On Jun 29, 2023 Casey Schaufler <casey@schaufler-ca.com> wrote: > >> Add lsm_name_to_attr(), which translates a text string to a > >> LSM_ATTR value if one is available. > >> > >> Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including > >> the trailing attribute value. > >> > >> All are used in module specific components of LSM system calls. > >> > >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > >> Reviewed-by: Serge Hallyn <serge@hallyn.com> > >> --- > >> include/linux/security.h | 14 +++++++++++++ > >> security/lsm_syscalls.c | 24 ++++++++++++++++++++++ > >> security/security.c | 44 ++++++++++++++++++++++++++++++++++++++++ > >> 3 files changed, 82 insertions(+) > > .. > > > >> diff --git a/security/security.c b/security/security.c > >> index 199db23581f1..72ad7197b2c9 100644 > >> --- a/security/security.c > >> +++ b/security/security.c > >> @@ -770,6 +770,50 @@ static int lsm_superblock_alloc(struct super_block *sb) > >> return 0; > >> } > >> > >> +/** > >> + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure > >> + * @ctx: an LSM context to be filled > >> + * @context: the new context value > >> + * @context_size: the size of the new context value > >> + * @id: LSM id > >> + * @flags: LSM defined flags > >> + * > >> + * Fill all of the fields in a user space lsm_ctx structure. > >> + * Caller is assumed to have verified that @ctx has enough space > >> + * for @context. > >> + * > >> + * The total length is padded to a multiple of 64 bits to > >> + * accomodate possible alignment issues. > > We should drop the sentence above now that alignment is the caller's > > responsibility, but since that was largely my fault I can fix this up > > during the merge assuming you're okay with that Casey. > > I have to fix the error in patch 8/11 anyway. I can fix this, too. Great, thanks.
diff --git a/include/linux/security.h b/include/linux/security.h index 475d0abfebda..75ac91223c2d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -32,6 +32,7 @@ #include <linux/string.h> #include <linux/mm.h> #include <linux/sockptr.h> +#include <uapi/linux/lsm.h> struct linux_binprm; struct cred; @@ -263,6 +264,7 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb); /* prototypes */ extern int security_init(void); extern int early_security_init(void); +extern u64 lsm_name_to_attr(const char *name); /* Security operations */ int security_binder_set_context_mgr(const struct cred *mgr); @@ -488,6 +490,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -505,6 +509,11 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) return 0; } +static inline u64 lsm_name_to_attr(const char *name) +{ + return LSM_ATTR_UNDEF; +} + static inline void security_free_mnt_opts(void **mnt_opts) { } @@ -1408,6 +1417,11 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + return -EOPNOTSUPP; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index f03f2d17ab49..bc22f05e2d8c 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -17,6 +17,30 @@ #include <linux/lsm_hooks.h> #include <uapi/linux/lsm.h> +/** + * lsm_name_to_attr - map an LSM attribute name to its ID + * @name: name of the attribute + * + * Returns the LSM attribute value associated with @name, or 0 if + * there is no mapping. + */ +u64 lsm_name_to_attr(const char *name) +{ + if (!strcmp(name, "current")) + return LSM_ATTR_CURRENT; + if (!strcmp(name, "exec")) + return LSM_ATTR_EXEC; + if (!strcmp(name, "fscreate")) + return LSM_ATTR_FSCREATE; + if (!strcmp(name, "keycreate")) + return LSM_ATTR_KEYCREATE; + if (!strcmp(name, "prev")) + return LSM_ATTR_PREV; + if (!strcmp(name, "sockcreate")) + return LSM_ATTR_SOCKCREATE; + return LSM_ATTR_UNDEF; +} + /** * sys_lsm_set_self_attr - Set current task's security module attribute * @attr: which attribute to set diff --git a/security/security.c b/security/security.c index 199db23581f1..72ad7197b2c9 100644 --- a/security/security.c +++ b/security/security.c @@ -770,6 +770,50 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure + * @ctx: an LSM context to be filled + * @context: the new context value + * @context_size: the size of the new context value + * @id: LSM id + * @flags: LSM defined flags + * + * Fill all of the fields in a user space lsm_ctx structure. + * Caller is assumed to have verified that @ctx has enough space + * for @context. + * + * The total length is padded to a multiple of 64 bits to + * accomodate possible alignment issues. + * + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM + * if memory can't be allocated. + */ +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + struct lsm_ctx *lctx; + size_t locallen = struct_size(lctx, ctx, context_size); + int rc = 0; + + lctx = kzalloc(locallen, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + lctx->id = id; + lctx->flags = flags; + lctx->ctx_len = context_size; + lctx->len = locallen; + + memcpy(lctx->ctx, context, context_size); + + if (copy_to_user(ctx, lctx, locallen)) + rc = -EFAULT; + + kfree(lctx); + + return rc; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: