| Message ID | 20230912205658.3432-9-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | LSM: Three basic syscalls | expand |
On Tue, Sep 12, 2023 at 01:56:53PM -0700, Casey Schaufler wrote: > Implement Smack support for security_[gs]etselfattr. > Refactor the setprocattr hook to avoid code duplication. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > Reviewed-by: John Johansen <john.johansen@canonical.com> > --- > security/smack/smack_lsm.c | 95 ++++++++++++++++++++++++++++++++++++-- > 1 file changed, 90 insertions(+), 5 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index f73f9a2834eb..12160d060cc1 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) > return; > } > > +/** > + * smack_getselfattr - Smack current process attribute > + * @attr: which attribute to fetch > + * @ctx: buffer to receive the result > + * @size: available size in, actual size out > + * @flags: unused > + * > + * Fill the passed user space @ctx with the details of the requested > + * attribute. > + * > + * Returns the number of attributes on success, an error code otherwise. > + * There will only ever be one attribute. > + */ > +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, > + size_t *size, u32 flags) > +{ > + struct smack_known *skp = smk_of_current(); > + int total; > + int slen; > + int rc; > + > + if (attr != LSM_ATTR_CURRENT) > + return -EOPNOTSUPP; > + > + slen = strlen(skp->smk_known) + 1; > + total = ALIGN(slen + sizeof(*ctx), 8); > + if (total > *size) > + rc = -E2BIG; > + else if (ctx) > + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, > + 0); > + else > + rc = 1; Can we move these checks into lsm_fill_user_ctx()? They are similar for AppArmor and SELinux. > + > + *size = total; > + if (rc >= 0) > + return 1; > + return rc; > +}
On 10/3/2023 7:28 AM, Mickaël Salaün wrote: > On Tue, Sep 12, 2023 at 01:56:53PM -0700, Casey Schaufler wrote: >> Implement Smack support for security_[gs]etselfattr. >> Refactor the setprocattr hook to avoid code duplication. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> Reviewed-by: John Johansen <john.johansen@canonical.com> >> --- >> security/smack/smack_lsm.c | 95 ++++++++++++++++++++++++++++++++++++-- >> 1 file changed, 90 insertions(+), 5 deletions(-) >> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >> index f73f9a2834eb..12160d060cc1 100644 >> --- a/security/smack/smack_lsm.c >> +++ b/security/smack/smack_lsm.c >> @@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) >> return; >> } >> >> +/** >> + * smack_getselfattr - Smack current process attribute >> + * @attr: which attribute to fetch >> + * @ctx: buffer to receive the result >> + * @size: available size in, actual size out >> + * @flags: unused >> + * >> + * Fill the passed user space @ctx with the details of the requested >> + * attribute. >> + * >> + * Returns the number of attributes on success, an error code otherwise. >> + * There will only ever be one attribute. >> + */ >> +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, >> + size_t *size, u32 flags) >> +{ >> + struct smack_known *skp = smk_of_current(); >> + int total; >> + int slen; >> + int rc; >> + >> + if (attr != LSM_ATTR_CURRENT) >> + return -EOPNOTSUPP; >> + >> + slen = strlen(skp->smk_known) + 1; > >> + total = ALIGN(slen + sizeof(*ctx), 8); >> + if (total > *size) >> + rc = -E2BIG; >> + else if (ctx) >> + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, >> + 0); >> + else >> + rc = 1; > Can we move these checks into lsm_fill_user_ctx()? They are similar for > AppArmor and SELinux. > >> + >> + *size = total; >> + if (rc >= 0) >> + return 1; >> + return rc; >> +}
On 10/3/2023 7:28 AM, Mickaël Salaün wrote: > On Tue, Sep 12, 2023 at 01:56:53PM -0700, Casey Schaufler wrote: >> Implement Smack support for security_[gs]etselfattr. >> Refactor the setprocattr hook to avoid code duplication. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> Reviewed-by: John Johansen <john.johansen@canonical.com> >> --- >> security/smack/smack_lsm.c | 95 ++++++++++++++++++++++++++++++++++++-- >> 1 file changed, 90 insertions(+), 5 deletions(-) >> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >> index f73f9a2834eb..12160d060cc1 100644 >> --- a/security/smack/smack_lsm.c >> +++ b/security/smack/smack_lsm.c >> @@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) >> return; >> } >> >> +/** >> + * smack_getselfattr - Smack current process attribute >> + * @attr: which attribute to fetch >> + * @ctx: buffer to receive the result >> + * @size: available size in, actual size out >> + * @flags: unused >> + * >> + * Fill the passed user space @ctx with the details of the requested >> + * attribute. >> + * >> + * Returns the number of attributes on success, an error code otherwise. >> + * There will only ever be one attribute. >> + */ >> +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, >> + size_t *size, u32 flags) >> +{ >> + struct smack_known *skp = smk_of_current(); >> + int total; >> + int slen; >> + int rc; >> + >> + if (attr != LSM_ATTR_CURRENT) >> + return -EOPNOTSUPP; >> + >> + slen = strlen(skp->smk_known) + 1; > >> + total = ALIGN(slen + sizeof(*ctx), 8); >> + if (total > *size) >> + rc = -E2BIG; >> + else if (ctx) >> + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, >> + 0); >> + else >> + rc = 1; > Can we move these checks into lsm_fill_user_ctx()? They are similar for > AppArmor and SELinux. Possibly, but that would make lsm_fill_user_ctx() into lsm_validiate_and_fill_user_ctx(), and I don't want to do that. > >> + >> + *size = total; >> + if (rc >= 0) >> + return 1; >> + return rc; >> +}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f73f9a2834eb..12160d060cc1 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) return; } +/** + * smack_getselfattr - Smack current process attribute + * @attr: which attribute to fetch + * @ctx: buffer to receive the result + * @size: available size in, actual size out + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns the number of attributes on success, an error code otherwise. + * There will only ever be one attribute. + */ +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t *size, u32 flags) +{ + struct smack_known *skp = smk_of_current(); + int total; + int slen; + int rc; + + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; + + slen = strlen(skp->smk_known) + 1; + total = ALIGN(slen + sizeof(*ctx), 8); + if (total > *size) + rc = -E2BIG; + else if (ctx) + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, + 0); + else + rc = 1; + + *size = total; + if (rc >= 0) + return 1; + return rc; +} + /** * smack_getprocattr - Smack process attribute access * @p: the object task @@ -3655,8 +3695,8 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val } /** - * smack_setprocattr - Smack process attribute setting - * @name: the name of the attribute in /proc/.../attr + * do_setattr - Smack process attribute setting + * @attr: the ID of the attribute * @value: the value to set * @size: the size of the value * @@ -3665,7 +3705,7 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val * * Returns the length of the smack label or an error code */ -static int smack_setprocattr(const char *name, void *value, size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; @@ -3679,8 +3719,8 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (value == NULL || size == 0 || size >= SMK_LONGLABEL) return -EINVAL; - if (strcmp(name, "current") != 0) - return -EINVAL; + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; skp = smk_import_entry(value, size); if (IS_ERR(skp)) @@ -3719,6 +3759,49 @@ static int smack_setprocattr(const char *name, void *value, size_t size) return size; } +/** + * smack_setselfattr - Set a Smack process attribute + * @attr: which attribute to set + * @ctx: buffer containing the data + * @size: size of @ctx + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 0 on success, an error code otherwise. + */ +static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, u32 flags) +{ + int rc; + + rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); + if (rc > 0) + return 0; + return rc; +} + +/** + * smack_setprocattr - Smack process attribute setting + * @name: the name of the attribute in /proc/.../attr + * @value: the value to set + * @size: the size of the value + * + * Sets the Smack value of the task. Only setting self + * is permitted and only with privilege + * + * Returns the length of the smack label or an error code + */ +static int smack_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr != LSM_ATTR_UNDEF) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * smack_unix_stream_connect - Smack access on UDS * @sock: one sock @@ -5033,6 +5116,8 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), + LSM_HOOK_INIT(getselfattr, smack_getselfattr), + LSM_HOOK_INIT(setselfattr, smack_setselfattr), LSM_HOOK_INIT(getprocattr, smack_getprocattr), LSM_HOOK_INIT(setprocattr, smack_setprocattr),