From patchwork Mon Jan 9 18:07:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094056 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E884EC6379F for ; Mon, 9 Jan 2023 18:09:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237339AbjAISI7 (ORCPT ); Mon, 9 Jan 2023 13:08:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237671AbjAISIf (ORCPT ); Mon, 9 Jan 2023 13:08:35 -0500 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF04E61329 for ; Mon, 9 Jan 2023 10:07:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287649; bh=/6zPRKG8mL9gYKmqrvdA1O5rS7rSYd9dONZwKQ/LTMk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=VtOjalPSvgE/s5doOfIY60GSCzOrZhjsRtprtvLIfey7Byqj4d0U8GdITysiGm6EL35iSkkF8Mma/uadwCm7qmIQykKSvvJDQ2V8ZqTka7LYaojP6WFOfHOJFsa+7rRDQh3aF2jQ3E4iOMwPqCfAxZlcYNKib3e0uKKYTQ4ZIRqC+87IQ6lcyY+opL/LQPn4gRLr/iUeedeMdyGy5TcTfSsZyvenwln8VTezmF/xlfqUM/mHIkw5bX0guenMEWEIhbFh7E+MYn3GGw/fXr0PIKauT/d7dLNzP6tEeEX0d5F2DPtrAYoUpi3O4jP3zhD28wAfHazgvXpIySgCqMlA7w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287649; bh=jOJEeC8VSk8y59xSoU+lS5J/CPXD01JxT77ELy1RLn2=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Mo47G61QtG80/EmY3e/AttONbZCbzNNfI5886bV+1WTz9Z3cDqPbSpCWuaPqCqgJ8KQ9MVTYTG5SO2EXtZ522G2MSZw8VfbgoU4HlFOws9kFfea262IFwToQJAxCyuft8lRFkuDjyj/PXkVnM/u05hshBgXdccVcn3bFgXn2SEVAMsmC5p8mSt0mpdfmuCNMT3vUXtKPumQL+fGoj92MSfltsTLn2TkSw0prAK71GLj7EXhiSPE1cqv8EsIYA+064EvEny0RoCjTJ+wj3/LRnexYI4Wn/LxzaC3W6J2V37ctK9i/SChW687QsfiH/ECqbv8pLK9cI/eml9Y//Dn79A== X-YMail-OSG: thTwZ.sVM1m2GiCpy75PmFkHIdtZCBzEVQmVus9akt_007LYCFBGvkvbidxodSS Nzj41OTKcwkxJVkXBu8_RGDJefLIPSG3nPvWV76uuf.LEANHUd50qz_jccASH2tOEkGPpjioGJT8 T9LzMBt1eJq8U9zwDUXnnGjLv7e_GOj1OKDjG5pSGRxAeYI4TJaevCWwACRNCOyE5XSmbtqfMeXY nPD7Qavu6kJHS3rTyo7oYe2.MWIlVMMCW0xiy7WpBc9ZGvWXqHKCAP.M8JqnZiBpxgCokOEKAsou pYBDH_hlEG62jw4Mgln1GuNGuozA7_afai8meiLCmUO6W_JSUy2Jw2X90CI9mlkDeIiA3LsNdVbR ivHte4FLo0cw7spzOAZB0tT1FVV87OdLtdFr1mnkI9bQkL9mvnbUhLgj4ZY6AqXtDVLwFnK_6h1H 6UnZM_DoSlIKIGkn7CdzvYRNC0jC_RtPTp6UOeaVZdOQ_2Qdmqw0_K9X585UOcK5VlSxE.h30vV2 xRV7dReJGIUzjnHQYBbrFzjXtb3614XRtBjlFygRNZLyQoPUKHMb5aaZr0omippoiEO5W.z3_jv1 1lDwOmzGZe46aGQQHmMHk8cr0UsJxTJZJ.kBUTsxTp8dkciEWfczLS87zI6V2Ss1uGjvbVzYYsld L0Bg72msxFRepFqKU_SO3YHuEhC81SY47dgtKTyBMHJygbq8yVv6sWjr_0.klNs5JEypitCtU6ya ZluR4NkDNt6sxsqg7UScHwnCEESiCh3xtnU845.AFsY5cr7zSZfSq0stYMPANhf9ZTa6s6Gfuej_ PfsfjoJ9ciczm.GxhMyw0VHjNU_6YQsK4jmdfF.htR4OoWko6tcJI_zJgayR.H60kfQDeCdCO76u OrgbuF06ZoXgb8RttxhBsbJ4JSR3zbVLx2bDW1sX3UiI6m46zpB6UMig0sCo.q31v9p1Gq2tDBCH 6Lg36NKuwxORMJ1aiB5wvhZz785R1GpOFIW3BcQsy0rJal2Pz5LcRCaEBJ4eNWHB7Ct.zHfYBpVf 0T4ObN6UVJyV6.N.jE8ynUHE.K_KIhcTxTMakDYeAF9PADQwvaEC707mobKtqOdVoPnMHqpcXgV8 JygWoW1_2zV1FNChQaLYzGHZcWQORGjYN3i7tYuOLhmJg0teHInfxwJOU2rQHVqFw7HLkyn73WyC vF8BJgL7UiuawMJyDLC1P83qufsYCD_R9HLe9fpTUF8sLFrdN0dkS4w7SSTLgaOH.MihK_XXFB0c r5emDieF86g7FqgsWV4pScRHVqBI.r9hZznuRCgQKEJhkVATYdHmUfkQag8btYHEDoShMgR6kmTm WE_v2CdB8u29Nww8dM.VbXHJE0ck9TgrJqmhA8P.ohivc4Hbjt1s.jmQWRezg9yScY68U8iZWzdS _RRCiEgWb9mIciWgbnYB_U3Vste_4VVwj1uxwyya_7wNYQldkjDoD_UD2ZK1hHDdGYqG2qu6Ev_F .9GoPfTvpL3YwROyEXBHvHRkUqrZg7.iPndcytB549IrU.U_tSluUI7yC.vDrn4Rw.hwESMXxdbo bjbTktteGRr964v0k_egpQWVZSXlFSoM7vP14n5E__hX.XFq5TL2FtyQpMmKxIh0yQsRQ798D3lp NSqE8HFd_jK3uKAQ2zP_tdGtoruGIXqStBY.JERLPj4YTpYBLEG8r2YQmCwdQq8VL.90.TylsFlx HOGskxGIMXzJEFvZF3g5RPxGqTkILq9TFYpKy.eK8DzNLpi9UnSaVycCXJmOwLFvzrtfj0xJWE3J Cu_rSybvH9xPM1lnsxJn4TU.GvQ.xQ7dATPtTWpUlthFScRLsxkaqPIyyymwUtxRMgZtUUYowOUU g_dTkOXLrOFDPjG7WDJaJAb87NnYTzrfDhff5zgF93qZrge7zJ.hj0sqgQrDEnpxtPWlU.am5D1r 6ehvwgTYJpjC.GirdbDsjaa1YvcJkhRnWEjRTiiPPk6CPuttmaVSP8AeWKsp5jGkdmVAO65pdi7F ZAozZ_IkfvdaoOniAU8.V5TDyY8P.Jrzukr5Vv96bBhs6XgFyLA.hL2vGOufY8dk0.L9MderPx4Z _MMFo227J3AByJq0QQkoEcXm2CLlXyB.dEN1Az3Kraj4YvvNSfYS.RqRIdX6iEylBoviQmO6KN_Q 8gsVwBWrhlyaKzWqWzOSk1gRSqneX3oiDdCN9BvXGtpZ8NDG4QIY6BllmLZdVvBFQcWeEgcTZ4j_ 5pf_kTzVpQTIN0eH2FxcHalWNasppbipuSxACNsuCaw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:07:29 +0000 Received: by hermes--production-bf1-5458f64d4-46wzk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID aae4f9f8595ff7b5b642ca19e86fc157; Mon, 09 Jan 2023 18:07:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 1/8] LSM: Identify modules by more than name Date: Mon, 9 Jan 2023 10:07:10 -0800 Message-Id: <20230109180717.58855-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains the name of the module, an identifier associated with the security module and an integer member "attrs_used" which identifies the API related data associated with each security module. The initial set of features maps to information that has traditionaly been available in /proc/self/attr. They are documented in a new userspace-api file. Change the security_add_hooks() interface to use this structure. Change the individual modules to maintain their own struct lsm_id and pass it to security_add_hooks(). The values are for LSM identifiers are defined in a new UAPI header file linux/lsm.h. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. This is an arbitrary convention for assigning the values, but none better presents itself. The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. This may include attributes of the LSM infrastructure itself, possibly related to namespacing or network attribute management. A special range is identified for such attributes to help reduce confusion for developers unfamiliar with LSMs. Signed-off-by: Casey Schaufler --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++ include/linux/lsm_hooks.h | 18 ++++++++- include/uapi/linux/lsm.h | 55 +++++++++++++++++++++++++++ security/apparmor/lsm.c | 9 ++++- security/bpf/hooks.c | 13 ++++++- security/commoncap.c | 8 +++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 ++++- security/lockdown/lockdown.c | 8 +++- security/safesetid/lsm.c | 9 ++++- security/security.c | 12 +++--- security/selinux/hooks.c | 11 +++++- security/smack/smack_lsm.c | 9 ++++- security/tomoyo/tomoyo.c | 9 ++++- security/yama/yama_lsm.c | 8 +++- 20 files changed, 226 insertions(+), 21 deletions(-) create mode 100644 Documentation/userspace-api/lsm.rst create mode 100644 include/uapi/linux/lsm.h diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index f16337bdb852..54c0f54cde89 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -31,6 +31,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + lsm .. only:: subproject and html diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst new file mode 100644 index 000000000000..6ddf5506110b --- /dev/null +++ b/Documentation/userspace-api/lsm.rst @@ -0,0 +1,55 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. Copyright (C) 2022 Casey Schaufler +.. Copyright (C) 2022 Intel Corporation + +===================================== +Linux Security Modules +===================================== + +:Author: Casey Schaufler +:Date: November 2022 + +Linux security modules (LSM) provide a mechanism to implement +additional access controls to the Linux security policies. + +The various security modules may support any of these attributes: + +``LSM_ATTR_CURRENT`` is the current, active security context of the +process. +The proc filesystem provides this value in ``/proc/self/attr/current``. +This is supported by the SELinux, Smack and AppArmor security modules. +Smack also provides this value in ``/proc/self/attr/smack/current``. +AppArmor also provides this value in ``/proc/self/attr/apparmor/current``. + +``LSM_ATTR_EXEC`` is the security context of the process at the time the +current image was executed. +The proc filesystem provides this value in ``/proc/self/attr/exec``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``. + +``LSM_ATTR_FSCREATE`` is the security context of the process used when +creating file system objects. +The proc filesystem provides this value in ``/proc/self/attr/fscreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_KEYCREATE`` is the security context of the process used when +creating key objects. +The proc filesystem provides this value in ``/proc/self/attr/keycreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_PREV`` is the security context of the process at the time the +current security context was set. +The proc filesystem provides this value in ``/proc/self/attr/prev``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``. + +``LSM_ATTR_SOCKCREATE`` is the security context of the process used when +creating socket objects. +The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. +This is supported by the SELinux security module. + +Additional documentation +======================== + +* Documentation/security/lsm.rst +* Documentation/security/lsm-development.rst diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 0a5ba81f7367..6f2cabb79ec4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1665,6 +1665,20 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/** + * struct lsm_id - identify a Linux Security Module. + * @lsm: Name of the LSM. Must be approved by the LSM maintainers. + * @id: LSM ID number from uapi/linux/lsm.h + * @attrs_used: Which attributes this LSM supports. + * + * Contains the information that identifies the LSM. + */ +struct lsm_id { + const u8 *lsm; + u32 id; + u64 attrs_used; +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1673,7 +1687,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1708,7 +1722,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h new file mode 100644 index 000000000000..61a91b7d946f --- /dev/null +++ b/include/uapi/linux/lsm.h @@ -0,0 +1,55 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linux Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID values to identify security modules. + * A system may use more than one security module. + * + * A value of 0 is considered invalid. + * Values 1-99 are reserved for future use. + * The interface is designed to extend to attributes beyond those which + * are active today. Currently all the attributes are specific to the + * individual modules. The LSM infrastructure itself has no variable state, + * but that may change. One proposal would allow loadable modules, in which + * case an attribute such as LSM_IS_LOADABLE might identify the dynamic + * modules. Another potential attribute could be which security modules is + * associated withnetwork labeling using netlabel. Another possible attribute + * could be related to stacking behavior in a namespaced environment. + * While it would be possible to intermingle the LSM infrastructure attribute + * values with the security module provided values, keeping them separate + * provides a clearer distinction. + */ +#define LSM_ID_CAPABILITY 100 +#define LSM_ID_SELINUX 101 +#define LSM_ID_SMACK 102 +#define LSM_ID_TOMOYO 103 +#define LSM_ID_IMA 104 +#define LSM_ID_APPARMOR 105 +#define LSM_ID_YAMA 106 +#define LSM_ID_LOADPIN 107 +#define LSM_ID_SAFESETID 108 +#define LSM_ID_LOCKDOWN 109 +#define LSM_ID_BPF 110 +#define LSM_ID_LANDLOCK 111 + +/* + * LSM_ATTR_XXX values identify the /proc/.../attr entry that the + * context represents. Not all security modules provide all of these + * values. Some security modules provide none of them. + */ +#define LSM_ATTR_CURRENT 0x0001 +#define LSM_ATTR_EXEC 0x0002 +#define LSM_ATTR_FSCREATE 0x0004 +#define LSM_ATTR_KEYCREATE 0x0008 +#define LSM_ATTR_PREV 0x0010 +#define LSM_ATTR_SOCKCREATE 0x0020 + +#endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index c6728a629437..63ea2a995987 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "include/apparmor.h" #include "include/apparmorfs.h" @@ -1217,6 +1218,12 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .id = LSM_ID_APPARMOR, + .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_PREV | LSM_ATTR_EXEC, +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1912,7 +1919,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..20983ae8d31f 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -5,6 +5,7 @@ */ #include #include +#include static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ @@ -15,9 +16,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .id = LSM_ID_BPF, +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 1164278b97fd..76c5a0af95d6 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * If a non-root user executes a setuid-root binary in @@ -1445,6 +1446,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .id = LSM_ID_CAPABILITY, +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1469,7 +1475,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index ec6c37f04a19..2eb1d65f10d6 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index adcea0fe7e68..fa0e6e76991c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1307,5 +1307,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 4c5b9cd71286..eab35808f395 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 3f196d2ce4f9..9104133d04ca 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -8,6 +8,7 @@ #include #include +#include #include "common.h" #include "cred.h" @@ -24,6 +25,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 110a5ab2b46b..d5c1373a096d 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -20,6 +20,7 @@ #include #include #include +#include #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS" @@ -203,6 +204,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_check(NULL, (enum kernel_read_file_id) id); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .id = LSM_ID_LOADPIN, +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -250,7 +256,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index a79b985e917e..e8c41a0caf7d 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -13,6 +13,7 @@ #include #include #include +#include static enum lockdown_reason kernel_locked_down; @@ -75,6 +76,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .id = LSM_ID_LOCKDOWN, +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +89,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..8d0742ba045d 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lsm.h" /* Flag indicating whether initialization completed */ @@ -261,6 +262,11 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .id = LSM_ID_SAFESETID, +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -271,7 +277,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index d1571900a8c7..07a8fe7f92bf 100644 --- a/security/security.c +++ b/security/security.c @@ -504,17 +504,17 @@ static int lsm_append(const char *new, char **result) * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + struct lsm_id *lsmid) { int i; for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -523,7 +523,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2145,7 +2145,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2158,7 +2158,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3c5be76a9199..7398819a0036 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -92,6 +92,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -7032,6 +7033,13 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .id = LSM_ID_SELINUX, + .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_EXEC | LSM_ATTR_FSCREATE | + LSM_ATTR_KEYCREATE | LSM_ATTR_PREV | LSM_ATTR_SOCKCREATE, +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7355,7 +7363,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9a82a15685d1..8918b52cff43 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4856,6 +4857,12 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .id = LSM_ID_SMACK, + .attrs_used = LSM_ATTR_CURRENT, +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -5062,7 +5069,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index af04a7b7eb28..a4658fb5ef0e 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -6,6 +6,7 @@ */ #include +#include #include "common.h" /** @@ -542,6 +543,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .id = LSM_ID_TOMOYO, +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -595,7 +601,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..2487b8f847f3 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -18,6 +18,7 @@ #include #include #include +#include #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 @@ -421,6 +422,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .id = LSM_ID_YAMA, +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +483,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Mon Jan 9 18:07:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094055 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37383C67871 for ; Mon, 9 Jan 2023 18:09:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237350AbjAISJB (ORCPT ); Mon, 9 Jan 2023 13:09:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237668AbjAISIf (ORCPT ); Mon, 9 Jan 2023 13:08:35 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB13263F66 for ; Mon, 9 Jan 2023 10:07:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287649; bh=VAdoOW0TEXJpnEZ2JjSo0tS3XBJHEDUWL+fQB6SILsY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=EXU0PbSGktWp86N9l6ohI6GaxpEDr1HbVUmY8tXErqH3k1ktRrTj1mFtwjBH2P6lFyUGAXOrLDiBF8odUpggX5b8G058cTwMPUCgkuhUv+mDpPbd0vhnfU2yXBO0d67wil6aroXNlyX/vFcKjl7wL/Qg6kzSBrQ8opFwYYcqUcqMeNuMxN6FBplIBjQB7QW+7/ZK3H4gg78Ln49rC4vl2jHTMCwuxNrX5Lj8CD+Ar8sKqtcz4GkWChPXxflP3K9+0VTbB62SjKltF4xgrqizn32szQRx5EB2f5Oom6piJXYIiI3KIU9PwBDTLk8iOGZ9UVXsr6m/ebAGe+GCEAz3ng== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287649; bh=rcE75AFLFtGYePXooNUPkhSdIU7LLdjt9iCvCuRJr6l=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TqaPPG4TK3aW0bPBs3D1ea8utbi6Hwo6W/FaTQz3bXRkGydqEM0XQ7dpBaiPNmixEA/DhORPuQ5Kb36cmO5+iWFRbI4rfeR2D8/Gq9Yv/PFG7VUHm/aTvbryHb7KBz5H6TLP8ciTml3NlRcTEQ2dV0mQ8USVv15MZYol1ovIpeq20wsHdJrhhOtOM2T9XkyMtd4NRw0RrT4fXQONFc0qOYHVb/VJsk+7+HENb4mL7vpuSzhTL5SVb2DhePHrGzlDBzFBEfya2+3nxRTL/n9T97pfgh4Dfg+FCRbocHkzaQnIQ7zdCe18JyVuWwECX2l8Gso4CmUmiYp7EOKBCAMg8A== X-YMail-OSG: rO9f2J4VM1k0JzVNDNEFCBI0bxSgKdEL8Vq9k.YSKo62FggfhIeRWQ8zrAg90Sp Gt6bwGqBOKGn7ApGiZnR8thn0WMjLgxBcmsDWjDFM6NsnNIvmijjnZzKfP8gqu22qL4DMPcLiBrU 036n6j2YazzvZSY15KIl825QAazjzmtvTnK_w9moH4PRs.wH1FPrLrap7QXG0MAP9H5SwrWRBzxY YPapR0B8vcp7Oxgd7AslNRHo3rWj.lbwiNS9sYP6RVwoXTkkcqLGVsNaeLQiKJEJG7g8wKd_TpfV tR8rWsBhAxE.5mWQMwcmQceVXnb92oABNbW_Mp6YV9q8r5lKDldf0Z.1CMDIMbuW9o8kYH35h.4S Xa9NvLYEzJYkJQhdmjs3dS9iMUc_CTE2KeKce.p0zH6eBIna4cK.k41GlI8LOCMGYXMRTV8FLkLG 7MRQsWDgselkEDgqC8SjqPUqRdxd.N6uvPtya9y9zNeON6FY1jr70DYaDiubYeDwVmL2w7H5dvgZ VPtzKs5zgXEJxlEZ2YLRzwRQZP_yMZ8LkUI365Cq4j.FFKf17X0x.B0VPoFLjwZlRjjvDeR4ZUc4 zlEtaTL9e6MyuBNw4p373WSXz9rHy3ElK3kHraSErQ0pWIyDDEp6ruZUdCtC.3jwINWWguejNxQv w1nIP.Ne646GGysOalq2NHl_1YblUSPTYEaQgF_un5HmtPBEyL_UUpm6btZWwUfITibwmU6ztDwP oby6lmE39rnK2dwfVObPVOtovSGsa1tqUYRItZ5O_iQJjRHqDqTNsKStyslvU8emXQeaxkpzUU9p 7UDf84JCDEnoki6LUxFbTTU4sq5eNzIOIMpqgmRL8PiEtj0_zo40ICgmCNd3CXND8gzmtsO29lVl JdVKY5B44ig3ht8iSU_6IMdWEQjuAiHaqb5duy2Rr5lrJFk_9VZCyL474qpht_EabYPENhsqDBmT Cna61bwaUKxEBHJTbZk8NuYtDMpFQEa9uGUoKFCNWKOl_Kr7nGqJlus_3VHBcX9jPgyksxAtjwnk 4J4hT566g7fKWmFfNCuuBNWWpT2i5nRR89muGAR4eIVbYOX_HChH80cqkm5wdZcptruH78IvZe.x S6IlzZUDVZH2tzWw1w8ttZR3LebEIaVhsPtU28JcKcmlwVeKDYQVWrmD_QKZ4NJG6eeeQ1caw36m cR0DMQ.EFRlNGv2ePbxeA7uQBSziyVBamHxph_3IEk9VtzQG5w3pW8NWco_K2ri55IJr3.pPDBGY HrSDBfcsLcA5mZ3VxD7FNk4xYbNye982AGS2vnj0AxZBode0T.1_YuooQd0gyv13jz0DbIyw3CV1 _0W3PK7e73hBzmJPlDJXVbywPpMsy8YJ_BKF2Z0vggXDKY5x8NVGf_bBBZdYW2gRf2fJl29TW1e3 ByfU1z5TPztnb4W51y3OSNcFfd1GaSQUDgj80Ut07pINgXydvEfuhNOzHxEM4cz.eSXUQShnwEGN 3VEXmYMH2XwlEHBb7qhiYlaUg7LNBB4wQ5s05D.CUM6c00O3S9woP.r.Zuab67yKrPFxMBKAdRR3 jdGlM_RRiS6Cu_CW5zmO9h98zHDcaW6kCtS.jITN3t4y4ERdT4FZ7WwvPxC6YcdXj8Q61LXo2Ac5 Y58WSLXi90RaCb4O_p1w2qkQ534Nwz8TgUXk.vgKgurJ.C8YaXbA7lDpFzJRk7e0EghJ1sqS1Qgy vhSbsbek9p7FwhuQ1aWhH6.XEL.wMWAWGkF45bE9hV7nUFcxQv_3eC0ksXkgLJ30HNZVikbYGHFE 52MpwmIJKqS995sSukZfVgR1TmZ4Z7Y6Wa7da.wDLci2cVXd7i6tbFFg_pxtHCi3raX4opvImee. Fzn0.KJQwfFUyycUTRq6Ffh0wsqntreBRX1rIThyEEyWvKb.dcsZNwnQJ2X5Xp4J0GvK5LuRd7aF 8rdbILAPHNPRo42DKHZr0XTty6TLvgYA_7Tb1YDWIImEAIfAHCRH6nghMAv6rJGliZ8a12pKxrtj oGLQ25VX2LinD6cmh3eDDbAUVVvubWP5mUGmZeyMr7JqQVi98_CWKYQ5_LBYtkTg9STlspYLGfbT pva42h3FJV2Dv6qZeb15Z6J5JwCi4g0uPWmv8zlf6s52w2Xb7t8xJ7d1gbvF0Ejws1mWGK_m1N2s ps9I9m84.2ESxsZWVJkU6I3krGARmR.wrUhW8B6W3fr5Mttd.qWpqHZwIzId70Huq8yNVRQ3otX2 oZaUpvJXbWQdWMbwYsFJJVAgozEe0d62YAwYmt1I6 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:07:29 +0000 Received: by hermes--production-bf1-5458f64d4-46wzk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID aae4f9f8595ff7b5b642ca19e86fc157; Mon, 09 Jan 2023 18:07:28 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 2/8] LSM: Maintain a table of LSM attribute data Date: Mon, 9 Jan 2023 10:07:11 -0800 Message-Id: <20230109180717.58855-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: As LSMs are registered add their lsm_id pointers to a table. This will be used later for attribute reporting. Determine the number of possible security modules based on their respective CONFIG options. This allows the number to be known at build time. This allows data structures and tables to use the constant. Signed-off-by: Casey Schaufler --- include/linux/security.h | 2 ++ security/security.c | 44 +++++++++++++++++++++++++++++++++------- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5b67f208f7de..33ed1860b96f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,8 @@ enum lockdown_reason { }; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +extern u32 lsm_active_cnt; +extern struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, diff --git a/security/security.c b/security/security.c index 07a8fe7f92bf..a590fa98ddd6 100644 --- a/security/security.c +++ b/security/security.c @@ -28,12 +28,29 @@ #include #include #include +#include #include #define MAX_LSM_EVM_XATTR 2 -/* How many LSMs were built into the kernel? */ -#define LSM_COUNT (__end_lsm_info - __start_lsm_info) +/* + * How many LSMs are built into the kernel as determined at + * build time. Used to determine fixed array sizes. + * The capability module is accounted for by CONFIG_SECURITY + */ +#define LSM_COUNT ( \ + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) /* * These are descriptions of the reasons that can be passed to the @@ -90,7 +107,7 @@ static __initdata const char *chosen_major_lsm; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; /* Ordered list of LSMs to initialize. */ -static __initdata struct lsm_info **ordered_lsms; +static __initdata struct lsm_info *ordered_lsms[LSM_COUNT + 1]; static __initdata struct lsm_info *exclusive; static __initdata bool debug; @@ -341,13 +358,16 @@ static void __init report_lsm_order(void) pr_cont("\n"); } +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __lsm_ro_after_init; +struct lsm_id *lsm_idlist[LSM_COUNT] __lsm_ro_after_init; + static void __init ordered_lsm_init(void) { struct lsm_info **lsm; - ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), - GFP_KERNEL); - if (chosen_lsm_order) { if (chosen_major_lsm) { pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", @@ -388,7 +408,7 @@ static void __init ordered_lsm_init(void) for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); - kfree(ordered_lsms); + init_debug("lsm count = %d\n", lsm_active_cnt); } int __init early_security_init(void) @@ -513,6 +533,16 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + /* + * A security module may call security_add_hooks() more + * than once. Landlock is one such case. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) + lsm_idlist[lsm_active_cnt++] = lsmid; + + if (lsm_active_cnt > LSM_COUNT) + panic("%s Too many LSMs registered.\n", __func__); + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); From patchwork Mon Jan 9 18:07:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094057 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3023C678D6 for ; Mon, 9 Jan 2023 18:10:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234944AbjAISKd (ORCPT ); Mon, 9 Jan 2023 13:10:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237435AbjAISJk (ORCPT ); Mon, 9 Jan 2023 13:09:40 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 248448FDB for ; Mon, 9 Jan 2023 10:09:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287747; bh=UkfRcDMPf/v1DcWo04q62pwUSUPbnp//erzjsjt01Vs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DTwP1PWzMxGoqT041JAZTuN7kRjnfPepw9YnmknPtmeQXTpRfHl5oLUwD/SENda2P7hhneYngAeV8NYVjvEXUwlV9pQCJr/D1xPuB1BUa94MWt9UgqdJ/M11J4bpz7Wp6ELSRoM/OF4XFOa6F0v3ekn9VrIbI76e+qbDAl92D/1POciUw4d/PrcR4hLmTrIfWZDyZWji8gZni10eMWEIsSLNEhmIgid0o5tS/Crc2afsZJQKSoILpT2g6dENb9hXMq+U0K1h9v/Wi5TkUAlotABfuFBK9aBnUQkTZIq7h39bEfx56LcAtTIe+4fq9Vh2M+oxqvLKHBMqAspBW3TxDw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287747; bh=0V71/1e8f/JUulk1j0yXLI4ibca3kGMAkCTPoIx8CKv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=gZ4aNpsOnzWyS8h1EbpX1G5nCp5qmiHEEQ0l+MCMxPu9pJyXpLun9Ldkh3ewFyfF0A1SUrlLzrtGWJ/NBfMuMZ95EcHavzeU8j7yQPhdM28RK/8MW6NpYdvXXAI87wi8C2/yvU5ygIxsg7TtrfLjoi53EtRfAgO+YmwU7sjK8SOazG8Eun+eOPU+L2O6YS69oqhn7ZzQA5CnKTcTYTSQUPPrfUJKmHPygCpuZksUr1+QWGslH6b++PyhClGUpiSpoyUoqkUe9ZUFzIvk+T24d0e/MQ+Trf6ce5Wnqx/Y/ofaaL3UunNHW7fMhe0R+TXli3u1MRgYlZLuxnNdv4CTrA== X-YMail-OSG: CpzcW9UVM1mblJ2JGRpNGRRBVfYPbAxCcDUwbRlMQp.mvxCpKxnYVvRBTgH104R L0tNZ.ttFY8j6yb0OmBQhvjSMvWW0CQIcDlEDS3T4Vqyc6GD4kR9otl8q4EZb91jbgxbFQN5PQTj ZgA46h18pnKtGfePgANHcpsaZVAcpKJ5BI6oFi4vlUQQ4cAVkVBFn82Ca19twIv0Yo.7p9lMzjUL 5xdJX64zlD5GumMZhZqbuh5AV_w5qxQTu769E46iwJvlpEuYarpSYe5ZDhOHdAd8jiTy_xgCDKdh 7nr7noD7vnvfBsIUFWx6p6J3XS0Fv9altzty35n4AIxBuUJZLQyALIUmBtFhamkYBYf0RwYGB1Rt ZPiG8fjYDCXK3v2tXxQjMjnfZH8PjeGBVpn3G.uQ4.zjpTWSWXqrC68KJHFJ7sHmA3lDba1ew3ti Y3ICjAgOa7gIPX15szsSlr5Gm56XLX.kNRtb5TcY99sXwIEGsr176gJdnY61n73j0z98kmtGc65n FJjR4A7DoBLnnGI_ZPh8DAvqoAbS5Ec8bIKrGC15dl7V5AH3gjt3FC3dMtkZlaGRlx_A_LPZ9GWa vKWcsSRwTq.7GZfX9LeKb.YGksUJ6emdUymOZ7RZHKT5tjWn5T8Q6MOELa4GIH3qe6dms.d506JJ 1.9peYpcR6WH0ogmKXb9okbJeOLNvLq1ezMYmeaXeW8Wij9e7EApW1dn3enoAkyvbCc9FzZHRZm2 jMCPC4EAzANHwVnaoImruIrpKB5t.nIMLv6k3g68itIXMo0xB1XTckm3y6pCMaYSSsmH7DKWdhUI Oe6r6I9cZUUVF6sHQruKRD3YxIkwE1tNo18mpSWlueLBY_.emoeZN1n3p2Entcelk_Dar73DIifZ wYxc9Mv5BSKzQIB9hbmt1UgVdx_PxjsZwMirBnWG2aD0_CJzF5OqJho1K2mXcXdWxkUcmTOaZRR5 OTwwB1lROfldhGbNlSrYd4CF7u6gP_YlrfTnpTGnx0xRRuQEqp6FKgAzCWwANM7l6TEPj7RY2ZqL h4zpgp4mZDHAmvUVox0gTSYkqwmTDcMALCnS11b.3HU1i4WzKCx7DZozerUn1_aDL8xhtHm2aDE8 zbvvuvRE2hjcnEGmEan1gV24Rc6L2pqo.WBYs8MlURVwY25DvUWdp1vf.67Ot.vPCS7aGu.knJ2s zKVzYpzG12tjUThyL47yjwv69Jj45qgFkEJK4E37GV8zTvmmj3bCiqRFtrZkbkESMKjVYykLodij PmdOfQv7pAwwxGUFFGVboSUKf5N7q97osjz3nDBOe0Nh3IAGdYLMjEBtNUSiHqv2uAqLtD_65wQk T3UEYZmVrNSBfvvj51OyLRnIxxN6OfvmNrVEB0xPiDU8Sf4QCUzJMn_vtrT7U0gH37IrLet4YgdA N8R7RkQlgmHgMdnAhl1sPU8NOJNuGdOWD7_jER6yiamcxKoj6LMFVTuynGZk82a6etYiOusm3Hcm ICBMxGVlnb75iNVfesnCtjgP7MAEPyDBmdB8CwQo1pzoTTjg4n3h8aNQcKprRNjc4M6Zwj.FSFrC L8aiiFxWO4QJTmwG2fOWFCtcHWT9k3CbvRkZO4.iwOzlE9m1wm16kpj48aJsYaI6WfdJkL2vgGws p6ntfgxUAvjUXix0zKLCfOAF8odzGFXc7qr_WN1zq8pCEaoZH3Ukn5NMm2631jbKmytwygy4ibp2 XiamsL58G5gPmeTnL3UDjAn9rLCzYuOwuqAV3hPaHRdDCL0mZqf6EJaoR3vJXzzKVJ.HXGJnLREt zabCwjC.deWDzQO2mejPxnPbth7NvC3s1e8.YZDhY4fkJWfIJdTcqer1hwqfL_zb7n.jjLXjsdXq jyyn5UzCPJCtdgvG20AMDb0GCTxrSO6QEoE_6ZRrQt5Ud4.jKdsD8xUwITwjQttUy1wTzVLyGvyN LtRi5OlW7Pk0ob6W_37nqv3as4STd_fSy9RJ0S5dGE8gb3zKQls.fbOjVX8UleMvXAZcfQN.zkrI EdMZOWlZKnmxJau.5A5gPlQy.6CAadrPet0mXmQi9OU6sfT7pwpu21t_EX4L6uOg6UuUFDwFQHlw l4n9b8TE9OA3x7N54D2HQyfBYCtadNUR98QbibZJIywgk9aYw7UHtGWo2FXczmF.qeKNxOU77Amw GhmnmmHaRFb_vcuTWgyqZ48YA2GK2w6buPpbANLr0mQ8q7dLHW2gCV1ZJIRfJtNNjoZ9DTccFRQz iWDf7HDWfUrJpmkqI__aCrRcm3gECrjoCTNMSPLnDBAc1 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:09:07 +0000 Received: by hermes--production-ne1-7b69748c4d-474lb (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 3be57d1d3a3d9a781b586d3784815f58; Mon, 09 Jan 2023 18:09:02 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-fsdevel@vger.kernel.org Subject: [PATCH v5 3/8] proc: Use lsmids instead of lsm names for attrs Date: Mon, 9 Jan 2023 10:07:12 -0800 Message-Id: <20230109180717.58855-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the LSM ID number instead of the LSM name to identify which security module's attibute data should be shown in /proc/self/attr. The security_[gs]etprocattr() functions have been changed to expect the LSM ID. The change from a string comparison to an integer comparison in these functions will provide a minor performance improvement. Signed-off-by: Casey Schaufler Cc: linux-fsdevel@vger.kernel.org --- fs/proc/base.c | 29 +++++++++++++++-------------- fs/proc/internal.h | 2 +- include/linux/security.h | 11 +++++------ security/security.c | 11 +++++------ 4 files changed, 26 insertions(+), 27 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 9e479d7d202b..9328b6b07dfc 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -96,6 +96,7 @@ #include #include #include +#include #include #include "internal.h" #include "fd.h" @@ -145,10 +146,10 @@ struct pid_entry { NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) -#define ATTR(LSM, NAME, MODE) \ +#define ATTR(LSMID, NAME, MODE) \ NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_pid_attr_operations, \ - { .lsm = LSM }) + { .lsmid = LSMID }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2730,7 +2731,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, PROC_I(inode)->op.lsm, + length = security_getprocattr(task, PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2788,7 +2789,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(PROC_I(inode)->op.lsm, + rv = security_setprocattr(PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, page, count); mutex_unlock(¤t->signal->cred_guard_mutex); @@ -2837,27 +2838,27 @@ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ #ifdef CONFIG_SECURITY_SMACK static const struct pid_entry smack_attr_dir_stuff[] = { - ATTR("smack", "current", 0666), + ATTR(LSM_ID_SMACK, "current", 0666), }; LSM_DIR_OPS(smack); #endif #ifdef CONFIG_SECURITY_APPARMOR static const struct pid_entry apparmor_attr_dir_stuff[] = { - ATTR("apparmor", "current", 0666), - ATTR("apparmor", "prev", 0444), - ATTR("apparmor", "exec", 0666), + ATTR(LSM_ID_APPARMOR, "current", 0666), + ATTR(LSM_ID_APPARMOR, "prev", 0444), + ATTR(LSM_ID_APPARMOR, "exec", 0666), }; LSM_DIR_OPS(apparmor); #endif static const struct pid_entry attr_dir_stuff[] = { - ATTR(NULL, "current", 0666), - ATTR(NULL, "prev", 0444), - ATTR(NULL, "exec", 0666), - ATTR(NULL, "fscreate", 0666), - ATTR(NULL, "keycreate", 0666), - ATTR(NULL, "sockcreate", 0666), + ATTR(0, "current", 0666), + ATTR(0, "prev", 0444), + ATTR(0, "exec", 0666), + ATTR(0, "fscreate", 0666), + ATTR(0, "keycreate", 0666), + ATTR(0, "sockcreate", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/fs/proc/internal.h b/fs/proc/internal.h index b701d0207edf..18db9722c81b 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,7 +92,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - const char *lsm; + int lsmid; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index 33ed1860b96f..2d09e818a7d1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -475,10 +475,9 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, const char *lsm, const char *name, +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size); +int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1346,14 +1345,14 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, const char *lsm, +static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(const char *lsm, char *name, - void *value, size_t size) +static inline int security_setprocattr(int lsmid, char *name, void *value, + size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index a590fa98ddd6..a0f4af2da5f3 100644 --- a/security/security.c +++ b/security/security.c @@ -2169,26 +2169,25 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, const char *lsm, - const char *name, char **value) +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, + char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size) +int security_setprocattr(int lsmid, const char *name, void *value, size_t size) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.setprocattr(name, value, size); } From patchwork Mon Jan 9 18:07:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094059 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A68EC67871 for ; Mon, 9 Jan 2023 18:10:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237450AbjAISKr (ORCPT ); Mon, 9 Jan 2023 13:10:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230315AbjAISJn (ORCPT ); Mon, 9 Jan 2023 13:09:43 -0500 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE62BC77F for ; Mon, 9 Jan 2023 10:09:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287749; bh=UBknTJ5AK+8ibzgjqpdN5Pyy2eZ6OEF4EO5PatESuek=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DfByM41fmvEA7yAHybBgMe2o8SKJ57dXOHxCV6hDe8p1sqypJnuF2fEqwIJ89HUmKIVadB8QygYPduw2dB/rqS3o7QzZCj2bIBz5NFCa4Qcb8mayoR0ci5yaa8fErkAgcaihnuoVU36elCPPZlSN+86ZeJU8/fuleuIvQiIMrgiVymHX8WwlU9azU1XaWjLs1JCIk+3v3Zn/rRV1lhMu3jQHCaapvABzLqBoVWFcI7MTkG6giyRDXUJD5P+RH7keJU5jHVnPUqyoFR2Q2YwmXpA4uMBaZ0MQr/1bHRZH1r8dDQz47EsFmqTkaDC4YATTIV4dv9gzwTQIJerx3m9O5g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287749; bh=4qqI7rhC/nebP38HB3U/gZfWNnaDfbZTPFeL34H19K+=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=CRJ+sGP+mWQPm4CQOHj5OUlTOcpU3wCkgLtfOkT6Bc67ocglouhiH5lxLLQsreSSvBak0qyohBczuuFJ0AEYSTMiTKUk9gJmYV/7VXAKT06ziVYQTcY3siJhOg8bp2qiKv/4fyzuhv//avharsmVtZGxr85VYkXRpwjqq7oNgF5eWbfi1k9btRCNOBCuQ9xq+OporicOeH/1FqGfa2+MnlNzeUkJix0hkuD3mB8Rqc1FlMcjj50lOJ1Qjik97UDLNq5yUsOg/BRHGOg9jvlIFUZXjpvKHuspjCTt463e/ttyvk8RuZ3ACQQ3XicYOuGYLzmgfOqj3G6lZDfteEkVwA== X-YMail-OSG: 3DBtMP8VM1kdXlwuUwT2CZ.P8.UnM3dGO00k_f.zL7jntUkaFYmruyIITd1F1VK Bit2sfG.SJZlkf3dTWGCG0dGeLJw_E96yusRDDBhTiFP7fr8_bX6YSD1_czQW7s.MDSz7yBqrgPD Zjnr_EAJ2OfXm4CaJVt5dc75Id5axvdBSfCn1tWb9LTLnzwS1Lx9iej7dqrTV3DIQcLPXS3Uhwa3 ZhOrIU9RkgNTq0ByBujqREq_2TrrLpBH_ZEBR6pCz1qpEzSo0M.KNFzCcPn8TD.Hfv4ZCv2sXXQl XRuTvhq0Jal25ekNit0czWzgW89ZISJjSdEiwdjymQ6n34SKJ2nKuvODbjB.Mly7AU0ogkTahmKd RQ2OvxezkWzg14JSVUa07tKpFEkxn6EoRpCQQigju.VAwEJa6YjauHE0f6l_6u3g7hGYWSdqwp0I crxBRs_lnr8I9j2h4eEnIcHbVDqJSxp1gzUjZAD7xK.5CFCDnOjxNIhbbGJd9o8Qu616JBMTEPHU _YxlBQHHEozCaAMzAs68Yp.eI0zAhs9g6M4aDWAiu7RDepCW_NPiuP0.LTYBEWHAtzZzDUe4a_VA VnQeTPkj5ZM.lqpxc9jOkGOt8if4Pu0vAQ8b7Tou5c8prubRhRwqGXpgorVFeCCmuS5SKrG3aeKw tw5SkGF77iYcii.egdeABh8C8IlEzMvg4.SLjgcK.fQ5USJEpt0fMW26z5kM_kawZxDx3PHhRCL3 32zzuE_af45Y.0VldvZ5ctbjqNLRTIcMqwQUQ2RXAgvpViSWOPPCjbDoeUlfNDsDIT86Um84ie3t HmZ5ZmRtA.vTfe1WXX9evXCQMyhytTSmuNibDktMjiNO.9RFilY76ovO0yTK6ts7K7wtboRpI0Y5 7KQzezK19J3OjatzRT2Y6HLFz0EN6H3lYHK_bVnuYDlucQsNlryxYWBZhzuX6meq0XltkbEd7.Dg EWPJOqMydDcjOg2iFIuw0IQsV_5YD06OhwwCRreOwKnJTnuiMC2XDPmoTEOkaZgOMX97PQ.znR4C ZL0J9oAofCpAX8U3XCCUWvSr2O_sSDUhkkk4VY.JzU_e9GLKkPyo7V0k0Atio6Tm4tl4fWzGz4zE k_8UDjKX944ytNgXOZE_DvloNbOXUg60lh3pZ8g.Yx8CYor.xSNAVh44tRsb1rQkuE_c.mqrDzvR Q4n2DwImAllbRgPK71W7jPxC30v1zrKUp01FDkUraZSSdJa8Km1TlpyD.gluHBw2Tuj83oSFRmTa rYVJbz7gNRVhUxL1R3kfvWzqGHezoRYpXjJ4Ud2kFdKZ0WFKX9lUDkMAivOJg61JyYO8gYsDz7.M 17MrakG5fbJ67qm5ULpBMxPVcYv_mYbGPZYuH0RET7OCTwPgFUMm6sZuwrRQ.sDVQcqFTiMt9PVI 9qNMhkxjJMFc2r9OnzrTRmjBFKcdUOe1z4pfSmc3pDfRUNBDRz9WfpypdumG.uGmrhKrw_kFrAMX wCY64WbDr3L6QnmzeK2imbA6WQCBkMK_eM9TcswqWdqM4b6OI85fokFlr0s3C.bpLzD6AZs.LAH6 6LATwlIEN9Zxb_gd95ai7QErI7BOM2k1U5DNeHTGQ4qKyz97zwWxsBYFKT9phi5_Oiefpl9Wtp85 Q7UhMDU0cio1ECxAxqSYgLlDklKQoMQcKka8c4nTxlLsn.9mOnCpy04oI5__qRDv6Ss8drfFC7bc JBRR3ETJ5Lbb8MZj1AgoauhPNc0xDyHzkkuuWs4f3Ti5B902RhQkar3WR5gUIIlNkx9g.C1ZA.0f XpVUcmsRunZ9.Y.Q3dkzm3R9Ea7eW.HyT5.cMybnCVriJ3liFQ_NIkDdt8H2gznqfnciAxaTmjdM _KGHGtQSkTMvN9MZme0GcAUHvz7bAn4.WDUx0nElhpe99JrtzVsi.63wVBkZoHxg_v7zZO21KozT y3jn1yaf7VxuuO50HvHrIHF4DfS31grfKBv3SyB8UAuwZmDFTRnpf_yImygpyNTeo8WGzjTPU.Yt GFAShQmxU4ADL90l_eWBZRWkqS_f1PZvvqddW4q07Y7kj6c1YdZ1JvQHVIN0aN0zylMCcodgM9og 5Bk0YZ_lnJhpaywd.mOyt1zx6gpTpVKpFAn41ciF3ys9WLt1nOo3pEskSFzT3JQxSsxK.WEpUqdp QTFCG8_f_UYTmFHWySA8N4vru2bkrG0nbEoonCB2zo1YzB8Ac.Jt2zk6.JenEmNfpHnP3JMStCUx ghVqPzlkQLQYkSYgXFITlUUrjTshU5uUWmt372cvj3UdQBWlz90EjUS8ULSLcdNyX5.NsXdRCcSh FdE3jt.CIJCpZY1QlvV0bgvE- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:09:09 +0000 Received: by hermes--production-ne1-7b69748c4d-474lb (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 3be57d1d3a3d9a781b586d3784815f58; Mon, 09 Jan 2023 18:09:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 4/8] LSM: lsm_get_self_attr syscall for LSM self attributes Date: Mon, 9 Jan 2023 10:07:13 -0800 Message-Id: <20230109180717.58855-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_get_self_attr() to provide the security module maintained attributes of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. Attributes are provided as a collection of lsm_ctx structures which are placed into a user supplied buffer. Each structure identifys the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module, but will always be \0 terminated. The ctx_len value will always be strlen(ctx)+1. --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 9 ++ include/linux/syscalls.h | 3 + include/uapi/linux/lsm.h | 21 ++++ kernel/sys_ni.c | 3 + security/Makefile | 1 + security/lsm_syscalls.c | 182 ++++++++++++++++++++++++++++ 6 files changed, 219 insertions(+) create mode 100644 security/lsm_syscalls.c diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 6ddf5506110b..98a0c191b499 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -48,6 +48,15 @@ creating socket objects. The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. This is supported by the SELinux security module. +Kernel interface +================ + +Get the security attributes of the current process +-------------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_get_self_attr + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 33a0ee3bcb2e..a89205c70ffa 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,6 +71,7 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; +struct lsm_ctx; enum landlock_rule_type; #include @@ -1058,6 +1059,8 @@ asmlinkage long sys_memfd_secret(unsigned int flags); asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long len, unsigned long home_node, unsigned long flags); +asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, + int flags); /* * Architecture-specific system calls diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index 61a91b7d946f..8674d8c6b326 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -9,6 +9,27 @@ #ifndef _UAPI_LINUX_LSM_H #define _UAPI_LINUX_LSM_H +#include +#include + +/** + * struct lsm_ctx - LSM context + * @id: the LSM id number, see LSM_ID_XXX + * @flags: context specifier and LSM specific flags + * @ctx_len: the size of @ctx + * @ctx: the LSM context, a nul terminated string + * + * @ctx in a nul terminated string. + * (strlen(@ctx) < @ctx_len) is always true. + * (strlen(@ctx) == @ctx_len + 1) is not guaranteed. + */ +struct lsm_ctx { + __u32 id; + __u64 flags; + __kernel_size_t ctx_len; + __u8 ctx[]; +}; + /* * ID values to identify security modules. * A system may use more than one security module. diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 860b2dcf3ac4..7b2513d5605d 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -262,6 +262,9 @@ COND_SYSCALL_COMPAT(recvmsg); /* mm/nommu.c, also with MMU */ COND_SYSCALL(mremap); +/* security/lsm_syscalls.c */ +COND_SYSCALL(lsm_get_self_attr); + /* security/keys/keyctl.c */ COND_SYSCALL(add_key); COND_SYSCALL(request_key); diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..59f238490665 100644 --- a/security/Makefile +++ b/security/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_KEYS) += keys/ # always enable default capabilities obj-y += commoncap.o +obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c new file mode 100644 index 000000000000..55e8bf61ac8a --- /dev/null +++ b/security/lsm_syscalls.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * System calls implementing the Linux Security Module API. + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct attrs_used_map { + char *name; + int attrs_used; +}; + +static const struct attrs_used_map lsm_attr_names[] = { + { .name = "current", .attrs_used = LSM_ATTR_CURRENT, }, + { .name = "exec", .attrs_used = LSM_ATTR_EXEC, }, + { .name = "fscreate", .attrs_used = LSM_ATTR_FSCREATE, }, + { .name = "keycreate", .attrs_used = LSM_ATTR_KEYCREATE, }, + { .name = "prev", .attrs_used = LSM_ATTR_PREV, }, + { .name = "sockcreate", .attrs_used = LSM_ATTR_SOCKCREATE, }, +}; + +static int attr_used_index(u32 flags) +{ + int i; + + if (flags == 0) + return -EINVAL; + + for (i = 0; i < ARRAY_SIZE(lsm_attr_names); i++) + if ((lsm_attr_names[i].attrs_used & flags) == flags) + return i; + + return -EINVAL; +} + +/** + * sys_lsm_get_self_attr - Return current task's security module attributes + * @ctx: the LSM contexts + * @size: size of @ctx, updated on return + * @flags: which attribute to return + * + * Returns the calling task's LSM contexts. On success this + * function returns the number of @ctx array elements. This value + * may be zero if there are no LSM contexts assigned. If @size is + * insufficient to contain the return data -E2BIG is returned and + * @size is set to the minimum required size. In all other cases + * a negative value indicating the error is returned. + */ +SYSCALL_DEFINE3(lsm_get_self_attr, + struct lsm_ctx __user *, ctx, + size_t __user *, size, + u32, flags) +{ + int i; + int rc = 0; + int len; + int attr; + int count = 0; + void *curr; + char *cp; + char *np; + char **interum_ctx; + size_t total_size = 0; + struct lsm_ctx *ip; + struct lsm_ctx *interum; + struct lsm_ctx *final = NULL; + + attr = attr_used_index(flags); + if (attr < 0) + return attr; + + interum = kzalloc(ARRAY_SIZE(lsm_attr_names) * lsm_active_cnt * + sizeof(*interum), GFP_KERNEL); + if (interum == NULL) + return -ENOMEM; + ip = interum; + + interum_ctx = kzalloc(ARRAY_SIZE(lsm_attr_names) * lsm_active_cnt * + sizeof(*interum_ctx), GFP_KERNEL); + if (interum_ctx == NULL) { + kfree(interum); + return -ENOMEM; + } + + for (i = 0; i < lsm_active_cnt; i++) { + if ((lsm_idlist[i]->attrs_used & + lsm_attr_names[attr].attrs_used) == 0) + continue; + + len = security_getprocattr(current, lsm_idlist[i]->id, + lsm_attr_names[attr].name, + &cp); + if (len <= 0) + continue; + + ip->id = lsm_idlist[i]->id; + ip->flags = lsm_attr_names[attr].attrs_used; + interum_ctx[count] = cp; + + /* + * A security module that returns a binary attribute + * will need to identify itself to prevent string + * processing. + * + * At least one security module adds a \n at the + * end of a context to make it look nicer. Change + * that to a \0 so that user space doesn't have to + * work around it. + * + * Security modules have been inconsistent about + * including the \0 terminator in the size. If it's + * not there make space for it. + * + * The length returned will reflect the length of + * the string provided by the security module, which + * may not match what getprocattr returned. + */ + np = strnchr(cp, len, '\n'); + if (np != NULL) + *np = '\0'; + ip->ctx_len = strnlen(cp, len) + 1; + total_size += sizeof(*interum) + ip->ctx_len; + ip++; + count++; + } + + if (count == 0) + goto free_out; + + final = kzalloc(total_size, GFP_KERNEL); + if (final == NULL) { + rc = -ENOMEM; + goto free_out; + } + + curr = final; + ip = interum; + for (i = 0; i < count; i++) { + memcpy(curr, ip, sizeof(*interum)); + curr += sizeof(*interum); + if (ip->ctx_len > 1) + memcpy(curr, interum_ctx[i], ip->ctx_len - 1); + curr += ip->ctx_len; + ip++; + } + + if (get_user(len, size)) { + rc = -EFAULT; + goto free_out; + } + if (total_size > len) { + rc = -ERANGE; + if (put_user(total_size, size) != 0) + rc = -EFAULT; + goto free_out; + } + if (copy_to_user(ctx, final, total_size) != 0 || + put_user(total_size, size) != 0) + rc = -EFAULT; + else + rc = count; + +free_out: + for (i = 0; i < count; i++) + kfree(interum_ctx[i]); + kfree(interum_ctx); + kfree(interum); + kfree(final); + return rc; +} From patchwork Mon Jan 9 18:07:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094058 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E842C5479D for ; Mon, 9 Jan 2023 18:10:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237445AbjAISKq (ORCPT ); Mon, 9 Jan 2023 13:10:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230493AbjAISJm (ORCPT ); Mon, 9 Jan 2023 13:09:42 -0500 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE5986427 for ; Mon, 9 Jan 2023 10:09:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287749; bh=G0wcZ/Rhqtww1ThfnjNfR8i7612RX9e/53Euok8eGoU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ApGS7m61xDImekYfFyRyApsd5HupFOAf3KZwQ1e2BEbtm/5yYiLicaWxGGkKgCpJsqXeRufi60Crz59uyzaUKO+bck6Kvh0J2wk2kTeCoVI7o14W99ch4c1qXPXaQ6Ll49efBlrQc65phuWy8rDJbgPYUhvxP+6gsgnuLgOUqGiEWTlsuHYNHCcS/4qVH3RBNNY0D2QfboW+eh5lgf9Wsutz4SDPX1kJJUdgrz2moCpzzzzTE9v2oT3YdJ96n/Y55PbzDhI8jTj0b+qr5xI5DxMZhtc4TThOzASpfPZXoqF6okwyYhLbESONoiCEtRAqTxeGBvk8/YbwyN84jB5KCg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287749; bh=jAIbvs3dRmHTfBGydXVimzpWt4T1dI3y/d5pnvLP9Ba=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UrOoFaSPcWLUnDHGSucq+eErvSNAWVLFdc9B6wpPVqnEKyNXUACeyOAUvl6xtLii6HP3FO4SWTz5wYqvtYYaEFE8tkRT972AaiysLieF+qS3omxqSt7pVjbrYKvZJBBUmpZQSuENLWAIjodAtF056MF2UipGJoiVvGLnXmorTkjjT6/etQ//jDttkL8axvUo7ty4XPTNKZRLJHqNMs0kqJEPiVAE6155N2cD1cFTGXuZrO3FpCS40CvdQN32BJnEj/RKqWbKO/ml/rxWdk9drYVzuKVU9c8HEtto5ahLUI6EaGiEvYBiKzP0ScIrcyI2OZltNAJ5Yx+XUchIFUGzYQ== X-YMail-OSG: 6QWsHTsVM1nS2OHkK70OB5.wQ1P_T6c2zo0Wsx.qxqGW3GrQZddvMtVoTParOrF FIBO__N6yD3DguRNZ7.X0dsujtOemLhFsG4zilMXkUgFkPYtyZd0VNbK5VF2bIaDqrepfhBqQb.5 yN4Xydm9vUvlsfyFr6pejokkUkqxjtPMFP4UyTw_EryAJu3qkN37KZbDEdD.wTRQl57PEGqHKX9A B9jhvkxqQFmZuIV3gu62KhhrQhJJZVUxy4aB0vo_cTfnV_PWBSNQmGfEtsCFxkISl1SKqiiUHGlI ww6f4LisENIiZ7UZUfENXg5uK9HLzumMMD8PH4nxJngX5kvAw8GwhTlfaXSuNMe7IsZfMKInC2Sm Ny2QwFs2H7yILRpG5mM3EL5gnRAamFCwmQvy6M5CNlvhALkd126vPhpB5yIuo493Et1YUOAIQiAk SAkp9lTogZZo.oRo2GYPO8I_ta.lhc6pMkIgdLOGHKmhZHsdJtrsc7uG21V8GoZ6ma2i2E9MHcNJ jX.j_iU9E9oSTLY8UJ9rqIuunQOrErrtngrWH3yPvKMEtv8Cfk_v4XPkK61WbA52uP8th9Umf8FB rTgGFDq9GmiY_yp9uutG.GhupYRA8PnKrFIE8CZcWR5lqVJNToRZA_YokWKyLUv.Ufo9qCFySOq7 VfIak4dIao_D1oFmKpabZOhkZOvj8JBdK_g2SgF7FUl._gvdtHszG6PnEyTXgBK0VhnWMaUEb1jx Im8mXe_bTP5wYT3jpfVRmmeucM6AKW4tx.Xm2dgvvPVpvTGoP.uJOBtrlZ_kJSqivvvzhMCvnhV_ KVvEpwiOMi3E5ANWXpJxA6ik8_js19Vzicfg80cE9RTULdnDHujQU8emtNXdqM8mLC1vhAt5ec1Y 3kgZQIBAJhfApNXiKLm9HcTAm426aIWoEQwtOmLIEY_aRB7aSY8oj7zpcwr2AYIfISNqqwkmokOF hN.Lrag57Xz6elC34fJQktYv7bakMCmpE2HrmMZNBXrP91DI3HEcYSsNbzh1NUzCnZKWrx3mJZh6 KEIzsGV8LaPXmkDKSncwPg.qCGUyk_3_l6AMWD.jCk7hX1ihUMNFZ_.DzIz6udD8QTIvs1E5Ay3W QMrkC6tWn2grVEcOcxkey_527XvOmVBctLiBD1n35U1AD8UtaPKrqGFyO9jcq2ZNNFc3q4TkEIMT T4eBsyabj6RuxHyQH.kuLBbIPLgBlWmbWqfANqz3FFs4Z4kNy8qFmjiPEMMbl_WCA9yO4Zfxlv3O OGzxHAKIC.fPXzcB9yuykRSEWeLuNnmwjGgPcPTbYGv3TZK3r7Y32bgC7kZCXYqwGfpyFJVlh4vW 9v.SkujQHYJW1NgCmtzN.sgcmHpHJyCJq9007lCpDRgQeMVWfNWmDsnwWumPjipTDzvMn.djC6en BERSdsQ.v4jmaSILwN0n.7Kc5CRjbw3ZPBaSpfHXTwJiD5YGYQ._3DVPr9CXKicxu5gXFpBdjSNn H8UhgK9jBe.iWRBDG3NEZmxN4Yl2envAIrleYPUmvYWR2Y6uclyo3e_AwWyDGF0wPhX_K1Tj34uJ nexlaSCNvn3ocnmqOogKSAKpofaSmN7.XdeTFFmZB1jIQAlobhGcZ6pU1BW8zFs6ulfsADXpNRgg l.ycG1_fJuqIViN0kQnLmn2hvHUfQw5lN2XZemnF9Ae.oMVBMjLxYlqN_ut2BZQ.DgEICdp9buZm WF6lVKXihjy6YHUncy1mJxiU5AKTg_S4A5IWZ0L2UX6ttCmtAX7Omkc3Hxd1BLZr.O4ueehlP4IW qfoYdqPblD3rqng.YbXqyBD7Wo8JRcqutxDom4R6xdAZ1MO0AJ_paM2n9I4XosF_uYWBOFumOLSf VAEWmjRIl8kf.YgG_PnDnG3Ai7CTPWcpU1rIk8ccqvKsgQaBH.aPuRzJgv4vrJIMfXsi7FGD8VEj pScpa68OamHIXXmBWQIVMZ8Lu00GGXvWwuI5tsXabAQ9Ad65WA1r7XmVJgHIQtsKm5CMEgB0u6u2 7Ytfj6mv6zIqP3UvzNNYG4b2BeilNzcVo4Tw1Skln1sG12J23cQNcXNyLBgp9UxC5kByvDDQpvYd 0TLDovtgVBZrgc4Aw8kgsnUsNwI1EIqlCPXlQXtXC00u6qVFwynV338IbrCgVk5B1XJ0GW0AkHr9 _fXNEfMlKRfG0sXQez2ctB2QU1zojIECTFl6WsM.UVD7P7ue.Zy1mDiYZD4nL18I_GIDmSXw7soq QqidYRizVhTRrPjbwP.dHxjCY5p47VHOz.ZEQ7LmpIBTU8xjd63VXHzf8jJsnRh7tGbHy7ykMnyC IliELc29XwSzmCRrK02Bm X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:09:09 +0000 Received: by hermes--production-ne1-7b69748c4d-474lb (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 3be57d1d3a3d9a781b586d3784815f58; Mon, 09 Jan 2023 18:09:05 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 5/8] LSM: Create lsm_module_list system call Date: Mon, 9 Jan 2023 10:07:14 -0800 Message-Id: <20230109180717.58855-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include chosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 41 +++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 98a0c191b499..e342d75b99ab 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -57,6 +57,9 @@ Get the security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_module_list + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index a89205c70ffa..9eb4cb6bbeb1 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1061,6 +1061,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l unsigned long flags); asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); +asmlinkage long sys_lsm_module_list(u32 *ids, size_t *size, int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 7b2513d5605d..af1fd28c0420 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -264,6 +264,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); +COND_SYSCALL(lsm_module_list); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 55e8bf61ac8a..92af1fcaa654 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -180,3 +180,44 @@ SYSCALL_DEFINE3(lsm_get_self_attr, kfree(final); return rc; } + +/** + * sys_lsm_module_list - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_module_list, + u32 __user *, ids, + size_t __user *, size, + u64, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +} From patchwork Mon Jan 9 18:07:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094063 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7B76C67871 for ; Mon, 9 Jan 2023 18:14:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237457AbjAISOE (ORCPT ); Mon, 9 Jan 2023 13:14:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237260AbjAISNQ (ORCPT ); Mon, 9 Jan 2023 13:13:16 -0500 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B5FC6E43E for ; Mon, 9 Jan 2023 10:10:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287839; bh=eGww+YKFQ1wSkfIuOCIXTDhxU9oIMI2Gh5M5OLB5stE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=U2mtjUTWZG652L8AZeGLqFwfTD6jnN8hM5c6cO5MWdjjlOXj1q7TzrEUXeEDwNPR/nD214NYDMUXoCRYgNQ+UUkNBmbtB4eWu3G/1d0ZlplGHQ5pKsTTlfIEfMLzsgkukyhYXgBP6yOynYrU6HDqtGmUh4IVv4noI1+J72tMd6X2zVL5wJhPUCxEeeQ+tef3JxkFNPwUqeNTbMwLE2u64GDTVpiUgwl57psL/vYsVJbX9wbViuhLVUdM0At7TeCVWVFbNZ7+8XwRYthEDj2OnFsv5hRrnE2i8newyZlNvYcGrngh8x1huiKhOylgIrYF+gxjMam2WA+e8PIOS2gM2Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287839; bh=DeT3kryq9m8GD9dpYllZmACn6ZGBRdK3VmWQ4UU8Fld=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=c9DfVxYKWnhgu6wXbe6uZlwj5RyJ6arCytifsYIAI+NUyc4+4BSBqlgN8OUwxerejHgECSq4w45ExyytQcQqXPEYuKqPmzKcN15p0jwMUWw8Jlstc/PEj7p1LuDqhehBiV8w2m6z1WOKiWjZsaGn0C0U5OXHH1GCaUjFg03Jipging40ctp75DNeFeawZlL3jgHGrB5PB34Olw2HSb8u+Xjxn0DBxoXQRbpCYSdLJusXcQ9WsIpIt+j4xK6hU8gXzlek1JUD8Yed7nVSgClTCqj086luSs3RGPGPya9NtPaj4g2UFzrghd2eUmUqHEkRX3i/mMaMSqSgzOSuIyrnJw== X-YMail-OSG: VbK4PRkVM1lieQ1rsQ0F8XuIVlKFovrBomr3VH3WCWq6E_J_4v_rVOpOaGzd6K. Ak5LgZoALnk9YPujNCMD3eWjAU5IA7PCsbft70Si2k8kutJonOyAWkWLxXYf5GecwhXrF2eJ8qHg 4TFYWGt9L0Fm8tJcZ0qhU1CuA57tlQ16OxbaaANGbNvOdsfsWimaLFNlFpsSB3WLRcUz8w0JIfvk IEXzk5sBJXoPNpRWvrl0MuTQyJr8TDKFdNNU5ba5Z0Pl6zj.mHgXlZGT5nH5pG8wl0DYkprOJNvu f.n1_OtO_PvdxKeilceIeQtBcRjkHaRJIZW_JAupaSTl2X9wQdJRxrYunh.Q3uBUUBneP59npdXF p2wj4SoYNGCJFle5rWpoZqJMU3ejc6NypvH6mHUySMerGfJ0rQcP9YgeOx21R8L6souDM5YX74HE y05cd4E3sBJNZO9OTUUiBM.TYUh4lLtEnofx32nOIbGPviLKm7gSHbX9k8uvGLEI40kfqZujSX.s REfps2dErw9KtRIN8c.30jqdCWlJkf3HgUJkys7HKcl0UBU7k.6mAkIWjA_CO.HbEtv9URz.qC81 00C3ZF8.suwVETIo7XgCL2rMPVLJXlbh0YvAenlLnukHPfR5LMFy9.VZDelVIG8CLQTxCFGZpruk dFufdSKqi33XzOhDesYO4h9g8Q0xEXPksKLdRLm8ILNpiE4D2OUNu6W62jtmIF0WeJqDE.3mXQ7m h5BgQyeXdAGDLQUAcBsCeqnOc9ATvw0NV.G9fQqK7v8Uovnn2C9TrJvJ8ylxN4VkaK_Ez5oGQ1ZM e442S9h6xSsKjoLtwl1xefECH7EYX8dmg65o2HN2AincH5Pj3GgkNCejfJtPPpgnKUEGK8saRoNg YMV5endFpSzDakQ2GzJntqRHYNqMooiNNOGRYJ8nOG2JigTehS0EfkaPM6ZXNy2bxGOOUqnAGY6H ffVCR695lYaBd9_RBLWqcbqSsPLJRcxzF3CuMzi3sOQ7F_laUE28cvDZQDgHdt3mCRDrKzl28M6C oH_oZaEPYifOxIPq01g2rgz10Yq.2X.U64W2rYc8tnUok12HZmO5UurxaiM6QICi9RQk2rEusOVp UMb6dNV7JHaxDQE9LdpAMaZjuRaadjrfHi.kQmclM5lrO05NTm86VJBVhK2ntTyYtOytFrxxU_dr wpqs7JGc0SBMxR7xwSQW_q6oiirpP611JepknP08U4whSTI4hu5ibVbKkhG5eSh0gTZUstpiiBhL Y8iWjcZBZgMwNzILeEH29aoBx29O1xIlTjlznjMTlXaBt6KO.WpK_5U1yK7EDy7VGNlP1YgouJg_ fAJrDsFE8QKekEbSro4HmPEy2GiCjvOmle5DHBIkv3z0x0FMy7PppVy3CmXQMfCg8RfVhhwdvyNv 2lEbjbcEg.hOcsx8SMXUxrsH9hZujrxVJ8oWWcosJ5btUXhY08.El0N8DE1tZXHG05JCLpaCMVy2 7IWjchiXeu.ifYJ03JZVHMMGrBZCL7zTvOPtZQnFim8s0j7ExFdqYbPeQ08BtIbNefnIfOh5iedR 1IqfVXhUQGQXOc2BlVpMscEXsJ3K22mqfbMm2WVCNwGI78XTR5KtiDQjOPtN0Dq67.jjyTB1RXdE rDCSQMsetwhJEJpKyMAQ2h0B81pzDjfZlEAYYBC1vnkVvn6jZs.KS5gvzlqdiqcEDmjAJJBeEcih aBjuh41lGZEHgVWSJy5ljiVui54.Iy0.Ai8pDv8FKilnasdv66e0uzt_kOqjMpco8jsFbeUL.Sb7 4qwkYKoSjmMe0QT9nv3H32oJOhLEhFJE7v847tRnF.aZtEwxK_0v4KWzge8nvDLDavuBO15c_jpf h.oNXWlPzoNxI_gdSmq20JkF2whBqC6myecoZ8OrZ.roF9iYEOrI2E_D7qnE8c6DeMqLi_RewZYq TclBkPXIo8qv6Fr.VM9N3Ea2Uln8JxVgpcUCm60QAu4s7ffDF0bNJfEggHNpwnw_cQ3UJT9i.IZk eqpJups1Dv_td0KngHXi7T6scFmktA4Pfl6wrhhVY2mw0oYpEw_.FBZ6gAs8hlmMMBf3uRvkNT.p RXSABOkPaxw6OCstneb3PirIK7Umu20N5g0r2uOdyb0bVyOKwZy_HHImdR_RHIMpjq41.TU2Z60c dp9KGL.ngoXtugnQHppRy1KLFBf6Euu5EpOcFTNuU2DFL2Z6GN3EQp764YcHz8GE3WHDyHG75gTa qKWO2xnQo7kQij.XR118cOWlAq7GV1VBFRnMY95xp46LgR.BjFNOSvRQTd0n3qRh88gt6T_z7ufu 1KUIEIntf_OkBPT3T2zL3Sg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:10:39 +0000 Received: by hermes--production-ne1-7b69748c4d-drrwg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d39a5b2fbd300476a1ee2f5b9fcd175a; Mon, 09 Jan 2023 18:10:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 6/8] LSM: lsm_set_self_attr syscall for LSM self attributes Date: Mon, 9 Jan 2023 10:07:15 -0800 Message-Id: <20230109180717.58855-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_set_self_attr() to set a security module maintained attribute of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. The attribute value is provided in a lsm_ctx structure. The structure identifys the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module, but will always be \0 terminated if it is a string. The ctx_len value must always be strlen(ctx)+1 if the value is a string. The flags field is reserved for future security module specific use and must be 0. --------------------------- | __u32 id | --------------------------- | __u64 flags | --------------------------- | __kernel_size_t ctx_len | --------------------------- | __u8 ctx[ctx_len] | --------------------------- Signed-off-by: Casey Schaufler --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 2 ++ kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 41 +++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index e342d75b99ab..c7da13801305 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -57,6 +57,9 @@ Get the security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_set_self_attr + .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_module_list diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 9eb4cb6bbeb1..a9f1ec9942af 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1062,6 +1062,8 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); asmlinkage long sys_lsm_module_list(u32 *ids, size_t *size, int flags); +asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, size_t size, + int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index af1fd28c0420..c3884c1c7339 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_module_list); +COND_SYSCALL(lsm_set_self_attr); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 92af1fcaa654..026a86674a1f 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -181,6 +181,47 @@ SYSCALL_DEFINE3(lsm_get_self_attr, return rc; } +/** + * sys_lsm_set_self_attr - Set current task's security module attribute + * @ctx: the LSM contexts + * @size: size of @ctx + * @flags: which attribute to set + * + * Sets the calling task's LSM context. On success this function + * returns 0. If the attribute specified cannot be set a negative + * value indicating the reason for the error is returned. + */ +SYSCALL_DEFINE3(lsm_set_self_attr, + struct lsm_ctx __user *, ctx, + size_t, size, + u32, flags) +{ + int rc = -EINVAL; + int attr; + void *page; + struct lsm_ctx *ip; + + if (size > PAGE_SIZE) + return -E2BIG; + if (size <= sizeof(*ip)) + return -EINVAL; + + attr = attr_used_index(flags); + if (attr < 0) + return attr; + + page = memdup_user(ctx, size); + if (IS_ERR(page)) + return PTR_ERR(page); + + ip = page; + if (sizeof(*ip) + ip->ctx_len <= size) + rc = security_setprocattr(ip->id, lsm_attr_names[attr].name, + ip->ctx, ip->ctx_len); + kfree(page); + return (rc > 0) ? 0 : rc; +} + /** * sys_lsm_module_list - Return a list of the active security modules * @ids: the LSM module ids From patchwork Mon Jan 9 18:07:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094062 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8A21C5479D for ; Mon, 9 Jan 2023 18:14:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237425AbjAISOC (ORCPT ); Mon, 9 Jan 2023 13:14:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237380AbjAISNV (ORCPT ); Mon, 9 Jan 2023 13:13:21 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D08771481 for ; Mon, 9 Jan 2023 10:10:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287842; bh=jAyOzaeZKkMIznekU8PEdLn+tbPrgLQ7vd2ljII3D98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=V+2XYv6FzP1dwgtXdNFm8vWhAfNrqoaDupV5YVsQLatqizY5cL0/2OqFgfF9JHrzMk7bof0QADSIMIbXFG4r3l3Dn15mzCtvqfR4Pj9QQ4ESK5TgynzL1+bHXN2aqTRpY+zjfoI8CGrUwVFs1qNyty7hIRNHmwgcAt0YsLaLJQS/XPaNz6aE+3Q+5VtAEgpjzsPVBO5VFt46H37qErzdLQAXyQyxlQAbOhYSUknQDWgPhFGPG9EJdJ/PhZtucthr9GMrtGCGvh2IkMUeDn0ojgBe9jMml+7rbJPtV6mS4d+5/c8rY2+cwzdq41TSalhAPvqOqhwLWcroPb9oAjTqJg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287842; bh=0jrYtMXg4/4YNgqXNZZvmk9RMHekkEnkH/tJ3TqE0VM=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GdbLGjilScaJXTlb4luajgqpeb1BADekqI9f2yxV4d0rOOLsYeo6eCKd1jcUAUaEhX0SQAztL3jbe5eQZMPP9cXHLDgP7k5UQJsZxYbGbvWjVBlNiwc1PZGFGYLagGIqHr9jBlSZ/4nkqzynaZeXXVQpRGfR3B88gpwEZ1m2exChth+EZXrFDG8ZaCsFuKLjCgsLZ27JU5rffeEOckpI1ONOL0nRBFyK3jP4hPvAcW+JzDEIRP0knK99DQO2eC84ve+2xRDP+EPuMBcaf7AqTeKwQnJ5NNAu6SRrTZUlwhVAsskBMUxL3wj9qgVKG/uj/Ap5zj+pLIYO24XEBKl3iw== X-YMail-OSG: uMvvBhkVM1l9CqDFt_siogaXJEJCbXI5xVoVfZiIvQU9MQsprK763qnVXBtNJ0M 71dimb6Xdjb9Nr81.c2WGMpF7qDVGl7qzkX6GRlsU3qrzZt7jypoWt9.9zzRkUTkos8cij8ggbLe hAt0pC2A8d78CccWK_s7pJXgr6iELWgVsSQazP3sJ8kErX5KADC1rumIMBayqek9ZQJV6Dr6C4lk QUJ53EoJltUDDIc.4dbKpn6groFvq4e4atcjgPdazS.AqAXBMmBsXCfRrzcRAN6x0bhRLeCy_3C9 M6lOY3u3y.Q2QCcHCm1RD44i6QxGppZTFT35uW1.DVBBYTSwOZHVj7alS6wTydAYe6j.JlKXSXs3 FlMzTXuFUCm3bFiTNUV5N7kpdQjGYRdZolos5cAomdMAREF72xzFJ.V3l5Wz_ILHDjmvtOrdS_BF L9YsoH1Bj7_IkJqW6j1jasjVKiTF5TLbSU5jCvnhSZnljH1qWET_rdsxxamrArPqVd_c7DN7XbiA .EtByxKjG6JeCv1ZC6Rm6c3KryanFS1lz8L2_jrSFFlpyX_AQgMN5d9WqPeDijy3170fbaHzkToh GCGrcCejy563.FT.iMsfmhBrYBDrRfqv2MwEj1omeJkZZ5.x3ysuldSp6V0DeRWMqoRAqAW7zbO_ OCNeAAp6JIHGJgNpOcftSnxGuw_SbC7Fo1ipYCmFaaWRa5cypaCilnT9vL6uWr2Tp2HxYL_WAvJU L5dzQ1MjvBdYAvnw2slPmD5HCeEgko0TBPzLR6CsfblDNVfEjW7C9N.Drsx_BEuT3dH.SXEZnSZ6 l5yGDCGZomXI7WbdLjkggQAc8jcivPu6YFXwbAQOczI5HfxuSDBjfrh7C27P0QgXXhufBRDjMGzU S6PuelaF9pgOZdunPIlksfUDbs.wFyTYefElBlF_W1d57tpS9KgvWxI76ZWUexVvnvzQ.vVdX1s7 RRvsWQ2amn42aHrm5P2X329O6cpWQ1Yw5cFmsScTDgPth9ixc05LgwTPX.WaTT7sS7GamR4f8X3p _Aa9JNpNFzegUAdWp9aa4FJSMc66GdkHtDbVighDnEPQG4_IbvXhH5wSnd4F27cnwvInwpQT7ViI oV9.X6Hy.NnYKOvfvrqTw5ySoPXgJ5Kuu7w0qNCAIrCR6zZi.69CVl3uIlCP1nUOHusXm7MkYf4A dwlrVer7yBAyGnfz.yCBDFIxEA9uF_bf9pe1gGRS51.m.UthkggllBfUaR_Vye8GXC2fbeUcwhS3 3BcM.NyTQZD4HyPWkuhjO3Vn_1VIdci9jBgxCDq0ndmQ5c_cBzjIqUvzh1uuKKe4Ce5qcsd1I60T FHXdnd0d158R20OWlkrYDingk0SktT1jpw160pWVGZM2w0sHVt7XSXHI1sJkXf29RxSmC4tsPVWL EeruGWxjpEPwOH9PVGDY0nlSpDyV4CWhUj7k4LbHz0xaabcykAZmBpkMMJUqoI7ywjGot9lHDYWP T_qsZU.I8n4xauCTp8AJRaB1BZ3rjiU0j_dWuQsMLP54eCEKLWloOoxhLWUUOpLP_cLKa5dS0CV. iUNPyEc3YnpXZv0luS_6Ar2VH5UE3h15HPSH4k7fYhk1nmkNwR09ynPrTnMc2PwduSzBg0J7Kfz2 Im5NbFBK1Z76wBTr75TTl_B5baHbPkXrqF4aXcN9wOCqt22sh646VILrcnYTqb2n0jF2DN3ZpHOv ZWiE.SpCS1JtQbQbH4E3lIbnSqB5ot6NN8LU5ckHDuwUGhhzK.4e8_W.gtADQX_lJgt.8YMrdWtp 0MrWpnTiRbcjzKhsL2hiZ7Xf_CJn6CVqIpWFxVxAOaPU88yl1P.bumTXiZb4_ocVJ6SWLr1HqC9n 2ZjDdBPeVoPpdIfKBLHUza8C9l1G6Qt5gJ47HZOvJ3awMu3lflFyq3BbgaBFWAHmLLFVJIQ29Y5i WhLaGDNq1874a9IN_BWZF6f1kpVhLGWF5cZkS_k02SMP_3Fq.lX0yoyS7s9hpyLyj6nmotEt.GvV GDz0Rm1rhEVCkpfVmGYEe2nMh_GukiJj4Ne12qKYMyLdJFVfEFvrpylWsxdSNjRruXDp.mdsNNfb JcodjSjbFP1tGEYiQJawm79M9T80ksu5ht3tAX3pPZ8qH9yMX_WVdOuDWpVtX_IKTo8wKO_eGTFg Vj6sZcE.7y.kuTS8M28XMIZJD1wAqnF9fAOmcqBN0aL.7Z8HG3aKI8jTzNF12xgK7Vo5V3RQXyQX MG5BTfnHAXuCI4TcY8oFfeRxMF1wo1dKaQYFF2W70duBj X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:10:42 +0000 Received: by hermes--production-ne1-7b69748c4d-drrwg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d39a5b2fbd300476a1ee2f5b9fcd175a; Mon, 09 Jan 2023 18:10:40 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 7/8] LSM: wireup Linux Security Module syscalls Date: Mon, 9 Jan 2023 10:07:16 -0800 Message-Id: <20230109180717.58855-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Wireup lsm_get_self_attr, lsm_set_self_attr and lsm_module_list system calls. Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Acked-by: Geert Uytterhoeven [m68k] --- arch/alpha/kernel/syscalls/syscall.tbl | 3 +++ arch/arm/tools/syscall.tbl | 3 +++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 ++++++ arch/ia64/kernel/syscalls/syscall.tbl | 3 +++ arch/m68k/kernel/syscalls/syscall.tbl | 3 +++ arch/microblaze/kernel/syscalls/syscall.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n32.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n64.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_o32.tbl | 3 +++ arch/parisc/kernel/syscalls/syscall.tbl | 3 +++ arch/powerpc/kernel/syscalls/syscall.tbl | 3 +++ arch/s390/kernel/syscalls/syscall.tbl | 3 +++ arch/sh/kernel/syscalls/syscall.tbl | 3 +++ arch/sparc/kernel/syscalls/syscall.tbl | 3 +++ arch/x86/entry/syscalls/syscall_32.tbl | 3 +++ arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ arch/xtensa/kernel/syscalls/syscall.tbl | 3 +++ include/uapi/asm-generic/unistd.h | 11 ++++++++++- tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl | 3 +++ tools/perf/arch/powerpc/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/s390/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ 23 files changed, 77 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 8ebacf37a8cf..002e6a39fcb1 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -490,3 +490,6 @@ 558 common process_mrelease sys_process_mrelease 559 common futex_waitv sys_futex_waitv 560 common set_mempolicy_home_node sys_ni_syscall +561 common lsm_get_self_attr sys_lsm_get_self_attr +562 common lsm_module_list sys_lsm_module_list +563 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index ac964612d8b0..dca80a2d3927 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -464,3 +464,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index 037feba03a51..6a28fb91b85d 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -39,7 +39,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 451 +#define __NR_compat_syscalls 454 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 604a2053d006..cb4b3149024d 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -907,6 +907,12 @@ __SYSCALL(__NR_process_mrelease, sys_process_mrelease) __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_module_list 452 +__SYSCALL(__NR_lsm_module_list, sys_module_list) +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 72c929d9902b..1a5d560a1317 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -371,3 +371,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index b1f3940bc298..0b7b01c90315 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -450,3 +450,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index 820145e47350..b69d57014c7b 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -456,3 +456,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 253ff994ed2e..7c1ca6241b90 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -389,3 +389,6 @@ 448 n32 process_mrelease sys_process_mrelease 449 n32 futex_waitv sys_futex_waitv 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 n32 lsm_get_self_attr sys_lsm_get_self_attr +452 n32 lsm_module_list sys_lsm_module_list +453 n32 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 3f1886ad9d80..99453966d179 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_module_list sys_lsm_module_list +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 8f243e35a7b2..4ddb0ff66793 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -438,3 +438,6 @@ 448 o32 process_mrelease sys_process_mrelease 449 o32 futex_waitv sys_futex_waitv 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 o32 lsm_get_self_attr sys_lsm_get_self_attr +452 o32 lsm_module_list sys_lsm_module_list +453 032 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 0e42fceb2d5e..5ab1a5b22d8e 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -448,3 +448,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index a0be127475b1..8d31bb83d6a2 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 799147658dee..bb7597be2e4f 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 2de85c977f54..43d468742916 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4398cc6fb68d..c7791c7bdde4 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -496,3 +496,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 320480a8db4f..4f2e6577466e 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -455,3 +455,6 @@ 448 i386 process_mrelease sys_process_mrelease 449 i386 futex_waitv sys_futex_waitv 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node +451 i386 lsm_get_self_attr sys_lsm_get_self_attr +452 i386 lsm_module_list sys_lsm_module_list +453 i386 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..3a7866f72042 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index 52c94ab5c205..e0a5b61c1f1a 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -421,3 +421,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 45fa180cc56a..3659b2b02f5a 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -886,8 +886,17 @@ __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) + +#define __NR_lsm_module_list 452 +__SYSCALL(__NR_lsm_module_list, sys_lsm_module_list) + +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) + #undef __NR_syscalls -#define __NR_syscalls 451 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl index 3f1886ad9d80..99453966d179 100644 --- a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl +++ b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_module_list sys_lsm_module_list +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl index a0be127475b1..8d31bb83d6a2 100644 --- a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/s390/entry/syscalls/syscall.tbl b/tools/perf/arch/s390/entry/syscalls/syscall.tbl index 799147658dee..d69bd5550b46 100644 --- a/tools/perf/arch/s390/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/s390/entry/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..3a7866f72042 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_module_list sys_lsm_module_list +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently From patchwork Mon Jan 9 18:07:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13094064 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DED47C6379F for ; Mon, 9 Jan 2023 18:14:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237380AbjAISOD (ORCPT ); Mon, 9 Jan 2023 13:14:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237475AbjAISNZ (ORCPT ); Mon, 9 Jan 2023 13:13:25 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F35D71897 for ; Mon, 9 Jan 2023 10:10:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287847; bh=/CPQwIiVPG+O07TrKdR4dko7mVUFYRMPu2SUKw/z1i4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Yizy/+qZBk4xwdPahU+oUY+7mxnQTg6/aqoddKxB7d8KcKmojoN8gnk+msBF+8cOSyIRoZo58yyvKEaPZ3ZQZYKAHwFS3oFkki/yTnd74WUc/W6bVfLQK63FloHXquuKmwJukrYjTvEbze1/F2tYAkGAgIieh6D2zaRlmvRP8qZrcIEB+/TvtcUJWTzWKOZuuNqVvIq+8hpvQrL3ZB7cRbJRRFncev27MNghNpTBj2QbslfwH8pc9cqZW5g291fvAH8Pkz98mIVb1njQnR/Bqudz7gzCuT9EvHsWAuQdk83jW2Y/KQmLi4FtLXu2vERVXvraK/gp/0R1Y5qZqkgqYg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1673287847; bh=B8SuZRB2x0AMSJ9EomN71A3gBMTTjA+HEEGhooHeTw3=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=doihuBPw/+f2RFnp+HC2E7SG4ZSIYqEcZSd6NlnNn3IBTuqJs0flWJuQbIiKpmZh0bfrXWFYQFDCWiiWoMsjnnyEVVGJVYMywze9UBaRU+2+arYdOExUfKqminXgfZQdRcif/PN+01nIeW7VuRiuCbEEtZzXiY1IUrmVleH0z2/lvST9iw70MajsQn3fZVBTSgNaqBuo4wYtWZbT9a5JAdVRQjJoOdA0ktjfrLpfi++b8ksuzSAEp0lmNdzodQ7hZxHHQcYiZH9RWPNcmdQTKwtUzDZxwKE/m5/R4bs8MXy+ApdJTFIyeVk+Ngc00iEd1grIsdn4hOEj5vcsip4Mxw== X-YMail-OSG: LfU4ykcVM1l9b4dzjvGWQnvXNC5JPdC.B210A_aul.BRusogdn4TTX0ZSPSnfRW n3MzRvRM7MvsrZi4LzGq4.GE0L2muVDQrCP_CLhOUBsepm8EfRz1UVUNiBHpywSeLsEyqhZ6KOtd cETziSk3BGYJ5lA1v1GLCkUwfbEulN5beM1prvpEmQvNnflGdOP0j2GKtPMdjQnRhL3CdF5D6L1z kDJmvnvqfrqnOV.dcWsPZUs0009u82I1wimHniFZZdSkijuHubcwB0mghwFoWAZ.IYt9kvFKpMVi AdYTOIfcz_1RlqdLAzz0jmj67ReZY8YFJt0clnnPgPsYl86yAU6_UbpPrqIyFN4hv.7ap4nPurjP 0nM7lrrtUANeSteIDvgVQBl5Lyg7NaGKveMH.Qy5iRwWzmV3StdSEfUK3VIT_CdogY0jnwQZDED. xSDhbgB1QK22hsUKKLQ6rI2t5fManko.pyV_5IKhaqy9NOJCb0heyb4hdupAfGJWrxWCaYcQ5u7h sjo.slRyrbvLzw4qjjS2owhSZU80w7ZD6734FuNvPCtrRMQW2w9aSVQd2sxJkDflMh0AcYO0_aqZ f3rqSsBejcLqqhCvTsQN9woxO97FRSwy.JrhKeWQa8af29gnOC3jaRApP0iI3k5iHDoRDDR71_EP nxtgfStUQ4xWmtTsvBxMuUEtrVyMOsqiW1wmndNEFOBZC2cPREAJRx1Q8PJKngTZz19LW7jA.quG gb5z3dGttggfyfKYgb75EtkzUXNuA2DelKO_.OWwfVndjWjeooLGesMzS1o1es0g8aIpP_I47YLN VxQ.FDk1rteqDEoLyzc7gieMIt7mbUAGctW64XmFb3_Azi6oVCU.A1ZdTrJD_kUQt7ffkvZ6Yfto pn1W73HU8F9g9Vu3n9MQZEAUEIsZN_GC3mn3SC0P9J1XHq2NVYo4CNv9f.d1iOeYYyozY8482ahJ I0gi0Qt.Nz523D1tG1IBmNhQuVkO_c6lEGFS1KCPffyrxr0vsHAKD1SUNMqL6EiMQvOTNHcGfwNB Ducbf.AgAmtg3Cea5q6HMfndtYjIWDgY2OwJV4R0FIwbsL09TrDXBYHflTf6RuB32GvKhP9SY0XT upwQz..M3lmZhZyvcXpdg2.zcxlS.Hv5_bOke9ZTiWsDZ2es2Z9R7zhWb7UqA7z9qOFdC0IIataN QTXZPD3B4ofNsCAv95sp9GeMf1RZkiXPmgtm4_kRDfmZ6A3B9ZdGZX90eFZQ4Nh.jwioib6TVqpN iNMZTJQxFWEwXtCxBTDMRnS35_dvnWfjlr6FMXj_d5.JDdL8HTXXTerIWYvXj2r03DYXSWeWXjMm _nYRolFhEMCUIgeySFO7Gi3PBOBgIkoobPE4cL4ej2ZckRfVZkVENnEsX.hjVBOU1aDIolrieA_O 1_7InO5QHTHcFSXQkzWaJenD0srQLNE5QrxO4pbHKfp_SfKi9efIsNX_Zxi_HBzp745e0FFHlNnE fxgHWpBBDmtBS.XBCKzYLID5JruBetG_iyuFTxbHjnwS9zgzzfESKJxUp3R1ud8rWL7bUNL5xRTE G_NwT0xlTMRdf7OhJMP9J_XjYUPxB6xff9HiFUOAvHgegKC2fytf0G3SQMCEXYyJ4XPAj7mVIqXz gdgkKLSA9BAbYj_GrQLKjNSJO3FPZkZAg.18BJ9iiHSjo2NvO3g0thst8gUOgfkNIhNcClVw8PP4 C6kImHMkLqOoOmNccIdr1Ak_uZIvfmoo7_NOd6OCQBE5cOJ1aOrW1fdKd2UWZW.ZzywCu923SDuE dTWTruE.AMnpRfOjiXnPRgMeFBX5upvuLHZKHcxTD5MADmtZ3RqtnpXt0ta6NqWhRWzC68PZwNHQ pBxchguQ4rkdeP1aiO_0BDRvTqWgRZOxQz8DUA2Broq47mPvSVjgO4sAUIO0VDal691oo46YRk1b l3ZKy3nAMaY14tnukjqxKkvAG1z9jCPekfhKnNIhQzLHhAYekyYOuiBG7VwomwdxC4zwh5Sforek 4Pae3g4_GmedRGEn1uRVylI2Di0z7W0sIbwF54U4dtoeN8LmM__P6xDf5CXq4FD6e8a4GP122UXj 284jAoTwtrMiGRxjuvk59Lh9CqLsekjOx_wR_5utc8.d__xcfhGl3C4RI4dOMrWXc0mXX_XXEBIC I22P28b39YOljKpHY.k0kDn3ez_HB9hUul12P7vVejdq2zTnZbxxxNI54KiMKEzTwEdQQUn7WXHz 0.lsiKZo89thJ3skQ5Hnfk1Y9ffBTybA7Ze4XDJrUz.4- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Mon, 9 Jan 2023 18:10:47 +0000 Received: by hermes--production-ne1-7b69748c4d-drrwg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d39a5b2fbd300476a1ee2f5b9fcd175a; Mon, 09 Jan 2023 18:10:41 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v5 8/8] LSM: selftests for Linux Security Module syscalls Date: Mon, 9 Jan 2023 10:07:17 -0800 Message-Id: <20230109180717.58855-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230109180717.58855-1-casey@schaufler-ca.com> References: <20230109180717.58855-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add selftests for the three system calls supporting the LSM infrastructure. Signed-off-by: Casey Schaufler --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/lsm/Makefile | 12 + tools/testing/selftests/lsm/config | 2 + .../selftests/lsm/lsm_get_self_attr_test.c | 268 ++++++++++++++ .../selftests/lsm/lsm_module_list_test.c | 149 ++++++++ .../selftests/lsm/lsm_set_self_attr_test.c | 328 ++++++++++++++++++ 6 files changed, 760 insertions(+) create mode 100644 tools/testing/selftests/lsm/Makefile create mode 100644 tools/testing/selftests/lsm/config create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c create mode 100644 tools/testing/selftests/lsm/lsm_module_list_test.c create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 41b649452560..ea58c5018529 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -37,6 +37,7 @@ TARGETS += landlock TARGETS += lib TARGETS += livepatch TARGETS += lkdtm +TARGETS += lsm TARGETS += membarrier TARGETS += memfd TARGETS += memory-hotplug diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile new file mode 100644 index 000000000000..d567ea9756ea --- /dev/null +++ b/tools/testing/selftests/lsm/Makefile @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# First run: make -C ../../../.. headers_install + +CFLAGS += -Wall -O2 $(KHDR_INCLUDES) + +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_module_list_test \ + lsm_set_self_attr_test + +include ../lib.mk + +$(TEST_GEN_PROGS): diff --git a/tools/testing/selftests/lsm/config b/tools/testing/selftests/lsm/config new file mode 100644 index 000000000000..afb887715f64 --- /dev/null +++ b/tools/testing/selftests/lsm/config @@ -0,0 +1,2 @@ +CONFIG_SYSFS=y +CONFIG_SECURITY=y diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c new file mode 100644 index 000000000000..6f7f72c25cda --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c @@ -0,0 +1,268 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_get_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +#define PROCATTR "/proc/self/attr/" + +static int read_proc_attr(const char *attr, char *value, __kernel_size_t size) +{ + FILE *fp; + int len; + char *path; + + len = strlen(PROCATTR) + strlen(attr) + 1; + path = calloc(len, 1); + if (path == NULL) + return -1; + sprintf(path, "%s%s", PROCATTR, attr); + + fp = fopen(path, "r"); + free(path); + + if (fp == NULL) + return -1; + if (fread(value, 1, size, fp) <= 0) + return -1; + fclose(fp); + + path = strchr(value, '\n'); + if (path) + *path = '\0'; + + return 0; +} + +static struct lsm_ctx *next_ctx(struct lsm_ctx *ctxp) +{ + void *vp; + + vp = (void *)ctxp + sizeof(*ctxp) + ctxp->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(size_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, NULL, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); + + free(ctx); +} + +TEST(ctx_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, NULL, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(ERANGE, errno); + ASSERT_NE(1, size); + + free(ctx); +} + +TEST(flags_zero_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, 0)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(flags_overset_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT | LSM_ATTR_PREV)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(basic_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx = NULL; + __u32 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + cnt_current++; + break; + case LSM_ID_APPARMOR: + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("current", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_exec) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_EXEC); + ASSERT_GE(cnt_exec, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("exec", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_fscreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_FSCREATE); + ASSERT_GE(cnt_fscreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("fscreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_keycreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_KEYCREATE); + ASSERT_GE(cnt_keycreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("keycreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_prev) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_PREV); + ASSERT_GE(cnt_prev, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("prev", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + } + if (cnt_sockcreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_SOCKCREATE); + ASSERT_GE(cnt_sockcreate, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("sockcreate", attr, + page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_module_list_test.c b/tools/testing/selftests/lsm/lsm_module_list_test.c new file mode 100644 index 000000000000..c5675598b2a4 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_module_list_test.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_module_list system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static int read_sysfs_lsms(char *lsms, __kernel_size_t size) +{ + FILE *fp; + + fp = fopen("/sys/kernel/security/lsm", "r"); + if (fp == NULL) + return -1; + if (fread(lsms, 1, size, fp) <= 0) + return -1; + fclose(fp); + return 0; +} + +TEST(size_null_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, NULL, 0)); + ASSERT_EQ(EFAULT, errno); + + free(syscall_lsms); +} + +TEST(ids_null_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, NULL, &size, 0)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(syscall_lsms); +} + +TEST(flags_set_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_module_list, syscall_lsms, &size, 7)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(syscall_lsms); +} + +TEST(correct_lsm_module_list) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + __u32 *syscall_lsms = calloc(page_size, 1); + char *sysfs_lsms = calloc(page_size, 1); + char *name; + char *cp; + int count; + int i; + + ASSERT_NE(NULL, sysfs_lsms); + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size)); + + count = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, count); + cp = sysfs_lsms; + for (i = 0; i < count; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_CAPABILITY: + name = "capability"; + break; + case LSM_ID_SELINUX: + name = "selinux"; + break; + case LSM_ID_SMACK: + name = "smack"; + break; + case LSM_ID_TOMOYO: + name = "tomoyo"; + break; + case LSM_ID_IMA: + name = "ima"; + break; + case LSM_ID_APPARMOR: + name = "apparmor"; + break; + case LSM_ID_YAMA: + name = "yama"; + break; + case LSM_ID_LOADPIN: + name = "loadpin"; + break; + case LSM_ID_SAFESETID: + name = "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name = "lockdown"; + break; + case LSM_ID_BPF: + name = "bpf"; + break; + case LSM_ID_LANDLOCK: + name = "landlock"; + break; + default: + name = "INVALID"; + break; + } + ASSERT_EQ(0, strncmp(cp, name, strlen(name))); + cp += strlen(name) + 1; + } + + free(sysfs_lsms); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_set_self_attr_test.c b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c new file mode 100644 index 000000000000..86f8a5952471 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c @@ -0,0 +1,328 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_set_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static struct lsm_ctx *next_ctx(struct lsm_ctx *tctx) +{ + void *vp; + + vp = (void *)tctx + sizeof(*tctx) + tctx->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(ctx_null_lsm_set_self_attr) +{ + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, NULL, _SC_PAGESIZE, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EFAULT, errno); +} + +TEST(size_too_small_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, ctx, 1, + LSM_ATTR_CURRENT)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(flags_zero_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, ctx, size, 0)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(flags_overset_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + struct lsm_ctx *tctx = (struct lsm_ctx *)ctx; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, tctx, &size, + LSM_ATTR_CURRENT)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT | LSM_ATTR_PREV)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(basic_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx; + __u32 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + bool active_apparmor = false; + bool active_selinux = false; + bool active_smack = false; + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int rc; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_module_list, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + active_selinux = true; + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + active_smack = true; + cnt_current++; + break; + case LSM_ID_APPARMOR: + active_apparmor = true; + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_CURRENT); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(0, rc); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_SMACK: + ASSERT_EQ(active_smack, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_CURRENT); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + } + tctx = next_ctx(tctx); + } + } + if (cnt_exec) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_EXEC); + ASSERT_GE(cnt_exec, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(0, rc); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_EXEC); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_prev) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_PREV); + ASSERT_GE(cnt_prev, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + case LSM_ID_APPARMOR: + ASSERT_EQ(active_apparmor, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_PREV); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EPERM, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_fscreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_FSCREATE); + ASSERT_GE(cnt_fscreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_FSCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_FSCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_keycreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_KEYCREATE); + ASSERT_GE(cnt_keycreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_KEYCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_KEYCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + if (cnt_sockcreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, ctx, &size, + LSM_ATTR_SOCKCREATE); + ASSERT_GE(cnt_sockcreate, count); + tctx = ctx; + + for (i = 0; i < count; i++) { + switch (tctx->id) { + case LSM_ID_SELINUX: + ASSERT_EQ(active_selinux, true); + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_SOCKCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + tctx->ctx[0] = 'X'; + rc = syscall(__NR_lsm_set_self_attr, tctx, size, + LSM_ATTR_SOCKCREATE); + ASSERT_EQ(-1, rc); + ASSERT_EQ(EINVAL, errno); + break; + default: + break; + } + tctx = next_ctx(tctx); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN