From patchwork Fri Apr 28 20:26:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226780 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3591C77B7E for ; Fri, 28 Apr 2023 20:27:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346480AbjD1U1K (ORCPT ); Fri, 28 Apr 2023 16:27:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346158AbjD1U1H (ORCPT ); Fri, 28 Apr 2023 16:27:07 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43A8C30C5 for ; Fri, 28 Apr 2023 13:27:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713623; bh=6nAgtmk/PEjknCjYSf7RXeIOx5guKIsnj7Ok7tftIWk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=VjYvan98LitEPpsd4ba/Fyv8LHZQwN/AziNdbDikNPP24TqW49Fae9uoQLSkZvceSlslo2hN0RqgCkXcTRHFD6XhbdoHRhigmH7heXpfVMQ7/BHlNpg+1++FLWcyNcWi7AJIVvp0qtfAKE/W+6ouBDmamU8gfaCC4lXqlGTsnRdWCUEiXv6l6Hqlh6tnNf0PXUFWV043kWFB13GR9aOu7UMxsGmyfJMujhOFoJOo/Q5o2A/eWk/G4nonvlEoWnhzD81spd106U/6zfvBAmSqfRxrHLNMBNaK/xYjoBn3J+Cn48cLYDdH/ELQ0rRt3Dxom3I0aT2CuFxfsLpzJ4DFiA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713623; bh=ldeVGpOIeGHs1tucD1MuYvl5c5x7ETJO4U3ezM1DOTx=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Otll+Zs78hJQ98ZTHxNP5Rds5QfgSxtQsuWo1S7I96JY4uoUu7lJ3IhCSq3vsqX7BC2JgMJt6UJhQbY8eRsdhgOV/36QoGX11lZaCQrjYcWFacVLgzOWaLoID+2Dd6QuoR5K9flCZModS1wTclciih5OMww6g+FrhPnbx164ff50Mqeg3EXhY/ghmf3+/3B+qLqLSJKmHzGIM5eYr2q7DW+OVf0NoDAUK6dWFFAPmbqVv+hXF8WAR7a5vKFOuiHM0lgrEGJRRnLX7bH9bvfXAAqXcElaB2RnIO+BBgl5aGWgIq0N3L9cZPUtKz7V7fhpNFLJNoWrJ6+iJOlnntw82A== X-YMail-OSG: 0EN2ZHgVM1lFaT4ig0xpCACcQJuG5h.XE0CuET3aZNK0pMqopc8JsVC_V6UCyDG rI9N0JalyUKV.lsZfAOQMyA.Jti6.EdjWpl7n54qHre91MQWOPLAsgKk8wA6v8HUQ1bFFulrYfl3 vTRxjepX7VQfQld.xxSzHGTOTKIwSBwZfXgASki.ew6NQfYjX_WCA8wsuP3eY9VV9BA7jJYYr2bf Q9Yz85VWAVSr15RRYLNw58oJ0ItiypcWE3vlzLwEK9I3mre3Ut3_mCb1llibXVblIMnHWvaj3le1 G1Vwyp614A80V9opO6CY9QpesUANlEppynj.yyFfgx_8RizoUZGpWVzDCaEKzigS3bk0pKKe53yU KiH2oiOzIdcSMki6J8hZ3m6bj_lGee4TeUwj9QNZHizq_9sK5gKNzATmo0GEfrrjuHTExXOaNUWO HQKLf3IsmAbBs5712PJAalAX1fhuQPfxqpbYj5fPK9_kTuw09XRhyDwBJIxmvUVPBo_FuT_GKV95 ci4zEsWYjX1Tre2FLkpv08U_7l6IM9EomUhBJ0WsMUVey0naqrj2beJvLT_q_DHMlovAc0i1JAmE _TkDc4uFXb_K.UV628lYLJ530nsHrc.3bPL6mIbuoRFVvZx49p1dy0DoHe9GCtiPytSVSNMGI98k fKhsCvW_0BQ9ve4uqS26js.ejqMSx87wZf85QWxEoYaMOdeLsNuD0D6zKd9RiKW3DRidmBP43_Ji c0Wi3STOeUNxNEDTseP2qBDpNmri99b.34DsP_xAtgp2shwaUUijTWcUyJ1t3N0fXJIYAX0o96Qe MV_JcHvcjjL1suAXTu9U8_v2KqxHfCKuBlIqwf6xZAAmp5M2cmxOzJs_XfxzPxQwYIsz0vIZmhxl PGjY8DWMIyymb1WO1VimuJq4mBVwOX4ipuF__cvofm2AvsTyNsCyJG7s3FTiIMtijeiYASu5jqTD LCF.6jdDvmOUGKl8Qm1ant.qdr.GYHjVb1O7eCwX83NI9l7qg6T075PBKblsnWTsJ05t8pZmKr9V sUKjDSVlqPiCBja7gHu3LKrQcnSAFPjoFqfAn0jgSF.PNHRAsZJRjrtBhXWrkUbWIH9Ob7f4PeT8 IwaDiGXP3C2f_RxfMBLullijmqio1HHpEyWX5xo7WY0ubXMW4YTDiGMcPh2q1p217n0ILQyMpjrV KU6quyQfg.aqDrYEnaRhmCVOMbRCXxJooBf4b3IhDb_RwO6EFM20HukxQHt7oUeti1TPariKo0EJ .4vhyjhjOLtP2H1prsHuRQiszCXyLMziXFwHjgjTxo0g9qlHYJd1tsuQJd0OufRfyqogGTCa3F3l 0Ak2O_sysPNSPvdUUq8MIjmTwf2saOu4.W2GCWpl9tepZ1edNcIcDsAyidenYm35OTeBdFV2iTW5 ZkcWwMD.4qxAc12zhgHqXCUoTNXMIzJm_v9nrFY95y93Vbn34k5bBYqRWGRJk7T7vMW0X.KSMBfF cuErZZBmibB5RafhCYvCdhp8Nw3duDOl6_tTXkuWuR_MQkJsw1DIgaMlpx7YjNmi5wCpZ.GPNjEt ERZaDxkzF9GFE3z2OqD_fvTYucRPIP2O632ZL6yAM2otTacYf6gWkAA.7ScKrAOInK8QDJL1EbG2 F9woldM06ooQzxAbyT9GWEtRYTCCrhI6bF5YvA_3GhQsqsDriQBag0.d7aOKrEA0ZTDqlmqija56 vKFxyqGptQDZe72fqAJYCjxCwlhlYmaruuTJzdLCb44kUN3cgjRQXdWyrA.74zCZJKYfGENrZepS 6BBSfhI89cLQGGb6htnBycZow3u2cJ5pmrTT5hW9vu9aO_MvSTkAtYVQamOAg7SGohak.nv6cVVJ WnN2vChpKuVskd9QecNCipFbdOPRpjRFnNsEaPmEU4k.UHATAFnfYkPJ1DWWgSKhMfZ_xpQTVZed _lC0TNgTQeEGf7TriDvd1Fj3jj.OT1CjlWHXoH.3tVPQ24fJY2mWllIuecUXdNaiMM4qP.LBL3pe wzbAUvia7ceWQlZDc8ftSZfK6dF5vZ8EItzRSR4eHL2blyjroPnOaCev9weKffdpJ9Xq48j_msff 8pkDvNQFZeUlsaYZD_P0NZ_BzDJOjiBdjEIL1vkdXJiEaZ0inCL5SWU6OxcHzoRlNu9PIGkx6ed5 UP8DWVFE1wE.3Wa0fYM8N_E4Q27NoBgPR3RniBJaI_fP5rHbOutq4iKqfn3rNr0hfKIsnNwBkFAA l4B2GeCpSxgj4qyffiMC5HjuOEbb8rrQsaTQ4PlLjMheM44_1TxRgNjL2lePyRfBCbJRiw7HifV0 psmjwbpRr5HKrFjaD.Jg- X-Sonic-MF: X-Sonic-ID: dec20065-3092-42e8-a0aa-d176dcaa20d9 Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:27:03 +0000 Received: by hermes--production-gq1-546798879c-dcj2l (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a31e9fc13eb2c1a30c94ee11b9cd508a; Fri, 28 Apr 2023 20:26:57 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 01/11] LSM: Identify modules by more than name Date: Fri, 28 Apr 2023 13:26:41 -0700 Message-Id: <20230428202651.159828-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains the name of the module, an identifier associated with the security module and an integer member "attrs" which identifies the API related data associated with each security module. The initial set of features maps to information that has traditionaly been available in /proc/self/attr. They are documented in a new userspace-api file. Change the security_add_hooks() interface to use this structure. Change the individual modules to maintain their own struct lsm_id and pass it to security_add_hooks(). The values are for LSM identifiers are defined in a new UAPI header file linux/lsm.h. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. This is an arbitrary convention for assigning the values, but none better presents itself. The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. This may include attributes of the LSM infrastructure itself, possibly related to namespacing or network attribute management. A special range is identified for such attributes to help reduce confusion for developers unfamiliar with LSMs. LSM attribute values are defined for the attributes presented by modules that are available today. As with the LSM IDs, The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. Signed-off-by: Casey Schaufler Cc: linux-security-module Reviewed-by: Kees Cook --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++ MAINTAINERS | 1 + include/linux/lsm_hooks.h | 16 +++++++- include/uapi/linux/lsm.h | 54 ++++++++++++++++++++++++++ security/apparmor/lsm.c | 8 +++- security/bpf/hooks.c | 9 ++++- security/commoncap.c | 8 +++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 ++++- security/lockdown/lockdown.c | 8 +++- security/safesetid/lsm.c | 9 ++++- security/security.c | 12 +++--- security/selinux/hooks.c | 9 ++++- security/smack/smack_lsm.c | 8 +++- security/tomoyo/tomoyo.c | 9 ++++- security/yama/yama_lsm.c | 8 +++- 21 files changed, 216 insertions(+), 21 deletions(-) create mode 100644 Documentation/userspace-api/lsm.rst create mode 100644 include/uapi/linux/lsm.h diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index f16337bdb852..54c0f54cde89 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -31,6 +31,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + lsm .. only:: subproject and html diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst new file mode 100644 index 000000000000..6ddf5506110b --- /dev/null +++ b/Documentation/userspace-api/lsm.rst @@ -0,0 +1,55 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. Copyright (C) 2022 Casey Schaufler +.. Copyright (C) 2022 Intel Corporation + +===================================== +Linux Security Modules +===================================== + +:Author: Casey Schaufler +:Date: November 2022 + +Linux security modules (LSM) provide a mechanism to implement +additional access controls to the Linux security policies. + +The various security modules may support any of these attributes: + +``LSM_ATTR_CURRENT`` is the current, active security context of the +process. +The proc filesystem provides this value in ``/proc/self/attr/current``. +This is supported by the SELinux, Smack and AppArmor security modules. +Smack also provides this value in ``/proc/self/attr/smack/current``. +AppArmor also provides this value in ``/proc/self/attr/apparmor/current``. + +``LSM_ATTR_EXEC`` is the security context of the process at the time the +current image was executed. +The proc filesystem provides this value in ``/proc/self/attr/exec``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``. + +``LSM_ATTR_FSCREATE`` is the security context of the process used when +creating file system objects. +The proc filesystem provides this value in ``/proc/self/attr/fscreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_KEYCREATE`` is the security context of the process used when +creating key objects. +The proc filesystem provides this value in ``/proc/self/attr/keycreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_PREV`` is the security context of the process at the time the +current security context was set. +The proc filesystem provides this value in ``/proc/self/attr/prev``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``. + +``LSM_ATTR_SOCKCREATE`` is the security context of the process used when +creating socket objects. +The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. +This is supported by the SELinux security module. + +Additional documentation +======================== + +* Documentation/security/lsm.rst +* Documentation/security/lsm-development.rst diff --git a/MAINTAINERS b/MAINTAINERS index 0e64787aace8..25d09f6eb3ef 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -18810,6 +18810,7 @@ S: Supported W: http://kernsec.org/ T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git F: security/ +F: include/uapi/linux/lsm.h X: security/selinux/ SELINUX SECURITY MODULE diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6e156d2acffc..c1f00d09033e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1665,6 +1665,18 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/** + * struct lsm_id - Identify a Linux Security Module. + * @lsm: name of the LSM, must be approved by the LSM maintainers + * @id: LSM ID number from uapi/linux/lsm.h + * + * Contains the information that identifies the LSM. + */ +struct lsm_id { + const char *name; + u64 id; +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1673,7 +1685,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1708,7 +1720,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h new file mode 100644 index 000000000000..f27c9a9cc376 --- /dev/null +++ b/include/uapi/linux/lsm.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linux Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID tokens to identify Linux Security Modules (LSMs) + * + * These token values are used to uniquely identify specific LSMs + * in the kernel as well as in the kernel's LSM userspace API. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ID_UNDEF 0 +#define LSM_ID_CAPABILITY 100 +#define LSM_ID_SELINUX 101 +#define LSM_ID_SMACK 102 +#define LSM_ID_TOMOYO 103 +#define LSM_ID_IMA 104 +#define LSM_ID_APPARMOR 105 +#define LSM_ID_YAMA 106 +#define LSM_ID_LOADPIN 107 +#define LSM_ID_SAFESETID 108 +#define LSM_ID_LOCKDOWN 109 +#define LSM_ID_BPF 110 +#define LSM_ID_LANDLOCK 111 + +/* + * LSM_ATTR_XXX definitions identify different LSM attributes + * which are used in the kernel's LSM userspace API. Support + * for these attributes vary across the different LSMs. None + * are required. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ATTR_UNDEF 0 +#define LSM_ATTR_CURRENT 100 +#define LSM_ATTR_EXEC 101 +#define LSM_ATTR_FSCREATE 102 +#define LSM_ATTR_KEYCREATE 103 +#define LSM_ATTR_PREV 104 +#define LSM_ATTR_SOCKCREATE 105 + +#endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index d6cc4812ca53..d7f22b0cf03f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "include/apparmor.h" #include "include/apparmorfs.h" @@ -1215,6 +1216,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .name = "apparmor", + .id = LSM_ID_APPARMOR, +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1910,7 +1916,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..b6e71c5a401d 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -5,6 +5,7 @@ */ #include #include +#include static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ @@ -15,9 +16,15 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +static struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .name = "bpf", + .id = LSM_ID_BPF, +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5bb7d1e96277..69958af95163 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * If a non-root user executes a setuid-root binary in @@ -1440,6 +1441,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .name = "capability", + .id = LSM_ID_CAPABILITY, +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1464,7 +1470,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index ec6c37f04a19..2eb1d65f10d6 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index adcea0fe7e68..fa0e6e76991c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1307,5 +1307,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 4c5b9cd71286..eab35808f395 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 3f196d2ce4f9..17116c87f268 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -8,6 +8,7 @@ #include #include +#include #include "common.h" #include "cred.h" @@ -24,6 +25,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .name = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index d73a281adf86..d359f2ea1a0a 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -20,6 +20,7 @@ #include #include #include +#include #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS" @@ -214,6 +215,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_check(NULL, (enum kernel_read_file_id) id); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .name = "loadpin", + .id = LSM_ID_LOADPIN, +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -265,7 +271,8 @@ static int __init loadpin_init(void) if (!register_sysctl_paths(loadpin_sysctl_path, loadpin_sysctl_table)) pr_notice("sysctl registration failed!\n"); #endif - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index a79b985e917e..141a0b94098e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -13,6 +13,7 @@ #include #include #include +#include static enum lockdown_reason kernel_locked_down; @@ -75,6 +76,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .name = "lockdown", + .id = LSM_ID_LOCKDOWN, +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +89,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..86b57785f86e 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lsm.h" /* Flag indicating whether initialization completed */ @@ -261,6 +262,11 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .name = "safesetid", + .id = LSM_ID_SAFESETID, +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -271,7 +277,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index cf6cc576736f..a482c6048df9 100644 --- a/security/security.c +++ b/security/security.c @@ -504,17 +504,17 @@ static int lsm_append(const char *new, char **result) * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + struct lsm_id *lsmid) { int i; for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -523,7 +523,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->name, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2146,7 +2146,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2159,7 +2159,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) continue; return hp->hook.setprocattr(name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9a5bdfc21314..2ee92d3fb79d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -92,6 +92,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -7032,6 +7033,11 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .name = "selinux", + .id = LSM_ID_SELINUX, +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7355,7 +7361,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cfcbb748da25..0b466d3b31b7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4856,6 +4857,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .name = "smack", + .id = LSM_ID_SMACK, +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -5062,7 +5068,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index af04a7b7eb28..7de4fcdcbf90 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -6,6 +6,7 @@ */ #include +#include #include "common.h" /** @@ -542,6 +543,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .name = "tomoyo", + .id = LSM_ID_TOMOYO, +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -595,7 +601,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..c56572ec9d50 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -18,6 +18,7 @@ #include #include #include +#include #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 @@ -421,6 +422,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .name = "yama", + .id = LSM_ID_YAMA, +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +483,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Fri Apr 28 20:26:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226781 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 888D2C7EE23 for ; Fri, 28 Apr 2023 20:27:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346308AbjD1U1L (ORCPT ); Fri, 28 Apr 2023 16:27:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346347AbjD1U1J (ORCPT ); Fri, 28 Apr 2023 16:27:09 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CD824232 for ; Fri, 28 Apr 2023 13:27:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713625; bh=DTgxbazKa+xgTYBEP6cv64ozuJBWjZnUzEFzm5ov1Hk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=EezdhczHqbyKK8WjlxQasNu2CwfaZLS3v38cyGpFknoJY6wlCstys9o9/LaEAfEJhxj3vbn+xhrk9qIean8rKipTlPl1MpJr+xJcVBiUctvXdxWqX8z07WVFAJdxJ2VX2ciQuJ/PHRFRjNyOGZg82UOYVIT3VYBwTMXdJtQ4FTTlGm5TB+ICwpnY3jVfmws14Sww3akKvfE/hTpRa5TEwU5+6BaDgqjuNR0B6uqBHTnMszdixjk0m8DBCRvxFqKa0/NIeK+B5IPR5zkcwLSrmdVrgpRPRQ52cGmWGULzf8SXTBHN8hcYp33UPtncAR81EqT9TLrOls5pQCt4b9aScA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713625; bh=C2N5HklwAo63BOVbLhVQzY1OycONFP+xBTh4LbtJ8gi=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=tQDmcjij2ocRGGITXgfkTIxcPzqcQZcE9TmThTPdCQ3k/jYA9H93WadcQknohVlmKtvL6ZjhM9PPCVc/fk6ej9ueLjh61RcqGkVQcWEcM4C5G14efE/aII/i8bd7PTZxQSm6Tw559ukGTbHWxserzGLk0510hOILORAPKz+O+13anAvzE2ni4r0WgXvEzrDU2oU/KCOMlXgpIAwp34+AjcXpA++zHqaBgyvCOp067tDM+NeLn9nv+62GgJ8VnqylUeHlu18ixHvPMNnHlIsDtO47jUrIpt3jHqTJwtmfQN6QN26EoXKKViidNLqUFQgn8pLMPnR/iflTyo2nLa0yqw== X-YMail-OSG: eOh4iTMVM1npYDKRLyvI.kQmBEUEAhaoeTtBQiKlhf3ITDJI4KvzeOJnYAnHwmJ qztELHbZG.slJTQKe933Yc1nav4x9nJ5TNQNpx34DcJokApZWX8Qg.kyOqjHZQJCNVzp36Z_dyk2 5Wm4xv31U2MVMWWxshwgoHnS0TXGhk6hfU4Onark793BK4Zx3PB.2XaoI9i8VSAHfR7S8mVy1B3q UWdI1Iu5E7mNLUUKdyXAhzTJmqUwjTbDvwF4kVxXsJumahDwx0D.400V1dyzXcx2xGt7h7t_LtNm tRygf4CFbRCyTkVliMyNtAhy3lixqROhn1rIBx4Kiy90YmrhmUUZ3_E51uQ5ATWayHolVid9MVp4 276Yv5b7uklUkEOZBb_.pj3jrFW2wPkXcPfzf7PweQsQPMPR87uNFuxjnc6wEXx.8j2hHuNVDfIT RyZBfDN3QQtOjief716f01zibeDDEaECIALvisbs2F46MyL5tsPgAy24jX5BaitUN7I_GbopBnFp ZMykdFvHkIqhUegXB2939SykiMWIoXQFahTKEUaAXRLqTymXYmCvy_fQMb.zhFFn0bqfHGkC.vv0 KpezPoTw2yfGlWfVuwOgncxr1bmz9wObV_fCskvXn4vkBLStqfdwT5j6iRMkA4zLiDpbF_4ej4UH G2osowAPRrkJqYK4_aN6P6PUSSMxLSzzM2z2HxzUfQge8S_80eyU_KvSwQoB2HaY9eHIch8D_nyW acuo_JwRgc6C4ie.KPlUfu0Z.D0qEyNIYFy5V_hhdJDwmiEr3iqSssz1jvvoMFohRS5t8aS46Vrc bBVHc3_niJvuK.rT3J3PDLxdjpTauuoNzSTPw2Nn5pVYriiShy6XLiJg.nXJLBH8Ha3wheDpPuj0 O1bhnqx8fqujwFv5YCZ7QbbGh5Jpq7FKjlczWxOeJUfg4nyTyhAaV.gLDxSxW.hjZN7RkigbfmrE 1roebAbJ8FNUUhIC1H5rnwa4NlPipKNhI6FJe3dC.QhKiYB.e9onBf9Xr6Dyu1y_03dIhqcu6ZON xHXoeshIUeGj.E87DI3yDL5SZ.EHcNlfh40K1ZUmjyI3o2PrE8C6vHt4Fw8IHZWbPozHua_CZQbg ULKfU6LwNilKXeiJ9PpxNn_bF_jZy0OgnR8I_GMhRUb6NGcEvi40z83PlJQgB55AUBM_0EzmmoHF eK46s0deM.kGkwlyKtwI7KFp7FGhtPv.3o8QIasBSB56ft4Q17svl31ehDvUHvhCUMOO_PiOScw9 n1zuoXvi8bvUFX1QbjXDpoiIH9aJHKNmmlTpm676X8p66DJT97v_BmF9c8P2.p03L8uXsF1146HX gl7brNLDqZb6IVwkUsOYpLzmJIF7y0qEKACT5cLjQbKahOyY5Ok7p69KrZAe846qcp0S.Tn8oMW4 FQ4f1I5OJMLmTPvJ_LZzoXBIioL5pZmp.ROR1uL4D0J0s5bvJ9q4bg._eAkrVoOV8HChMRLnEDO4 LvtOsfklvY.941kIauLVPWR12FNEoWGvVsg2Kg2WQNMr3mbJqjAPwHl3Pg7UGg8FdZqenE8IwKHl 8ghb2_GZOneCaBXAoYDotZE4DCAGIyxY3_P0B9oqIwH.BPMQL6oXk_2WrTY4K48B8B1719eaUZyR eJMLkEU2kpYoGqzOl2OhU8uIunP9y0VhYINgEY02jfUjwl9G7jTrPY9oiN6AStYGJiLUr9EGWkT8 mCHqwwkRuAvsf_oTVR7Q6KN6rpROiK4GpYWeHgIqmLEBiRJtp6gZz.BalwLErrDzqTDbLpaM307T byjhDqmrdtJTSRAvl.veIbMMo7pta5d_XUL46FOPH3wTCnAitGqK2wn8nS04nuuKI6CIxqsAr8OP U9T9CK4nfE66G.haQKE5irwfJVO6is8XL5Sql24K0zpKLuOifDQ6q5dSLWpoQiPAjyFvcfCOYKPL WWPRRSxqz1QpYWn207VyLBmOVGbonc0sA3elUQOwheh8zElXESzbsuHAL3xU608FGkKizMelfxRu Eqb9P.ElOFSiz3F2XwoiU0U56KqmpwUG9v04LH1i2eufX4YALeppLMLTyEGWmOOeYFNr91JYFMUo HWZETe2ksoTN5CyaTGd9UEDNIMxSZCiws1X06kSvYEs4jB3nTVeL6ca5JIvxK7UWxlsYJNCcx_Or 5NADxyhHQwYku7b6ai3iTS9SdMrx2JiOLq7D6GOYQTik6WyIFZAPPA_kEa7u6wCrHtWgph3i4y1E j_IHrb11py_ZEAjR9ZBBfFzFezmIO.onYlGJlPTQHJpBis8.aLdIdVk5HiWdfrp3wNV.Qo3HwzEC qaPsQQjaaBS6BHN5F X-Sonic-MF: X-Sonic-ID: c8852a73-527e-4025-bb13-a78451204c2f Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:27:05 +0000 Received: by hermes--production-gq1-546798879c-dcj2l (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a31e9fc13eb2c1a30c94ee11b9cd508a; Fri, 28 Apr 2023 20:26:59 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 02/11] LSM: Maintain a table of LSM attribute data Date: Fri, 28 Apr 2023 13:26:42 -0700 Message-Id: <20230428202651.159828-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: As LSMs are registered add their lsm_id pointers to a table. This will be used later for attribute reporting. Determine the number of possible security modules based on their respective CONFIG options. This allows the number to be known at build time. This allows data structures and tables to use the constant. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- include/linux/security.h | 2 ++ security/security.c | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 5984d0d550b4..e70fc863b04a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,8 @@ enum lockdown_reason { }; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +extern u32 lsm_active_cnt; +extern struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, diff --git a/security/security.c b/security/security.c index a482c6048df9..e390001a32c9 100644 --- a/security/security.c +++ b/security/security.c @@ -35,6 +35,25 @@ /* How many LSMs were built into the kernel? */ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) +/* + * How many LSMs are built into the kernel as determined at + * build time. Used to determine fixed array sizes. + * The capability module is accounted for by CONFIG_SECURITY + */ +#define LSM_CONFIG_COUNT ( \ + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) + /* * These are descriptions of the reasons that can be passed to the * security_locked_down() LSM hook. Placing this array here allows @@ -244,6 +263,12 @@ static void __init initialize_lsm(struct lsm_info *lsm) } } +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __lsm_ro_after_init; +struct lsm_id *lsm_idlist[LSM_CONFIG_COUNT] __lsm_ro_after_init; + /* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { @@ -513,6 +538,17 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + if (lsm_active_cnt >= LSM_CONFIG_COUNT) + panic("%s Too many LSMs registered.\n", __func__); + /* + * A security module may call security_add_hooks() more + * than once during initialization, and LSM initialization + * is serialized. Landlock is one such case. + * Look at the previous entry, if there is one, for duplication. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) + lsm_idlist[lsm_active_cnt++] = lsmid; + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); From patchwork Fri Apr 28 20:26:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226782 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42700C77B60 for ; Fri, 28 Apr 2023 20:28:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230280AbjD1U2j (ORCPT ); Fri, 28 Apr 2023 16:28:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbjD1U2h (ORCPT ); Fri, 28 Apr 2023 16:28:37 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AB0D1BF0 for ; Fri, 28 Apr 2023 13:28:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713716; bh=Z9nxeKbR438LSTP2aAwXWaACuXFQ/LPIBOgaq5Zksx0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=NocaLdVpDG61D/jx6Sv5OO8VDHl+J9+sWbduzmTtI43tPRLyOMHLRWh9VAeCA5EtiJwXpJaqNxVS/sPhSr+Lr8ta7IO8z3lX20/0XAAE2bLJ6POlYwsxg6F9hYsUysFUTSAqtaa/Fb85aaZqtHX9Fn6o+/oNTS5F/3/FOYMHLmwIXAXsuIu0yPi7RptS+iTX/wi58BbUCdYeDP8HSunFCnUJuVc5Frkoff/udpQ+rOAynyFYc1UxNUtdYkDlbvLUQFJgcZ3tTpwTJJQBdPj1SCCNT4/6zXOK/XBm4DzjbFqbWoRifhnXl+Jgk9aCooxC/9N+xRKgovDYAhs89O2t9g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713716; bh=C4V9hmTd8b1iqTAtrKVOaZSJZfJ4VSs0WVZ9P3ICgnd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ohm0qjT+gcd9gHB9yVcEJ5kvXBdfgTvb737yOm7At0wIB9+GIF9/Iia1JabIaaQqqxa3M7xzwTM48G9zULHuOwIy7dwgHJUtNCmYGsgCDalIK7FdjIko5aY/Ba/SxpG20prpATYm3Kbo5LIiOIpmrVcx/TLWZglt6P+YrDLMwm+HZDK7Osn574uSxbrX8MsWhvQ2jWiFcem2KdPwE9/UwKrK25voMk0CSe79gabCO8lvGD7KOHyajSNtGM49HnAtygq0fSg0WvucuUL54ajnirENbqn/KRutvZUK/9DVBdjr/N3XIohLIdswf0gE9nBZJouU5utQ04b9TI0NWtM5HQ== X-YMail-OSG: wpJRwCMVM1mQ4Tqd71nLl_3ZDMXP00vaG6.eJYyQLNpkZQ8AZZLPVu.OrLCh8he t_JJQKbJiW4CL8n53dysGkm2a_CtCKZkYnet.Ve_c1yoBRy3Pp8DsKAjEoAYqcIGxf6yO2AeCV0V 7uCzT54ILCPCNADk5WKuARhE5JX0brR.bKs3MkrqgneEPOE73VG7ZvYh3e.ix1Ue0z0l0jGcEe0d UjMhvEfo9P4DaQr_JUbE9WF16RQ1dOnGdy22N5i0UDDKoDhI8FJENcTzDmlZgxlR5e9ezGkJKKkD fFpK55vgtXVCIJ9jIyoI1j3OYuX4Pfjq98TNVjnNuf5Q.Mjd9PA5Xm8JcL5Dxu1nNebSUmQD0RxS aQg_ZEC_w7qX40mnn17SjxBeoWQIbWhj0ttABxrRSeQBPN56FfFVpdWdrHumXOrl0rpTYVy.1qLG cxFnJlKTJm31Up63_qhrwnEPlVm5CTIgKdrMYyJu4SJnfz84WtOC.Yy_u8jBa6z24ILbjVp6hAwX JlT6OgQAY0_qIpQ4uaJ74_vgcVhAVc14lLwamhdFWCzvbO8FesyxywF7Oq6Blt_p1USCo8sCbiUp xqz4oC27TvtHadpJRY0o_6roqFZgRY_MGv1RxxZp9EK93WeKBvHwag3NLX6pZKU75WpdIDLAefWq BEbwM95C6qBEjxeHW.7TY0eGlOQP1HxZUnktAkXZs_JXdRyKD.3bufjax9B8cV11qp_rmLG76iNj 6oIPzi.4KHsbFcE6LOx0DIXueqDwE_wPjiifjOstxjF2jqer0LBJS0cMAeGTfsFjA_uvlMwr.vTs oEJcq8xW4JNOE3Zx.AhclDj8qw9jT.qwq9hzZoVhhivu59uygIHIMPOg6hGRMHUoRf_N3WnT9LZN DEDFNRXm1kLfStQHVXM71ycazZBH9LqqKM.R2R1OFcbJrVI_CyI.2zFSfVcHwsrKGoscrjq.9j5T lq5fMa5x6s74RD4XFUu3J.G0TklfrqaJwu3XKtc.HO5TQLxO0H6Lb6RUGm0BlISKb1B.ZXcn0qUU h0FJtAKhxdcMrhDx0orxyKRHN.MNnEt3.OzB5SrnyaF3wE1xLYW46sxrFaWWzedQVlK6og_tsU7V UzXft7pJJk3PezgAqz8VvinQo4twDaAxks8RVPmxWyfwsn9FnKjKJQTTAlSzC4BlagLLwgTQ7QU. ZchedGoepO03nHzNGQhN4ZiSlOkk.Lf3UiG.LMBctbHqRP3YzkT32y5ROqE1dJ_qs4la3NQyK__z o0vzY8MmjCLmIyNCLP.0ARZxAKko5RTgY5to4hSXlHQyH2mLX3Z3guwZjWMZFbisigAQIBMuRGnu fDUuaJOu3KzZFJNlDAs3GF49i_0NbZdqBpbQR4CuSS9Ykhc.58M5GxGlrEAzBl8zw_LiaOKTRpA_ 3nrOqikoT8rqXMsRCFpkqzvkNzh.ufX.Go8ut3.nlvitgce6w9nUayMnGJ_l9KMx33Rs2CrUzI70 Q_IOo4iueTiE_jzym38iWBhFcE6wGETA0SJtKQgsf5o.ikwHvPjVxwoM_p3Qq_Nqna4h4yeMDT6o q4uR2mAL_V6HOnCOItjznsB9IAUHlKiO7ZO4pdLLfiJYH3SZJLpLHDgXyHjG99kd9EBdUy8Jm_hE 3SASHEMMIpgn.HoIGIhiVLuxbnVIY1KkaV.WqQS3SoUYrGHtQnjy6wQk_ONkA589Incxlt8GC2vx HBDssHc.slzR1EYkDP5l1oYIdHWyGLuWmhTFSsGAChIwRfWsgJsKoAGpLBQTUPHscNgoDZQdRG8. jUJ1bM9uKV7b8aKLiPmlZPRxOuYMLJfbRZH.XKVaJBvRs7vQ14H8GhXq3aAZiPqyl8rx0re4QaHy Ay2q0OjcmZzkKgJL3c_CAkROxPE59AswOai4wice13axZk4CcW5w.sXCgsLk3U0qqVQfmM9ExJr7 TqltNt2qYEx3DGw5b.bawNcaK8QTnfPGA6JLY3CLTlpNq1Vuorh70YR_KrgekvISGt2pJBHOQcmO Ekv5jmyZa5XUn1SybUbS4FIekjqsnaiqY0Z7_bChyT90_RFVvTFiVgfXBqSeeBBPL4JH8HdrKEhA axg5DhCacmksArduyrH1V2uPRxtULefmz9SPFe7Jz2HS9a0YaYlr8ogEd9biUY7ETrbBYGYBZ.dn 0jDvgDbyusuAP1lax6_gygq9imp9s3q.u4FE0g9qTanuFb1LcMheJnvMVteb1UnO828kyeFIRnsu d0436ozRXswHA_e40XN2hJScByF1FdXWnxSc_W0CNnOOX6lSisvmE7vurFER0efMBnMrmUNOrdwV gQPKkoNbsLC6YC.6gRwQ- X-Sonic-MF: X-Sonic-ID: e0a80f8b-9075-4f20-93a3-de59de2c1729 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:28:36 +0000 Received: by hermes--production-ne1-7dbd98dd99-tcjjg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b58a5884cc254441b7169bc1ab603d8d; Fri, 28 Apr 2023 20:28:33 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-fsdevel@vger.kernel.org Subject: [PATCH v10 03/11] proc: Use lsmids instead of lsm names for attrs Date: Fri, 28 Apr 2023 13:26:43 -0700 Message-Id: <20230428202651.159828-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the LSM ID number instead of the LSM name to identify which security module's attibute data should be shown in /proc/self/attr. The security_[gs]etprocattr() functions have been changed to expect the LSM ID. The change from a string comparison to an integer comparison in these functions will provide a minor performance improvement. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Cc: linux-fsdevel@vger.kernel.org --- fs/proc/base.c | 29 +++++++++++++++-------------- fs/proc/internal.h | 2 +- include/linux/security.h | 11 +++++------ security/security.c | 11 +++++------ 4 files changed, 26 insertions(+), 27 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 5e0e0ccd47aa..cb6dec7473fe 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -96,6 +96,7 @@ #include #include #include +#include #include #include "internal.h" #include "fd.h" @@ -145,10 +146,10 @@ struct pid_entry { NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) -#define ATTR(LSM, NAME, MODE) \ +#define ATTR(LSMID, NAME, MODE) \ NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_pid_attr_operations, \ - { .lsm = LSM }) + { .lsmid = LSMID }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2730,7 +2731,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, PROC_I(inode)->op.lsm, + length = security_getprocattr(task, PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2788,7 +2789,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(PROC_I(inode)->op.lsm, + rv = security_setprocattr(PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, page, count); mutex_unlock(¤t->signal->cred_guard_mutex); @@ -2837,27 +2838,27 @@ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ #ifdef CONFIG_SECURITY_SMACK static const struct pid_entry smack_attr_dir_stuff[] = { - ATTR("smack", "current", 0666), + ATTR(LSM_ID_SMACK, "current", 0666), }; LSM_DIR_OPS(smack); #endif #ifdef CONFIG_SECURITY_APPARMOR static const struct pid_entry apparmor_attr_dir_stuff[] = { - ATTR("apparmor", "current", 0666), - ATTR("apparmor", "prev", 0444), - ATTR("apparmor", "exec", 0666), + ATTR(LSM_ID_APPARMOR, "current", 0666), + ATTR(LSM_ID_APPARMOR, "prev", 0444), + ATTR(LSM_ID_APPARMOR, "exec", 0666), }; LSM_DIR_OPS(apparmor); #endif static const struct pid_entry attr_dir_stuff[] = { - ATTR(NULL, "current", 0666), - ATTR(NULL, "prev", 0444), - ATTR(NULL, "exec", 0666), - ATTR(NULL, "fscreate", 0666), - ATTR(NULL, "keycreate", 0666), - ATTR(NULL, "sockcreate", 0666), + ATTR(LSM_ID_UNDEF, "current", 0666), + ATTR(LSM_ID_UNDEF, "prev", 0444), + ATTR(LSM_ID_UNDEF, "exec", 0666), + ATTR(LSM_ID_UNDEF, "fscreate", 0666), + ATTR(LSM_ID_UNDEF, "keycreate", 0666), + ATTR(LSM_ID_UNDEF, "sockcreate", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 9dda7e54b2d0..a889d9ef9584 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,7 +92,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - const char *lsm; + int lsmid; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index e70fc863b04a..8faed81fc3b4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -473,10 +473,9 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, const char *lsm, const char *name, +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size); +int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1344,14 +1343,14 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, const char *lsm, +static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(const char *lsm, char *name, - void *value, size_t size) +static inline int security_setprocattr(int lsmid, char *name, void *value, + size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index e390001a32c9..5a48b1b539e5 100644 --- a/security/security.c +++ b/security/security.c @@ -2176,26 +2176,25 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, const char *lsm, - const char *name, char **value) +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, + char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size) +int security_setprocattr(int lsmid, const char *name, void *value, size_t size) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.setprocattr(name, value, size); } From patchwork Fri Apr 28 20:26:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226784 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9478C77B61 for ; Fri, 28 Apr 2023 20:28:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346387AbjD1U2k (ORCPT ); Fri, 28 Apr 2023 16:28:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229647AbjD1U2i (ORCPT ); Fri, 28 Apr 2023 16:28:38 -0400 Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A1281A4 for ; Fri, 28 Apr 2023 13:28:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713716; bh=GgOjzkePkJSoFsz+QJcl7OzqBzn70cGDoNq07autlSU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=eZfnYyxdEEkLKLI6s+4M8lGp/TZLVlf5vMoUXekm+I4s3ds+GiiyKCaSXUjJnvveNecXO6p9svU0v2P+Zf92RM787/c7+CbkUZ1ZN+FPxLlfjb2x2YIG/6DiQzh5ppH6rMLERUCL86xZIZKv1Tz5GDXHYZM0C6u9JLvmbDqHIhenEdUB5jPb37e2MlEowWzUkNknF3ZuwciIWXIeFoqR9hwOIokSzHcsudsq4lKjgzF4ngBFUY1G6MFz7lG5FhUNdnRUzeU4ZzPf0pWDlU+T1zChK3siBKlqYZ2GuvCELkDooxdKaSxln6kFr5PvXy3A6rK0zZbL6kD64i/+/ESsBQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713716; bh=hTr0T45f+8wTzYfALfKVept2XM0a7G58UdaDCaWFDjq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=JY3XTEhr6hIfFZXs0HC4FDOh0aORhk1Zwiyr5GnBhCAK70/ecXWKUJC3RO7tU0J1254v3gy933trUuD6CEZAlCqRzZ0q/xl1UM52D2zEQYuE9aEe6B28pZZSQViodGK1BSN+q1s9w5e897r1KegWdsfnpnsoAxYkv2lskMX1mZhrdFV+kvBqSNXRBO7m/Lh9p6rjxd9RlZs12yQHSatt49zx3OofQocQ0jXpEOabnP/M+j2vxTmNCXMv1yvLgtHDiALKvV1UuKqZA6qAsREQOyE7lxxbPwQT1keMTTOGuoD9i+ASSxH1i4AekBcg3DHEre82GjeTw2LRPVjf1xmgZg== X-YMail-OSG: PRPAWXoVM1l1l9.NGMNf6Y6WY7UMRq4j0R45pG9jbuMrdhyuOgxC_vQ6Tl798c0 ThFUKz1OtimA9YvCDl.upTSDdnp.TN.Hco0oAO.an6554FbqaX7vm6dSjSkeWJHXqQsziYYTlapT yF7pS0SHNypKMKioFLOEV8vlN24vRDku9Cq4YslK6F59EAp4RXXrCX5OpyLRElpvzCHFUC5AgMhs pG9iWMgIzvqVcife_XCSaIEr7p0jm_dU2xTZoRGdXv_fDZ.DKZne30pXe195BwzJYFibpOPdETfE lQPWFLNIq6sQevY3IgD_EGPkQ7M2U.IqHmyaN5Vy2mzdtbvpD71lbhsPYfr9O.EdHcPLdOW4NK8L uWrHFrCPuGN1y5J99FVVjqm5a5GZecZRtoV6xbOHLtmHpYLO1XFw9EPvG80Q3CILU32TIhH7JgIR ENul_ceiTZHr6ZAk3m_HcBY4Qz1S3wkFBTE_cm8DhAHxbI_t8J6t61WMTVub2DrV2bj_iIlssdoN 9th6S._e.YeJ_WCLIOJ7aaaYCWimYopGMDo1JRzM3feCTZYhMNQlh_.VsWBv_gmmGMHy.qWdJ04B K82JNksSd6wIkIBYNRHKjBmZRdsgBf1vJqkdse3Q6jHAD4LMkQoPS25odMF6vtQANSBefYSM.8yZ WOS8UAkJFJDdugxWw7ZREr69LG7C.AVpL5HmuvaRwZN5q8W0XoXMb1dkSNz2iuMLFp6tXIUTOXbJ UonT8Qk_Ce_v5gFI6fY8umaS.YJZrZqc5DGii7HTt.Hi.mCUSbeM4MHGKlkLyZnYV_6qAdJL_U9G 7NVYyNyHgWZTGrxAUaOJQMjhNjZ9YUoAyWFy.4rTOClOBjJXqalNlv7YJpVKKVp3esYeNjw9yPab TRyIkqn3iIBv662ouas8j46a88vQTyWDFEA9wTGqe65P9qispaC37iSjBV7iUPSwFVuEeM2YYU.4 1X64vOtfAafvYKxqkPivcxX9.50L4zNCKK3OoBdvMIVa9r5HYo5i5NxXPnbSm70hyBEpiQfTYk1t hCM1.Qt1fYQ2ZxjD56S.s32Qtd3_Bu8FtnNNeFy4fX5e3SePlSm1JCvp5lt9zr7PVreIIovTHtII FNFqHc3lim7V.AJ9W6bXj_NjV6o1Nfhk0lfGOrVz0UVhks_cSp.SyUXgTb_7sUGo2Of2II1ReXg8 UOflCisAKd2o70yXpVva9_jYOqaBtrAnTWID9jT_FljzfBgymZQ65hKWT.LfBOtA0JoInJzC030X mgNlhnXcHYmUJ2WJ0RnjC55prxkeBwCmdiIAu7xSbnzBjYM9jJ7BjMHIjP6FzWlG.epO1tUyOsFx i_mRig6jWJ9FkVg.yGf5XKczshlUfCbUurmhDw9V0A3zjwt6AClEXcO6_RLNl9OBcRqokQ6hWAH2 91b7W8BYz6TXj7d1vphK2QeodvX0wQQEw2t3yxuw.7uwug2GAlwRIaWT.o2ktj0NeJHfRhOvl1iz QHOAalBlYKLo0Lnzp1J6mp86jiyIuWQ3Qxd7GR8jKK2FW41RHNRWn5MiE3psok8FcjMAeRhZV9KM wnaRoETDHNEsQHoAALpa_iDYVIpiTuTkXHayOE98XEE7xE5DeNIJizieRzgwrdoSabDXzlbXG0Re 4TooAwytqsRVsRHSKmV2Yojd_2FRjnOqM7ouzuQc8bDMxE1r69pkpO_rVNTsOisKSBthZHY6Edr0 6JG._7ujttVRvC.I7RZF0NlVTDA.6nTptojpMT8mWXTfz2GFwPjPyc3Ez3nHHRL2KDqzlNrQQweR CErSaInYaTP6tndNbabnQW6vS06SSUyUW5iYJnzVOJQVnqLg47tpru6QaCFRbbvpABmPuB6hNm4u vHDhRLNbhMUn8h5JKi0_5HJaYgFjQELlZitK8bnlrNrnJaKaplZhbStqIAk66dOzcxJ6kw1_nszb BdMEd1d9cQvhCsIn45266tFOeW61jZs7xcPLDhg8LgMb2obQnEBYLKHwPthYiuER1FiaWES9b6.N EnfgdK3Nip1rZIr5XXM.0L9xue6z68QS8EJicXeR.wtFiLXh02p0lOmOw9nl1JLaWRybqMK_0NRW SEqGnZkTQ1yn0pgmjdHoSRtBBMaYkIIIsLwgTX99LTxE5gAxMasPNRsDdh2D9t2P2gK0_VFxUjFn fWewbBM.s2hBcEBCKKzo1zAIQpnIWPD9pV08GiamlavH74C8tFgWVUDBABFwN.TSCIl2rFEs7sem 98ZbsxxhASEZkmSs1_a7oTE0xchG6peswFGQeV9rYbycxc9KzGWbM.cUDe_XLfo0cQUHNymxyY8a fk2L4LvzNAt.0uWe2rQ2s X-Sonic-MF: X-Sonic-ID: 911cc9cc-f14e-4911-b3fa-190742075097 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:28:36 +0000 Received: by hermes--production-ne1-7dbd98dd99-tcjjg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b58a5884cc254441b7169bc1ab603d8d; Fri, 28 Apr 2023 20:28:34 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 04/11] LSM: syscalls for current process attributes Date: Fri, 28 Apr 2023 13:26:44 -0700 Message-Id: <20230428202651.159828-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_get_self_attr() to provide the security module maintained attributes of the current process. Create a system call lsm_set_self_attr() to set a security module maintained attribute of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. The attribute value is provided in a lsm_ctx structure. The structure identifies the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module. A flags field is included for LSM specific information. It is currently unused and must be 0. The total size of the data, including the lsm_ctx structure and any padding, is maintained as well. struct lsm_ctx { __u64 id; __u64 flags; __u64 len; __u64 ctx_len; __u8 ctx[]; }; Two new LSM hooks are used to interface with the LSMs. security_getselfattr() collects the lsm_ctx values from the LSMs that support the hook, accounting for space requirements. security_setselfattr() identifies which LSM the attribute is intended for and passes it along. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- Documentation/userspace-api/lsm.rst | 15 ++++ include/linux/lsm_hook_defs.h | 4 + include/linux/lsm_hooks.h | 9 +++ include/linux/security.h | 19 +++++ include/linux/syscalls.h | 5 ++ include/uapi/linux/lsm.h | 36 +++++++++ kernel/sys_ni.c | 4 + security/Makefile | 1 + security/lsm_syscalls.c | 55 ++++++++++++++ security/security.c | 112 ++++++++++++++++++++++++++++ 10 files changed, 260 insertions(+) create mode 100644 security/lsm_syscalls.c diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index 6ddf5506110b..e6c3f262addc 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -48,6 +48,21 @@ creating socket objects. The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. This is supported by the SELinux security module. +Kernel interface +================ + +Set a security attribute of the current process +----------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_set_self_attr + +Get the specified security attributes of the current process +------------------------------------------------------------ + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_get_self_attr + Additional documentation ======================== diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 094b76dc7164..32104ff61999 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -261,6 +261,10 @@ LSM_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops, LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb) LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry, struct inode *inode) +LSM_HOOK(int, -EOPNOTSUPP, getselfattr, unsigned int attr, + struct lsm_ctx __user *ctx, size_t *size, u32 flags) +LSM_HOOK(int, -EOPNOTSUPP, setselfattr, unsigned int attr, + struct lsm_ctx __user *ctx, size_t size, u32 flags) LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name, char **value) LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c1f00d09033e..457ff953e331 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -25,6 +25,7 @@ #ifndef __LINUX_LSM_HOOKS_H #define __LINUX_LSM_HOOKS_H +#include #include #include #include @@ -503,6 +504,14 @@ * and writing the xattrs as this hook is merely a filter. * @d_instantiate: * Fill in @inode security information for a @dentry if allowed. + * @getselfattr: + * Read attribute @attr for the current process and store it into @ctx. + * Return 0 on success, -EOPNOTSUPP if the attribute is not supported, + * or another negative value otherwise. + * @setselfattr: + * Set attribute @attr for the current process. + * Return 0 on success, -EOPNOTSUPP if the attribute is not supported, + * or another negative value otherwise. * @getprocattr: * Read attribute @name for process @p and store it into @value if allowed. * Return the length of @value on success, a negative value otherwise. diff --git a/include/linux/security.h b/include/linux/security.h index 8faed81fc3b4..806bff425af9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -60,6 +60,7 @@ struct fs_parameter; enum fs_value_type; struct watch; struct watch_notification; +struct lsm_ctx; /* Default (no) options for the capable function */ #define CAP_OPT_NONE 0x0 @@ -473,6 +474,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); +int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t __user *size, u32 flags); +int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t size, u32 flags); int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); int security_setprocattr(int lsmid, const char *name, void *value, size_t size); @@ -1343,6 +1348,20 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } +static inline int security_getselfattr(unsigned int attr, + struct lsm_ctx __user *ctx, + size_t __user *size, u32 flags) +{ + return -EOPNOTSUPP; +} + +static inline int security_setselfattr(unsigned int attr, + struct lsm_ctx __user *ctx, + size_t size, u32 flags) +{ + return -EOPNOTSUPP; +} + static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 33a0ee3bcb2e..9a94c31bf6b6 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,6 +71,7 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; +struct lsm_ctx; enum landlock_rule_type; #include @@ -1058,6 +1059,10 @@ asmlinkage long sys_memfd_secret(unsigned int flags); asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long len, unsigned long home_node, unsigned long flags); +asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t *size, __u32 flags); +asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, __u32 flags); /* * Architecture-specific system calls diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index f27c9a9cc376..eeda59a77c02 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -9,6 +9,36 @@ #ifndef _UAPI_LINUX_LSM_H #define _UAPI_LINUX_LSM_H +#include +#include + +/** + * struct lsm_ctx - LSM context information + * @id: the LSM id number, see LSM_ID_XXX + * @flags: LSM specific flags + * @len: length of the lsm_ctx struct, @ctx and any other data or padding + * @ctx_len: the size of @ctx + * @ctx: the LSM context value + * + * The @len field MUST be equal to the size of the lsm_ctx struct + * plus any additional padding and/or data placed after @ctx. + * + * In all cases @ctx_len MUST be equal to the length of @ctx. + * If @ctx is a string value it should be nul terminated with + * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are + * supported. + * + * The @flags and @ctx fields SHOULD only be interpreted by the + * LSM specified by @id; they MUST be set to zero/0 when not used. + */ +struct lsm_ctx { + __u64 id; + __u64 flags; + __u64 len; + __u64 ctx_len; + __u8 ctx[]; +}; + /* * ID tokens to identify Linux Security Modules (LSMs) * @@ -51,4 +81,10 @@ #define LSM_ATTR_PREV 104 #define LSM_ATTR_SOCKCREATE 105 +/* + * LSM_FLAG_XXX definitions identify special handling instructions + * for the API. + */ +#define LSM_FLAG_SINGLE 0x0001 + #endif /* _UAPI_LINUX_LSM_H */ diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 860b2dcf3ac4..d03c78ef1562 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -262,6 +262,10 @@ COND_SYSCALL_COMPAT(recvmsg); /* mm/nommu.c, also with MMU */ COND_SYSCALL(mremap); +/* security/lsm_syscalls.c */ +COND_SYSCALL(lsm_get_self_attr); +COND_SYSCALL(lsm_set_self_attr); + /* security/keys/keyctl.c */ COND_SYSCALL(add_key); COND_SYSCALL(request_key); diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..59f238490665 100644 --- a/security/Makefile +++ b/security/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_KEYS) += keys/ # always enable default capabilities obj-y += commoncap.o +obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c new file mode 100644 index 000000000000..ee3881159241 --- /dev/null +++ b/security/lsm_syscalls.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * System calls implementing the Linux Security Module API. + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * sys_lsm_set_self_attr - Set current task's security module attribute + * @attr: which attribute to set + * @ctx: the LSM contexts + * @size: size of @ctx + * @flags: reserved for future use + * + * Sets the calling task's LSM context. On success this function + * returns 0. If the attribute specified cannot be set a negative + * value indicating the reason for the error is returned. + */ +SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t, size, u32, flags) +{ + return security_setselfattr(attr, ctx, size, flags); +} + +/** + * sys_lsm_get_self_attr - Return current task's security module attributes + * @attr: which attribute to set + * @ctx: the LSM contexts + * @size: size of @ctx, updated on return + * @flags: reserved for future use + * + * Returns the calling task's LSM contexts. On success this + * function returns the number of @ctx array elements. This value + * may be zero if there are no LSM contexts assigned. If @size is + * insufficient to contain the return data -E2BIG is returned and + * @size is set to the minimum required size. In all other cases + * a negative value indicating the error is returned. + */ +SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t __user *, size, u32, flags) +{ + return security_getselfattr(attr, ctx, size, flags); +} diff --git a/security/security.c b/security/security.c index 5a48b1b539e5..94b78bfd06b9 100644 --- a/security/security.c +++ b/security/security.c @@ -2176,6 +2176,118 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); +/** + * security_getselfattr - Read an LSM attribute of the current process. + * @attr: which attribute to return + * @ctx: the user-space destination for the information, or NULL + * @size: the size of space available to receive the data + * @flags: special handling options. LSM_FLAG_SINGLE indicates that only + * attributes associated with the LSM identified in the passed @ctx be + * reported + * + * Returns the number of attributes found on success, negative value + * on error. @size is reset to the total size of the data. + * If @size is insufficient to contain the data -E2BIG is returned. + */ +int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t __user *size, u32 flags) +{ + struct security_hook_list *hp; + struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, }; + u8 __user *base = (u8 __user *)ctx; + size_t total = 0; + size_t entrysize; + size_t left; + bool toobig = false; + int count = 0; + int rc; + + if (attr == 0) + return -EINVAL; + if (size == NULL) + return -EINVAL; + if (get_user(left, size)) + return -EFAULT; + + if ((flags & LSM_FLAG_SINGLE) == LSM_FLAG_SINGLE) { + if (!ctx) + return -EINVAL; + if (copy_struct_from_user(&lctx, sizeof(lctx), ctx, left)) + return -EFAULT; + if (lctx.id == LSM_ID_UNDEF) + return -EINVAL; + } else if (flags) { + return -EINVAL; + } + + hlist_for_each_entry(hp, &security_hook_heads.getselfattr, list) { + if (lctx.id != LSM_ID_UNDEF && lctx.id != hp->lsmid->id) + continue; + entrysize = left; + if (base) + ctx = (struct lsm_ctx __user *)(base + total); + rc = hp->hook.getselfattr(attr, ctx, &entrysize, flags); + if (rc == -EOPNOTSUPP) { + rc = 0; + continue; + } + if (rc == -E2BIG) { + toobig = true; + left = 0; + continue; + } + if (rc < 0) + return rc; + + left -= entrysize; + total += entrysize; + count += rc; + } + if (put_user(total, size)) + return -EFAULT; + if (toobig) + return -E2BIG; + if (count == 0) + return LSM_RET_DEFAULT(getselfattr); + return count; +} + +/** + * security_setselfattr - Set an LSM attribute on the current process. + * @attr: which attribute to set + * @ctx: the user-space source for the information + * @size: the size of the data + * @flags: reserved for future use, must be 0 + * + * Set an LSM attribute for the current process. The LSM, attribute + * and new value are included in @ctx. + * + * Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT + * if the user buffer is inaccessible or an LSM specific failure. + */ +int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t size, u32 flags) +{ + struct security_hook_list *hp; + struct lsm_ctx lctx; + + if (flags) + return -EINVAL; + if (size < sizeof(*ctx)) + return -EINVAL; + if (copy_from_user(&lctx, ctx, sizeof(*ctx))) + return -EFAULT; + if (size < lctx.len || size < lctx.ctx_len + sizeof(ctx) || + lctx.len < lctx.ctx_len + sizeof(ctx)) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setselfattr, list) + if ((hp->lsmid->id) == lctx.id) + return hp->hook.setselfattr(attr, ctx, size, flags); + + return LSM_RET_DEFAULT(setselfattr); +} + int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { From patchwork Fri Apr 28 20:26:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226783 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00294C77B7E for ; Fri, 28 Apr 2023 20:28:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229819AbjD1U2l (ORCPT ); Fri, 28 Apr 2023 16:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346116AbjD1U2k (ORCPT ); Fri, 28 Apr 2023 16:28:40 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 529EB1BF0 for ; Fri, 28 Apr 2023 13:28:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713718; bh=3rrx2/4CPchvROU7XfPjU63ZFDXsxZuUk/9nazGCq3E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=oiN6rQSlVNOINNLUDvFahlFzE6OaW6ivEOwn3XEmFGJ0TkzELD5dEy+mw78yb1mMdwudcFmST7KGuj5nSxPfjiXTYU+evfrM/TPKbp3BGMHR2SlSHjmdbGKSUWPdvbPY5g32ePYkpZFNAgmE9si8XHnzebMwnJTK1HHfdwG6W+q4+aopgsWEizDV9ADckQFpfCs1PjLypRPkRmTOv/v8AoCbWT8GYe/qyiepYT2QG8y7BrfRRDdvQLmaKLn0PH6VUCPBmoQnoFO8oPciRcCSh92EkTHu5hsS5oEuiThhr1Z6YbvNtLqY+XiGHSNL03zRuWBfsKQFzdio0sjK06GaYA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713718; bh=lJ0QVD5wkDil+YgIbx19IPl2Vyf0WCSRCNhQ8pYXfiu=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=hXMQeLB4qPzS8pzTB/pzxV5ZL6RuZnOVehzz7xAJZab835qKvP8vohurf2PBG4LllbmT8N/kr6GQYf108wmDV3Pmzd5O/AA8P43LbzBGc17ioZzzv2wFP6R41kjaP4TNBi+Tw1hFbAH7tgkVoJnDDUMBx3Dtpn/tVU7X97ovBIQFlFVo9wffbzdQbtPW6yltUzYoCrWg/9VTlchWncf+t/9b2JEUUvtIjOszwiK7c77BlzrK/0KmqJD/wtIsbgsHIq20+cuPBoxytyh9wKbuaitMm3lNbB0rgE3lJgeDJYPDpNQahUXQgyV69NxUPptFrNz26yL25Sqlp0awgQzCvw== X-YMail-OSG: _7O72f8VM1nHW5HLy7KME2Hsa67vEzsSvgGv_iVXcWQR62mqtj6jJVOCS7qjIoZ KYNIGi8CEv9333NWNEUeFYfyrOBILADInQgmVwOk.D77arzZak7y9YHX9rOVnQLa3qyalLFnrJWy 8wn0vfwEJWxC71jlzCFXwD44TcVcfqJN5Ep1GlsuqjbOTpNvKDjtesuJriEGEKJG9EP6D2q5wrun tsaPPjV0zlmCDRQHyvCfctP6xw7w5ZEvodguVJKb.2mvbmR2uTkTGjHjCtmKwjUWxL4gkE.3XOQd .RDaCkE2KpTzMGyFl0ma1BkhBj_ULlC5Tnmk0_._.OpMJqCO6.HkfOPQ_XaWDIQD0A9vp.2rQVQX pSNODyfK0Bd6asO7_DYYifsEpgjMFtYHJSUR8TyQRSmjwkR2yrYU7eJmfKowt1Em9lHlo3dH0gx7 SUnxyR3pnXPwQw68CW8CQwkBArGRx0zC1KlHVaTN0wfX5zKO0m2f6Li9Jg9X1le8hSouGPtwOEQZ b.HUJJSFOiB_0sjIiCPUKllYwHKqZMNybgCCjdoyn36TILkAVFCWjQDyzRwrVsN7I9UfSOxDisSX BqW11e2TiXSvrLnUeRzBBwzbMax2FzSsgqf4MpzFW.ICfEPse8UUUdlRXKbA5TpC2dZQfHGdXkZ7 7zsL_eQgHxuZSLkfl4KY0QkAELBQcXgwngfqJX3M1YJqHjaAQKlUlD5xuhVBeOTBNQCy74TnMa1q 16ECkn.EcYQ2Uo5I1uexzFXT6.re8TovxTTBAwFq1xBZcO0JryvFnDN8eVi8L72G0GmVOPpaY4Cc 5mhqTnIESAbIYP1PA70xGc0qG39j__mdNhTw12eEQYqiR7rRBuQBdXaAb1ik9Ibqjpd9e2R2CtOw 4xXdXd1jXhjPiLV534g8LrU2lgjaKff0bpckMbMj32BxYkRQc_OPCdZtqZbsKkEi7grZAyyFqpYh EsizJq4s5s6SvR4VC9xLgWBkvaNbFPS4LtRssCPMn6nFpBmkcNooRidIp.DjP_ygMtpvaFkBEaa2 9sWyMM.iugnfYTPHegTTHx3ab._P5j8wIqbvxAAgMPIlQNJ6845LHJgL.o3fKlRDCRJKF_Ynpj0a w.146UcguHD.8F2aqMYZGuMQDFSexvqxM7IoLHX1unDxtkxCBVDuIIrtZZJTswbANQWxW1D7F7xp zIKofnqIe2AJmkBbQcOt5HpEJB1O4jPUxZ.9SkZ6lQ4XNnOQC_AvTbC9eybjqpkIkL_Yekx0Pf.H aiI9_JYLJKhTvdnl4P1l2VFaxTJVvOkgFDwSPQ2tJIoEytQez3s8t57pvBOOUu3WIH23.EgKPMK6 bDTDvxZn9Zah4oOx6yUpo5w9aXm5ac2WPoPFjBlgM9FynLyql8Ycg8bGLGa0MpAZ5V4xeeSbuSTx 5QPuvH8.Wc9h.fboDsIP5wRmPApK7nBwbh1tFTQSVKeooBEJMY3jjxegEbHGIk.hIvGHIg_ghOwV M1Zrd0Me.XiapyRMFU1zd5tXBMaOf8pZh1rkhJzqyTle3zHxcXWPyoIwgevJxAfcTopDB6Qflae9 lw4lpczbhUmipZvkAdQIPDl_UBYUBMf.fx1fZuKSSCz6w7d5scl9JUBWPiejFb5ghdwO3gE72fMx FfswJv5ng4avFckOTzpzrlrUn0Y43lp6w.YxVXnQrg56Qalf39Bsnch2yex_jvPdP4LZbYyd9Xqn WTYEtOzO4vH6sWsW0NBoF0KlqH4YOvCJt7ROGFQoAUHgfnPrjYkwPrteKCHu4sodmUnyRx8yx9gI i1c1yHRp1HQyoM60G68L_AHyGWOrWY8lI0Hp6kg9TlTLhX7rHxtejEeLYiHy_P.KwnSAchMkXgno 2KBRUUZWmvOe4Mm7tf2z4dLj4V3tgCGSn_Wtn5r4ShK9QiYrEk6KvkMSx5qwPCnuWsPz7LEyPynF Za5939cTj9t1VIWdBqt5IYPk1AAFGNcOP9tDdJl_dJPWBwNCTbc_Qe28DVMvAh_JZEje4Zk_7nLz q5D3kIHbvvbfkZB9anIP0CpR7uG6ZTZGwy0rK6kdC.8m6vd8ba5pTXw1Xp_TgCx_H760VifETvCm h7dUj8JK_JdyBuaqrDMnCIXdDlNKlcirtG4aB3dN72dOA5PaR_YeEJVNaGN3W4xUJjzChHIf5rK9 .lXglJJR.n.ATJXoXLiLehQ5Hls88O.5f2RsmhQD63GXz8VMCQMZbsbqVFbBOLxJ5.SXfrBFgnSU .UhOYt0HzPoXR6S2OOvLFQ2SxB8Ba4BC6otYjwBJ1toDn.5hKqbbY3A4vx5LtFS4Jjbm7MdCNd1d eVHIal39.dg94BqwACCY- X-Sonic-MF: X-Sonic-ID: b45a82f2-6dc2-4956-8fcd-1d405b8b8989 Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:28:38 +0000 Received: by hermes--production-ne1-7dbd98dd99-tcjjg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b58a5884cc254441b7169bc1ab603d8d; Fri, 28 Apr 2023 20:28:35 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 05/11] LSM: Create lsm_list_modules system call Date: Fri, 28 Apr 2023 13:26:45 -0700 Message-Id: <20230428202651.159828-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include choosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index e6c3f262addc..9edae18a2688 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -63,6 +63,9 @@ Get the specified security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_list_modules + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 9a94c31bf6b6..ddbcc333f3c3 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t *size, __u32 flags); asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t size, __u32 flags); +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index d03c78ef1562..ceb3d21a62d0 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); +COND_SYSCALL(lsm_list_modules); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index ee3881159241..b89cccb2f123 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, { return security_getselfattr(attr, ctx, size, flags); } + +/** + * sys_lsm_list_modules - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, + u32, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +} From patchwork Fri Apr 28 20:26:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226792 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFC3EC77B61 for ; Fri, 28 Apr 2023 20:31:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346634AbjD1Ubf (ORCPT ); Fri, 28 Apr 2023 16:31:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346638AbjD1Ub2 (ORCPT ); Fri, 28 Apr 2023 16:31:28 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C21F1BF0 for ; Fri, 28 Apr 2023 13:30:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713810; bh=mXOixrgll6cVOviBFIZW1CU4gIjyQkuFml+qMEmEM8g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=hW5Vtq945MXKTTX9F/uE5fAEJaqGZf2/LsKEamAZHckO5NGn/31DcU5Tv3Ag8AUB5Lc0g4PpUSFXR+YE9V0kasVSNJc5pTVmeqM9fNSYlpGO86yvY629bT9A61BlIevnjg7yQn6wrL0WNGtEqc4GxWJAcQ2LF6mCZ7litQ69hRCa1u38395LxMqcpt2QjGA3SlrojuHh8TblI0a49gRsHsXzLWoxvYnER6w0z+zPE+6VqW4x1O8HM846VU8HMBeaza8XZl2/SfOsbkJWA/vamtBRDr/At/e5yeXgq0FalPK8Tmf4BUfdudUal1rCW8EPddSmy9PW4NDioC+w2hmgkw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713810; bh=CarAmnqGuybMqmlhIO/v80Juu8fULu6h88aUUxIuQFf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=bWjSI6etmqkZqVpYUGrDSUbSKR9veagZmZPSiLX2OudGarDL014gP6BZrESUXaIhSlahvN8NYnDBB1Wy9fqe2fECioNxtgcvEjQgx7t6B0DS53aKuUhrQ0NRrhLc9v2i+7Hm3f4hWkJlGKNd4l8aqLleVWHsf2NJpcqZt+aSU2adOnsFlmrWK3znM3swv3dA5XGtth+56z3qAZsvQuBJT1rZFuwQDuy9JAU+voyn8Zpb5iuheDynS/Hh7YmwkmftigRagQFq5bh3rOGC1RKeT6/c4fotr6q5grSe3yPRBVTpW3KzzHTFXn/KsmRf0nWs64sLTKOgAFQlHT3u8jqVdA== X-YMail-OSG: SodbxGIVM1lP9VgDjPEMWopMFT3BGMLqWZ0emSoJUDJcceOoajL1G.JIjuxnz0T YnU7mut2Zh.I8MDjOV5TdmrASTXcVr27KkKDi_oAkhoEjO48WZo.HfDpWhMoeb6aUYm_ls4yVzdr cilpUsoxsYt18gxKdgGL7ZuiIQKh3JdoYKQqzU7TtCmRpF2_dTHgmfNkMnyuRd4RW95Pw0O3wqf0 bP05fXhMSUuM3oTPP8yhvd7eAbwtKveMS.Lp6Z0thyiEH59.Wq8IVgrgDkW0cbUxEPHFcnujFO5V qBtDOwcPMgc0DDHridtMzmqBjiB8KModlReNXXaGXEKQYT8Ixah.8Mlsk0GDqElWJq7b0W0B3LzQ vp7PsUlfZRnW0FLLh.6uFvWoU8EZt40tKpCWdA.U9Asg0bwCHqhL4vjPGpaIkyssJrIYORtPCFJe tg2zVYbPyP9Z6nH788OwZGTLxnSRJTmUxSG2wPjK7FnbbzJ4q7orALWkEWv.xkorvIMom2ouBWaO PgMKAQB_YQP1Ho1M3B2nEjS9GLM59cssgu1J3oPintrbRu3hUcK0PpFuLnAtN70QZzLXYWAs3s3r jgo_t_xAXRS.UpMqPGPppFobmb1EaYqyybgZAQC4ypn4gK8SymZV_ONLhwzEJzyL1BQcCInbOIm6 miEITBXkEJ3Jou83rexry2qvKANa27mSrYwRUwEOSQdILLGM_er1j9EqneqVzgTgwIaWt4Q8aEcS YQHDPqmXSqAQ74wN_SNoJgJphK7eLGAd0ZNnFAIjl7Ri4JgkmuSWDBOXIQGPRFuMKPDvhshHZsNR m4o0ozh0_Yc7NHKJjhi6LBBGcQiOrxzp4DMSaWRqM5tOIpSGORdSCuZv.4Kt5AkQJf37RdfNo_cl HDLDZOBzkOoEdYfw8zkDwwepH1PUmxcHgiUegScFiYZa_SJhMHRODUcXXpxTPdjwX5Fv_OUpKQSF ExuJte8G_LXAsN059MWV672_Bq71amK_QEd4gs5xS5IVtaWfELNf9FrWjJCbeBv.wbOtb_kr_HH8 MsIAEJHls0z641Zl6HY2Jcv5biUPPwYH2LBpxHx1iM3Pl6qmU6T6AFl3R0RreyuVCyyxmq.OunlZ fP.z0wzNWviWswihLoqXo_1WZ1cFU5kH9BeG.sApF0pq5NOo6OQ6gBTmv0oDvcKMCpS5nVaOhXjo 9VHHImboy14HxDaratMuPpPxSLw7CpcFV5FmaLrHNHx0HZB9k_L39XU0cLJthlLlYr1YLAMalGNK trrItRyblB5M8xwRiwwxQ1_kLoutcy2xIGNZC5X2N6Cq0Hj.ejlvNK6gwYiG7yn4iTdVktRSJ439 fYR3GW9Zv.DZY4aWJEp4TNJ4Sbvg0PS.bP_QYjmSygbOmhQnTQ906vz6sBk5.HOISChG02uoFty0 Cdeney.fyOoqs0FBRXzLeK1r9dyP2lX2qoo0SvA6oc3uUk_ZpT_whEzbQ.J1rpXBhOsLXftx9pDO 5IPhwrz_AncVdTuuwetjuLjzEEBkEPb4FobI.3JwR6uDhToNf1hk9XB2SRIIagLGZSN6jfRLNESf ZVq6Ege4lMnE_ZKhrN.dVfHYqCPIKRuAkGgdhMqfYapN5Zm_IWenisy2g2nRsQjCDtkhYc1vGu2v 1XPCCLkqh6ANoTR0HuJCz4GOH74LDDBCqatAHkdvgiwY_gYEZMMDGG5VvQwlYgIWHBndC0210Np4 9xSf4SMtrEvuD8LU3SLWv_3yr.y_e1uZV3TaLwu1nCmR79HhcWtULoCLOWQJLxHozqgUn_a6FWBl yoUMQai09hzxO1ZjLhAGCG28245GB9RCwpftD2G6AvkH9oF2FHFR5Tk9krzjDns8WWZ.UqGCnksY 6K9TL_rrmxe2OZyFTZNSJnis0CA24aB8JSO92g8lMlJgMnKJ5SjCLnyuKjpxhPK0W7n9FdfGu16P wsrLPAFKJpv6am6QJTWGgULks65hVB9SW9AjivQMHGoDoGaufmn32bB4jQbnZ9ZTUCdlynLjK.My g7nPEx0t0Fjj2sGx2N5Cq9MP8.nujuz_vPItarwtrZL69SYr_nMYwlTkMmNO97dbWCDnUJxRoAsY Q.H2R2b_.4VLRt9o6FIzmwmQMFxZncp2EjHFJNBavZfLkKAygJ6w9Vdr6IIJyKnmC2y_0Y8nDndC YnBw2kBsQUNHXC0va_4jmCMA4sDCdsiYAnYrpanEfPndvTcJf4_BA8EWWcSIV2SSXNqkx9sepxQ2 C0YvtPXckCCArD98b.pftXZ72CnxYGAyYyp_IOGIFeOHzO3m7rhAQyQOX9gbHqmajC0Z4fyKo2XT FlEf.egaifbquGcqBDzgZ X-Sonic-MF: X-Sonic-ID: cf1f23a9-b714-46f7-a0b5-f26a9314e2fd Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:30:10 +0000 Received: by hermes--production-ne1-7dbd98dd99-84p8v (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 16afe408a2c159011f8a869d3993f797; Fri, 28 Apr 2023 20:30:08 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, Geert Uytterhoeven , Arnd Bergmann Subject: [PATCH v10 06/11] LSM: wireup Linux Security Module syscalls Date: Fri, 28 Apr 2023 13:26:46 -0700 Message-Id: <20230428202651.159828-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Wireup lsm_get_self_attr, lsm_set_self_attr and lsm_list_modules system calls. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Acked-by: Geert Uytterhoeven Acked-by: Arnd Bergmann Cc: linux-api@vger.kernel.org --- arch/alpha/kernel/syscalls/syscall.tbl | 3 +++ arch/arm/tools/syscall.tbl | 3 +++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 ++++++ arch/ia64/kernel/syscalls/syscall.tbl | 3 +++ arch/m68k/kernel/syscalls/syscall.tbl | 3 +++ arch/microblaze/kernel/syscalls/syscall.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n32.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n64.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_o32.tbl | 3 +++ arch/parisc/kernel/syscalls/syscall.tbl | 3 +++ arch/powerpc/kernel/syscalls/syscall.tbl | 3 +++ arch/s390/kernel/syscalls/syscall.tbl | 3 +++ arch/sh/kernel/syscalls/syscall.tbl | 3 +++ arch/sparc/kernel/syscalls/syscall.tbl | 3 +++ arch/x86/entry/syscalls/syscall_32.tbl | 3 +++ arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ arch/xtensa/kernel/syscalls/syscall.tbl | 3 +++ include/uapi/asm-generic/unistd.h | 11 ++++++++++- tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl | 3 +++ tools/perf/arch/powerpc/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/s390/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ 23 files changed, 77 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 8ebacf37a8cf..178e2792c251 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -490,3 +490,6 @@ 558 common process_mrelease sys_process_mrelease 559 common futex_waitv sys_futex_waitv 560 common set_mempolicy_home_node sys_ni_syscall +561 common lsm_get_self_attr sys_lsm_get_self_attr +562 common lsm_list_modules sys_lsm_list_modules +563 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index ac964612d8b0..9cda144f9631 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -464,3 +464,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index 037feba03a51..6a28fb91b85d 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -39,7 +39,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 451 +#define __NR_compat_syscalls 454 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 604a2053d006..72022ffd5faa 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -907,6 +907,12 @@ __SYSCALL(__NR_process_mrelease, sys_process_mrelease) __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_list_modules 452 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 72c929d9902b..c52e9d87f47d 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -371,3 +371,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index b1f3940bc298..31eac3c99d84 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -450,3 +450,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index 820145e47350..5037fa1f74b8 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -456,3 +456,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 253ff994ed2e..29545b3ec587 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -389,3 +389,6 @@ 448 n32 process_mrelease sys_process_mrelease 449 n32 futex_waitv sys_futex_waitv 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 n32 lsm_get_self_attr sys_lsm_get_self_attr +452 n32 lsm_list_modules sys_lsm_list_modules +453 n32 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 3f1886ad9d80..8492aa4a771f 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_list_modules sys_lsm_list_modules +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 8f243e35a7b2..d74fd86de2a2 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -438,3 +438,6 @@ 448 o32 process_mrelease sys_process_mrelease 449 o32 futex_waitv sys_futex_waitv 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node +451 o32 lsm_get_self_attr sys_lsm_get_self_attr +452 o32 lsm_list_modules sys_lsm_list_modules +453 032 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 0e42fceb2d5e..d1a5f3120d6c 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -448,3 +448,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index a0be127475b1..a414fe8c069b 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 799147658dee..96b7e6b72747 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 2de85c977f54..1a75a599bb55 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4398cc6fb68d..80b165091f6f 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -496,3 +496,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 320480a8db4f..130f9feb9eb9 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -455,3 +455,6 @@ 448 i386 process_mrelease sys_process_mrelease 449 i386 futex_waitv sys_futex_waitv 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node +451 i386 lsm_get_self_attr sys_lsm_get_self_attr +452 i386 lsm_list_modules sys_lsm_list_modules +453 i386 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..96dd45bc5988 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index 52c94ab5c205..2610aba19802 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -421,3 +421,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 45fa180cc56a..93f89fb06ef5 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -886,8 +886,17 @@ __SYSCALL(__NR_futex_waitv, sys_futex_waitv) #define __NR_set_mempolicy_home_node 450 __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) +#define __NR_lsm_get_self_attr 451 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) + +#define __NR_lsm_list_modules 452 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) + +#define __NR_lsm_set_self_attr 453 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) + #undef __NR_syscalls -#define __NR_syscalls 451 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl index 3f1886ad9d80..8492aa4a771f 100644 --- a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl +++ b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl @@ -365,3 +365,6 @@ 448 n64 process_mrelease sys_process_mrelease 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 n64 lsm_get_self_attr sys_lsm_get_self_attr +452 n64 lsm_list_modules sys_lsm_list_modules +453 n64 lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl index a0be127475b1..a414fe8c069b 100644 --- a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl @@ -537,3 +537,6 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/s390/entry/syscalls/syscall.tbl b/tools/perf/arch/s390/entry/syscalls/syscall.tbl index 799147658dee..f9257e040109 100644 --- a/tools/perf/arch/s390/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/s390/entry/syscalls/syscall.tbl @@ -453,3 +453,6 @@ 448 common process_mrelease sys_process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index c84d12608cd2..96dd45bc5988 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -372,6 +372,9 @@ 448 common process_mrelease sys_process_mrelease 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node +451 common lsm_get_self_attr sys_lsm_get_self_attr +452 common lsm_list_modules sys_lsm_list_modules +453 common lsm_set_self_attr sys_lsm_set_self_attr # # Due to a historical design error, certain syscalls are numbered differently From patchwork Fri Apr 28 20:26:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226791 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 602B0C7EE22 for ; Fri, 28 Apr 2023 20:31:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346583AbjD1UbR (ORCPT ); Fri, 28 Apr 2023 16:31:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345702AbjD1UbO (ORCPT ); Fri, 28 Apr 2023 16:31:14 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 796893A8D for ; Fri, 28 Apr 2023 13:30:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713810; bh=lQV4qS4iAA6JHAaUPQfN8v1+i+4alOLehWL92wPtJI8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=VJMSF+G63FPYv+EzPs4zgyGfUwYljnMv//V5Q8xFlRuf0RfsPI6DPfdhzEsf+8a4A/yLxk280mu4AQZDfu6Eg7V2i+EFcpWryVihv9cpYG4zExqU+nUq8IfqOmCkgjagvU2G6w2Ioo+ycIxOrSrmV2dliE1Xw90Qe4gnqrbmVLyX/H2Ec437MddkZucXWiVQjKgsDSSaUhIdBjEEqGroK1yMpemUIIQHmTgPxEscmV97oQyi16MSumAq7EcjCnobc/A4FMLqaXo0Md09sKW/V7UTa+QcyTkgmKAO+x+1g4QL/aIz5f6p6smb7VO1nsfaTTom0OsrBWAOnEXAM6sXDQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713810; bh=sI3IyCxe5MrqDWFbKc7Dx5Od3LU0ApAfdJSTAKsS5R0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ns2Gw5wC9UeO7HpzbBP+gdE6qyz9sKcMXfbRMnScpx++GG2gMGBy1kebX/ZE1qMvmFCBp4a60F3VlgoV/NR9SiqUql8E8tFgnTJECU/RQx6eaG9qnYthxiBCOTXnmkyY2/5NwQdHBq+hQ2I/Vz4+HGd6ZZCX5tqWOBQq+cJ4SpotqtQOhapd9Wt47hkShIyF1L02hlzTyjTz1xYGx16N8RWLv/P5E5gPKf1BgOMfn/jNWb5ROJrXMP+4r4qFm3iTx81la98V0qDrl5WPmcqXjTq9gDDCh+35VrFEZh6+4vUuS8QPN5GXPdz1HrXLC6y2Bgw3xXXNJBvNX7VRKmB1yg== X-YMail-OSG: saad7NQVM1m16MBQ1lkoGZRGnmRKqD.ZqS6AU4n5TDtR1FHxSmbw4xOusFRqHSS BXRqcriplXreczI3mADA23a1EQj3saNLmfDtKMEmvB5hbJeSJ7wWIpXIlH4nZVUYTT7BqhCaDZf6 kzRlqfpkkiXLKKM90aIxQkNUY72pUpqg0XSYCYsxoUXOw0Rco71kZYRxoAOT6isqSrNI58yN4ZYR y.RUxxyQsHeRAF1WhAAc_oOXgda58wFIfmPPmzV7z_mEeB5FjuTNxVUX_bKSHli3Jn5rur2kfXxl RtJ9oGbnfX9ekhpU90Dis5QKlzyp3Rg7YqJLjhq10sTO9j6Zt.wKmHOMZAHfRImxus1qzdclqfhu rE5masRMn31Tb5CxGXBDlA_2ost.y1cfiptFdE8Rt96jbUFzjkDAwlR41lVY2SOoGZ1_Mh5wOTEe vIXK7uydVS.bk_Ozyde6nAmGZ1qqKJ3FrKBoA6VGIYs5SMyr1chsj7vJl_a.k28VWdF4pK0G4gxz 6UI9U6le4ijIQPUW.CETXQxNWD0f5FEL2m.9k4T0k3_DbZEiBndrJ33hxs0WjOg8H2R5HT_aV._j ZUu_Zy9BTO8j_wI71Uo8OyJ6uMO.Ihi7Fzg8qDlYA0aZVmI1N1Z3pV9Uuxp1VTA4t45QxarLbAkh jwrub_IyA6AoLejjg57be021K1fGzfWf04voZF0eS9vRsuZA0ksFuEvpTQw5_bGiFNmSUNh2Ch8y jA.OPkr9DUQtqFNxNDqKWj.f__LUJ6XJE3G.iEFf4t2mbz4mdFcxRMf3yI.OGTwrvmK_IyEy6yJk WYFmJ2aNpkjbFrjYYobi1Qmtx7JwQGKg3cjFMZLa8AF5gcj1seCjE.AehaoeMSh19DKIrhii5sP2 fkzdM2VNbhzlUAcoEwfvinV2Cv8F4kZLHlYCdVWSKQ_s9HRnul2.nx0.F6bpcgATcTZu2gLZKm.a R8i.coEPfSTXOBFEXgbQq_7_E.7NdiT0LOUBJL72rQee6PENuLwZgcpPweHI4Ic5rKdacAE90jFV wnyLOkxgY5kIckoU4_Gz_2DLNG4n8MmYiUEL.TBC5AWvl2zvklOKsnOV7DFoFRhzpNzjLcu01hwk 87bC.vSUmVtsq3CieRds6NcALxtv0qArHF6qkYO3qVhNaedsrf_1jppJPiAGj.QdytjSitdry1Bj l5r8lNGgpXzlnAf71Huald_dCksfJmJA1Ayd2kGvQxsXyNJMeIALl8uF5MU7q3oaNxWAS3qJ_mDf tmzzS9htZLf4z6zBTlkLZzFirYvLOWOA.rxbOswej3AljRYNXHgbL53mHOfUxHX6PKcY7FvRQrzc CYAMKZwLI6qCvc_27VwZbV.S3J..dta.2RRk0WIMhIxOxuExp2XhRJRW8QTYr.cGYFSLLBmuefc9 NPLAFG._VZ1RC9E9IXmQ.WcjVi6p9R30iEN5aotTxd59JDrsS4MB21YarHfkoEMdQ3TzLFfIgaqx FsxwDe7nblTwOMpxr32BJ0kys2PEcBq33Zpgz2w6Nj2G4Sq6EWZONyBI0edXP60.OyGrCv5az.zV iDfJUVnDafE54VVQ.B7DXJlIS9MEB3o9D8HZp4ld5oGF3enE37jgY0.RkKoJA0k.6jfmNzFXlLbb G8gWPELObpChuPLSnnnGOSIqnkdrntZx4OsnqzR2LtVq8xeYWB9mkolZURiynOWpaweZnejABXxP 59ID.qg10caDyXiu6D__SoJqPVs9lo17oJUYBKEaKaeMxG2cmCXeBjvN2OWVCdq3TgYKXFx2S_Vs _OIKLboHi2MYLMepzSbhEPfSFIGDuobhXg8bve0bMEOTW2iSyOInZwDYijaXAnStmfQmmdOu4m7J j1i7jYJDB8uR3PHXitCgaWAxTfEm4CsiXsZBu82Ndm2s3rht6YR5eY288qrgH1TG63WRPtNyNsRY q.I3K0QlzX3Cbs2PDP7ynKC7DlvhRtDtLlg15Ret4BWztAp1dyfdBw0l2_iOeEqefa7u7RwHOvH5 p9TAZNHMgc8e4ZGWAipysChpqkxc1ZyRqbsvKT3iQ0TK6gFamWZG1mStQnaAvMbvocn9ovVZ3302 f9tL_nusPwterIbt9QUope1iacihD.MtN6IxGNz7fnJI2f0WuhNXr1w1LkcqiOoFva4nOXbP_NEv 83rnJJxYhG9AZiCrjM0Hw7VbQJDlYPpznkGFOIMmPTBQFiAXiEKlLr73gn8hteQ5849bHsbBYu78 NvMr.pMyOeAK8A8mr0S8Sii0PoGzlQ60lEy7EEf3xpsdeokfAwjWqRhn4nAgvzyKv_WgveQSYEC_ w78aGovMgsFHwTAL.QPw- X-Sonic-MF: X-Sonic-ID: 624ab670-8d7e-4b30-b922-5cafcc9fef08 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:30:10 +0000 Received: by hermes--production-ne1-7dbd98dd99-84p8v (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 16afe408a2c159011f8a869d3993f797; Fri, 28 Apr 2023 20:30:09 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 07/11] LSM: Helpers for attribute names and filling lsm_ctx Date: Fri, 28 Apr 2023 13:26:47 -0700 Message-Id: <20230428202651.159828-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add lsm_name_to_attr(), which translates a text string to a LSM_ATTR value if one is available. Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including the trailing attribute value. The .len value is padded to a multiple of 64 bits for alignment. All are used in module specific components of LSM system calls. Signed-off-by: Casey Schaufler --- include/linux/security.h | 13 ++++++++++++ security/lsm_syscalls.c | 24 ++++++++++++++++++++++ security/security.c | 44 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 806bff425af9..36ace59f9171 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -263,6 +263,7 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb); /* prototypes */ extern int security_init(void); extern int early_security_init(void); +extern u64 lsm_name_to_attr(const char *name); /* Security operations */ int security_binder_set_context_mgr(const struct cred *mgr); @@ -491,6 +492,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -508,6 +511,11 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) return 0; } +static inline u64 lsm_name_to_attr(const char *name) +{ + return LSM_ATTR_UNDEF; +} + static inline void security_free_mnt_opts(void **mnt_opts) { } @@ -1420,6 +1428,11 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + return -EOPNOTSUPP; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index b89cccb2f123..0b225adfe5f7 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -17,6 +17,30 @@ #include #include +/** + * lsm_name_to_attr - map an LSM attribute name to its ID + * @name: name of the attribute + * + * Returns the LSM attribute value associated with @name, or 0 if + * there is no mapping. + */ +u64 lsm_name_to_attr(const char *name) +{ + if (!strcmp(name, "current")) + return LSM_ATTR_CURRENT; + if (!strcmp(name, "exec")) + return LSM_ATTR_EXEC; + if (!strcmp(name, "fscreate")) + return LSM_ATTR_FSCREATE; + if (!strcmp(name, "keycreate")) + return LSM_ATTR_KEYCREATE; + if (!strcmp(name, "prev")) + return LSM_ATTR_PREV; + if (!strcmp(name, "sockcreate")) + return LSM_ATTR_SOCKCREATE; + return LSM_ATTR_UNDEF; +} + /** * sys_lsm_set_self_attr - Set current task's security module attribute * @attr: which attribute to set diff --git a/security/security.c b/security/security.c index 94b78bfd06b9..8c877d639cae 100644 --- a/security/security.c +++ b/security/security.c @@ -761,6 +761,50 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure + * @ctx: an LSM context to be filled + * @context: the new context value + * @context_size: the size of the new context value + * @id: LSM id + * @flags: LSM defined flags + * + * Fill all of the fields in a user space lsm_ctx structure. + * Caller is assumed to have verified that @ctx has enough space + * for @context. + * + * The total length is padded to a multiple of 64 bits to + * accomodate possible alignment issues. + * + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM + * if memory can't be allocated. + */ +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + struct lsm_ctx *lctx; + size_t locallen = ALIGN(struct_size(lctx, ctx, context_size), 8); + int rc = 0; + + lctx = kzalloc(locallen, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + lctx->id = id; + lctx->flags = flags; + lctx->ctx_len = context_size; + lctx->len = locallen; + + memcpy(lctx->ctx, context, context_size); + + if (copy_to_user(ctx, lctx, locallen)) + rc = -EFAULT; + + kfree(lctx); + + return rc; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: From patchwork Fri Apr 28 20:26:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226790 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E7C9C77B7E for ; Fri, 28 Apr 2023 20:31:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346554AbjD1UbQ (ORCPT ); Fri, 28 Apr 2023 16:31:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346583AbjD1UbN (ORCPT ); Fri, 28 Apr 2023 16:31:13 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4847C5BBE for ; Fri, 28 Apr 2023 13:30:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713815; bh=LTS1pTx08eLAAQC7xjCKlQuLiNjDTRWf5GssFiZ3X3Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=B2l2KvKED23h1dGN5KkZcK1ENA7EQKwUY5TOhrOmzFH1UFKRwVPaO8qzujIB8x19ysQMZ8d/VfG01ET/sMLCHfmRiDKtV3jfV/yoVQ6CuGTGEOk3pb2XCE56l3uk4jdQKLUJ6+Vekike6iAq2Fd26bVVnESFiXPRBBgeKLoovg+C/mpOsK47TmC0Z2Or6c8Cyl6sdofifJitHA/sreIewJddy6kv2iFkY+V3quKfy7ueDuVOL52zf2OB9O0I6c88YE5Dk5FjE8i00JQzLPVcRHR1X0UOgoXh6fk/cbzcRIVmAErvWoD050Lep7xOYShRUvke4aHaGOYbSoas0nI8eQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713815; bh=K61qB05ASNUS0KyA1Z1+zqg4oqP7sCx8gOGw5i68jQG=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=I0alicrrq3SSI3Z2JbFPwcwO2iYRFYWkAqEsVXDIwFTqRHEsnAH+ecsgv/Cw8rXgvNOba7mxzRYd3tiqEPx2zVLvsVILQXmljLqQ5bYhp9jRGIu2msoJyREDAl86t4hSUwnd1SnzCBr+M7gFso6N/vg0sdwnVlHoKn65oTK/bSAS1Bc3HFGha94emez4m9kUtHW6jueX1ZOdjfJHIb/xh4qgNNPYR7PnKwzwHWOeH7Hu0MDqYaWUTgqXT8LPyK7cxOv5gMYEue5oqO5YO9F91mqz68t8CCQIAQh6A6XrGbKppygtlSZSIE90dEqMmI7pGiGTSoVDV9uub+nVT0rPBQ== X-YMail-OSG: 8WeFgoMVM1ld2d25xpdHurK5moefSlZ349_QumoqrSTfWTJcbyRfR2dPADkFiaP fWsbM91mJqKJ2L.sBKiSPCWB6FKcXVy2jj_RaEQc14lSl4G0SqifTCkTjYLiI.ZXKayHSrooheIg HuQaHMfjBq8ZmgxxTET4x71EDhOEkyEZ4.q89IUhfTNvROVamN08f_It9J0D16_ok3s87Myh6FMT Un7WS0I_QSYQQfqsxCKy0TNntnMyT6tXB9PssOzmsWnoJvmm5jAVc2.01XrRY2c0KZ86e8ETav4Y znnrXQmzAtsJA1sRipt5cT1PUPNWTSUU_R9vi86aCsnRxoCDUqhPCOfD9JqHPol5t9hsnWXdi2UL pCTEfAFsOzsaqRUvhm2REhsMqlSeXY_w_kPBfu1ECHKKEUd.HYUgsyYEqcWxr0XIfXZsDQD28R9J kMMVgf70TQHk1WQe.obrevqXBJYeBJ8C9Hi0jJha_xiYWrZ3VfBvVfkY2.EBjuTL2Opeugm76M3U 7c6JNtkDf6hOspE13M1dg251AnRzFU1c.75caqfSEfEuiGOjY.xeE1yXjFyxq.p1IT5u00Mpt1gi DqZiHxD7ZteqMdx5D9hA9w4X31mrJ5k.wm2ogSMfIQ0Lw0n6nhwAucQqo8kUkccaa0W_thBp79tm uRW7KQFxwb.jbKf8zd0L3AY2GRwolQ8DKiB.RgXh7Iq3eKTBxctf3PoWisk19jJ3gDIZSv1AK5j8 wAAcUwEO.pGa4o7Ij75vOIfBztWWYguuxa2aV4uohk6sTxUSrqUwnr42scmj3ytHPPaY8LrR9zhx tU6d1BMnjDnEMrkEVheKovSILoji9UY.cA0Y0j3FRa1eOFv8OSIK1LUv7nbPFR7tTMkyeVB0yVwi H7tEPzLKApsowjACg8INMzUIj0HFUVqrxcbr8okFxd6dBXuUhRsUxiyMyNe36V0RCZxzaybkYqmV 9RtmYelGDyg9Z_PITnsvkXs2OVWLbnJTwo.4EPMw9g0fp.CYh2p_nFdQbdxV0L3EutJth8zs7CSe pa4r_ffE26q2vKUC8c6PUdkGuW2649Yk27tyAnx1q8QK.81mCxiqHit6TTSFZFlarMB.LO1P7RKy .epGs_THVV8yxHtznNTeCHe4x0nWDDsQXkv0lyGCfdac8qad7j1PiGkSbGIn.JpvSOLoeEqiJq45 S0IRDrJmnXPuSnwGQBmfKM920_X6MAKUjR_r8Rnuv_OF8uprOO9twgtX7v72HeYBqPefTVk1LTfX B9FETLz57EUMlpfpa3i8Gg765WS_HRoiwUC.XACpt2xpZtgKAxJzVUDpe1z.rTRRT21iCeDgC_XK wrv2pRmEJSu_gdj5s3jMV5f9ww13OlkYr7TaEo_IVOloYZJNbIX9ERrzX7QusidJqoW__D8OprR3 yLqtaDfZNjaZfZd2_fE5vTvOfJIkEorZ98674ljbPMIN0sZbYkssrdx7M6IkrobSXGGc8QQoKCT6 rsWTOiK6oPuN4EmT198WYJ0j8SmZdTziZP0XhTqJBckXbZEyBZFt92F_N9K.ljz7RPQpccqX2CDC Hwj_A.dKhkSBRrQlsXLDPKcAg.PW386Qk7w2Lu0Y78WPLBNzgLHvOPT72MGpwOogPlx31.Cne2rK wmnLZcX3B9Bj1bpRxL_.7z4ji5sucldhVBLi8cODYklfbjaQAaOouRFiOchdQB86KImIu7rQ440e BDPDydcOy0Rlvhl1V2kcM.LHx7ejRgm96uASMgZZHtWEaGjC0VkvTyk693xhBS4y9JSowvAnqfV9 4deynFYKI3MSUy2ZHaJ6ury0T8dknHB85fNgMguh7uIm5tInIu0Yj_QRkQQ1.Dw4FHLcDhUs5fGa JsdHzXl.xVcu7Ijkn0IGsWHLWR.spLzpxR4IcwsxZI3q95prjbaz4tSq_nMstQCuik5R5bI6kern lSSpN1kEFBr3lBG9.RIf3OevPf.Kva3OpT.B9tyA5eexctsfRoOCd3OnVPt6tIDSZn3c3uGLAlG8 iC_NOte1aMHGvl6EKvtAZqFTWyJPZS8n0TX7VgTWf4XZVk3eBnbUWwINHmzrxcTZY23Di_gr9OCB L2j1w4EReHTBh.w68QB34VyT5p5uYGHWyPNYxWe_6TQdm.eKk0xYklo4defx8.wMfBNwbUJ2v89s lpFo8yAldKKuf5.f5UdnyqAU05pDfNASUEvkrVDaCxrpKW_k5nn2vICa7VDZpnsKLYAKox5M2Km3 hWty8KhOwv5iim8xSgVEz6WkF.9pRPw56KF4oGc9VbaK398uYccnZhtftvtRWT9pGIRYDn5HjxEy UbJdRhqZso.k0979JOdiG X-Sonic-MF: X-Sonic-ID: d4cd15a6-7c45-477d-b4de-b268498cda4a Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:30:15 +0000 Received: by hermes--production-ne1-7dbd98dd99-84p8v (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 16afe408a2c159011f8a869d3993f797; Fri, 28 Apr 2023 20:30:11 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 08/11] Smack: implement setselfattr and getselfattr hooks Date: Fri, 28 Apr 2023 13:26:48 -0700 Message-Id: <20230428202651.159828-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Implement Smack support for security_[gs]etselfattr. Refactor the setprocattr hook to avoid code duplication. Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 106 +++++++++++++++++++++++++++++++++++-- 1 file changed, 101 insertions(+), 5 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0b466d3b31b7..def13357156a 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3552,6 +3552,45 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) return; } +/** + * smack_getselfattr - Smack current process attribute + * @attr: which attribute to fetch + * @ctx: buffer to receive the result + * @size: available size in, actual size out + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 1, the number of attributes, on success, an error code otherwise. + */ +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t *size, u32 flags) +{ + struct smack_known *skp = smk_of_current(); + int total; + int slen; + int rc; + + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; + + slen = strlen(skp->smk_known) + 1; + total = ALIGN(slen + sizeof(*ctx), 8); + if (total > *size) + rc = -E2BIG; + else if (ctx) + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, + 0); + else + rc = 1; + + *size = total; + if (rc >= 0) + return 1; + return rc; +} + /** * smack_getprocattr - Smack process attribute access * @p: the object task @@ -3581,8 +3620,8 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val } /** - * smack_setprocattr - Smack process attribute setting - * @name: the name of the attribute in /proc/.../attr + * do_setattr - Smack process attribute setting + * @attr: the ID of the attribute * @value: the value to set * @size: the size of the value * @@ -3591,7 +3630,7 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val * * Returns the length of the smack label or an error code */ -static int smack_setprocattr(const char *name, void *value, size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; @@ -3605,8 +3644,8 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (value == NULL || size == 0 || size >= SMK_LONGLABEL) return -EINVAL; - if (strcmp(name, "current") != 0) - return -EINVAL; + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; skp = smk_import_entry(value, size); if (IS_ERR(skp)) @@ -3645,6 +3684,61 @@ static int smack_setprocattr(const char *name, void *value, size_t size) return size; } +/** + * smack_setselfattr - Set a Smack process attribute + * @attr: which attribute to set + * @ctx: buffer containing the data + * @size: size of @ctx + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 0 on success, an error code otherwise. + */ +static int smack_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t size, u32 flags) +{ + struct lsm_ctx *lctx; + int rc; + + lctx = kmalloc(size, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + if (copy_from_user(lctx, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = do_setattr(attr, lctx->ctx, lctx->ctx_len); + + kfree(lctx); + if (rc > 0) + return 0; + return rc; +} + +/** + * smack_setprocattr - Smack process attribute setting + * @name: the name of the attribute in /proc/.../attr + * @value: the value to set + * @size: the size of the value + * + * Sets the Smack value of the task. Only setting self + * is permitted and only with privilege + * + * Returns the length of the smack label or an error code + */ +static int smack_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * smack_unix_stream_connect - Smack access on UDS * @sock: one sock @@ -4955,6 +5049,8 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), + LSM_HOOK_INIT(getselfattr, smack_getselfattr), + LSM_HOOK_INIT(setselfattr, smack_setselfattr), LSM_HOOK_INIT(getprocattr, smack_getprocattr), LSM_HOOK_INIT(setprocattr, smack_setprocattr), From patchwork Fri Apr 28 20:26:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226793 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1469FC77B61 for ; Fri, 28 Apr 2023 20:32:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346578AbjD1Ucm (ORCPT ); Fri, 28 Apr 2023 16:32:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346125AbjD1Ucj (ORCPT ); Fri, 28 Apr 2023 16:32:39 -0400 Received: from sonic305-28.consmr.mail.ne1.yahoo.com (sonic305-28.consmr.mail.ne1.yahoo.com [66.163.185.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CE8A5FC4 for ; Fri, 28 Apr 2023 13:32:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713906; bh=dk6nPx7KI0B1wBtWvhroENMmWyqVzdGGKnyis/dzhBg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=PtSQtJCynqmoW1dol6eTria09gSA/FnJ8i/d1LL2un1x9L4tGAsxm5da8kb99JoRatvq/NP0pjXf4BrgANnke6YF7zPkSZB+4l5vr6hK6rsqMVNJ/tSdZoVu7yJey9avf6HcLi3d5qlwmiPE0kJHT2w7aSgL4TYm9TO7yo8rehnAz8y5mrxQjl1gscfGlW08pwMJ1JTccU8CIPhcobPSS5pfnySRaGHGX68h+yJU9169/B8736NwnTpkztPDqMHPQLJ8A/N+eCTWGNH6cL6poj1xXt+PUWvGsQuw8e+vZ5li9N8ivbgo9/sf6y539RAgYlLYTRY4GFB1Hw5qDovI4w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713906; bh=aUZsnU74a0h3SsUmSxGAXkCwegxowrckFUVXcGW/J6a=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=krHcElWzIJlogd10VleMNhUwYauFH2yJ0HjFp0DS9JYQiYYaNb4ZQIyecRDUh3xk3/iwN8btgXngLpqsI3PdPg8iTxw2rPnI0f/I09ZH06SR9s/79YY4Uq5smEja1VYIMC5YsWfWI9DfroDZuvFnnZ7BjCNrKAIlpi8kqJaU1rXEmm14T0o/UtLJyh1Rb0Lko+PqDAMOAHgPMyXu9/cBhV4j7UpAjBICuMOPC5KHdghpG2q7Nw/bDdqBqA9GSR9So1g+5qWbhtCP8QLgQ7b9Cc8bEhMKEu6P7lQYseWq8h4A2sxweqT0699IfGep/Ltkp54BeGK5oiqnHgV//VPEVQ== X-YMail-OSG: OWe0goQVM1mS95TTs0fOT4QL.hBSBawWqOCVczMEGWZGnUEXDT2CAAWJtXh_4_i iCHpevh0mG8cwnZe3wufN4H7hEYSiZtM.10szA2UJsrb.zgMDwI0lEbrkpJ8KL0OBsS42KhTcGI8 3qcL817Si0DX5h92QuIUw.2NJdv.s0vXJxvtk__I.lj4x0UFaKNaBEyT5753t6hrPS6bgEm3DpMV b1j4tiNlMzwBrA0RAs_BjljJ56L_EHD.yFaLkfxDDLduL3I3eWDDWjWXYC5Yp63RPiE4Imh.YhDD muym5RbRvhF0kG1pb9qnN2rRcfbdFsuQd0OSJyK.7kNvlcsIac5qFXJKyls8aJaNS..mhBHgbGpP TsofPoZpPIVGva3wjmCsUHlMCCg9pq341ONa0LUMTwuoTirP9epXBDWEoJ7uzDRhtg1ovlkaQWOq nPMs0BS2HVX2Vt1EPG_7df5YnO7Jm.P0Y6oL2WHlNe4qZmPXUwIF.XDS1MtnQDal81lyfpPYD9GR _NR_T_faSFf8MNQSxPpMtpFIiJWbQ7GbpCuQLDzXbNholO_4ooCpGEINFhOJIPNsm09vC3Zd4U62 nAWBLFvgsT.BplFXSi1VJUJh3dJhdnM_uh8WtVT737DF30t0jLFJa3BE8rXZ8Ez81lqHEwnnMGKn WLcs25Cymk4aXtKuy__AX7UPhKnN1KEF1KoTmiZaOOFEgCy.cQ0Q.KwcAm15MzetiXASx_t77Bqs hN6mWvRlNlTOp1m8cz2b1yl0Acxyv6rycxlNyu3ib0pp7uvIifVLNtgR4jmYVcIIgwVvs.RluF.f b_vKNIYY6ajhdW5xPmWTSEwJCPOAH7ByeVYPN5TvwrKbTqNUg5Q6IErTgrcBIwkdWZsEptF.nNFs Hwk33.2kmzEOtJ1C2lD0KM1eUpPOD3TWuvAZRIlbZaIhxD4HrvVL8YkbKg2SghjfcO99vJCO0nRD mOhjhkyBiEDnDUNSU7_2_OrZ7n2lk5a63w64JmRpgWNIJqp9qLvEIh3PcbtLOw8fOIDzZOFRKxDP a0.ReAQfOE1j3C3_5GsueGQbMe9d3p_nNHbG7uCXv669hVrkBVsPL0o9d9FeUTRsGuNIwVwLInLn j7clBCmKM1P94jP18glEcZAo.Qa5neJ5Q8liTSrNMPd25JinUXOcM7WneOVEMbDORNPvJQefKKJm AIkC88SonPPVxU4hpc5.SS5iaPanOAqemeSLLD7xT4TE_z9JO3pE.yF5Yl13OsjA2JIRNS8LQq_5 h.5eKiN7PPr.6zmuQ2mFb8uv87F5ew7DcXibPGRf.LE_Kr5oq1LZe6GkouYULZod9kvy3Vjv8A2S 7Qbr2wPo5ddpn_YghnCzYicqD9iCYi8t8.tR7UhDgzgiR4Buijx0q5Rxj0J3ReSDqod.9v8MUF09 YlILmuVGyNjM_oM1F.t0gum8NSDb0sKbRg2zVVxg9DUTGv3UCAf434jMUb3BX_0qhy.NRtFJW4tz KjeHMTABzWOYhhYZFp3yhGg6aWvEHd3owhMHVQ1dC8wa4Undzcold5.kQZmjcyHl2i4jZb_H1KCD YkvpJ6K_VvD_vpyEKBDhKwVoUGPp95MalxQH7sIMY_Khe9I.lOd5k_4MNWMsdqN8AjeoCUQMqn2y XbZ_sQ.HdFglR80Hx4_GxymU5GDPnH9qbHaEf2euQ8YzjWLOJQ9imnly3mSnzHPAR3tlT5O0jBQb FVVbWVI74hX7pYjRbFQk5L3VHoRCnnNa6GnvKlFyZGWyftfaJHS0xl8b8YGu.bXRbUQa4UhdZAbD yGXR4Wu2PLF7k7beTRj9N_wbr9oIxmUdcqntZjhU3lvqE7OivVGUru9_ovIQembAWhmhRpUtd2oJ FsYgDvNlnZQZMvVPsVKCtWUw9oFnhj7sKWqwXW5LdEgnSvKg4Ivism9yFiQi4fyph09D0ppvfJUe HKoKdJeBsqOvO7Hmnig1hnH5bddMpOKniuIADuy7UDQWcS9JyBpwxjZTfdsreymAIHt1PvNKC.G2 UMQI6BaZWTlpxJWwLbX5aYJhIajBixR52nlEdnWqc.QJtX9j1dvyUR9r435yKkuCFFM..qVfPZim wseO47uzEJ8YmTdibzQos_fkukmUTl2jWez9kikqY4FNe5ZIlI2egdAAyjOeerHySYYkG2WUu_UF gRQFXcoTLUvamN6nJ19JeWHgX9Je9qIt0yZJep8j7dQYKYteMgwfxyU7a3oKCizi7gIYdQqW0Ak5 ISMg5pD.7ezUkdjagCuzwI7AIqEx1Rh8fJvuUMm245dFnpgkSVYF3G8BI9i1eZ2N3ZftkBOBHlDd M5izpT9GLGnM_T6CixvuR X-Sonic-MF: X-Sonic-ID: e3a094f6-275f-4cc0-8cfd-3da99a302218 Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:31:46 +0000 Received: by hermes--production-ne1-7dbd98dd99-nn8pc (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 8cc315084576b185b2e2f1400cc9c961; Fri, 28 Apr 2023 20:31:44 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v10 09/11] AppArmor: Add selfattr hooks Date: Fri, 28 Apr 2023 13:26:49 -0700 Message-Id: <20230428202651.159828-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Cc: John Johansen --- security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 102 +++++++++++++++++++++++++-- security/apparmor/procattr.c | 10 +-- 3 files changed, 103 insertions(+), 11 deletions(-) diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index d7f22b0cf03f..6e77e885e167 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -630,6 +630,54 @@ static int apparmor_sb_pivotroot(const struct path *old_path, return error; } +static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, + size_t *size, u32 flags) +{ + int error = -ENOENT; + struct aa_task_ctx *ctx = task_ctx(current); + struct aa_label *label = NULL; + size_t total_len = 0; + char *value; + + switch (attr) { + case LSM_ATTR_CURRENT: + label = aa_get_newest_label(cred_label(current_cred())); + break; + case LSM_ATTR_PREV: + if (ctx->previous) + label = aa_get_newest_label(ctx->previous); + break; + case LSM_ATTR_EXEC: + if (ctx->onexec) + label = aa_get_newest_label(ctx->onexec); + break; + default: + error = -EOPNOTSUPP; + break; + } + + if (label) { + error = aa_getprocattr(label, &value, false); + if (error > 0) { + total_len = ALIGN(struct_size(lx, ctx, error), 8); + if (total_len > *size) + error = -E2BIG; + else if (lx) + error = lsm_fill_user_ctx(lx, value, error, + LSM_ID_APPARMOR, 0); + else + error = 1; + } + } + + aa_put_label(label); + + *size = total_len; + if (error < 0) + return error; + return 1; +} + static int apparmor_getprocattr(struct task_struct *task, const char *name, char **value) { @@ -649,7 +697,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, true); aa_put_label(label); put_cred(cred); @@ -657,8 +705,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, return error; } -static int apparmor_setprocattr(const char *name, void *value, - size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { char *command, *largs = NULL, *args = value; size_t arg_size; @@ -689,7 +736,7 @@ static int apparmor_setprocattr(const char *name, void *value, goto out; arg_size = size - (args - (largs ? largs : (char *) value)); - if (strcmp(name, "current") == 0) { + if (attr == LSM_ATTR_CURRENT) { if (strcmp(command, "changehat") == 0) { error = aa_setprocattr_changehat(args, arg_size, AA_CHANGE_NOFLAGS); @@ -704,7 +751,7 @@ static int apparmor_setprocattr(const char *name, void *value, error = aa_change_profile(args, AA_CHANGE_STACK); } else goto fail; - } else if (strcmp(name, "exec") == 0) { + } else if (attr == LSM_ATTR_EXEC) { if (strcmp(command, "exec") == 0) error = aa_change_profile(args, AA_CHANGE_ONEXEC); else if (strcmp(command, "stack") == 0) @@ -724,13 +771,54 @@ static int apparmor_setprocattr(const char *name, void *value, fail: aad(&sa)->label = begin_current_label_crit_section(); - aad(&sa)->info = name; + if (attr == LSM_ATTR_CURRENT) + aad(&sa)->info = "current"; + else if (attr == LSM_ATTR_EXEC) + aad(&sa)->info = "exec"; + else + aad(&sa)->info = "invalid"; aad(&sa)->error = error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); end_current_label_crit_section(aad(&sa)->label); goto out; } +static int apparmor_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t size, u32 flags) +{ + struct lsm_ctx *lctx; + int rc; + + if (attr != LSM_ATTR_CURRENT && attr != LSM_ATTR_EXEC) + return -EOPNOTSUPP; + + lctx = kmalloc(size, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + if (copy_from_user(lctx, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = do_setattr(attr, lctx->ctx, lctx->ctx_len); + + kfree(lctx); + if (rc > 0) + return 0; + return rc; +} + +static int apparmor_setprocattr(const char *name, void *value, + size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * apparmor_bprm_committing_creds - do task cleanup on committing new creds * @bprm: binprm for the exec (NOT NULL) @@ -1253,6 +1341,8 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_lock, apparmor_file_lock), LSM_HOOK_INIT(file_truncate, apparmor_file_truncate), + LSM_HOOK_INIT(getselfattr, apparmor_getselfattr), + LSM_HOOK_INIT(setselfattr, apparmor_setselfattr), LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 197d41f9c32b..e3857e3d7c6c 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the label information for @label * @label: the label to print label info about (NOT NULL) * @string: Returns - string containing the label info (NOT NULL) + * @newline: indicates that a newline should be added * * Requires: label != NULL && string != NULL * @@ -27,7 +28,7 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); @@ -57,11 +58,12 @@ int aa_getprocattr(struct aa_label *label, char **string) return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) + (*string)[len++] = '\n'; + (*string)[len] = 0; aa_put_ns(current_ns); - return len + 1; + return len; } /** From patchwork Fri Apr 28 20:26:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13226794 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71E95C77B61 for ; Fri, 28 Apr 2023 20:32:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346671AbjD1Ucx (ORCPT ); Fri, 28 Apr 2023 16:32:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346602AbjD1Ucr (ORCPT ); Fri, 28 Apr 2023 16:32:47 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E20930C5 for ; Fri, 28 Apr 2023 13:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713910; bh=R0jF7owPjAofxGFVfe8NSr+6LkFf6NiHHVKy2FUlHAY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=nGMSbTcqFl5zSsJh4MgZd1fgNeWFpOGPiR4zFGZdb6dWu045pA+xDw6Ypa0hwxIqCmXgjfQPQdmfERG4HN6Sq7/bKAE2jrPg0M5Oesnq+XvYkSLTCMQhnoi9CW+k2uJONrFmWMjUJdtVJbxgfI3o8EUMAttO68ZkpM9JKhYrAF5Qxqx3rh9ejb7X/OF+r9yCmvIVNtquwJXRLu5cuK5ihwDdTGI4p9C3AOkz7NqTd1AJrxJ9MrRarGuYrVyeyBjqO/luNmy+ckez6KPUR7pPQonH8fuvmb+p1YWSrN8wrPsvAq4zzGQRi/3bwp/qoqyYS77eHFFKjaxZtWt8/aE1MQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682713910; bh=AhK7sysCFIFVAC2X6jmBddfKxX1NutK81rZNdMKD6Fx=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ipI5UYea1fBGxZdek3aWSC440rJnnDn+rs/ShgiR301twqYtB+Yw0caR2+LR0QmVnXDNH+r9ZMlaHRbKZq+cgf61IIN2w0G2w8aWx2o9I8Pq5U8EEhOIiexVpKbJYb7cNRAYxOELOCy09eipFYkdV0EAH0eXBCWGeMYV2LAcvUG4tAXbxZcTA9xWW4TUlkfwyzP6/33uKJ8y6WRkO290mrK+tmGmfmGSGJQHT0jfFsqJEkQCGr00jPUQrU/Rp3u3OU04NUQDFc3Dp5JmDBnOPe46Q686UYg+W2IQmlGvGmvaWiWZXEDbusWmhcaa1DHdI0hxnx1uc2ahjX+QXLMjrQ== X-YMail-OSG: BHF2xMUVM1kihIn0qM2v.GZ0khvVUBxK32Q9ecmPsBDgzMIbTO0vk8qQQfJxgkC JddKBsjYMmsg0a4FbS6Aw27OjT_JDuXpVgIVvIwbd9OaCqhc9XIVGXrXp6faTHS8F1Dgyw_v3hX8 uaXdUYOe6aN8TAyTtEQty6x.FK91cEHDM3NITByWD3H8oJqXcnGpvqfr0o0FmZcoz3Zu_F.pCGcr Vs4S_BWVKq.ErOeR1xX6xZ9r9HF9Q.nVYlx4I_z.T2OR19RVxtIZH3ckKIhyczE0SU6YC2eSJk4p VXpjwm8890qyP3cxwOJORhiMHc_U9X9Cfxk.qImIpMX.4TJeycU4gMPF7CnEZlNVLBUuVhREBYCZ WGuQsgdO8UFNGJkH3IZq4PeiamVG7siMi3JBvK76E9Dmhdxjac8rrHsCvMKXUJ2d77p4dVOYMjTb 94CB1uDss7nh7WsH3LgdnKJZIsUcFyKcSq9sBIRE5bgy0NTf9oJ4.2zV017Olbc_8NpXtvY9NceO jxICSol8lrjOenk7ZvWXoG4VH9xtRMPmE.6YIIYlpmgtV.S7MgR7ZC7LgzZNw_CJn7XCZiZGTQxH Yay5tKANDiyszRd1mPNfzsZBZPKKF8tugk_LJn1DxL.sTKltQUUflM6glRseEpBuUywTh_cOE4P6 K0zAuApXjWN2KX21exeHYKJDtt_cn9pkgs5iy6Gy5QNETc829szIlstQkcck2yG5UUbkjaucFJ0R pG99KcimM3q8LRGimAhTmWctuU6L1vOYn6aJ7IvZ3c_FAYCGDcY8tvSBKYiWCrpITkvefGLkY5Fp fxz5uQ2Er1A2ewynYT3Q4HRoqhiMceG7H90Bu6dEa7s9CF9.RwG.h01K_EUzfY7pdmPO6L2LkZlp ADpNWr7ffjMhBOHPtu8FlmO1vAMJbit7GX3lbex6TbHzwI7rHhwCQzYVOYPnxN4uoC_Dkfcbv44b 58TcrI0F9ufVpRHmqNbpa9mpG_PYSqiCIQvwLH20FJCJ.jAyitKk0oZPhRtCKoTV9H6eup99mOl_ lAb2pRBCkeWon5lyLwS_RHXgcajAdmo2hQc6yBEcXOOndtM48p7_jbZMO0fDlzCOLbnK4t2SMYd9 qmdQwt8oF08fdkJym_9He9ZMcOHG2vytD1XAxTurfQrmemwoQrmdxwgX6eUWoSoIgKRwf.JZTKF0 ca7B00fQeqb3QEourePVgmy2R08CMXBSRMhWLZGvFqnJMRojuOsDx5VMGtNricxtDOz.5IVjr0ak vJic.h5PkH5NZs51uOhpz1z88WdRQqhzxDibx8gnoaBlCDmF1Hei6a0ZTawB573H6LPPp57YBi7Q zHqyl2raa962L9MCLNTsCHhnrF2rmsKx3YKA0Z2yy9QLV6EFtzzXZ9T_7Lt.IkHs9pmXS0aITLP0 T.GX2tq3rNSe2QisZKrVnIoN5FyB73ItVVWyBo_X0_CYHM4djw6TyaEjRGgkthpQs5ClK81JlLwL WBuNU_nirggYoJeJTbS8drD4sJQkaKZtcdN7t9r2dngKwOX4upuaVznzkKMMsDutr_L0bjKn3u53 h5FrzSUOZQeE4n2B0OjfUaLQw0LcmPmnG_T5mV11dzHMbrdsiOJlurikycZH4jdhmWSjubL7I7z7 d536yImHyOPB3FweT_sW_8RAqyQvT7sX0e1faYRKWzBXwGbjc.ZoCBjKGPbfsSGniMRpXynpLYTd xAmLCGbKR9JCZD9YwFcFj5G0iv4Nqvn27lCmQgNVm1FKDUmyWrBqrnk559bgNEL2C6FCzV5YBplz 6_HxX0tPPN0yv4_GwpZw_pb7AkxYX0dv1RwVrmihB241Ssi5gKG9OcspruRGbjM0A_f.0FkMODpJ 24qXcwnP3YEIdEFSToGp0FWio7YEZrlku2eKxpRdESJlrox2spM0eErmG9Zo6SpGmmzGZB6kOsfQ j2UFZtK9IUQ0C65Fq4082kbbSDfLWJLxLxS3WISBGDSf5rOZw9ISBw4Hg2CfP6OAIbqM0TtKT1fP VhMg4fHRt8zz1AiThDbh_7CD6r8fAtxUVwg5cnqWIa8sS2a7dcELszZJhDiYGq04MW5rN4SufBgN TzJ2cUHv6D_dFa2Ec9X5hmieH.uAhUqsKFiqTh8FBFlZD9NdIokGTB9nxRQXKNBBpa.lHQp3WvLK hDr.i9dop.pR4VS88V8ZQHW6BaxvIQmW4djSgaDdn3z1FY61hqRnFQUbIdSzsqJAA7rvazXu3xoM ZLJ.9BCZoPFtARgSQCj6vK0FaX1cN4ATR43UhJtbNsLvoGXkfxGZwM_WUOtHnL_R6g0xyGFvDEWg wkJQvkdwCBO43F8_PRJzkLuRi6w29yw-- X-Sonic-MF: X-Sonic-ID: d8b9a78b-dfc2-4a2e-a9fc-a2d46a0fef96 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 28 Apr 2023 20:31:50 +0000 Received: by hermes--production-ne1-7dbd98dd99-nn8pc (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 8cc315084576b185b2e2f1400cc9c961; Fri, 28 Apr 2023 20:31:45 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, selinux@vger.kernel.org Subject: [PATCH v10 10/11] SELinux: Add selfattr hooks Date: Fri, 28 Apr 2023 13:26:50 -0700 Message-Id: <20230428202651.159828-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230428202651.159828-1-casey@schaufler-ca.com> References: <20230428202651.159828-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Cc: selinux@vger.kernel.org Cc: Paul Moore --- security/selinux/hooks.c | 154 +++++++++++++++++++++++++++++++-------- 1 file changed, 124 insertions(+), 30 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2ee92d3fb79d..e78b955e04f8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6348,8 +6348,8 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) inode_doinit_with_dentry(inode, dentry); } -static int selinux_getprocattr(struct task_struct *p, - const char *name, char **value) +static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p, + char **value) { const struct task_security_struct *__tsec; u32 sid; @@ -6367,20 +6367,27 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + switch (attr) { + case LSM_ATTR_CURRENT: sid = __tsec->sid; - else if (!strcmp(name, "prev")) + break; + case LSM_ATTR_PREV: sid = __tsec->osid; - else if (!strcmp(name, "exec")) + break; + case LSM_ATTR_EXEC: sid = __tsec->exec_sid; - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: sid = __tsec->create_sid; - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: sid = __tsec->keycreate_sid; - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: sid = __tsec->sockcreate_sid; - else { - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; goto bad; } rcu_read_unlock(); @@ -6398,7 +6405,7 @@ static int selinux_getprocattr(struct task_struct *p, return error; } -static int selinux_setprocattr(const char *name, void *value, size_t size) +static int selinux_lsm_setattr(u64 attr, void *value, size_t size) { struct task_security_struct *tsec; struct cred *new; @@ -6409,28 +6416,36 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ - if (!strcmp(name, "exec")) + switch (attr) { + case LSM_ATTR_CURRENT: + error = avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS, + PROCESS__SETCURRENT, NULL); + break; + case LSM_ATTR_EXEC: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETEXEC, NULL); - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETFSCREATE, NULL); - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETKEYCREATE, NULL); - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, NULL); - else if (!strcmp(name, "current")) - error = avc_has_perm(&selinux_state, - mysid, mysid, SECCLASS_PROCESS, - PROCESS__SETCURRENT, NULL); - else - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; + break; + } if (error) return error; @@ -6442,13 +6457,14 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } error = security_context_to_sid(&selinux_state, value, size, &sid, GFP_KERNEL); - if (error == -EINVAL && !strcmp(name, "fscreate")) { + if (error == -EINVAL && attr == LSM_ATTR_FSCREATE) { if (!has_cap_mac_admin(true)) { struct audit_buffer *ab; size_t audit_size; - /* We strip a nul only if it is at the end, otherwise the - * context contains a nul and we should audit that */ + /* We strip a nul only if it is at the end, + * otherwise the context contains a nul and + * we should audit that */ if (str[size - 1] == '\0') audit_size = size - 1; else @@ -6459,7 +6475,8 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) if (!ab) return error; audit_log_format(ab, "op=fscreate invalid_context="); - audit_log_n_untrustedstring(ab, value, audit_size); + audit_log_n_untrustedstring(ab, value, + audit_size); audit_log_end(ab); return error; @@ -6483,11 +6500,11 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ tsec = selinux_cred(new); - if (!strcmp(name, "exec")) { + if (attr == LSM_ATTR_EXEC) { tsec->exec_sid = sid; - } else if (!strcmp(name, "fscreate")) { + } else if (attr == LSM_ATTR_FSCREATE) { tsec->create_sid = sid; - } else if (!strcmp(name, "keycreate")) { + } else if (attr == LSM_ATTR_KEYCREATE) { if (sid) { error = avc_has_perm(&selinux_state, mysid, sid, SECCLASS_KEY, KEY__CREATE, NULL); @@ -6495,9 +6512,9 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) goto abort_change; } tsec->keycreate_sid = sid; - } else if (!strcmp(name, "sockcreate")) { + } else if (attr == LSM_ATTR_SOCKCREATE) { tsec->sockcreate_sid = sid; - } else if (!strcmp(name, "current")) { + } else if (attr == LSM_ATTR_CURRENT) { error = -EINVAL; if (sid == 0) goto abort_change; @@ -6542,6 +6559,81 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) return error; } +static int selinux_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t *size, u32 flags) +{ + char *value; + size_t total_len; + int len; + int rc; + + len = selinux_lsm_getattr(attr, current, &value); + if (len < 0) + return len; + + total_len = ALIGN(struct_size(ctx, ctx, len), 8); + + if (total_len > *size) + rc = -E2BIG; + else if (ctx) + rc = lsm_fill_user_ctx(ctx, value, len, LSM_ID_SELINUX, 0); + else + rc = 1; + + *size = total_len; + if (rc < 0) + return rc; + return 1; +} + +static int selinux_setselfattr(unsigned int __user attr, + struct lsm_ctx __user *ctx, size_t __user size, + u32 __user flags) +{ + struct lsm_ctx *lctx; + int rc; + + lctx = kmalloc(size, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + if (copy_from_user(lctx, ctx, size)) + rc = -EFAULT; + else if (lctx->ctx_len > size) + rc = -EINVAL; + else + rc = selinux_lsm_setattr(attr, lctx->ctx, lctx->ctx_len); + + kfree(lctx); + if (rc > 0) + return 0; + return rc; +} + +static int selinux_getprocattr(struct task_struct *p, + const char *name, char **value) +{ + unsigned int attr = lsm_name_to_attr(name); + int rc; + + if (attr) { + rc = selinux_lsm_getattr(attr, p, value); + if (rc != -EOPNOTSUPP) + return rc; + } + + return -EINVAL; +} + +static int selinux_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return selinux_lsm_setattr(attr, value, size); + return -EINVAL; +} + static int selinux_ismaclabel(const char *name) { return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); @@ -7183,6 +7275,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate), + LSM_HOOK_INIT(getselfattr, selinux_getselfattr), + LSM_HOOK_INIT(setselfattr, selinux_setselfattr), LSM_HOOK_INIT(getprocattr, selinux_getprocattr), LSM_HOOK_INIT(setprocattr, selinux_setprocattr),