| Message ID | 20250303200212.3294679-2-dualli@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | binder: report txn errors via generic netlink | expand |
On Mon, Mar 3, 2025 at 3:02 PM Li Li <dualli@chromium.org> wrote: > > From: Thiébaud Weksteen <tweek@google.com> > > Introduce a new permission "setup_report" to the "binder" class. > This persmission controls the ability to set up the binder generic > netlink driver to report certain binder transactions. > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> > Signed-off-by: Li Li <dualli@google.com> > --- > include/linux/lsm_hook_defs.h | 1 + > include/linux/security.h | 6 ++++++ > security/security.c | 13 +++++++++++++ > security/selinux/hooks.c | 7 +++++++ > security/selinux/include/classmap.h | 3 ++- > 5 files changed, 29 insertions(+), 1 deletion(-) ... > diff --git a/security/security.c b/security/security.c > index 8aa839232c73..382e3bbab215 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred *from, > return call_int_hook(binder_transfer_file, from, to, file); > } > > +/** > + * security_binder_setup_report() - Check if process allowed to set up binder reports. Please keep the line length in the LSM and SELinux code to 80 characters or less. > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 0d958f38ff9f..2fafa8feafdf 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2092,6 +2092,12 @@ static int selinux_binder_transfer_file(const struct cred *from, > &ad); > } > > +static int selinux_binder_setup_report(const struct cred *to) > +{ > + return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER, > + BINDER__SETUP_REPORT, NULL); > +} There should also be an associated patch{set} against the selinux-testsuite to add tests for the binder/setup_report permission introduced here. My apologies if you've already posted one, but I'm looking now and I don't see anything either on the lists or on GH. * https://github.com/SELinuxProject/selinux-testsuite
On Fri, Mar 7, 2025 at 1:47 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Mar 3, 2025 at 3:02 PM Li Li <dualli@chromium.org> wrote: > > > > From: Thiébaud Weksteen <tweek@google.com> > > > > Introduce a new permission "setup_report" to the "binder" class. > > This persmission controls the ability to set up the binder generic > > netlink driver to report certain binder transactions. > > > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> > > Signed-off-by: Li Li <dualli@google.com> > > --- > > include/linux/lsm_hook_defs.h | 1 + > > include/linux/security.h | 6 ++++++ > > security/security.c | 13 +++++++++++++ > > security/selinux/hooks.c | 7 +++++++ > > security/selinux/include/classmap.h | 3 ++- > > 5 files changed, 29 insertions(+), 1 deletion(-) > > ... > > > diff --git a/security/security.c b/security/security.c > > index 8aa839232c73..382e3bbab215 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred *from, > > return call_int_hook(binder_transfer_file, from, to, file); > > } > > > > +/** > > + * security_binder_setup_report() - Check if process allowed to set up binder reports. > > Please keep the line length in the LSM and SELinux code to 80 > characters or less. > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index 0d958f38ff9f..2fafa8feafdf 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -2092,6 +2092,12 @@ static int selinux_binder_transfer_file(const struct cred *from, > > &ad); > > } > > > > +static int selinux_binder_setup_report(const struct cred *to) > > +{ > > + return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER, > > + BINDER__SETUP_REPORT, NULL); > > +} > > There should also be an associated patch{set} against the > selinux-testsuite to add tests for the binder/setup_report permission > introduced here. My apologies if you've already posted one, but I'm > looking now and I don't see anything either on the lists or on GH. > > * https://github.com/SELinuxProject/selinux-testsuite > > -- > paul-moore.com Thank you very much! I'll add such a test, along with other binder fixes mentioned by Carlos.
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 2bf909fa3394..395528de689f 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -33,6 +33,7 @@ LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from, const struct cred *to) LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from, const struct cred *to, const struct file *file) +LSM_HOOK(int, 0, binder_setup_report, const struct cred *to) LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child, unsigned int mode) LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent) diff --git a/include/linux/security.h b/include/linux/security.h index 1545d515a66b..b3c01254023e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -338,6 +338,7 @@ int security_binder_transfer_binder(const struct cred *from, const struct cred *to); int security_binder_transfer_file(const struct cred *from, const struct cred *to, const struct file *file); +int security_binder_setup_report(const struct cred *to); int security_ptrace_access_check(struct task_struct *child, unsigned int mode); int security_ptrace_traceme(struct task_struct *parent); int security_capget(const struct task_struct *target, @@ -657,6 +658,11 @@ static inline int security_binder_transfer_file(const struct cred *from, return 0; } +static inline int security_binder_setup_report(const struct cred *to) +{ + return 0; +} + static inline int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { diff --git a/security/security.c b/security/security.c index 8aa839232c73..382e3bbab215 100644 --- a/security/security.c +++ b/security/security.c @@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred *from, return call_int_hook(binder_transfer_file, from, to, file); } +/** + * security_binder_setup_report() - Check if process allowed to set up binder reports. + * @to: receiving process + * + * Check whether @to is allowed to set up binder reports. + * + * Return: Returns 0 if permission is granted. + */ +int security_binder_setup_report(const struct cred *to) +{ + return call_int_hook(binder_setup_report, to); +} + /** * security_ptrace_access_check() - Check if tracing is allowed * @child: target process diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0d958f38ff9f..2fafa8feafdf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2092,6 +2092,12 @@ static int selinux_binder_transfer_file(const struct cred *from, &ad); } +static int selinux_binder_setup_report(const struct cred *to) +{ + return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER, + BINDER__SETUP_REPORT, NULL); +} + static int selinux_ptrace_access_check(struct task_struct *child, unsigned int mode) { @@ -7217,6 +7223,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder), LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file), + LSM_HOOK_INIT(binder_setup_report, selinux_binder_setup_report), LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme), diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 04a9b480885e..156741f1ca3f 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -135,7 +135,8 @@ const struct security_class_mapping secclass_map[] = { { "kernel_service", { "use_as_override", "create_files_as", NULL } }, { "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } }, { "binder", - { "impersonate", "call", "set_context_mgr", "transfer", NULL } }, + { "impersonate", "call", "set_context_mgr", "transfer", + "setup_report", NULL } }, { "cap_userns", { COMMON_CAP_PERMS, NULL } }, { "cap2_userns", { COMMON_CAP2_PERMS, NULL } }, { "sctp_socket",