From patchwork Wed Nov 23 20:15:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054199 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EF29C433FE for ; Wed, 23 Nov 2022 20:16:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238688AbiKWUQQ (ORCPT ); Wed, 23 Nov 2022 15:16:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238223AbiKWUQI (ORCPT ); Wed, 23 Nov 2022 15:16:08 -0500 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8C8A5E9C2 for ; Wed, 23 Nov 2022 12:16:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234566; bh=lR1WPTQsYCs027PfXFxcPYUIMClhN9K8rmJdoIAAV1I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=q0Y4g+rVKwvhiH8pzbVyGGS+VUX9ONa9LjJqvF3l108wK/hduExEFcLdAnbCf4Z8RWymtQy7cxhzVF/k8Pls2yLsAbYjtD8NP1BPO1ZvUiZ+mAPCZ0UwyPEPFeNPrXsMRQXgJQ8L7FpS42i24dcNxaDKPAIWsMgPdEOFSTKjufn8EmsaV7CAyopBR6RlG+yhSUBAPvmKEsUYttWDhZVZzR/jylWYPa68PymdGk+RCqkufhNY8dMP3MDr+jubpPcfjRtpgwnKZxD5l9ewhsl80oHdzBRbUb1xUmPfh2poLAF5qc+Ju1LE6TDpL3G9B29znnqf3xbKUAn4IbEOu8DB1A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234566; bh=KxaLg5bAWvTLVjWoFA563a2lfKYa+745pCsc8yUbTj+=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=FVZkYuRPF3I3wnzwKHjUcMooWDu6ePDAgXtYWAj6z9p0MgNiTPE06BD8J3OVPufCscF3IcLUTOMiy9BmW1wW8hKbsgqdVgaECu+2nYc+n8jL9541ca3MwzXw2aO3daLth8IEG5pUlZwht6/E2S+4T8eJTnuOQPBfMAjO3qCNq1MNqvVvn2eO8EKK3F6bf3dGN3CnibjhAoQ6Gz1WA/JHNwE80Mt7pyIfbB1LywrUAs3kyhF8lEonLr4/QaDXy9GM/pdcYyrgvtV/DSYt5hQlTffFsLsPvKbs19H0KqVyMixRPWp3wB19mkLl6lM/fiBEkHkoZbYfV09v+dS5DTcgaA== X-YMail-OSG: _g6N3U8VM1mnSDtXkEv8Dj3Om1dPPbnMiMsrzHbYXEKStEX6tvkCdGOt7HqaFdr B0I2HQvmmvYfc6l2CWiOCpgyrZsIP4xXRvmlKexRqdKjn9Yo2GfJvd0hroQ3WCWQiEyMiP9_xFAh POe.dyf4QNq1emoYmAJ07O3WHr9pii1ydvq1TBPzB.ET5LeB2CCOMb5r.RVhl5E_r6.amtavHa0W snDg1QDmgcv82hBUI4vVcPIXJCtjHrLdnvVNFlfyXfTJLQwaNCJHtlBVEBeK4_sOG2D3zGDnyMYj eFgKU6whXEcc1CltYwJdcWCteXiGtFRSZR4gBMj82tLhsMdG1DmZsvhQ2lYzyaSYcZXPqysdxV8Y tsEl.EMs1DzuXkFdp09O_0aE_bb8pcM32JvpfRI5sUi.CJpymEcNOzdeHo_QQZLSYveXITGZWRWW 4BzFyf8zF_recGot2qo78lmnoezPODZkRjZ760TzLEC2GlJRuJWqwFGvKQMwU_3x2fd2y1l6aCYY q7sE7T86jElWFLgBz6WSzTWl3ceqvOiOIqbmmpiVSYympcoZ5aiD08OJHB0WkKCrBDJhaXDn3yFz b9pqyG24kCSO17KaG8a1YcT8XkCLgtrwcawYe_ypQ5GmKqAX3udnXEHtPAjqsbjcrqbWkcoPNAQa ejJUlHZt0YBgny1yMv2NhE38UpiQ3EpyrVKBI02YdBkn5338WTXoOa2MKI6Ls1X8HvrKNZl2rlFs KXvgbnivRpOxWYTmsfOeOus5kEXPTMrPhclYT9Y8CSEoKLzQdt60ccKvgLdBQa781LPYoDX_hlmj LmExWNqpmIzUewrfcuLlAJ49nTWWv5hUIcE6n_SHnIWkfJeZhzjK5keL.DcKm0CflFFBREDkQ47d 2iMeCMgCotgOSBTIAIVi2HtHi5qZv6mjlti7jcn4qcyokmg8v4vmgP35fq9TBe8p1IwepF3_ojHS VQwafIBhMioSirFlSMNgzrqlxtxIhTPrA7P6m.eWGTKZenhSKHYvLiBgsyXkXrrMmkBwQVXyVdeI KmoxFVkkUSmLT2L_pyRw5d2vfM566pUYDDG2wlPwOvjWjNkGAMcduRdC.qz8faw9tvKdbW.13XLs IWL5_8RFzWkg8HNjR5APwvYjdSdjMb5xla__PKf0GdGsutEurYV46B81uiCUQEwQimD.QDCQNX61 thx6CZ5BeNf8rIlIGVa8GqcJNNmEl3TR7UXk6.ykChPgvwYG2QE975L3hgcCkc85nZUQSx5BZTxP bY8YZvi5F5D0Cc7ilMWl7TC7aVL9mjSEwxkW5Hl8wxoN4wTKDmdvI0LCYeO.enKfARdVneQTvBjq bD_58E0K2wFUBeJRIMjpTKpaUjUuSTG2ByU7u25a1IFgujplqjVV.MH3vou2nIRHY0lm3Ky6AmR8 ML3lG.RpntY9k7JXBl54Crt6jPPwOyYPoKnnlmG8irmsgxQgtfjwVuqtj1gKPCjPnI5vFrm2whOG oxriBPhWLbKOkj5R2EqXYI9O4Ux6gHJ16YiRFYKb6bo2hMqa80e_jc67bksitOSujYsTmrQjLdJQ dcOzC3m9pxNePUWSuR5TRzCHaIl21CS0FHiUbKZ8c.0c1OQjkZNnc0c2IM9BTTCEeNHd2xlG1.B. CSmwSUENmDTM.qvuI6JLldVrvHJV7jfyuk2ROowMcaMlhbTe_.mH4oTwP7njLCtEsQkbtHUMR4WS XszTb8XgUmyKLfxGzuhB97K2mIGLmVbNhVWzcTvr0Q1aR3LErzCbL7k6FQenLiwQ74ozozprGLo9 ewkD40pk3U0X6iuUwZYy69rcdJI2WS.s3oA73L56B5k0CNaZU.aOoGHHT62SfFoLkQTLaqezYmyN YOmF52SalLOvtwLPLqtHISERV5pMdLpTWuo7f7qVIzJk8UZ.0PhMNuevOX3VD6feDnb_oMTn5mLN IBCRneI2HH6vp_loxVDdsL4uZ5pB_aOxhl5LPVahdYDKVzQUssrMjYwIK3dykzNL8dTwu80f22rT JX5Ly7rOvj920HLycQCK30NRpNF3zLsvYDNJf5GpbeMWRn_IdpJX7WdWErk3oYKwNYDg0aGAkENP pNVusx3eDMntIYmnfdc3BQHJiizYdga_YsRwcdgav4CuiWNl0IM2siqdp7ErwdZaVEui7YJaZc0F V25Bye6hC9uxWgPSGySouNXhWXgExVvj8ErbSmYJhy89EW1vvl62eXvU0Z5GwwZHk12TyTJP8jCm ZovDUdjlIvW74W16exzwSxMV34Um1GgBmLxLcRyYVWk0Z2u7TexWDgRC5jWMI9KfkJybW7GFE88J XLjmHzEyD2it1KDYiRaIwgT5IwH8- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:16:06 +0000 Received: by hermes--production-bf1-5878955b5f-686fw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 1f948ceb8dae6e5827701d3d40d1a9c3; Wed, 23 Nov 2022 20:16:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 1/9] LSM: Identify modules by more than name Date: Wed, 23 Nov 2022 12:15:44 -0800 Message-Id: <20221123201552.7865-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains the name of the module and an identifier associated with the security module. Change the security_add_hooks() interface to use this structure. Change the individual modules to maintain their own struct lsm_id and pass it to security_add_hooks(). The values are for LSM identifiers are defined in a new UAPI header file linux/lsm.h. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. This is an arbitrary convention for assigning the values, but none better presents itself. The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 16 ++++++++++++++-- include/uapi/linux/lsm.h | 32 ++++++++++++++++++++++++++++++++ security/apparmor/lsm.c | 8 +++++++- security/bpf/hooks.c | 13 ++++++++++++- security/commoncap.c | 8 +++++++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 ++++++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 ++++++++- security/lockdown/lockdown.c | 8 +++++++- security/safesetid/lsm.c | 9 ++++++++- security/security.c | 12 ++++++------ security/selinux/hooks.c | 9 ++++++++- security/smack/smack_lsm.c | 8 +++++++- security/tomoyo/tomoyo.c | 9 ++++++++- security/yama/yama_lsm.c | 8 +++++++- 18 files changed, 141 insertions(+), 21 deletions(-) create mode 100644 include/uapi/linux/lsm.h diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 4ec80b96c22e..d306db1044d1 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1602,6 +1602,18 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/** + * struct lsm_id - identify a Linux Security Module. + * @lsm: Name of the LSM. Must be approved by the LSM maintainers. + * @id: LSM ID number from uapi/linux/lsm.h + * + * Contains the information that identifies the LSM. + */ +struct lsm_id { + const u8 *lsm; + u32 id; +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1610,7 +1622,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1645,7 +1657,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h new file mode 100644 index 000000000000..47791c330cbf --- /dev/null +++ b/include/uapi/linux/lsm.h @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linux Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID values to identify security modules. + * A system may use more than one security module. + * + * Values 1-99 are reserved for future use in special cases. + */ +#define LSM_ID_INVALID 0 +#define LSM_ID_CAPABILITY 100 +#define LSM_ID_SELINUX 101 +#define LSM_ID_SMACK 102 +#define LSM_ID_TOMOYO 103 +#define LSM_ID_IMA 104 +#define LSM_ID_APPARMOR 105 +#define LSM_ID_YAMA 106 +#define LSM_ID_LOADPIN 107 +#define LSM_ID_SAFESETID 108 +#define LSM_ID_LOCKDOWN 109 +#define LSM_ID_BPF 110 +#define LSM_ID_LANDLOCK 111 + +#endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f56070270c69..b859b1af6c75 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "include/apparmor.h" #include "include/apparmorfs.h" @@ -1202,6 +1203,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .id = LSM_ID_APPARMOR, +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1897,7 +1903,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..20983ae8d31f 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -5,6 +5,7 @@ */ #include #include +#include static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ @@ -15,9 +16,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .id = LSM_ID_BPF, +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index bc751fa5adad..f6d50b69f43d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * If a non-root user executes a setuid-root binary in @@ -1448,6 +1449,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .id = LSM_ID_CAPABILITY, +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1472,7 +1478,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index ec6c37f04a19..2eb1d65f10d6 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 64ed7665455f..486ff50d54a1 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1201,5 +1201,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 4c5b9cd71286..eab35808f395 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..5b32c087e34b 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -8,6 +8,7 @@ #include #include +#include #include "common.h" #include "cred.h" @@ -23,6 +24,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index de41621f4998..32bdf7294a6f 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -20,6 +20,7 @@ #include #include #include +#include #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS" @@ -197,6 +198,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .id = LSM_ID_LOADPIN, +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -244,7 +250,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index a79b985e917e..e8c41a0caf7d 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -13,6 +13,7 @@ #include #include #include +#include static enum lockdown_reason kernel_locked_down; @@ -75,6 +76,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .id = LSM_ID_LOCKDOWN, +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +89,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..8d0742ba045d 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lsm.h" /* Flag indicating whether initialization completed */ @@ -261,6 +262,11 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .id = LSM_ID_SAFESETID, +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -271,7 +277,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 79d82cb6e469..b2eb0ccd954b 100644 --- a/security/security.c +++ b/security/security.c @@ -476,17 +476,17 @@ static int lsm_append(const char *new, char **result) * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + struct lsm_id *lsmid) { int i; for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -495,7 +495,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2070,7 +2070,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2083,7 +2083,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f553c370397e..5fcce36267bd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -92,6 +92,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -7014,6 +7015,11 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .id = LSM_ID_SELINUX, +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7334,7 +7340,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index b6306d71c908..c7ba80e20b8d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4787,6 +4788,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .id = LSM_ID_SMACK, +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4990,7 +4996,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 71e82d855ebf..1916eb6216f7 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -6,6 +6,7 @@ */ #include +#include #include "common.h" /** @@ -530,6 +531,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .id = LSM_ID_TOMOYO, +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -582,7 +588,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..2487b8f847f3 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -18,6 +18,7 @@ #include #include #include +#include #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 @@ -421,6 +422,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .id = LSM_ID_YAMA, +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +483,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Wed Nov 23 20:15:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054200 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 695A9C433FE for ; Wed, 23 Nov 2022 20:16:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238437AbiKWUQ1 (ORCPT ); Wed, 23 Nov 2022 15:16:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238552AbiKWUQP (ORCPT ); Wed, 23 Nov 2022 15:16:15 -0500 Received: from sonic309-27.consmr.mail.ne1.yahoo.com (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50F6778184 for ; Wed, 23 Nov 2022 12:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234569; bh=tapgCZ8UuEph/YgY9+reXApe/56KaTMCmFw4iIqnImg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FGS3lUPlr0MUlbrsZLOqk/0paEh93pbj0wIebypSTFyI8uvCuLbHHBpkcz6d3yhBEveH0blOrB0jiafR9uO5UOaCwKxkqthkZCsRqbcpSDVW2bthFO1i1ilGSPF1goKLYFDmJyGvEpot1RB8yllP2yZAEm+JSdFvLlhGlef2kvsOWNrphegnfzT3It4UUVQ/pDH3Tb16eP+ldScZ7k3GcW9x4J+b4Sp/FH1YynH+0Lg44mUS4J76bfwYuxZlc8Nq4J7jOhqbK+ZwyOFRuZVZsUClGTUb5yejU6lVy+hfJ03aeicrWTx8u7EAney7c/bgSvKViFSUVIngyKwwGwOtiw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234569; bh=MZbdQzdO9uYwou+YKeEdltqQEFCNRUQhkAxflK22JBD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TGfzb4mRN/sN1+g9eRt8tE3X4csM/r2IeHGGmXgNBWflccgcx2U6Lg+mhfbdjX40DEqLbBaEbGZ4Bo4aIPCoy9ivl5cWC3otPvWq1rebaVzWnqIwohkrVzJTabTobuC4rHUkqKH6WWd2U42wpQcyXlZyICpvWZ8sEIuYjdFJFsyFKp1bW1vzEr9r7sZFpIFwc9dC/VuipMukeve3u2mXEX6eUsxSjBmEvvoBuBxtTccuueUb2/qixIdkyhctlcuuFYW77t4pJkWIXOfq2DthiFIbYiCn0iahSbXjuyWjxwwfeeYarIpaEd7gyvaqMasZPTTDPzSRHm722GfaYQxgUQ== X-YMail-OSG: H9bkC84VM1lt2_4zv8BzLcFoiCUZHrWmPxpLE8QY6t1i98a686I6a81QErFIQ_x cxlsatomADK6BmlYc.6HqgzN8hvBhuF7xpiUncj3Ix6KZh3P5TnJYv2T8tA1lNIZA9.uwJLaDaSv zcx3ZuZS0Q9o3_ijJY9YbTSyh_5eNOr5gVifLs.ccNq9stkciAcqdGdql.dciN7wkzq7WQ3DcVb7 7PzAc.0GrWz6DW8iR5BVzdHyzRz016qwrQDyf14CSbUCsmf9aYu5o9b1c4tgvcG8dhODjyJo4niB MU0bidxMBFHXcfc2B08LOj0ThYmmhMek51XuZSHoyZSv3GwWGGXS0izIt_gwmTnRCa8_cGiRwt78 jRXp.8wbgcSN.NTOnHIKMAQb1VgOXS0zS1J_wefxokDQwqKnjm1xu50J3PFaapFGC0afd.bZUp_K jO4cXj4yTKNKMlEvsXc6IpR3Ewh0IjBObKbxkUcroq5xaRJRqm5Up3has0NrASUGpzOojPDpDfme gtK.MGcY8BzI.yAsVdUGxjEq3ibBdkp3Rv0yNyEjn5754dyMNydqa4fLte2Vl.VNGAjVcu7PxU4G ZZXfXKy22KJQpATlHJflkPTDG5763MWHlxYKrEkXu5eyeo9qESllsHu6rUhe1WkMWQrvDPrtD3nH CxEefpYSdpSiXZk6fHcIXMAWzf61sGFLWMEP7_nHulKJPHPmn3gafVP6oUcDQWpDmnVYj.mnarQw 1Sbd479rS9NPmEH5Hh_Q5PKahJh.0dhjAFVovGuLX54ofNl5nUayu9NKjFrgThDVInmDRRZj.0oT hwRTZNyQKjgXklH.efdHaHbRe6y.mXSOHrEocJVrNIoiI7yauR0o0FVc6JQIQTUPetESmhWjYHNH QSSMBoRKSCm2bg.94yBZ2781AFc9H1yc0YKMZaZcBEEh6agpOcQy4oOyRbqiD8LKbTpe7j5IkNrJ FLWy1T8vC4KPyJjwGm3xE9cyzNL2Qp_Bl3f4xOG282hbZbiYHVNeVYGvXPzPSvJXi.69L.Jw2m7U zJvQnm_xSun3ooBgwKrywwzXBXgkZVvYwVRok5wiC3y0Sy7x2olgby6nIw8AKeCmWzic0.HjyWH9 RTZslNoB7d5d9wLR7xAy.pR1y_S_yM6fd7cZX6vxcczzG7MJAq7Nym1waaS9ZEkUFDr8nrcoj4fH HYQLcNcgEf9pBc.M7IzdfVqScK4xMzzzkFGLg8LcwVKUXgDLNNKhtmOymCIAwkhPsMvEN5AkVgBx KvJocRATP4N_Z_2JvfL_4fJaPeZLk4o21WBR_QC262tNvQwT0vS3YGItUpUXl8uhyZbQ_pBqeM1l 7jpiwtb7ZoxqSADokJv8lZqXpq.SWZJLZff2E3Y3DicUQDx.iL97B92f7uUhqz9ZyO6FDKdyL3hU 8K1Yivk71JN_apRb_LAevWthIZ9lnkMDKvT6e0YDwqBrRWquapclTxDK3Qr7ceMIjajaE9t5ZRAh AcEApL6lttGUAxpeVoXUPMUvJN4nK.qy3yIwAFVnll13bCkzr7THzqicFCFHdH6A6DV.hjzrQMgf sscLp6joHEwlkVVJ8rfB08rx4w3sG3R0cvBijD1srHLnC9GAYgA1axjjD6IJNX.fojYYA4XFCGFu CERGVCs8.KpM1Mz_qO5K0x4GAiC1_dbuWzmdXJZsFOFeoqgOdfhGhUasUhMN58sb3GyZpXeLXQSk Y94qUzhPbrSYaiFa63ApW0eJfwGFhfz6SKtUfFnV.AuaXvti3KDn7fab8TmFG.SRg1Ov2P7AO8l9 xvXHicXOjfEO42tn16Y8dduaMXGRxycIYeJEWvuetsvPbTi0RLnKt02dk6YvSfVK2_4NxJ0OvtWv mtY0pAA6eKKtpEkHy4VwYcrNtt.p_JHif5XFSHmdeNO0UbU1c7ovyARJDL16QFT9Zsy5UclSpB2s KYNvMykmyrDyUwz_eWO9yBBTaYekLlYGxPOvsDxeFsQQPWR5FHxFUQTWFnSVeneK3zrdkzyntc2_ f9jzdHjmqDn0FDXy0M540TlnxVBrQa0jpp51GFhqjnDC_VXXkroWXYbo8nAYUYBgBhvkKISQR.8t frsKZbMeAWnKXKv5ELH411RX1weUtivguS0lEqH7uHU31yH7IgQZ77YWhIcprdymf.zQEF.hbb4R KrCx.IlWmVCnWJ.y250ITnbibJN__pGXlu_KWDC8sRrZJYRgQmbdNd7AZ.ziNC2EBhw0za0apB51 G8dG_sO7iYY6212zsV2Z_nUaq3h1EQruXbZ5ZtiINnIWDm7L5TYFH9GeLAqucPgORObkLz8nbB_N ExLw48_bcntTOsvckLsTyuyTZ4Pg- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:16:09 +0000 Received: by hermes--production-bf1-5878955b5f-686fw (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 1f948ceb8dae6e5827701d3d40d1a9c3; Wed, 23 Nov 2022 20:16:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 2/9] LSM: Identify the process attributes for each module Date: Wed, 23 Nov 2022 12:15:45 -0800 Message-Id: <20221123201552.7865-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add an integer member "attrs_used" to the struct lsm_id which identifies the API related data associated with each security module. The initial set of features maps to information that has traditionaly been available in /proc/self/attr. They are documented in a new userspace-api file. Signed-off-by: Casey Schaufler --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++ include/linux/lsm_hooks.h | 2 + include/uapi/linux/lsm.h | 12 ++++++ security/apparmor/lsm.c | 1 + security/selinux/hooks.c | 2 + security/smack/smack_lsm.c | 1 + 7 files changed, 74 insertions(+) create mode 100644 Documentation/userspace-api/lsm.rst diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index c78da9ce0ec4..6feff0fcd88f 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -30,6 +30,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + lsm .. only:: subproject and html diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst new file mode 100644 index 000000000000..6ddf5506110b --- /dev/null +++ b/Documentation/userspace-api/lsm.rst @@ -0,0 +1,55 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. Copyright (C) 2022 Casey Schaufler +.. Copyright (C) 2022 Intel Corporation + +===================================== +Linux Security Modules +===================================== + +:Author: Casey Schaufler +:Date: November 2022 + +Linux security modules (LSM) provide a mechanism to implement +additional access controls to the Linux security policies. + +The various security modules may support any of these attributes: + +``LSM_ATTR_CURRENT`` is the current, active security context of the +process. +The proc filesystem provides this value in ``/proc/self/attr/current``. +This is supported by the SELinux, Smack and AppArmor security modules. +Smack also provides this value in ``/proc/self/attr/smack/current``. +AppArmor also provides this value in ``/proc/self/attr/apparmor/current``. + +``LSM_ATTR_EXEC`` is the security context of the process at the time the +current image was executed. +The proc filesystem provides this value in ``/proc/self/attr/exec``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``. + +``LSM_ATTR_FSCREATE`` is the security context of the process used when +creating file system objects. +The proc filesystem provides this value in ``/proc/self/attr/fscreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_KEYCREATE`` is the security context of the process used when +creating key objects. +The proc filesystem provides this value in ``/proc/self/attr/keycreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_PREV`` is the security context of the process at the time the +current security context was set. +The proc filesystem provides this value in ``/proc/self/attr/prev``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``. + +``LSM_ATTR_SOCKCREATE`` is the security context of the process used when +creating socket objects. +The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. +This is supported by the SELinux security module. + +Additional documentation +======================== + +* Documentation/security/lsm.rst +* Documentation/security/lsm-development.rst diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index d306db1044d1..7e88acc37a29 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1606,12 +1606,14 @@ struct security_hook_heads { * struct lsm_id - identify a Linux Security Module. * @lsm: Name of the LSM. Must be approved by the LSM maintainers. * @id: LSM ID number from uapi/linux/lsm.h + * @attrs_used: Which attributes this LSM supports. * * Contains the information that identifies the LSM. */ struct lsm_id { const u8 *lsm; u32 id; + u64 attrs_used; }; /* diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index 47791c330cbf..8e9124bf622c 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -29,4 +29,16 @@ #define LSM_ID_BPF 110 #define LSM_ID_LANDLOCK 111 +/* + * LSM_ATTR_XXX values identify the /proc/.../attr entry that the + * context represents. Not all security modules provide all of these + * values. Some security modules provide none of them. + */ +#define LSM_ATTR_CURRENT 0x0001 +#define LSM_ATTR_EXEC 0x0002 +#define LSM_ATTR_FSCREATE 0x0004 +#define LSM_ATTR_KEYCREATE 0x0008 +#define LSM_ATTR_PREV 0x0010 +#define LSM_ATTR_SOCKCREATE 0x0020 + #endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b859b1af6c75..3a6bf4f95d84 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1206,6 +1206,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { .lsm = "apparmor", .id = LSM_ID_APPARMOR, + .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_PREV | LSM_ATTR_EXEC, }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5fcce36267bd..e831d9c38c54 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7018,6 +7018,8 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) static struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .id = LSM_ID_SELINUX, + .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_EXEC | LSM_ATTR_FSCREATE | + LSM_ATTR_KEYCREATE | LSM_ATTR_PREV | LSM_ATTR_SOCKCREATE, }; /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c7ba80e20b8d..c2a05217bde4 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4791,6 +4791,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { static struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .id = LSM_ID_SMACK, + .attrs_used = LSM_ATTR_CURRENT, }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { From patchwork Wed Nov 23 20:15:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054219 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E02B4C43219 for ; Wed, 23 Nov 2022 20:18:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238864AbiKWUS1 (ORCPT ); Wed, 23 Nov 2022 15:18:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239856AbiKWURo (ORCPT ); Wed, 23 Nov 2022 15:17:44 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56B715DBAC for ; Wed, 23 Nov 2022 12:17:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234661; bh=qn5dpYKouGdwygf/FqjybCs4Om0RnRLlJQiuetJGR6M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qTqW/eHWT8WjRCc8uRQmCBKS2i9SklVs3ONqvHqKD0iEbCwqLz1ITHfQTn3w3EgZh5lSfTQMR0KXY6VxbvQP8l9xCczij1d1ZEtlVc98Zlp6Pm4maF5xn7p/UDJRfB2Stp35YwrRoDkeomRbNeaNYF1nWztBkCoKTQecYHJAq/sU6RIlG5/PnAfThzHnbrMO3r5IkQcV/ElskTRG1KeKru0UgWk+R2vp+BbP7yZMF/+3S2hL2Pw9kTmsqccYFTvT8WA5yis9hBWQyHcJgTIzf8KiroafQkvDfpVaLKcqAApdyoSPXrVzf1rEzL21n0bPgaNwv4exJN0T7lC9hESKRw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234661; bh=gzkH37PRs0s4Qmji36nS4+lgtVYWHth9/0RL2voc0F0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=SfLei+D+XQ3w7LSAuj/6d1pEGcuMkp6ZdTtkqmZR4L0sI1T2HBbc0bKB1ATaPnUG4QGowIwTw5LONy+TiEKpNFtn3ZYg166090Ojh0Zg+GtsUZKdd0HabjLzq/zgFDB/jj3P4WcjMzllV5UoVCU/dRxDea5xeg3NhGv4T7ZaHbnt9obSa/7IV8D0tUQzxRLUGPL22oDbZNawk20DrBqwl1WUD685PQ5bCSL5OWmXoPiLY26Hhpz1hKLtFiI5w+eVpuUe/MPHMYKMZBk2LM0aNGE2qIl2x9JChz0weyb377YkdUHB5Zg7SkigPkhA5BtbF/6n2UQGD2AZHezX5BwrDg== X-YMail-OSG: 0LvFKBwVM1mhMBcax1IiFEAdTUQL6mr2jouMibQZTzj76DHsnkXN4_g43RW.6Ou RWLq7Ig23X8FQcsqeMmSpGKO0pw7X3GOjMqaOqToo0kAbcFaeL9hwveMOvm2FSa_pwJHL.HHsg0j WV78uVoQWHmdjZZNKYwqcpysf47Yz_2kRAd9pLltXXpIO.HEeLx.E85p_MPI1E3hokTDYtHCk6VB M2UhIO65WiUiyvBxpm3YN2aXqqLC4RuF.wJZTT7yQtncHnEc0N_dq1RN3ij9seIZK9iVGN_cRnB1 xgQzmmaLklrs7Io54.h0cTLD0.bq_Z6NF_zp47wSwt_s8clJ7nAPhxRANTW7Buh38W1UlHvl_n3h FenJe1lJZppsvg0PbWPDrJupJuguzPyz2WTeZRR8vCE0gwVdHhrPsRATERSHmgef674xi2cBAhcY WLk1mTY0xfdYU8CzOppkmcCcMe1EXLRbTU3yBXIEdp91eanBL2yLgoQnCO1_YybHRupztWso0u03 ybhIGlHz.qAIbWoNItkyBvruXGme1cd8h64wTpXRlSspnZyeHl1BZE0x7Vdir9nmjBDVOO_UCEpQ VIlJptGMN8VCvslfzdyec5q.qHALzSquh7tu6Ln1qaeifAY81RPESWfuiyhMCUKEQkckrYKVmIYJ IfifaJATfc9uVvfxoBNcInUECCzOzXU60l_xTy9WVhj3UgsJ48cvEQOsOApBAo__iWw5JpvEbHif JpN1FvWxPk2MMKDiRyfJ0EaQdQbNmNLxhEZsVfe2q.AKZHdl3m9ph5pJ0ydeOzfiL5PG44Ocfqt0 39srO6e.FasBf1f6J9x86hdlKmHyw4t14M6PmZA3oxh6Xu9sjUBogO4sQLO0JuTyNZoLpc4I4c16 tFPrQMH00zLLdjTNFMtUZGgPUdLQvdpj1CHx_sGNk7Lisr5lA6BhvHokFqu7bO2v9INEKDHoRZ.o qO7rr6HS5dlg_NymwmQGS5aqncBqfouDPdi0DkEZLttoZMFi_bFXN3YnX.J3P_HDPkqtCM7.3.nP f9NeSEl.gXaiBblhhALks7ACtO7xlt4kxt8rubVEKIl9rzeOPweWGTuj9HFUmALzvpqqNTpDviN1 P4aYqWbIzNmo0SI6RubYSB7QsKS02sM6w4WnpPMP762dUaP739K_Cj1Kv2O712i8XB8DX4OFABwy DhbPLZvEU5lafuo_PUU.nS6rRv4XlMk2wpsMThUo25clswKff4W9EB_5n_Jy6gcpTyEhrjsmSW__ CxoMrjJczz9XPGBT4MVe53uUbLhstFipQ5g2T99NLb56TaGZVNqQVSBn1Q3qOtG3pXDZlBabbTRa fIWZaInIDMG2t49HfiNtR.qWl2DeIgJY0MRaJXEL5VDaJH.If6P8LmtVaA6PEgPLtgXXK4BZGRi9 IbA8ZWG3CK9Yv8c1CRaeYSJPPARVR6sUq4HM9O.WO0Obd6OhqDoC326nnMBnq2jDMXFoorvCelPz I85OIUEvsJkbIpFetUc2VzdrkMUCuLaTPCk0jFURN7SHK7L1EGwhdUWH28g6GDRo4ceX1QxBhOdh ydHZnjdS8HIhatUgkotdfj1cMYhAIC_RUVKPwoVHpFDzRWgNiWkoZKjxkatcEgWdN7XVekPr_AOq kQOq6L.ie7vwRsjqZ2MLElvnD6FJmnfXF5ggUjxrXrt2Gij.rzL43u8UYGcDsK.Q0STyFfTvuVni 7pFhjZVE6Rlr6Bvp6WhBk_OPcSpok2dfdJ8irg8kiBAfJbwdylHiqLN7LrJALCinDclAziMMoGZp swBZhJow7t2e9ZeUy69KpEzdKrq89vFJGHkJGMOh8BKPq3cavNRDtP0uuPYec7EAe_mlsXk04o0m FG5yp7fDRuJhot1CkL2h4bvOHlVZrgMCSbn_yp4mEsGDVxi0F0jAWQ9rP9d_b4LKiwpTBFF3HT9N zlQgQjrMIJdo28BjGWDegpLciY8rf2eZVixRQ5iblWWhACPWCyMH9PfiW.lKlPehetHeGVipKrhQ _CguN1a7nVG7Zmj1LGlg1yNhv4M4GO2x3TDYEK1PivB3Ght6WFWFmgXKkC67jZfi7pbeJ1n8YArR L0FHThs6MLoQDEA2GpUbVQBK5bj.f2wZIT_qPom9hRn8q2vdzp6.J4_mUR1ano5ztfmH0RC1RaEA _SRVObRqS31qkoH9NE2Ii80sx9i_m5x9jRDkXp8NYzQymgm5MOI2E_tF1JjXxPZIO8zExI6yy0rK 9jicm9X_4IAYNr0PeUEVfVxSnPB7OZb36HexxvNfzabXmVw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:17:41 +0000 Received: by hermes--production-ne1-6bcfb7fb87-5nqxg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID c337f88fc64cf6889317bc459f114f1a; Wed, 23 Nov 2022 20:17:37 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 3/9] LSM: Maintain a table of LSM attribute data Date: Wed, 23 Nov 2022 12:15:46 -0800 Message-Id: <20221123201552.7865-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: As LSMs are registered add their lsm_id pointers to a table. This will be used later for attribute reporting. Signed-off-by: Casey Schaufler --- include/linux/security.h | 18 ++++++++++++++++++ security/security.c | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index ca1b7109c0db..5b7d486ae1f3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,24 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* The capability module is accounted for by CONFIG_SECURITY */ +#define LSMID_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) + +extern u32 lsm_active_cnt; +extern struct lsm_id *lsm_idlist[]; + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index b2eb0ccd954b..6e8ed58423d7 100644 --- a/security/security.c +++ b/security/security.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #define MAX_LSM_EVM_XATTR 2 @@ -320,6 +321,12 @@ static void __init lsm_early_task(struct task_struct *task); static int lsm_append(const char *new, char **result); +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __lsm_ro_after_init; +struct lsm_id *lsm_idlist[LSMID_ENTRIES] __lsm_ro_after_init; + static void __init ordered_lsm_init(void) { struct lsm_info **lsm; @@ -364,6 +371,7 @@ static void __init ordered_lsm_init(void) for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); + init_debug("lsm count = %d\n", lsm_active_cnt); kfree(ordered_lsms); } @@ -485,6 +493,16 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + /* + * A security module may call security_add_hooks() more + * than once. Landlock is one such case. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt -1] != lsmid) + lsm_idlist[lsm_active_cnt++] = lsmid; + + if (lsm_active_cnt > LSMID_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); From patchwork Wed Nov 23 20:15:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054218 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1385AC433FE for ; Wed, 23 Nov 2022 20:18:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238778AbiKWUS0 (ORCPT ); Wed, 23 Nov 2022 15:18:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239842AbiKWURl (ORCPT ); Wed, 23 Nov 2022 15:17:41 -0500 Received: from sonic309-27.consmr.mail.ne1.yahoo.com (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ABC045ED3 for ; Wed, 23 Nov 2022 12:17:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234659; bh=j9RdGcq2KLZ9SRgLIOfH7nW4YaoWEDXDkA2l59EQANA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=sWcBYEOrBkxwivZqnZBTIkdQJxGds3Dt4w8aDCXZwLi+u1/pO6gETAIrzLHqzzPhF+YbWP+db48cUsuxlQyL6liYIjWJ5XLsTRioSYREV49gLHQI/Hp99zZHgNpx0xK8Cx4ABRplpQNZaLthDsysDBY+YqLCAvcKcS4YLWayLCyv6bZTywQ/aj8zQeaJIigr7mHP2KU7WyzusWWGOSNMDRf9xygh84kTxlXoWF6fORpML9CAlYaky2YxKFLtO6YW6htZa+xOid0cJw9iCjOqL2MGKCNafSNUpHkYE1MfmW1VCG58YTVCUKm3AvdqzBZU09konTX/5tiTlGKDKC6uwQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234659; bh=8UHyaG4LGl71MEIWvw3TNTPVn+hPITRTa+JAAVqCBje=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=N02G0NkEU8X+qEe9lS4N955BgRUnTppkV9C6WdKvb/fzWo4/wTfQcWWgizQ+NU6g4LaEg2ooSkPW/ROjAaOCwF6T/WKOg/6h6ABpz/DVRKC6TUrNZ5XxS7RmojndwMpPu6r9vYOK04Lgo3Gjw1hwH3rrW2MBcDdfh60kTW+Xqd+CTisFV3eByDASfB7UPJw6aVY7oiHYBGPuks0qNZZn7HMgKUnBpLvizP+QWJooZisBgN5Wfcao+SWskVWsR7aUotSx2CxC0hmbrAOWgE42Gbeqde/oof8J+iCvyR3pbs8wX78GLdreOZOYK83CUBPMUA+U+1HW9croeZwOl0P/2w== X-YMail-OSG: bmwgmBsVM1lU4316vgYQSMMy4ou7bqoTOXiPvHdHW06ft4xMca8_C2TltouykDb vg2h5TwghebdlokeB9Bo77V6z1sIVmxvtzKZWBuW8SiTyYYaeyNA754b3EjH1zbqDOrGwdaAuCfn vY.DsrntWsESBNc2MufzlI_c2bdwVZQMKIWZvcukkchkgrLYXsW0go3w36MBm6ZYh4lfVs0zYz4p Kwr1EUSv2TF2a45zWqv03XOr3O3hbHd.K7lGL6IF590nbMAbYq1A1DiuiJJ8ojl71tIdZrj5liA3 dicEmFr338VrnC2ric77qMHPtO49uyYkiC7RMEFubuvPr4qOs4sqgpsQGA4E4lMuCXIXODvLVIbZ 3Xc8l6MGqnZbPqgvZ80OIPjbOUVxaUd.Sq7F4ERvCWnpxf338XhVyFiuacPgjobdUuz4Xv5iyeAv YftlHd8IA3PFuMdKjv9dH3aPbSadLKBxG_bxpiFXRDW1BB6vYQMZ2deQdEi_RUuoJkyHmefHhDc5 LQALyGc6cJ8qEwIrB4BXjQnA6hy.NUCA_eVKOZ1dzH_3D.gUR_0BP3zrRx3OzzwhfQYvuJr4eTzT VBZhZ4ABaOZfBVo.zPcEY1mElXj14LxPPP1fLQmM7ZhUxbDkGkq6.JmLXDlPGXCmL7fFhB_SoboW 8c1qaWSARQrQaVzrVWP09MXPzXPL3NutwLDQaQNWbZPTYirw7aFE6_BxgdwfWBsXIkLTO7NcDhG9 3OtteFtq39ecbWixKxNAbj5SQiHMEqn_3eEttTqQzrtzclerk3m5WOQ6q4evKSuj5xZIkeexVCWv G.iPUopqKQAEd57osXpfmnALxHEgPn99aOtTnwIFZSYrckIuPskrWG0idRZDyv2miq3gI9ba9i9G CvaudwXIG74zOYS.OTtZuPivWzMyQKhiFQMi1.zuyx9PvIKzOPgjIdemK7usWVam0p3hACQjI2k2 WcgphK__6SYLGK2kUj8CLJgFpZo8_5GrMK869J3LlO4UKjqCDQ.RaexBzdE8SB3KIzoFkJtMXya7 3qgI2v3A5udrNNGybL8KgFo_Ljtgktp5s6KMYTNUTn3ZcezRM6ChwMrterzsjIvZom87UsbHya_X X9P5txMU3.tccIKvqKx6CK.e7Tsv5XIMHUHl3sa0PYj.EEF15Ez.jogH2.tN5Ef7r3Muk8xLYrl6 8IJ7tuLAH.rNKy1bD.LSZ6XHx3illgdhKnEYe2C_GT_uVGtVKE10Di5NIQoUyqEdltwAb5dgvdM2 PqWJVEPLUFMwhMnbdPI4U78Q_jffjUitFhXYeTfr..OKxjOdX0iaKumnNt_AfjdZAHgktOusGHX3 kYIh_486i1TNIbJAYumQaMpz.w2gz8JtatmHpiIXDFQ_wYZRzv9IsNPXdTrpWX65VXByoOmDPuXe HT6vNjPR0jCDbv2fDdlXvN3CPidAiT6XFnaFyl.P7kwbL4z0EMg8.EF7x16bXA6remb5Wucxj6p6 BIgrXWpb02..wMc22tkccYmI6w9BMBXOe1tVpNJ6j3Um8pJdc8ewINYydpM4J0JjRrCV0gesVsM1 GTUC3cSCrF6xsOEwRf3tegAoKYmXuOiENNy6vOmRAOWnKrEojBsN3HoDZCrN0vUmxbVShD0xsDIl CXNxhdQTT9mjULbsPXInOwez8wSuNrEHLfkAVwGx6fnoOa.2GPiRuwGmgsTZgTJG6dtwn.0Uni_P k9q5B6E2SJ6a3Q__9fA6fw0ABRxqjaJfPOgSgW1dKC3JwDc5_f5zcLonFgz_fuB0Dcqfgz0jbuON dH_gWf24LRfJedWO5Cl7L0HU2nsQ70QcWrpq.Q1GTCZMPVopyF8VNoCkxoR6mSR_LFuzsE60sbka gNwpdoolTKdX26i5ZHN5YdWetFyEvM.HvqzuPFGf5p64emyEfkqYWYiQlRtOofef6NE7xKD8XpH6 iQnnah8n87GxuUpP3q_XWu__ck7mfdzkMNepjVUpjospqL3EoxcrDR2eApCcbnVYfNqkEdpH_gI3 vcJ.ZNqL7vZ3ya5Prha8zmClB7lbB3qrDvWhDJ0_cU5NpKjU_7r1Nnx.fXqgoFWMZqBdDIDcjoWg KrMwCIbWEWKTkOkVxsWw.mCk41di7pRzQn8NDpxyaZaSCVoXEnhabwEeVYBcjIY1YEEO6pxLEld0 rQFFUgUPQrBtN.70tHVjb0Q.xlOfF87Olfa8d_P_90miQD05uOTq.zs0fOEJ4cOajd59wQe2TBUk 6XHUA5HFpIUAlq01bOGUVkkpI81YUpROBFlRWbJh57MhQpWGZ X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:17:39 +0000 Received: by hermes--production-ne1-6bcfb7fb87-5nqxg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID c337f88fc64cf6889317bc459f114f1a; Wed, 23 Nov 2022 20:17:39 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 4/9] proc: Use lsmids instead of lsm names for attrs Date: Wed, 23 Nov 2022 12:15:47 -0800 Message-Id: <20221123201552.7865-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the LSM ID number instead of the LSM name to identify which security module's attibute data should be shown in /proc/self/attr. The security_[gs]etprocattr() functions have been changed to expect the LSM ID. The change from a string comparison to an integer comparison in these functions will provide a minor performance improvement. Signed-off-by: Casey Schaufler --- fs/proc/base.c | 29 +++++++++++++++-------------- fs/proc/internal.h | 2 +- include/linux/security.h | 11 +++++------ security/security.c | 11 +++++------ 4 files changed, 26 insertions(+), 27 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 9e479d7d202b..e3dfcb9d68f2 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -96,6 +96,7 @@ #include #include #include +#include #include #include "internal.h" #include "fd.h" @@ -145,10 +146,10 @@ struct pid_entry { NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) -#define ATTR(LSM, NAME, MODE) \ +#define ATTR(LSMID, NAME, MODE) \ NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_pid_attr_operations, \ - { .lsm = LSM }) + { .lsmid = LSMID }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2730,7 +2731,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, PROC_I(inode)->op.lsm, + length = security_getprocattr(task, PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2788,7 +2789,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(PROC_I(inode)->op.lsm, + rv = security_setprocattr(PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, page, count); mutex_unlock(¤t->signal->cred_guard_mutex); @@ -2837,27 +2838,27 @@ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ #ifdef CONFIG_SECURITY_SMACK static const struct pid_entry smack_attr_dir_stuff[] = { - ATTR("smack", "current", 0666), + ATTR(LSM_ID_SMACK, "current", 0666), }; LSM_DIR_OPS(smack); #endif #ifdef CONFIG_SECURITY_APPARMOR static const struct pid_entry apparmor_attr_dir_stuff[] = { - ATTR("apparmor", "current", 0666), - ATTR("apparmor", "prev", 0444), - ATTR("apparmor", "exec", 0666), + ATTR(LSM_ID_APPARMOR, "current", 0666), + ATTR(LSM_ID_APPARMOR, "prev", 0444), + ATTR(LSM_ID_APPARMOR, "exec", 0666), }; LSM_DIR_OPS(apparmor); #endif static const struct pid_entry attr_dir_stuff[] = { - ATTR(NULL, "current", 0666), - ATTR(NULL, "prev", 0444), - ATTR(NULL, "exec", 0666), - ATTR(NULL, "fscreate", 0666), - ATTR(NULL, "keycreate", 0666), - ATTR(NULL, "sockcreate", 0666), + ATTR(LSM_ID_INVALID, "current", 0666), + ATTR(LSM_ID_INVALID, "prev", 0444), + ATTR(LSM_ID_INVALID, "exec", 0666), + ATTR(LSM_ID_INVALID, "fscreate", 0666), + ATTR(LSM_ID_INVALID, "keycreate", 0666), + ATTR(LSM_ID_INVALID, "sockcreate", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/fs/proc/internal.h b/fs/proc/internal.h index b701d0207edf..18db9722c81b 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,7 +92,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - const char *lsm; + int lsmid; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index 5b7d486ae1f3..ed2aae04db3b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,10 +482,9 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, const char *lsm, const char *name, +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size); +int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1326,14 +1325,14 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, const char *lsm, +static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(const char *lsm, char *name, - void *value, size_t size) +static inline int security_setprocattr(int lsmid, char *name, void *value, + size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index 6e8ed58423d7..7d6e4f788f93 100644 --- a/security/security.c +++ b/security/security.c @@ -2082,26 +2082,25 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, const char *lsm, - const char *name, char **value) +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, + char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != LSM_ID_INVALID && lsmid != hp->lsmid->id) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size) +int security_setprocattr(int lsmid, const char *name, void *value, size_t size) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != LSM_ID_INVALID && lsmid != hp->lsmid->id) continue; return hp->hook.setprocattr(name, value, size); } From patchwork Wed Nov 23 20:15:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054220 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29E8FC46467 for ; Wed, 23 Nov 2022 20:18:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238966AbiKWUS2 (ORCPT ); Wed, 23 Nov 2022 15:18:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239875AbiKWURs (ORCPT ); Wed, 23 Nov 2022 15:17:48 -0500 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED05F43AEE for ; Wed, 23 Nov 2022 12:17:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234666; bh=YdB7BgVRtE1M+y+ieY1Nzu+9wxVYg2PUdxD+5M52C6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Q2bIT9VPUt4zIN1k3kRIENUHkRsXqGJLqlIjtOqTliwGy45XttGtge0h2fofc+RU/tdLibHu2T2SCPh6qVLNCFxJAGnccXmzUmShAVQlhhGrMveuVaC6cuTMYW05JvBtP6gcViv5X7greLpEWQzIRMt7/LW2An/ZwdYHFYs6M6V6UCAzMlWZ54szRZLT90JLFfLF9kkpzsuhV0pI0bqD2SkfVcFGFUTfbobjr1Pcd4MUgiyjA1+tXmBJaDlcOP+spapmPtTf2AmdedpY1OOZKMgQudJjQfV0DYdo2yJixboEuBQ6vieMcFBIsLTGX4+jqwVzfYA/Lm4mjDzzFS4etw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234666; bh=Uhl6uDkhiO1THX1yrKs9jusY3cH9pVdGu93Sg8+Jmy6=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GyEmCzc0Br+9xad9LaTqL5vquOMnq/JwYGw75t5O+GHQEn072a7Tj88IwjQviRIPEfGchs0NiQvakQmxDRu/6BdMw3CeEX/WnBHyL0xudGmgoRV0pkWH64RPukMyW3sdoicL3/JlMxidSeWPbSFLr2YgimvZChP+g8S6I46PSTWtbCIxdvb7xT2r7o1Bj6ApJ/fMV+gVo7g/LVN1Q3PqpdZyzsj+YN6as/hKZ/D4Dy3WD+NS5ykzQXDAf2706CTvnnRZt+lYrCg1vwxDOCl8RW1UzxRtWS/12g4Tbo0VnrH7aJtZDKYkKVV7Jhj6/12hKmzsFBB8oY+xwDcrAx4uvA== X-YMail-OSG: BM775HcVM1k71PyGQY4.Og9cZkVQNB4vnNFqFRnr_ym8uffWzqiBfzOnA_JqkjX w6NGaZOBW.N4v5x9TyZ0cR89ncroz9H6NSf7pD4TYAS_.YyWd3TU9VQILI6iUJLcTxppw1BqrqhX sXPcclG59Lq36d1tGKELvbd795CNdrwzSU6rrAttK2DlwTAgAYe2a8sN6o9XBrtptRwY_F.YRzZO 3V3NBKMm5boWBmjdPl9CD0cfgIeVCvK2f3tbkkX9ykInp_lerktewMGdS8L9J9Incj2umj3JueHb BAOZozjeVU6bYP8lVicgkHkNsahUFz5NOFptdS_TjY4OQjIb1v5xyHJK94oWB1ZRdN.LmsjkbMAZ U8yt3z0AjkAFFz.V7xkMei1bqgiKvpkvWT8HP3cyMoxxjKkTZZTpiIbDqjwH9OHrvqRbwbJK8hS. h8mXdSYmboa_u9up2CH_739Job5gs8W4qZH__aLX1bScswbcXebPhkVYnXFfiQNNBkwDVuucW860 Al7tdxohfyYPEEQ1R.s47a.NXQx8H1vQcha4RcMcaPa6GPEg1wSDR2LFUCoOOD0GT2fy1504HQpn TGDG3QwJSSz1P_HMsT31AcTcNx9ZAw_ZsTq0.u7mB1_08gGi2xdrBcl8MUwR7vvNf40GasPRo1F_ fFoY5nCtOpfW00aPURcCasvabd1hqtIX_94ZrLjkVy3mnLMoTv.OQhsF_kUhfnTpqzFEZCa3IPjh cFGjFg0JJiZeM29ymRb9Zi1LT_n2HJbtzbMzP5inRZAtErX48byXzbZh1NBJZKV48j6Lr15b1pns OZAOtTWFlzL6BW_SDXE6D5DHzhlsxARhBFcmSrXE7x5pnU.D4dkDC5dbiZw4Wpr5vdnzni3E2rPW YYy7m9CPK8gT64wDijjSlMKRuKcn4RW6vVT1H.AnRGorpWrmqCutcC6qROKiACl9tmTRasixaIGZ 0.etGhK.wT_hgch4.FgqKYMTsj2M7A0onfYjeixlNmpYx3AAFBS0yvfp.hBmhlHHVCCmhSHJiMEW BKbXUnE5RKx5PYzoTaT18MLZSAA47n5RmLIAeEXApM6KtK0x6B9sOhs.7w3Wr30xZrVaIWHI5JjW rb6HQJcgTCRmSQZZzUhoVVFpp6A6KXuBjyzR5P6qZMZBpiBJ39brfP2cmkhYuKOP_K7dPNUwcoz_ fXxd9FsNKnNnf4LgnrqYB5ifdp2l0F8r1LKmxccN.JeuoQJ3XkTVcnqpp9QZYKMvWrqQT266WMrz XfyNYQSN41kfm9tzZ_JaSQb7suuN9C1NgTwqSd_x2ZGn83AOepREB91AkGZJnI8O6a56__6AnGr0 J36w4c6gGwqywBoG.V8.m0VnDQIWITqSiYoXBmvF7pktMDyr60HxOzDSToXqp3z2KoeNAJKudm9K caexYVIRp.GcylKPdTgogpGeetqug4usUYA1aO3GowCETo62IG_SHjQMz9oEtntgRBcqSc6EYDCK 0rg94tvGG2_YD89Liz2NI940e4Fqy9dsX0K7AgJB4JMKtBg41Um_FHg6XBMfiaj_WlrrqtasEKxJ HToMCQn0m0O_65KrJi6RiSD4laZfMuK5fgJPC8eo7MBUTgPimusFAg.HvmzHzZj3_HZZ4M1wQ5B7 fyi6AQ85ZXq86u1JmBkOrATXE61Z6PkqIbkvbyNK_Qifw.A5IFtohtKhGopbSHbsGe8hlzXA5EZV SuavXtshT5XwPOnoYX0o9mQQuhF6dis2hHRbKs4YC.J30._jQOLut3VCM7m7lHFo2LihgciYrg72 wc2VMUbMwKT5TfUdbRQ9nUgcHEXDfzTQ.oogrKtGg2bROB_HRCmfptC223d4mRD8CKyhKVNbcale 2MWmBvGnqeUG7mvUiswGPd86hbGz.fIN1A0b4aHjUhGl7z73chE29AOI2udxZqEjQ2E836R2iz8U gk4Q.GH0zFhu1eiJJksHskHdyIcIGNxidT6sCQzlRFKZFAPn4W5ZlNWxHPE._tMRurR5AtxARXyw JKGdVPgTRTKpP6LTi9mldfmI5uk806NaTevIhMydqhKb1PvrAbDUqEOgHVJlUDXBBhH9sWEfatov pTCVUyNnoRlX1Qg2SCDKWye.AO.j.7hJdsZyu73lMbG6Sf9uQ9V.fj1ymWU.cN45my95zoN1OMr2 d1SDtlh4niX6Kiad.pupFkkj6SdgJvVLVGNWKDq14hq2rqoDXY8qou_6rI.jv2nFGBfIeuCbCdQZ I5LZlZRPzZ9KeTYVkGitVtpamxbgawsiGTzuqNoOtcOgRODL5kcxPP__Th.zS6A8T4sgXvB7gf8V dc4PYjskBGtJz3K4xBeaeUBB6AQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:17:46 +0000 Received: by hermes--production-ne1-6bcfb7fb87-5nqxg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID c337f88fc64cf6889317bc459f114f1a; Wed, 23 Nov 2022 20:17:40 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 5/9] LSM: lsm_get_self_attr syscall for LSM self attributes Date: Wed, 23 Nov 2022 12:15:48 -0800 Message-Id: <20221123201552.7865-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_get_self_attr() to provide the security module maintained attributes of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. Attributes are provided as a collection of lsm_ctx structures which are placed into a user supplied buffer. Each structure identifys the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module, but will always be \0 terminated. The ctx_len value will always be strlen(ctx)+1. --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 9 ++ include/linux/syscalls.h | 3 + include/uapi/linux/lsm.h | 21 ++++ kernel/sys_ni.c | 3 + security/Makefile | 1 + security/lsm_syscalls.c | 182 ++++++++++++++++++++++++++++ 6 files changed, 219 insertions(+) create mode 100644 security/lsm_syscalls.c diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 6ddf5506110b..98a0c191b499 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -48,6 +48,15 @@ creating socket objects. The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. This is supported by the SELinux security module. +Kernel interface +================ + +Get the security attributes of the current process +-------------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_get_self_attr + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index a34b0f9a9972..2f2434adec4a 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,6 +71,7 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; +struct lsm_cxt; enum landlock_rule_type; #include @@ -1056,6 +1057,8 @@ asmlinkage long sys_memfd_secret(unsigned int flags); asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long len, unsigned long home_node, unsigned long flags); +asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, + int flags); /* * Architecture-specific system calls diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index 8e9124bf622c..a400ae056d22 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -9,6 +9,27 @@ #ifndef _UAPI_LINUX_LSM_H #define _UAPI_LINUX_LSM_H +#include +#include + +/** + * struct lsm_ctx - LSM context + * @id: the LSM id number, see LSM_ID_XXX + * @flags: context specifier and LSM specific flags + * @ctx_len: the size of @ctx + * @ctx: the LSM context, a nul terminated string + * + * @ctx in a nul terminated string. + * (strlen(@ctx) < @ctx_len) is always true. + * (strlen(@ctx) == @ctx_len + 1) is not guaranteed. + */ +struct lsm_ctx { + __u32 id; + __u64 flags; + __kernel_size_t ctx_len; + __u8 ctx[]; +}; + /* * ID values to identify security modules. * A system may use more than one security module. diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 860b2dcf3ac4..7b2513d5605d 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -262,6 +262,9 @@ COND_SYSCALL_COMPAT(recvmsg); /* mm/nommu.c, also with MMU */ COND_SYSCALL(mremap); +/* security/lsm_syscalls.c */ +COND_SYSCALL(lsm_get_self_attr); + /* security/keys/keyctl.c */ COND_SYSCALL(add_key); COND_SYSCALL(request_key); diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..59f238490665 100644 --- a/security/Makefile +++ b/security/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_KEYS) += keys/ # always enable default capabilities obj-y += commoncap.o +obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c new file mode 100644 index 000000000000..c109a0dc18fe --- /dev/null +++ b/security/lsm_syscalls.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * System calls implementing the Linux Security Module API. + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct attrs_used_map { + char *name; + int attrs_used; +}; + +static const struct attrs_used_map lsm_attr_names[] = { + { .name = "current", .attrs_used = LSM_ATTR_CURRENT, }, + { .name = "exec", .attrs_used = LSM_ATTR_EXEC, }, + { .name = "fscreate", .attrs_used = LSM_ATTR_FSCREATE, }, + { .name = "keycreate", .attrs_used = LSM_ATTR_KEYCREATE, }, + { .name = "prev", .attrs_used = LSM_ATTR_PREV, }, + { .name = "sockcreate", .attrs_used = LSM_ATTR_SOCKCREATE, }, +}; + +static int attr_used_index(u32 flags) +{ + int i; + + if (flags == 0) + return -EINVAL; + + for (i = 0; i < ARRAY_SIZE(lsm_attr_names); i++) + if ((lsm_attr_names[i].attrs_used & flags) == flags) + return i; + + return -EINVAL; +} + +/** + * sys_lsm_get_self_attr - Return current task's security module attributes + * @ctx: the LSM contexts + * @size: size of @ctx, updated on return + * @flags: which attribute to return + * + * Returns the calling task's LSM contexts. On success this + * function returns the number of @ctx array elements. This value + * may be zero if there are no LSM contexts assigned. If @size is + * insufficient to contain the return data -E2BIG is returned and + * @size is set to the minimum required size. In all other cases + * a negative value indicating the error is returned. + */ +SYSCALL_DEFINE3(lsm_get_self_attr, + struct lsm_ctx __user *, ctx, + __kernel_size_t __user *, size, + __u32, flags) +{ + int i; + int rc = 0; + int len; + int attr; + int count = 0; + void *curr; + char *cp; + char *np; + char **interum_ctx; + size_t total_size = 0; + struct lsm_ctx *ip; + struct lsm_ctx *interum; + struct lsm_ctx *final = NULL; + + attr = attr_used_index(flags); + if (attr < 0) + return attr; + + interum = kzalloc(ARRAY_SIZE(lsm_attr_names) * lsm_active_cnt * + sizeof(*interum), GFP_KERNEL); + if (interum == NULL) + return -ENOMEM; + ip = interum; + + interum_ctx = kzalloc(ARRAY_SIZE(lsm_attr_names) * lsm_active_cnt * + sizeof(*interum_ctx), GFP_KERNEL); + if (interum_ctx == NULL) { + kfree(interum); + return -ENOMEM; + } + + for (i = 0; i < lsm_active_cnt; i++) { + if ((lsm_idlist[i]->attrs_used & + lsm_attr_names[attr].attrs_used) == 0) + continue; + + len = security_getprocattr(current, lsm_idlist[i]->id, + lsm_attr_names[attr].name, + &cp); + if (len <= 0) + continue; + + ip->id = lsm_idlist[i]->id; + ip->flags = lsm_attr_names[attr].attrs_used; + interum_ctx[count] = cp; + + /* + * A security module that returns a binary attribute + * will need to identify itself to prevent string + * processing. + * + * At least one security module adds a \n at the + * end of a context to make it look nicer. Change + * that to a \0 so that user space doesn't have to + * work around it. + * + * Security modules have been inconsistent about + * including the \0 terminator in the size. If it's + * not there make space for it. + * + * The length returned will reflect the length of + * the string provided by the security module, which + * may not match what getprocattr returned. + */ + np = strnchr(cp, len, '\n'); + if (np != NULL) + *np = '\0'; + ip->ctx_len = strnlen(cp, len) + 1; + total_size += sizeof(*interum) + ip->ctx_len; + ip++; + count++; + } + + if (count == 0) + goto free_out; + + final = kzalloc(total_size, GFP_KERNEL); + if (final == NULL) { + rc = -ENOMEM; + goto free_out; + } + + curr = final; + ip = interum; + for (i = 0; i < count; i++) { + memcpy(curr, ip, sizeof(*interum)); + curr += sizeof(*interum); + if (ip->ctx_len > 1) + memcpy(curr, interum_ctx[i], ip->ctx_len - 1); + curr += ip->ctx_len; + ip++; + } + + if (get_user(len, size)) { + rc = -EFAULT; + goto free_out; + } + if (total_size > len) { + rc = -ERANGE; + if (put_user(total_size, size) != 0) + rc = -EFAULT; + goto free_out; + } + if (copy_to_user(ctx, final, total_size) != 0 || + put_user(total_size, size) != 0) + rc = -EFAULT; + else + rc = count; + +free_out: + for (i = 0; i < count; i++) + kfree(interum_ctx[i]); + kfree(interum_ctx); + kfree(interum); + kfree(final); + return rc; +} From patchwork Wed Nov 23 20:15:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054242 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4D2BC433FE for ; Wed, 23 Nov 2022 20:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239751AbiKWUXl (ORCPT ); Wed, 23 Nov 2022 15:23:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237557AbiKWUXA (ORCPT ); Wed, 23 Nov 2022 15:23:00 -0500 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFE92D0DDA for ; Wed, 23 Nov 2022 12:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234756; bh=rYli4IiwIzjJa6Ogek16TJclF9LuaigC5LiyN6c36JU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=d+37kx9g0t08oaqldgFVuMjItCO995Iw4pf0+hK6KV4j0q+bhVPi0jXua8dOxnvsp8VhlvBFHaX2s+yPOt2AKyAYRDIi/G97QQwDrTul3by6hi/45lzEe0qgVdh4J2aKMqLgdPYYP+daFp9HaE/PlaunpPRI2zIXLwTUDRbH7Cm2P9Vry5bpnHc45Om4DaeW6XWCZhP0TxQN8oMrVqwfVIcyi1W5QeEbscvdmZ7rkxbkRKfCzlImxLEIjT0EckEylUsrXhGZvsLm2v9lkuPZcmZcyxCPKbxp5GOQruF6bdm+PaAAPtxwJZ3rEkqThbC4d0jMSwpa5+IIiDzkcQYjHw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234756; bh=PEVyjk1mjUdMgp2ecW2RNt9Wth4VFiQRv8kI9yaHvRR=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=I8amNO0KKrBVUNnnXSVOD1wx9agtDlvMaA+x5uI8LFRerLk57d9UG8DubmU/i8GQ4Jg8zXrdz1sc6Nbl4Hl4Agqf05sLp07qDA2n06MtuV71PGjAiENqJtuOuJpC7fefqj36J6vVk0uu7QdW/khxuMKq1lEVi+GqHpvHSSb1F9V3w+4sHfkygmSwUuYH2y4IkWSs/O6j46StbSjy1p8Y81+ViZ8gB4FR7pyOZLPhugcmvLHeiW6oqxmDKRkc75/yT683aqk4J6Qfmn9h6cw0QY9UJ4RSzNBt8F6XIBhx3bGpHl1Is7baPkYZt5Dbe+a44LuwaGD1ptsbf4pOL9n2FA== X-YMail-OSG: QwpYOo8VM1mCk2slxbhaHI7T17svcQNUJCgWMudQ1UpHe7JsaMPt79Llz6ynbwz MV_nDubcipn0scHEQ.SphucXJswiZa9TetTp9Ln_nFd5KdCRaysOF2fLnmKzzz9_MxCeqmIY2ntq JZ4fuq_PCNlKg1lcgWCF3b_6KpZokjcAsKs9kbl4KcMsP7qOSfOlgITiRg9dR191BOdgXQrRgW_t ze29j9Hoj_ss7EmqKL_t3ZFs20fxTqENgTLov5WGqv_6ROWSfoiJMHPoW05wImo64LGVIEYHMTOl UPc3pky4._WXwh0uOcTr5ASKup7smK8y4yffj4W7gV6.lFMl_hCUEOKD0jdPQfGyPUqOqVTDp2qt o2GEpY_i7jZ0FfDVEN6SKViut2XlZrIfN76R8sz9iTHBqBj.LV13_0awApiulndCJ8ulESjCiGls aL5paGHlJBIwr9ikLK4LGY3nkMnR2c_K55KvE_PW6G9ZbhvceaTLsIuu40A0ngYNtI5LpUJbcfln 3kYciLXKoycEPj.E5nzxSpZZldndE_QypCbSJ_jb3CdqZv8M_LFb4TMs0Bp3UMzXXXIndtPHig.W _YPlEEYKhRtyGgGK39CKPkx2lkRaFHMBDq40nBLHIuRAqZPK0bl0p1Lc7VDSBk3Y2OWA6vRKHQey _o7CR.KWj9zb6lcd0VBE8ojuY6nsGaPzKYeRd0mrduTkVWG8Pb053rchdDLYybv.g3m2fRb.fpjC anYPVmI_r7_mYgywO96nN4N8NadhNj_ZTtcZi5KrCdWwuF8_AmQbNIVrLeS1UcwkADmMnu40p4.W QoXTkPivwSVq5FpSo6NtIGGDfpWG71HEopqP3nwsFGZlhKFaq1k49CoASzZZb83l7WNwrFSUIy.s CA.iwY9QfXPCLj2Sg6s1icxvZT2.OJ6RDs0u119Qw5ErRq7RZrB7ICR9e9sRYSpruTPpyjnJ2UOA Az4VJJyj44ezn6TYUnWk1Dz_jjRTBd5Ie.6ODXBRlKX9eOFCjyQIPy15klERYl80UVNrUQnR3Lfx XwIdLeDvDCqNIuAbzCW3tX9VLth8RbN_FxaFKAMhuicOfdj3OBlkoFL6ndB0Xzw7g5oUBQbyViJb .IpDYWgVq5xtLKZG5VqwLKb6vqqsGGdwbGPy.rOq_3n4h8SZ0r5uDahuUW15ii1JtVGcz2tLMy9m y6P54VP8M3p3sMN9ZqA2YZCHd8GpMccClT.Aa1NhIpyl26nEuBGNRJHGm_mHP2bk20wi9CD7TCaJ bdPPhZLxW.pCInbNrhlQyLtlpK1846UD3qYkxLJYKeFpDu_4sNPkKYGaoEnNtcrfgPqBE75h_8gG jRTSft01nESIx57ksvsc1qInZo9x6iPD0NJePYf5j77UH5rJ0bj0_QY6qM4OmoWGN9L7h33Zx1ET APGEd5IaT.vDI_mHRBDLuxarBh6Jyk_ZXNTjPDq5CO2cNQwJExFODXXfs.Phb6W0mosh2sHIy2yK wufch3FL.AtCztxZZVXBdhCFHywQM3wMXEmRvaM5bbxCbqdgF0GpYT9KpDHwuwp9toqUr96q6rPL xtBEOqQRuAPi8a0yVYSPvkTbHT6mwglkviCSROsUs91P46nLVyaA5b14_4.mm9Se4OhDymBk9.Cv LGrSb1GQNHhWbKYBYVGyggrlZBW1au7sHRoilamqx257x1smWeJNtoziRinUySDcqH1OOXs5ScXw CQMuMcAuv6fLGof082pUZOjYfl8eTm7TuFR4KAvb5.oaR7Aiu4GVk1fe6Zwr2iXU5f3ngkgMjKRz 5Inc4f_2BYBNPvjuvN3LxzEqbtEubx9x_bfhFYQyO1QsR_ANa0wdShBBVs6uMIRk5c8HwGja4MNa Hk4bkldnyINxKC.ppSE2u1HwfJ2G9BQ9GW9YHzUD8DWFYoisbuwK0MtFUBctt3t7WBik5fLeABdY .IKCJ97thX7sAK1eMx3_iPjmCGzFSbVZ8g4Eg7S9Q7v.d8msYMXfWWKmIDsuftQi8VuVejVWYb5Z 8dHDHw49IMXe4soy36T8hSf_zHNuB_9ZN9szfJjz0UMVGv6WzAszdFFdREga8ylN_2E2ZNTYd8UO m8QCgQDjQmpplKHn6fA_26BJBBMh9ZyTtE6sdSGrmR9jYXDiHj.KPe5OUtUh6XT7.GoXIe59v6_D k5Mfep3NhOOT_XRpmZBn51XJVz1qlTZ2qEp1CGBuGMuasq1NNj8r9G57O_vCxjCCcRlil_U3RObZ RZX3HcSiAHPVVRleIt5oMCixEVXUIQPVtvALc_yxtHhEX_kY- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:19:16 +0000 Received: by hermes--production-gq1-579bc4bddd-b8ql8 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 38c80e614aa0809f99b59395af46cd39; Wed, 23 Nov 2022 20:19:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 6/9] LSM: Create lsm_module_list system call Date: Wed, 23 Nov 2022 12:15:49 -0800 Message-Id: <20221123201552.7865-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include chosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 41 +++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 98a0c191b499..e342d75b99ab 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -57,6 +57,9 @@ Get the security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_module_list + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 2f2434adec4a..2411b4043752 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1059,6 +1059,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l unsigned long flags); asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); +asmlinkage long sys_lsm_module_list(u32 *ids, size_t *size, int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 7b2513d5605d..af1fd28c0420 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -264,6 +264,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); +COND_SYSCALL(lsm_module_list); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index c109a0dc18fe..3838cdf66310 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -180,3 +180,44 @@ SYSCALL_DEFINE3(lsm_get_self_attr, kfree(final); return rc; } + +/** + * sys_lsm_module_list - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_module_list, + __u32 __user *, ids, + size_t __user *, size, + __u64, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +} From patchwork Wed Nov 23 20:15:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054243 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD880C4332F for ; Wed, 23 Nov 2022 20:23:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239801AbiKWUXv (ORCPT ); Wed, 23 Nov 2022 15:23:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239776AbiKWUXT (ORCPT ); Wed, 23 Nov 2022 15:23:19 -0500 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95F88D1C1D for ; Wed, 23 Nov 2022 12:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234758; bh=aGqemySTCLk8V0kEN4OiRHHiWHs3EyepJemiGCSQEPA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=s3ciXVOb7Sb0eo6yslbDwgHad70/mC9nSq9nKZ7hRj12Lm5ReR4zF00L99zXIK4THAwpfcVOGCdPBYpAe4uaEceUGNIibLeOwgovkuP0qYvgXlvvK4QzqG6my/jFsRfJ8kJ1dGZAW/pFlP9ezc5qU/3FuFqMbDF8xYR3wpW0I0f6L9Xm57+v+5AGPs4wgge+STWmCZiJnqtH3mFgqBJThJa0L3GxhgbXMdaII1fXOkQTVrlb2jqCQLUqA8dln8UMKY9QBeMYF2BAuS4JL76u23M6t3JtOFwvlwrsD0zLG3XXHfucrwjK+oIf1zp7V9s/ABYVVi9Ws/k/ztXUG0G7lg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234758; bh=LNqFWsspVnudvfFJ7CnOMeJvvy+mq+SWil1ONRSNN4q=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cqLDKY+MDjN43rip8ueuszoFsZ++yVPIPlXJ1LhYyyv4qMuxK5UX7CqCRdpjW7KZU5JkDCN1VrEkfL3r93G8z5WpBhh7LuSwydS55x29DA71DnpObKpla8YDrJ1fNSRPT0zHr076l0DhkVUxpxL8Pf/e5MYrrHtN7s4PDLslsH3wXRzQyo5BGOZRN6RohyUTRc7T6jT3yIsGv4mDOUIZ/c7c25kATDRGi2grbXBwrm8CMkQdzJBqWiMEbYO4MHm6J/7N/5/OxTSAFNR9z3L5N2VW9IcnvffUqVUvjVX31TG5kGsY8+x062yexZWYYhQGrFUp9O9SQqHIBxeN8KYrSg== X-YMail-OSG: rINToh4VM1l_icvkcCoaKyitoXxXeAt7XKGyjvQ4weq.RGUiiHyhT_4ocpVlvpK vYug3rHlVdUyaMM6ZpeFENBUf1EnBhQyokK0hfEoYuLMD5nL__RA4kZ4TDm_euGzPox3BvzQ28Or PpgPt.7Fzmw3ZP_MIcqDvpXoa9ayzmezblp0UU6fOh1w.N3AcB6wrzxQ6olNFRq8J4IXyoTTVbkv 8pbDzrSDy_7ftGXnunvSTisC6GsffW_d2VkJijf9tM7EtqiC8rZI3HKNWjFPqNBX1EsG.IHO6G7J NyniO26MjFpXpavG1MOQCO9DXsE0Yu9x8d9TvTSldmMXgul9tqSg_jUDNTenb9cSh1h0lB1RXPLZ BTNqz9jQ3IcnFhMpyY2flPw7K6PnJRl8QlZ4bX3vwGgcrVauKaOq2lnhN_lGCijmI9cp4qICoDP8 Gr2xF4d4mvVcMUxjJBTcqzpFvMOkAQgD9jfodKTYGJFmhTkn1ub5voIV2psYEzfUE2ePDcEViWve 5gFu6TNAAsrQLQnT3zamlBNgUuKnZ8xj12p6iNTxL5GXQG.o0CdGjNMDTbcHjuLiDddFAE6xgrN2 Z3OZX6P8s7cInlX3PLBSFqYKmoAiG27wSwm4PlfG2LJQZem0hQmAsBSr1z5eq0thPASwKDY0Kg.4 Kunx1Pff3jQQm_zY1PTvNuxb4vtfRc8TH2Ky2Wrib5d79GUcltU5T2NG3n1UP6_STpyIP8z9MCld Ub7zoyA51TMQkXJJYXqtcACRu70Zy0M_wzw132Qc7z5BWNz7uh99s9omcyTnRWhwzQUD8jBzRdpU e3dh.YlYn7V_7YaQm_yfQUCQCldd24szdgzW9JeRqGR7mwcnyF.cXmu50V_y9RUbJK_zguLdTst2 QJRO7owhzVkjX2NUzrGM0HKQcywJllE_gRLFa_FyUEazbvCgE.lLPRbZrdg7M02y9NVr0DOAu2mU 7i70yk_fVHh9jiJ873qwNbKKvbJ9LTQLGhrgh3h8xdZSBm9.DccXR0CG.LSr2TljW7fk4nJxqt04 sZDXcccrWFh4bp7WcyDRKbWDm8EnmyMuEkLGcuISbRDmZktSseD9Eo.eGBUf3jYF8eU4eG.8B930 BJKpPsMGjN.1KNrSu8Tm7ei3G0sHvMEIPyoW8_8fu7QYSmAI6awJ5o8mXqigbHbIWZ9D8nEJS5Yn UqnpSFDOXyI9BXM_fxlF0tWImCPpX56Lgdye24db9bl.Xnlo_ovyLTmKhuf0GjMXVRqZfcnqV.Ut 2mWSYiREitDUM45m9yyf1Vn8Mb8aDodWI_mDPRHwW3.8ZYQkMEraZ1r1vvRcBDa0oMhhZ80nQsUN vujxA9ywuihPVtrxzBgXL22A1tgO_MzaHAUZ63dCpzifKipUwvARBySkDv61L7xu_l9bsgIT1iM9 NUD7kh9VYwCVT8aD7P08GbouXWyh5e2dnkf38_MC.iAH3ewq3B7QfYbXMyC9uxUlP8V2KsSvk_hJ RLHsMFrM7_8L4oRy4t3BgJ.2rekuWBXcfBq8YforWGyxHIABiAeXv9aJuVsqAyKYCVjnZN62YTzp 9i0PF0w9Azz5MTsN_JybXVuq1hMctVR5KTx56jeZpvLnLmidXagqzj_xtzJvJ6w4FNCSp5TyssMT iuw37z0NemeWZZYmTU.hLr4cCZg8oVryAug0GgLMLqD8iOQKaBTCSp3SPrH2Wu4q.OAUAQSUcuVw glaZ3AKAAp2oyzihRCCn1duh0Xn2sXA6US4x.JfMDDSRPCDZsTOpfTxtjgj3CzX9AAacF7_yatWP tw3gO7KkMbqSETVRjfC6s1JvkmLlDjoax493vuW1ode.DnH0r0w3Hi8glVuHeKgqAKFrChueUozb i4AkQyy_08WxVZYezfYQXp1KmW5sLfPFI3NP4k_ML3LRWqyMihewDh0weFlg499N9gsD8l5qUjHj M7TrM0k.b6ZhYjTIkwsLeuy0MeNNFnlrXwQ0cnSgan..W916P38IO66QEWwJ_1FoNk_0Tzt.npp1 PG3WnwQmeDomnx0LBKBJevcHBEMV5v7Z9h_o6IQFjhFGE1TqIVsxIXGs8j2B0VytkOrQ.hLaH3sp P3UYyQXGHAypisiuEz1zL4kS8ZCy0cSids_Rn49wbJIp6NxHgnv_qTzNhQVRLt12OAOH89QnvwLB o57sX9WmJoXGhcFu0jz_.fwJK7FJNBcuVTUG9k7FatMDHzBNQKf1cCsuDs76puA2Uc_CUKTm2Ju5 THUX_pDkKBsNhxiJcT4xryNIO8yICIovKGu70MOI2DYL17YwDlHg6mPj2a.UwoJ5rXUzDou6Wf9Z 18BIUIs7CWq_WA8LzSGeDt.zR X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:19:18 +0000 Received: by hermes--production-gq1-579bc4bddd-b8ql8 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 38c80e614aa0809f99b59395af46cd39; Wed, 23 Nov 2022 20:19:15 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 7/9] LSM: lsm_set_self_attr syscall for LSM self attributes Date: Wed, 23 Nov 2022 12:15:50 -0800 Message-Id: <20221123201552.7865-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_set_self_attr() to set a security module maintained attribute of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. The attribute value is provided in a lsm_ctx structure. The structure identifys the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module, but will always be \0 terminated if it is a string. The ctx_len value must always be strlen(ctx)+1 if the value is a string. The flags field is reserved for future security module specific use and must be 0. --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 2 ++ kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 41 +++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index e342d75b99ab..c7da13801305 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -57,6 +57,9 @@ Get the security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_set_self_attr + .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_module_list diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 2411b4043752..75123c13a55f 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1060,6 +1060,8 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); asmlinkage long sys_lsm_module_list(u32 *ids, size_t *size, int flags); +asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, size_t size, + int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index af1fd28c0420..c3884c1c7339 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_module_list); +COND_SYSCALL(lsm_set_self_attr); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 3838cdf66310..b0dc11e7d3df 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -181,6 +181,47 @@ SYSCALL_DEFINE3(lsm_get_self_attr, return rc; } +/** + * sys_lsm_set_self_attr - Set current task's security module attribute + * @ctx: the LSM contexts + * @size: size of @ctx + * @flags: which attribute to set + * + * Sets the calling task's LSM context. On success this function + * returns 0. If the attribute specified cannot be set a negative + * value indicating the reason for the error is returned. + */ +SYSCALL_DEFINE3(lsm_set_self_attr, + struct lsm_ctx __user *, ctx, + __kernel_size_t, size, + __u32, flags) +{ + int rc = -EINVAL; + int attr; + void *page; + struct lsm_ctx *ip; + + if (size > PAGE_SIZE) + return -E2BIG; + if (size <= sizeof(*ip)) + return -EINVAL; + + attr = attr_used_index(flags); + if (attr < 0) + return attr; + + page = memdup_user(ctx, size); + if (IS_ERR(page)) + return PTR_ERR(page); + + ip = page; + if (sizeof(*ip) + ip->ctx_len <= size) + rc = security_setprocattr(ip->id, lsm_attr_names[attr].name, + ip->ctx, ip->ctx_len); + kfree(page); + return (rc > 0) ? 0 : rc; +} + /** * sys_lsm_module_list - Return a list of the active security modules * @ids: the LSM module ids From patchwork Wed Nov 23 20:15:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054244 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF348C433FE for ; Wed, 23 Nov 2022 20:24:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239893AbiKWUYF (ORCPT ); Wed, 23 Nov 2022 15:24:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239859AbiKWUX2 (ORCPT ); Wed, 23 Nov 2022 15:23:28 -0500 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCAE6D2296 for ; Wed, 23 Nov 2022 12:19:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234761; bh=eGNezGUqI6qnOQo0OwR0DL3q3SV2ptpP4mwAC4YsFkE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=c2aV1ZjFz9s5PcO4qkjcd84r58MzTISFVhciBwHdJW3Xiv68WRhGOUqPYU6sHC7Ykq3j+ZgjduVubZGpE8720NDjBEnc9mW0Q8re+ERSIUHznhFTsdWEH9/sbuEJsUuQVldjtlm0r4M4BMLQRXBxgw4Xn6gzFq7UAKXam9MEjSlCysBy7kFhiYs/aICmvkiGF3s8ENrw5meBSiH+/e7O/QfYx6scWylMmimzx5cI0pQizvqA+w09Z8y/Xo1fluY/k8ffXfeCzeK7Hr22My/nnF67VZeJZ+nt3K/2ckwF4SytrFDS4qCe0jcPiSU+d6AQ5xCiQLwteXStwg1rxuD8tQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234761; bh=X62usNcZLL42sm75slojSWB1U5Z7RUP+/U6Hd/ra/Tc=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=dTlAg4CJTd92wPv/fdwX4Otmd+0fou5FHSBJP/KVGIqZtyh/Xm5p2HZgyqWqFcZir/XZ2V5wyK+xzeVLeLXdfYPPW4vny12LP7r/0aEwgWKklDA7VDQnNfID5jb4Iv/kVCufpMZDCnMjd8HCiVyw7F6hEbepgClp+z5ioEfsIlV6BnkhUlK6KQ1OOod8AjslYJAC6STxpcweB6vSDwjVhnj6IiCRK1EfJN6EBYHdAxvwETVpQrD0T4ZQOAxI6qMd4WkFuFc5WcgZmo4s/s6AS4wEo0G+QCBXtZj6iG+5IysKEN19NzVS0Pi3SJlKHhvaCNg+TrF7STzdaPdtkPEPKQ== X-YMail-OSG: 6eH1owAVM1lrTndoJ3O4gG90bJWzAkN2tJgdveFgqSRo16zs13i_6M92IOlgLxc yr2Bf0AhhV2LQPM_fPTXNuEKnrvULjHUTujEDpNgOPyw6fcUIgZGpXdXbHpUugDHHDEJf.ENV6C7 85CkApoMEyq9gHy2GGBfEovuttUkQ1f9Mb_YNuoQDrqhN8u523XJu8G325z3x_pkgqki6uNZeGIK 0R5pc5tLUv3Sqvdmz2cyZjusJTdG7saWxGTC7QIiH7w6UBmLb.xCzjJ_1Dl8RLFbVWD8MnIbK7Jm cOPeYGgq4x5ENjuL7JwpRHDLpnvCUlPkB5Bs5.c8NYsHY6_StvoKQXMgfvpb2sRTocxm8pbm2A6I 3XrLWAy952yZihYLTm4_N0h37f4920N3Jz4Xieez__cIK_lJPYu1PeVRBUrJXHGqMh0gs9Fw10o0 O1Pbo6qTUJqqDt7QbouJiGPqY_NkDUUDq2v23ZB4kP.cE38F1S0LFdUiphgOoazpnsnVQySuC86W VOeVtly0Z98OkmpSxSXZ1oxaYuJ1VFxFoRZKwdbSNQPfChqnwJ89GnqKn4JLXf9clYcg9S4DOJ26 1wlJvAkeYRumxPL0ooEqsUGvl_iq_4yxfq2p768pZv.wSxHpdGcIMtAFG4OYbtsZ0KID_ePv9RuS GDIMLpgQECMLJwgboJhi3Ppsc4HiAuF7qxC0nXgYvXpar1jdio5NssC8bOEZZwGPxN58xn7oG0CP Iktn0ZC4OoWsislgKEi1_5X4KO29VUAP9RZv23MqgByz0wBFi1B0jrRK5SR.WiRUN9BiUxKUrHTV WXAH9zOBlUDJrYf2RnmnV68i6TO8KIMZBtExU2iJGs3mIxO7BBnglLEvhPL59Jpjej7_KrXxg9Ws kugIwmxIgX3JS6.ZsNyqq9TM2dv_KEzJHNl.1eW8ShSeB0ptsvnpChSeyZZ5u_w_sCYMS0vh6Gr2 KlI0h0Bhvw1YKcPoaj2TKc9Tm93nH7FMM6B7I.NP8WZVT4Au71xr2P42YxUaN6NJH8OaYenQWnr7 ajqMx1FJfqUiWV54gsjU6mcHDCZNh92kuYvoEHNaE2xL6uLVGdp9il3ZY5egQscC2XbW95m9ohPh .Av35V9cx0UGgE1Kji57Qb9rz7_noWbV4yEvxMx8ilbuMXcdCBQ4dL52et3jueMcOJ41XSDWiYpN X.4tIVrWrSYqykMPM2.puh6Pmq2akkbZ1fbfDJYvXnCfszVKfFtrutzxdwGrhzLvbpFs0lITjFhW o_RwdoHsI8NzP4aH6bStnbSUq8yHEmm281PBJOwgzDIu4rwVxFhAlvXj0W.khDoi79eeCVU1g8Ct jUinchkiSsDVYYAXfRr86M2hYTxcJzPBlplLpr7qMd8ETOAA7LnFcp92SVUXj2kJWsWUzd7P56Af Ey9DaMNtA55jCgIEde.mtdPJZ4YRwqAhYv.i5lcGsTwZARqLV6ER4rpeHvrbZlq_ab.LOjjFZoBH OjXgmJWrTgi0lDQsyF9YnOm6ZatQ5dA_29IXg4GXXyBJdDdsJYfn9jiIvBq.PFeMpu5OG98opNfj IZj_vDZPXjrWHiqCMxJRAegR460fVeR_VyX1rXx2mvLiIDISKlwW1DvQwmV12PMRQuiA_exkqvhQ RGcc0NVTCrD9KcvcSpDbysQjvKj83EbOhZq9IQQUCNw9nG7FrvbcbJIzPmLR0wHEdttu2hQhK1zO zzHmR6NYI9rpgDCfHwS8pTEIJAN4nT2WFY7NwgaKovWb_mEGDA.DjzkIscGCuEwGBRezzzFhioWX cIFfNyKQ9cmQ60V1g.YkdGVAEFhHL5aBjq0gjmfa9W37gAkYoBIzxi4.eikbDOTj6T7ZtYGaBWjL 65_QruCLbl6HEKWxT.pK.BJzZ.HvHhZTOPX774W6PzNP1xayzLW..j1mO9JuWLPcnXMfax7mxoiO qwdVS6_sdXPdBm7E60f2i5f5xtCtfDcIzIoKMs2C0t2xZ4cX5vPS3098eMH8KNFNM28dkptgBBOe YUMFXg69jxjdioYUcKV.d9Wr14mPQfGQO7272nBziZPQeFGyUBDioWMuXk.sDq4ez.z0xud73_B2 lduFNmLi7C5ViNryeEQm8qbtT80Ww1M9dM2wZPg.VRJ2bT4STCaLNFAt51.60rGtAO5Im_9OYidc zKCLP4tHFA7maQkIyf5xdYTQjAilUobqMZK3Rv3T5EPFzV4S5GP_zd.xwNYNeicsY.BK6cLK9y2C yVuCobtbi8gwQu7EqjupOQOnhUT_j4h833aurnUFhaT_tOfk- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:19:21 +0000 Received: by hermes--production-gq1-579bc4bddd-b8ql8 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 38c80e614aa0809f99b59395af46cd39; Wed, 23 Nov 2022 20:19:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 8/9] LSM: wireup Linux Security Module syscalls Date: Wed, 23 Nov 2022 12:15:51 -0800 Message-Id: <20221123201552.7865-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Wireup lsm_get_self_attr, lsm_set_self_attr and lsm_module_list system calls. Signed-off-by: Casey Schaufler --- arch/alpha/kernel/syscalls/syscall.tbl | 3 +++ arch/arm/tools/syscall.tbl | 3 +++ arch/arm64/include/asm/unistd32.h | 6 ++++++ arch/ia64/kernel/syscalls/syscall.tbl | 3 +++ arch/m68k/kernel/syscalls/syscall.tbl | 3 +++ arch/microblaze/kernel/syscalls/syscall.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n32.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n64.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_o32.tbl | 3 +++ arch/parisc/kernel/syscalls/syscall.tbl | 3 +++ arch/powerpc/kernel/syscalls/syscall.tbl | 3 +++ arch/s390/kernel/syscalls/syscall.tbl | 3 +++ arch/sh/kernel/syscalls/syscall.tbl | 3 +++ arch/sparc/kernel/syscalls/syscall.tbl | 3 +++ arch/x86/entry/syscalls/syscall_32.tbl | 3 +++ arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ arch/xtensa/kernel/syscalls/syscall.tbl | 3 +++ include/uapi/asm-generic/unistd.h | 11 ++++++++++- tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl | 3 +++ tools/perf/arch/powerpc/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/s390/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ 22 files changed, 76 insertions(+), 1 deletion(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 8ebacf37a8cf..002e6a39fcb1 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -490,3 +490,6 @@ 558 common process_mrelease sys_process_mrelease 559 common futex_waitv sys_futex_waitv 560 common set_mempolicy_home_node sys_ni_syscall +561 common lsm_get_self_attr sys_lsm_get_self_attr +562 common lsm_module_list sys_lsm_module_list +563 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index ac964612d8b0..dca80a2d3927 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -464,3 +464,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 604a2053d006..cb4b3149024d 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -907,6 +907,12 @@ __SYSCALL(__NR_process_mrelease, sys_process_mrelease) __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_module_list 452 +__SYSCALL(__NR_lsm_module_list, sys_module_list) +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 72c929d9902b..1a5d560a1317 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -371,3 +371,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index b1f3940bc298..0b7b01c90315 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -450,3 +450,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index 820145e47350..b69d57014c7b 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -456,3 +456,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 253ff994ed2e..7c1ca6241b90 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -389,3 +389,6 @@ 448 n32 process_mrelease sys_process_mrelease 449 n32 futex_waitv sys_futex_waitv 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 n32 lsm_get_self_attr sys_lsm_get_self_attr +452 n32 lsm_module_list sys_lsm_module_list +453 n32 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 3f1886ad9d80..99453966d179 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_module_list sys_lsm_module_list +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 8f243e35a7b2..4ddb0ff66793 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -438,3 +438,6 @@ 448 o32 process_mrelease sys_process_mrelease 449 o32 futex_waitv sys_futex_waitv 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 o32 lsm_get_self_attr sys_lsm_get_self_attr +452 o32 lsm_module_list sys_lsm_module_list +453 032 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 8a99c998da9b..ea5ca5f70cbe 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -448,3 +448,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index a0be127475b1..8d31bb83d6a2 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 799147658dee..bb7597be2e4f 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 2de85c977f54..43d468742916 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4398cc6fb68d..c7791c7bdde4 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -496,3 +496,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 320480a8db4f..4f2e6577466e 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -455,3 +455,6 @@ 448 i386 process_mrelease sys_process_mrelease 449 i386 futex_waitv sys_futex_waitv 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node +451 i386 lsm_get_self_attr sys_lsm_get_self_attr +452 i386 lsm_module_list sys_lsm_module_list +453 i386 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..3a7866f72042 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index 52c94ab5c205..e0a5b61c1f1a 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -421,3 +421,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 45fa180cc56a..3659b2b02f5a 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -886,8 +886,17 @@ __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) + +#define __NR_lsm_module_list 452 +__SYSCALL(__NR_lsm_module_list, sys_lsm_module_list) + +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) + #undef __NR_syscalls -#define __NR_syscalls 451 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl index 3f1886ad9d80..99453966d179 100644 --- a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl +++ b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_module_list sys_lsm_module_list +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl index e9e0df4f9a61..bdedea2aa778 100644 --- a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl @@ -534,3 +534,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/s390/entry/syscalls/syscall.tbl b/tools/perf/arch/s390/entry/syscalls/syscall.tbl index 799147658dee..d69bd5550b46 100644 --- a/tools/perf/arch/s390/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/s390/entry/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..3a7866f72042 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently From patchwork Wed Nov 23 20:15:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13054245 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E695C4332F for ; Wed, 23 Nov 2022 20:25:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239871AbiKWUZm (ORCPT ); Wed, 23 Nov 2022 15:25:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235322AbiKWUZX (ORCPT ); Wed, 23 Nov 2022 15:25:23 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF5ACE0B6D for ; Wed, 23 Nov 2022 12:20:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234857; bh=LSlk9lF4xLYhvPsYXu95SiO4X2rzjX8vefAC2PmXp6A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MFcRzS91Dlc7ZRZsvJz4WaqRe5DqwwiVxngx1PmgiNBCcPXFoy2mxvnzZX9+bzOpIPfgx+os9YFCjq7SrSnu2pwXqyVzmH2dGEZ1qpxa0fRXUYMQgFxH/PnuAMr5Yhm7BWKWfXOY4jC8zWkdWNIlXSpeRGomat2Ywa2nRJptWkpiCWO+8ccqFMoPR6HU2EySAkL7jX/Phl/YdtFN4qnY/26xCAB3zP5gzNNz2cD2uyfIV2GteGt6MG4Yj433LsGlFHJRiUNVY/m6RQqU6h8UptboDjiOEq17KWl1ft9e1hEoD3fSNLY6dkp1SxV+cswPGj7iRRIvW6wRLBCLhwT0gQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1669234857; bh=izIF+VMhm9UvzanUTdoevUmzvGaIZ6f2upBCS0MGyds=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=D3ZUOMzZ2/4vFJI0Q4iZrO6XDJrYFYbj6RbaTqXwWI25/yAbgVHiz1gMNIGHh7ngopBdXVI92NWT6es2kQR7ksxlnpRNAuJkd3O/aGeIFkUTPkfhmewKrNGnwEBUrDvj+LWu5cbi7HjSHlyJEFuY5FFoZ2bfosMJOiLzxbYCR/WcdQsXUErUXRHFPM2/cJnqOjlRi8O9jPXCFE6LAcloAWcY/N+xjmJiYGfyBWYeSlGMjGddnk26KMCYyjy404zyOIMUrQjrTUPpvPluDHiAU6vJ69rcHfcyiQNwFDeBYqe3NXCEFNuNU/hC1Squ6j/RIrRARRIgECruFfwJsYG39g== X-YMail-OSG: epC3H7YVM1nY9I6JtS5l_2._V6FpZhzhT1Sl1b3gVsArWaH7lbQp_33T0TqMbwP aePIpbGg7ZOGRQyiTmU7K5twkp10_G2hsKGgfuddqcokpBl52vUdn3BZb6mKjMtdNpvk4kN73RJV BGZDvoSSmoLChfYINkaNxMfP8UUhRb7IYZHWMtXL.4MA3.Ab3K33kjI91MOfk439PDOpH47lm1fe iaAMhBk7MTYKqRJKbzVo8KiMqFq9T2K2lMBUn4bYcxTIY0FuUpbj4k4g0v4QXM_J_wMgKrog3puO PbyQf55.b5ybOIWJcPyHfLhpU17IGf7OAzrqWVEwsqFjzx0v7mqnhOlfA8TQ1BJgQybgYujcmxxk S76eV2iMM3SW7CVS4Su6tO8UA6Ax6bPOXY2OSWRR3_Pri5X_IKPHpFOKaZA7D0g.WOhHK7JZQWFq ar0MTRYsmyBtfybKMy5LSh6Aud4MaBg9nwleI3Gkukj8oImB4fw1ZMfepFf.1rcG1S2DqjwOakW. TJC_roRXV9AwJkkDTfT7yubPaqOYwfXpLdPVsj.T1j480TSPWPYy0rF1hDkG1sXum9DR40qUo9a9 GctG4Kjy2faT9WS_id7N1FL195vM7LIkR19.7L6sQHrj.wzG4z1A7oEvJA8ToBkNur79ZzOPhT6p 5ZXavHf8DtUZoLHBvWXdBTgTLVpHIXkyMktMh4TuYDmpHJojmCTyan_2o2wKeYpwFOE4FOaZikL8 7CbfcAd.WniWKBK1dw5SgDnvQ7R.M5aAD6z2Etdn0PcqDgRBHvwgebAxzAtnmSrGIX86CWHIhEGe BJGQSEfgvipLTXV1PaRPrp0xHEvj16l0oC65YjtfbOQFmT3SwL.Q7o2f5lJVchFtnxODShEnZEOc 7IeNO1Eke9qLCEVVeZvnQ78wson9ivQgHBK3oFBSAjDf6gRL0CwnI6z2hw9XHKQKm7zho.uA83Kh .J2nZQRf8NuV9avITIW7nlQ2WLHPHvEvRGXvtjj80m4Uz0hAt2SUkKkrSqSVsca9VWpxrZpQzvYF PqY19..zZZMTbGbgFRuhkIFnQaSm_2n5dno5VMqyo_7L5Lhpw5BZc1MD57ZEIeaLFH4S2kRVtlaE 8erM2jp5M2TsteooynH3sKpsWgWmT_bkn0QlP83u4rrabx6_EpfjnqAkwdWP43gLjZdT6d5R1b_A Wn6x7nEEJuXZvMEw2C02x0sJyGyqYUQrm9.MNwggtNWAd.WbDTp0TSTKxBAbEkuj5cJq0vt_uhOF 1_HkZ_eXukPEIVoJyf2M7q0fFAtjzkHxk1BLkYCCslFUR1HbWEEwl2tgCGKOCZC7vSCLXDhDrOUV dEBr39MBoGBGh4zFZEdmwgt.h8Gakj41MrEZGAt54eUOPS1T9MC8EnrC75N78DkiaClbC0m6IoTj bOnuHEfEyQ0jqVYW7Ugf0jo8tbquGE_XCqb6wk69UvgV4cufok3vkleW55Ah2d5z6ZdfrKq..vkp wcYsFzxPJBOAPjZnmtNgwvPyr8KmdvnN9ZKa7X2.osLtFE4QoIsHsPikhdraL21nHEwAWE1Zq_nB Oc107_dyYVWQpb._2SQdCKHBGXncNnzlMWsB8lKPf4PaA3UDwO6TEShaOJtj5njA7XuKr9aIAgmD bwd34.bMQw6MPJxxtLHhxx7OE12mK9lI1zieEVY1ItQI8FDSJ5ZVWz8UrD.PHqmB2DgZBi1fGn2f nNcCOSQWm4hx7xRBrtDcCM3Ehq.UdqWFV9hwMvjPZGVGwwTnyTwaRU9dws8VNNeILLhhJizxTF9G PePZQ98Hyo5Gege5CHAp3BXksOpBXrBkMlT4W8qe7fap3IaNAZcCdMhYSbQIiTcgqxG78Po.2r8E rlZrc0vR_9o6jsgKYqPnyuA1F3Up_15x7XKPJ6BKPuZGCFK10e_KqupVusrEw3HRAfxu2cyZsDAY vqsJ8us9QG1AmkbencDdNXiBKaagZYjj81vNrnk_h0pptKGI0h3o5a3F_RG6RZR7C06JQXKPAqi3 FnM0Speo0WQ05F9879s7IqO5TEeADOfCeWhiYEGV8x3.IuqUfrGbgum_91MRBYhwZbxAcT2dK1Wm XGmp9MvN8_99hbHC_9wu0TZ56r.NptMZWLhlOx42WlfiA5D0XUHuk.fS5peIfdhS5brNgTk947Kz nYBtcyETAeG6bLxJPKvyvvn15jkUsWCLV0fSiNdlx5vmvPduQmUqb0DLMDkO8y7JUrLvtvsT5ERt R0MMYnMa2hL6WIM8lsEHHefxGY.hoK6j5XXvpkORg0KSJcXKs X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Wed, 23 Nov 2022 20:20:57 +0000 Received: by hermes--production-bf1-5878955b5f-xc4c6 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID fb1d64975d777c0bae103a551a2614c4; Wed, 23 Nov 2022 20:20:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v3 9/9] LSM: selftests for Linux Security Module infrastructure syscalls Date: Wed, 23 Nov 2022 12:15:52 -0800 Message-Id: <20221123201552.7865-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com> References: <20221123201552.7865-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add selftests for the three system calls supporting the LSM infrastructure. Signed-off-by: Casey Schaufler --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/lsm/Makefile | 13 + tools/testing/selftests/lsm/config | 2 + .../selftests/lsm/lsm_get_self_attr_test.c | 268 ++++++++++++++ .../selftests/lsm/lsm_module_list_test.c | 149 ++++++++ .../selftests/lsm/lsm_set_self_attr_test.c | 328 ++++++++++++++++++ 6 files changed, 761 insertions(+) create mode 100644 tools/testing/selftests/lsm/Makefile create mode 100644 tools/testing/selftests/lsm/config create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c create mode 100644 tools/testing/selftests/lsm/lsm_module_list_test.c create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index f07aef7c592c..ee7e93bf956d 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -36,6 +36,7 @@ TARGETS += landlock TARGETS += lib TARGETS += livepatch TARGETS += lkdtm +TARGETS += lsm TARGETS += membarrier TARGETS += memfd TARGETS += memory-hotplug diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile new file mode 100644 index 000000000000..601974fdd9b8 --- /dev/null +++ b/tools/testing/selftests/lsm/Makefile @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# First run: make -C ../../../.. headers_install + +CFLAGS += -Wall -O2 $(KHDR_INCLUDES) + +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_module_list_test \ + lsm_set_self_attr_test + +include ../lib.mk + +$(TEST_GEN_PROGS): + diff --git a/tools/testing/selftests/lsm/config b/tools/testing/selftests/lsm/config new file mode 100644 index 000000000000..afb887715f64 --- /dev/null +++ b/tools/testing/selftests/lsm/config @@ -0,0 +1,2 @@ +CONFIG_SYSFS=y +CONFIG_SECURITY=y diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c new file mode 100644 index 000000000000..6f7f72c25cda --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c @@ -0,0 +1,268 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_get_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +#define PROCATTR "/proc/self/attr/" + +static int read_proc_attr(const char *attr, char *value, __kernel_size_t size) +{ + FILE *fp; + int len; + char *path; + + len = strlen(PROCATTR) + strlen(attr) + 1; + path = calloc(len, 1); + if (path == NULL) + return -1; + sprintf(path, "%s%s", PROCATTR, attr); + + fp = fopen(path, "r"); + free(path); + + if (fp == NULL) + return -1; + if (fread(value, 1, size, fp) <= 0) + return -1; + fclose(fp); + + path = strchr(value, '\n'); + if (path) + *path = '\0'; + + return 0; +} + +static struct lsm_ctx *next_ctx(struct lsm_ctx *ctxp) +{ + void *vp; + + vp = (void *)ctxp + sizeof(*ctxp) + ctxp->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(size_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, NULL, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); + + free(ctx); +} + +TEST(ctx_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, NULL, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(ERANGE, errno); + ASSERT_NE(1, size); + + free(ctx); +} + +TEST(flags_zero_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, 0)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(flags_overset_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT | LSM_ATTR_PREV)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(basic_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx = NULL; + __u32 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + cnt_current++; + break; + case LSM_ID_APPARMOR: + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("current", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_exec) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_EXEC); + ASSERT_GE(cnt_exec, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("exec", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_fscreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_FSCREATE); + ASSERT_GE(cnt_fscreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("fscreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_keycreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_KEYCREATE); + ASSERT_GE(cnt_keycreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("keycreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_prev) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_PREV); + ASSERT_GE(cnt_prev, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("prev", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + } + if (cnt_sockcreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_SOCKCREATE); + ASSERT_GE(cnt_sockcreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("sockcreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_module_list_test.c b/tools/testing/selftests/lsm/lsm_module_list_test.c new file mode 100644 index 000000000000..c5675598b2a4 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_module_list_test.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_module_list system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static int read_sysfs_lsms(char *lsms, __kernel_size_t size) +{ + FILE *fp; + + fp = fopen("/sys/kernel/security/lsm", "r"); + if (fp == NULL) + return -1; + if (fread(lsms, 1, size, fp) <= 0) + return -1; + fclose(fp); + return 0; +} + +TEST(size_null_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, NULL, 0)); + ASSERT_EQ(EFAULT, errno); + + free(syscall_lsms); +} + +TEST(ids_null_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, NULL, &size, 0)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(syscall_lsms); +} + +TEST(flags_set_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, &size, 7)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(syscall_lsms); +} + +TEST(correct_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + __u32 *syscall_lsms = calloc(page_size, 1); + char *sysfs_lsms = calloc(page_size, 1); + char *name; + char *cp; + int count; + int i; + + ASSERT_NE(NULL, sysfs_lsms); + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size)); + + count = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, count); + cp = sysfs_lsms; + for (i = 0; i < count; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_CAPABILITY: + name = "capability"; + break; + case LSM_ID_SELINUX: + name = "selinux"; + break; + case LSM_ID_SMACK: + name = "smack"; + break; + case LSM_ID_TOMOYO: + name = "tomoyo"; + break; + case LSM_ID_IMA: + name = "ima"; + break; + case LSM_ID_APPARMOR: + name = "apparmor"; + break; + case LSM_ID_YAMA: + name = "yama"; + break; + case LSM_ID_LOADPIN: + name = "loadpin"; + break; + case LSM_ID_SAFESETID: + name = "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name = "lockdown"; + break; + case LSM_ID_BPF: + name = "bpf"; + break; + case LSM_ID_LANDLOCK: + name = "landlock"; + break; + default: + name = "INVALID"; + break; + } + ASSERT_EQ(0, strncmp(cp, name, strlen(name))); + cp += strlen(name) + 1; + } + + free(sysfs_lsms); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_set_self_attr_test.c b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c new file mode 100644 index 000000000000..86f8a5952471 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c @@ -0,0 +1,328 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_set_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static struct lsm_ctx *next_ctx(struct lsm_ctx *tctx) +{ + void *vp; + + vp = (void *)tctx + sizeof(*tctx) + tctx->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(ctx_null_lsm_set_self_attr) +{ + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, NULL, _SC_PAGESIZE, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); +} + +TEST(size_too_small_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, ctx, 1, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(flags_zero_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, ctx, size, 0)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(flags_overset_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + struct lsm_ctx *tctx = (struct lsm_ctx *)ctx; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, tctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT | LSM_ATTR_PREV)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(basic_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx; + __u32 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + bool active_apparmor = false; + bool active_selinux = false; + bool active_smack = false; + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int rc; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + active_selinux = true; + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + active_smack = true; + cnt_current++; + break; + case LSM_ID_APPARMOR: + active_apparmor = true; + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(0, rc); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_SMACK: + ASSERT_EQ(active_smack, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + } + tctx = next_ctx(tctx); + } + } + if (cnt_exec) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_EXEC); + ASSERT_GE(cnt_exec, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(0, rc); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_prev) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_PREV); + ASSERT_GE(cnt_prev, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_fscreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_FSCREATE); + ASSERT_GE(cnt_fscreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_FSCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_FSCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_keycreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_KEYCREATE); + ASSERT_GE(cnt_keycreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_KEYCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_KEYCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_sockcreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_SOCKCREATE); + ASSERT_GE(cnt_sockcreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_SOCKCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_SOCKCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN