From patchwork Wed Mar  7 07:23:33 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sargun Dhillon <sargun@sargun.me>
X-Patchwork-Id: 10263509
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C308660247
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  7 Mar 2018 07:23:53 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A974E28D6E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  7 Mar 2018 07:23:53 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9E41E2900F; Wed,  7 Mar 2018 07:23:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2202E28D6E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  7 Mar 2018 07:23:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751192AbeCGHXw (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 7 Mar 2018 02:23:52 -0500
Received: from mail-io0-f193.google.com ([209.85.223.193]:45630 "EHLO
	mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751149AbeCGHXg (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 7 Mar 2018 02:23:36 -0500
Received: by mail-io0-f193.google.com with SMTP id m22so1920317iob.12
	for <linux-security-module@vger.kernel.org>;
	Tue, 06 Mar 2018 23:23:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google;
	h=from:date:to:cc:subject:message-id:references:mime-version
	:content-disposition:in-reply-to:user-agent;
	bh=b0c6bfR661qvp2r/At7BXS98yzAPOcS/ZHqpWaWyW7k=;
	b=OQKIwv29xDVxVYwjLIWmBMIpgn+D3FBFdLUNkqVwGd/BezTugD/wRksHHfvfLsveYH
	6Ij365OltLNDl6d3Dn3jX2l13ZmZW67x73XXBJRINQAweSADEShk/wDlxeTTVG/h4Tv6
	zScxSBOAKZIYDFHx2SVXCymXvIT4ifdDvKYzg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:date:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=b0c6bfR661qvp2r/At7BXS98yzAPOcS/ZHqpWaWyW7k=;
	b=c4I8M0bmdu97fXN+jq+CtNFSk9Hlslc9u0ePSro6nxbB37RRmVURgXQSJBBqgD1RGJ
	G9qKxFuohgZ1CGM2DFwrowjrxJQ0f8aOrxHJPSCaFgfSjIDZtkq+8UdbCDbxEX5saBOf
	MNctLQkcqkU0mwrpxM7xAJ9Uxx/eha+f5WXaYl1TDcw7m1XrERkhfYbWPQDHh1Q0SL2z
	WFEZceQPDS9Zrkz4CQyxle96v+JNGCr+Phr+uR8PSfeFtsVuhfga/+FggkRdmVltUslt
	Wi9e4DNFg6SrmIjAHsszxuu4zTqnOxLSv+78EHoNGc/yRiW5DYMMXhDuifkTuYomOPUR
	gD1w==
X-Gm-Message-State: APf1xPBqTT1ES/ECIW524lKUGYB4gaqudeKL6eOv8ViLZ3Gk0BGrYg8q
	BsasUAoAz7E08f8vflcOZjN7e8sf+h4o2w==
X-Google-Smtp-Source: 
 AG47ELssuBYUXl+8BQPVg7TPPcJf8XB6hpoFsSOjJVpZs0kJbJe1pXcEVpwcIgv5yK7goJVCMLxHOg==
X-Received: by 10.107.155.71 with SMTP id d68mr25757750ioe.303.1520407415672;
	Tue, 06 Mar 2018 23:23:35 -0800 (PST)
Received: from ircssh-2.c.rugged-nimbus-611.internal
	(80.60.198.104.bc.googleusercontent.com. [104.198.60.80])
	by smtp.gmail.com with ESMTPSA id
	p135sm8174689itg.44.2018.03.06.23.23.34
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 06 Mar 2018 23:23:34 -0800 (PST)
From: Sargun Dhillon <sargun@sargun.me>
X-Google-Original-From: Sargun Dhillon <sargun@netflix.com>
Date: Wed, 7 Mar 2018 07:23:33 +0000
To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: penguin-kernel@i-love.sakura.ne.jp, keescook@chromium.org,
	igor.stoppa@huawei.com, casey@schaufler-ca.com
Subject: [PATCH v4 3/3] security: Add an example sample dynamic LSM
Message-ID: 
 <d62571895f667d70839ef5d5b2b0571e245110dc.1520407240.git.sargun@sargun.me>
References: <cover.1520407240.git.sargun@sargun.me>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1520407240.git.sargun@sargun.me>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This adds an example LSM that utilizes the features added by the
dynamically loadable LSMs patch. Once the module is unloaded, the
command is once again allowed. It prevents the user from running:
date --set="October 21 2015 16:29:00 PDT"

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
---
 samples/Kconfig           |  6 ++++++
 samples/Makefile          |  2 +-
 samples/lsm/Makefile      |  4 ++++
 samples/lsm/lsm_example.c | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 samples/lsm/Makefile
 create mode 100644 samples/lsm/lsm_example.c

diff --git a/samples/Kconfig b/samples/Kconfig
index c332a3b9de05..022242c0b50b 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -117,4 +117,10 @@ config SAMPLE_STATX
 	help
 	  Build example userspace program to use the new extended-stat syscall.
 
+config SAMPLE_DYNAMIC_LSM
+	tristate "Build LSM examples -- loadable modules only"
+	depends on SECURITY_DYNAMIC_HOOKS && m
+	help
+	  This builds an example dynamic LSM
+
 endif # SAMPLES
diff --git a/samples/Makefile b/samples/Makefile
index db54e766ddb1..9d23835d6e6d 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -3,4 +3,4 @@
 obj-$(CONFIG_SAMPLES)	+= kobject/ kprobes/ trace_events/ livepatch/ \
 			   hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/ \
 			   configfs/ connector/ v4l/ trace_printk/ blackfin/ \
-			   vfio-mdev/ statx/
+			   vfio-mdev/ statx/ lsm/
diff --git a/samples/lsm/Makefile b/samples/lsm/Makefile
new file mode 100644
index 000000000000..d4ccb940f18b
--- /dev/null
+++ b/samples/lsm/Makefile
@@ -0,0 +1,4 @@
+# builds the loadable LSM example kernel modules;
+# then to use one (as root):  insmod <module_name.ko>
+# and to unload: rmmod module_name
+obj-$(CONFIG_SAMPLE_DYNAMIC_LSM) += lsm_example.o
diff --git a/samples/lsm/lsm_example.c b/samples/lsm/lsm_example.c
new file mode 100644
index 000000000000..95c56ebd4d16
--- /dev/null
+++ b/samples/lsm/lsm_example.c
@@ -0,0 +1,33 @@
+/*
+ * This sample hooks into the "settime"
+ *
+ * Once you run it, the following will not be allowed:
+ * date --set="October 21 2015 16:29:00 PDT"
+ */
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/lsm_hooks.h>
+
+static int settime_cb(const struct timespec *ts, const struct timezone *tz)
+{
+	/* We aren't allowed to travel to October 21 2015 16:29 PDT */
+	if (ts->tv_sec >= 1445470140 && ts->tv_sec < 1445470200)
+		return -EPERM;
+
+	return 0;
+}
+
+static struct security_hook_list sample_hooks[] = {
+	LSM_HOOK_INIT(settime, settime_cb),
+};
+
+static int __init lsm_init(void)
+{
+	return security_add_dynamic_hooks(sample_hooks,
+					  ARRAY_SIZE(sample_hooks),
+					  "sample");
+}
+
+module_init(lsm_init)
+MODULE_LICENSE("GPL");