new file mode 100644
@@ -0,0 +1,39 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+=============================
+GPRS Tunneling Protocol (GTP)
+=============================
+
+GTP LSM Support
+===============
+
+Security Hooks
+--------------
+For security module support, three GTP specific hooks have been implemented::
+
+ security_gtp_dev_alloc()
+ security_gtp_dev_free()
+ security_gtp_dev_cmd()
+
+
+security_gtp_dev_alloc()
+~~~~~~~~~~~~~~~~~~~~~~
+Allows a module to allocate a security structure for a GTP device. Returns a
+zero on success, negative values on failure.
+If successful the GTP device ``struct gtp_dev`` will hold the allocated
+pointer in ``void *security;``.
+
+
+security_gtp_dev_free()
+~~~~~~~~~~~~~~~~~~~~~~
+Allows a module to free the security structure for a GTP device. Returns a
+zero on success, negative values on failure.
+
+
+security_gtp_dev_cmd()
+~~~~~~~~~~~~~~~~~~~~~~
+Allows a module to validate a command for the selected GTP device. Returns a
+zero on success, negative values on failure. The commands are based on values
+from ``include/uapi/linux/gtp.h`` as follows::
+
+``enum gtp_genl_cmds { GTP_CMD_NEWPDP, GTP_CMD_DELPDP, GTP_CMD_GETPDP };``
@@ -16,3 +16,4 @@ Security Documentation
siphash
tpm/index
digsig
+ GTP
@@ -322,6 +322,9 @@ LSM_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
struct sockaddr *address, int addrlen)
LSM_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_endpoint *ep,
struct sock *sk, struct sock *newsk)
+LSM_HOOK(int, 0, gtp_dev_alloc_security, struct gtp_dev *gtp)
+LSM_HOOK(int, 0, gtp_dev_free_security, struct gtp_dev *gtp)
+LSM_HOOK(int, 0, gtp_dev_cmd, struct gtp_dev *gtp, enum gtp_genl_cmds cmd)
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_INFINIBAND
@@ -982,6 +982,19 @@
* This hook can be used by the module to update any security state
* associated with the TUN device's security structure.
* @security pointer to the TUN devices's security structure.
+ * @gtp_dev_alloc_security:
+ * Allocate and attach a security structure to the gtp->security field.
+ * @gtp contains the GTP device structure to secure.
+ * Returns a zero on success, negative values on failure.
+ * @gtp_dev_free_security:
+ * Deallocate and free the security structure stored in gtp->security.
+ * @gtp contains the GTP device structure to free.
+ * Returns a zero on success, negative values on failure.
+ * @gtp_dev_cmd:
+ * Check permissions according to the @cmd.
+ * @gtp contains the GTP device to access.
+ * @cmd contains the GTP command.
+ * Returns a zero on success, negative values on failure.
*
* Security hooks for SCTP
*
@@ -30,6 +30,7 @@
#include <linux/err.h>
#include <linux/string.h>
#include <linux/mm.h>
+#include <linux/gtp.h>
struct linux_binprm;
struct cred;
@@ -58,6 +59,8 @@ struct fs_parameter;
enum fs_value_type;
struct watch;
struct watch_notification;
+struct gtp_dev;
+enum gtp_genl_cmds;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
@@ -1365,6 +1368,9 @@ int security_sctp_bind_connect(struct sock *sk, int optname,
struct sockaddr *address, int addrlen);
void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
struct sock *newsk);
+int security_gtp_dev_alloc(struct gtp_dev *gtp);
+int security_gtp_dev_free(struct gtp_dev *gtp);
+int security_gtp_dev_cmd(struct gtp_dev *gtp, enum gtp_genl_cmds cmd);
#else /* CONFIG_SECURITY_NETWORK */
static inline int security_unix_stream_connect(struct sock *sock,
@@ -1582,6 +1588,22 @@ static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
struct sock *newsk)
{
}
+
+static inline int security_gtp_dev_alloc(struct gtp_dev *gtp)
+{
+ return 0;
+}
+
+static inline int security_gtp_dev_free(struct gtp_dev *gtp)
+{
+ return 0;
+}
+
+static inline int security_gtp_dev_cmd(struct gtp_dev *gtp,
+ enum gtp_genl_cmds cmd)
+{
+ return 0;
+}
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_INFINIBAND
@@ -2304,6 +2304,24 @@ void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
}
EXPORT_SYMBOL(security_sctp_sk_clone);
+int security_gtp_dev_alloc(struct gtp_dev *gtp)
+{
+ return call_int_hook(gtp_dev_alloc_security, 0, gtp);
+}
+EXPORT_SYMBOL(security_gtp_dev_alloc);
+
+int security_gtp_dev_free(struct gtp_dev *gtp)
+{
+ return call_int_hook(gtp_dev_free_security, 0, gtp);
+}
+EXPORT_SYMBOL(security_gtp_dev_free);
+
+int security_gtp_dev_cmd(struct gtp_dev *gtp, enum gtp_genl_cmds cmd)
+{
+ return call_int_hook(gtp_dev_cmd, 0, gtp, cmd);
+}
+EXPORT_SYMBOL(security_gtp_dev_cmd);
+
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_INFINIBAND
The GTP security hooks are explained in: Documentation/security/GTP.rst Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- Documentation/security/GTP.rst | 39 ++++++++++++++++++++++++++++++++ Documentation/security/index.rst | 1 + include/linux/lsm_hook_defs.h | 3 +++ include/linux/lsm_hooks.h | 13 +++++++++++ include/linux/security.h | 22 ++++++++++++++++++ security/security.c | 18 +++++++++++++++ 6 files changed, 96 insertions(+) create mode 100644 Documentation/security/GTP.rst