From patchwork Tue Sep 12 20:56:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382115 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5A7FCA0FE9 for ; Tue, 12 Sep 2023 20:57:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231522AbjILU5L (ORCPT ); Tue, 12 Sep 2023 16:57:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230338AbjILU5K (ORCPT ); Tue, 12 Sep 2023 16:57:10 -0400 Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B312010D3 for ; Tue, 12 Sep 2023 13:57:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552226; bh=aIi122Y/rRpmVw4Umfkbhj9bss7sAbaqRZ5FtF1XhlQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=f0aBYzT2GmVhpwlWUtVSMVb8BOLywIUFRY8S9Wopk9cbPvVyvBExlFccA0Sr/XhfbezKVI3a/djNY5mjXvsILW+RpAKt7uvAygAc7ueRhljNq28EdyTLq1ijCnSPM0Npq7lIw+ZkUdLPDOF3JxRhV6aUmJ0fBZ7F+wsw3mbu2WskmiFcZOVB6QIJhysITJ8lfor59PEDokMSPk4vxF3V7KQCMbCqJddKQqBSLq5WOTOfRxfIZAzjpglkOYha4d6SYphJR87dSEXYBcF0ff4bq2tpUFbblwvuP7JyD1uWXZKGgeafobtL5L69SXP3BwDOiJRfXdbySAUTxnuvh2TD9g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552226; bh=dIk7oZEgdAGLgwiXjx2mBNS/4ZOpQ8ddoxH8MmAFTZG=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TGW0ExmTtpuOUDb77OHAZ275jaD7RFqgV01KCecFuJ9KMDVL08q14p/khxcYJFT+qPveJl29oY+mMbb46gUddFoQalaS+OlzVIrcHPy+cHQOEZyfbSS7Rcuz8hsrZ0S/sPuUkPsl/DOxKhwRolLjKMLVwfnnQ9csgNNk0fibNNlqKvkeFMrIo2waPz8db6WgtQuIAupIAb65AOj8Mk6TAPaM6CmkQMAi+CaM50+02kk55650f5pD8px70yWSPdcCTBFPEU9eG3NSzfm9R/HxMDG/0lpqLH8PORG/LTs4MRgfkDErUgt+DtI5ha0NkScl43s6l0WFVDOqKErv4dR9GQ== X-YMail-OSG: oAyQz9kVM1mL7KxSl55x1jZaciG_fWvpBNl.7wb7J7aavoInh4Pwf99uP1vdpeL earSDxrKepc6ykpsDdJ4SxU8yXdHS9lNhANlMBwBhHr4ZOpJ67tiwV6vodfd1GqMzL_ydT1l7R1k DyFRaN4v.Jm8SCQU_XfkvfjEhAW_b.VgjevWL.kPmGtFWJLrVWoM7_MvDmkMedPi2x70dJVje6Md uJqI32mPatTkoRcp86aWIMkfkheMx6tkZRcGj3OUwZ0SXI9HIURXB5lull6ctWE_8tfzm_wzkYxi C_K54YvqfAB_dsaTyoOGGuKmFrQUM1tQlrYKt3YpvwEjn74WK4zlyNCOUk5vE7B4XX.fAF6mJiKi H4TMX.2DqOaQ25f7heMVZtmb2FzV7zAy8NVNALKYtoHy_Pcvy8Jj9D_uNP0W8Ki.o5YI5zDQrm9D 20ETaY3LDmKqxlDxWXngcs9Ndamf8OrCqmohduWd4nleKCKsPxh2X0XRHzgLE8haHc7xcWAmALiN _AC1akd2r._DUwnElfv3xRNfbwpbqtXmcK_adbSc79akspmSszYICY72abK0uKa2TzIsfAeavHPg 95hm0LIsyXX4JqK7WSjZ142oh6xp_iy438XrzaQCInUnyOYijla16ibqW8tBoDYM4jfoakrIF3gz UbOAhf_8gUz0tNaS5Z5SQnjyjchIU1Q5EiBnatBW5XwtnPkWV4yfDE0BVftA_SvkaJFpILiXceTd I.KCr0wqeQLNK6riIDi3wZRyrmdHty5c0sjiZ3hAljxywYfvXCNCIQODEjJ.okwBl_9lIzRyX_qZ 9NuD0VMuWx8fAB8KNkmz1oPZujH0IY_AnBcf8yDiy33UH637M6lVUGRNZuBPRLAnb0K6YiGzXIt1 Wh8PSf4FAzQlZ8pIkwKOjPlrfqI1EBN_w0ltXFIShd5u5xpSwCvrIu6sxNX8Mz4PyPQ7fTcowXCj .VSN8ch341g_CH7bdFyZukLvh5zpC0kwvJRO1sfGvLInHXsRjvV4zf_QqBbu1k4M2ry92SE9CatZ Al3pH7L5e.z4ySiNdxeR6G8ROE2uicLGpoRQqC82EfN8RMe3TYwcaHLz4NdzH4Ku0ABN7LEAadCW _qYy65tWoUqVRvhzTl2lhUnmm1u1JiqTQnkfiPJ7l2X1QkO4A68sRhXzGYO3cw1zvHe_btbIerSS CU3XmySUEeBZxewpbo7_cJ7p776QiAouOV2_Nestr9dKYi6FDcEkkdCzCn5jB78mHpS4tL5z1UAk MMgIIZP8zsAoOhJb8rNk82vHDbnW.XQETofkzTXVenl9R5hShTrKHghtzFpiY29lFlr2yUzkm7zA Mme7AiCAtTBF70LMjJCya222BYcfLuSwphztEM_iBZHr9r5qzfQ_tZsoM6b6ZakP0_6aLKg9L54X f98dkYfGHyNmCyFFbaTTWYFKpLdYaHQahsRl2XZCqpyJ2JgwCDv98VrVPInqOFE2CYXLsNEH27I1 QPr9meihMT3rj1_zazzAYypbTENy12ZNe3rpmKKaJFim0YE9.BCuHrKVZLr9p1R7zLB9zgNiLk86 3HaRSYXrg.0qXoLObJDQjDAow9b9rGmobsCUE_zrGXGrryZcbpqtpFx2J00T.iC6nYT0G.ygE46d cE8agn1XGSzOIAAupQIxUll8CVxIM8zRryuvMxZoU2cEmR85hzNughW9nHM4w1NrO4hJ7H.iMPPF 1suUidnRzCFe2i1ghxv7SLz1g3jZT6pDrk8a7X7qcKt3a0q5vgBPUnHPUwxBFERU6j38z5S.7gPL ifOxNlVNZLqFLv2j0754t8OAjPjmDwkC9J3v8JVRMZAg_1H6EoJGKkypfxzxx7jsCIyS1m6BI0nr gf6XNMfHwprFUuvSaRY3mcYd.NSCum9WL5mTy4jX93XujS5n5bTyyLXEQ4KvDRskre9MvGgH6ZF_ WK9XOEolxoI.vZh7TEKfxNNI0sfXkIeyQ3TNB3pA.Lx5I6Uk5ziuJEzQAK5GOG9wwyiIfHtD6XRe wwEgwqJFw6SHQhZUWNGbs2Rg3YE8MzYRsu6XodwRhil9iriHBQi6fTAnOr1.qBnH6wrI8X75XgaR dX2fysCgg_cL._vPGlF3CkVb5qBYgnPJ0vi6e_vadPXNXymyp0ecBCeb3JbTNvyzDK8jAooqk.IA YKvWLOhkaNiBbEUA2zmFA6DYSFULuUd3_ZD.AjeJEuQhwhqYX6Q0HLp3KqOKM__s_zXXUNlIUVtE NjkVbONOaW0ltUzOvctriGvsPUfr0k8b9Ie7GYE3c7WgAwFGFb0o1SJN8jfXy8yIyVw5NwhgR.JQ firpcx6xW5uVXz1nT X-Sonic-MF: X-Sonic-ID: f851a7e8-398b-4621-8711-5597922e3846 Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 20:57:06 +0000 Received: by hermes--production-gq1-6b7c87dcf5-j6k2s (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9f651283ea04feeaf2c9a6af092ec150; Tue, 12 Sep 2023 20:57:03 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 01/11] LSM: Identify modules by more than name Date: Tue, 12 Sep 2023 13:56:46 -0700 Message-ID: <20230912205658.3432-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains the name of the module and an identifier associated with the security module. Change the security_add_hooks() interface to use this structure. Change the individual modules to maintain their own struct lsm_id and pass it to security_add_hooks(). The values are for LSM identifiers are defined in a new UAPI header file linux/lsm.h. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. This is an arbitrary convention for assigning the values, but none better presents itself. The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. This may include attributes of the LSM infrastructure itself, possibly related to namespacing or network attribute management. A special range is identified for such attributes to help reduce confusion for developers unfamiliar with LSMs. LSM attribute values are defined for the attributes presented by modules that are available today. As with the LSM IDs, The value 0 is defined as being invalid. The values 1-99 are reserved for any special case uses which may arise in the future. Signed-off-by: Casey Schaufler Cc: linux-security-module Reviewed-by: Kees Cook Reviewed-by: Serge Hallyn Reviewed-by: Mickael Salaun Reviewed-by: John Johansen Nacked-by: Tetsuo Handa Signed-off-by: Kees Cook --- Documentation/userspace-api/index.rst | 1 + MAINTAINERS | 1 + include/linux/lsm_hooks.h | 16 +++++++- include/uapi/linux/lsm.h | 54 +++++++++++++++++++++++++++ security/apparmor/lsm.c | 8 +++- security/bpf/hooks.c | 9 ++++- security/commoncap.c | 8 +++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 ++++- security/lockdown/lockdown.c | 8 +++- security/safesetid/lsm.c | 9 ++++- security/security.c | 12 +++--- security/selinux/hooks.c | 9 ++++- security/smack/smack_lsm.c | 8 +++- security/tomoyo/tomoyo.c | 9 ++++- security/yama/yama_lsm.c | 8 +++- 20 files changed, 161 insertions(+), 21 deletions(-) create mode 100644 include/uapi/linux/lsm.h diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index 72a65db0c498..b5fa29c077eb 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -32,6 +32,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + lsm .. only:: subproject and html diff --git a/MAINTAINERS b/MAINTAINERS index 90f13281d297..935334123b04 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -19307,6 +19307,7 @@ L: linux-security-module@vger.kernel.org (suggested Cc:) S: Supported W: http://kernsec.org/ T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git +F: include/uapi/linux/lsm.h F: security/ X: security/selinux/ diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index dcb5e5b5eb13..7f0adb33caaa 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -42,6 +42,18 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/** + * struct lsm_id - Identify a Linux Security Module. + * @lsm: name of the LSM, must be approved by the LSM maintainers + * @id: LSM ID number from uapi/linux/lsm.h + * + * Contains the information that identifies the LSM. + */ +struct lsm_id { + const char *name; + u64 id; +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -50,7 +62,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - const char *lsm; + const struct lsm_id *lsmid; } __randomize_layout; /* @@ -104,7 +116,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm); + const struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h new file mode 100644 index 000000000000..f27c9a9cc376 --- /dev/null +++ b/include/uapi/linux/lsm.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linux Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID tokens to identify Linux Security Modules (LSMs) + * + * These token values are used to uniquely identify specific LSMs + * in the kernel as well as in the kernel's LSM userspace API. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ID_UNDEF 0 +#define LSM_ID_CAPABILITY 100 +#define LSM_ID_SELINUX 101 +#define LSM_ID_SMACK 102 +#define LSM_ID_TOMOYO 103 +#define LSM_ID_IMA 104 +#define LSM_ID_APPARMOR 105 +#define LSM_ID_YAMA 106 +#define LSM_ID_LOADPIN 107 +#define LSM_ID_SAFESETID 108 +#define LSM_ID_LOCKDOWN 109 +#define LSM_ID_BPF 110 +#define LSM_ID_LANDLOCK 111 + +/* + * LSM_ATTR_XXX definitions identify different LSM attributes + * which are used in the kernel's LSM userspace API. Support + * for these attributes vary across the different LSMs. None + * are required. + * + * A value of zero/0 is considered undefined and should not be used + * outside the kernel. Values 1-99 are reserved for potential + * future use. + */ +#define LSM_ATTR_UNDEF 0 +#define LSM_ATTR_CURRENT 100 +#define LSM_ATTR_EXEC 101 +#define LSM_ATTR_FSCREATE 102 +#define LSM_ATTR_KEYCREATE 103 +#define LSM_ATTR_PREV 104 +#define LSM_ATTR_SOCKCREATE 105 + +#endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 108eccc5ada5..20b93501fbd1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "include/apparmor.h" #include "include/apparmorfs.h" @@ -1215,6 +1216,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; +const struct lsm_id apparmor_lsmid = { + .name = "apparmor", + .id = LSM_ID_APPARMOR, +}; + static struct security_hook_list apparmor_hooks[] __ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1904,7 +1910,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index cfaf1d0e6a5f..91011e0c361a 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -5,6 +5,7 @@ */ #include #include +#include static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ @@ -15,9 +16,15 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +const struct lsm_id bpf_lsmid = { + .name = "bpf", + .id = LSM_ID_BPF, +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index bc0521104197..9aaad2c3e54a 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * If a non-root user executes a setuid-root binary in @@ -1440,6 +1441,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +const struct lsm_id capability_lsmid = { + .name = "capability", + .id = LSM_ID_CAPABILITY, +}; + static struct security_hook_list capability_hooks[] __ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1464,7 +1470,7 @@ static struct security_hook_list capability_hooks[] __ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index 13dff2a31545..786af18c4a1c 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 1c0c198f6fdb..db5ebecfbf02 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1307,5 +1307,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index 8a06d6c492bf..2bfc533d36e4 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 0f6113528fa4..aab13750edde 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -8,6 +8,7 @@ #include #include +#include #include "common.h" #include "cred.h" @@ -24,6 +25,11 @@ struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +const struct lsm_id landlock_lsmid = { + .name = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..c4252d46d49d 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern const struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index a9d40456a064..d682a851de58 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -20,6 +20,7 @@ #include #include #include +#include #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS" @@ -208,6 +209,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_check(NULL, (enum kernel_read_file_id) id); } +const struct lsm_id loadpin_lsmid = { + .name = "loadpin", + .id = LSM_ID_LOADPIN, +}; + static struct security_hook_list loadpin_hooks[] __ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -259,7 +265,8 @@ static int __init loadpin_init(void) if (!register_sysctl("kernel/loadpin", loadpin_sysctl_table)) pr_notice("sysctl registration failed!\n"); #endif - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 68d19632aeb7..cd84d8ea1dfb 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -13,6 +13,7 @@ #include #include #include +#include static enum lockdown_reason kernel_locked_down; @@ -75,6 +76,11 @@ static struct security_hook_list lockdown_hooks[] __ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +const struct lsm_id lockdown_lsmid = { + .name = "lockdown", + .id = LSM_ID_LOCKDOWN, +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +89,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 5be5894aa0ea..f42d5af5ffb0 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "lsm.h" /* Flag indicating whether initialization completed */ @@ -261,6 +262,11 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } +const struct lsm_id safesetid_lsmid = { + .name = "safesetid", + .id = LSM_ID_SAFESETID, +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -271,7 +277,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 23b129d482a7..ea69e83936fc 100644 --- a/security/security.c +++ b/security/security.c @@ -513,17 +513,17 @@ static int lsm_append(const char *new, char **result) * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - const char *lsm) + const struct lsm_id *lsmid) { int i; for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -532,7 +532,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->name, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -3817,7 +3817,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) continue; return hp->hook.getprocattr(p, name, value); } @@ -3842,7 +3842,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) continue; return hp->hook.setprocattr(name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 10350534de6d..3ad500dff390 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -92,6 +92,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -6944,6 +6945,11 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ +const struct lsm_id selinux_lsmid = { + .name = "selinux", + .id = LSM_ID_SELINUX, +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7264,7 +7270,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 65130a791f57..f73f9a2834eb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4933,6 +4934,11 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, }; +const struct lsm_id smack_lsmid = { + .name = "smack", + .id = LSM_ID_SMACK, +}; + static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -5140,7 +5146,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 25006fddc964..556f8daecb07 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -6,6 +6,7 @@ */ #include +#include #include "common.h" /** @@ -542,6 +543,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +const struct lsm_id tomoyo_lsmid = { + .name = "tomoyo", + .id = LSM_ID_TOMOYO, +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -595,7 +601,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 2503cf153d4a..5cdff292fcae 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -18,6 +18,7 @@ #include #include #include +#include #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 @@ -421,6 +422,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +const struct lsm_id yama_lsmid = { + .name = "yama", + .id = LSM_ID_YAMA, +}; + static struct security_hook_list yama_hooks[] __ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -471,7 +477,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Tue Sep 12 20:56:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382116 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5FD5EE3F29 for ; Tue, 12 Sep 2023 20:57:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235824AbjILU5X (ORCPT ); Tue, 12 Sep 2023 16:57:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232070AbjILU5M (ORCPT ); Tue, 12 Sep 2023 16:57:12 -0400 Received: from sonic311-30.consmr.mail.ne1.yahoo.com (sonic311-30.consmr.mail.ne1.yahoo.com [66.163.188.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B689110D3 for ; Tue, 12 Sep 2023 13:57:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552227; bh=Y4eR3cF/OSEH3onZVwRYKnGSOMuEQA8do45zV1I/Bk4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FsdGsvnX96nXPfaCgXk6XHumPAFbNhQUuluP/KOUtCDoBa4AGBV9Xz89C9XQ+RLukf4sYaTJFcng4sM+SSX3xqT0t2VAC7MrerF8H+1kTkeQTQQ9+5n2M0QQf7C/jkJsqOC2X2TnsESqGPUt8YZuxFxIZiZOvCtk5Eo32JAdaU6eAfsMF9JR+VC19Ujpa4ZiwAFofwhRznJCU4TzDiOP/vJV599XGVA7kIdl0R160LJW0IcRJ0KPmH8ADjWCfNUY+Zh7Ln4JQBTHgu+Rw65R4km8KhYolWs2cBSb36jhJjODrGmYulG+BcHwotR9pedB3RnwixBB4PxhJ7LbUeuFLQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552227; bh=FW0r94/+Y2fblH0ky1pLnUkM4uOwUSCsAwMebMAgFmr=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ZygtBADH+rNAcDejuqsy7djZ/RfjEUL1xRUc9dkYjo3+FEw/TMpXPskDYRBjyOa1yMHyaLin7+rJ94l4WxJg3IdvjL7hFuCtervZYM2P86hgluTbbonFXnsTznCACs0CeUc0X2K1Vbetry6j7NZfjAz+LT+ob93NZj3uqb0Zs/kHza64kmc2uxVYbdu6ehaIp0z3PwmiGGscOXfxc/E+xJCnf5c7kquo8jSk4l0E7o9OyY22lZGA1wiw/zN8yWDw3xXt2DTxr6Dy1CDYjj2sITGUQbXQmaYTdGWZXOAw3F0DFzl8XTjOBMP8j0gJpFkHXWnFkRtQjkaq1aMiD4PXBw== X-YMail-OSG: xu1WkRIVM1nA7oxR2FIwoLIoH6fxFf.Q5hR8nb4sgvfQSag1NYq8Rww6IBCFrzU zH5CEv4dvl4AvnSNjDV04_a4RkWYcf9Jj7HvNErxk1YjC6Hbny1jRuDWULOeDDdYbx6qvrrSbNNc e4Sqlxz5kosRka0VFbTxjU0bm2UCwAQaD1KRY44wZhaoI9k6ZFXNoJazfCL5LYI.ZFtKWNSmSKQx hCqAMd.lQIDhb8l.cnh8rWzxg6QxResrpE3..zjUK9dez6jwDjdSAh_ymDFtdZ72dpiBFoemELpj MavCC1Hus.ODqkx8Z6cfqP6.GWJcJ8yFdOYJJT8ac60ssT0uBtpdRa5_4Nzv7j._g0mVZgSkLRHO kOav8UCVycIEiuMFLou4Uk408Is3sOsM._ScSfeSbIqpm2VL8dNFkRs1WrF2D4OKh.8cZLoArmCy DO1gYzLbTUaxb47Ueas4uR1ECwSmnnXEfEHMNAFoD9yX6VpzwtfVWjEMcgtPigVMHhqu4OcodAuD nw7rOmBASa9eUAxWdMIY5YbkoTFVkxeM31z4akEq_YAyTJJ_tk9IGAJYFJbJ4lOoga8YneA21UKA F1YEiwr2b7FuQBazg8jJDv6TvYp5Wgs0Wkuofr6YUgW45C4xGdn4rOEUubxWZEdpZyVXZyNinaVA 4TGiEmviWfw4EwnC2CUP3hlFRis1KbFHrxWRbqQIyZKGh15Bw0Btnyib2EF.9agU_8pIRk0evVU4 r9DyXi5rgkB7czZRYz1tzptNpnJ4OSkUQCl_xPKFByaZMzmIQXoUYMFJ0uo.VvaJR142RASKGrqq eMyrfKNjCRrtMajQmoxK_PcDIOsQ_TEnFNafjlLihAAXF4rdJN240UMJuC7TMGUCGCs9zVGM91GH TF5KVzwmkR0J2Ac5OY17oP2RzzjLkkZ5qELbTWqi2n67R.oOO5fO_TJXNLRjDsqlKY4sE7HhiuNt mkD4TVC9NsEA70_h6c.gB6UrUSGJJLNnuVNp78g6gu2A15OhqzDGOKFJRgAyurups3kUdAdBnGQH SV_U9qNnD4xX2wrzEJb5JYs1GW3ZIdEK4ktZ9g9.if.VluTu6lQDmtsCEU2zVW_PvxEzAb8wT.Ud oR0V6QHhO9EcEm5pSKvsI724MnuRVoI0Bs7dLYeuAzQ06NpXnvtq8AKNZPCR3earQrd.IcHlv6nS OEgpXRF53QgssoWW.RTJlkkfb69k43qkiag977TSLqL51nG_eUcm8Dlez7WN0X6TUJUGn0aE4Vrk Gp5fDdoKFKHP9gRCCGtm3WOtys_h6XYcxwFXKvBnLezzMbxjePrP8VrCo.hCiXeUdlBJNX0osWwx Zu15OR5SBdLM9vAsT.KOBuqLN91FYCPVpmPgvZi_q2lUHsVpzSsiUYkHojbgiH37O3MG1Kn7KstE YBnNUjMNYEr.GJn_cj1M4ExUcIlO9HC4Z3Jw0nKbRfNdDceCvGpLOfr2rN7JZTpYr9ytRhCNNXmb 54aQ3vCDXrZB56DcPwjWP5mxrgPT3cacqh7JY_MyiF.leZjZTlXHbA7CTRdF5CqZKACCRwpOZG24 xgc1U4iWP_PmSbIOIsa088p1RM_IhNu6d4edZq48a_sO7u0KMkjfFHCfKxCwicKu3KB.6_Xbi.OM ZLIJG1ZghfvnpDNnq5xzsHtPXdX2CKQ0LKCjt01hTfkSIXGlvfDQKsd20KzqRMUaw2cKGup9cXAL cvfa6cUPxFEioL14WlpYOPOSTA4NL7hOFCptZwSFzPk3bthTXKn5rgpfowHqFlua6jn_m4jpV6ed w6wibNnGiBd2dGt2ROu_rQ2beJxjfAmOdCY97ZZYlotbyiW_2VGGrAf5kCx5GajnXOvaNYRzAgkb ipsq8mr4liIOjcaJUeSiK7o3k.mVJWHCENvOHA5IE.sn0PkLHws1qtVu2ldCFBo4mfL9BZsN2x2_ t947CQXuZ7LGhi3X4vc5LrpwY.S4UGqSgFN7X6csHwz9XAjQonKpMWkjG17Qs5FCBRCoO9Ico_.1 fsjuZpiEQCXE5B6uVrKwrIRtnq.ykBVUxearQa9L35CU4suieULMPI2XFuV4afLaHkX118gANT2C G4rPu.BfqN5eSvMm6DR7u3nbGXNamIptonrryswrxp3cJwckZyn2G3IB5NW590FwSWfxHxrhy1rl SKfvDbdnt6TBQkxHqda1Kj23EDejkBuA6DxNXX97Eq1PxKFmKJtTVSRWY0yJqnh1wsHEGNC0FiFp xttexCel4p_1KV4TAqNlJdPOTm0XhPqvaeNcPXxpib4jn8PT1oaE9I0AB6AOwz_xOUa1R1bHUFni VdrDrKiIS_4o9xw-- X-Sonic-MF: X-Sonic-ID: 8719b6c6-5de0-40f1-8e18-ee998464eb71 Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 20:57:07 +0000 Received: by hermes--production-gq1-6b7c87dcf5-j6k2s (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9f651283ea04feeaf2c9a6af092ec150; Tue, 12 Sep 2023 20:57:05 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 02/11] LSM: Maintain a table of LSM attribute data Date: Tue, 12 Sep 2023 13:56:47 -0700 Message-ID: <20230912205658.3432-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: As LSMs are registered add their lsm_id pointers to a table. This will be used later for attribute reporting. Determine the number of possible security modules based on their respective CONFIG options. This allows the number to be known at build time. This allows data structures and tables to use the constant. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Reviewed-by: Serge Hallyn Reviewed-by: Mickael Salaun Reviewed-by: John Johansen --- include/linux/security.h | 2 ++ security/security.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..c1a6af37a538 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,8 @@ enum lockdown_reason { }; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +extern u32 lsm_active_cnt; +extern const struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, diff --git a/security/security.c b/security/security.c index ea69e83936fc..f71715a6f5dd 100644 --- a/security/security.c +++ b/security/security.c @@ -34,6 +34,25 @@ /* How many LSMs were built into the kernel? */ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) +/* + * How many LSMs are built into the kernel as determined at + * build time. Used to determine fixed array sizes. + * The capability module is accounted for by CONFIG_SECURITY + */ +#define LSM_CONFIG_COUNT ( \ + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) + /* * These are descriptions of the reasons that can be passed to the * security_locked_down() LSM hook. Placing this array here allows @@ -245,6 +264,12 @@ static void __init initialize_lsm(struct lsm_info *lsm) } } +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __ro_after_init; +const struct lsm_id *lsm_idlist[LSM_CONFIG_COUNT]; + /* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { @@ -522,6 +547,18 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + /* + * A security module may call security_add_hooks() more + * than once during initialization, and LSM initialization + * is serialized. Landlock is one such case. + * Look at the previous entry, if there is one, for duplication. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) { + if (lsm_active_cnt >= LSM_CONFIG_COUNT) + panic("%s Too many LSMs registered.\n", __func__); + lsm_idlist[lsm_active_cnt++] = lsmid; + } + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); From patchwork Tue Sep 12 20:56:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382118 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AAACCEE3F29 for ; Tue, 12 Sep 2023 20:58:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230467AbjILU6t (ORCPT ); Tue, 12 Sep 2023 16:58:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233620AbjILU6r (ORCPT ); Tue, 12 Sep 2023 16:58:47 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F5C710D9 for ; Tue, 12 Sep 2023 13:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552322; bh=mylOf4JC1yq4qctU71sNh4jo0TGeJpq4SlE0jOqt9mo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=QHXkvxKoLUHiYAFKHGS2Ecxj8mD+9qHChRVc9tzZ9F0uFhZut/E3znBCNTXAnac5GHjR/e4PUSZjFDp5UZ4ehd1WkQjUrQ9CNDcTBnueLLaklPRT/ZurPp4NuGXRJ5+FKlYZteEvWGIX8FaHN/cQqOK8AX6+gw6cIGSnqMq40FLl/g4guxPL18713K3WvRpuJQXJ23CH0kGxQsrBSTUYab8jATm7wYZ7jHsAsY4BKqJXdKqvJkPfYABYCkmSnlZaQ+EXc7Yo6aGy2IoizwNnoRcNveS9p5m3jHkgPvVvviEb6kqss+iSRgQzlpoFKksiEI/uErkNEJ+KA3i/JIjhBQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552322; bh=NmPzJxujTygJlxeurMgqremtUCwZIUH/8/jBOlRZrJP=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=tSwuF46RDbxWPVSbQPsK2oRc0fuaXT0+z1STWGWFeh4B6PwqINVn0issbmzdvDOMREVun6T7UirB7mRG7RzD1BcIZjEw7glfNztcFm/Nh+U5f90zMghjCz/PaZwZa9YavL4X+ngK5+7Q4zvptrX1ofjvPFjSyHlVe56MLB+vMKgdTex9zTiEJy8Ay3PV9Ul15CxDkNHktP4mhRPxj0zZZtCzE/CIvMCv62mpyqGDiZOaEyzyF2E8pZXM8hClFX3J92gCjb1xhit9+TXfsDCdsEcXpqUUWJcMOS2JPHacmlClNJxlZHz4JzlZrqCRm5ZTe89tK8XFPYoxZ9OZP3/7TA== X-YMail-OSG: qXzP9RUVM1lJMUW7sH6Pfpwlkop1frJQ.F9VbCi.n_bgRxT9TggJsjMs_vhNRpQ Th.4JrjZt0hFCOIVHTRHwS_EQBL7IEdot1J0WcYtoyNNYHY00VpSybnAGUV3hXLaSJCqo2UXp9vy oNeMykXY3WDrO3.ysHcPWNQtdrnw8Y0fh06He4mucN7oAbK1q3dtVq4l2lj70mBFoPRieRGFkTP3 rOwi1kAtueaywvzUAgAG6yaDYCugjXabPCsOxP.S6.HLcv.7g1.NWWGCjREHY9dT2eiTnU5ZxCdD 1vKCT8BRuzeuIBOKPHeX0XrMY0LZCtcTl0DZd.eKVyXHNa8fvdTcXcXtyCA58lWoHLl_nTr5XqcZ oijSVHbBclf.tmk5YeRPkVZOlqR3dlVcLqv.rnQ41uRjQK1yI1qm6pks6nuoS6tMlwYH2uJeoKQI DxMo3go3zSUQ6XTCLFuD1DcTGNt0uB07TeMfvMi47WU5w0LfJJQpNGU7dS7St3VIl01F.K7LM7af iTogsR99uMIHNrlihAm3BbwBCZnDuApabouWUlKa.23d1Au3EwgEoC1G939zUDXX2DrPViUzeswt JzW2Ds.VUNzOXwbxOk2EeFIoQ3A3COt0psgdrdsL8Tjd7_tDvr98a2RZ_UCGTTJANSwKUtePknNw bGYWoNlwOYUBuI6NpleYgjCJOwfMSS5kAWc81Z_g7YC25e1M2uqHWB8h9EB0UXhUwwCP5.WS1O.p fl2SnjDo41U38uelqHOlxq6TghZMmlMcnkdlDmsofPgpWn10.cQL7XsW16tMCYYNfv.2C6VJ8uPB dxXg0lDufQGHA8nBFyswncn0nSH.LKFlGm.oovDa1N9yWRI.O3J1NbJgRA9WywSHLUTYvnTlakh9 Lzg9DOgpuWXvblkOmKz8CWJzobH6GJN.7lz11hjq7q8DtMOCqUPnfqt_J7zntIH1HiKNOzsgTmZD xr.YjxcKNARso.X_OQXmNqyjXVPAHwgzB.1u3ChR_ObJrh6ziWSAWzaf07y8o8LzHm8iSjqz6KiA KqNT1UHQsAIaBNZlIxwkKI6LXzAJiQ3r.nnT5NNmDbX_1RSbKGrVHJVJXnHpEtYySlkEiYxN_Jaj orL_Jt2AvZZWU1YCJPQMjHbvJmP5AONO5xCD4EB95v7T6T2AJumw7LY4Nrig29.zKT3hVD1nxM7B VTA_4i97RF0tOGsL0UCX59FH_uJopA_uAQpXyRjcrXkomwykq7Vn0otkST8W0Y_jEj86fV6skNh4 5kpLTZBA3EOvugVg_Bo.J8Z1IzZlfcDNoLXEF0GgjTMGJgHV1vXgIh1bAZFlk0EG3n7gG1n0lzDn _jnWTApuwnS2Q6sk_j8U51pG70Hs5dLebcgewaYhf193SWMBPfncPa7q03faXYl3pXJHTy5SLUNS kOmsi3bXEiei1BVzB8OCHzMGgESbjxGKKKCYv.MS3CRDrUE1TB7dwzL9bN5thEMbuVKDL1sPF9_m KBqTmu76UhvaxNcbCN4_cV.EUBIraGgyV4tTm5Tl_DdApqHxtODF9LdoI0Y940AgCgYJSqEmyKI0 tlaDnX17Hn8eFJP0Z0OJBbWudiHGlT_GfzDM3I9oXNjLHEvzBpeOHUceSn7rwKD.qCUfX.T3Yi_E bW015xdfAgb4Nm3MBsZC.jZ3Ji9Eeio6JZsqtVGnHr1TGXFTmUlDRxvNfqV_qHtI1gzZFNHEaCSJ JIDha.xPHUtRPQBbiypwu8vN6pv2eY0RBZyEyD42kmdecUWf7o8Rq3yoCuecj0y8rFmlAlWr1Rvj pNJ4P3psSx3lvl6gxaZ.mxvLleGC8mDL4j4CppoSim8b700RADzV32hnRwcHHukQNLUoGi6iiIFF nLMtnj.2QGkXMJzd4dq6PS6xe1qKtXR4fUK.f1rZW19gTqbuSEsEBcMaOaHG37cH7B3PcrXXkIwA lU6xL2R_k5gsX6c90dfweWD6cGEn61nwHbDLYWi6jdk5v9v4ZeMbgi6hIYXqcF58LN9V7fUdhlQ8 0J9Tc6JyY..QaqyYvh51DO9thnIwqK8bluEIyOAH6ZeL2HK4zahxKiOZHgbpW7NqWwzm3uVnzEzs cNCI63neZvC73xCZpmziYYc.jKd1dI0qZHCKeVagGsAxDZVhwPeIeSIh.HEAZE1ATBVV76hRQi8X q6pvzd.OAFWr9zwD63DXaykYbOs9LUFzX1Se8qw2Knns8Oa_fO4T.kT8cmtnlSBpRDJtbQVTMtr3 wCOExEgvq5JKW170WEzuiN5VxtFoS62v7ZuJdKUD59_CYcQTCweKOn7BFYqFDhUhkQlNYaukt7Sx dChaphdorALo6BW3ZBA-- X-Sonic-MF: X-Sonic-ID: 61a19e8b-df2b-4164-9614-a42aeea95d2b Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 20:58:42 +0000 Received: by hermes--production-gq1-6b7c87dcf5-6x8bf (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7160b6de539f095788df3fe36388d168; Tue, 12 Sep 2023 20:58:38 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-fsdevel@vger.kernel.org Subject: [PATCH v15 03/11] proc: Use lsmids instead of lsm names for attrs Date: Tue, 12 Sep 2023 13:56:48 -0700 Message-ID: <20230912205658.3432-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the LSM ID number instead of the LSM name to identify which security module's attibute data should be shown in /proc/self/attr. The security_[gs]etprocattr() functions have been changed to expect the LSM ID. The change from a string comparison to an integer comparison in these functions will provide a minor performance improvement. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Reviewed-by: Serge Hallyn Reviewed-by: Mickael Salaun Reviewed-by: John Johansen Cc: linux-fsdevel@vger.kernel.org --- fs/proc/base.c | 29 +++++++++++++++-------------- fs/proc/internal.h | 2 +- include/linux/security.h | 11 +++++------ security/security.c | 15 +++++++-------- 4 files changed, 28 insertions(+), 29 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index ffd54617c354..97ce30528f75 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -97,6 +97,7 @@ #include #include #include +#include #include #include "internal.h" #include "fd.h" @@ -146,10 +147,10 @@ struct pid_entry { NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_single_file_operations, \ { .proc_show = show } ) -#define ATTR(LSM, NAME, MODE) \ +#define ATTR(LSMID, NAME, MODE) \ NOD(NAME, (S_IFREG|(MODE)), \ NULL, &proc_pid_attr_operations, \ - { .lsm = LSM }) + { .lsmid = LSMID }) /* * Count the number of hardlinks for the pid_entry table, excluding the . @@ -2730,7 +2731,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, if (!task) return -ESRCH; - length = security_getprocattr(task, PROC_I(inode)->op.lsm, + length = security_getprocattr(task, PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, &p); put_task_struct(task); @@ -2788,7 +2789,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; - rv = security_setprocattr(PROC_I(inode)->op.lsm, + rv = security_setprocattr(PROC_I(inode)->op.lsmid, file->f_path.dentry->d_name.name, page, count); mutex_unlock(¤t->signal->cred_guard_mutex); @@ -2837,27 +2838,27 @@ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ #ifdef CONFIG_SECURITY_SMACK static const struct pid_entry smack_attr_dir_stuff[] = { - ATTR("smack", "current", 0666), + ATTR(LSM_ID_SMACK, "current", 0666), }; LSM_DIR_OPS(smack); #endif #ifdef CONFIG_SECURITY_APPARMOR static const struct pid_entry apparmor_attr_dir_stuff[] = { - ATTR("apparmor", "current", 0666), - ATTR("apparmor", "prev", 0444), - ATTR("apparmor", "exec", 0666), + ATTR(LSM_ID_APPARMOR, "current", 0666), + ATTR(LSM_ID_APPARMOR, "prev", 0444), + ATTR(LSM_ID_APPARMOR, "exec", 0666), }; LSM_DIR_OPS(apparmor); #endif static const struct pid_entry attr_dir_stuff[] = { - ATTR(NULL, "current", 0666), - ATTR(NULL, "prev", 0444), - ATTR(NULL, "exec", 0666), - ATTR(NULL, "fscreate", 0666), - ATTR(NULL, "keycreate", 0666), - ATTR(NULL, "sockcreate", 0666), + ATTR(LSM_ID_UNDEF, "current", 0666), + ATTR(LSM_ID_UNDEF, "prev", 0444), + ATTR(LSM_ID_UNDEF, "exec", 0666), + ATTR(LSM_ID_UNDEF, "fscreate", 0666), + ATTR(LSM_ID_UNDEF, "keycreate", 0666), + ATTR(LSM_ID_UNDEF, "sockcreate", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 9dda7e54b2d0..a889d9ef9584 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,7 +92,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - const char *lsm; + int lsmid; }; struct proc_inode { diff --git a/include/linux/security.h b/include/linux/security.h index c1a6af37a538..3f79bc191a7c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -472,10 +472,9 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); -int security_getprocattr(struct task_struct *p, const char *lsm, const char *name, +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size); +int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); @@ -1339,14 +1338,14 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } -static inline int security_getprocattr(struct task_struct *p, const char *lsm, +static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { return -EINVAL; } -static inline int security_setprocattr(const char *lsm, char *name, - void *value, size_t size) +static inline int security_setprocattr(int lsmid, char *name, void *value, + size_t size) { return -EINVAL; } diff --git a/security/security.c b/security/security.c index f71715a6f5dd..a3489c04b783 100644 --- a/security/security.c +++ b/security/security.c @@ -3840,7 +3840,7 @@ EXPORT_SYMBOL(security_d_instantiate); /** * security_getprocattr() - Read an attribute for a task * @p: the task - * @lsm: LSM name + * @lsmid: LSM identification * @name: attribute name * @value: attribute value * @@ -3848,13 +3848,13 @@ EXPORT_SYMBOL(security_d_instantiate); * * Return: Returns the length of @value on success, a negative value otherwise. */ -int security_getprocattr(struct task_struct *p, const char *lsm, - const char *name, char **value) +int security_getprocattr(struct task_struct *p, int lsmid, const char *name, + char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.getprocattr(p, name, value); } @@ -3863,7 +3863,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, /** * security_setprocattr() - Set an attribute for a task - * @lsm: LSM name + * @lsmid: LSM identification * @name: attribute name * @value: attribute value * @size: attribute value size @@ -3873,13 +3873,12 @@ int security_getprocattr(struct task_struct *p, const char *lsm, * * Return: Returns bytes written on success, a negative value otherwise. */ -int security_setprocattr(const char *lsm, const char *name, void *value, - size_t size) +int security_setprocattr(int lsmid, const char *name, void *value, size_t size) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsmid->name)) + if (lsmid != 0 && lsmid != hp->lsmid->id) continue; return hp->hook.setprocattr(name, value, size); } From patchwork Tue Sep 12 20:56:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382119 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0D89EE3F29 for ; Tue, 12 Sep 2023 20:58:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237436AbjILU65 (ORCPT ); Tue, 12 Sep 2023 16:58:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236678AbjILU6y (ORCPT ); Tue, 12 Sep 2023 16:58:54 -0400 Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 841C610F2 for ; Tue, 12 Sep 2023 13:58:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552326; bh=MPVYkpIj/1ZskQ+ad3fQJpU4mJsUfdkCSRiDHYQ9dHw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XK5Dmy8y+qKWxVKERzmSckhHwWqMjd2XVbjon4qogkDYIiqvkAZqL6olD2edG7DZQsZ6YXXiTPcHxFhQoh5xOoMOBYw/dbOvLzF7GjFu9sObywBWspu3mDbbooCw0LHKwetFwJl77g6HCmI2bcIlDmI9W4CblDN7jCYvo0Or+28DWRFAsAtgdhaXsNkUZOqjwxxeXet3YFu8j/NBFAKiUI94fPMW51l+KYLW7zZKqCXiYq8i8V5rRoiz5XGAeAEhIFreqQKkTdMRdkufIDOhOVCjwoV7tZZs81qSUpIHAiSXy8AmV8Q7IkuAXEjMyr8Sg+rKYX6LcuigXG/eWot/Xg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552326; bh=gTQOM6nJeLBm2fNjNm0bWXW79Bi1tNbSSeeH+7ltkek=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=H9mZ6gMLeLytiLcrArDSSkjY+b0J54J3V7S543J/6M2rLkKbW3JW6iUwLcmH+fOb79fRejSZFuXLhLU2HIkYOw+hWQhhkQ1sWfgsgTbysVYGBfipny6uRr5fynYXTNbSiGHgw4QiYutokkBJ6c+sCgjstFNtSkH6W2/uP+WtmOS8VGomT689xst1qQiDYKxOE2Amttq38r+H2LAXYiXNcbqeSF+ZmM87vci75KLrgEFOR3fWvCYxxsjAGQXYO7xT/1MXQMkdMgcaNYW/DFqbyYsS6ehpoV0Zqg3awYrk/51VRPu2qn7iwGUysyvC2jR5Ja+hnEuVniISIlD7LYPv0g== X-YMail-OSG: u0xlR4sVM1l4e6Cqs8mvK4XAODfWxm5SQRObO.rOOR8Aux4qd6sz2P2bECw8W52 PqZ7kIAzWRslepHWCO2P0pGSALml8seJukc_HwhzY.jygPgqok1JSvqLG3Rv6Rm8ouE1FpgIMM.e sgohWTurMxJHwd0_m54ZBQFhzPvW6scHXzBDs2ylchBqSs9LcvwNIQ3BWxl2Ankq1hrq1i7lnrEc StnocN91yPqtgjvRRpP9DtSkY3fFR5O3Oiid.8VNRY851iyoRf0zhWRbYERD1yROiy1cX75ctaNJ kZVEROxrb7muApoA.Vdbp1mDjiLxmIZOJJeAjmlmLa05Qryk1_qTDlznFfZvP3rK0keEJfe.2I02 _M.8Uq3IequYCnTJFmvnXDi50KOuWGWPBaNieV0d4b1JRXwgsYG.grA36gytKikj8FHeYxBFGltT 6zuS.8T.jdWRVX543xM9a1YaaTILPylEiO.7qgwk_5ze_MugDNTcY0M0FAMYLDUxbVMDVtEiqKI1 FuEqqq5qu.PvLMwszr14e6uRZl55FH2PfwyhEnv.2YvaWFOBmXOEdHFT8jhpNkxo0_rum9C200Ne I4H8qzOfX.zcmCU4nI1ia8WLIqEaI_e_UfXZYrWUXlgo09a4iKWpjlurOE_knST7A.nTI1jrEnSY IgL6ff8EjNZm4qqrQNghFDr_H1GQ02ppZzHveVheJeHyq0jkFJr84bUISpk5DEr.XQM4bqIwoStY eyR5RPnL0KaccnQqYFUhQnZ0GWACsSIttV0GxS2DYoVtP1CYOVhkhkdy3fe06ZsEp7qtCr9vUL87 J7kHbidvyahb1EVoJdb0xWy3S8Qzgm.HVeBJzcG0.qGzM9Ml4U4o827MmGb4M242Lhz8HCU.q8n8 tJJ7npawOnpSmnVuf.yxSpelcArfGLdW0EQf54kecp87lSo7VLMOPJtOjZOZvbca98U.oCut_yKS f2l6qDOE3jAkF.wefzd3dpWQskXhRHu9Z2oLzDKLxVSVfWcQaQsnpnn2V7_ROT4TH8yhOqydR5hN y67nCFvTk61ioUQCsgNihDtf3WTmPZRgsaReR8dxwPDv63WUuw6cmJ7yOAfXb1WvKyNpPSIgBRcF NzEm7tPQPvxp0Ydb9OODik_kjWNADM5FH039lANF.8cdOWtkOB0wwyWgkXYADK3Rjby8Wx8Lkr7i Q1BsbwblBcPpeJbj1CtZ0Or6dbxelVdGLp2Dc1bCTNfvLLH5jM1jstzD04yIOLVJZ7MLAAWm_Eq6 j6mU21UdViSyMKMYZ.O2hkRPQ9GFsvdsX3EFEMJxjASmrzDS1G9Lxd_ekAyktAzvb0UrOsXLYKAE kKKzUxU7HUpYocEI9tFfHAbWVgE6GiojgU0C.9RlX6xgz52k9PHzhlKkuDPI4ehi65mavtfGxu0C Zvg12Xkdr75.LS0D9M_HBQUpEHP12DnGf_hhiVtN4udEF0C37rlHYdSj6RI.R52tZ0RFJ3qd0VC4 JyfYBHRO9QWJSh8Vj2dZNVF7.LYfIu05ONVuf8Zx7xzRDgQulEoLuW9FoVO.wyBTgrVBT96PH1x8 eV0magM5GP96MSIBcnISe_6BMbEEUsVPHeT_FZHB182.K8fjuZ8Ki824Nv3bVnwf1Ti2w4b9Zg1H ncjZ89BvTwczdHaqwnjHECS8yF4tSCA53irkP8NWJjwBjJWf6L7ZhoWnv2kYqqG2u2nlrnaqWKMZ hbsrVPQzkfbMtFQpL0oLaWkIolxShJFrN9UXe9w8N_o880K1S9Rqvt8B8h2f2hSJcDXXMfQhpI.c iDMVN87cyQcloTJcsVREqhE2Af3nIoBnpI.fSAsGXf21nLrEAwmkj.ydfZBj_R7nfqA7Gkavx9.I QOEZZ2IicskkZ.FgqMO6h25jvWv0hIrNwtFEYVJUkW.nF1iiT28qgk0vwSyxcNl2oWe_PmvlmyRA 2ufX2TzNczhSiFLGAaRCCl_i7WgKa5JmH_jn74PMWHsc4Y11S..UyHMOgYXiotDY4Eup5Pi7Uc8l Qm2QWRgXdQMUlHba8ZpVMRHw3n_n_Ww6z3lHb_HwC4Gh0tmKRNo9Yb4i.gqXEhe7iueUdxYFaZX3 L8jV0QleJXgpuBh7MWgER5z_ruXSG2kSrNbVXwE.71Av8SZ9N0ianahETYcFcRQPbgdPbP805fG7 bEnMqWs2GUdlf_uLaV0NE0g45YQp.9Sfty6KsTce_25_wLNOdZl4kCj_cMSs68BfnJV8lLC4znBm 7Y.ePvXc2.yxbs7CFN0Tw3NCOWNZyw0j9SWJaI2_p1PgRnI0AbtPtdZZzZ8LGrmISLxEeS2exnJn BTrZiW5HB78g7wk9kZQ-- X-Sonic-MF: X-Sonic-ID: 55fbf51b-1e90-4765-9e10-367ed1e94a2f Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 20:58:46 +0000 Received: by hermes--production-gq1-6b7c87dcf5-6x8bf (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7160b6de539f095788df3fe36388d168; Tue, 12 Sep 2023 20:58:40 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 04/11] LSM: syscalls for current process attributes Date: Tue, 12 Sep 2023 13:56:49 -0700 Message-ID: <20230912205658.3432-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call lsm_get_self_attr() to provide the security module maintained attributes of the current process. Create a system call lsm_set_self_attr() to set a security module maintained attribute of the current process. Historically these attributes have been exposed to user space via entries in procfs under /proc/self/attr. The attribute value is provided in a lsm_ctx structure. The structure identifies the size of the attribute, and the attribute value. The format of the attribute value is defined by the security module. A flags field is included for LSM specific information. It is currently unused and must be 0. The total size of the data, including the lsm_ctx structure and any padding, is maintained as well. struct lsm_ctx { __u64 id; __u64 flags; __u64 len; __u64 ctx_len; __u8 ctx[]; }; Two new LSM hooks are used to interface with the LSMs. security_getselfattr() collects the lsm_ctx values from the LSMs that support the hook, accounting for space requirements. security_setselfattr() identifies which LSM the attribute is intended for and passes it along. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Reviewed-by: Serge Hallyn Reviewed-by: John Johansen --- Documentation/userspace-api/lsm.rst | 70 +++++++++++++ include/linux/lsm_hook_defs.h | 4 + include/linux/lsm_hooks.h | 1 + include/linux/security.h | 19 ++++ include/linux/syscalls.h | 5 + include/uapi/linux/lsm.h | 36 +++++++ kernel/sys_ni.c | 2 + security/Makefile | 1 + security/lsm_syscalls.c | 57 +++++++++++ security/security.c | 152 ++++++++++++++++++++++++++++ 10 files changed, 347 insertions(+) create mode 100644 Documentation/userspace-api/lsm.rst create mode 100644 security/lsm_syscalls.c diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst new file mode 100644 index 000000000000..f8499f3e2826 --- /dev/null +++ b/Documentation/userspace-api/lsm.rst @@ -0,0 +1,70 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. Copyright (C) 2022 Casey Schaufler +.. Copyright (C) 2022 Intel Corporation + +===================================== +Linux Security Modules +===================================== + +:Author: Casey Schaufler +:Date: July 2023 + +Linux security modules (LSM) provide a mechanism to implement +additional access controls to the Linux security policies. + +The various security modules may support any of these attributes: + +``LSM_ATTR_CURRENT`` is the current, active security context of the +process. +The proc filesystem provides this value in ``/proc/self/attr/current``. +This is supported by the SELinux, Smack and AppArmor security modules. +Smack also provides this value in ``/proc/self/attr/smack/current``. +AppArmor also provides this value in ``/proc/self/attr/apparmor/current``. + +``LSM_ATTR_EXEC`` is the security context of the process at the time the +current image was executed. +The proc filesystem provides this value in ``/proc/self/attr/exec``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``. + +``LSM_ATTR_FSCREATE`` is the security context of the process used when +creating file system objects. +The proc filesystem provides this value in ``/proc/self/attr/fscreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_KEYCREATE`` is the security context of the process used when +creating key objects. +The proc filesystem provides this value in ``/proc/self/attr/keycreate``. +This is supported by the SELinux security module. + +``LSM_ATTR_PREV`` is the security context of the process at the time the +current security context was set. +The proc filesystem provides this value in ``/proc/self/attr/prev``. +This is supported by the SELinux and AppArmor security modules. +AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``. + +``LSM_ATTR_SOCKCREATE`` is the security context of the process used when +creating socket objects. +The proc filesystem provides this value in ``/proc/self/attr/sockcreate``. +This is supported by the SELinux security module. + +Kernel interface +================ + +Set a security attribute of the current process +----------------------------------------------- + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_set_self_attr + +Get the specified security attributes of the current process +------------------------------------------------------------ + +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_get_self_attr + +Additional documentation +======================== + +* Documentation/security/lsm.rst +* Documentation/security/lsm-development.rst diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ac962c4cb44b..97233e6e2091 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -262,6 +262,10 @@ LSM_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops, LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb) LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry, struct inode *inode) +LSM_HOOK(int, -EOPNOTSUPP, getselfattr, unsigned int attr, + struct lsm_ctx __user *ctx, size_t *size, u32 flags) +LSM_HOOK(int, -EOPNOTSUPP, setselfattr, unsigned int attr, + struct lsm_ctx *ctx, size_t size, u32 flags) LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name, char **value) LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 7f0adb33caaa..a2ade0ffe9e7 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -25,6 +25,7 @@ #ifndef __LINUX_LSM_HOOKS_H #define __LINUX_LSM_HOOKS_H +#include #include #include #include diff --git a/include/linux/security.h b/include/linux/security.h index 3f79bc191a7c..8831d7cf0a6b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -60,6 +60,7 @@ struct fs_parameter; enum fs_value_type; struct watch; struct watch_notification; +struct lsm_ctx; /* Default (no) options for the capable function */ #define CAP_OPT_NONE 0x0 @@ -472,6 +473,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, unsigned nsops, int alter); void security_d_instantiate(struct dentry *dentry, struct inode *inode); +int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t __user *size, u32 flags); +int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t size, u32 flags); int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value); int security_setprocattr(int lsmid, const char *name, void *value, size_t size); @@ -1338,6 +1343,20 @@ static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) { } +static inline int security_getselfattr(unsigned int attr, + struct lsm_ctx __user *ctx, + size_t __user *size, u32 flags) +{ + return -EOPNOTSUPP; +} + +static inline int security_setselfattr(unsigned int attr, + struct lsm_ctx __user *ctx, + size_t size, u32 flags) +{ + return -EOPNOTSUPP; +} + static inline int security_getprocattr(struct task_struct *p, int lsmid, const char *name, char **value) { diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 22bc6bc147f8..8637287bd39d 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,6 +71,7 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; +struct lsm_ctx; enum landlock_rule_type; struct cachestat_range; struct cachestat; @@ -940,6 +941,10 @@ asmlinkage long sys_cachestat(unsigned int fd, struct cachestat_range __user *cstat_range, struct cachestat __user *cstat, unsigned int flags); asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags); +asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t *size, __u32 flags); +asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, __u32 flags); /* * Architecture-specific system calls diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index f27c9a9cc376..eeda59a77c02 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -9,6 +9,36 @@ #ifndef _UAPI_LINUX_LSM_H #define _UAPI_LINUX_LSM_H +#include +#include + +/** + * struct lsm_ctx - LSM context information + * @id: the LSM id number, see LSM_ID_XXX + * @flags: LSM specific flags + * @len: length of the lsm_ctx struct, @ctx and any other data or padding + * @ctx_len: the size of @ctx + * @ctx: the LSM context value + * + * The @len field MUST be equal to the size of the lsm_ctx struct + * plus any additional padding and/or data placed after @ctx. + * + * In all cases @ctx_len MUST be equal to the length of @ctx. + * If @ctx is a string value it should be nul terminated with + * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are + * supported. + * + * The @flags and @ctx fields SHOULD only be interpreted by the + * LSM specified by @id; they MUST be set to zero/0 when not used. + */ +struct lsm_ctx { + __u64 id; + __u64 flags; + __u64 len; + __u64 ctx_len; + __u8 ctx[]; +}; + /* * ID tokens to identify Linux Security Modules (LSMs) * @@ -51,4 +81,10 @@ #define LSM_ATTR_PREV 104 #define LSM_ATTR_SOCKCREATE 105 +/* + * LSM_FLAG_XXX definitions identify special handling instructions + * for the API. + */ +#define LSM_FLAG_SINGLE 0x0001 + #endif /* _UAPI_LINUX_LSM_H */ diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index e137c1385c56..f81f2468c0ce 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -170,6 +170,8 @@ COND_SYSCALL(landlock_add_rule); COND_SYSCALL(landlock_restrict_self); COND_SYSCALL(fadvise64_64); COND_SYSCALL_COMPAT(fadvise64_64); +COND_SYSCALL(lsm_get_self_attr); +COND_SYSCALL(lsm_set_self_attr); /* CONFIG_MMU only */ COND_SYSCALL(swapon); diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..59f238490665 100644 --- a/security/Makefile +++ b/security/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_KEYS) += keys/ # always enable default capabilities obj-y += commoncap.o +obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c new file mode 100644 index 000000000000..226ae80d9683 --- /dev/null +++ b/security/lsm_syscalls.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * System calls implementing the Linux Security Module API. + * + * Copyright (C) 2022 Casey Schaufler + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * sys_lsm_set_self_attr - Set current task's security module attribute + * @attr: which attribute to set + * @ctx: the LSM contexts + * @size: size of @ctx + * @flags: reserved for future use + * + * Sets the calling task's LSM context. On success this function + * returns 0. If the attribute specified cannot be set a negative + * value indicating the reason for the error is returned. + */ +SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t, size, u32, flags) +{ + return security_setselfattr(attr, ctx, size, flags); +} + +/** + * sys_lsm_get_self_attr - Return current task's security module attributes + * @attr: which attribute to return + * @ctx: the user-space destination for the information, or NULL + * @size: pointer to the size of space available to receive the data + * @flags: special handling options. LSM_FLAG_SINGLE indicates that only + * attributes associated with the LSM identified in the passed @ctx be + * reported. + * + * Returns the calling task's LSM contexts. On success this + * function returns the number of @ctx array elements. This value + * may be zero if there are no LSM contexts assigned. If @size is + * insufficient to contain the return data -E2BIG is returned and + * @size is set to the minimum required size. In all other cases + * a negative value indicating the error is returned. + */ +SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, + ctx, size_t __user *, size, u32, flags) +{ + return security_getselfattr(attr, ctx, size, flags); +} diff --git a/security/security.c b/security/security.c index a3489c04b783..0d179750d964 100644 --- a/security/security.c +++ b/security/security.c @@ -3837,6 +3837,158 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); +/* + * Please keep this in sync with it's counterpart in security/lsm_syscalls.c + */ + +/** + * security_getselfattr - Read an LSM attribute of the current process. + * @attr: which attribute to return + * @uctx: the user-space destination for the information, or NULL + * @size: pointer to the size of space available to receive the data + * @flags: special handling options. LSM_FLAG_SINGLE indicates that only + * attributes associated with the LSM identified in the passed @ctx be + * reported. + * + * A NULL value for @uctx can be used to get both the number of attributes + * and the size of the data. + * + * Returns the number of attributes found on success, negative value + * on error. @size is reset to the total size of the data. + * If @size is insufficient to contain the data -E2BIG is returned. + */ +int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, + size_t __user *size, u32 flags) +{ + struct security_hook_list *hp; + struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, }; + u8 __user *base = (u8 __user *)uctx; + size_t total = 0; + size_t entrysize; + size_t left; + bool toobig = false; + bool single = false; + int count = 0; + int rc; + + if (attr == LSM_ATTR_UNDEF) + return -EINVAL; + if (size == NULL) + return -EINVAL; + if (get_user(left, size)) + return -EFAULT; + + if (flags) { + /* + * Only flag supported is LSM_FLAG_SINGLE + */ + if (flags != LSM_FLAG_SINGLE) + return -EINVAL; + if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx))) + return -EFAULT; + /* + * If the LSM ID isn't specified it is an error. + */ + if (lctx.id == LSM_ID_UNDEF) + return -EINVAL; + single = true; + } + + /* + * In the usual case gather all the data from the LSMs. + * In the single case only get the data from the LSM specified. + */ + hlist_for_each_entry(hp, &security_hook_heads.getselfattr, list) { + if (single && lctx.id != hp->lsmid->id) + continue; + entrysize = left; + if (base) + uctx = (struct lsm_ctx __user *)(base + total); + rc = hp->hook.getselfattr(attr, uctx, &entrysize, flags); + if (rc == -EOPNOTSUPP) { + rc = 0; + continue; + } + if (rc == -E2BIG) { + toobig = true; + left = 0; + } else if (rc < 0) + return rc; + else + left -= entrysize; + + total += entrysize; + count += rc; + if (single) + break; + } + if (put_user(total, size)) + return -EFAULT; + if (toobig) + return -E2BIG; + if (count == 0) + return LSM_RET_DEFAULT(getselfattr); + return count; +} + +/* + * Please keep this in sync with it's counterpart in security/lsm_syscalls.c + */ + +/** + * security_setselfattr - Set an LSM attribute on the current process. + * @attr: which attribute to set + * @uctx: the user-space source for the information + * @size: the size of the data + * @flags: reserved for future use, must be 0 + * + * Set an LSM attribute for the current process. The LSM, attribute + * and new value are included in @uctx. + * + * Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT + * if the user buffer is inaccessible, E2BIG if size is too big, or an + * LSM specific failure. + */ +int security_setselfattr(unsigned int attr, struct lsm_ctx __user *uctx, + size_t size, u32 flags) +{ + struct security_hook_list *hp; + struct lsm_ctx *lctx; + int rc = LSM_RET_DEFAULT(setselfattr); + + if (flags) + return -EINVAL; + if (size < sizeof(*lctx)) + return -EINVAL; + if (size > PAGE_SIZE) + return -E2BIG; + + lctx = kmalloc(size, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + if (copy_from_user(lctx, uctx, size)) { + rc = -EFAULT; + goto free_out; + } + + if (size < lctx->len || size < lctx->ctx_len + sizeof(*lctx) || + lctx->len < lctx->ctx_len + sizeof(*lctx)) { + rc = -EINVAL; + goto free_out; + } + + hlist_for_each_entry(hp, &security_hook_heads.setselfattr, list) + if ((hp->lsmid->id) == lctx->id) { + rc = hp->hook.setselfattr(attr, lctx, size, flags); + break; + } + +free_out: + kfree(lctx); + return rc; +} + /** * security_getprocattr() - Read an attribute for a task * @p: the task From patchwork Tue Sep 12 20:56:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382120 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7393EEE3F31 for ; Tue, 12 Sep 2023 20:58:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237042AbjILU66 (ORCPT ); Tue, 12 Sep 2023 16:58:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237134AbjILU6z (ORCPT ); Tue, 12 Sep 2023 16:58:55 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4085F10FE for ; Tue, 12 Sep 2023 13:58:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552327; bh=iAQMxR3VEQ9M+gvIgGii9vKZpV7iSCvfcfgE1y9Jf68=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XAW/42bI7cdkhzApeZ9nPHkcfyIyDMZI0CXPO+s1jlvDZx6IJeObqFllRRaCq54WWQudT4vIYhoimdAMNjxXIadKzsrFkMW0uCLUTupIsJV5jbb+7MRl46CkK2vowKE88NxsWOGuoIlFP/22s3/hajVzIPZ1ggUpBNC6Px/ghKGP5UoX+61yZYSiFqFiernx+SupHa9XWXEaTKfdGVwC3ngiKqQ45iCqxOpIbakD6b2heR/S8kfitjCYW8TxB7A7DFwkxAbKPKmyHeQuUi8tQnPSrjBTFekyOTOSNy1KiOBORiOHmorVckcMBzAGvzGdZi8djgqYvPi0rjwN+fXGwA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552327; bh=eMvIaGd0ztXaOO/jCklpApD02O8TSVZiAf7yY4esOox=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=tNbO89ALrv1RO8dooYt0/tuzzt4ivueqkfQCwmEP0RcTsiUBb85+vVAfugy2dtGnhvxfJevY1uGGf20RFwRzuL8aL/cb3tM563dP34YBifLgJvkhgJbP3x9kf2BKrt9GJSFDMHyvML8E9lGszoAhj+4SNAQSpAqPUDJ9Vqtt7obwBr3oxFjcM3pFayR+pyf6+Bce4FbsCluryAfr7uPyPegi63i96p5Wk3sGaCC/iHl0dYdVbL/+qZ1kbKBmpwvXGxKnrP0HlBaRdEdNJF+E8QGsd+mK2OnyNrpr5An6G7MFx6Tlj7ZZI+JVMC5hFFzF2jTWk8c0ZvxCU7eP9IA26A== X-YMail-OSG: XG_IJ_gVM1me5O1k0G6WxJumq9fA5StxpJFoIeM3rzMDFrkFm.J3waBusavKD_n cZofxjavrUB27kEIrwlzS0Xtic_AUngWd51wHmWrIf36Y.n.ZEmOmK0CjLauyEARZYlavDLdwfTz zTTsm94.MfzPdujzlU5HNa.DPhbVzD6NSOfLl1WyUiY57IHpoAHxtRipYBQLVw.ZyXpoxI7uBsPW I9E1wExQhRRPJ3uAhw1TekJ61Ge3IAWa_WQ1L3TwmhSTIaYNrtw_AHRH6bpsRuzKGz80IZHE71wh e1GrBxQkzBpL3M8JX0dAPErLiqyNw7KMsSJ76VZt_pW1n58yq.Oj.B0RTbMzxC7rJtBPxPu52_n0 cjdXS9xWOQZbS3DVxMu8tAzkf9Yi_Nds.n9X.3O5CH7dLpVIhC0KQCBvqF3D06mLNQZUk5zrHi0Y HbJQpvAIKtbleK37mHj_mYdrH2cDChFrfMONWkwn9BPn2IbqpAol3SgLw1vs0wZySxMORpI7dCBY n.nPkyYxMTAhiU.._puBlCxXbw04EVBnyvdCBhcYnfLSxK0RgU3CLqQ3k1cal7E8SteueBkmKhVN U2XoZRJ8zraxIdWyb8w5KsF9pXzpM7we5Yx_WJlWXsdlA8QFw8YehNwOecMPb_JYSZCLYZJpxpDp OYAqocD_kg2xHBBi.OL0P_smzdNx0BxkD5hQgxDOdmg7tTXl984978NrOwxrZXDH2wrz6qCiBSha DIjXBxbj1b2mg6NKudJdDcmtZmaue_wIaRmglELxGkuvE.LTl_l1_FIjkyyG.vY0yGPZHYCSTjoS 7LkbccfOvo3EzcKl1sUThLyeZd38uxB0OkCN9JYfq7UJ0yHn8I3SRSJ7YYBhWqn5PKzEK8zz61ya aZkoHJC2W6LqaWk8ZDLaLyc2tP1S8cVB5jh2JKUVcXsmnGPHpXmdNY6gBTbXPRVp6VYiTBUo9WZy YP8O6ZoPVh7IwmTlD1QnGJCx98jAahhCSeMygEjARnWuM7dUprK_btKrGIM7WH4kZzLPL1DHwMjq GnwCD6TRYr7DvLQXd4z3B3dmHgf83z4GVdsPwrxtEfHOjD07HsT61_bdDLLSjaCfh2NLStaQMmOL HjsaBLGkUp88B6Hse4raURACLQ4j1ZvNoaT3DxsBTk9d29Uatj4toEa3nX03TVVeFLKbQBEA5Q1s PGMwmyau.JRWYzYjC9sQfF_uksqIYR9pu7x__WAHBg.PdHM4M4JyhyeMQLnSQ6DEH9WI1brEKFGV 2fytCt4WNSAaDCMkHs5J94HCZz7qQ5pmw3IjuCWNKsj7Lw2trXvpogj59iyODWpfd7sEvB6gwJgJ bFrwixYvC5NorwPSbo6wm76Ow5mnKL5UZNdXLSKznkYCVw.I5gqpmWKL_v5FFfb9VD_Q_o2MUgZE QpmjAOsLE3PK0uPoS62ZQIN1U5VmuX2rwfQnZK.AV6WdrtY0o5N5HWh6sdttYN7JFb4HI1Qvp2D1 _6yeXEY.dKduIedgS6FDMBavU.Ea9X0F1sAhy0_MWZH0aqdGweNYeergX7kv3A2ilNHK5IjER_AV pjDl6H.Kw91GeNQi0U2nX1m5zJs0tQJiyphIKcWbs6DDdAgiyTiSmqB7WsXUZE.OnQzJFRy1H_S2 EnAOZTknfFT072fNqOQ44ymK.8VED8_Rlf75kOQ84tyniK1e2oIV6qrpEqPDopoyYwCk5BrNqTr5 wO9MinRW92Zlay7M0hAEdL68U0r7cfAExPdked0JBrbgqzXKIdunnovvAXfJSjeTWuZqXaGy4RIr 2aYW0kqMYRcKFwo9vPgJ_GY8hg74P9exDp4YvgzcwxOULyxsk8kp_.r1jAp2XUCZZX4XcFCw0hgk E7A9s_ZTIzPmEHHlfu6Nc0J3AdGWfMW5YSQ_MMixjpnC66qJPt9REmsrcQq9f1lQVf.HwXuXNxU8 2TDdYcwIGXe0kxNAlpGR.ccZtHocbMS62zJUpPrlj.TZUm7Q4COOgagGd1jNRPpcDJAXwoKoo3jM s26gif.6Z0IkkmwPi2cyY6rS2pSEgkas_FmKzl2U7bvYZvc9zU1zEPpp50sVEmM8nzt.H7pizFBN dzRhx6bDSbChBQCo_rt58MQGeOzMW2r.hKawk51Ku4p5X_sMFjCwUn62oTUaJfz_cnc6yWw4MDvn DnyaNdLRueoLtekamiiUgG.4we7AempXyeaaUuxKFGlSWbEaWfJUiguyUxlVhRaNDexai9m2.rX2 x0ixlY2O7P6hJxP2yampzW6i.QO_m2KfS3X.MNg-- X-Sonic-MF: X-Sonic-ID: a72d7c1f-7aaf-45d3-afc3-d307a69ed22c Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 20:58:47 +0000 Received: by hermes--production-gq1-6b7c87dcf5-6x8bf (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7160b6de539f095788df3fe36388d168; Tue, 12 Sep 2023 20:58:44 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 05/11] LSM: Create lsm_list_modules system call Date: Tue, 12 Sep 2023 13:56:50 -0700 Message-ID: <20230912205658.3432-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include choosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Reviewed-by: Serge Hallyn Reviewed-by: John Johansen Reviewed-by: Mickaël Salaün --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+) diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index f8499f3e2826..a76da373841b 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -63,6 +63,9 @@ Get the specified security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_list_modules + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 8637287bd39d..323ef5e2667d 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -945,6 +945,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t *size, __u32 flags); asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t size, __u32 flags); +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index f81f2468c0ce..738ca470fcce 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -172,6 +172,7 @@ COND_SYSCALL(fadvise64_64); COND_SYSCALL_COMPAT(fadvise64_64); COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); +COND_SYSCALL(lsm_list_modules); /* CONFIG_MMU only */ COND_SYSCALL(swapon); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 226ae80d9683..329aaca5efc0 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -55,3 +55,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, { return security_getselfattr(attr, ctx, size, flags); } + +/** + * sys_lsm_list_modules - Return a list of the active security modules + * @ids: the LSM module ids + * @size: pointer to size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, + u32, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +} From patchwork Tue Sep 12 20:56:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382126 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48B03EE3F32 for ; Tue, 12 Sep 2023 21:00:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231480AbjILVA2 (ORCPT ); Tue, 12 Sep 2023 17:00:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232814AbjILVA2 (ORCPT ); Tue, 12 Sep 2023 17:00:28 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E755210D8 for ; Tue, 12 Sep 2023 14:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552423; bh=Akwyqcsww5wfwBoCwraOpddrN8qmbdeZf0exZ2qg8W8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=p/xiVKHL6zlT2g9qXSf5FZl6m4VCkTDxCdFUOHfKBRQeQ21W3aKoz6/pkeErQttG4u4FZsauQ+O2iLtgv7YGPDnpcCSSrmYeC05CywQN5w+xEqRyE7ouoWveAgimGebDWv7sh6wN6XuEttZ9uosdxubSzalBiXpDGe5vdsh5OwYMGfUfRYqBRSZJB97otHBKseRWnKlUn3Zly737kW227IH3Ajjod+Tx5UQNtQXToYkncb8oU/hLljOVEPW5tjsSYSnQLDX4I+bGM2d2vmeE8gnq87PRe8o9by69RYrW0HdTyjY1lsshUuV4S7cJyOevUvfejruwfFrz4tUaZnJPMQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552423; bh=yszVlrO1bexngv1RIYzjkMcG1ELw1den9HWaleBYI+y=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=eY604PUTiTDU35GKYDA8EImdd6qU3QfCLnl490caO7mFYgmxOO3NWHnmKSeQZo83Vt/EkqFaTgFxwC8i+YFEDc/weKa44cdAEszDl91Ha72o2eXY0Z1DaWvzDcevU/xy35vQ+CE2J5YvVXHp7YIIi3vvelZbFdoRhrisgU7DeNoG+lC3iNZClchcyInS3ppOf5nM6ODqFbiUgh7Pb8t3ESI+nrrlehXVPTMZrvsnpyzVXJjjbuRMDrnFUJ476IFGRsPdktc3ZwfQ27oEEIEGBhAhyqpvH/58O6XTPMLn/mDqgpnbFeFRsTWL5RHiLBAz6XCySSQ04gFywZG4KZ/xFg== X-YMail-OSG: gQtK1kUVM1ntB92xyvyMxL2kEup5_M6ssIHit9YAtbVMPAVI5c3jjg5OZM6KuXf 2ItDNg8Cf_CjsOQXJRzFI67SmuTxRUhcPfHWEovGtv_ySWVL7Bj5myqSMra1zi_aB9GmcrocA3oN tfSEpRcC18wKFl2a4MOVrfYG8s3xIVprBuEuJ7AyzhvnqYtQPOj7IaHELuMDiwuqhvqwYyK2tnRJ 0ejZcj58CtIxshbAi7Om1LwxzrUebUAsk_vS0Cpt3B3AdPFSnveB5J3IYHtq77kR.HdjEHZ5SPj5 im57hIXunRX4eIf3018AN8vxRy_Jn5OMVvzvJiS7_Qdm7WgMn2g6wKM1X41m1PLbuze89W4imsBP UUyLxbn1aEi9sMx4QVCsySPMREVspHv3bVVKvrOcqHXAsGEVjGvM.aBZkBEGc1U8EkFEtTxRTtoX ibxU9aVhKCIIFl_fA1mLTPSw6bFKY0d1a4hDXGc2JUy1YMS_lKCi.wN_Zh2ruTOm7uPUQRFxG8vz UlGUzYiWpMe8eMBezp4XUfKmm8wTaO2yy3fTcUYqLwOFPan3677fUX7ndfGq.GlAZpFJsgTaLUrv lI561CJ4RaFg5lgsqufSD7.CnOSGcJvMXl3QlrHVrNV71bcYXAewrJh4TDjmWCZyto7sIRJaTSna BdTTT3hxY6MuTxowk3oOJ3ycJ1YXNMTC_ENpcSPCiT5S7NGYwGA.Uy9hWR2wy3wdOKt4ZUFFj0ue .ixoozrdGCBRAT5EnWOzd8cCydUxm6d3nGYzV5HFZFfhvAshgFYRR1rmrRpNY09EMcuLFxIFrs77 2CPJYt.eAuWL5P2su_W0WmR_gAeW4fHztRR_Q_UcphMCyxmxlRR3lYW3f.xiy1Ki46PCWveZt5ib gen218Apo99_Rt4RxnF.j50qaVkZc2cy3VREL6hM2LShj5KZC2re_TIxtIn9.Uo5ULCZNkj4Z9sw mzAJLJzYKrynTU3dwolEoW7_TH6aI8waqbzw2EuKAeDfQnoN2XxCmrjqaEK8KPwwPXJgJDOVo_hP BpD92z_11saTqEsV1fP9RsSdVgqygGaI.sUEquHxAZ.Uygb3RHp.axhUi9Xmiq2qPPbtYk21NKZ6 BSozK1dVXSIhCfNhtbA9Yrz8rhDHqRtpJo.cq7tG5ZXaVQ4E_thpVhqYDDIlv_W4Ke1I9EuF4mvp msYlyZiLjmouofm5k.DbQD6f4ngvRXkw_bKf5lYo6AAdKK05Xf3LRhUvSv.FtcqFYPBHiVa_9WeZ ntxiV4d40fFNw18wW5RRvBxqoiIDhMfFsgGoZq2hHYO8uYks_v0NoqmzUC4FM1HbZsBfv499Hdvk Tp48ghbzwKcMAsCdrOPpV0BDTVUQ94YQLkWHYhzjRHhJWGPLkGlHvDZBICNKLn6YUTH9ZGg3JI9N xZsGbMMhxJdAROcyeDiZYoGAHBYoN85RcuZhZHBSXhuCaZVeGmD.FoezA9BkebFUYVBGWVjHfCOa oipEiWm3yVmsdAG_i3xYrTTY9.SZiDv6asAfWezK5Uf7J7LTu7qZDiwkQkNVcnAh4fcp1RAinDZD W1Y7vXwaFid53acCHWrUtJ8ZPbAKw_.rdzjKfWSz.vQhIXdNE6C1o.MPEu.8PqECfLirnatPw9Ce UanH76ovCin0xPj5FTo5d8IIwaZ7IERZRMS1KlRR5JYp8dT1XkLZDPK6uvunA3If5cHBKoMdgVPx vPbxaASKS7gjB3F_3dxxOPanSnipezMckM1P8yZmwrtklVWp2UUi06YCTL6qzaXO9v8FoKyLGdD1 iFSEAk1myVbRVY0s.xHpdiW3HKAfuO267BUvHsEt.C32GfUNicdjXDYV83fHTM3tVCoIOV_s4FF3 eTqC1tYaKlzkb0Ju1FST1eRUajW794UgT60RrNSKrYeSfhuM3RUAJ6ao.0XpXPmZi5qNVuDmh3jj FlcVgaGUEyuGuX9CY3jy4uOqGY_pzCv.EgtbaJ9KcI9zSdberOvM2dCVsi7DAWo2mW5ckw5LQmS3 KGL7hvYW5wUAjU4wXWeAjRtoHnRQiMwL01Z33j7opaiHqFTXAt95stvSzj3n76HLy7E2.0uSzfVB 63M_k.ht9nPXpR0GLsLbTz_jFMqWqCmSbmgHmquMgYIbt6XCGPbIBAxcewZgFLWulgV6ALFuDz13 QNWV5h9EO17b9Lc_TiRkXUK2FVb_FOSd11M7TLUJBClfePQxBX_awcnrUMuD6cPKx746q7M.eNSt 6l3ezb0ubk4EFRoBl.aSTNKgfm0T86wyYa9ty.qU0b.ZXFco6ErHpxzof4vUood_aSx6vXhsOn2v fdpGEhc7L2bAKKyvqHYU- X-Sonic-MF: X-Sonic-ID: ee64c6c2-fec4-48dd-973b-b353ca7cc02f Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:00:23 +0000 Received: by hermes--production-gq1-6b7c87dcf5-j6k2s (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a386478821340d4a39b6ed725da40e04; Tue, 12 Sep 2023 21:00:18 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, Geert Uytterhoeven , Arnd Bergmann Subject: [PATCH v15 06/11] LSM: wireup Linux Security Module syscalls Date: Tue, 12 Sep 2023 13:56:51 -0700 Message-ID: <20230912205658.3432-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Wireup lsm_get_self_attr, lsm_set_self_attr and lsm_list_modules system calls. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook Acked-by: Geert Uytterhoeven Acked-by: Arnd Bergmann Cc: linux-api@vger.kernel.org Reviewed-by: Mickaël Salaün --- arch/alpha/kernel/syscalls/syscall.tbl | 3 +++ arch/arm/tools/syscall.tbl | 3 +++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 ++++++ arch/ia64/kernel/syscalls/syscall.tbl | 3 +++ arch/m68k/kernel/syscalls/syscall.tbl | 3 +++ arch/microblaze/kernel/syscalls/syscall.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n32.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_n64.tbl | 3 +++ arch/mips/kernel/syscalls/syscall_o32.tbl | 3 +++ arch/parisc/kernel/syscalls/syscall.tbl | 3 +++ arch/powerpc/kernel/syscalls/syscall.tbl | 3 +++ arch/s390/kernel/syscalls/syscall.tbl | 3 +++ arch/sh/kernel/syscalls/syscall.tbl | 3 +++ arch/sparc/kernel/syscalls/syscall.tbl | 3 +++ arch/x86/entry/syscalls/syscall_32.tbl | 3 +++ arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ arch/xtensa/kernel/syscalls/syscall.tbl | 3 +++ include/uapi/asm-generic/unistd.h | 9 ++++++++- tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl | 3 +++ tools/perf/arch/powerpc/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/s390/entry/syscalls/syscall.tbl | 3 +++ tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 3 +++ 23 files changed, 75 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index ad37569d0507..01f4d0889a36 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -492,3 +492,6 @@ 560 common set_mempolicy_home_node sys_ni_syscall 561 common cachestat sys_cachestat 562 common fchmodat2 sys_fchmodat2 +563 common lsm_get_self_attr sys_lsm_get_self_attr +564 common lsm_set_self_attr sys_lsm_set_self_attr +565 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index c572d6c3dee0..e12db7b9fb8d 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -466,3 +466,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index bd77253b62e0..f33190f17ebb 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -39,7 +39,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 453 +#define __NR_compat_syscalls 456 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 78b68311ec81..557345b38893 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -911,6 +911,12 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) __SYSCALL(__NR_cachestat, sys_cachestat) #define __NR_fchmodat2 452 __SYSCALL(__NR_fchmodat2, sys_fchmodat2) +#define __NR_lsm_get_self_attr 453 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_set_self_attr 454 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) +#define __NR_lsm_list_modules 455 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 83d8609aec03..b4f9746a36fb 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -373,3 +373,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index 259ceb125367..215547a74374 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -452,3 +452,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index a3798c2637fd..24174dc2045f 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -458,3 +458,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 152034b8e0a0..dc3395c37b1e 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -391,3 +391,6 @@ 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node 451 n32 cachestat sys_cachestat 452 n32 fchmodat2 sys_fchmodat2 +453 n32 lsm_get_self_attr sys_lsm_get_self_attr +454 n32 lsm_set_self_attr sys_lsm_set_self_attr +455 n32 lsm_list_modules sys_lsm_list_modules diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index cb5e757f6621..06cad00543e8 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -367,3 +367,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 n64 cachestat sys_cachestat 452 n64 fchmodat2 sys_fchmodat2 +453 n64 lsm_get_self_attr sys_lsm_get_self_attr +454 n64 lsm_set_self_attr sys_lsm_set_self_attr +455 n64 lsm_list_modules sys_lsm_list_modules diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 1a646813afdc..6ecc14091da3 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -440,3 +440,6 @@ 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node 451 o32 cachestat sys_cachestat 452 o32 fchmodat2 sys_fchmodat2 +453 o32 lsm_get_self_attr sys_lsm_get_self_attr +454 032 lsm_set_self_attr sys_lsm_set_self_attr +455 o32 lsm_list_modules sys_lsm_list_modules diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index e97c175b56f9..5b321bb46374 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -451,3 +451,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index 20e50586e8a2..491eea2f88ba 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -539,3 +539,6 @@ 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 0122cc156952..653400f82211 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -455,3 +455,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index e90d585c4d3e..a4bc4047858e 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -455,3 +455,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4ed06c71c43f..b134ad689789 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -498,3 +498,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 2d0b1bd866ea..e921e0d6c4b3 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -457,3 +457,6 @@ 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node 451 i386 cachestat sys_cachestat 452 i386 fchmodat2 sys_fchmodat2 +453 i386 lsm_get_self_attr sys_lsm_get_self_attr +454 i386 lsm_set_self_attr sys_lsm_set_self_attr +455 i386 lsm_list_modules sys_lsm_list_modules diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 1d6eee30eceb..b70920626b8c 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -375,6 +375,9 @@ 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 453 64 map_shadow_stack sys_map_shadow_stack +454 common lsm_get_self_attr sys_lsm_get_self_attr +455 common lsm_set_self_attr sys_lsm_set_self_attr +456 common lsm_list_modules sys_lsm_list_modules # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index fc1a4f3c81d9..e1fe5ed7cad8 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -423,3 +423,6 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index abe087c53b4b..f10906c71711 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -823,8 +823,15 @@ __SYSCALL(__NR_cachestat, sys_cachestat) #define __NR_fchmodat2 452 __SYSCALL(__NR_fchmodat2, sys_fchmodat2) +#define __NR_lsm_get_self_attr 453 +__SYSCALL(__NR_lsm_get_self_attr, sys_lsm_get_self_attr) +#define __NR_lsm_set_self_attr 454 +__SYSCALL(__NR_lsm_set_self_attr, sys_lsm_set_self_attr) +#define __NR_lsm_list_modules 455 +__SYSCALL(__NR_lsm_list_modules, sys_lsm_list_modules) + #undef __NR_syscalls -#define __NR_syscalls 453 +#define __NR_syscalls 456 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl index cfda2511badf..371fce3750c2 100644 --- a/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl +++ b/tools/perf/arch/mips/entry/syscalls/syscall_n64.tbl @@ -366,3 +366,6 @@ 449 n64 futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 n64 cachestat sys_cachestat +453 n64 lsm_get_self_attr sys_lsm_get_self_attr +454 n64 lsm_set_self_attr sys_lsm_set_self_attr +455 n64 lsm_list_modules sys_lsm_list_modules diff --git a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl index 8c0b08b7a80e..35b07f417059 100644 --- a/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/powerpc/entry/syscalls/syscall.tbl @@ -538,3 +538,6 @@ 449 common futex_waitv sys_futex_waitv 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules diff --git a/tools/perf/arch/s390/entry/syscalls/syscall.tbl b/tools/perf/arch/s390/entry/syscalls/syscall.tbl index a6935af2235c..2d196937aff3 100644 --- a/tools/perf/arch/s390/entry/syscalls/syscall.tbl +++ b/tools/perf/arch/s390/entry/syscalls/syscall.tbl @@ -454,3 +454,6 @@ 449 common futex_waitv sys_futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat sys_cachestat +453 common lsm_get_self_attr sys_lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules sys_lsm_list_modules diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index 227538b0ce80..24dc86e52ddd 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -373,6 +373,9 @@ 449 common futex_waitv sys_futex_waitv 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat +453 common lsm_get_self_attr sys_lsm_get_self_attr +454 common lsm_set_self_attr sys_lsm_set_self_attr +455 common lsm_list_modules sys_lsm_list_modules # # Due to a historical design error, certain syscalls are numbered differently From patchwork Tue Sep 12 20:56:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382125 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D8E9CA0FE9 for ; Tue, 12 Sep 2023 21:00:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231787AbjILVA1 (ORCPT ); Tue, 12 Sep 2023 17:00:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229996AbjILVA0 (ORCPT ); Tue, 12 Sep 2023 17:00:26 -0400 Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C9C2199 for ; Tue, 12 Sep 2023 14:00:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552421; bh=uWToEefsqQdOabIE7w0i3/JycE51obhl4UwYVHpi5Lw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=f9bwYyUq6CIALOPYf+k0vVgUwt7/JOgNvPe9uTlvMuVdIR7GoFkD2iRBf6r3RekYmEP8JcuWiMIYbN0b6cNraEiNxo15k1e37MFot0xsCWy+ZQDOE8/zYXSiyIPw2poRirq4IF+WCFE82EzHrfbyV1JOS5imGsYmYvcZK1FyP/IyrTG88zABOyFJofyRCgIKUXscwfE616mkQ8GxkxCwbuuQvcPLxvnoT9RSUFE/tzzQtVwHCMUbwmA74hQGMxlqn7pdNa7M67KRXutKx1WW+iH3qtBl7srViC0b63e/ycMJBx9nSeuKsUvKiupuNZ9C1amzdN0KGizyapFOtNPn7Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552421; bh=5aOd2R+0qtJ0lYNHsRBtwdKx7DFHY0CA5WZH5+rwG2b=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=HjvNBIk8OukraxoT5VdFABrTLqAIkOzTyKEUbVRcC2OEQXz9rPMoYGcS7f3bmeu8e6Pk7ZL81OJ+gBLY+584RHv17hMOE/0FkJoVi1dNalFciu6ZTjn4PU7vf2arTNe5PQQQaPccOj49w4XozVF+sWfFHgNQwHqciBjeGXR8GDqmK2op5KXb1+Qhan7z+jXD83V/p6Gy1H1xOQ6vw2qgtAQN9O3OBRSenI37mVYweeuaXi8skQFDzZ1fft2+joJ4uLbdW8Wv/nfEU81cX/18kWkooUAnMqLYKWM1No+MmLYjWtzdsx0XVBisHaS6Gur5EXE+iJSZCZC5pjGRlFAFXg== X-YMail-OSG: Y1yRUAUVM1n.NkffuF5e07BBkUmSTDwYEbgoqJ57CcPtCdtl.hA.cVxtjdqyMim h8.ALQ500rYWG2Ke4PaZf7IcPZ2XvIYIOP7zjPqAyQK17wjF36R7KaEwMf66NIRmH.TCTQuvnOdJ lRRceCgeCeYud7vqnK8RYDUIiZCfBolYSHOXoPe9kKOtPYqlETFns9pCjJyg0JQy1cmnDSr4Kd4E 3JwS9OGdsw3MdmVlDnxzMut8UfiUgplajZJtBTpIXglGDSdSDqBFCHkyh.jk8_jt4dJRI5SEa_wx 9JOr05m6UYVH9FFrY9qmmHwgmSutyIJwQ.FaThHVS5ni4yw.g3LXkFiFOiYW5RDFkfZTV45mRZ_a t_8iPYEtSBv82Zr6tplD.AlUfWQI4t7ONUh9bXa_n_WlWuW8uc1DTtagE05qKv1i6nDQSenmJ.AV DcJ_KxirAaZX1WUw1VRAV0LyQ8EJAB_PFOI_zoCO9FAF9R2NxShDpxALpSGNia6NczMMYs5XSLqJ 4RSNRQ1X.MvswGbAqv2OL1HbKSKznIHWF9Q81zzxAGlS9R03TCcwpkOOVPQHvhIZSbkvq_JH.dCd CA99hrT9Uv5kaMtswuMBiC003.xRFHCVldwm7HsjIXBdHTqNGEz4Kkjh4oc2KXE8bs1ZX0PndG5Z .wTtMbsjizzZtPp0ZT0JRTBD1OPuPj26mZ5UeisxFLr_NAzbzxlLvilEKXI_YeVzwo2KimJyftNF lGVvrFzcKbt0PInarY1mHJ7Mnv9JL2xOY8ReUPsyL6woVc_4_xaq9.eIS6ggvQaB5dOT3GXz4j.C KxMSrTDMdssl1wOIBs_OJh1P5_S.BfUM.Lrf3Ts3l8rUPxbyHyXA2LX9e_DcZXjKyoHVcT6_RSdA 8j4ORFy_eGakUc_dkMxpT0XhKCip7cOo3zD5vms6CIrZkm_uKVjnfKj0jlMJcatMHh_uvvTr04jg .vo08DRFJM3LnPUQkKzv_moSyq9bEfv..lsQ8jo5k9yCgkYk9G_1NcXeb19Y9kNzqMjD3_S3onTi KIo00zB97OomnqliOtS7eKtP7idPWbpHpFuj1uwYQQkdb2W6T8qxIiC6PVSAEjKSvw74pnAfvfBF K1sH.XfSsilbmP31CrDvsa6KkR7Qdnfm5MYWJGUiT2n8bkRMSBfe403kS8S0SJGIJBstEydf355x RaIFDU69Q12i8MBHlfaGKBbPvpxHIS0o.HhQXYETVcAB2OoOfnRWwqm_SNuAhM6UtVrm88dtTLlV oNGntBei8XXHhrKh90DX_qTbHgk3kOvWE.r5TZDuf2f1aDaJ4NGVjNFBhGuUHK8p6.S3aCBrHzdm yH662Uy203d5f3sObWKElC6WqQXG2aWZA_yM6v5tHBFm6Exph2MxgMTJgOFAuFNNZ1DD_BF5Zgje rB7uNib22bQEeHWTi.BYPKo1MK5rqmSx1Q7IOK8nlxlImxbSm7du8nuXaaBxjAR7Amahd2kSpaZ5 Kn6v_lSyIaibb.PmNHLFkLLTiRF1zX.jHdOOMgIlx6hq9S5a3bS0lGyINjDxucgtRORYvvq4DIsM ncXabHp7waFPHjn1XfgODeAGwfRKImdDgHeMEm05Fj3byCVZmwS4BvexrAN54PmpP3_B_LMv753I lMZRb4eCDr8vEyVz8HiP22uq92ItBnhkI90HLcsBaq_ZpQzh566biJBgtIcGavtdodCnXaAHKohL DH6cICIJ1CWIgfDw_2F6h31o5rjZqPbbUmwvd4ADoeDusBeX9Xh59HLFO0FeErjCC4TD7ov5YJvm JRM7WYZwQZxDkc2H7Mi3UGbq_HVq8UJoat0NCLSBqRXKoVgjE0cWGGB63RJo5nx93xN1kuqz7hU5 stE1zTqFTEUHuzZhyZiCBCLNx_TNiMDeBqBE9W1BoXPptqVUHKQ2S2oqhRdxRmRjwFbbiCOLOA6d RFwKVAh0TrmzZSEsxPhf5qJaMEDqZaVuu4N36Y0NUF5nIOSgAKdMDZVgQgul7WVIxXJflixltDC4 mn9oTmsYl1vGYvdhqJfxvkN0RHlrHt0Y61NFa8SCDbE.N.OJ5VonH9UDKBi59_EhTbNTCfEk3hK0 c8rMObsHfQOFuIH8ePsqp__rb87V.nZCwYrXwC5AoDHdnENq7fdtd9kY44GWEJ4AzoQJSwlJzrR6 Ohy1q_zSCsGaJZWlFES4y0jergqN5Ytk.tsaY_YhPkhXmfQKRH6by0QBjLRLG_Fxj1qRKNbF..fx H.qVq4vQ3WlR7YWF95STBCJIo98gU66DSfT_sbKS5uGlp_9kc6FBc7ksZPSKC2xokGQoNeK4J_Av as.iT9T4CNQlON3Y- X-Sonic-MF: X-Sonic-ID: 606d9ae2-8ef4-4212-963f-0b7d8b8e0c67 Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:00:21 +0000 Received: by hermes--production-gq1-6b7c87dcf5-j6k2s (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a386478821340d4a39b6ed725da40e04; Tue, 12 Sep 2023 21:00:20 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 07/11] LSM: Helpers for attribute names and filling lsm_ctx Date: Tue, 12 Sep 2023 13:56:52 -0700 Message-ID: <20230912205658.3432-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add lsm_name_to_attr(), which translates a text string to a LSM_ATTR value if one is available. Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including the trailing attribute value. Both are used in module specific components of LSM system calls. Signed-off-by: Casey Schaufler Reviewed-by: John Johansen Reviewed-by: Serge Hallyn Reviewed-by: Mickaël Salaün --- include/linux/security.h | 14 ++++++++++++++ security/lsm_syscalls.c | 24 +++++++++++++++++++++++ security/security.c | 41 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 8831d7cf0a6b..e567f910a1c2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -32,6 +32,7 @@ #include #include #include +#include struct linux_binprm; struct cred; @@ -264,6 +265,7 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb); /* prototypes */ extern int security_init(void); extern int early_security_init(void); +extern u64 lsm_name_to_attr(const char *name); /* Security operations */ int security_binder_set_context_mgr(const struct cred *mgr); @@ -490,6 +492,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -507,6 +511,11 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) return 0; } +static inline u64 lsm_name_to_attr(const char *name) +{ + return LSM_ATTR_UNDEF; +} + static inline void security_free_mnt_opts(void **mnt_opts) { } @@ -1415,6 +1424,11 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + return -EOPNOTSUPP; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 329aaca5efc0..5d391b1f7e69 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -17,6 +17,30 @@ #include #include +/** + * lsm_name_to_attr - map an LSM attribute name to its ID + * @name: name of the attribute + * + * Returns the LSM attribute value associated with @name, or 0 if + * there is no mapping. + */ +u64 lsm_name_to_attr(const char *name) +{ + if (!strcmp(name, "current")) + return LSM_ATTR_CURRENT; + if (!strcmp(name, "exec")) + return LSM_ATTR_EXEC; + if (!strcmp(name, "fscreate")) + return LSM_ATTR_FSCREATE; + if (!strcmp(name, "keycreate")) + return LSM_ATTR_KEYCREATE; + if (!strcmp(name, "prev")) + return LSM_ATTR_PREV; + if (!strcmp(name, "sockcreate")) + return LSM_ATTR_SOCKCREATE; + return LSM_ATTR_UNDEF; +} + /** * sys_lsm_set_self_attr - Set current task's security module attribute * @attr: which attribute to set diff --git a/security/security.c b/security/security.c index 0d179750d964..9136a4c3b0bc 100644 --- a/security/security.c +++ b/security/security.c @@ -771,6 +771,47 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure + * @ctx: an LSM context to be filled + * @context: the new context value + * @context_size: the size of the new context value + * @id: LSM id + * @flags: LSM defined flags + * + * Fill all of the fields in a user space lsm_ctx structure. + * Caller is assumed to have verified that @ctx has enough space + * for @context. + * + * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM + * if memory can't be allocated. + */ +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, + size_t context_size, u64 id, u64 flags) +{ + struct lsm_ctx *lctx; + size_t locallen = struct_size(lctx, ctx, context_size); + int rc = 0; + + lctx = kzalloc(locallen, GFP_KERNEL); + if (lctx == NULL) + return -ENOMEM; + + lctx->id = id; + lctx->flags = flags; + lctx->ctx_len = context_size; + lctx->len = locallen; + + memcpy(lctx->ctx, context, context_size); + + if (copy_to_user(ctx, lctx, locallen)) + rc = -EFAULT; + + kfree(lctx); + + return rc; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: From patchwork Tue Sep 12 20:56:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382127 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 167C3CA0FE9 for ; Tue, 12 Sep 2023 21:00:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237413AbjILVAh (ORCPT ); Tue, 12 Sep 2023 17:00:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232814AbjILVAa (ORCPT ); Tue, 12 Sep 2023 17:00:30 -0400 Received: from sonic315-27.consmr.mail.ne1.yahoo.com (sonic315-27.consmr.mail.ne1.yahoo.com [66.163.190.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9498510D8 for ; Tue, 12 Sep 2023 14:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552425; bh=qaYQrhaQXIPpO8mOBHridGYKIryoRHLIL6vxBAApMvk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=df6j8f/SAc+ytCeqX1F0XpBhLSAck5S8pMozwYmZ7JmLjSGjT084sWRvyjhjqtDDVnV/XUfGTVpd9NsICu1OsEOozCSWtKjiGwF5uy0Bg6jG3aa8UCowb2ktporYiZZLUulX5khNKRCPFRNuKgO9V+qwWoDjRn3KmD+C0oHqntyLPOZkOAzY+ILJiAMeH/Q32HUGkvG7sQOB0VtdnT61TsBWKPxBMH+ruiwXLXjjqPYSymhNuLOgL8jv/Scor4/s6dkkQPwIog+R1IMeADINYxfQlqkYdcIuvHaz1NAABxAZHbMYxXzqgZ8qcrNZhS6gcLg3yUn7skoxM3usrFPPsg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552425; bh=XFROA2RgV5lKnpTzzctrH1vHjcVtcjoqv5tnuZ8BQNR=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=c3lhguPPhKtU19fSUUgyFDBCw7C2Oc2BFM2WnGa+6huRxDaGx4kE6bBcBp6fGToFLviddsW9b+oaiYd8qOrTfQ0MJeDboKI/yJLpKgqxf2rAcPfrmz5Ay7j+ryh1SpyEThsZrQrmvEuwLzj92En932TubPaekh6ccyjE7fMc2jIgWRf6+aYSEtm5fA3vsDaBmYfh6X1G33Q1/IH2hAyxLSWAA7N7fAXdG87nH7nJfU4bc5i+k6+CMre41sK7Zj02npM67LGbjbzgNSaAAfcAcngi/Xs1oN2JFQkVxMh5OqRtmWFxnJtqCQLyYH9mWKdEdyDuU9/YpcPbTEQ5ulhRcw== X-YMail-OSG: TMdhFToVM1mS9qj5vUhs_sgHbhBsCw0nivxnD40W7BR.Kedydj1OkeEUN_gJb8x 0Rju2B87LuYtoC9OW6JkdlqIbzSqV9zYL9S6UaqINphWGrjd0X2__5DblPaqSt_Nyqgq6T38mCOv 5AfFt8LQnqgLNkYSpM2B8MwfpP3kSgj70uClwY3D_wb_dor0uwpXlCxbP0YKIJSIQNN6makI6wr2 JWkrpBgNiaouXpJNuVV2geFR1f7owRLKpYDHi1X23jZI.92ZxNAWWzMJpqVrku8d.rsGVfEgOkrU dBRqCD2DMSLZA5uIunnLryGwBF.dR4NVnREC6miX_rLp_ODW1HijGnW5WSfktaUcRMjgFyBMxoJ4 2XFli42MhswIIOj0GEc2MP0SwN7y60niI3HPMqno3Hk7RK48t9NkItcmGNPIfM9GMWma7js2qCVT gsfkO9u0XofOySarIBaqGayXJ8ojVFnwEHTcSHrR1c3YKXrCKd09MOdhC7c8cIJtb_jAvsbtBTR8 JwxkTWAMO.4piIq4QJFNoEPHseSqe06TAt8cEf1dwiUIyCXHTlhWhur36o7dIC7wdMe..sVIDt34 8j6oprZ92k_SplQbeTJTQWP8o4sQHZ_VP.phcyrOofQYzpA18ICwd8Tl_QbbdSb5wvfWVrGS7_sO msOx1llEHTIhtvAOJ1GOd70KM7usxsUN2xN_X5V9VEWuDVaQeKBSs4Ohb_b2ahSCyswvm.0mkj6A ifWEiiQe6kV8q8.9JWhLyRl8BSXWUqVg8MgmawN1NTC2.0ZIloIB7UekKt8KmByupRb7eyGKNvsn j9QaBlHtmSM5V.8KaUtyjcSnuuAIKiLr1w.WRAo_y3ribL8Rsg6nA5oO9KVVtetY9eahyKcKvG_H DODYZeuEhKQkuSJXXHT0ZNQxFBgmvWasqVyml325xDVR4nvd9b5XOfYWuTRFbDbXzhjfvRY5gouS 9pJJ00Y_Dac9BpJh8xj2LWMjge2ruK3vs7CoURWLy7VALG5rjt8GTWeo9wIINbCVfk48zRrroOOZ 9WbNhPtN0XAKfS3v29iNa8yWMERL7BwvYP99g4Al8w77FwVhFEQzYO9jhT_GFAn1Kq3Cyczb8ncb kAyWY6jmN2U.z0GiR7oGvg0PiVfh0CaxQ1oOxqIZKscCbFlyxZtFSiZWxp3Dxh2QsRvfTT2kWCGe 4DdXsp0RUBOgDh9uKT2opybRHr87rBlSWKCZphxVbUHoiiHtHU09BAfJMAM_kII4Fb8PfJBlpXbb 3UQDxLeUx44pNnW6I4EPwXS0z_nYCggzxbK7jSWVpXSBZk8yda0HqE8szQMWEQ_V85bHk7re4uA4 .0ZyLcOaZSa1dZpZUZLDTkIJBGO7tSvIwK29yoINgYoCb8XlOvk2qO4UtfQNexO3.sfv6aPKX7On 6_1GHs91vjQpsO5eGWzFX.3NiYQGc5SbbhAv5gNgpGzJ3FqSJdmBXKrV3iJay4LoS76eh_j5cCK7 4_6m9XaZU1OU72kj.2vTluoY92iap5Ep.gOBJLOWARoNCmieadl9MWrdREB68Y_ZDUielPz06Ezs 84VSyescTi1chFLVDNZGcLxtu8qjOClJnK0PPURj5_vsbRceuS8E9t6iBwPK.KwAa6cwOK.kuuVc zFA7bmfbNQiXpVVpyvTVY_28PXnnCKyiVlQjEk_1C4QOPaWcuZbBaFjNSAzAR.f2wBOC6tVhJU6b BWwQoIMJFh_srAMFCn1yP1_wIADxL16J5MARAFIrnwKXIyE_0kD5EqamTAplxoyoJp2gGZcHkZxI GeiQGLIHrWzYWnAFUMZKr9_BYxJdFLEy2XWyodRCxQZflZ6VkgIXXRzwaUJhKzReA4pSqCU1GMzY sMfhkrM9nNhUtJoUSlxi4rmv3JUznttTVngCIYzPojnstZ5jvzGoJ3A9dxkTGA.yi9TLxfWvNgEi b3gw.Piou2nGiZDn0e_PLoNJfAbPgpIb4WJ2Uy6zx3td60FCaWep2jeKQ8bjwQWDvSXcI31AUThz 6OY7qD7w_jcCejiSVrubgYEWwntgYAzXTP1GBqA9cCu6Z5_17h8V1LPjmYywt0NtJRY8akX0EF01 C.XE88hHU2ORVK4L4CVPhsrOlLX7Pb6HtDBbTv.jSO7NrNH0.DWeDFeTqSG_4pHCakTamV6iROow cvkL0Ng5nmje9yzi_X08vuidek9Sp4RvCmNeOEi0V1DEKBVw4btVAGuuLXWsHy4T9sPsZsvsjloQ 0xLH_.b8KGvOf0Myp.3DA4h9BZeoNiRHKgmxyUxLUZSKv1yPA_3d0UrQnw0bsNyk0Jj9ICp_1krg 3D3jtRekwG7ThU7sR X-Sonic-MF: X-Sonic-ID: 981f1edd-eeea-47f3-95c4-ab77608ad756 Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:00:25 +0000 Received: by hermes--production-gq1-6b7c87dcf5-j6k2s (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a386478821340d4a39b6ed725da40e04; Tue, 12 Sep 2023 21:00:21 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 08/11] Smack: implement setselfattr and getselfattr hooks Date: Tue, 12 Sep 2023 13:56:53 -0700 Message-ID: <20230912205658.3432-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Implement Smack support for security_[gs]etselfattr. Refactor the setprocattr hook to avoid code duplication. Signed-off-by: Casey Schaufler Reviewed-by: John Johansen --- security/smack/smack_lsm.c | 95 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 5 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f73f9a2834eb..12160d060cc1 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) return; } +/** + * smack_getselfattr - Smack current process attribute + * @attr: which attribute to fetch + * @ctx: buffer to receive the result + * @size: available size in, actual size out + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns the number of attributes on success, an error code otherwise. + * There will only ever be one attribute. + */ +static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t *size, u32 flags) +{ + struct smack_known *skp = smk_of_current(); + int total; + int slen; + int rc; + + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; + + slen = strlen(skp->smk_known) + 1; + total = ALIGN(slen + sizeof(*ctx), 8); + if (total > *size) + rc = -E2BIG; + else if (ctx) + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, + 0); + else + rc = 1; + + *size = total; + if (rc >= 0) + return 1; + return rc; +} + /** * smack_getprocattr - Smack process attribute access * @p: the object task @@ -3655,8 +3695,8 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val } /** - * smack_setprocattr - Smack process attribute setting - * @name: the name of the attribute in /proc/.../attr + * do_setattr - Smack process attribute setting + * @attr: the ID of the attribute * @value: the value to set * @size: the size of the value * @@ -3665,7 +3705,7 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val * * Returns the length of the smack label or an error code */ -static int smack_setprocattr(const char *name, void *value, size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; @@ -3679,8 +3719,8 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (value == NULL || size == 0 || size >= SMK_LONGLABEL) return -EINVAL; - if (strcmp(name, "current") != 0) - return -EINVAL; + if (attr != LSM_ATTR_CURRENT) + return -EOPNOTSUPP; skp = smk_import_entry(value, size); if (IS_ERR(skp)) @@ -3719,6 +3759,49 @@ static int smack_setprocattr(const char *name, void *value, size_t size) return size; } +/** + * smack_setselfattr - Set a Smack process attribute + * @attr: which attribute to set + * @ctx: buffer containing the data + * @size: size of @ctx + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns 0 on success, an error code otherwise. + */ +static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, u32 flags) +{ + int rc; + + rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); + if (rc > 0) + return 0; + return rc; +} + +/** + * smack_setprocattr - Smack process attribute setting + * @name: the name of the attribute in /proc/.../attr + * @value: the value to set + * @size: the size of the value + * + * Sets the Smack value of the task. Only setting self + * is permitted and only with privilege + * + * Returns the length of the smack label or an error code + */ +static int smack_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr != LSM_ATTR_UNDEF) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * smack_unix_stream_connect - Smack access on UDS * @sock: one sock @@ -5033,6 +5116,8 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), + LSM_HOOK_INIT(getselfattr, smack_getselfattr), + LSM_HOOK_INIT(setselfattr, smack_setselfattr), LSM_HOOK_INIT(getprocattr, smack_getprocattr), LSM_HOOK_INIT(setprocattr, smack_setprocattr), From patchwork Tue Sep 12 20:56:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382128 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB398EE3F29 for ; Tue, 12 Sep 2023 21:02:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237421AbjILVCF (ORCPT ); Tue, 12 Sep 2023 17:02:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235902AbjILVCD (ORCPT ); Tue, 12 Sep 2023 17:02:03 -0400 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FC6D10D9 for ; Tue, 12 Sep 2023 14:01:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552518; bh=8xNuesFAKrxRfQC9eej8Jzmx3zK6vD1Z3sUQEcFEY0Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=LJ/h0O4uDVUw7GRYIzAbuUSCBOjdYsFJVrcAEjz95ZqAxWFb+lN3Pdf94iK76qg/Xq/8p91UonJanaKs8ABnvU8tui+lNO+MmG5G6b5PnqIk2i9vz+PCHxQzqiER+azWh8UWivaYxTmUtXaqA1tkcsHe3FcATFbsAume8TWWigupSqdZS9Y7ElJSQlpDk4rywhSeRjiL3bJyTccr1mj2WAHL9p66u/kUhyYkBm71tOQRuVaduGuW74o2bCF1wvMh9nCjdSl8cx54tCe3ERp4GXLJ6ZubmuuHAnXRmWu7W8eB8yV6X0bS+5S/nwBGOAe00pqho4S0tztIcuxI+qHYeA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552518; bh=eKBXeegk5Opxl903f9gXklLNeTrIO3QuzwlYjFLKwHW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rKU7FFp6ABXn4zHS1PASoy44zoMpXFzqXUnV/dV2/i6cFerk6j+GIHHJQ5QFhYd8wCBcfs5Uu5oR9/suGu7uoQpcCfrJ4fyOFyKuVi7EzAuqCXEIpVZTJop3lsRVO7HJLrgvH2WBzzcFWGtw7t9BC782Pw9WuPY0FgNZFO/RfnxhlSnsZtZAc9nFeZorBJjOr+/G+IxTrt0mSP+NBx0q3HkckXy//RpK76ALisfPnmq8MfdCISTIupbhinYkt43X2aT+nmWzE5hN9/Oemti/uSKPzGvlSEJ8LqQiAD6udEnKttkZpuGOxD88pylBWGPJzogwBjWQ6rLYi1S697xssA== X-YMail-OSG: T0Aub7kVM1m2eSjrNenuyYN4Y3CfxTMPR4ZJ2hl4jMOENsmDuzHqkbH2fsvdk9J d04urAJHc.BS3iu5ZN.8nsE.rw2oBPmr1iktFUtU4yAqs1_QW4hyVoED1TPjL6jxst7rz32_h3Mo uWY0cor_3ZmzFknYV1lE7veiUT8kAIs8YXftYxGNf2NOypVQ1u5J48VjSwMTXAgOLAbwZBUqpNEG 0msORk.2ld0QEE3s08E1SjSe87ExAPjc4vcGm5jQ.97UUq7BLzUicUEVqugMd0e2qJbKI2pB_6Qt nse6emKm_N9OF7hN4q0mUdQiVTfL8Zamb6eEwHtIB0CzTXuwZ3xXdmnmuvuHCLgzh0qzFfT6lxtc Nh_T6smdufDcmtEQunn4rmjd08YGQKAOJoAq_hjVRZzzttWH5Hmr_6KLq2yuOJhXkbkdLuEOnADh VoWgVa4VAeKJEE2QH2RgVOcN5bhY7Nk.wkX9Uwx6VG5m97IyCqqCaU0CK0ioUv1eYTTsqvM6YRzw 5vijUPBjipKZwV2Pe7eJzUYhfkza0fl3_YzAABpwIn1e2uqNhfrP3zUlXgtWm13OCZxlRJLcO3Z8 tUfD6ys87tjb0Xk.D0Fxy7lV7zq_dYUA3zb0fIl.0HTx_lKZ9Lji.6IRsLzz6lvm1h.9pASbPYKv 7_i1TSYicFk9D_1gE.j84W1dISOilpT_FQF_USuolnZ23d6wUBJ5ENGmtru_NiqNsC0RDwqTZZkF yf3K4nJ1qxqxK4UbXsn2tW5ce_dgqHOni4BRbD4F9vi2fySdHaqnCqqo49ZLK.W5ehVGjrxFtxNt SxJCV_dp3U9h6zQuARbBSPUW0EvoxLjlAMSq2Zd4sN.JxJg2Er1mp7W.pXpd9KPUuaBw2de0mSyS iCr_GgU6o_AVFa1yhlIUOm89FES1C8x16OGOilgaR8y.cXIpFQGerlvv66Tcw.Osu_JVd1XT.kMJ 3_POXX5xTc.Tw2hOo0trML5sh9Wi__SQaWUEr823t9K7ZG_OnEHfbwWmKssSsnFpwFDlgVsfukvp 6t9NKG.vZU.uEbDicuPSpb8Skm_b66LXPSHTlg70GLwk1WhCgSup8teNlsFvVLkSKwV5kJNBQT32 8Y9WluiNs09NyeTBqLRviGA2vS35LWQ4GBSMnosYDNU5aCU.YuqYypEZPtyNAwvMkcTsoQHMebam fGa6moF9uxECOaIVMBH7gWvyq1SfzUzxW1y2kgnvoweZZLWugiUQbBCz8FNaJ_aW5AjB7qSBi9Jt XFfJBdSJ_KE6najV_UwZdODxj6ilEukaOC3l9iBB_5lU7YLgWwWzKXPpJQ_S.kI_2Yf54IMKOkWO WzEtig6O1fvvOX0fC68JbU5gRZddFsQlOnXSsn8W7C4lzhVnf9uUcjaKiTZUr3eEPBK4oY3NZJAx MW0FhMI7A34FSNmScj3RMuTM_P_TKwb6jLVXnKN3SYqYyXuuvOiHPv0AQOPBEmqO5RWIv0YkPUQY nuQqzXJ5F8e3cxLK3h7IBn7Jq7S6BzGXIZQxXWkCkXiKxOmkdvOz0X8zPdmEhg8U08XkPfkZbLCe OPfOjdGtiNHfFl4bJsEFzDr8GdbwElDNgxMHOC_WbJ0di0RLOR3P55MWrhloB.vwEA_XOyt.Dq.d PdJDi4AvQt7rgIiOGaGczr6PlE9nmNT15dKBTSUoBvg0GMO3TRrBwB62lCL06yiIokoz.DYsixKW x7iwjihTw8iZvI.j4GOmVX8pjbb5WGQav3YKQGDpdySsqc1jurR07st6S_3aIH.3gC.WJt1bYGWP XT1qmTjeTNEIRVF0_rP3nvf93o4aWS3bBLcZASh9rnsw3TWtBxunePIRm3dKwwgSKTt6wSfy_QH5 Rh3egnfElS9zLp0BYvtnkPf7wJZIYGwjEafvbhbwUE0BxgiU2a3UkOH8h2fxlWDZy80h0J7hEdk1 pAblKq45pMw.oDH1QjP8WBaUG4g0pFAlHOkmOu5Ws99L1j4yJIElEJH4Xc8Xaf85NB965QwV1moV IWckOInDJ8SiBTzyLHha95lPq4R_cLwyIPG0MG4kwJt6eZ3czqI50frlbs7jM5IzL4WHkPiWrSwR UgfGo.yj6Jf.DFKsIIcm8FymmeOsOrKd7qIk0qmR6jsm9rI77wWLO8OJVB.aDojO.DXZ2h.5Vx9o Yz9hmBBsHHQ3TGeIzB6lL44MCBQ4c7HMhtJfq8l1_PvT4cb.UjJKlMS8gxYm6XXvwl.rslYLRy32 3HP1i91LjtlIFFmW_Mf6fORneZ.8Wh3RNhapKU4nY2YIEyhHO3ETMZPpKC0LAQBYqlsK5PF_NT_z enzd5OOYUBUdSgxY1mE9Ayio- X-Sonic-MF: X-Sonic-ID: 036c133b-5b8e-4796-9aa2-b6d1833f160e Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:01:58 +0000 Received: by hermes--production-ne1-7b767b77cc-84nnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dca4072a6b7e00ec57f039d5e03e840b; Tue, 12 Sep 2023 21:01:54 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 09/11] AppArmor: Add selfattr hooks Date: Tue, 12 Sep 2023 13:56:54 -0700 Message-ID: <20230912205658.3432-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Acked-by: John Johansen Cc: John Johansen --- security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 91 ++++++++++++++++++++++++++-- security/apparmor/procattr.c | 10 +-- 3 files changed, 92 insertions(+), 11 deletions(-) diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 20b93501fbd1..ac75e95e68a5 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -630,6 +630,55 @@ static int apparmor_sb_pivotroot(const struct path *old_path, return error; } +static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, + size_t *size, u32 flags) +{ + int error = -ENOENT; + struct aa_task_ctx *ctx = task_ctx(current); + struct aa_label *label = NULL; + size_t total_len = 0; + char *value; + + switch (attr) { + case LSM_ATTR_CURRENT: + label = aa_get_newest_label(cred_label(current_cred())); + break; + case LSM_ATTR_PREV: + if (ctx->previous) + label = aa_get_newest_label(ctx->previous); + break; + case LSM_ATTR_EXEC: + if (ctx->onexec) + label = aa_get_newest_label(ctx->onexec); + break; + default: + error = -EOPNOTSUPP; + break; + } + + if (label) { + error = aa_getprocattr(label, &value, false); + if (error > 0) { + total_len = ALIGN(struct_size(lx, ctx, error), 8); + if (total_len > *size) + error = -E2BIG; + else if (lx) + error = lsm_fill_user_ctx(lx, value, error, + LSM_ID_APPARMOR, 0); + else + error = 1; + } + kfree(value); + } + + aa_put_label(label); + + *size = total_len; + if (error < 0) + return error; + return 1; +} + static int apparmor_getprocattr(struct task_struct *task, const char *name, char **value) { @@ -649,7 +698,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, true); aa_put_label(label); put_cred(cred); @@ -657,8 +706,7 @@ static int apparmor_getprocattr(struct task_struct *task, const char *name, return error; } -static int apparmor_setprocattr(const char *name, void *value, - size_t size) +static int do_setattr(u64 attr, void *value, size_t size) { char *command, *largs = NULL, *args = value; size_t arg_size; @@ -689,7 +737,7 @@ static int apparmor_setprocattr(const char *name, void *value, goto out; arg_size = size - (args - (largs ? largs : (char *) value)); - if (strcmp(name, "current") == 0) { + if (attr == LSM_ATTR_CURRENT) { if (strcmp(command, "changehat") == 0) { error = aa_setprocattr_changehat(args, arg_size, AA_CHANGE_NOFLAGS); @@ -704,7 +752,7 @@ static int apparmor_setprocattr(const char *name, void *value, error = aa_change_profile(args, AA_CHANGE_STACK); } else goto fail; - } else if (strcmp(name, "exec") == 0) { + } else if (attr == LSM_ATTR_EXEC) { if (strcmp(command, "exec") == 0) error = aa_change_profile(args, AA_CHANGE_ONEXEC); else if (strcmp(command, "stack") == 0) @@ -724,13 +772,42 @@ static int apparmor_setprocattr(const char *name, void *value, fail: aad(&sa)->label = begin_current_label_crit_section(); - aad(&sa)->info = name; + if (attr == LSM_ATTR_CURRENT) + aad(&sa)->info = "current"; + else if (attr == LSM_ATTR_EXEC) + aad(&sa)->info = "exec"; + else + aad(&sa)->info = "invalid"; aad(&sa)->error = error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); end_current_label_crit_section(aad(&sa)->label); goto out; } +static int apparmor_setselfattr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, u32 flags) +{ + int rc; + + if (attr != LSM_ATTR_CURRENT && attr != LSM_ATTR_EXEC) + return -EOPNOTSUPP; + + rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); + if (rc > 0) + return 0; + return rc; +} + +static int apparmor_setprocattr(const char *name, void *value, + size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return do_setattr(attr, value, size); + return -EINVAL; +} + /** * apparmor_bprm_committing_creds - do task cleanup on committing new creds * @bprm: binprm for the exec (NOT NULL) @@ -1253,6 +1330,8 @@ static struct security_hook_list apparmor_hooks[] __ro_after_init = { LSM_HOOK_INIT(file_lock, apparmor_file_lock), LSM_HOOK_INIT(file_truncate, apparmor_file_truncate), + LSM_HOOK_INIT(getselfattr, apparmor_getselfattr), + LSM_HOOK_INIT(setselfattr, apparmor_setselfattr), LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 197d41f9c32b..e3857e3d7c6c 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the label information for @label * @label: the label to print label info about (NOT NULL) * @string: Returns - string containing the label info (NOT NULL) + * @newline: indicates that a newline should be added * * Requires: label != NULL && string != NULL * @@ -27,7 +28,7 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); @@ -57,11 +58,12 @@ int aa_getprocattr(struct aa_label *label, char **string) return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) + (*string)[len++] = '\n'; + (*string)[len] = 0; aa_put_ns(current_ns); - return len + 1; + return len; } /** From patchwork Tue Sep 12 20:56:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382130 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F4AFEE3F31 for ; Tue, 12 Sep 2023 21:02:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229780AbjILVCO (ORCPT ); Tue, 12 Sep 2023 17:02:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237426AbjILVCG (ORCPT ); Tue, 12 Sep 2023 17:02:06 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com (sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 817AA10DD for ; Tue, 12 Sep 2023 14:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552522; bh=QUxa5qfQ2yoMwNBu3j0TFzU79I6CvGM+LdAFgw4GuXM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=D0YVa6sppX83SX18hGNiFMW6OIghAbgK1pDXjA77QyqysPX+uZE1L/20letT71GHXdFzks5Z7wUoXNPhkr6BQKMNwjJY/MfCBBeVZFqI0cuVyVjhd9XuYb9dLpqddD9AqAS+Uj6XdO9ZpMBMq/91a1JklwytXdMownMTrmAmCwdsyiAl8cUp7iZz/xZFIARsc634cLBIoZlCl4LfZ4+kmNxrm9jZnSNa1I5WPu5vCJnZXgbLrL/zD9VSL/F6Z0gDQcK/z66ChNvS01HB3c51VOCbto3f5b5UR84HE91u3HE6InQlwqZHHsqPuleJoUgzXPqqlo8acbwjw16QA4BU+Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552522; bh=tl7TO9k060zsMHGCGNAyWDal1V1TvMPB3ScajfDLX1N=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=pGdlt9ED77ZZpnvcy6sFz3A3WivTLj5+urIdRsIMXInpS9LD3NlrJ/1uG3FYq3IYwh2VVqgmrRdmvM9uGU1RHmx7qF2f9uC+uMMgKIo4xM6CvCvE3zBf3qU+BNcTvD5IBOeSmIYbs3qEOzQGOfM1g+5CtJy97iYuenIZ583ic4eGphLneixhbfmdemg3mVs+G5Rzgn3HXpJzmP7T5yybJRmzi77bU9hCCRNqnYjCRTldDuuqt/LnNIOIEMX2QTBhVXAxNGNlI1QJHz3LCk6WjMoOvafQitjRv1TW+UVgCd1E8ZPc4BcK8r5VKtYSV3/UsbCwtmhysqW25/RxkumLkw== X-YMail-OSG: blW_mU0VM1mOOJplAr1UemXa9tSD5dNNQXvcr9EWW5ZyxfLQh2.CUIvXXSbdYxN JZSzHPhuFMECCveQapc5U_e0SAqekyzExEmJ7anWBvbQBOwwuXbWHEw1OhiBBAl6mDgI7hhEUZBH UN0x9wUwoiBg.kata0h7YqrOem.ubaNo9ITcS1FfvF5u_rbQ6wnD_jaDvU6q_3NshRt4jYRF6pBP tanrG9kTC5tn.ecfIMe.m9kQXRlGo7TvQi3ZQ_5knT8pa.CkTmvr3VNgKSArstjHxXyky6dx_ckf zQI7bbB_GrDVGYbkJxBN8PaaDVl.a6EZuaaUOCFg7J2sC9mtxeL4eMUADNm6jupxk63atgQQB3n6 f37U9_Ips7l.Bjv9BqTlJweBobMryHzMlNeO2WiqiQw_LPhkqrXaJSI8394TKNZSrEpqKZVGnKuU ce1ZcteHezXNjyAwf9CjANas4zk6R_WCQk.XjEmO.dPdcqplyDf7iCRNrM1KA9.Ep5.rBG8VXRDS iuCNzxeKxl_bgE1rNWRwziU5PDEIMK4TT7F3ASMySbS8.QWE8kNtpC_mWunoonUJRwGQsWEykyRM cOWOoaOO8Mw9jmhUG9D4YIW6UylLF7EuOGQT3U7go7uIg5GwgH8la9fNEVokwYzkl.5lNCMuMZst fjm1kT6CHUkyGNVWwVYAjbUuBVpPtit20EkmAURQwGmgtABamqW7mYENbBtoTDcgZeg2JPMXubEC GmibZNrFte1l1vlnrPeca7kN3rae6Qh5nLgpUnz79EH4sR1lsuATn9VcORL.u7B1MHXvlezMnY7J CcBnquQtidH22OZeu3tX45ntXVH8CEe7IzcHPPJUgIma7mOq2k0c9r8n_AvDZvzkpygVceqGkGqZ NqvLCxjx32zomV9Pi09NJ1Q0.uAGuMEWro5UT6CRcCQv5gaW9cLdUEuTX0eEt24myUsmQzl6geF6 trl0URUGrY2A_oAX4q4q9Qtq.GhGvaQY7w6aWOv3ZSf06_cz3zYJNfSPUDCe6OpadbXhAS5tdTig K1CeHqzoJJjJkQxKYjM_k6sE74TLtLe1YtXHnHrwOCscr57L.egaaWn1q.Ih.KM7Jqwz.q8tFl4. ueH2WQudIlGeMVu1DFtIGB0y1nJg2FXC_SRkfMyPbJWd5nuwpZup0kapU0ix.fLHJXCKCG2lreoO UZBnSVOJtfhGBEb9ZsaAMUm1l2yi3bd6IyQU4iI7poVrGbdq093w35F3JhJPdT6YkyjLf0CWIA6T jFSsK33hX2qxjJjYLJOWS69B4Ftvd1x05oSiMqDDllgUX0XLH2W2bcOF_9TMdHBFbWstnR9osZRI C0wPGimGuL_aoV5oXYBKLHfGsm.9CIbN0D8nnFxRMFNG.s1DWaD0rGW66WKHJ4nKfallhm_oRm82 DTjrfSd8BjTwMWmBzAZs2yXWyY.pK_kFHKWNVXJMEXucwM_wrsprl2YVGRYMKi31qD.tQ1J.RIy4 8zV9e.RyFL3mYzcukwAHZf0c8Y9W0HpyWrcR0SnHkVzCbd.luTtJ1_2KzM9RDNp183VHsPtNbpN_ PJq0mbQEw9JvZ6Gsp20f9aP2LHCrZ4jtbaLo35zShzDz7oA756NW3twuCIPnCCxnKE9BRyDp9alQ FZcuMdG399fwfzLilQ09Mz7P4tVdN9.D1eGUHSL5f1IOf.RIizghEp2tAW.dN.O6rvFWTZwk_U.G TDU6ix9H9WpbfKLd3s_0umZy_XnJUR2QSmGmKsdw34Fj9VY3O4vE8exDWAPSaN.HFG66Kvg2G7q9 gFk2GxiVZsfsfYraGsxUdSCPAftekw4DbkjuTpoCZ.sDaP3wItBV1sMndvEro6XkUfT3yAUW2YmP 8eB7ZqsEB3l3hABP9p8fEdHJ0ECvWuwGLNAQH3miBw.O2GANBuucOrfywsHjAiIJ6jkgRDsxPe9Y hV8b8uiyPxS44ZgQP2CjIIYyTRR1fxJcMuWJkkJhaZCbRtnajZPozBTT0tbrShl6BkAIcvJWsvkj kCDfHdepkvrWU2dynphxqFzD3kKlH6HWHByH1SfNMpTm.FaugG6Ry.So5qbX_ZlcK.D9M6bLRaE9 fnh74hH703p4iO.4KVDflPYDbboWwkNLPI70.0YvVeNQiWiN7CamRLVSCLp3lRFi.dqny5EcJo6p DRONU6.Bld9bYwYeOZWUc4FVzKkP4pvotSv_HgRzB9VJ.5fPaMrQfNLqfUa.b8QHQJT.aW0rDIcL ZbLcbMj5TNWKfnznJEq_9Idohisa556nxvpRCkqB8KVwlD06zBdXpEAWElhsmw_r36x0OdvNgHAe 1peHvjKuSxMdtlZUntL1nM8CoI6YB X-Sonic-MF: X-Sonic-ID: cf37f695-b99e-40e4-a64e-2e7561f5ea09 Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:02:02 +0000 Received: by hermes--production-ne1-7b767b77cc-84nnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dca4072a6b7e00ec57f039d5e03e840b; Tue, 12 Sep 2023 21:01:56 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, selinux@vger.kernel.org Subject: [PATCH v15 10/11] SELinux: Add selfattr hooks Date: Tue, 12 Sep 2023 13:56:55 -0700 Message-ID: <20230912205658.3432-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add hooks for setselfattr and getselfattr. These hooks are not very different from their setprocattr and getprocattr equivalents, and much of the code is shared. Signed-off-by: Casey Schaufler Cc: selinux@vger.kernel.org Cc: Paul Moore --- security/selinux/hooks.c | 134 +++++++++++++++++++++++++++++++-------- 1 file changed, 107 insertions(+), 27 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3ad500dff390..f066dcf30ec0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6279,8 +6279,8 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) inode_doinit_with_dentry(inode, dentry); } -static int selinux_getprocattr(struct task_struct *p, - const char *name, char **value) +static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p, + char **value) { const struct task_security_struct *__tsec; u32 sid; @@ -6297,20 +6297,27 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + switch (attr) { + case LSM_ATTR_CURRENT: sid = __tsec->sid; - else if (!strcmp(name, "prev")) + break; + case LSM_ATTR_PREV: sid = __tsec->osid; - else if (!strcmp(name, "exec")) + break; + case LSM_ATTR_EXEC: sid = __tsec->exec_sid; - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: sid = __tsec->create_sid; - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: sid = __tsec->keycreate_sid; - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: sid = __tsec->sockcreate_sid; - else { - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; goto bad; } rcu_read_unlock(); @@ -6328,7 +6335,7 @@ static int selinux_getprocattr(struct task_struct *p, return error; } -static int selinux_setprocattr(const char *name, void *value, size_t size) +static int selinux_lsm_setattr(u64 attr, void *value, size_t size) { struct task_security_struct *tsec; struct cred *new; @@ -6339,23 +6346,31 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ - if (!strcmp(name, "exec")) + switch (attr) { + case LSM_ATTR_EXEC: error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS, PROCESS__SETEXEC, NULL); - else if (!strcmp(name, "fscreate")) + break; + case LSM_ATTR_FSCREATE: error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS, PROCESS__SETFSCREATE, NULL); - else if (!strcmp(name, "keycreate")) + break; + case LSM_ATTR_KEYCREATE: error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS, PROCESS__SETKEYCREATE, NULL); - else if (!strcmp(name, "sockcreate")) + break; + case LSM_ATTR_SOCKCREATE: error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, NULL); - else if (!strcmp(name, "current")) + break; + case LSM_ATTR_CURRENT: error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS, PROCESS__SETCURRENT, NULL); - else - error = -EINVAL; + break; + default: + error = -EOPNOTSUPP; + break; + } if (error) return error; @@ -6367,13 +6382,14 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } error = security_context_to_sid(value, size, &sid, GFP_KERNEL); - if (error == -EINVAL && !strcmp(name, "fscreate")) { + if (error == -EINVAL && attr == LSM_ATTR_FSCREATE) { if (!has_cap_mac_admin(true)) { struct audit_buffer *ab; size_t audit_size; - /* We strip a nul only if it is at the end, otherwise the - * context contains a nul and we should audit that */ + /* We strip a nul only if it is at the end, + * otherwise the context contains a nul and + * we should audit that */ if (str[size - 1] == '\0') audit_size = size - 1; else @@ -6384,7 +6400,8 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) if (!ab) return error; audit_log_format(ab, "op=fscreate invalid_context="); - audit_log_n_untrustedstring(ab, value, audit_size); + audit_log_n_untrustedstring(ab, value, + audit_size); audit_log_end(ab); return error; @@ -6407,11 +6424,11 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ tsec = selinux_cred(new); - if (!strcmp(name, "exec")) { + if (attr == LSM_ATTR_EXEC) { tsec->exec_sid = sid; - } else if (!strcmp(name, "fscreate")) { + } else if (attr == LSM_ATTR_FSCREATE) { tsec->create_sid = sid; - } else if (!strcmp(name, "keycreate")) { + } else if (attr == LSM_ATTR_KEYCREATE) { if (sid) { error = avc_has_perm(mysid, sid, SECCLASS_KEY, KEY__CREATE, NULL); @@ -6419,9 +6436,9 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) goto abort_change; } tsec->keycreate_sid = sid; - } else if (!strcmp(name, "sockcreate")) { + } else if (attr == LSM_ATTR_SOCKCREATE) { tsec->sockcreate_sid = sid; - } else if (!strcmp(name, "current")) { + } else if (attr == LSM_ATTR_CURRENT) { error = -EINVAL; if (sid == 0) goto abort_change; @@ -6463,6 +6480,67 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) return error; } +static int selinux_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, + size_t *size, u32 flags) +{ + char *value; + size_t total_len; + int len; + int rc = 0; + + len = selinux_lsm_getattr(attr, current, &value); + if (len < 0) + return len; + + total_len = ALIGN(struct_size(ctx, ctx, len), 8); + + if (total_len > *size) + rc = -E2BIG; + else if (ctx) + rc = lsm_fill_user_ctx(ctx, value, len, LSM_ID_SELINUX, 0); + + kfree(value); + *size = total_len; + if (rc < 0) + return rc; + return 1; +} + +static int selinux_setselfattr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, u32 flags) +{ + int rc; + + rc = selinux_lsm_setattr(attr, ctx->ctx, ctx->ctx_len); + if (rc > 0) + return 0; + return rc; +} + +static int selinux_getprocattr(struct task_struct *p, + const char *name, char **value) +{ + unsigned int attr = lsm_name_to_attr(name); + int rc; + + if (attr) { + rc = selinux_lsm_getattr(attr, p, value); + if (rc != -EOPNOTSUPP) + return rc; + } + + return -EINVAL; +} + +static int selinux_setprocattr(const char *name, void *value, size_t size) +{ + int attr = lsm_name_to_attr(name); + + if (attr) + return selinux_lsm_setattr(attr, value, size); + return -EINVAL; +} + static int selinux_ismaclabel(const char *name) { return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); @@ -7091,6 +7169,8 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate), + LSM_HOOK_INIT(getselfattr, selinux_getselfattr), + LSM_HOOK_INIT(setselfattr, selinux_setselfattr), LSM_HOOK_INIT(getprocattr, selinux_getprocattr), LSM_HOOK_INIT(setprocattr, selinux_setprocattr), From patchwork Tue Sep 12 20:56:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 13382129 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 516BEEE3F32 for ; Tue, 12 Sep 2023 21:02:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237236AbjILVCG (ORCPT ); Tue, 12 Sep 2023 17:02:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229780AbjILVCF (ORCPT ); Tue, 12 Sep 2023 17:02:05 -0400 Received: from sonic315-27.consmr.mail.ne1.yahoo.com (sonic315-27.consmr.mail.ne1.yahoo.com [66.163.190.153]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEFD210F2 for ; Tue, 12 Sep 2023 14:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552520; bh=58f8S58hGLc55LVOlzdj03pCgZGCPKKPjdrJvEFLlxM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=gYcNwQADmP1Xy+oVtpwebWniIEhVXai8PrZXZNWfv7HliRcSnbLvNjfIDDMaLoqSi0bhFDq9kpSNQftUSH5ZWgKGPfiDey2Zc0jGG50QDS2WYi/1L1dyzmcnhz4NgWCXGzenlsHX9WfbpZWHO3UsONJKABLwEv2QNARaK00T3x+wVyhM776UjMC+TIW1HWln/k5X3QyndHbVxqtCa11811xOQIhwhp2n2TPHbzKsCnEWvmZ1hosGpUNVPTDwsL9X2dwBqp87KRQcuUPVmHPdb/wXFZ2emDM3ZfIhUe+7VaHepclyd+qjs97Hftwea1/rudVxKWHVp1HKwSAgIePTpQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1694552520; bh=nke1FgPtN7HuL5JUvLQKRf3P+VI0b9i61KDq3Mka/+w=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=V5mCL73c0+8QaeqTwxhSDZiIyyxrbRqiGyYU6TJMsX3RT3OG5wp8WXsmdW+xMicTO6wHYTz2GWRtNyfFWi/2V+ko9GYvmEuT8IyLatiEvJ9So2UQnkg++ZjbxklAz+nJMvRbjk0c7Qu3HzR+9VAgoZvHkp6XCKnHp6EyzOdpQd71EebIP7IX8r9o/PtcONc+3WKAZ2Qg97pGfzTQIqy3JRyP4WO9Abl0TRN5ScNOelx4z+kT0BcafhdsupAP+qkrVtt4/oGjYDdB2/IfVJA6q+/dI45SRwcGT9nHj0VJCRfjfexhS55qQ9CpP9XH89mzQ82pjHkFAOYzNXcqqgrn+g== X-YMail-OSG: YqvJewsVM1neq3jwsLsfd6Hx0yo0jBLsUx.UJ2xuJ5EVJPFSDuWzOPnZZ02X2fW c7DxeHzhuP3VhK0w8UyAZznTj3pkzypATlm5tnVDiSREV3rdbwToWo9lE2YvHeL_vEFh5GWuyeUK i9rKKomw0YTQdH2qfDBvewCxmVtXb2x63Qx5Hh0NmQbU1BpXhbP4OnVb0rHZoJVSu567OBOZmCFV R.6ESIZs8FjkGqWjt8QQGtwp8GOEOTzrAGwoN9VlZ9rcsUKId5TE9G4LGp2lf_X0h5EqFguXUzu5 1WD2zsONnCLhZzLahoLngxp7C55msnjh0yGrQF743hj6ch3t2yVNgXx0MrzZK4_LGGHka7fYof5e YJ7PL1aUxNM5_3OUxKnOsEMVTRWUVX94MQDpxT9u9L9gmv7C8XLa5h0BzRBECM3Adpj9z3_3rsyB aIY_HSlu8e_kfOAqiR.7RIC86Jo0l0cdJXcBICFnsBczSjXwYNJ3rNMdOpcZDGSgHbWfj3LhbIbj l4dPiOSNtAKIRynHbOQW9z68CI7ZjyUqwnjMYJQb02GBbR4qt1bnVoQIou2qIGd3TBLMJReIClB. PTvnHu0PeezEk21MOJjgswLyDZhQz9YI8t259dxhaVMdQQU9wFn1._TeBjgko6MxlaTLGSXWI8hD WA_hHH70LSEfuPNCjZGkj4RXy2lbvfUXgeL3bf0afYY_WwksWXlgcqdJYo8JyIZIt0h3IxCo.7Ub 1UX81ykMd2I1eFttpoAzgSWG37DW43x_k6v9HUy6y2_RfNT.0bNEMD7_D8.nanjKZaZN6alcVBOq OutAUe999_KTtGh2B85ZSwJgCHKbqLLpm1A.YLYuBaVTWNcJBryS.gJtD9cVRUv3kflrs4WorC6t yBrtNXKBNqQE4sl4asj6Bb6I5LvZGX3zM748.o.XNJJZxLBGjdigtuUbw0hDWqqE4YcunMciVYDh VfkGgfQ0aadiPqA.Ysv1f76sEb8Hb8kCVajzKGcpAD2pByX5yBlQZZSkg7o6SFOwvTXdDWB0ENhX qkHAZa8HN8TlCmNKXJOzjXA7jtMQt_1AsgT5SZAsDdaBjWkwbe6Pawl8AxFtIZdzwpjnujaZSEFw 75HUcXAbYGc5lf_dym_iqU8YeoaRP5T_uyIDz.6wljTlxWkepRVjVY6j7f937f9D_jn9bYTaqgAh hfS200W318VZmj7TbP3VSHocLASjOTt4WhWLEY6Slht945IaZ0Iv7Hmy1l4eOPQ1Fep3YNmZlIMI o.t9mcUOXrB2iO78AmfZl0gemsWH1I1K4gYlm0Pbm8vii5nov0AYyYLuikJZmetc8NYd2Z5ju2Gx QL_pJ1I0KbyMzP.2oOeB3LJZvIP845H63yklbA8xLcvtrW2s6TrsBDy3oIPuhTd1Vy4PBQOb3aEo TMw9yC0i2QSLziTPfpkkvDLHZnPtce4uLY3qald86fULfb2zxA808mdqFr7P3MeIaU0_r41F0aS1 59aKiTi8bQTXhM3fSoCqLcb.ThqDGl_YFQX1pbbL9pA5hhj593mY2d5dDyw.GhG8xPcvmzZmdprK T7jSasF9IO9epSUADsTDMF0w5N9kLOXNHG2wDnmjWitoyqMirXlqX.Ou8ukB.BO4iIpHW7fwpjJs xQus0oWkD9eqf0OTEXiJJou35tWT7KETJw9v1fB3gaXkICxYnM3IMmGeAT12OoDb8lLwBFQmS8Yy KTmZgxNG1iJahiPs5pMInIyMeDUDi4D9WgE7piOgbVi58fiPUCKZZeQ9VYoHNsKk0mKopv1PV78_ _IZ90TtN3aouvX0CAyekbLMjGDBF8h4uxeWHl.ClgVPHkPZdPXSAHnA8AVYbX2iCetVhHJasK7f_ 5fki2YKGTzg34Ya7pXEyql9nf7WQmofd61WtRaQnxoLai99a5qYBYAURN2ykbb2uRcgaJ.NOSj5N 2XJey3PRKozlr6tr4F.wlsZvdLG5qlxcRGQjNQGx_faiq493l.JU08mIhKGZ3ynRkysmkLLBOOoW 3M7FGt_ToMYQBMTb6EPYZIatB9ArAEcCcWWd_mpYoqUJxb0yD7ZjGR3GHXp26wJb.P6CDlKSUo13 PR8_jdTsLbbG63kucjxvSjtc2896NUKUGWfyYZjEQOv7UjkefHyhGsVKZjuwcpciCI1OYARI8k2p QAgZ48rpmPAHfhFVViw9AktJwhTjvSh7gcfOIGkpQjbcZIMOlf2CnP4qcRybn4_H7lb2fl8GsdhF TdR5WDEClysV7EtpqL11QMe3tDGJLqlpa61Tdwuc7apHHX7L_ X-Sonic-MF: X-Sonic-ID: 58f93548-bf4d-45b8-9546-b58469569388 Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 12 Sep 2023 21:02:00 +0000 Received: by hermes--production-ne1-7b767b77cc-84nnk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID dca4072a6b7e00ec57f039d5e03e840b; Tue, 12 Sep 2023 21:01:57 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v15 11/11] LSM: selftests for Linux Security Module syscalls Date: Tue, 12 Sep 2023 13:56:56 -0700 Message-ID: <20230912205658.3432-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230912205658.3432-1-casey@schaufler-ca.com> References: <20230912205658.3432-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add selftests for the three system calls supporting the LSM infrastructure. This set of tests is limited by the differences in access policy enforced by the existing security modules. Signed-off-by: Casey Schaufler Reviewed-by: Mickaël Salaün Tested-by: Mickaël Salaün --- MAINTAINERS | 1 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/lsm/.gitignore | 1 + tools/testing/selftests/lsm/Makefile | 17 ++ tools/testing/selftests/lsm/common.c | 89 ++++++ tools/testing/selftests/lsm/common.h | 33 +++ tools/testing/selftests/lsm/config | 3 + .../selftests/lsm/lsm_get_self_attr_test.c | 275 ++++++++++++++++++ .../selftests/lsm/lsm_list_modules_test.c | 140 +++++++++ .../selftests/lsm/lsm_set_self_attr_test.c | 74 +++++ 10 files changed, 634 insertions(+) create mode 100644 tools/testing/selftests/lsm/.gitignore create mode 100644 tools/testing/selftests/lsm/Makefile create mode 100644 tools/testing/selftests/lsm/common.c create mode 100644 tools/testing/selftests/lsm/common.h create mode 100644 tools/testing/selftests/lsm/config create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c create mode 100644 tools/testing/selftests/lsm/lsm_list_modules_test.c create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c diff --git a/MAINTAINERS b/MAINTAINERS index 935334123b04..377cc124e615 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -19309,6 +19309,7 @@ W: http://kernsec.org/ T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git F: include/uapi/linux/lsm.h F: security/ +F: tools/testing/selftests/lsm/ X: security/selinux/ SELINUX SECURITY MODULE diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 42806add0114..fc589775ca4c 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -42,6 +42,7 @@ TARGETS += landlock TARGETS += lib TARGETS += livepatch TARGETS += lkdtm +TARGETS += lsm TARGETS += membarrier TARGETS += memfd TARGETS += memory-hotplug diff --git a/tools/testing/selftests/lsm/.gitignore b/tools/testing/selftests/lsm/.gitignore new file mode 100644 index 000000000000..bd68f6c3fd07 --- /dev/null +++ b/tools/testing/selftests/lsm/.gitignore @@ -0,0 +1 @@ +/*_test diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile new file mode 100644 index 000000000000..3f80c0bc093d --- /dev/null +++ b/tools/testing/selftests/lsm/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# First run: make -C ../../../.. headers_install + +CFLAGS += -Wall -O2 $(KHDR_INCLUDES) +LOCAL_HDRS += common.h + +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_list_modules_test \ + lsm_set_self_attr_test + +include ../lib.mk + +$(OUTPUT)/lsm_get_self_attr_test: lsm_get_self_attr_test.c common.c +$(OUTPUT)/lsm_set_self_attr_test: lsm_set_self_attr_test.c common.c +$(OUTPUT)/lsm_list_modules_test: lsm_list_modules_test.c common.c + +EXTRA_CLEAN = $(OUTPUT)/common.o diff --git a/tools/testing/selftests/lsm/common.c b/tools/testing/selftests/lsm/common.c new file mode 100644 index 000000000000..9ad258912646 --- /dev/null +++ b/tools/testing/selftests/lsm/common.c @@ -0,0 +1,89 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * + * Copyright © 2023 Casey Schaufler + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include "common.h" + +#define PROCATTR "/proc/self/attr/" + +int read_proc_attr(const char *attr, char *value, size_t size) +{ + int fd; + int len; + char *path; + + len = strlen(PROCATTR) + strlen(attr) + 1; + path = calloc(len, 1); + if (path == NULL) + return -1; + sprintf(path, "%s%s", PROCATTR, attr); + + fd = open(path, O_RDONLY); + free(path); + + if (fd < 0) + return -1; + len = read(fd, value, size); + + close(fd); + + /* Ensure value is terminated */ + if (len <= 0 || len == size) + return -1; + value[len] = '\0'; + + path = strchr(value, '\n'); + if (path) + *path = '\0'; + + return 0; +} + +int read_sysfs_lsms(char *lsms, size_t size) +{ + FILE *fp; + size_t red; + + fp = fopen("/sys/kernel/security/lsm", "r"); + if (fp == NULL) + return -1; + red = fread(lsms, 1, size, fp); + fclose(fp); + + if (red <= 0 || red == size) + return -1; + lsms[red] = '\0'; + return 0; +} + +int attr_lsm_count(void) +{ + char *names = calloc(sysconf(_SC_PAGESIZE), 1); + int count = 0; + + if (!names) + return 0; + + if (read_sysfs_lsms(names, sysconf(_SC_PAGESIZE))) + return 0; + + if (strstr(names, "selinux")) + count++; + if (strstr(names, "smack")) + count++; + if (strstr(names, "apparmor")) + count++; + + return count; +} diff --git a/tools/testing/selftests/lsm/common.h b/tools/testing/selftests/lsm/common.h new file mode 100644 index 000000000000..d404329e5eeb --- /dev/null +++ b/tools/testing/selftests/lsm/common.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Linux Security Module infrastructure tests + * + * Copyright © 2023 Casey Schaufler + */ + +#ifndef lsm_get_self_attr +static inline int lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t *size, __u32 flags) +{ + return syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags); +} +#endif + +#ifndef lsm_set_self_attr +static inline int lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, + size_t size, __u32 flags) +{ + return syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags); +} +#endif + +#ifndef lsm_list_modules +static inline int lsm_list_modules(__u64 *ids, size_t *size, __u32 flags) +{ + return syscall(__NR_lsm_list_modules, ids, size, flags); +} +#endif + +extern int read_proc_attr(const char *attr, char *value, size_t size); +extern int read_sysfs_lsms(char *lsms, size_t size); +int attr_lsm_count(void); diff --git a/tools/testing/selftests/lsm/config b/tools/testing/selftests/lsm/config new file mode 100644 index 000000000000..1c0c4c020f9c --- /dev/null +++ b/tools/testing/selftests/lsm/config @@ -0,0 +1,3 @@ +CONFIG_SYSFS=y +CONFIG_SECURITY=y +CONFIG_SECURITYFS=y diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c new file mode 100644 index 000000000000..e0e313d9047a --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c @@ -0,0 +1,275 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_get_self_attr system call + * + * Copyright © 2022 Casey Schaufler + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" +#include "common.h" + +static struct lsm_ctx *next_ctx(struct lsm_ctx *ctxp) +{ + void *vp; + + vp = (void *)ctxp + sizeof(*ctxp) + ctxp->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(size_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + + ASSERT_NE(NULL, ctx); + errno = 0; + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, NULL, 0)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(ctx_null_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + size_t size = page_size; + int rc; + + rc = lsm_get_self_attr(LSM_ATTR_CURRENT, NULL, &size, 0); + + if (attr_lsm_count()) { + ASSERT_NE(-1, rc); + ASSERT_NE(1, size); + } else { + ASSERT_EQ(-1, rc); + } +} + +TEST(size_too_small_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + size_t size = 1; + + ASSERT_NE(NULL, ctx); + errno = 0; + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0)); + if (attr_lsm_count()) { + ASSERT_EQ(E2BIG, errno); + } else { + ASSERT_EQ(EOPNOTSUPP, errno); + } + ASSERT_NE(1, size); + + free(ctx); +} + +TEST(flags_zero_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + __u64 *syscall_lsms = calloc(page_size, 1); + size_t size; + int lsmcount; + int i; + + ASSERT_NE(NULL, ctx); + errno = 0; + size = page_size; + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, + LSM_FLAG_SINGLE)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + lsmcount = syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + ASSERT_NE(NULL, syscall_lsms); + + for (i = 0; i < lsmcount; i++) { + errno = 0; + size = page_size; + ctx->id = syscall_lsms[i]; + + if (syscall_lsms[i] == LSM_ID_SELINUX || + syscall_lsms[i] == LSM_ID_SMACK || + syscall_lsms[i] == LSM_ID_APPARMOR) { + ASSERT_EQ(1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, + &size, LSM_FLAG_SINGLE)); + } else { + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, + &size, + LSM_FLAG_SINGLE)); + } + } + + free(ctx); +} + +TEST(flags_overset_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + size_t size; + + ASSERT_NE(NULL, ctx); + + errno = 0; + size = page_size; + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT | LSM_ATTR_PREV, ctx, + &size, 0)); + ASSERT_EQ(EOPNOTSUPP, errno); + + errno = 0; + size = page_size; + ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, + LSM_FLAG_SINGLE | + (LSM_FLAG_SINGLE << 1))); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(basic_lsm_get_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + size_t size = page_size; + struct lsm_ctx *ctx = calloc(page_size, 1); + struct lsm_ctx *tctx = NULL; + __u64 *syscall_lsms = calloc(page_size, 1); + char *attr = calloc(page_size, 1); + int cnt_current = 0; + int cnt_exec = 0; + int cnt_fscreate = 0; + int cnt_keycreate = 0; + int cnt_prev = 0; + int cnt_sockcreate = 0; + int lsmcount; + int count; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount = syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i = 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + cnt_current++; + break; + case LSM_ID_APPARMOR: + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0); + ASSERT_EQ(cnt_current, count); + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("current", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_exec) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_EXEC, ctx, &size, 0); + ASSERT_GE(cnt_exec, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("exec", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_fscreate) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_FSCREATE, ctx, &size, 0); + ASSERT_GE(cnt_fscreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("fscreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_keycreate) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_KEYCREATE, ctx, &size, 0); + ASSERT_GE(cnt_keycreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("keycreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_prev) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_PREV, ctx, &size, 0); + ASSERT_GE(cnt_prev, count); + if (count > 0) { + tctx = ctx; + ASSERT_EQ(0, read_proc_attr("prev", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + } + if (cnt_sockcreate) { + size = page_size; + count = lsm_get_self_attr(LSM_ATTR_SOCKCREATE, ctx, &size, 0); + ASSERT_GE(cnt_sockcreate, count); + if (count > 0) { + tctx = ctx; + if (read_proc_attr("sockcreate", attr, page_size) == 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i = 1; i < count; i++) { + tctx = next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_list_modules_test.c b/tools/testing/selftests/lsm/lsm_list_modules_test.c new file mode 100644 index 000000000000..445c02f09c74 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_list_modules_test.c @@ -0,0 +1,140 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_list_modules system call + * + * Copyright © 2022 Casey Schaufler + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" +#include "common.h" + +TEST(size_null_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __u64 *syscall_lsms = calloc(page_size, 1); + + ASSERT_NE(NULL, syscall_lsms); + errno = 0; + ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, NULL, 0)); + ASSERT_EQ(EFAULT, errno); + + free(syscall_lsms); +} + +TEST(ids_null_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + size_t size = page_size; + + errno = 0; + ASSERT_EQ(-1, lsm_list_modules(NULL, &size, 0)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __u64 *syscall_lsms = calloc(page_size, 1); + size_t size = 1; + + ASSERT_NE(NULL, syscall_lsms); + errno = 0; + ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(syscall_lsms); +} + +TEST(flags_set_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + __u64 *syscall_lsms = calloc(page_size, 1); + size_t size = page_size; + + ASSERT_NE(NULL, syscall_lsms); + errno = 0; + ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 7)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(syscall_lsms); +} + +TEST(correct_lsm_list_modules) +{ + const long page_size = sysconf(_SC_PAGESIZE); + size_t size = page_size; + __u64 *syscall_lsms = calloc(page_size, 1); + char *sysfs_lsms = calloc(page_size, 1); + char *name; + char *cp; + int count; + int i; + + ASSERT_NE(NULL, sysfs_lsms); + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size)); + + count = lsm_list_modules(syscall_lsms, &size, 0); + ASSERT_LE(1, count); + cp = sysfs_lsms; + for (i = 0; i < count; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_CAPABILITY: + name = "capability"; + break; + case LSM_ID_SELINUX: + name = "selinux"; + break; + case LSM_ID_SMACK: + name = "smack"; + break; + case LSM_ID_TOMOYO: + name = "tomoyo"; + break; + case LSM_ID_IMA: + name = "ima"; + break; + case LSM_ID_APPARMOR: + name = "apparmor"; + break; + case LSM_ID_YAMA: + name = "yama"; + break; + case LSM_ID_LOADPIN: + name = "loadpin"; + break; + case LSM_ID_SAFESETID: + name = "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name = "lockdown"; + break; + case LSM_ID_BPF: + name = "bpf"; + break; + case LSM_ID_LANDLOCK: + name = "landlock"; + break; + default: + name = "INVALID"; + break; + } + ASSERT_EQ(0, strncmp(cp, name, strlen(name))); + cp += strlen(name) + 1; + } + + free(sysfs_lsms); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_set_self_attr_test.c b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c new file mode 100644 index 000000000000..e9712c6cf596 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_set_self_attr system call + * + * Copyright © 2022 Casey Schaufler + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" +#include "common.h" + +TEST(ctx_null_lsm_set_self_attr) +{ + ASSERT_EQ(-1, lsm_set_self_attr(LSM_ATTR_CURRENT, NULL, + sizeof(struct lsm_ctx), 0)); +} + +TEST(size_too_small_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + size_t size = page_size; + + ASSERT_NE(NULL, ctx); + if (attr_lsm_count()) { + ASSERT_LE(1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, + 0)); + } + ASSERT_EQ(-1, lsm_set_self_attr(LSM_ATTR_CURRENT, ctx, 1, 0)); + + free(ctx); +} + +TEST(flags_zero_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx = calloc(page_size, 1); + size_t size = page_size; + + ASSERT_NE(NULL, ctx); + if (attr_lsm_count()) { + ASSERT_LE(1, lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, + 0)); + } + ASSERT_EQ(-1, lsm_set_self_attr(LSM_ATTR_CURRENT, ctx, size, 1)); + + free(ctx); +} + +TEST(flags_overset_lsm_set_self_attr) +{ + const long page_size = sysconf(_SC_PAGESIZE); + char *ctx = calloc(page_size, 1); + size_t size = page_size; + struct lsm_ctx *tctx = (struct lsm_ctx *)ctx; + + ASSERT_NE(NULL, ctx); + if (attr_lsm_count()) { + ASSERT_LE(1, lsm_get_self_attr(LSM_ATTR_CURRENT, tctx, &size, + 0)); + } + ASSERT_EQ(-1, lsm_set_self_attr(LSM_ATTR_CURRENT | LSM_ATTR_PREV, tctx, + size, 0)); + + free(ctx); +} + +TEST_HARNESS_MAIN