| security.c (6672efbb685f7c9c9df005beb839e1942fd6b34e) | security.c (d80a8f1b58c2bc8d7c6bfb65401ea4f7ec8cddc2) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Security plug functions 4 * 5 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 7 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 8 * Copyright (C) 2016 Mellanox Technologies --- 17 unchanged lines hidden (view full) --- 26#include <linux/mman.h> 27#include <linux/mount.h> 28#include <linux/personality.h> 29#include <linux/backing-dev.h> 30#include <linux/string.h> 31#include <linux/msg.h> 32#include <net/flow.h> 33 | 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Security plug functions 4 * 5 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 7 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 8 * Copyright (C) 2016 Mellanox Technologies --- 17 unchanged lines hidden (view full) --- 26#include <linux/mman.h> 27#include <linux/mount.h> 28#include <linux/personality.h> 29#include <linux/backing-dev.h> 30#include <linux/string.h> 31#include <linux/msg.h> 32#include <net/flow.h> 33 |
| 34#define MAX_LSM_EVM_XATTR 2 35 |
|
| 34/* How many LSMs were built into the kernel? */ 35#define LSM_COUNT (__end_lsm_info - __start_lsm_info) 36 37/* 38 * These are descriptions of the reasons that can be passed to the 39 * security_locked_down() LSM hook. Placing this array here allows 40 * all security modules to use the same descriptions for auditing 41 * purposes. --- 163 unchanged lines hidden (view full) --- 205 */ 206 if (needed->lbs_inode && blob_sizes.lbs_inode == 0) 207 blob_sizes.lbs_inode = sizeof(struct rcu_head); 208 lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); 209 lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); 210 lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); 211 lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); 212 lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); | 36/* How many LSMs were built into the kernel? */ 37#define LSM_COUNT (__end_lsm_info - __start_lsm_info) 38 39/* 40 * These are descriptions of the reasons that can be passed to the 41 * security_locked_down() LSM hook. Placing this array here allows 42 * all security modules to use the same descriptions for auditing 43 * purposes. --- 163 unchanged lines hidden (view full) --- 207 */ 208 if (needed->lbs_inode && blob_sizes.lbs_inode == 0) 209 blob_sizes.lbs_inode = sizeof(struct rcu_head); 210 lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); 211 lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); 212 lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); 213 lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); 214 lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); |
| 213 lsm_set_blob_size(&needed->lbs_xattr_count, 214 &blob_sizes.lbs_xattr_count); | |
| 215} 216 217/* Prepare LSM for initialization. */ 218static void __init prepare_lsm(struct lsm_info *lsm) 219{ 220 int enabled = lsm_allowed(lsm); 221 222 /* Record enablement (to handle any following exclusive LSMs). */ --- 150 unchanged lines hidden (view full) --- 373 374 init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); 375 init_debug("file blob size = %d\n", blob_sizes.lbs_file); 376 init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); 377 init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); 378 init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); 379 init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); 380 init_debug("task blob size = %d\n", blob_sizes.lbs_task); | 215} 216 217/* Prepare LSM for initialization. */ 218static void __init prepare_lsm(struct lsm_info *lsm) 219{ 220 int enabled = lsm_allowed(lsm); 221 222 /* Record enablement (to handle any following exclusive LSMs). */ --- 150 unchanged lines hidden (view full) --- 373 374 init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); 375 init_debug("file blob size = %d\n", blob_sizes.lbs_file); 376 init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); 377 init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); 378 init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); 379 init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); 380 init_debug("task blob size = %d\n", blob_sizes.lbs_task); |
| 381 init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); | |
| 382 383 /* 384 * Create any kmem_caches needed for blobs 385 */ 386 if (blob_sizes.lbs_file) 387 lsm_file_cache = kmem_cache_create("lsm_file_cache", 388 blob_sizes.lbs_file, 0, 389 SLAB_PANIC, NULL); --- 499 unchanged lines hidden (view full) --- 889 * 890 * Get the @effective, @inheritable, and @permitted capability sets for the 891 * @target process. The hook may also perform permission checking to determine 892 * if the current process is allowed to see the capability sets of the @target 893 * process. 894 * 895 * Return: Returns 0 if the capability sets were successfully obtained. 896 */ | 381 382 /* 383 * Create any kmem_caches needed for blobs 384 */ 385 if (blob_sizes.lbs_file) 386 lsm_file_cache = kmem_cache_create("lsm_file_cache", 387 blob_sizes.lbs_file, 0, 388 SLAB_PANIC, NULL); --- 499 unchanged lines hidden (view full) --- 888 * 889 * Get the @effective, @inheritable, and @permitted capability sets for the 890 * @target process. The hook may also perform permission checking to determine 891 * if the current process is allowed to see the capability sets of the @target 892 * process. 893 * 894 * Return: Returns 0 if the capability sets were successfully obtained. 895 */ |
| 897int security_capget(const struct task_struct *target, | 896int security_capget(struct task_struct *target, |
| 898 kernel_cap_t *effective, 899 kernel_cap_t *inheritable, 900 kernel_cap_t *permitted) 901{ 902 return call_int_hook(capget, 0, target, 903 effective, inheritable, permitted); 904} 905 --- 229 unchanged lines hidden (view full) --- 1135 * immediately after commit_creds(). 1136 */ 1137void security_bprm_committed_creds(struct linux_binprm *bprm) 1138{ 1139 call_void_hook(bprm_committed_creds, bprm); 1140} 1141 1142/** | 897 kernel_cap_t *effective, 898 kernel_cap_t *inheritable, 899 kernel_cap_t *permitted) 900{ 901 return call_int_hook(capget, 0, target, 902 effective, inheritable, permitted); 903} 904 --- 229 unchanged lines hidden (view full) --- 1134 * immediately after commit_creds(). 1135 */ 1136void security_bprm_committed_creds(struct linux_binprm *bprm) 1137{ 1138 call_void_hook(bprm_committed_creds, bprm); 1139} 1140 1141/** |
| 1142 * security_fs_context_submount() - Initialise fc->security 1143 * @fc: new filesystem context 1144 * @reference: dentry reference for submount/remount 1145 * 1146 * Fill out the ->security field for a new fs_context. 1147 * 1148 * Return: Returns 0 on success or negative error code on failure. 1149 */ 1150int security_fs_context_submount(struct fs_context *fc, struct super_block *reference) 1151{ 1152 return call_int_hook(fs_context_submount, 0, fc, reference); 1153} 1154 1155/** |
|
| 1143 * security_fs_context_dup() - Duplicate a fs_context LSM blob 1144 * @fc: destination filesystem context 1145 * @src_fc: source filesystem context 1146 * 1147 * Allocate and attach a security structure to sc->security. This pointer is 1148 * initialised to NULL by the caller. @fc indicates the new filesystem context. 1149 * @src_fc indicates the original filesystem context. 1150 * --- 436 unchanged lines hidden (view full) --- 1587 * @qstr: last component of the pathname 1588 * @initxattrs: callback function to write xattrs 1589 * @fs_data: filesystem specific data 1590 * 1591 * Obtain the security attribute name suffix and value to set on a newly 1592 * created inode and set up the incore security field for the new inode. This 1593 * hook is called by the fs code as part of the inode creation transaction and 1594 * provides for atomic labeling of the inode, unlike the post_create/mkdir/... | 1156 * security_fs_context_dup() - Duplicate a fs_context LSM blob 1157 * @fc: destination filesystem context 1158 * @src_fc: source filesystem context 1159 * 1160 * Allocate and attach a security structure to sc->security. This pointer is 1161 * initialised to NULL by the caller. @fc indicates the new filesystem context. 1162 * @src_fc indicates the original filesystem context. 1163 * --- 436 unchanged lines hidden (view full) --- 1600 * @qstr: last component of the pathname 1601 * @initxattrs: callback function to write xattrs 1602 * @fs_data: filesystem specific data 1603 * 1604 * Obtain the security attribute name suffix and value to set on a newly 1605 * created inode and set up the incore security field for the new inode. This 1606 * hook is called by the fs code as part of the inode creation transaction and 1607 * provides for atomic labeling of the inode, unlike the post_create/mkdir/... |
| 1595 * hooks called by the VFS. | 1608 * hooks called by the VFS. The hook function is expected to allocate the name 1609 * and value via kmalloc, with the caller being responsible for calling kfree 1610 * after using them. If the security module does not use security attributes 1611 * or does not wish to put a security attribute on this particular inode, then 1612 * it should return -EOPNOTSUPP to skip this processing. |
| 1596 * | 1613 * |
| 1597 * The hook function is expected to populate the xattrs array, by calling 1598 * lsm_get_xattr_slot() to retrieve the slots reserved by the security module 1599 * with the lbs_xattr_count field of the lsm_blob_sizes structure. For each 1600 * slot, the hook function should set ->name to the attribute name suffix 1601 * (e.g. selinux), to allocate ->value (will be freed by the caller) and set it 1602 * to the attribute value, to set ->value_len to the length of the value. If 1603 * the security module does not use security attributes or does not wish to put 1604 * a security attribute on this particular inode, then it should return 1605 * -EOPNOTSUPP to skip this processing. 1606 * 1607 * Return: Returns 0 if the LSM successfully initialized all of the inode 1608 * security attributes that are required, negative values otherwise. | 1614 * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is 1615 * needed, or -ENOMEM on memory allocation failure. |
| 1609 */ 1610int security_inode_init_security(struct inode *inode, struct inode *dir, 1611 const struct qstr *qstr, 1612 const initxattrs initxattrs, void *fs_data) 1613{ | 1616 */ 1617int security_inode_init_security(struct inode *inode, struct inode *dir, 1618 const struct qstr *qstr, 1619 const initxattrs initxattrs, void *fs_data) 1620{ |
| 1614 struct security_hook_list *hp; 1615 struct xattr *new_xattrs = NULL; 1616 int ret = -EOPNOTSUPP, xattr_count = 0; | 1621 struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; 1622 struct xattr *lsm_xattr, *evm_xattr, *xattr; 1623 int ret; |
| 1617 1618 if (unlikely(IS_PRIVATE(inode))) 1619 return 0; 1620 | 1624 1625 if (unlikely(IS_PRIVATE(inode))) 1626 return 0; 1627 |
| 1621 if (!blob_sizes.lbs_xattr_count) 1622 return 0; 1623 1624 if (initxattrs) { 1625 /* Allocate +1 for EVM and +1 as terminator. */ 1626 new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 2, 1627 sizeof(*new_xattrs), GFP_NOFS); 1628 if (!new_xattrs) 1629 return -ENOMEM; 1630 } 1631 1632 hlist_for_each_entry(hp, &security_hook_heads.inode_init_security, 1633 list) { 1634 ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs, 1635 &xattr_count); 1636 if (ret && ret != -EOPNOTSUPP) 1637 goto out; 1638 /* 1639 * As documented in lsm_hooks.h, -EOPNOTSUPP in this context 1640 * means that the LSM is not willing to provide an xattr, not 1641 * that it wants to signal an error. Thus, continue to invoke 1642 * the remaining LSMs. 1643 */ 1644 } 1645 1646 /* If initxattrs() is NULL, xattr_count is zero, skip the call. */ 1647 if (!xattr_count) | 1628 if (!initxattrs) 1629 return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, 1630 dir, qstr, NULL, NULL, NULL); 1631 memset(new_xattrs, 0, sizeof(new_xattrs)); 1632 lsm_xattr = new_xattrs; 1633 ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, 1634 &lsm_xattr->name, 1635 &lsm_xattr->value, 1636 &lsm_xattr->value_len); 1637 if (ret) |
| 1648 goto out; 1649 | 1638 goto out; 1639 |
| 1650 ret = evm_inode_init_security(inode, dir, qstr, new_xattrs, 1651 &xattr_count); | 1640 evm_xattr = lsm_xattr + 1; 1641 ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr); |
| 1652 if (ret) 1653 goto out; 1654 ret = initxattrs(inode, new_xattrs, fs_data); 1655out: | 1642 if (ret) 1643 goto out; 1644 ret = initxattrs(inode, new_xattrs, fs_data); 1645out: |
| 1656 for (; xattr_count > 0; xattr_count--) 1657 kfree(new_xattrs[xattr_count - 1].value); 1658 kfree(new_xattrs); | 1646 for (xattr = new_xattrs; xattr->value != NULL; xattr++) 1647 kfree(xattr->value); |
| 1659 return (ret == -EOPNOTSUPP) ? 0 : ret; 1660} 1661EXPORT_SYMBOL(security_inode_init_security); 1662 1663/** 1664 * security_inode_init_security_anon() - Initialize an anonymous inode 1665 * @inode: the inode 1666 * @name: the anonymous inode class --- 1070 unchanged lines hidden (view full) --- 2737int security_file_lock(struct file *file, unsigned int cmd) 2738{ 2739 return call_int_hook(file_lock, 0, file, cmd); 2740} 2741 2742/** 2743 * security_file_fcntl() - Check if fcntl() op is allowed 2744 * @file: file | 1648 return (ret == -EOPNOTSUPP) ? 0 : ret; 1649} 1650EXPORT_SYMBOL(security_inode_init_security); 1651 1652/** 1653 * security_inode_init_security_anon() - Initialize an anonymous inode 1654 * @inode: the inode 1655 * @name: the anonymous inode class --- 1070 unchanged lines hidden (view full) --- 2726int security_file_lock(struct file *file, unsigned int cmd) 2727{ 2728 return call_int_hook(file_lock, 0, file, cmd); 2729} 2730 2731/** 2732 * security_file_fcntl() - Check if fcntl() op is allowed 2733 * @file: file |
| 2745 * @cmd: fcntl command | 2734 * @cmd: fnctl command |
| 2746 * @arg: command argument 2747 * 2748 * Check permission before allowing the file operation specified by @cmd from 2749 * being performed on the file @file. Note that @arg sometimes represents a 2750 * user space pointer; in other cases, it may be a simple integer value. When 2751 * @arg represents a user space pointer, it should never be used by the 2752 * security module. 2753 * --- 1662 unchanged lines hidden (view full) --- 4416 * Clone/copy security structure. 4417 */ 4418void security_sk_clone(const struct sock *sk, struct sock *newsk) 4419{ 4420 call_void_hook(sk_clone_security, sk, newsk); 4421} 4422EXPORT_SYMBOL(security_sk_clone); 4423 | 2735 * @arg: command argument 2736 * 2737 * Check permission before allowing the file operation specified by @cmd from 2738 * being performed on the file @file. Note that @arg sometimes represents a 2739 * user space pointer; in other cases, it may be a simple integer value. When 2740 * @arg represents a user space pointer, it should never be used by the 2741 * security module. 2742 * --- 1662 unchanged lines hidden (view full) --- 4405 * Clone/copy security structure. 4406 */ 4407void security_sk_clone(const struct sock *sk, struct sock *newsk) 4408{ 4409 call_void_hook(sk_clone_security, sk, newsk); 4410} 4411EXPORT_SYMBOL(security_sk_clone); 4412 |
| 4424/** 4425 * security_sk_classify_flow() - Set a flow's secid based on socket 4426 * @sk: original socket 4427 * @flic: target flow 4428 * 4429 * Set the target flow's secid to socket's secid. 4430 */ | |
| 4431void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic) 4432{ 4433 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); 4434} 4435EXPORT_SYMBOL(security_sk_classify_flow); 4436 4437/** 4438 * security_req_classify_flow() - Set a flow's secid based on request_sock --- 887 unchanged lines hidden --- | 4413void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic) 4414{ 4415 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); 4416} 4417EXPORT_SYMBOL(security_sk_classify_flow); 4418 4419/** 4420 * security_req_classify_flow() - Set a flow's secid based on request_sock --- 887 unchanged lines hidden --- |