From patchwork Fri Apr 21 17:42:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220547 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CB78C77B76 for ; Fri, 21 Apr 2023 17:43:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232163AbjDURns (ORCPT ); Fri, 21 Apr 2023 13:43:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230076AbjDURn3 (ORCPT ); Fri, 21 Apr 2023 13:43:29 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77EE0AF04 for ; Fri, 21 Apr 2023 10:43:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682098990; bh=BYfikLb18NQR+rWXTCieZBcf3vC3cnGV++dNCBthfBA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Uvmc309hOb2xxRIcGJeI00ZHuWSsQhh5R0HShqAqpg+FhfGCsNkfliob1yigXDoNsMtYrqjB+wOoM6DiZL7HQkNEgqLVc1JIYWTBTdIclfFfJC9abY7Kj7QLMDB0xON7eUd5RlJqKpRVATp+fDKmHsVaXrkU/QUuOiyF8tXjcDraRTabxyjsEB0j9yP+ffiHEXbG2HKmDE70+5viFA0v+2pfi+C6gsHmkcKistKi99XtbhmLv8ORO4gY149V3WgBM4sHaCAxuneh+vzOhqPeFdnIRh4P87SzwKb6Po3BqKHnx6n0UFDdPEX9py/1QRt6iKvzhF/JGRFbjsXzKbSAIw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682098990; bh=Nk6M6tXVv21ptB3MClSI/aal0l4IleKwcIPexk/fYG8=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=nKWLGwoPdfdmGkjTdyokvccv6wEQw7KvO4iqscKm+KZ3q8zWC373+fUqqs2OZWPPShWyIMFe4cVDSSefp9IKIAmRsxaX0fvlLSRUr45bFqdlkIomKQTlyBL8x2D0QLoX5iEm5I7bJehhQp3UMpc0gAWnrdJNczJ28stLEk7CPGV40/C0k3ecjEuh86rpDK5WycMblfBW1LzLAb1+v5LFX1uXpMzuBDbjOjXjdDpahxZl3L+fIwO42miqEBD7RQcSklV1p30C9r+8TKg3Dq+1OQAUiC5vN6hI7/pkyFve1sni4oUjCyzzOosdM6gSqDRRI2g0KSkfXhojAG6DSciDWg== X-YMail-OSG: TsZl84YVM1loSVH_AdCLEDy9lW7WionsTmjo9qI8aZBF3yYPWf0Lhcx_rIYbyJ6 rZDdPpL3BvV75u3q0xZCuu2tevUbb_A0uxGYIk5fwcYLEB8g2bOdscEqnyvbXQLgU0Ver.1H8QCa dplXey43b_nu9UDZ.I496tfFPuhV6WHAW3n9vkCkBmeKiI.7qEaaPaZtpqy0hQqgP7M3QJrR7vVy 1.d7iqG6WFcW_jhVvNt3DfkivE246sBiC3nantECz8pup7TK8WAPvcXoBzh9uvLGZlzqlDHTPXtq RMjuXlIccp6iS0iTDx67FZV.EJO1zIbq4yFNmoVnF5jJ7JiqVimloFIK_DyPwncsx8Z6d1MM.x5J oLmPcmXx3ijwDHAaRj.xfSIF32sO3Bxv2xdovRX.8UwJAJDOjYgbIvhbxvcKR884WV9p8PTzsJdK UkW3oehE5eJRTr8hN0Dm2AYXNG2Qvyol7T0UigS10fIU4GRRBpKOeimcGLkRjRLOjAx14tI6zVjn sC6GRu5Tf2jEPaGrYSE5dxU9wuvR12RBESqsQ2AB5vy0YG.kbETlm9HhCTVJ8v.UO89H1X3qdDW9 O6f2kPsKF9IfiT9V2NS0npJeP2YQdnSPuPp26G.DxddVEPeRKuKFJoC.yIs1Hgcy8NENtJqvkCrb gKnW3Uszaeq16BJbTAQ4KQkItApmn3Z1dSk0oAFEU89.nVswDOezPqn6qJ43JS_VAAmSSjQwkuR5 cZbxN2kFPoQBN8qUD_8hgVszYmsQZuX24iy6BjTfMUCtysuhnTMP2aOu0uuK9uK_kfEgsK5yB5cA J566SDjlDq3JtoJKV8FcU0lmXk43pK4nlnRWPdnOUbKnH4JGb7bu34qgJYl0iM5bNmlR7MEmDYa2 .2TnvuEDjvHJoFA3pIt15tO0D0zaedv45pSiMBoXgkJWNQimJqc178ArCGMrbQIr9vPyMklVc7Hi 5aVTrSxxE09tD11WV0I_smc23zZKxsfMv4y5dsUQz5ZF.BP7EwDPh.6yQP8weYtaosSdYLtWCt9J hnnx_xvg6dcKvTZa7VVX8FsAqOJUCGFsHb_QRTYvyXsxkfjN78NmHhj6MLLGJGMmjE5Hh3rfkuRo JA4VrPusTnNuYSxdjOe_xPZc5tPTtISv1azUCUubrj.DBn3ltFqUvLCpbzwmeHEKn0WqFfQzCDaO xcfIxfBHPZ8qgp6mvorZzHtLa4ChiIWnIRF9NOPHhLRwK2C1GDh8eve0kITpN8Kw8iCWSbF6DJ7U KAEBcei5d1tInslW5Io.niIVeK0yKJ3GJCjOXbxthgc2YjxzkbDnyCZHanh2y80ziZKBZmpmSvM_ 4X6Hkxrex39diaOisZNrzt.5e0x.W9cYr94G3auUZjP0h.dlD0L_ggZW9CCxBEL7xrE1yjtxQc8b SfFH7ld2Yf.09NRgkW.B.0Zlxa8CDzQEzQHJ62TsshOIqqrzXn2aMunkbsmu7GN0CFMCJj34x7vk flwyZUXq0y5rpEwgHAw9qj5mmbT6cWqjc3T.VXFvAvQHRlL.GtfaMEIJ5s9c20Acg6NeDszY1nmb WBO59g3XG_ZIzisbdajxRRUZ2Zyq8njoKkstfwMLGzWhpcWOAWNhZ6PKCWfEIC1ixxSQpbAcMuyJ Qq8aXfGl1kxNfJJ.OVlGUaHK9tUfFl.vSjKrSofvS0i0WB8C8ns8nH8aDVQ9zDDk_Jj2KZjX9IDF fix6lQtJ6tkO9Pf3p5Ls1iSAjKsxYbg3udT2ap9JnqI66yfqDBuGml.dkMlj_2wVywQIb6R1ghOz AlEnXp527Nri.wLYsTdnL6RwNHWmsUvWBfoyIj2AKM3lfuuIMIPopfIwuIzwUhVOSR5tIp.F7CSh UcEyVhKr.ltTVwDpFKAR1jVGVSPJvyONf03euDkipyWXozWUnDAXLG5ytofMr8Qwe6hn7f.MmXG5 QjPj_AAY1Z2TiA2kO9tCXviX4JaN3JzBdeGBBYdpfKk2UzNuU1ydhSbQ61atQNHgrMpquWapTVg_ S7tLTFuTa7ZlnRgsZDf_S6wolFnejcZCnamPX.6i7NUf7bmnMyfvxO8dQmcebWkm766R1bISCfMQ QbDynvK2a3xT3kyHJ3NBU6EB_ZLRg0qY3VYN.3xyjQQ7vjVqcf8VTp_q7vQ9nXNIZ3vqhR5E5JkY mzc2iKmfao1YYiNJEMKQVx7o3SwgBzTYVsIwdWrTvxXylA6OyHEccAx_B5.Zj5ls0vwxmYcWAf9e Bbpt7l6IfF0tjjFwH3_UZlnmaLkYeiW5uBgpD1gyY9qSoch1iomWDgZPw0cP7lMsQrE7a9ab3D.x fozsx_5Ga1u__nIqWCm1f X-Sonic-MF: X-Sonic-ID: 418cfb48-60d3-43c3-8ead-da5f28244384 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:43:10 +0000 Received: by hermes--production-gq1-546798879c-qx24x (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 347f67eb1ff988d02ff1c10aa50548d0; Fri, 21 Apr 2023 17:43:05 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 01/11] LSM: Identify modules by more than name Date: Fri, 21 Apr 2023 10:42:49 -0700 Message-Id: <20230421174259.2458-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains the name of the module, an identifier associated with the security module and an integer member "attrs" which identifies the API related data associated with each security module. The initial set of features maps to information that has traditionaly been available in /proc/self/attr. They are documented in a new userspace-api file. Change the security_add_hooks() interface to use this structure. Change the individual modules to maintain their own struct lsm_id and pass it to security_add_hooks(). The values are for LSM identifiers are defined in a new UAPI header file linux/lsm.h. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. This is an arbitrary convention for assigning the values, but none better presents itself. The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. This may include attributes of the LSM infrastructure itself, possibly related to namespacing or network attribute management. A special range is identified for such attributes to help reduce confusion for developers unfamiliar with LSMs. LSM attribute values are defined for the attributes presented by modules that are available today. As with the LSM IDs, The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. Signed-off-by: Casey Schaufler Cc: linux-security-module Reviewed-by: Kees Cook --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++ MAINTAINERS | 1 + include/linux/lsm_hooks.h | 16 +++++++- include/uapi/linux/lsm.h | 54 ++++++++++++++++++++++++++ security/apparmor/lsm.c | 8 +++- security/bpf/hooks.c | 9 ++++- security/commoncap.c | 8 +++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 ++++- security/lockdown/lockdown.c | 8 +++- security/safesetid/lsm.c | 9 ++++- security/security.c | 12 +++--- security/selinux/hooks.c | 9 ++++- security/smack/smack_lsm.c | 8 +++- security/tomoyo/tomoyo.c | 9 ++++- security/yama/yama_lsm.c | 8 +++- 21 files changed, 216 insertions(+), 21 deletions(-) create mode 100644 Documentation/userspace-api/lsm.rst create mode 100644 include/uapi/linux/lsm.h diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index f16337bdb852..54c0f54cde89 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -31,6 +31,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + lsm .. only:: subproject and html diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst new file mode 100644 index 000000000000..6ddf5506110b --- /dev/null +++ b/Documentation/userspace-api/lsm.rst @@ -0,0 +1,55 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. Copyright (C) 2022 Casey Schaufler +.. Copyright (C) 2022 Intel Corporation + +===================================== +Linux Security Modules +===================================== + +:Author: Casey Schaufler +:Date: November 2022 + +Linux security modules (LSM) provide a mechanism to implement +additional access controls to the Linux security policies. + +The various security modules may support any of these attributes: + +``LSM_ATTR_CURRENT`` is the current, active security context of the +process. +The proc filesystem provides this value in ``/proc/self/attr/current``. +This is supported by the SELinux, Smack and AppArmor security modules. +Smack also provides this value in ``/proc/self/attr/smack/current``. +AppArmor also provides this value in ``/proc/self/attr/apparmor/current``. + +``LSM_ATTR_EXEC`` is the security context of the process at the time the +current image was executed. +The proc filesystem provides this value in ``/proc/self/attr/exec``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``. + +``LSM_ATTR_FSCREATE`` is the security context of the process used when +creating file system objects. +The proc filesystem provides this value in ``/proc/self/attr/fscreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_KEYCREATE`` is the security context of the process used when +creating key objects. +The proc filesystem provides this value in ``/proc/self/attr/keycreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_PREV`` is the security context of the process at the time the +current security context was set. +The proc filesystem provides this value in ``/proc/self/attr/prev``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``. + +``LSM_ATTR_SOCKCREATE`` is the security context of the process used when +creating socket objects. +The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. +This is supported by the SELinux security module. + +Additional documentation +======================== + +* Documentation/security/lsm.rst +* Documentation/security/lsm-development.rst diff --git a/MAINTAINERS b/MAINTAINERS index 0e64787aace8..25d09f6eb3ef 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -18810,6 +18810,7 @@ S: Supported W: http://kernsec.org/ T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git F: security/ +F: include/uapi/linux/lsm.h X: security/selinux/ SELINUX SECURITY MODULE diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6e156d2acffc..8e6ba0a9896e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1665,6 +1665,18 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/** + * struct lsm_id - Identify a Linux Security Module. + * @lsm: name of the LSM, must be approved by the LSM maintainers + * @id: LSM ID number from uapi/linux/lsm.h + * + * Contains the information that identifies the LSM. + */ +struct lsm_id { + const u8 *lsm; + u64 id; +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1673,7 +1685,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1708,7 +1720,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h new file mode 100644 index 000000000000..f27c9a9cc376 --- /dev/null +++ b/include/uapi/linux/lsm.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linux Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID tokens to identify Linux Security Modules (LSMs) + * + * These token values are used to uniquely identify specific LSMs + * in the kernel as well as in the kernel's LSM userspace API. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ID_UNDEF 0 +#define LSM_ID_CAPABILITY 100 +#define LSM_ID_SELINUX 101 +#define LSM_ID_SMACK 102 +#define LSM_ID_TOMOYO 103 +#define LSM_ID_IMA 104 +#define LSM_ID_APPARMOR 105 +#define LSM_ID_YAMA 106 +#define LSM_ID_LOADPIN 107 +#define LSM_ID_SAFESETID 108 +#define LSM_ID_LOCKDOWN 109 +#define LSM_ID_BPF 110 +#define LSM_ID_LANDLOCK 111 + +/* + * LSM_ATTR_XXX definitions identify different LSM attributes + * which are used in the kernel's LSM userspace API. Support + * for these attributes vary across the different LSMs. None + * are required. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ATTR_UNDEF 0 +#define LSM_ATTR_CURRENT 100 +#define LSM_ATTR_EXEC 101 +#define LSM_ATTR_FSCREATE 102 +#define LSM_ATTR_KEYCREATE 103 +#define LSM_ATTR_PREV 104 +#define LSM_ATTR_SOCKCREATE 105 + +#endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index d6cc4812ca53..ce6ccb7e06ec 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "include/apparmor.h" #include "include/apparmorfs.h" @@ -1215,6 +1216,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .id = LSM_ID_APPARMOR, +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1910,7 +1916,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..5232c80be5b3 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -5,6 +5,7 @@ */ #include #include +#include static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ @@ -15,9 +16,15 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +static struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .id = LSM_ID_BPF, +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5bb7d1e96277..bbc0a210506a 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * If a non-root user executes a setuid-root binary in @@ -1440,6 +1441,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .id = LSM_ID_CAPABILITY, +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1464,7 +1470,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index ec6c37f04a19..2eb1d65f10d6 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index adcea0fe7e68..fa0e6e76991c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1307,5 +1307,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 4c5b9cd71286..eab35808f395 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 3f196d2ce4f9..9104133d04ca 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -8,6 +8,7 @@ #include #include +#include #include "common.h" #include "cred.h" @@ -24,6 +25,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index d73a281adf86..556d43e37177 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -20,6 +20,7 @@ #include #include #include +#include #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS" @@ -214,6 +215,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_check(NULL, (enum kernel_read_file_id) id); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .id = LSM_ID_LOADPIN, +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -265,7 +271,8 @@ static int __init loadpin_init(void) if (!register_sysctl_paths(loadpin_sysctl_path, loadpin_sysctl_table)) pr_notice("sysctl registration failed!\n"); #endif - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index a79b985e917e..e8c41a0caf7d 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -13,6 +13,7 @@ #include #include #include +#include static enum lockdown_reason kernel_locked_down; @@ -75,6 +76,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .id = LSM_ID_LOCKDOWN, +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +89,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..8d0742ba045d 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lsm.h" /* Flag indicating whether initialization completed */ @@ -261,6 +262,11 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .id = LSM_ID_SAFESETID, +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -271,7 +277,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index cf6cc576736f..58828a326024 100644 --- a/security/security.c +++ b/security/security.c @@ -504,17 +504,17 @@ static int lsm_append(const char *new, char **result) * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + struct lsm_id *lsmid) { int i; for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -523,7 +523,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2146,7 +2146,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2159,7 +2159,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9a5bdfc21314..9403aee75981 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -92,6 +92,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -7032,6 +7033,11 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .id = LSM_ID_SELINUX, +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7355,7 +7361,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cfcbb748da25..3cf862fcbe08 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4856,6 +4857,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .id = LSM_ID_SMACK, +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -5062,7 +5068,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index af04a7b7eb28..a4658fb5ef0e 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -6,6 +6,7 @@ */ #include +#include #include "common.h" /** @@ -542,6 +543,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .id = LSM_ID_TOMOYO, +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -595,7 +601,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..2487b8f847f3 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -18,6 +18,7 @@ #include #include #include +#include #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 @@ -421,6 +422,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .id = LSM_ID_YAMA, +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +483,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Fri Apr 21 17:42:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220548 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D071AC77B78 for ; Fri, 21 Apr 2023 17:43:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232197AbjDURnt (ORCPT ); Fri, 21 Apr 2023 13:43:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229916AbjDURnb (ORCPT ); Fri, 21 Apr 2023 13:43:31 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43393D329 for ; Fri, 21 Apr 2023 10:43:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682098993; bh=gX2htUbJVQu70tjeZK7/GhWqFSnOffI4/UYVqiCQJFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=R7ydlCEEx6CM7dtOXsam2JlaThsSHnX1rsFYPwXMd2cXlvyvlrzHqJxMrJA5VHWMZxNgKJqOWj/ZWZ1Z5bTGLBbXNeQi4EGoqxdgNOVo/Fjw3C/qRySXl+AcXIb6agwN2U64Vp+r7f/0Fhb+lXjlZXqpARyBV45391Pb3mOhrwezXq5j1b/YO18z/pLpN0bWZDwC3nRgYBfIdY0YTaW605vWK2YXgviBB8LJMsFDgznziXBvUm+6zoixviwRAt5qaOuTBrcY6wa8KgxkxpTmlGGG+KjHzvbHlYaK4oeRVaBOL+Td1EBtH9XMrTnJK4qIXgCYZIYRECH/9NH0PZQtDw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682098993; bh=9cegTpNC2DI5vxHFeL40UZn8stmDWZXeNUPOIOAGwOn=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WmZUAgb2e8B/oGLJBEebo7/NupAh4xnuRMIXXur69RRF+89YAwzORfzITZpBk79j2j96CYzqPi8uPxUbgbjLrPn3eU1a0WHSzhjgA0SNQP1k/gaZGNcbZUt9MQeRN4NMHTTWAd5NGqrBLztA/ToHA7PvlPeq7qiXmY2Pjp46QZ8P8Y8c4up6WqMai4rUA39FZDJqQGWTL4lqYnkDvVBWDtqN/U7LuTKz+6XCEkEH4Gz/jCl3zVp4G4nZlLGLg85vMPspmzKrQgn9RV6ZNUsB6mgTaIibiukocZMA2nguoULpnWPM0PSp/XV9THQWdIXeNrMssWkvbIj7L9fgJG/QrQ== X-YMail-OSG: SgK1QbEVM1n3WYrFxFBNheIT62hQIZOwNPxGaqJLWLTQYx6v3s3nx9PVI4n065D urVaxwx1XOJekMu1Gjo0gKCp0MX185yWvlHvKa466eVmR203r0WeHg63i2hI6e7zNkKR59Ntc_TM lEO9YUweY4u0p3JXRFYOgto9hYuuQl3tgM5qPbO2kqIQ1TUcWJ3gagzYLI7.gr7ggUy9nHffk0zJ TPxrJ1Bx1BQgM8CY_iieMjwylsHVunHOqKHBe6G8hdSA523MScHv3lVbQZY84zNlgdNGvOmu9ZXG pKjZGMgnoagiJqVHij.JEdGYcDt7JNtH.ZN17djx.5H0EzGDxloSq3SsMWB_5MOgCJxaCM8eB7eC mDUby6lOyBkpJF3V.bgIUwMx7oYNk980UH1YXKKCvWuEMeO9D5QpxQQtKM9Bj745rpI7bd3146nx 7S5A_K5_2DS_BMWSc.EGg7QNWz1IYCc8w5rKDkP8AFkfKdr0B9V2gs00YR2d_WCy2bysbKKyVGyd wm_fS26fahR_7GkMe9vYoA7Lgrml2AioSXLfDVWl3pUz4GekMpXbl3WyxZFWRYvdqZnqCjslEHh4 3hV04dlgj3x86iWEsmOJjOdCs.gysDdhdNNtgB0QNNmK9O_P4AnCfP_Pf8TWqXUwJT0L0fGnOIcs 5KyfusjjDaFQXS7l_AYDj64ytBbBouQdvRTMCsvAIsGgAZ_jybK.MVdSmUmMOJl7Mhve_atwdZRf Xf64kBIhPCqn6_rp4eKLSTX3BDCYscKvQN8hzrc6LBzO3Y7sd9_ojEOBatcMfedqe3ZX0yLiGv9P G5Q33st5JW8jtUCXUmbu33OnObgjLIuN2jm4azQLUbN1O0hUN27emN8_OOzqbdXMBtVe9LqGTF3x 6xNzVdhNNROjbxBY_2bYZINueWDSJzXW0ZkXLe_JeT0fzyDh2s5q3DbBKiZajdyC5tLvtT_3J2nZ JZUWxHjNRDCQa0I1wkgPwgCcuR0D5pVNdnp8BgBbeqpE4vJUTwul0EMalbZFE.0yCab1s1VDed6w bOJhErBhLnGMHnxdfMEOEC4WFKIhe_aBMW_psPsO26X.ptQGCMLks94CzkOetvzMYQS2EJtxWf3d ftxJF51WGyWJCoEBI1tuBIq_y6O7eO_LaNzIRM.Zxf8I8ers03GAcIAtTIZQPXjDB3cE0QtkRMNe p8axSUnQ_kRYr0WRRJxM4XLydDqriflE2z_L0VC6Tm.wTnzV16XtqzCWIVQ2GkTNcIAhoZ.mKH7E G78XhZ9473FFxRqiw9JUtkT5DPb3_QS7IK0XhRuFai_w_6npYoBw8DCNkQRVlU21lsLsdk355EDS XTuL_Kh3Px3gCCDCruspSOsR9SfFNVyShtMjXiLcUQ.6SWo2h2Cvqno3TGnKjPvXyIQeB7G40SlT P6fS9z0xDAuduLVM7v4Ic.F0K0cGU36CFOXtkQZ2.oOvnsU.Is5VROFToS360ZS.8DxcYsNG_lMe oZEtpZAw554w7V0kM_NFQcbnEM0tLiHdUnOy_varGYeX4lWgMGuzayd7LBV_znPcSH8jdTEPtHOd 6P1g4kGd6vQshlcC76t_B8hR2m1Bwu3dcSRSz4itZan8jdnDG0qKljpCp3WczyAfxeKtCUromfBq BJs9flvSGD5qh_DPNuq07Fb3KI5irKwrgEFDoZ4Rgd6vbNzTFyQdmtxn.FKiE00J0avv1oB7bYdl 5OTm8HmY_irDs8b83zMWw4Apw1yVRNU99BZoeKcL4G8L61aIeL4zeiE.Mku2boCTMR4WvM_1Df_v 6W3X2fR08WrbtdHQNOQWl3PLLrc1Eel8bsmUsHg55QmlkEwANzW9dYz3u5ziMZqdWybaGO7wSRsz ErW.LJVNDG2VA7attsiHuiSOFth7JfqFBZXyt6zS5fhIdtEj8XOC3UMcWjDGheWoj.01rRFF_or7 bHY_0MJBEFrW4yjFaMsp2IW6xy62gtgiOltxlCEmk9hSDcdvy7Lt4KiaZWcE0MLxtFftf2TSU0lT nLFpQQGt6UoAYkhfi21wQo5nxBlHcPvo3Uxoo1yMwkzMdFGlMrcHPI_ARcDy450KkGzb8V9YRJBM qFCb103hteWOyn9ZeWUzBqRRk0CXabMRdJWmtJQOszCPvrxI8QyvfjWkY4QRoq5A1vWoAOi2ZSdi z.Ork3H1OpzS14G7dWmmMmWQZOghOYi1IUYTg_9cjHsU6AbidCItWRwdaKY3rtWRxSQf2BlK2Jlo JI7qTACbssfI3V2ztTPQvw3iWq7B7hSO_b9ZMMoivMBgBvqXB9pQ2IIohp_M929nWQwo6bkq9nSX LeYGDs1P3Pa_VFYjQwA-- X-Sonic-MF: X-Sonic-ID: 8a8996cf-9b01-4390-b593-dc6e7ed6ad3f Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:43:13 +0000 Received: by hermes--production-gq1-546798879c-qx24x (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 347f67eb1ff988d02ff1c10aa50548d0; Fri, 21 Apr 2023 17:43:07 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 02/11] LSM: Maintain a table of LSM attribute data Date: Fri, 21 Apr 2023 10:42:50 -0700 Message-Id: <20230421174259.2458-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: As LSMs are registered add their lsm_id pointers to a table. This will be used later for attribute reporting. Determine the number of possible security modules based on their respective CONFIG options. This allows the number to be known at build time. This allows data structures and tables to use the constant. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- include/linux/security.h | 2 ++ security/security.c | 43 ++++++++++++++++++++++++++++++++-------- 2 files changed, 37 insertions(+), 8 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5984d0d550b4..e70fc863b04a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,8 @@ enum lockdown_reason { }; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +extern u32 lsm_active_cnt; +extern struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, diff --git a/security/security.c b/security/security.c index 58828a326024..3f98e5171176 100644 --- a/security/security.c +++ b/security/security.c @@ -28,12 +28,29 @@ #include #include #include +#include #include #define MAX_LSM_EVM_XATTR 2 -/* How many LSMs were built into the kernel? */ -#define LSM_COUNT (__end_lsm_info - __start_lsm_info) +/* + * How many LSMs are built into the kernel as determined at + * build time. Used to determine fixed array sizes. + * The capability module is accounted for by CONFIG_SECURITY + */ +#define LSM_COUNT ( \ + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) /* * These are descriptions of the reasons that can be passed to the @@ -90,7 +107,7 @@ static __initdata const char *chosen_major_lsm; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; /* Ordered list of LSMs to initialize. */ -static __initdata struct lsm_info **ordered_lsms; +static __initdata struct lsm_info *ordered_lsms[LSM_COUNT + 1]; static __initdata struct lsm_info *exclusive; static __initdata bool debug; @@ -341,13 +358,16 @@ static void __init report_lsm_order(void) pr_cont("\n"); } +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __lsm_ro_after_init; +struct lsm_id *lsm_idlist[LSM_COUNT] __lsm_ro_after_init; + static void __init ordered_lsm_init(void) { struct lsm_info **lsm; - ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), - GFP_KERNEL); - if (chosen_lsm_order) { if (chosen_major_lsm) { pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", @@ -387,8 +407,6 @@ static void __init ordered_lsm_init(void) lsm_early_task(current); for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); - - kfree(ordered_lsms); } int __init early_security_init(void) @@ -513,6 +531,15 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + if (lsm_active_cnt >= LSM_COUNT) + panic("%s Too many LSMs registered.\n", __func__); + /* + * A security module may call security_add_hooks() more + * than once. Landlock is one such case. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) + lsm_idlist[lsm_active_cnt++] = lsmid; + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); From patchwork Fri Apr 21 17:42:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220549 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CA39C77B76 for ; Fri, 21 Apr 2023 17:45:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233321AbjDURpB (ORCPT ); Fri, 21 Apr 2023 13:45:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232323AbjDURor (ORCPT ); Fri, 21 Apr 2023 13:44:47 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E33B211C for ; Fri, 21 Apr 2023 10:44:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099083; bh=K+a5p1KobxbILIuOL5gclfCciFK1XsNuzUGzThBlXOY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=TzLx+2VwDKcgiZxZu2YhzSHfC7y2FHlGiD/bmKkLhuKRbLciLUQw09zbZbgSRp3vznRx28qTksUPA1maaVBWP2KoVyY+iGPSYhS/jct33Uw6cdODG5Dp+TjbPiCGSqqgkw/LFCVBGwBTOVshHbDVUyn0ATCvQr4y2kyhMoe9Pv33fGGwoZ9d8k6FVwR7uw5EBQaSpvOCiJTjshi4tZMt9AFOWueqoYWbh07uLNGoiIIzmXJHk4yI92Ghyx6anqGpt2Ruxb7gU262HfJrkeoyMqToADruHXnBBQZ7chPJrIDFGsvPiEkm9Ux1k6toPnJ35CL1Q4xXbQDgoVHUOF7J/w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099083; bh=dziiuDH1EKGxkLx1DwY8kTjpNr6qwgQnuQAZRALIcbK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Irc5QAmWv2MbIYKElpWH8cWmHBXy3En0isaOYAr+o4VAGNStaUDbYiEnrRpryquo4CyzvE0OWvNYgkyjc7AgoI+ZSVYp0kmpH2Rv3R/MuFD1n2AvhW0NEZOEQfe8M1KDc3kiN2WcjFx3t4au+z2jwBJO/jNoOm6+1ptaUNs8geDFvIG5z0tiPwfbru+v25xsetMWpnIwBULiz7qvfTGAq9ye/wUhVUV5EBHBCOU6d26bnR0hm1uJH3qo/loxxUdGzwXJCgxhOeFrEfxqrn/pnuZmjSL8aEnFvsgrFM4jZZEiOKSxPbJixw3Jqa8hqM5Utdx9E60dvDqqK44xAXPxSQ== X-YMail-OSG: DnWr.awVM1knRbJ4yXrv237YmVQvndtwlaQBaAERlwsDZHILgn9SZvIA6jkJgm6 iVZfdbprCSId7_LlleTsz3HaIPmHUv1OhDiPunyweaJ0KIQ8bXbuPK.OTG3IgdrdMW3V0M347j9n o8.9uooh7lFqt0dLu8x2yfpTlxxP5MV23QbBCfdHhZBKZi5mM6WtSpiLVFSyl7B0.D6bt9QkSTye lD3FPMjVTjrLi22Ac8aLQYQomyWMWTWOFbybqpxLqncAi9BQMnHGmJ8K5O.HgV0156H_dPqEfoDL OSijCW.EVwldP5tdkwrB__mHo47P..jyFtxFaVLCTGHF8RAt96SxQAjd5U5zMS0CxSMEbS82Z0fY PI.v6CdORoGOBbKxyUFzaZM87ZfuumzYJKpWdxHwKPHBlSq0HRUAFLM0lHHbWD315IjheRCY2eCo AQjya93PZ7Qg_57GmV88_0DBDdj8iztwYctlDtRPruPErR_RCai.K1xtpGXW47DtWOETIbNR5IEP 9XNkz6luStPgc5ay4IFsR02MtszLSLsk6dsB0_muqROALr.oxWlSTmH9lKU_pWnRF8Ht8yRj5tGJ 4SjgSqMkwf84BrOXgjQJN5sU0WwYF6mHgV6UQYSY1WLYx0XvFF5Vf3V99nf8QtRAERiqX46.6VWU 92dAHZ70mX1htDElIkJpX5vfPio6KK.U3ddkByQafC1W8qTpj0jJ4FtWcKdqlu9yRFDdoNTZFzel reXdHAxtOS47C9zRJ3or7sBH8m.UYhL_XhFVh98LRYhA1WUYiP6m0yVBH5372qQDnQHz0huyXIUs FT343J1DX2trnPS90NH._o.FCgGrfHil9KHTTWZjxvgHD0eE6lF5rIh9qH1XxGCDNEe2rDXTaiby ZWAR28RdDHnTvk9okUVWpSrSlfj3cxQmfmUlWL3kixM.1cKEAB2avceSc1w2yFBh7zaEeW7THx1o R8vfCUFaPBZGMJh5dBcAplhdcSL9jKclgAqrIoF6ExPI9AhWbxzG1YxwRq5kro7b4dj7oK8osygF M3Wy57_SEzV0Vp5Wucbox9r7AiGf9LENmAPFFeG7Cj_47OdXpytPwfddCCExpxGJtVNtBbAbGqu7 Hq6Ejh87PB0ahvrCyeosgTG1AUbwc3kvUYMvzMh3kDX0LsugRLy9.hdAWEyw7lNrczoGcmiqYdqN ekMYgJSVGbiarq_PkH1tZC1UWsRxzXuZSntFGHwfTlmHzzvuuSB7T3kF3Au_lnPBhJqPJ5zeM3Ke nV1BTaPlpH566NnaoJ0skY4bssFbBrMTCzcpu2fYa2NrxQi_M3EfqOUC88Ich._MT2mPSm612HX5 5Vpa3PAm0wGINRkW1bIzlKbzdRF8fP37BABUcVe50l3CRO07TMIpEGbe1n2uGBbINMQ47AIw2zHL XGqlKc1ehUayR8gJ09OdKFQogXqOi8qx2.Lf5uBKSNKNjsY52TQt17oRAz7SAWxLU6H2N5ZMrhkq I6uXggvn9yOYq.Y1RBX3CneKQFkyZKBHDxeT7YG8V.FppxNEeNPw4Z5yxvrH4rturBkFFFrL8I_l Hvu.eGXc.VnUdesdtDD6u25jjZ2giq0Dsc7iVnzV7HqnxAOWDAmhJGahVDysGYVrugOAz6JSmWwK 2qNRs5PU_Xxn7lhr9ALrPxbXDgQl_3j0FAzjRyhiSWsQMxTVL2Z5bgg3z1fNEipj43o3IvzbYX9Z yWQ06lZFMVx44CNNgrQTrFf6pXh78lo0.xeTwAe0m4S0Qw3YPmLqtBc7Jf7P00HTbplORbvccZ_Y 2pPlL2VML2xgZf.MQ0Ci2ISuHm0XYIjXq7s_ZMSZVEkD25t2WZwMov4qkFMpCvLzO9cWnFw5GH8w X3xBqzG6czI1efLqwBFZMEH51B_RWRK8W0VnIjW2KMmRs1D.dpdpJIPnFgd6rCqLBLFOEOMT3ZQp BxGv8XaV3QmgeRZYwzoQGrgL9nNzpVE6RUo9cwNqeaE64kLleUD_x1Gyo5vAStvAEY1He_SMS6Z1 oLx4F727XdfszaDYh6gYwYpqsK2OsmXOEFbJUJO71ePDJA0hVF4YXFlFwNqrYB78ztyMmh2Zk2Ln b1r7i19suH2hLgv5Ak6Y2TJ5tzRzq2mNa_usjjnAXpTAt8nwbdoGdWjNOyuviHQfoK36Zuiv7bni wUIp1TcCda98.f5pa835g1YCcaV8zZ3y5g5YVG.RdRCJnsnpALqoT82Ophz45swwivyDI.satIbz iFCwAy62EBOzKtaG2In8CXwt9Wt5Kgzf79Br0LgS9gtnO_2PHUDsfk4_7DDJaONRgPDwC1gVEimy qcXZm4pvNEAUB_AvrS6DN X-Sonic-MF: X-Sonic-ID: 0cce5af3-dcae-4c0a-9bcc-69e0a95c6f8a Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:44:43 +0000 Received: by hermes--production-bf1-5f9df5c5c4-8dccp (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d2bcaa4718843a282c96eeaa4751b090; Fri, 21 Apr 2023 17:44:42 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-fsdevel@vger.kernel.org Subject: [PATCH v9 03/11] proc: Use lsmids instead of lsm names for attrs Date: Fri, 21 Apr 2023 10:42:51 -0700 Message-Id: <20230421174259.2458-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the LSM ID number instead of the LSM name to identify which security module's attibute data should be shown in /proc/self/attr. The security_[gs]etprocattr() functions have been changed to expect the LSM ID. The change from a string comparison to an integer comparison in these functions will provide a minor performance improvement. Signed-off-by: Casey Schaufler Cc: linux-fsdevel@vger.kernel.org Reviewed-by: Kees Cook --- fs/proc/base.c | 29 +++++++++++++++-------------- fs/proc/internal.h | 2 +- include/linux/security.h | 11 +++++------ security/security.c | 11 +++++------ 4 files changed, 26 insertions(+), 27 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 5e0e0ccd47aa..cb6dec7473fe 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -96,6 +96,7 @@ #include #include #include +#include #include #include "internal.h" #include "fd.h" @@ -145,10 +146,10 @@ struct pid_entry { NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) -#define ATTR(LSM, NAME, MODE) \ +#define ATTR(LSMID, NAME, MODE) \ NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_pid_attr_operations, \ - { .lsm = LSM }) + { .lsmid = LSMID }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2730,7 +2731,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, PROC_I(inode)->op.lsm, + length = security_getprocattr(task, PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2788,7 +2789,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(PROC_I(inode)->op.lsm, + rv = security_setprocattr(PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, page, count); mutex_unlock(¤t->signal->cred_guard_mutex); @@ -2837,27 +2838,27 @@ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ #ifdef CONFIG_SECURITY_SMACK static const struct pid_entry smack_attr_dir_stuff[] = { - ATTR("smack", "current", 0666), + ATTR(LSM_ID_SMACK, "current", 0666), }; LSM_DIR_OPS(smack); #endif #ifdef CONFIG_SECURITY_APPARMOR static const struct pid_entry apparmor_attr_dir_stuff[] = { - ATTR("apparmor", "current", 0666), - ATTR("apparmor", "prev", 0444), - ATTR("apparmor", "exec", 0666), + ATTR(LSM_ID_APPARMOR, "current", 0666), + ATTR(LSM_ID_APPARMOR, "prev", 0444), + ATTR(LSM_ID_APPARMOR, "exec", 0666), }; LSM_DIR_OPS(apparmor); #endif static const struct pid_entry attr_dir_stuff[] = { - ATTR(NULL, "current", 0666), - ATTR(NULL, "prev", 0444), - ATTR(NULL, "exec", 0666), - ATTR(NULL, "fscreate", 0666), - ATTR(NULL, "keycreate", 0666), - ATTR(NULL, "sockcreate", 0666), + ATTR(LSM_ID_UNDEF, "current", 0666), + ATTR(LSM_ID_UNDEF, "prev", 0444), + ATTR(LSM_ID_UNDEF, "exec", 0666), + ATTR(LSM_ID_UNDEF, "fscreate", 0666), + ATTR(LSM_ID_UNDEF, "keycreate", 0666), + ATTR(LSM_ID_UNDEF, "sockcreate", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 9dda7e54b2d0..a889d9ef9584 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,7 +92,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - const char *lsm; + int lsmid; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index e70fc863b04a..8faed81fc3b4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -473,10 +473,9 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, const char *lsm, const char *name, +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size); +int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1344,14 +1343,14 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, const char *lsm, +static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(const char *lsm, char *name, - void *value, size_t size) +static inline int security_setprocattr(int lsmid, char *name, void *value, + size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index 3f98e5171176..38ca0e646cac 100644 --- a/security/security.c +++ b/security/security.c @@ -2167,26 +2167,25 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, const char *lsm, - const char *name, char **value) +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, + char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size) +int security_setprocattr(int lsmid, const char *name, void *value, size_t size) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.setprocattr(name, value, size); } From patchwork Fri Apr 21 17:42:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220550 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02014C7618E for ; Fri, 21 Apr 2023 17:45:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233387AbjDURpD (ORCPT ); Fri, 21 Apr 2023 13:45:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233008AbjDURox (ORCPT ); Fri, 21 Apr 2023 13:44:53 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A33310DB for ; Fri, 21 Apr 2023 10:44:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099090; bh=3v7lBuHVRUwibxvH5mLiErD4AXKr7tuIDSYHszYedZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=s6d6Yuo20HPBE6kefENgt6bLBONIwxcHIre+AVVqIqkMzMdV5u2P3VgcE5JkVHNljgjlELmkugGMoF/AaBZEix9gaq7VXXQ/bmkYGUzJuyd6ZnEBMTj1AWfbH9v+5AP8ZDzj+Cjx+TP4tc+b3FpXtRREHcBhKikkY1y0Q8ziGyp3KH0sEmjIspOUxjvtCOMSqDxPJbgsvxXO3eb64uIZH6U3fTC1gLZh9JArGs2/4aXuYNRqFTDvZifgChQx0VVA70v6BzYPsfE4hFt8vG0gMaqyNCVpGAqw3Y5efmgR5flJ7TAYTeI2GSeq4oj4+ARzUXiK5AJoQ6by123tj8H9Fg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099090; bh=2tF9p/IhfNDJQ7ebznMuWAkMP92fJvfCmKSayg8ao48=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AdAYu+CupQ0aRV9bYmDsVet+njl2OTvkL2XiXgpnPK9oDWGdTTDu96Ahk0d/5u3Wb4RLU3g9l/dpp5KCQo+v8ZB/zhQ2hTL/QpsXrZHKffn/EUVNHDpvUPjzQdsmN2qpUsMK7fEBaF8gA4IMrqcnB23elebnfDtojvPK+mkCItxnCf4k9EOuRNcDfRgXEyV7IBmtdkWl4e9nQ1MZuU5bvxYnxodsxKHwxhjB2N2ztse8Z2xtiFizMLpZdu40CH2NI74iw+FkPyrtJfNEZqxEoWm6NGZsS/6hJsmQDDy66yOWmo8U9toUg/RBiy5jKOAl0LRGvHEiKn2xMt/Hcgklkg== X-YMail-OSG: 33M9y60VM1l2Drqyq8X73SThlhVk9wAquFX8AeLxHc1B45ZeOr1Lef4db8wxes5 gf7hbgVBYbH3sgxilvva33Lgki5k1RM8oKpKz4MbzbtI0VsRk0PYLr9iKkWTAFQM.R0YZPTEbvbf 9VCLPlMyhCEvoh334y11GgkOo_BK6D2JMxxHhHjXbrQIyOf4sUljWcbOGG214vnPNU1oadnZ1E5b 8mkMikKCr4O.LL5vEwCiyxhOEfTwlGEMi4_tjnIJ8_R_c._SMorn6alIrkQVH2AuImTKI3CZhaQk zwraq2dzfSgEljcovA5stzoXjl6D4Yyk6Y0OgeNMoDxjP9ohBhedCTDlCs1rcK4w7umiXAWoWNDU xPJzzsrbGHsAU1gHpUAD1wWuzWNWxbNQ0MhAIbm7InrKIzluARfbNF5CN1z5I.I96z3Y688eM0Ua qGJmdKKtt.z_Q5.f0H0IJHDI4hn2haq3CATMLaArZLbo5Pin11iro07iwBlyGOYS4Ywx57Kn5_.k H1Mf3DKrHbAeh7z3mQmkF8cRrs3InSBmq.tijRBveA6piPMVmZ3xDBOITQvT3pmw2iz2QR.pFTyx Hp5XraEWpDn4eILf.r6jHunPoUzY839PBsZFZbnj7TOzcxFpd.FwyUnApy7NdSfi3P43ZIFRgHrB 7nJCJmCGb2KIKj6AAPcsiKyM1wVyYD_TxrgDI0.JU9n37NubGcAiFvD5f.ts1gZmsgcxy.2nwCge dMlR_lEqeiAmgVKzmqQsPjcz3CCE2pVca6enPD08AK7tq1n50GZ5FnCgYL32eWrRkUBLLErULMYE YunSDrR56kAuRtCt4WmXj9UN953sNba0DbD_Z_tGfk8Zaqyisns.Ap7AuMwA.lcCtxofSIS4NpKa tfGLBh3CxbdERI6VFhN1CMrVNkSQUNUk3I0EJ06qPEiku0XNR8StmpoivKvw6Fh2EvMnkVks2tPe 25MKZMhrUim68sTTXRk7usdUW_fHesDNGPRJkRAXBcui2WjhCoyiIp9OgYwLpVO5OWp2y3q0s.2T c1YqSMCXUHmUuSKZw7BPBZnCLFTOg3paGIucA01GhoRC2OTYoqcMLwiBqk_SoCBGJqNjhgF0O0x8 57g_GYqh7jUZVWVwaZRtCkvcfFF_B6sY0dM4Vz.RzkmhI_Dq.Mn1qEoGdBSjrxB8HO.VLnZu_h7. EJLYbQt_SYcNFTgvYbhFImayG1q2z6DD23_OpHdgjDiRb6qMyIIUx.qdw1tfDTz8b5H2g7he3.xp JnuPCuzJG8hHpDwA8kmUeJM9ir9wflwJA8KzTp.1G.0.bmmtpp7bNPxchTYEyrSVa_RlqB3VeJH1 nPLxVQCGzmQTlEOSZGb9kJffuVzT5KbmDwkXbErPdYtNLmXJ06_yGbgRd.ivF68x9EkegQfVHI6D 6kyplwa.rsaf1d8pU8fQJBUg82ZaVNz2wdzy5cGqbxNdjD_oqS7eiAd2_VrN1CBdzPEAV0ZbdYnO CkfeZ9Mp39lhRZT1mRRLM.sQ.c9Sa9_YSiF7hOH2cfM8SzgWu_9ru.rnm.x50uG8HUs.JukJOubj qk6b1Cz6XICjSLPobn8J9oo5tHG5EnUaKVzXXUCyxQlwSEWyMYYisE5EMoD1VSWEuU2PdoKuACdw aIZNURj6wB_FYd1DOgiUgC.LSa4..7xTXcuL5lM2TkywSyizII3NOY30djZMGR8KBRarEZ5GEDny hyNgWxl6W9DA8pr8Vr655cQ.Doz0yDuIuPGZDNOJAMV2Hu02Ejnuh9CUqNjpZpPhvXyXzTcPYSxK _dtLOhxnyXLYFkfesbKvz5S1ppdKkXF8rn9G4Zh3fcrElOJ_9rPnZ2w1eWTih6s334lYFch_u0Y0 HDc1j.I2jGNYX15XEXJvcJ8QavNfZp9IAPTVo6tA.Ntua9fUsWfEs5QWCcVilGulSebXXcZByO0E k6BuAeaQcD_IIIMZ9.ayGtL7in7sQMBTOxi.Y7l2xma8aPFOsbBJE89kUixQ.4qLM8uoQdk6Cf_g aJAeXqjeanK5kl4kPLdBGElNZ9qgJA70YiZ.k887gOciSh9ZZidMg0yFzt5QBrFvfBb8r7xgVUnA nTdGNKgxzK1LlQ_S8iZAqtbvt57AT4bVhS3.0CUJnDmCqqVsziXqdTAf89H9qNtOsyb.Jmtnr4Hd qPXedE9tlc84QcYDbv0f4pqZ3nEYC8oodL5m8qTKoA.sGG7pTtG3CB.ppP8ot9o3QwaHehxoGh9U v3MoABYgsWrsJLv5jvxogQkFb1suAFox4AJ.Lglkujmw39vadKvG_Kj0cwStYdGz1EiV9bBLofgE BgroOBUiof5_Y7JE4yQpZ X-Sonic-MF: X-Sonic-ID: f46573c0-aed4-49d4-ab05-41a2c7e21678 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:44:50 +0000 Received: by hermes--production-bf1-5f9df5c5c4-8dccp (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d2bcaa4718843a282c96eeaa4751b090; Fri, 21 Apr 2023 17:44:45 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 04/11] LSM: syscalls for current process attributes Date: Fri, 21 Apr 2023 10:42:52 -0700 Message-Id: <20230421174259.2458-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_get_self_attr() to provide the security module maintained attributes of the current process. Create a system call lsm_set_self_attr() to set a security module maintained attribute of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. The attribute value is provided in a lsm_ctx structure. The structure identifies the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module. A flags field is included for LSM specific information. It is currently unused and must be 0. The total size of the data, including the lsm_ctx structure and any padding, is maintained as well. struct lsm_ctx { __u64 id; __u64 flags; __u64 len; __u64 ctx_len; __u8 ctx[]; }; Two new LSM hooks are used to interface with the LSMs. security_getselfattr() collects the lsm_ctx values from the LSMs that support the hook, accounting for space requirements. security_setselfattr() identifies which LSM the attribute is intended for and passes it along. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- Documentation/userspace-api/lsm.rst | 15 ++++ include/linux/lsm_hook_defs.h | 4 + include/linux/lsm_hooks.h | 9 +++ include/linux/security.h | 19 +++++ include/linux/syscalls.h | 5 ++ include/uapi/linux/lsm.h | 36 +++++++++ kernel/sys_ni.c | 4 + security/Makefile | 1 + security/lsm_syscalls.c | 55 ++++++++++++++ security/security.c | 110 ++++++++++++++++++++++++++++ 10 files changed, 258 insertions(+) create mode 100644 security/lsm_syscalls.c diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 6ddf5506110b..b45e402302b3 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -48,6 +48,21 @@ creating socket objects. The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. This is supported by the SELinux security module. +Kernel interface +================ + +Set a security attribute of the current process +-------------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_set_self_attr + +Get the specified security attributes of the current process +-------------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_get_self_attr + Additional documentation ======================== diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 094b76dc7164..7177d9554f4a 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -261,6 +261,10 @@ LSM_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops, LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb) LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry, struct inode *inode) +LSM_HOOK(int, -EOPNOTSUPP, getselfattr, unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t *size, u32 __user flags) +LSM_HOOK(int, -EOPNOTSUPP, setselfattr, unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t size, u32 __user flags) LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name, char **value) LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 8e6ba0a9896e..ed38ad5eb444 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -25,6 +25,7 @@ #ifndef __LINUX_LSM_HOOKS_H #define __LINUX_LSM_HOOKS_H +#include #include #include #include @@ -503,6 +504,14 @@ * and writing the xattrs as this hook is merely a filter. * @d_instantiate: * Fill in @inode security information for a @dentry if allowed. + * @getselfattr: + * Read attribute @attr for the current process and store it into @ctx. + * Return 0 on success, -EOPNOTSUPP if the attribute is not supported, + * or another negative value otherwise. + * @setselfattr: + * Set attribute @attr for the current process. + * Return 0 on success, -EOPNOTSUPP if the attribute is not supported, + * or another negative value otherwise. * @getprocattr: * Read attribute @name for process @p and store it into @value if allowed. * Return the length of @value on success, a negative value otherwise. diff --git a/include/linux/security.h b/include/linux/security.h index 8faed81fc3b4..f7292890b6a2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -60,6 +60,7 @@ struct fs_parameter; enum fs_value_type; struct watch; struct watch_notification; +struct lsm_ctx; /* Default (no) options for the capable function */ #define CAP_OPT_NONE 0x0 @@ -473,6 +474,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); +int security_getselfattr(unsigned int __user attr, struct lsm_ctx __user *ctx, + size_t __user *size, u32 __user flags); +int security_setselfattr(unsigned int __user attr, struct lsm_ctx __user *ctx, + size_t __user size, u32 __user flags); int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); int security_setprocattr(int lsmid, const char *name, void *value, size_t size); @@ -1343,6 +1348,20 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } +static inline int security_getselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, + size_t __user *size, u32 __user flags) +{ + return -EOPNOTSUPP; +} + +static inline int security_setselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, + size_t __user size, u32 __user flags) +{ + return -EOPNOTSUPP; +} + static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 33a0ee3bcb2e..9a94c31bf6b6 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,6 +71,7 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; +struct lsm_ctx; enum landlock_rule_type; #include @@ -1058,6 +1059,10 @@ asmlinkage long sys_memfd_secret(unsigned int flags); asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long len, unsigned long home_node, unsigned long flags); +asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t *size, __u32 flags); +asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, __u32 flags); /* * Architecture-specific system calls diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index f27c9a9cc376..eeda59a77c02 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -9,6 +9,36 @@ #ifndef _UAPI_LINUX_LSM_H #define _UAPI_LINUX_LSM_H +#include +#include + +/** + * struct lsm_ctx - LSM context information + * @id: the LSM id number, see LSM_ID_XXX + * @flags: LSM specific flags + * @len: length of the lsm_ctx struct, @ctx and any other data or padding + * @ctx_len: the size of @ctx + * @ctx: the LSM context value + * + * The @len field MUST be equal to the size of the lsm_ctx struct + * plus any additional padding and/or data placed after @ctx. + * + * In all cases @ctx_len MUST be equal to the length of @ctx. + * If @ctx is a string value it should be nul terminated with + * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are + * supported. + * + * The @flags and @ctx fields SHOULD only be interpreted by the + * LSM specified by @id; they MUST be set to zero/0 when not used. + */ +struct lsm_ctx { + __u64 id; + __u64 flags; + __u64 len; + __u64 ctx_len; + __u8 ctx[]; +}; + /* * ID tokens to identify Linux Security Modules (LSMs) * @@ -51,4 +81,10 @@ #define LSM_ATTR_PREV 104 #define LSM_ATTR_SOCKCREATE 105 +/* + * LSM_FLAG_XXX definitions identify special handling instructions + * for the API. + */ +#define LSM_FLAG_SINGLE 0x0001 + #endif /* _UAPI_LINUX_LSM_H */ diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 860b2dcf3ac4..d03c78ef1562 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -262,6 +262,10 @@ COND_SYSCALL_COMPAT(recvmsg); /* mm/nommu.c, also with MMU */ COND_SYSCALL(mremap); +/* security/lsm_syscalls.c */ +COND_SYSCALL(lsm_get_self_attr); +COND_SYSCALL(lsm_set_self_attr); + /* security/keys/keyctl.c */ COND_SYSCALL(add_key); COND_SYSCALL(request_key); diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..59f238490665 100644 --- a/security/Makefile +++ b/security/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_KEYS) += keys/ # always enable default capabilities obj-y += commoncap.o +obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c new file mode 100644 index 000000000000..feee31600219 --- /dev/null +++ b/security/lsm_syscalls.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * System calls implementing the Linux Security Module API. + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * sys_lsm_set_self_attr - Set current task's security module attribute + * @attr: which attribute to set + * @ctx: the LSM contexts + * @size: size of @ctx + * @flags: reserved for future use + * + * Sets the calling task's LSM context. On success this function + * returns 0. If the attribute specified cannot be set a negative + * value indicating the reason for the error is returned. + */ +SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t __user, size, u32, flags) +{ + return security_setselfattr(attr, ctx, size, flags); +} + +/** + * sys_lsm_get_self_attr - Return current task's security module attributes + * @attr: which attribute to set + * @ctx: the LSM contexts + * @size: size of @ctx, updated on return + * @flags: reserved for future use + * + * Returns the calling task's LSM contexts. On success this + * function returns the number of @ctx array elements. This value + * may be zero if there are no LSM contexts assigned. If @size is + * insufficient to contain the return data -E2BIG is returned and + * @size is set to the minimum required size. In all other cases + * a negative value indicating the error is returned. + */ +SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t __user *, size, u32, flags) +{ + return security_getselfattr(attr, ctx, size, flags); +} diff --git a/security/security.c b/security/security.c index 38ca0e646cac..bc3f166b4bff 100644 --- a/security/security.c +++ b/security/security.c @@ -2167,6 +2167,116 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); +/** + * security_getselfattr - Read an LSM attribute of the current process. + * @attr: which attribute to return + * @ctx: the user-space destination for the information, or NULL + * @size: the size of space available to receive the data + * @flags: special handling options. LSM_FLAG_SINGLE indicates that only + * attributes associated with the LSM identified in the passed @ctx be + * reported + * + * Returns the number of attributes found on success, negative value + * on error. @size is reset to the total size of the data. + * If @size is insufficient to contain the data -E2BIG is returned. + */ +int security_getselfattr(unsigned int __user attr, struct lsm_ctx __user *ctx, + size_t __user *size, u32 __user flags) +{ + struct security_hook_list *hp; + struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, }; + u8 __user *base = (u8 __user *)ctx; + size_t total = 0; + size_t entrysize; + size_t left; + bool toobig = false; + int count = 0; + int rc; + + if (attr == 0) + return -EINVAL; + if (size == NULL) + return -EINVAL; + if (get_user(left, size)) + return -EFAULT; + + if ((flags & LSM_FLAG_SINGLE) == LSM_FLAG_SINGLE) { + if (copy_from_user(&lctx, ctx, sizeof(*ctx))) + return -EFAULT; + if (lctx.id == LSM_ID_UNDEF) + return -EINVAL; + } else if (flags) { + return -EINVAL; + } + + hlist_for_each_entry(hp, &security_hook_heads.getselfattr, list) { + if (lctx.id != LSM_ID_UNDEF && lctx.id != hp->lsmid->id) + continue; + entrysize = left; + if (base) + ctx = (struct lsm_ctx __user *)(base + total); + rc = hp->hook.getselfattr(attr, ctx, &entrysize, flags); + if (rc == -EOPNOTSUPP) { + rc = 0; + continue; + } + if (rc == -E2BIG) { + toobig = true; + left = 0; + continue; + } + if (rc < 0) + return rc; + + left -= entrysize; + total += entrysize; + count += rc; + } + if (put_user(total, size)) + return -EFAULT; + if (toobig) + return -E2BIG; + if (count == 0) + return LSM_RET_DEFAULT(getselfattr); + return count; +} + +/** + * security_setselfattr - Set an LSM attribute on the current process. + * @attr: which attribute to set + * @ctx: the user-space source for the information + * @size: the size of the data + * @flags: reserved for future use, must be 0 + * + * Set an LSM attribute for the current process. The LSM, attribute + * and new value are included in @ctx. + * + * Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT + * if the user buffer is inaccessible or an LSM specific failure. + */ +int security_setselfattr(unsigned int __user attr, struct lsm_ctx __user *ctx, + size_t __user size, u32 __user flags) +{ + struct security_hook_list *hp; + struct lsm_ctx lctx; + + if (flags) + return -EINVAL; + if (size < sizeof(*ctx)) + return -EINVAL; + if (copy_from_user(&lctx, ctx, sizeof(*ctx))) + return -EFAULT; + if (size < lctx.len || size < lctx.ctx_len + sizeof(ctx) || + lctx.len < lctx.ctx_len + sizeof(ctx)) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setselfattr, list) + if ((hp->lsmid->id) == lctx.id) + return hp->hook.setselfattr(attr, ctx, size, flags); + + return LSM_RET_DEFAULT(setselfattr); +} + int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { From patchwork Fri Apr 21 17:42:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220551 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B811BC77B78 for ; Fri, 21 Apr 2023 17:45:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232813AbjDURpR (ORCPT ); Fri, 21 Apr 2023 13:45:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233338AbjDURpC (ORCPT ); Fri, 21 Apr 2023 13:45:02 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C22484497 for ; Fri, 21 Apr 2023 10:44:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099094; bh=sXMFocGT4IU3oQGqbQmjegFkHA30O982nX2Of4eeqSs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=MQSjcBcQGVQ/b7CitAhGXQ3EcrwE8zsqrLNt0kGevGxVFyHjFbvw3TL7wuFEFmJn/P5EfojEhT5EGRD4r+AYsSjc1HgYgy7IOnN0yQ4XTxiFgHBSwtxu/s25LTZ4Y9UydBZ2pras49l8YAEFpmm72pD/IAdJnDcSj9XHq9wVFwjNtc5fjQNukKhyLZzf/NAly3q5fQXbhDU1xzyD6xsh6ULukW3zkd6wqnCIY5p1bfSmvrYDzhCnEMy4GmAmqJKxshwhEEGGTZIuaU20L0S6fAVLjbro9QaXDA98ZSSgQ4k4HpZBSKtfSajP1OJXk1J6ZOZETtsVapNnwQGMJjwStQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099094; bh=i/j2jesteEMBR7l6UFdy5zmzcX9E0xc9Yo+6QNDFp3L=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=KBBewXBYMMj8VNXwWG+Q17ralokzCQSt5vzBg4mYO7Burv94ORDEx5mn/DjOWSZfpDBc1Zk6hM75ITbYdUo4W/VsmGUoz9wGf9YdfDve0JA3I0wvmsLDnez7Jole1yE2c1Mp4QGxVQJl6B259wtYn0KDFz2M6nQS+2hpwTw207wdPVHAG4JkaTetZiIjoQpPWhAUOvhAUlfwRKo3OZb+wymPFIru3T2Moa1O8mq5sLIRvppwZnVzD5w/XzpQBTvMomWEzNViyg89uoIL6O0WyRCpmSFQtxKBB6r1Ho8LixUv/dJHpUkNU5wz0SvhopWSKZ38TV+8M5ImR17hRgwmYQ== X-YMail-OSG: 0zuD74AVM1kWxVhTUwTNt1iSFlsBoQQdcDiRDUHnbsR0xS5x582avZcW9dXntLe mw20bqv7lk7T48irRoSq_eoVpEbuE8E2tcWfAfs8cFak5LPDmLmyC2n_5KIJux8CP_cm9Y88BM7I GqqWt11bk2iFdjFN9EkE4wekcgMncjrZ9.XeMxcEXrqcw4ltmr6JkI8jQ3jtWytlK2wmfKw5xyro 4R0kJV0Xmswt37Jlu5hIUWUrDDqhat47sk8fIoHy5yhqjnce..Necq_z187HTTVTvbVY7j0OQFF7 fLRewaYUda2ilMh9i0uQCcom2zxmmmyz2tRblfKgvIugv.CWCcKhZtY4s3CO2q4Lfsa_cDd0oTnj 9mJE.pW2XjC5GmZpQujwUkHYcqn4x26GGWNQT55OWq6w0NDb5Uzeu.Q.FD7XJmRLwOzMAN3G_l9M fjtJ6SsTlc4A8aPTVnrAEmKIQM_IaBRQ8rYQbqehUr0nVvXWRM10Ag47f9UTYg1nUJVqtS_1wGZX 0EX_EEABRsHaZuYiqMovlXjkreFKGdHu6JikxWT.25sJDzc9BP5kxASlFvcD0WmXpVqWuiGBPdpj FDMqigjxIjc6va4sUt7DRQ9HEqW3dTs4MKlUzrJXMAY76m1JOMEMbLTfOICW7ASLZPo7XqQibU0a jBtSEV1QX4SQfdkETAiuvEZ7l5FvLZDx3bRJDWwNvjK0HM33Q9c_wZEr1kvt5okMLE2sq5KIQWKt y0EBGudIKQ9PKBEAcR.TfwXeBK6VQu7Gih1fXaBG4fPFXUisZU00vMZjUH6HFEcR748XC4C6Zuga PDtR2KHekNKs1mnQcfpeBgNVz9QzWGnPQ1Dh5Y_ecFTEFjSHSBoyfywDQZx6eC.WbmORm6OLJsdF .vynGAtYv.bnZ2OYhZBM0Hd8HNPhiByoJ8HQZBbnDGHPbr7Bqd3HgObtvFa8iH0WXLa.Omq__jx. J1Z__.n32Vy1Ypjca5GIhGsXs5asxRK5TMrkyZTpaSLhrBuDaDy8OSzejyRZvum5JMbO6YP2i45Q DV0ARVMNFwf_eGVOEnmfykPxvbLEGu0AudzMPIKnr5AkaZwQc.k1loImB8jEKlZPMe7_E6AnXg4Q y1T06d5JAav7MKfwdlscl4tEE728s0AYrfFStcGnLUBQe.3PYxZOmuJWptCByqXbo9iOb9NVAEFm OqYR5ZaRWC.WSDkooPkuUcgr.KfLy1AaBb5UvbCTwT2UYfzlz2kUkTR2CwPJzP36kIRiE1Dmzezi CXI6EGJ3anz.sPmuwywhKfgNV3t9_jzjsbYtGGgTtBCN_Dor7Z58_WumJHrPG27d.e7v62mLW_HB ZbggQroOoDQqS9tWtorGMh29Iidp8EHYj2FqIC3MWjuC6DZ1qtIL3I8q54OfK3AmhIuCIHyBaSki r5VRsnLKtyUzuNNe2xrQ5JsI_V0yQf6rmvrSK3eL4AspvE7q72eQum29OXPCUC4hVI8VNHOONb.V FcsY4iEX7gXdbzJzzm_gPOQefd3CSVMW3VUQniIM5ttZiHiKCwraGxJJ0Klx26Lmw._Fv6mDYq0r wQs7.hxpTS2tZyxtjpGnxRCyVAUvD5y_6iP6KN67guHveIROxm3EIuK0zNHulMHqckiV5FwsBm93 pCwcPxRJIK1mhzuVju7BNbLPeAwctlPZTfSyZPMHK4pEkdrcRkeDQCGzLrXXpu1A8T84N.NrYnpD PKUVuOhgQIRqYKXcZw_1XYBnG0leupB.sTird0afNrSGlqa9xtZiTTUjUlxJh095ZGnLxi_9Xbya j31Q6Nn8Xr.IbS9uiUi8DcIP_LOzepCF2J2polgYEJx5C_uY2riDHWFe9JS5vQSwDRS2d9D9K09C o1bV3GUXRjY6ZEAXNarxlU1yWE6dIonb3wPfzpsuyXPit6c2BrKjeYmBpQQjK8tI3HUnmgjwJXcT EuK5aL0kiwut7F2AN1Utjk5sld2jZaK4Nc7jCMCo8UQLtfIiEvF2GO5LTqtwVMuqooruwHvdLy4M ndu611dGzAKVPXKb.mOxFB0G3gNd6WE95qF3KtRfjL2mR6kLsUNYlAaaKy.GpBrTneommrUflWIe rT9O1kdoYYosmRCbzzbjJp4y1PxfO3eks9Rk9uIKPVHciD5KPhIqmm2JaQRBD.yfDzS_340gwEw1 vK_FMvbtIx90PHmGRiEcIHn40ZyreRGVSZh1._NetqiSeEUArKg8nQy7J3v2IrLbCXH0OosEoXrd vM1U4RWYmIsU1hCnsT5jnL_sdzRddH0zpoxvp3NeaZd_L99Jz.HbvCmr9_LwbvFuDmZjYifA.WIn q0AwZXByWoeOmgEtzwQ-- X-Sonic-MF: X-Sonic-ID: 4cef924d-03a3-4980-b663-70bedecedfb3 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:44:54 +0000 Received: by hermes--production-bf1-5f9df5c5c4-8dccp (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d2bcaa4718843a282c96eeaa4751b090; Fri, 21 Apr 2023 17:44:48 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 05/11] LSM: Create lsm_list_modules system call Date: Fri, 21 Apr 2023 10:42:53 -0700 Message-Id: <20230421174259.2458-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include choosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index b45e402302b3..a86e3817f062 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -63,6 +63,9 @@ Get the specified security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_list_modules + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 9a94c31bf6b6..ddbcc333f3c3 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t *size, __u32 flags); asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t size, __u32 flags); +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index d03c78ef1562..ceb3d21a62d0 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); +COND_SYSCALL(lsm_list_modules); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index feee31600219..6efbe244d304 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, { return security_getselfattr(attr, ctx, size, flags); } + +/** + * sys_lsm_list_modules - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, + u32, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +} From patchwork Fri Apr 21 17:42:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220557 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E089DC77B76 for ; Fri, 21 Apr 2023 17:46:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233146AbjDURqo (ORCPT ); Fri, 21 Apr 2023 13:46:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232934AbjDURqn (ORCPT ); Fri, 21 Apr 2023 13:46:43 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E49A56EB9 for ; Fri, 21 Apr 2023 10:46:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099184; bh=n+nfYo19BWLbmagFYV+BUdXi84gdWWt8aRqNcziYgZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=uPRCO5bPDNXyUsah7QmCcd6JFAmUhac8fTOp4GQkTm8CYxpIYVidp5VfW5ST+oh8YZZUzVDJVTgVBuOG5OliTq1OC868zFDxJPuxxPjDIXn2Wf/yO6Nsi5KcOaq6UChVJa92CauxM1U1RGKSQn/+nH7mGlJD6itXaeL2bGiSaFHo7M2ISRggJY/xEH5ZXYx+xpNubW52DOoLltrUKk3OIGRGLq0yNtOhBOndSmpp2OJJi6jLzoasURz2mkI4NJKJ92R8SGcT/VHR32caDmC61tWMcQG69T1cNDW4PzJrVsJGjd2mM51psnMkmOqml/2ic0lE1RUWFCDpAv+2C2YZCw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099184; bh=sTY7xGhgROzZn8D9dLi2gcDrY3j2GKkMPklWt0mltdU=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Fw1Tv4n5p1qqKycsceEiFG4c1gP21GE5uvsVXuCdjzWS4RpN8OCJuGkPHs5HACmzTW48wsGVEvC1AB8y405IMzlxmm1rdxhrMSwyBjahBKcVsv9Arg2xZdfqR3A6wrVp9a9wARNgIPFs09vY9RMupKXi/3A8Zt8EOXpLCPXNz6sQSJXkbzGctd8Otm9kbjPlcZ2NtxCVteRUDEyY5cGn3W3II/0xJe+QAzN61Ntwbhyt0v/xNnee0to/vfkBIkwlIrhmdZhCe1scXgTUDhC1b2BPJUPCEd7mY7AD3JCdNuF18bpIzGG11iMU+E8vECZmUrb8rrcbCiE9SApNDj08BA== X-YMail-OSG: E2uosOsVM1kktzR0FpJfagqPDfFsjP6aS90VBCHYf.7Y2i52d3JZb0h45GJV.21 pNUdv81sfLzfgnoetUgE8kabzVvxhFnhuAVN_sj7AS6TgNkt5Ws2MdcoPkcpIRnN8lBxPu7_vI8E 6b8otqDAgyI.Oy0YCEXp.aULQlUyv27i68wdKpQANxFj4rveS_uj0pH3jlJut0xVF3padqHtJSi0 piHELi98pfpw5UBrDxGyUt4914jSO5TbzGd.min7h50HN9ISXV6WHO6Wq4qsONn4Jhiv36tkGTD_ s3cuUMS7CXotmwPe12eXRJ5MlhvRJlOlb5fJpylcCkd6TipT5TkaInnSW6k.3PBlI3uUH43qFiuF fRykX8QyNV_Ty12_WP9efim7gxdVMLbKJY9zQiBaFwD0v_.LK5vuvD_1O_21l1jXdljMJJTb0lwg .3ngIQ2863P67pV_C26PcM3Ga_WibjoqwMaapHVW.VZBysk9UWTlhGVIOiQeUBrJI8BgYlLLy9Pg l_QsH4HruAGg80rp3o6DrFZQ_3RLZmU80RrPifNzyeaZd.hm2EN3_.LDSlJcnWBR9CRsk0QuOjSN 4VmNhbzvrF7l5Cca5IbvCLZ7IXlVbRE_Nov74m_dPnw.qcJ7ZDkKpADSrmWYANLOaUD8g7B6_Esp VefkN.iB9xhy_NIsDsD3vAfxCi3jyXCbVg0h5DHdbon6tob6EWdc.z8k8D2KlNZH7vpXm_QMTHKX Awi9IoVVUMYqIaqc5iw3xxbdUK1.McaywDBvu.hb44oAU6GJoTGbFuDUPh1VE72y7ByTGm93PCzj LcUYeGqt2HZjGIew5OWO94hQqmx8RWnUUfHD7q2I86U5X.4aRWaMJIJAZ0dMQHv0bHGVOyLJFHJA aDar5bZdbASuBpOgJIPIBdpZU257yRy9SvQaw8N8iH_xCoX5yXxJfTpI8k3OtV9xgXI0zm.9uXLN 6C_FGELHHf51eb7YQJ9s19B030HeYCcq5ubCITft6LfidUEZWzfJSvH3coMupNdgDO6S_Qos98H4 ynn_aejf1qSTp70RwWkIc0_XlX1XCqDeiDb2T7GoSjWtZXGWe3jpesP2Ac5rdDGoWTL6OxWESgt8 LxGMVBqMF3YFWMLQdC0202bw_Iu8wxciqsrWfHScq4_MePzJJ_RIULherz55.3U1gdgbcFx9oEJG TzOFy6kRdQ_QQfs7XSG4BBXNqd7BT.rkXjpThv0HS9Dj6PHCkRoC_Srv.etlYmBpZx9EXoi8xCcZ ByAsvcoPI1aSpQR900nKyy8wKzqY.NedPKhNiZqQXZnrA_NgqTvtINVeXIZHkG_nbQyBloZsTZBs mQI8dk4XCQtvdXgQfikBDxhuGbvQ3GuWMblOxkMJAiJGv1YEVYutjkJXN8awUPd4PIcVtSBhRI4V WSEDA9X3GAWZDGw.jxpuGXbOe9bTT4hAJgxE6mxnfosi46KavWLHqEzA7PTZlrk_pBK5u27gKDmK t1cweMmgwKzrsbIfx_FJhG6F1rNU2Vw3s3zex3U3IjvP.QhR54nvaRDnzE4viGMhuObJpel2lOBN 6wbVXKrepBoGMSD.DN_JAAn_HZiPnIC5270w.Z2Oa8cAPEztNUjNWR37NiNNTQ6N.eCQhJ58vEf0 .DqanbFVMQNe1t9UiyieNaloDU6IYrhkXP_zDQU71JvpMGuMiAQkmX8OTPIOiD2tYqvdYBaWBaV1 a.s45QhKjeprs9gTgaqlH3YY1ID25KHLDogJm8H5eTPhr90EthPS9u2RUhnmcPCvjmKsfa9UCfn3 RgpUDLBvPa_tf8.eDwsstSBdr3YE6tZWe5GFibuFShajDqtPVZAu.HWrad98tebV42IqH.wNCa9e 0CHybYyOzS9vVtJNmIoTOjmr0JdzIwz_WsfePU.ttoVh4zXqStUqtnk03hz.E9ofAEKrcXulVWbl rgfttzxSSSRRxcMp2zKMLZcMYOjpGVxCy7cU5S8Qf9ULP6DR44JTgGhXWEp_aq3Kve2sKQf4EQuO nt8tESgoUzplcRHqVvbKLiL.2Ufasyzv0CGZs3wFF7yp10CrcDIO13rkRTvIG5LcMxxXaPhqPDW4 TJeezbnQlvyxyc_CEankZ5.QRzi76Lsj6HEuOzfJ9UPbQXLg6XT1D9plsQa_skMzNPiT4yMxWzD. AyZoQSVyp_XUZe917uI71iJcNhXfjwteOulk2QJHxY7pOr_JIQ3_EBi5U41P0sC8FG7z50fiHn00 Qrl5z1fCrkf5BUFqm2Ow3QuwAyHf0lhDYo.UXKV9q98rLwY5WqK5zSe4QC.uAyxs0kU5qGsoYYqF 7AEAWQ0Eo4bcpXhJHQzoD X-Sonic-MF: X-Sonic-ID: 098ad97d-015e-4ab4-99d9-61e7bbc05687 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:46:24 +0000 Received: by hermes--production-gq1-546798879c-l2qgj (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b7487fe0c5844b066c0cbb2b5e828d88; Fri, 21 Apr 2023 17:46:22 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, Geert Uytterhoeven , Arnd Bergmann Subject: [PATCH v9 06/11] LSM: wireup Linux Security Module syscalls Date: Fri, 21 Apr 2023 10:42:54 -0700 Message-Id: <20230421174259.2458-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Wireup lsm_get_self_attr, lsm_set_self_attr and lsm_list_modules system calls. Signed-off-by: Casey Schaufler Acked-by: Geert Uytterhoeven Acked-by: Arnd Bergmann Cc: linux-api@vger.kernel.org Reviewed-by: Kees Cook --- arch/alpha/kernel/syscalls/syscall.tbl | 3 +++ arch/arm/tools/syscall.tbl | 3 +++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 ++++++ arch/ia64/kernel/syscalls/syscall.tbl | 3 +++ arch/m68k/kernel/syscalls/syscall.tbl | 3 +++ arch/microblaze/kernel/syscalls/syscall.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n32.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n64.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_o32.tbl | 3 +++ arch/parisc/kernel/syscalls/syscall.tbl | 3 +++ arch/powerpc/kernel/syscalls/syscall.tbl | 3 +++ arch/s390/kernel/syscalls/syscall.tbl | 3 +++ arch/sh/kernel/syscalls/syscall.tbl | 3 +++ arch/sparc/kernel/syscalls/syscall.tbl | 3 +++ arch/x86/entry/syscalls/syscall_32.tbl | 3 +++ arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ arch/xtensa/kernel/syscalls/syscall.tbl | 3 +++ include/uapi/asm-generic/unistd.h | 11 ++++++++++- tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl | 3 +++ tools/perf/arch/powerpc/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/s390/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ 23 files changed, 77 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 8ebacf37a8cf..178e2792c251 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -490,3 +490,6 @@ 558 common process_mrelease sys_process_mrelease 559 common futex_waitv sys_futex_waitv 560 common set_mempolicy_home_node sys_ni_syscall +561 common lsm_get_self_attr sys_lsm_get_self_attr +562 common lsm_list_modules sys_lsm_list_modules +563 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index ac964612d8b0..9cda144f9631 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -464,3 +464,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index 037feba03a51..6a28fb91b85d 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -39,7 +39,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 451 +#define __NR_compat_syscalls 454 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 604a2053d006..72022ffd5faa 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -907,6 +907,12 @@ __SYSCALL(__NR_process_mrelease, sys_process_mrelease) __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_list_modules 452 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 72c929d9902b..c52e9d87f47d 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -371,3 +371,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index b1f3940bc298..31eac3c99d84 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -450,3 +450,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index 820145e47350..5037fa1f74b8 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -456,3 +456,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 253ff994ed2e..29545b3ec587 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -389,3 +389,6 @@ 448 n32 process_mrelease sys_process_mrelease 449 n32 futex_waitv sys_futex_waitv 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 n32 lsm_get_self_attr sys_lsm_get_self_attr +452 n32 lsm_list_modules sys_lsm_list_modules +453 n32 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 3f1886ad9d80..8492aa4a771f 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_list_modules sys_lsm_list_modules +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 8f243e35a7b2..d74fd86de2a2 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -438,3 +438,6 @@ 448 o32 process_mrelease sys_process_mrelease 449 o32 futex_waitv sys_futex_waitv 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 o32 lsm_get_self_attr sys_lsm_get_self_attr +452 o32 lsm_list_modules sys_lsm_list_modules +453 032 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 0e42fceb2d5e..d1a5f3120d6c 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -448,3 +448,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index a0be127475b1..a414fe8c069b 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 799147658dee..96b7e6b72747 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 2de85c977f54..1a75a599bb55 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4398cc6fb68d..80b165091f6f 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -496,3 +496,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 320480a8db4f..130f9feb9eb9 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -455,3 +455,6 @@ 448 i386 process_mrelease sys_process_mrelease 449 i386 futex_waitv sys_futex_waitv 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node +451 i386 lsm_get_self_attr sys_lsm_get_self_attr +452 i386 lsm_list_modules sys_lsm_list_modules +453 i386 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..96dd45bc5988 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index 52c94ab5c205..2610aba19802 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -421,3 +421,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 45fa180cc56a..93f89fb06ef5 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -886,8 +886,17 @@ __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) + +#define __NR_lsm_list_modules 452 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) + +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) + #undef __NR_syscalls -#define __NR_syscalls 451 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl index 3f1886ad9d80..8492aa4a771f 100644 --- a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl +++ b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_list_modules sys_lsm_list_modules +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl index a0be127475b1..a414fe8c069b 100644 --- a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/s390/entry/syscalls/syscall.tbl b/tools/perf/arch/s390/entry/syscalls/syscall.tbl index 799147658dee..f9257e040109 100644 --- a/tools/perf/arch/s390/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/s390/entry/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..96dd45bc5988 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently From patchwork Fri Apr 21 17:42:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220558 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DAC0C7618E for ; Fri, 21 Apr 2023 17:46:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233317AbjDURqx (ORCPT ); Fri, 21 Apr 2023 13:46:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233338AbjDURqu (ORCPT ); Fri, 21 Apr 2023 13:46:50 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C091C7A93 for ; Fri, 21 Apr 2023 10:46:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099186; bh=H0UZJJs0RhJqWRRr8yj43CS9JmZV6EBd4q2EA7t9ugQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=KnVgwLAiBEZ4PuIhHLkDN+vRc4pyZ4YqWwhyivC9KBqCCSvMY6g9XFspKcxMpOnFLsDe8u3uIL2oK8PuuYVHqq83xIAagLCQu56YKnwCGMIEsjqdIR/Yo1Z8N0W6qhEdZ3Th8/tzL4DIHHGbUy8hN+W7kbpFIDPF9sNddMr01rdbtvW5LODkoYE0E22ViYoT+grxYE6/Wny8y5yoV1apoXF4yZ0Pk/mfBI+WemY1vMcG7Ye4zGFwAe3HMnIEnhY6twSi/WmikFqfZMGrnNiL5w0Q/C8YoiXefORACRbysNyO5Y3ld0JHrzYuyY9aOcWLjPdZqjXQ0yrTPT51ut4RjQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099186; bh=YJ+o0cHI6vKUVtCzRaXKWcTlHCvCvBHs+GV0MIFEl2H=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TfORwZEsUcNcJFeeJIHSLGXsBEFcVHtDBwHBO/ywkJ6KkEwv+jS5sK38kQPFT9j2mpzsy8QbjRX+4QlD57QeTN3lF0pwr8a+ct21NKt327ZvvrXVdk45teXf2ZcERMySRk/AQJizJVY0A3zMCTpl57rI4UvpbH6JRAO3I/wgCswuqrlZxM3x9/ZH4RAFWjG1P0AmNdyuDOsCuRizItBgYemJvAJo6ia98t7f+rn7wRIs0dZQuPfcc43WP0THgK7LqKBCG+iCnWXl3o51V5HprG7uiGAVggaVJ1buYIrhZtGGTLfBAx5R7Wq3jWSYXlMjLxro74Ero0/n5F2jJDMyag== X-YMail-OSG: GowP0d0VM1nBFxpUp03PHC415_6Lr9vYqZof1.UA7_f42hlkl.uRwfRQuBD6XrQ qYDWxjW8xQCywedqsDMNUaSqiRFa7q0oa._fGnsHtxa2s1YmrPmLBzm6dfVlDfBUfy0gpPeFh3kw WdDmr51Caq4NPSYkC64w29uVyd2DkbVztRmwH06_ppYQfJdPTETOeDqUk2c8Gt6FTXJpfoey0neJ 1ut9TVCCiq2MO6hHr_YffF4o39k60uZI12pDhLzsKBtIkxM.6PhOLBHFIGg.Vg7_peqskA8n5aFk E_jV7UrRZ7KWVlNn2jHlFKuHE3jSkIqQsmvc8WAxsGHP04zxUoR0fOM2WQpC5L.tf_UMl8O5s7Yl JSjSFge_EpQTMPDFuNPr3PqlaaPlOaj36YEozHehkVH5f6ezQjO6j1wMAzOo0uVcXLGxA9QYu45f OKk54LhxsEeA9uKYL.gEG2HvxAZ0Poi_UmXP2Ba5Hl88mneyTdCHr1XExMs_sDWAWkpfiQBF1j0f NLvP9b2O8ox_PlGDso0qxN3iiTtyP2GYouIjLync73NJNS5zoeHyLvWVPe_JeBI6SV6mscQ123OP iIUJ1Yl6.l8hUOVmIkLGY.mlUHsRi48hq_6meFmPh8ifLzcKtzO.Xp.Da0OmUYokgJAig7fka1XC Vsa_L0I_myfZCmJb5g7FxSC3FCFXIkLGSktSYk3hG8Dhc_KFtCMC8b.VF3FCGoCT_mzq8xgE8QBJ f_USqL_OqlP1VN.vfgQKCxssoAFhSmaXVKSkxL1NYkn2hKNENm2Oj7Gc6E7SXEiLB5Xl5G89ZmVd bAgc5GS_DqJOBn7CsKYWBu0hEQFz3XzLsD9XXTBbW9S0Z43J80AVANuS7TKlGxrJUa9DarzODCrz 5EQlHfu095BV4.pr4xUbiJykmGCk3J0Ao7gJ_zn1mx2IBsLvkmxp9sb11XuxxD.m1ye6FB4pb397 RvXtDcTJEPWgDQ5tVl4wTPivhrWorIMuTyQQHICfA8yjPYzZWoatpHJK.oLO.OLiNj57uFiSNCaQ VAM6SLrxPa3rqOlq5f9doMQUycdod3HRlJgkOlwgvaU_k_JDQsPF9YD0JIxDzkNQLhTd7O6Wn_Nq d0DM77fEgoXzs04rCLtibZu6un_fQ4L2JmxBrtBBTDZg_Cztu2AcoZ.vBgqdz9FZQOrkveaysNJy srGzW6Z5nJYA1ALKT_rHkz5w1ysQS9oSuzjBHmL51b2JU3.aKBphTXIQJWlZ5u8WQLVGsMn00swf Tsvos2BeUubrE4esyPX4S0kt.wqedY0G3MUPd77BRNvKkfFlhxB311Jjq8ZvILbFr2E_D._LzpFA BikDFytEnaMTOXmBG17mTz.oOWxlW0Y_5FFk5pTfPlTp3UVyD8889p09obxU559hmBuvZKBMuQp0 yVLSK4CXGT8l7F6H.8o5ixLOR4LpFJieiS9._dpHM1iqDqfYTo_XoD0nu_TCEVtYl5Cm8VvTfl_s SZhIxHF0KR.sDp4gswC7anNykr7flh5OO_JCjRNDUyiYyrO_uzhsl5kpzMEkdu31rhWdVh6bIbxl CqNTkx5uP4FzxbLMrZ5.Rh.FRrWhuwoClDgs0JkfitlMWc0I0lm7eJ_H1ugYHyO7hekF8.lm5sy6 msHpB0X1MzR2NpPesl.6ra4HXL2fJArRpHcEkPanwazT6JtE_PFzBAXUHXadEbM.8PJVk5pNm4NT x6k5f6joHM7ssfJXwYi4QJ_26r6Eab3soJBKI4ZtuLcskZ0uzYScVt0sodXgwQ3E0KWvWVkSzGWv 05KNHE2x6si5g6wzzR5cq8dwtsRZllZ7lAKF3Pk8hE2QMI_Ds_w_OrisPRvBowQOJCO9gmNbcYnz WaINsmOMJ0NeJuzCCMnOS8FHDP_S_bb8KFTitIW9ecj9nm7hw8x7UJNSNG7T_nQytPRebR7W6Aau UnyZbLaDtHZtcD.YfbWvdYaTqRgWcqNSJM5fJnVyeWKCGPdN.LVjgb8c758rX2O.Cg33COMqqEWz Wq.7p9kaJUeiX3ul2wLXWYt_nE4vQcXi2dHPUqdtyVosPFdRPoblRtymMTlve4_RXUtzofqGgxQb H0SEC1EQfuqhhQn6vVTjB.k8TP66.4F.f4SOy3jof3xaLuTfezyyJM8pUGl_XcC0BPzBX8JT13xE 7Lx08IP.9Ox19eBSk5b5I5IMxdNttrQayaVBAPwaYv6w7NdJIBVL0992bHYvgZXImlipTMxTeWPq l53Jr.gfmEKDQ8b7BDXX7wTvyozKcJublO_vl6vr6KTx7ONHnYBCBfAgZaSZuoKiE0Iq2X_M6dmm 9qjH.J5Z078ab4vNy1bg- X-Sonic-MF: X-Sonic-ID: b956c6e2-f3ef-40fc-8a19-60948a735995 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:46:26 +0000 Received: by hermes--production-gq1-546798879c-l2qgj (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b7487fe0c5844b066c0cbb2b5e828d88; Fri, 21 Apr 2023 17:46:23 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 07/11] LSM: Helpers for attribute names and filling an lsm_ctx Date: Fri, 21 Apr 2023 10:42:55 -0700 Message-Id: <20230421174259.2458-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add lsm_name_to_attr(), which translates a text string to a LSM_ATTR value if one is available. Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including the trailing attribute value. The .len value is padded to a multiple of 64 bits All are used in module specific components of LSM system calls. Signed-off-by: Casey Schaufler --- include/linux/security.h | 13 ++++++++++++ security/lsm_syscalls.c | 24 ++++++++++++++++++++++ security/security.c | 43 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index f7292890b6a2..c96fb56159e3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -263,6 +263,7 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb); /* prototypes */ extern int security_init(void); extern int early_security_init(void); +extern u64 lsm_name_to_attr(const char *name); /* Security operations */ int security_binder_set_context_mgr(const struct cred *mgr); @@ -491,6 +492,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -508,6 +511,11 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) return 0; } +static inline u64 lsm_name_to_attr(const char *name) +{ + return 0; +} + static inline void security_free_mnt_opts(void **mnt_opts) { } @@ -1420,6 +1428,11 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 6efbe244d304..67106f642422 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -17,6 +17,30 @@ #include #include +/** + * lsm_name_to_attr - map an LSM attribute name to its ID + * @name: name of the attribute + * + * Returns the LSM attribute value associated with @name, or 0 if + * there is no mapping. + */ +u64 lsm_name_to_attr(const char *name) +{ + if (!strcmp(name, "current")) + return LSM_ATTR_CURRENT; + if (!strcmp(name, "exec")) + return LSM_ATTR_EXEC; + if (!strcmp(name, "fscreate")) + return LSM_ATTR_FSCREATE; + if (!strcmp(name, "keycreate")) + return LSM_ATTR_KEYCREATE; + if (!strcmp(name, "prev")) + return LSM_ATTR_PREV; + if (!strcmp(name, "sockcreate")) + return LSM_ATTR_SOCKCREATE; + return 0; +} + /** * sys_lsm_set_self_attr - Set current task's security module attribute * @attr: which attribute to set diff --git a/security/security.c b/security/security.c index bc3f166b4bff..759f3d977d2e 100644 --- a/security/security.c +++ b/security/security.c @@ -752,6 +752,49 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure + * @ctx: an LSM context to be filled + * @context: the new context value + * @context_size: the size of the new context value + * @id: LSM id + * @flags: LSM defined flags + * + * Fill all of the fields in a user space lsm_ctx structure. + * Caller is assumed to have verified that @ctx has enough space + * for @context. + * + * The total length is padded to a multiple of 64 bits. + * + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM + * if memory can't be allocated. + */ +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + struct lsm_ctx *lctx; + size_t locallen = ALIGN(context_size + sizeof(*lctx), 8); + int rc = 0; + + lctx = kzalloc(locallen, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + lctx->id = id; + lctx->flags = flags; + lctx->ctx_len = context_size; + lctx->len = locallen; + + memcpy(&lctx[1], context, context_size); + + if (copy_to_user(ctx, lctx, locallen)) + rc = -EFAULT; + + kfree(lctx); + + return rc; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: From patchwork Fri Apr 21 17:42:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220559 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C026AC77B7F for ; Fri, 21 Apr 2023 17:46:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233409AbjDURqx (ORCPT ); Fri, 21 Apr 2023 13:46:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233278AbjDURqv (ORCPT ); Fri, 21 Apr 2023 13:46:51 -0400 Received: from sonic305-27.consmr.mail.ne1.yahoo.com (sonic305-27.consmr.mail.ne1.yahoo.com [66.163.185.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6DA749C7 for ; Fri, 21 Apr 2023 10:46:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099189; bh=0NTUeNzMGaXMn+H8CGAQVpJ+M1ACmhxnQPQXiZxaLKk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DqH7U5fl4CeogDUUHgW55FUZXpevXO3CnGZgqABKWWn5ZcD0HVkvSwoLnO1xmoKLgCCgtG5Ohd8QMb0i+9Muu1d0DPwhN31voRPtBoXDvGLu0vhQIjfI0mM2Vq2IYHyoIL/3Eo5gk+PVSpfBPxkHchdeiDiTP/AZg5q3yodye3qZJCzgcDzSPyrnli/THnP2iwcdTB+JzzHhwMqqid9rG2MdMXTfIzLsSBeuL+IPqHmKlTjpmF2z4/QbmLlK3S+bz7qwmVYqj/2h/6WzIpuZtGNjEgOdZDdYnacoviWcQG74TkmfXtQ/fAR0EYS1qCg8TuMOlopPrpNJgnooHvg5BQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099189; bh=zckhMpWAb7uWXxb+Q4g4n5H2g7mq7zOTpE1lSUOWw6I=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=dnS+R80fd1lcTmc7DBndB8efuxCojTSPql9B7MfPFij/jOZf9xParjxhr0KW9OTLeZmo/ncF2BLhmH4AV043HM5WgNQcycVHD37tmLH0t9X4q5r8GVvVEzR19t+mHtQmqnkQr0ZvdcYIUS7yjXDXbPIq5Lt4Ylyk3/i2PjpsGWZHPxoeeJTKMyeJciRrAXQqNG7MKpJOLU4WW8PxePxXXCTMJkNRkVrFUI9CXwkC2j22IljqM9MFIxibBILs3t2Ract0CxnPaiob5XHBSw0sDuGGKUz/CE1+BtAA6S6/WHz3Zvoh7jJvl/YAzjs0qxiUMfnJEH2RGRKqZ5aRIgB+/g== X-YMail-OSG: CGfVMAgVM1mCUOCBfsrPKYVw.90hEbo2ERHkYrjrvqPzC2UNStpSbMRLmBw2gU. lPmz3SPwb3Vq5pajo00J1YHBqifIuDFl.VkYG2FsjvAD5GFW73WVKOhWxUkli2fQHZwsAJFSLYfk LGdfM4_Bwe8GRDC3WvOGG4BAcPExmW2qdQ0_lFJbH7la1gG.guFXfy95gsJR_Z17j_w9QBL.rkkf _6EL3t6rXZr_df5Tw82rBjZcnEPfpYIlmg23IQ0MVdj95jFa38jVgGUWhWF2IqRp17Au2HFO9eSp tnwxbXpPgZLlm4M1a74_8A6h3zctcpyMABflmtxGv8yk2ixvYU2NkFVxbadiMnxG0nxTsQagJDVQ eNnLAGQoesVdW.HtUEC4lVmtXjDvvqeP73FwKFkbbWmNYDBpmNofmRrJGVMg_p0oI3YcsmV2sODG zz1_59kxXsdVM02xSAg0hQr2ZHG.g3TBMyFYQ8grop77.oV2Dv.tecVFOCDQsPmX2iIHi3EBBSRC pjDxuJGsz_PFfjfFWaH6TMLkK25FVyZ37ntg7Fra9mYJ0etKwgwUJc8rYRGtW3mOTiXYMVpZvR0V fZN_T4BJnp7OnxORNuXMGyp8v.JIyiEB93A4qzrbpqHtOSFCaQk_M5lQkIe6f7HaN_PZsE56VEms XgoNoopeYNAk9FgNCJKahg3fV6rDYZon6WBaOqciDjvWkwiTAK3_sdkLbLH6grF_w5RVhEbFT3QY Msm8ZOVQcEcdtQKXLCbxboTAGXIYJBr4bfiuLsP_vqHe5MFtuugvJc1JSt7LleMyVDdWyiIJcLsM JTni_WZ3itSgqRKOPZapOGdHSBMf4znnewUKFoKczihCgVtZyuawE1q0tfJesQCdgTaCpiTOqLF3 lZnWsl2fajYxMXHpKf0Fc8_pbAhp73kvlmW4eScwRpzmzHUNFqeWsSY0KBcycD1e7GFeDIiu3duo 5ML3_Qjs_AVmjgFhLYQ1D.algTEx7ADRwV6INvsjbfczlSWmzmHYw1uG0WDaUTO0sbgmpi6X0I8c 5RrtUYPbCtaK0PDWNq.kBg_UarM5vuQe0PUa9ANb6JsZlb_3XnDnWww4zcKRHMVaqO3ltiMxArIw toAJnGz86A9ycR0tIqxWXgeVpjDaQDJE7gxfd040ZT3zfew9SjBPO3h7kgw8SA4FoIzhxz_2q7xQ y9DEmhiFLrgH7HTRP5FCppAz0KG9yLEg31Fm50emvkdApZVWk8VZRM2mnPl5Cu2Wi6VTjGo5Mb0k p6cHN2Xp9CT4CuwjbZbWoWTWbe8FEhhTD8JpWAlFq8DQbjY1GOra0GTS0yLI0gBNoYNNstpxQXT_ 3OFHu2oWo9sS.YnwcCJpnHGer8XT4Las6T01ZpmHf3PwMeixtC4xo.G.c.cmeBZI1YR_xNUIq6k0 DK2wjUyhcNcu9Z07b8zCbOr2OL3BUUnTMKqVN8cIVedRtYpFACndbisZ2dXqIjOry.sUVNWZZUE8 O2KCQkDQmnmmW8Pgf9L6onvDGo73oPaevc2upVV9kEzNIxBB6Sxz7u5SiEEtuGW3CbcG32rzx8G5 ZZA1yxDmzbvOoYcw7NmnHLDTuDbnYdjMRlBq5AaxsOaBbLlp10saaop624.UuNJlJFR4iI38joZY QrWBLrkmHy2rl5hevUcju5_UKCS2XANLk3bGylNWNs5ggzm8l6Ki3hIlLfkrHD14iu6uB6tDlyEj 4owsDDg1adbElFEq092ebcA6qgnYYEqtGL9etEH9CwbvM9j11QgZhrndaz7jJ3BRmhwmCCwiCvya ehEV_OEdSJsDHCzzU151LEqsNPD1eokvFwrtU4GH6nvtdo6GASOzphUJhfgtjy9aPxDRql2Kc.KB TczOnQGdbh7O1SksjPXMct4YXhTFmJGQURmu84g_HyksPPSGj4RUkJmEK4Sl7UJF2JwTfkfZ49h8 qAi0kS66hEzzC0KiRnrc050qZ_D0YHP4JQl_D3iwVocalJjqMlJ8_FWHxlVJXp.SMhuTJ95R0H6h gH5p6_5OduvnGzSYua7qG.MoM6pLu_vIrV9Q0ahKpA1dVCjFUFMMs77ReRGQUqMx7QURokyk8K9W 8XvtLT6oFl7EudOJjDNGLYnbo0AoMQEdkw.5BOT_inu033XzSZJQStXcJKXaNi1pBSqAfttPc3J4 cNiWc1Y4K6MfhBunrN3zk.FFL.Gxv1_I496eWUXU0SjyWuabeX.wPs0OBsMGI0AtTjQOPz1lHPuQ aMbgpbOt.tQEPK64m.BdZsN13wna0YbKmbCG65AqmpNi.FJwDtAc2_kfG8ZqkHsAYcCweaaN7ZLl YDSVDjld6z1AYeAovVsSs X-Sonic-MF: X-Sonic-ID: 5b4ad7b4-8deb-4b10-ab81-eb15e54dd0bb Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:46:29 +0000 Received: by hermes--production-gq1-546798879c-l2qgj (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b7487fe0c5844b066c0cbb2b5e828d88; Fri, 21 Apr 2023 17:46:24 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 08/11] Smack: implement setselfattr and getselfattr hooks Date: Fri, 21 Apr 2023 10:42:56 -0700 Message-Id: <20230421174259.2458-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Implement Smack support for security_[gs]etselfattr. Refactor the setprocattr hook to avoid code duplication. Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 105 +++++++++++++++++++++++++++++++++++-- 1 file changed, 100 insertions(+), 5 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3cf862fcbe08..902b39c187bf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3552,6 +3552,41 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) return; } +/** + * smack_getselfattr - Smack current process attribute + * @attr: which attribute to fetch + * @ctx: buffer to receive the result + * @size: available size in, actual size out + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 1, the number of attributes, on success, an error code otherwise. + */ +static int smack_getselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t *size, + u32 __user flags) +{ + struct smack_known *skp = smk_of_current(); + int total; + int slen; + int rc = 1; + + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; + + slen = strlen(skp->smk_known) + 1; + total = ALIGN(slen + sizeof(*ctx), 8); + if (total > *size) + rc = -E2BIG; + else + lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, 0); + + *size = total; + return rc; +} + /** * smack_getprocattr - Smack process attribute access * @p: the object task @@ -3581,8 +3616,8 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val } /** - * smack_setprocattr - Smack process attribute setting - * @name: the name of the attribute in /proc/.../attr + * do_setattr - Smack process attribute setting + * @attr: the ID of the attribute * @value: the value to set * @size: the size of the value * @@ -3591,7 +3626,7 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val * * Returns the length of the smack label or an error code */ -static int smack_setprocattr(const char *name, void *value, size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; @@ -3605,8 +3640,8 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (value == NULL || size == 0 || size >= SMK_LONGLABEL) return -EINVAL; - if (strcmp(name, "current") != 0) - return -EINVAL; + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; skp = smk_import_entry(value, size); if (IS_ERR(skp)) @@ -3645,6 +3680,64 @@ static int smack_setprocattr(const char *name, void *value, size_t size) return size; } +/** + * smack_setselfattr - Set a Smack process attribute + * @attr: which attribute to set + * @ctx: buffer containing the data + * @size: size of @ctx + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 0 on success, an error code otherwise. + */ +static int smack_setselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t __user size, + u32 __user flags) +{ + struct lsm_ctx *lctx; + void *context; + int rc; + + context = kmalloc(size, GFP_KERNEL); + if (context == NULL) + return -ENOMEM; + + lctx = (struct lsm_ctx *)context; + if (copy_from_user(context, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = do_setattr(attr, lctx + 1, lctx->ctx_len); + + kfree(context); + if (rc > 0) + return 0; + return rc; +} + +/** + * smack_setprocattr - Smack process attribute setting + * @name: the name of the attribute in /proc/.../attr + * @value: the value to set + * @size: the size of the value + * + * Sets the Smack value of the task. Only setting self + * is permitted and only with privilege + * + * Returns the length of the smack label or an error code + */ +static int smack_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * smack_unix_stream_connect - Smack access on UDS * @sock: one sock @@ -4955,6 +5048,8 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), + LSM_HOOK_INIT(getselfattr, smack_getselfattr), + LSM_HOOK_INIT(setselfattr, smack_setselfattr), LSM_HOOK_INIT(getprocattr, smack_getprocattr), LSM_HOOK_INIT(setprocattr, smack_setprocattr), From patchwork Fri Apr 21 17:42:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220560 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41C46C77B76 for ; Fri, 21 Apr 2023 17:48:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233384AbjDURsi (ORCPT ); Fri, 21 Apr 2023 13:48:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233414AbjDURsh (ORCPT ); Fri, 21 Apr 2023 13:48:37 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E67B149F3 for ; Fri, 21 Apr 2023 10:48:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099284; bh=KMOzWG/bqXp9n4/eGVrKOVZpR9IkQ7uUdoGQbFvv8Ik=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=udMXp8GP7mmHvA2Eb6E9iu2hynZCKHmRgS515k5sMBMLQafLwehTY/NjN105+Mi1UQBO/oS+Q26yuvMRVAEGmDPz9dveRaLbcl7qBI26FcYzFEzpvvy2AgLFsoVAiCnaOb4m22dIVt2SNuDHbVtzPClKtWI7VTbQ9eAKVc+sDchKgW5a+XCPEiIJhN0151cJJj7OPakPxTUHiHvdLCklxFg+pZWC2JK1C6vLQaAvDH0cdtDZkxci2N8x0rEjm6h1hbjQyW1gPhY8DN6JPD1cpofrUYN0E3ZRHzHLnUzdzT9Kp9w/Jg+gxsumXizoySwCJVu/vtYNn41rqYYmt5W2/Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099284; bh=aLQR0ujlGxqCeoxSVa2tPSpYF+YQP4IYmTp5DYLrMBC=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=LbMWR2aKHjb5weqlnB5z2Q/VVBCBLUWA7bh0/4NDv2EBgkAoOAMaWjY43fDj/SdrJoJT6HjwSAVejKMZt0TVPdaHAIxyK0/ihrp8w7qJKcTKDC5dnMpvc0eylsNIbXHPf1Xqeio4OVaTwXewdMeOktqVnnNz6Me0VWX57MdGuOiz7TDQ6z19oPbMl9b0fUInyw87T+Q55vSyoOdExNwLzJAsNLoOpPTwWzH249pA/mAyD9sxtiw4+JnLf1FqadG58zM+p4mznUPfBv0jZ6NiOckiHKlHCAj+Z+HNtHUjlW2hCnhAxLOQ6NPfwQeNisZ9BV1uOZvqYcGCnmUHVo7Gsg== X-YMail-OSG: TrbbvdsVM1nqZD2VCrgKCmLaD9KctojvCpmQLRIOEzR3KCUTzu9dnBRMDY0J4xk 9cTBjosEug17oZHA7h2xT8f7OjUxVLiRYNbe3EcHRL56iJhE.IjWGF0LXSb7Yp8Tcy1Uo2N8mowJ wc0AFYMg0FTtSxG54Ubx1UuX0k51pC2Ck8wpAfhwcOhmELWggphXvGUB67k_Outj.Y0NNUy0LM8H qK9M6nbWyZdnUpTwVbsLlQFOcqfV91G2G5cl.3b2OlZ488VFI8iNbfom3YRV7MWgIySxJlQc.4SL bZBIKGAGIORBRKpnooWFzELFnqSGRqBSq2vRIocYLrNv7RhnyKfmOFneRbShgd..jShBQnr3XeCA jzUAw68e4tgsj7.YfFHBv9TcmoRkakVKCCWhq13460VCarGknG5dPZphntYcjpGa9AulLz7tHgUO f2D5aOqlgFrXWOpzrQjwwlkzTriLPKSR2__JsC1ymmmVtzKnCmkbHk96tI0ZQi91vfjJKaO.qGEY TqwsOtMbj1jl7Lln.IPC7JzpafE78Y0F64pXQ5f7vTb9pEUwkM1Hg_Y0l_8H3wuHsj5xLcVko.Ay 39jjPPniGPDBcYGeUeOTRBq7HjySUStTlV1We9NPdfpXtBhHOEt1yVf6fHZo8V.12JQ.uD7bvmMb EvRFsS5eZ9uClzhiH1UNbaYkkqRRNQqtga7Kyt4BKoKJ3irMrZqwO0PSlYUvizXTc.HQbKs8dYs_ PWRvOrr1w9JVMF3FU_Dzb5EHc8CLrtjNKvth78t99MJB0lVw6L2MjDR.SzhPbXwTaohZH5J72VhE g7Y7EhjOtPG6.rSOn80HdJt1TN6qeo8SSNReok5AozhvfvZd8XP5SxgX5VMrCvaZj63IF7xIPS1N 4IGPhuUu9KRK48Rd13EOlrmLjGj53nsdG6m_62.X3lAXALKm3mix9b1HJMR1PYtUHpf1njyrT9Ko le0jKTC3pHoKB1PX28bo9KI9p8KYPHF3LCxBxDnK3fjOnu32.I7MGwsVnvSepbDQhxtH_8Qe9c8M sb0zbAtqtedyt2lZrVm7FDxrJBSpMA.IzFQ8GnGLBWzxohGCcPCNfZbvyd5L2AwkUIUxRonydRSd ItiS5WcBiL1ny_8tVdsmdQtyUhmYmcbVgo8O5Q.hwp88rQX8p4Gdc8vhW5EpMrkWz4v63q7fYOOv 8cpj2Hi9KjAUwkOIR0UToysB2il_QkTVBS.vIbjc4XL1Cz.wB6Bo_dSm14cVYQwSFzUpZ6HneE0w MKFBak34QCEoQ.uNqAblWuUf.p8WjxmwuMA2BYnjotI20TDcJR.f1MW_0CtpR9WgaTo.xgCHz29S 7rc3qKCqI63juMSn1llRHeuhdwOVFXGGqenyZi8fvi5gyLKS4iuO.wW9pBsv9ur2PX_pPf.DDLvR rgCHdklDxBwQY2DZuT8Ymd36mrt756yHkAbZRIqNBXjmTDC8KKAtLiUKAWtzSgyWbWANhuR.jVfB S3bGsl.jvq6XOiIvSrl4rANoUuyEWxH9yb36gZ.C1jk5LXxsHa8nVqqoVR3gsWWOMbfy6KC1BiT8 gGCbcZHclJ.EW6BzegCg2TaTyuhuTuujRSO.IOpofKzTKLVJJrfYFLdgKsfDVMSPuMyiO6bUrfjP FirQc0nCG03otfOP8jMu8T2ZU6vsoFOnBAxOHtFxpby5fVktGGnLAoLtctW8OceBMolBtUjaGtQH ZKts48fgcp120OhdxYV6naeoZl0_54a_.s9xdbf2N0WM0b1gGJ5noVHCiGWsIxc1yC0r.8Ksh.Ql UvYzEXciuJqP70ErFvaPb4FZaAzZ7GvXBoMWeSVoJBfwTd7VNpULfDWsmIL0TFgtsPweQTWxcgKD MfAKwqeaXuaaCRMNhmmaahJV3xBHDLKoayLrPp3dW2x8RGkxcCQyvVlR3HljcC3vBPIHta0eme_Z rdtJEpV4nw9JCqdlIYgsEufL8fycERiUKYLTmw395QVis7QNRwOrFWgZHPz6hNx4GPqSjJpwu3C5 4FcMQi9MObd6TU_m7LZ5e4mxil8PBuZVm.ErYNyYCql991hmut.t4OzJV3KkIRnxnmBpCskcKAh0 WL4BhE9hIcDIWqOQ2FVDwFCVaCqGSoIva5jwYC7Gqa_Few1fan.jv7ayyo2v.RWFcEqROqNa3YM_ UIaI2yHsJE0gyvjxxDZJn7jIy3DQzIK3REKWiaOfomOMEf8gCi6aHY0q6l.4xBzmgqGEdH1fsrut KlqLUziIBjjg.wGF0yhHpTYZmsZIMXLpiptfhqQebrnfIjHJi48Ds.w5N6gAZknsYznvJXs2Z5rh RahGJbwDTpGyNMdhIEV8- X-Sonic-MF: X-Sonic-ID: e1cbc5f2-9dd0-48df-983b-6f1d6ca72e88 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:48:04 +0000 Received: by hermes--production-bf1-5f9df5c5c4-qlh82 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 091c2dfb80bceefc0923e7e11c81b629; Fri, 21 Apr 2023 17:47:59 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 09/11] AppArmor: Add selfattr hooks Date: Fri, 21 Apr 2023 10:42:57 -0700 Message-Id: <20230421174259.2458-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Cc: John Johansen --- security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 96 ++++++++++++++++++++++++++-- security/apparmor/procattr.c | 11 +++- 3 files changed, 99 insertions(+), 10 deletions(-) diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ce6ccb7e06ec..bdaa8bac0404 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -630,6 +630,45 @@ static int apparmor_sb_pivotroot(const struct path *old_path, return error; } +static int apparmor_getselfattr(unsigned int __user attr, + struct lsm_ctx __user *lx, size_t *size, + u32 __user flags) +{ + int error = -ENOENT; + struct aa_task_ctx *ctx = task_ctx(current); + struct aa_label *label = NULL; + size_t total_len; + char *value; + + if (attr == LSM_ATTR_CURRENT) + label = aa_get_newest_label(cred_label(current_cred())); + else if (attr == LSM_ATTR_PREV && ctx->previous) + label = aa_get_newest_label(ctx->previous); + else if (attr == LSM_ATTR_EXEC && ctx->onexec) + label = aa_get_newest_label(ctx->onexec); + else + error = -EOPNOTSUPP; + + if (label) { + error = aa_getprocattr(label, &value, false); + if (error > 0) { + total_len = ALIGN(error + sizeof(*ctx), 8); + if (total_len > *size) + error = -E2BIG; + else + lsm_fill_user_ctx(lx, value, error, + LSM_ID_APPARMOR, 0); + } + } + + aa_put_label(label); + + *size = total_len; + if (error > 0) + return 1; + return error; +} + static int apparmor_getprocattr(struct task_struct *task, const char *name, char **value) { @@ -649,7 +688,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, true); aa_put_label(label); put_cred(cred); @@ -657,8 +696,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, return error; } -static int apparmor_setprocattr(const char *name, void *value, - size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { char *command, *largs = NULL, *args = value; size_t arg_size; @@ -689,7 +727,7 @@ static int apparmor_setprocattr(const char *name, void *value, goto out; arg_size = size - (args - (largs ? largs : (char *) value)); - if (strcmp(name, "current") == 0) { + if (attr == LSM_ATTR_CURRENT) { if (strcmp(command, "changehat") == 0) { error = aa_setprocattr_changehat(args, arg_size, AA_CHANGE_NOFLAGS); @@ -704,7 +742,7 @@ static int apparmor_setprocattr(const char *name, void *value, error = aa_change_profile(args, AA_CHANGE_STACK); } else goto fail; - } else if (strcmp(name, "exec") == 0) { + } else if (attr == LSM_ATTR_EXEC) { if (strcmp(command, "exec") == 0) error = aa_change_profile(args, AA_CHANGE_ONEXEC); else if (strcmp(command, "stack") == 0) @@ -724,13 +762,57 @@ static int apparmor_setprocattr(const char *name, void *value, fail: aad(&sa)->label = begin_current_label_crit_section(); - aad(&sa)->info = name; + if (attr == LSM_ATTR_CURRENT) + aad(&sa)->info = "current"; + else if (attr == LSM_ATTR_EXEC) + aad(&sa)->info = "exec"; + else + aad(&sa)->info = "invalid"; aad(&sa)->error = error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); end_current_label_crit_section(aad(&sa)->label); goto out; } +static int apparmor_setselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t __user size, + u32 __user flags) +{ + struct lsm_ctx *lctx; + void *context; + int rc; + + if (attr != LSM_ATTR_CURRENT && attr != LSM_ATTR_EXEC) + return -EOPNOTSUPP; + + context = kmalloc(size, GFP_KERNEL); + if (context == NULL) + return -ENOMEM; + + lctx = (struct lsm_ctx *)context; + if (copy_from_user(context, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = do_setattr(attr, lctx + 1, lctx->ctx_len); + + kfree(context); + if (rc > 0) + return 0; + return rc; +} + +static int apparmor_setprocattr(const char *name, void *value, + size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * apparmor_bprm_committing_creds - do task cleanup on committing new creds * @bprm: binprm for the exec (NOT NULL) @@ -1253,6 +1335,8 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_lock, apparmor_file_lock), LSM_HOOK_INIT(file_truncate, apparmor_file_truncate), + LSM_HOOK_INIT(getselfattr, apparmor_getselfattr), + LSM_HOOK_INIT(setselfattr, apparmor_setselfattr), LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 197d41f9c32b..196f319aa3b2 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the label information for @label * @label: the label to print label info about (NOT NULL) * @string: Returns - string containing the label info (NOT NULL) + * @newline: indicates that a newline should be added * * Requires: label != NULL && string != NULL * @@ -27,7 +28,7 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); @@ -57,10 +58,14 @@ int aa_getprocattr(struct aa_label *label, char **string) return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) + (*string)[len++] = '\n'; + (*string)[len] = 0; aa_put_ns(current_ns); + + if (newline) + return len; return len + 1; } From patchwork Fri Apr 21 17:42:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220561 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B838C7618E for ; Fri, 21 Apr 2023 17:48:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233418AbjDURsk (ORCPT ); Fri, 21 Apr 2023 13:48:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233426AbjDURsh (ORCPT ); Fri, 21 Apr 2023 13:48:37 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A37C849C7 for ; Fri, 21 Apr 2023 10:48:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099284; bh=RkRD1JYtRg+oCyUrqsUJWJ2Htp5ud/nlxUPBaRuJolo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Eoc19vLvO4MK8spJEkOR5OXYG1noSIAn1OcXQHdl0DVjuxgr1FanOBH4mjZ53OpzF+AJA5C6+YT0XaXb8va6tqZ1GNPJHs7pwbRDkt4dg8KWBpSenhwUkMD+sNq6OMorVW9a6F/DeGnSM7GQ2q42z53liZTNGoFiaIcnTNvgYXyX821c4ErzJM0fwOWwxS3ZFoEpu8h6aCM7P8JX7mf3DcRde6b6vq52GfRmeBMuq/sLhJCQBmV0HjyvLnrpiV0d++FBH8/BlhSBTnRSR49qv0sO5F5Zf3xy9W6f8yLquhrjA0rCX3YhGQ+RWiTbptNftcwJodSDjv3M8jJZ3Xo2xg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099284; bh=iXQeyjSX6Z+Qrcxmv5Jr5xE24KmE4SL+R8O4LFJ/3rC=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Hoiur020a0iuPfeVE7J729ceXCiJXlqBX9vW12dl4Asn92H+I+Po+pMR3bkyacOpZsNHtD/kMMFWddmqb+zd5r4IsrrbRtpsUnanZrs036xzPHCjk+ozeX5o46d5sMUGXgR4o5z9S2nrZ2XQ0IiUB3pqlcHfPZIDEjW5U3m3IxKXZrQHes2BGkTHrq/c8ELhuV0mJzXUpipYndoEcKzwX1RjHyggXSPLrd6v0TUM8SZwS58VT4YnyNSzUYzB3+ff96kE1A5+Dpj8hl3OxPRWx5pn1VK3SSLPgQC/4PjrmownpkD/4kNNDnmDCxcTkKfYvoxRWKka9OjeHpCmuTe3ZQ== X-YMail-OSG: _qwkgZ0VM1k60zC4hrPdMtgvfEx3WYQhHc.oQ7nyi5esLJrrUTSKhoB4eQoiyh6 H0gxzv4ZPGjN7WBBvatZcTFMGCqFnIvMOAsABofsqFU.egEgT5d6iU1mHor.LusmJpxbbqrtkNGJ 6YQL09CI1J7_GHZiVckhV13RCUO3Zz5v8kIsTq9ft1OY824lBm7fERPJAz0JXyWeMhEDUH38HiXt sacASKIatWgjnsDPUwD_.B713Xz8GPcrxNZ9wA5_.dXQGhgYXNxV.LAS0qH8aPTxz23kSt8d7EAF liELIjd6u06E9u0udN7pPm87caP7NX0ZPFaTKxBJfom9p9V9mrm0sMD7EMoh6vb6JOtniWdYhCUs Gxc.PEl7qOIQGUdDqo4HzQsX3POjzhSbiA2.oPHfLl3se9Fo4eoop0pjWLQoCxtH.BeDrewSTjg7 EMJ..6kztEizIwB9jqYvXVrwzDL9e2jrkIKxuHADXM3ZJ6.VJ0gi6HIuiRB9HyegQRDHyvF0z3xX .44YP5QL49sLOzCVpwwD7nyT6NTzY3yLL_A2C5c4A6KIu3EWHkijJsHc0jj9ZV9r24nB2UjZ6QkA j3oIbk6dubDFz7vVpEgEaZ_lnBGPYHUyKy3K9JCEGLjpVo9eZMe7SQQxustdEau2Oj6BoBbnsQ4V jFgPptIGY34tKWnvLtIvZ8lBxm2i_W5elOwdg7YA8fEuMIvlwTf.noMQHkYOsMA2ilU6sLH7lV3X SRUwPjnhE7qo0veZ9eMGmvm3J8wIjtPTHfCpiH_KsY75XIuEXO8kBLOVFAcH952mMp4lyaRXdoxI 2_oGvESBGGSvtp80qMf5KEWA3a23SGzJwLs96Jzaee54weIF61u7pF_wyOmV9O89BwF2gvox.Cm2 nheo.B8sNMmBjUGE_KuuZ4TNOvcMYcoH3UEXpJHdlGagRalil1aw5.8sBhXEe47i7w41U0EFdL9U 4Y0ZJ87rjOgv6gIR6gk8dyBxic3woFJKxiQsDjDp2q1Fmof0eF95iapR19qSUImFaplZr9xBKVr8 nBB27Ma2hjb.rOax6oIsG6KGg_7ojzq06wPBJoO_T.I4OGo63DeSmWcwZezmObF2BpRLqArZXIRX N8nS5y3IqHxglO8nDLhmB5VK2ky0tr8sGEjSKSlUs8WJVHoT4ZvnNbCm.oPK_GLasUNUGoSVC2Yr SVtOH7CvYvihGosIrrHXROC9kS4ALiqbaX1h6JFECuMzynGd9MyVt.XAlKdOpPbWCt30qvIR7IUC YNRVO3aybVAm0epNoHKRVZwA89KvQYmM4NdyjZINbAO.IZMO9swoI8q_1.p5q6IDifZcQwMjP1Tm 75EBjiumQO2NO70sz1GtKYw3HIqHvUCWh_JK_11Rg0mmg3uDaWi8Ylj7JAskibPf4ZZLJ5wRiKR3 pb9X_w.G1bfyOTD_dssBiACZYLPelvvd_oAkPk5XId76ORiWpB_uNW0AxBQ4Dj2l27vmyeIzdIh0 sGBPjigquIaiO05NIVVz6efi90QnQSElLJBTB69Yb5OlXQWY.ybADFBdlSK6LDMe4vaiJS7rougG i6vXfX8DiogQTBo0zj1OablTyHFywvdOzjwfjtffEl5X92ZxmQm7LKXA9VziUK8SQbHyP1om0IFd Md6.YMtasUYgnfu9oYsmdbyqX3ODMe7NAjh8lwPcltkRyvDKZHMnYCb.r23VFG.x9CDfr4phvzm4 gvziYa126ihrui791N1Bo7YvTant.qaKhGAsNdawlvsmoc4rZPHKMPuWuPsp1wJ8zUn0YlOS4_EE JCjguG.pttuOmt85GxvWEc1kuKwG47ooyBe_nj8xzF8LTufCqUmRNqntN5GteOgKJcJQ1ULz7QHI Sa.bOjU3LEOUJMvvprnBKbFnqM9lY2UrJ1HK_RJrgnsHa8wMbagfF6IEDZY9qFqfUuALhwVgon9C GGIT14SRyzLeoEVB_IEt2AKs2E1FcRLjMM.TrDprVky4.CisaXyBDlbIYl2BUHOI6uar2s16JWKX 1DV4UIwysICczpov9URue_w4uCTU6X2Pk7iHj0iYr8xaErp8nJziRK2H8BlpGNpfGmoZo3AP3ZG0 dt.YuZ5aHUKgV5Qdsfjthg9fL5xjgK2Vm4lOs9hcuhBrQlXhJdji8GW3M8tf.1Usyv_Lc8whPH.B 4DFLYQhNNJAhlN42m161AiKm7XcYpFVUnamKaIJ2BHeFO_VLRgadizHSkgAF2TypvGXkTbbFnpkD VVCH3K2tFLVRWPikA.bxlTfN2_KxfpZZ8kxkG5zA8RPzD6nsRnefAOsY84AtxDWRsje5nUTej9VT lo9OZaKdKvg3TcOuBxry3iMuxBv4Yr8g- X-Sonic-MF: X-Sonic-ID: b883d241-2c65-4fd6-a7fe-229fd28703a2 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:48:04 +0000 Received: by hermes--production-bf1-5f9df5c5c4-qlh82 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 091c2dfb80bceefc0923e7e11c81b629; Fri, 21 Apr 2023 17:48:02 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, selinux@vger.kernel.org Subject: [PATCH v9 10/11] SELinux: Add selfattr hooks Date: Fri, 21 Apr 2023 10:42:58 -0700 Message-Id: <20230421174259.2458-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Cc: selinux@vger.kernel.org Cc: Paul Moore --- security/selinux/hooks.c | 153 +++++++++++++++++++++++++++++++-------- 1 file changed, 123 insertions(+), 30 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9403aee75981..9bc6206fb1ef 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6348,8 +6348,8 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) inode_doinit_with_dentry(inode, dentry); } -static int selinux_getprocattr(struct task_struct *p, - const char *name, char **value) +static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p, + char **value) { const struct task_security_struct *__tsec; u32 sid; @@ -6367,20 +6367,27 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + switch (attr) { + case LSM_ATTR_CURRENT: sid = __tsec->sid; - else if (!strcmp(name, "prev")) + break; + case LSM_ATTR_PREV: sid = __tsec->osid; - else if (!strcmp(name, "exec")) + break; + case LSM_ATTR_EXEC: sid = __tsec->exec_sid; - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: sid = __tsec->create_sid; - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: sid = __tsec->keycreate_sid; - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: sid = __tsec->sockcreate_sid; - else { - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; goto bad; } rcu_read_unlock(); @@ -6398,7 +6405,7 @@ static int selinux_getprocattr(struct task_struct *p, return error; } -static int selinux_setprocattr(const char *name, void *value, size_t size) +static int selinux_lsm_setattr(u64 attr, void *value, size_t size) { struct task_security_struct *tsec; struct cred *new; @@ -6409,28 +6416,36 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ - if (!strcmp(name, "exec")) + switch (attr) { + case LSM_ATTR_CURRENT: + error = avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS, + PROCESS__SETCURRENT, NULL); + break; + case LSM_ATTR_EXEC: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETEXEC, NULL); - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETFSCREATE, NULL); - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETKEYCREATE, NULL); - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, NULL); - else if (!strcmp(name, "current")) - error = avc_has_perm(&selinux_state, - mysid, mysid, SECCLASS_PROCESS, - PROCESS__SETCURRENT, NULL); - else - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; + break; + } if (error) return error; @@ -6442,13 +6457,14 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } error = security_context_to_sid(&selinux_state, value, size, &sid, GFP_KERNEL); - if (error == -EINVAL && !strcmp(name, "fscreate")) { + if (error == -EINVAL && attr == LSM_ATTR_FSCREATE) { if (!has_cap_mac_admin(true)) { struct audit_buffer *ab; size_t audit_size; - /* We strip a nul only if it is at the end, otherwise the - * context contains a nul and we should audit that */ + /* We strip a nul only if it is at the end, + * otherwise the context contains a nul and + * we should audit that */ if (str[size - 1] == '\0') audit_size = size - 1; else @@ -6459,7 +6475,8 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) if (!ab) return error; audit_log_format(ab, "op=fscreate invalid_context="); - audit_log_n_untrustedstring(ab, value, audit_size); + audit_log_n_untrustedstring(ab, value, + audit_size); audit_log_end(ab); return error; @@ -6483,11 +6500,11 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ tsec = selinux_cred(new); - if (!strcmp(name, "exec")) { + if (attr == LSM_ATTR_EXEC) { tsec->exec_sid = sid; - } else if (!strcmp(name, "fscreate")) { + } else if (attr == LSM_ATTR_FSCREATE) { tsec->create_sid = sid; - } else if (!strcmp(name, "keycreate")) { + } else if (attr == LSM_ATTR_KEYCREATE) { if (sid) { error = avc_has_perm(&selinux_state, mysid, sid, SECCLASS_KEY, KEY__CREATE, NULL); @@ -6495,9 +6512,9 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) goto abort_change; } tsec->keycreate_sid = sid; - } else if (!strcmp(name, "sockcreate")) { + } else if (attr == LSM_ATTR_SOCKCREATE) { tsec->sockcreate_sid = sid; - } else if (!strcmp(name, "current")) { + } else if (attr == LSM_ATTR_CURRENT) { error = -EINVAL; if (sid == 0) goto abort_change; @@ -6542,6 +6559,80 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) return error; } +static int selinux_getselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t *size, + u32 __user flags) +{ + char *value; + size_t total_len; + int len; + int rc = 1; + + len = selinux_lsm_getattr(attr, current, &value); + if (len < 0) + return len; + + total_len = ALIGN(len + sizeof(*ctx), 8); + + if (total_len > *size) + rc = -E2BIG; + else + lsm_fill_user_ctx(ctx, value, len, LSM_ID_SELINUX, 0); + + *size = total_len; + return rc; +} + +static int selinux_setselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t __user size, + u32 __user flags) +{ + struct lsm_ctx *lctx; + void *context; + int rc; + + context = kmalloc(size, GFP_KERNEL); + if (context == NULL) + return -ENOMEM; + + lctx = (struct lsm_ctx *)context; + if (copy_from_user(context, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = selinux_lsm_setattr(attr, lctx + 1, lctx->ctx_len); + + kfree(context); + if (rc > 0) + return 0; + return rc; +} + +static int selinux_getprocattr(struct task_struct *p, + const char *name, char **value) +{ + unsigned int attr = lsm_name_to_attr(name); + int rc; + + if (attr) { + rc = selinux_lsm_getattr(attr, p, value); + if (rc != -EOPNOTSUPP) + return rc; + } + + return -EINVAL; +} + +static int selinux_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return selinux_lsm_setattr(attr, value, size); + return -EINVAL; +} + static int selinux_ismaclabel(const char *name) { return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); @@ -7183,6 +7274,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate), + LSM_HOOK_INIT(getselfattr, selinux_getselfattr), + LSM_HOOK_INIT(setselfattr, selinux_setselfattr), LSM_HOOK_INIT(getprocattr, selinux_getprocattr), LSM_HOOK_INIT(setprocattr, selinux_setprocattr), From patchwork Fri Apr 21 17:42:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13220562 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8356C77B78 for ; Fri, 21 Apr 2023 17:48:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232785AbjDURst (ORCPT ); Fri, 21 Apr 2023 13:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233460AbjDURsm (ORCPT ); Fri, 21 Apr 2023 13:48:42 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CEEE1FD0 for ; Fri, 21 Apr 2023 10:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099289; bh=59Ysfxs4aXqKQAkG0s/boUKeF7qHy6COlwo4gu6+UZg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Yd1VdXK7c9o8xbZRzKtctK0++fBa9x6guTdAutVBqWKFRpBR4Y8yeZhXDL5ZdAElfXQKrAPGAb4UDoUXFGaDresOENJKLQuObdo8Osrlckh+IIiImeM0J6XvdsQLwqw5nyEOGgsS7+x+pGt+ZHSgPqE+seQlwso53xBKjG3SCNcgDDpRBT+zs+jstPRPhl/b3xZilRsKwi7vMGeCYG2Yc65GRiOuO8oK/QbU2UlnXsBVpMwhAOHzUq8zrPIzAVKB4bv/FxOL6i84PXolBR3+M8pn6SghxCTe6rjRfZD6ruhtWtX80pu5G+dMRaDBlxzAXEAIHgFkbtpkAxscGiYpRw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099289; bh=5fAhcZeqJoTU8T5WHi9UCxmw2noumwSxItkMt/JcN8p=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rJz0+efgomTaP9iv2iHahJ/vYzpJngsLICfJPO8KMJsKm70PnAVD7fIiHY0Cf99iVoyAZXOZVTWSNJ+R8KsqIgkOn2XFN3k4omqaYdNw9Kc+C6/E695SJkYHyZEqAPl2J9Ey8LeTzMxyYRGMWNHiGubtSpp++lBFs/NG96HH1ZLh41pMjAeo9f9uaCxGIbKa1pC/gf9pePp9dQ68pMlZ2sF4l8iTqf/j5wCUEsBdbBHWX5OxoC8/coWbAg1SGEpHqFTKcKzuAAMjkBXKj3nIInohIOQ7NfqSK+bDA7TuExY1u+pl2ZVHq5zhF/SjAB/mvoLtMAWh+RTKrkYjfDj15A== X-YMail-OSG: sQFJQCYVM1m_Byu806ScoLyEa_tZT4l5813gK2RntjfF2yCJsWvw8jH4wz9Zrfn Wl1Ta7QVrXmfQWIUdAOLme2fzrFAMOXsASCSjaGmxaSweMf8jLUdyxe9W7un1pzRSFNvxGcVp3LK R9YpfVUsSAannzRFgbRxhwqkz410Fv4xhgzr3OHyA9.F6CdiqPwRYfj1RrhRHqnVRsHeBJoD9DuI MOFjhqq2dsuODZ4R_9NVFuiCbOeNedUIVF7b25g_UuOcq9NDyvxHu48ypIaj5wbnWuORc3vA4Of9 FerRoZAi5CwMJnhM0Izrxz1f24TvagXZRxGMnp62ZZ69bPeF4z1PFsJywOZPeb9bKNS_wVLsx6B2 nMOjDSdRgF039DDpOX9SKHIMqu6QfBPpuGUaoPoG3pI_zHoo54l2iGCPZItb64KfpjjDcUMe7UET 5Bfmsf5OgDrEotoAX7oI3aQjCpII5QrfViIaROZ_OqTcRGqzmrdQpvolDgIG.fUsN.MMwgDI3b.F rtxm4RIjee1uXNtTWaT5JufA9dq6t5c7rRvBGCXEFyOTQqAhW81KpHU5O1Uzy8tVKTsHnUN57WKu H4RJPhew6EXv8YIB4xf7DeCeNtsfckczv9E6pAQB4hVEXHpdCsqofX2VA7yvPmT5iFZ62Z7cz4tt lJ0OR_AnBE8brli7UeUo.TjfGMiK3Xkh44Bf17aCggzOJd748iUcofTCCufX0t9vPE41t8u.hxQu LyH5PawIfzjviiXjTk6ButtQWqccTCzW52CR8ORuten3SfJJ664pmxQQGlk1m5n4p3S5YIbXDxKI WCeMsLlt97jU2AQ.xOq_dUuzJYCA4n3AXq.Lcj_L5Mt.lk0kcLSRo7aowjpLfgw_bHoKxVAOat5t 8zmYu7J3NXMt.jWziYpoPb9_LCsxh5UDZ4wDDQWWplCKL33iPCdT6l4OZGd6w97EomSxaOoarEbi 6.W2dYGMt7l0J.Lqky.f.WcvGzI0tzVt4az7OkLEoHAiOn5TuSR5rZHsoCHW9hZ2qFBBafNkw7yk eLEOH6D.JRUEQHKZMUQdwRw0ulgFtAVbnKkKXtjm.aty4yxdfKC8JMWiIDt8fEQtQ31RAocjCkFh LsIjfhVnoaomdiCSRMe2JCyvdOSt32d_TGMjwBlykwRO8Jj2TTdP1EwrbGXOm2xebLYJ9OHBIxLN q_RPEQc1rNg9AzXXdmbcm0ne0im6Yv9QyRzKh.Ly8YnnMTq.Uwg7JBfroAHpGqsEoI3B5lXZ_jGn 9EVUpT4rVcRa15T6U82XI9mRDaNhp_O2Gt0fUQkYTxH4pJVlZ56g9UpFF4h6WpVPryzgcArd6Hl7 f074tJy3JzMQbGRyN2wwWuSo9do8BgEHqm4k.87wCK0W2CFH8lXzFhUup8ihG.envd4XiDf0tSWd BFI9AEx8jpRqzXxA0Cq_ojLTsRxuQVHGizya8qsi81QkwIFKZWOYJ4q_pivTQ62j6LtThs9xjjF6 Ggu0Ywnq.eG9wxEZ8zYZM1VgHAwbhm7pKSfBgE63JA.L7IpzwbFRvjrbtSpzpaJWn_OyKHO6e19R 8z1sMu3mIfjIOLmmWh75ar5AELHxKIv4ucRmLjP5f1FnJU8qJmvYk_ODPZPeUE6miTEMWmL1SRVT 2Rt8.zC5c0a1AmevzGJdUBBnStkxYAjG1cJ8J_5GBg6IFnZ3lE_kqUfvaPJjEugI8mXuF7986Hv5 kemrZw5Z6q4eVd3Eyq64psPZUHpVywnfgU_tT0ME574TrbLhrhEzQG2jBPpQjmvDPY71NYxn5gyM EhTgbqdojw8M1aLnIQYO1y_c3oIp4Olbu1oBkH5bO_Fp2F50_fCzj3jfDQQbEt5vik.p0oWNaSgS OIpn.tNrZYlTGXhYrnYdiQX6lgVNjSNCJ4Zmx5lIlbAxk2u7w61a9old1lxEFqFW6II5XMEv7DbJ 8cUbdftkLMEIZw4yd8hXZxZyjZn1wUm09qP5XOwa7GYATmuJmFJybTxZuDezQnOiUc2vrzl052Kg c7VqUnsRawtqK65.h5r.uUsM8mXLoXOt9.x3RRaEtF5zSGF8CZyjtxJH3lbawejICetXZsCsXmE4 w1FFTMU_Ax6u0rgi.udSi8HVvqhMINagpUtwdVapyIa.gUKjpE6V0vVrWJVzzPw5ke90NFnVZ1BW Bly_zoS1qaKlVEwNCAAlOh.x3dqn25KSMFvsX_mH1D1zyebRjF1o89SHdscPrPyJH17bfcMGUiLp 8elghpscIJ52AhE2ooW6oQcN1rUjTS37lucys4fEKXUVM4KYN5fpjFb380E78y5PkxZjf5Pdi4IJ RaarxXDtEOx0W5rfWK.YIHFy5meRKtHY- X-Sonic-MF: X-Sonic-ID: 0a165257-c7cf-4c1f-8faf-3897bfc6af60 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:48:09 +0000 Received: by hermes--production-bf1-5f9df5c5c4-qlh82 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 091c2dfb80bceefc0923e7e11c81b629; Fri, 21 Apr 2023 17:48:04 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 11/11] LSM: selftests for Linux Security Module syscalls Date: Fri, 21 Apr 2023 10:42:59 -0700 Message-Id: <20230421174259.2458-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add selftests for the three system calls supporting the LSM infrastructure. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/lsm/Makefile | 12 + tools/testing/selftests/lsm/config | 2 + .../selftests/lsm/lsm_get_self_attr_test.c | 267 ++++++++++++++++++ .../selftests/lsm/lsm_list_modules_test.c | 149 ++++++++++ .../selftests/lsm/lsm_set_self_attr_test.c | 70 +++++ 6 files changed, 501 insertions(+) create mode 100644 tools/testing/selftests/lsm/Makefile create mode 100644 tools/testing/selftests/lsm/config create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c create mode 100644 tools/testing/selftests/lsm/lsm_list_modules_test.c create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 13a6837a0c6b..b18d133a1141 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -38,6 +38,7 @@ TARGETS += landlock TARGETS += lib TARGETS += livepatch TARGETS += lkdtm +TARGETS += lsm TARGETS += membarrier TARGETS += memfd TARGETS += memory-hotplug diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile new file mode 100644 index 000000000000..f39a75212b78 --- /dev/null +++ b/tools/testing/selftests/lsm/Makefile @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# First run: make -C ../../../.. headers_install + +CFLAGS += -Wall -O2 $(KHDR_INCLUDES) + +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_list_modules_test \ + lsm_set_self_attr_test + +include ../lib.mk + +$(TEST_GEN_PROGS): diff --git a/tools/testing/selftests/lsm/config b/tools/testing/selftests/lsm/config new file mode 100644 index 000000000000..afb887715f64 --- /dev/null +++ b/tools/testing/selftests/lsm/config @@ -0,0 +1,2 @@ +CONFIG_SYSFS=y +CONFIG_SECURITY=y diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c new file mode 100644 index 000000000000..71c2b1a8a44e --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c @@ -0,0 +1,267 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_get_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +#define PROCATTR "/proc/self/attr/" + +static int read_proc_attr(const char *attr, char *value, __kernel_size_t size) +{ + int fd; + int len; + char *path; + + len = strlen(PROCATTR) + strlen(attr) + 1; + path = calloc(len, 1); + if (path == NULL) + return -1; + sprintf(path, "%s%s", PROCATTR, attr); + + fd = open(path, O_RDONLY); + free(path); + + if (fd < 0) + return -1; + len = read(fd, value, size); + if (len <= 0) + return -1; +fprintf(stderr, "len=%d\n", len); + close(fd); + + path = strchr(value, '\n'); + if (path) + *path = '\0'; + + return 0; +} + +static struct lsm_ctx *next_ctx(struct lsm_ctx *ctxp) +{ + void *vp; + + vp = (void *)ctxp + sizeof(*ctxp) + ctxp->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(size_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + NULL, 0)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(ctx_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_NE(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, NULL, + &size, 0)); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(ctx); +} + +TEST(flags_zero_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 1)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(flags_overset_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, + LSM_ATTR_CURRENT | LSM_ATTR_PREV, ctx, &size, 0)); + ASSERT_EQ(EOPNOTSUPP, errno); + + free(ctx); +} + +TEST(basic_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx = NULL; + __u64 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + cnt_current++; + break; + case LSM_ID_APPARMOR: + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("current", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_exec) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_EXEC, ctx, + &size, 0); + ASSERT_GE(cnt_exec, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("exec", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_fscreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_FSCREATE, ctx, + &size, 0); + ASSERT_GE(cnt_fscreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("fscreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_keycreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_KEYCREATE, ctx, + &size, 0); + ASSERT_GE(cnt_keycreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("keycreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_prev) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_PREV, ctx, + &size, 0); + ASSERT_GE(cnt_prev, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("prev", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + } + if (cnt_sockcreate) { + size = page_size; + count = syscall(__NR_lsm_get_self_attr, LSM_ATTR_SOCKCREATE, + ctx, &size, 0); + ASSERT_GE(cnt_sockcreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("sockcreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_list_modules_test.c b/tools/testing/selftests/lsm/lsm_list_modules_test.c new file mode 100644 index 000000000000..3ec814002710 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_list_modules_test.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_list_modules system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static int read_sysfs_lsms(char *lsms, __kernel_size_t size) +{ + FILE *fp; + + fp = fopen("/sys/kernel/security/lsm", "r"); + if (fp == NULL) + return -1; + if (fread(lsms, 1, size, fp) <= 0) + return -1; + fclose(fp); + return 0; +} + +TEST(size_null_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, NULL, 0)); + ASSERT_EQ(EFAULT, errno); + + free(syscall_lsms); +} + +TEST(ids_null_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, NULL, &size, 0)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = 1; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(syscall_lsms); +} + +TEST(flags_set_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *syscall_lsms = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, &size, 7)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(syscall_lsms); +} + +TEST(correct_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __kernel_size_t size = page_size; + __u64 *syscall_lsms = calloc(page_size, 1); + char *sysfs_lsms = calloc(page_size, 1); + char *name; + char *cp; + int count; + int i; + + ASSERT_NE(NULL, sysfs_lsms); + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size)); + + count = syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, count); + cp = sysfs_lsms; + for (i = 0; i < count; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_CAPABILITY: + name = "capability"; + break; + case LSM_ID_SELINUX: + name = "selinux"; + break; + case LSM_ID_SMACK: + name = "smack"; + break; + case LSM_ID_TOMOYO: + name = "tomoyo"; + break; + case LSM_ID_IMA: + name = "ima"; + break; + case LSM_ID_APPARMOR: + name = "apparmor"; + break; + case LSM_ID_YAMA: + name = "yama"; + break; + case LSM_ID_LOADPIN: + name = "loadpin"; + break; + case LSM_ID_SAFESETID: + name = "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name = "lockdown"; + break; + case LSM_ID_BPF: + name = "bpf"; + break; + case LSM_ID_LANDLOCK: + name = "landlock"; + break; + default: + name = "INVALID"; + break; + } + ASSERT_EQ(0, strncmp(cp, name, strlen(name))); + cp += strlen(name) + 1; + } + + free(sysfs_lsms); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_set_self_attr_test.c b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c new file mode 100644 index 000000000000..ca538a703168 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_set_self_attr system call + * + * Copyright © 2022 Casey Schaufler + * Copyright © 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +TEST(ctx_null_lsm_set_self_attr) +{ + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, NULL, + sizeof(struct lsm_ctx), 0)); +} + +TEST(size_too_small_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, ctx, 1, + 0)); + + free(ctx); +} + +TEST(flags_zero_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, ctx, + size, 1)); + + free(ctx); +} + +TEST(flags_overset_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + __kernel_size_t size = page_size; + struct lsm_ctx *tctx = (struct lsm_ctx *)ctx; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, tctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, + LSM_ATTR_CURRENT | LSM_ATTR_PREV, tctx, size, 0)); + + free(ctx); +} + +TEST_HARNESS_MAIN