| Message ID | 20221025184519.13231-8-casey@schaufler-ca.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1164849wru;
Tue, 25 Oct 2022 11:57:09 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM4vrWvejya+3lVdxEZt0cfDwOtsOo7m7TrwPfioP4b4JREo1uFVwbvfpC04jBrs6H3V5WPj
X-Received: by 2002:aa7:ce09:0:b0:461:5406:20e4 with SMTP id
d9-20020aa7ce09000000b00461540620e4mr21367637edv.5.1666724229486;
Tue, 25 Oct 2022 11:57:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666724229; cv=none;
d=google.com; s=arc-20160816;
b=pMdw4Uc1v2q3QrfhYVcGA6zKm/a/r0amwWbXztWT+HgrTXsGSB8FtDb9/SDHpNawIR
J/eVYhSnYfzTVI9S8nfahWNK/uZzhMeVjTZVyJGXossqeYURVlGbSLj2jqieTcLSDCMd
XB+anBAadLvvU30gY6bnZX4t9VTcDvUtS5zNudzNjgZ82sd4xE4O6tjmmtfsIbeisJYy
6WOvQxlmLU4nv3egrS09YFI3GDEoJgHlmB+xqd4aytGvf5ei8vxYOuIWa3X72NdBFEZz
Q7f+Ip6Qpcy8wlyjvpYRCtlcijkn1CMw8+LFLL0uxxFTENY5IgNonDtzI1cNzJ4ATm5P
pTmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=JPTHbEtDzTcWk/IoC5WyCw9rcLntJ6rErxAyipdRKeU=;
b=UvTLCds9D6oe9JSH6UqeqtxJ/8bfOPInfFWiI206muuHtLP1T6OCh1HHMAfb/mbq0e
t+6M077H0Pks28ohJ5QW51Is9hfY3U63Xu8RL+EoZObC6/WIPg2b72gCPgcqL2xWmQjP
nJvY3nM3yfpHrw81wR36zLbo7c7MpNMss6iOT/qmHYYfHoJXEs6D7ioA2SfnJLKeatlo
pJfbFlxOg6rt//cn6/DJuLUo3dDH9Ouqq4PyohrIv3DICCPtzALIoCblQ52a2CQ7Tb89
UOYZ6zDwtVAQVVUjuHsx6Fin0ViKHkeIbukwKBFYC56p7anfdTlreRJfHVwWUo9tJyPa
FHCg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=lSggReZT;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
y7-20020aa7d507000000b00461aa80dfa8si3166792edq.429.2022.10.25.11.56.21;
Tue, 25 Oct 2022 11:57:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=lSggReZT;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233018AbiJYSs4 (ORCPT <rfc822;pwkd43@gmail.com> + 99 others);
Tue, 25 Oct 2022 14:48:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58218 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232925AbiJYSsx (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 25 Oct 2022 14:48:53 -0400
Received: from sonic308-15.consmr.mail.ne1.yahoo.com
(sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F364112A8E
for <linux-kernel@vger.kernel.org>;
Tue, 25 Oct 2022 11:48:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1666723722; bh=JPTHbEtDzTcWk/IoC5WyCw9rcLntJ6rErxAyipdRKeU=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
b=lSggReZTz5kDfnICBhX8FyrtzBVmDIoW3/WiqiNrl/gUkCSZTE8iO2qzIyLJHU7DCAnx8mgay2IFLPqXOFrOsMVAkgSPPBLOqWeoEvVZut07UnTkhqaobdW7aKJeXumO4OQJYE1Po1oMIvBc0sxJfSIBtarC9hgnQr4pknOnkxKmCKhozHbLmb78o3ZZZowuWkAtJYgtpkhT+seJmJok9vnV8be/z+Sz86KeZ677KF4epus7NqBIRv3TMK6vnZ6PW/N8GVaGtr2piRAAmO6XbI1Vq6Nov+IaHyi07l4saDVJH2YGujoMzWvaiqbWlissFG8fFxfJunywHJjWBUpteQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1666723722; bh=ZEOoJatGzl2RbmJboUKjJf/CVMhYAtR/7Y6CjIuIpbA=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=ZTWyNylBgWI3m1eTa65aQrNE4a9vuBPh9kFaAkcTkdri97hQFQ81TXvI82pCqFELYB/3xvjMJWhIwvYW8R8tOcqAO3zv0lQdwmzzYJO2fXTX3gsfnkS/dNuRslqnz4zfRzxkKM/IoifgSq16loMNulnn/223JboqBQwEn2VYKo6s4xh3Ym+Yslqv9yGRlEinmU4aHAoaBq5FGtniNkQpvKoL9QbreVd02b4V/A9MPY85jWD0gR8LhJWrgaqVJ5LDB7uXlyRVT1IomAb89MRcTcms72XZ8ErATQy/M7DOqbGuI48Sr7ze2uZq412SC8FV2vQixAI08iAOR99UZHZ6Lg==
X-YMail-OSG: Y9r3dB4VM1na2Unf9Sof7gjYoY83BIozuKcju44Sfh0vDdj1zt03DxJapCNZ4Dw
zPDyjYvcX3IlaV60a3bY6x2pcOACBQcPrycGa82.uSUfzPPGLEg6CjDJzdY7llf5iwXLgtUhRjkR
ZOOJbt6NFH9bvgGSHhsypxm170ffTBCxCSVkzhz9f.lc4D6Sb4hmgI6zJx8BjUqQUbz5ohYvA9MX
nyE2g_YbLsCbz11N5jTGd38z280daBrTw80ZL97hamPWKdmuYrOiAnRSUA57gKeYWlGcI6O3ZJwH
BHPaT78L1tNH8ugsYW83JuTAETUToO2.gf9mikRz.Gt3PaMJVj96Ze7S7uPDTpEG.SYZHyoCMEuo
HpEl6PpMNXJ__10pR0TeK9t6ceBXKGvOLVZtcPbF9Jz8_ua1jfxVO90jPIuCYPMLReQBh_aQuXO4
BLIqfYyxk_YzT.Ndn73CgMDDCO.r48wg6.aRRoJhexMVVm0O_igHYLxbvzk9YyvEm_kyJ1D5bz9g
G35nstvzEB3onviouwo_CF9LPtMcGkRxH2Gv2jdaRcEccdynJCC4HpClrjqzTIVDD74hqFhOWFTH
8gQPkiE3gxoNGdr0JhfoXpCUO2sBI.w1Q76_lsnDKenjhfJrH0VrzxoOn_Z5oxGrrF7ibwr6kKQg
XAjKEPlktJ.jBvhZHSFfNia.KMQ.7H8Fv7z51QfPrsAcXNpno.TN6J3Hcz_20HlaPF8Hl_6RorGP
ZBG2X69Aap7J4Cwi5S.ccH6xSyOaUftJLVbl0ZLeigi5upNN71K8YFe7HKY2zf9JNCpT.6hyf7ml
uLSPBsxoN.QVk4h_qSuD__0gg9TwlP0klUsIio7FzUvJlF6PYBZCAf0fAgSD0wZoraXdiYgL2ogu
mQ6llf6Ov7OT8HUHz_Ewx6Tt1AHIu79L.MKdzg5yRdVZ.Ji93AZLv.oEyjm1Ur_jpGvvU7PXpSPo
1BH7nGefDJrPtQXjei8B_4xIXUrH_OwToBCra6gipH.80UY9mMxOVF2reuzE8pKecsYowdkusKvx
aRVGQ2XkClJANxY2gwjqKFbN99_ME_RbG0NB1pV8DLP0zLno7uzaESMUHruXYszG5jDNKvCA4pKh
HOpJtWuapBLwAKDSaQiSGb9HKoZ_8zJ2YwOmjJkujzzTfMi8KN4T_ycgi13K43n_40Qp9yZwOm7_
wH9sj9aZsjf9DtQP1FaFAE0hKzMFAcMKB9XrnUZV.4S0qiddB3fiFT7zF4lfF4ZQb6dVbyDw7c8A
tjfXyty7MbIfdOHSxRVNwUkBCCIZUQjS8vFchTFYPjCh5lTKarec9qE8BcvMceJX.IUvh21vJsxv
VRoaV2S7e7Y2Nc_beMh_NizAAXz8AeXhMMq3Dkm53sqVikkrOlhyHpv2O3FR8f.psLc1HA2Rr1eb
qz2Iy97PZSYIg7UpB95bGTBpZEESV0wkBB_kK5K7f7r9uEWsMS4MNHIhJYuPAe5NzagavDw3dDRF
dkdtJBGUVayDnnlGc92icd5VAx2AMafgFVl76Ei67vBYCpnSGIGLzhomDszVvlzD6RIizKuqyUoK
dvQVSbtQLb3zxbzWs0gog2sgDf.uk1Zn9CZrDnxkbPdTgTkMnaILYRE3Q7yeo7FwMFeA48K5fJH_
zBOjuW6LwGdZZVEzKy3s9eWLAkPgdBBOdHFBOTj751VvSnCMETc1zWxoF5eeUGYM4qQyblbytGEb
EMKRW_r4yDfY8PXaEXKXfjnO5wsOmXl7O0bZiPANSLiPHwxXAx2_3ur7W2eghLBufCJDuHgkxK9o
qvfcc8S1brHF87BMaPVrM2YeU0pviogJrRhTn5dONPpCq4WtNb9UyHmWS9TPHPkLcShll75S7_vV
Kg14Zt2z2Qu0jhoI9nPv72aqBLCJqjfeWrDFBw7KjhJCaDlWr8PzsOjLDLLkULgtQXaNUSDzqMcM
6jv4qlXD4qWf61o0Rp0r6JVX8k2gDlS.2eo5J5JJ3QEl75VnKpuwo1_wF9Xq9y9OV8nzSZKUys_2
gGJ6ZFrx50CVt10vigX9WNcheP0x.bLkOd9Fup1KT3cvz2yE8jXJ1mZJmeZ6tXv52G2C_XT1vtr3
kWLaAzOXUOy3YgBYzBUlggiDPdfN.yZBXAqOmNxXdB3OCApSTRDsf_JHFq5Sjl6uMmh5xz1XC2pe
56dpKmfo4MN33GfdSEi.DULsN6Gx.ih1RqrzgNRyUayAaGIiDPq65fi16DLfW6AkJZM2RZhZBhvb
AeRnMjEHltXZv3EeaG8QrQuSPFHe_lmgOoOMuZr2gBDQ8Rg--
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 25 Oct 2022 18:48:42 +0000
Received: by hermes--production-gq1-754cb59848-jkt9q (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID d383105834ed78a52d504d4d360854e7;
Tue, 25 Oct 2022 18:48:37 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v1 7/8] LSM: Create lsm_module_list system call
Date: Tue, 25 Oct 2022 11:45:18 -0700
Message-Id: <20221025184519.13231-8-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20221025184519.13231-1-casey@schaufler-ca.com>
References: <20221025184519.13231-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1747687025741008386?=
X-GMAIL-MSGID: =?utf-8?q?1747687025741008386?=
|
| Series |
LSM: Two basic syscalls
|
|
Commit Message
Casey Schaufler
Oct. 25, 2022, 6:45 p.m. UTC
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
The calling application can use this list determine what LSM
specific actions it might take. That might include chosing an
output format, determining required privilege or bypassing
security module specific behavior.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/syscalls.h | 1 +
kernel/sys_ni.c | 1 +
security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+)
Comments
On Tue, Oct 25, 2022 at 11:45:18AM -0700, Casey Schaufler wrote: > Create a system call to report the list of Linux Security Modules > that are active on the system. The list is provided as an array > of LSM ID numbers. > > The calling application can use this list determine what LSM > specific actions it might take. That might include chosing an > output format, determining required privilege or bypassing > security module specific behavior. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/syscalls.h | 1 + > kernel/sys_ni.c | 1 + > security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++ > 3 files changed, 40 insertions(+) > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > index 2d9033e9e5a0..02bb82142e24 100644 > --- a/include/linux/syscalls.h > +++ b/include/linux/syscalls.h > @@ -1058,6 +1058,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l > unsigned long home_node, > unsigned long flags); > asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); > +asmlinkage long sys_lsm_module_list(unsigned int *ids, size_t *size, int flags); Instead of "unsigned int", how about "u64" to make it portable properly? thanks, greg k-h
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on kees/for-next/hardening]
[also build test ERROR on pcmoore-selinux/next acme/perf/core linus/master v6.1-rc2 next-20221026]
[cannot apply to tip/perf/core]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/LSM-Identify-modules-by-more-than-name/20221026-034541
base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
patch link: https://lore.kernel.org/r/20221025184519.13231-8-casey%40schaufler-ca.com
patch subject: [PATCH v1 7/8] LSM: Create lsm_module_list system call
config: arm-randconfig-r031-20221025 (attached as .config)
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 791a7ae1ba3efd6bca96338e10ffde557ba83920)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/intel-lab-lkp/linux/commit/e4fdffbcada3e48a7f4049e4c872642a1fed8f04
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/LSM-Identify-modules-by-more-than-name/20221026-034541
git checkout e4fdffbcada3e48a7f4049e4c872642a1fed8f04
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from security/lsm_syscalls.c:15:
include/linux/syscalls.h:1060:42: warning: declaration of 'struct lsm_ctx' will not be visible outside of this function [-Wvisibility]
asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags);
^
security/lsm_syscalls.c:47:1: error: conflicting types for 'sys_lsm_self_attr'
SYSCALL_DEFINE3(lsm_self_attr,
^
include/linux/syscalls.h:220:36: note: expanded from macro 'SYSCALL_DEFINE3'
#define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__)
^
include/linux/syscalls.h:229:2: note: expanded from macro 'SYSCALL_DEFINEx'
__SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
^
include/linux/syscalls.h:243:18: note: expanded from macro '__SYSCALL_DEFINEx'
asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
^
<scratch space>:65:1: note: expanded from here
sys_lsm_self_attr
^
include/linux/syscalls.h:1060:17: note: previous declaration is here
asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags);
^
>> security/lsm_syscalls.c:171:1: error: conflicting types for 'sys_lsm_module_list'
SYSCALL_DEFINE3(lsm_module_list,
^
include/linux/syscalls.h:220:36: note: expanded from macro 'SYSCALL_DEFINE3'
#define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__)
^
include/linux/syscalls.h:229:2: note: expanded from macro 'SYSCALL_DEFINEx'
__SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
^
include/linux/syscalls.h:243:18: note: expanded from macro '__SYSCALL_DEFINEx'
asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
^
<scratch space>:104:1: note: expanded from here
sys_lsm_module_list
^
include/linux/syscalls.h:1061:17: note: previous declaration is here
asmlinkage long sys_lsm_module_list(unsigned int *ids, size_t *size, int flags);
^
1 warning and 2 errors generated.
vim +/sys_lsm_module_list +171 security/lsm_syscalls.c
157
158 /**
159 * lsm_module_list - Return a list of the active security modules
160 * @ids: the LSM module ids
161 * @size: size of @ids, updated on return
162 * @flags: reserved for future use, must be zero
163 *
164 * Returns a list of the active LSM ids. On success this function
165 * returns the number of @ids array elements. This value may be zero
166 * if there are no LSMs active. If @size is insufficient to contain
167 * the return data -E2BIG is returned and @size is set to the minimum
168 * required size. In all other cases a negative value indicating the
169 * error is returned.
170 */
> 171 SYSCALL_DEFINE3(lsm_module_list,
On Tue, Oct 25, 2022 at 2:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > Create a system call to report the list of Linux Security Modules > that are active on the system. The list is provided as an array > of LSM ID numbers. > > The calling application can use this list determine what LSM > specific actions it might take. That might include chosing an > output format, determining required privilege or bypassing > security module specific behavior. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/syscalls.h | 1 + > kernel/sys_ni.c | 1 + > security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++ > 3 files changed, 40 insertions(+) ... > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > index da0fab7065e2..cd5db370b974 100644 > --- a/security/lsm_syscalls.c > +++ b/security/lsm_syscalls.c > @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr, > kfree(final); > return rc; > } > + > +/** > + * lsm_module_list - Return a list of the active security modules > + * @ids: the LSM module ids > + * @size: size of @ids, updated on return > + * @flags: reserved for future use, must be zero > + * > + * Returns a list of the active LSM ids. On success this function > + * returns the number of @ids array elements. This value may be zero > + * if there are no LSMs active. If @size is insufficient to contain > + * the return data -E2BIG is returned and @size is set to the minimum > + * required size. In all other cases a negative value indicating the > + * error is returned. > + */ Let's make a promise that for this syscall we will order the LSM IDs in the array in the same order as which they are configured/executed. I'm doubtful that only a *very* small number of applications will care about this (if any), but this is something we can do so let's do it now while we can. > +SYSCALL_DEFINE3(lsm_module_list, > + unsigned int __user *, ids, > + size_t __user *, size, > + unsigned int, flags) -- paul-moore.com
On 11/9/2022 3:35 PM, Paul Moore wrote: > On Tue, Oct 25, 2022 at 2:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote: >> Create a system call to report the list of Linux Security Modules >> that are active on the system. The list is provided as an array >> of LSM ID numbers. >> >> The calling application can use this list determine what LSM >> specific actions it might take. That might include chosing an >> output format, determining required privilege or bypassing >> security module specific behavior. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> --- >> include/linux/syscalls.h | 1 + >> kernel/sys_ni.c | 1 + >> security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++ >> 3 files changed, 40 insertions(+) > .. > >> diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c >> index da0fab7065e2..cd5db370b974 100644 >> --- a/security/lsm_syscalls.c >> +++ b/security/lsm_syscalls.c >> @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr, >> kfree(final); >> return rc; >> } >> + >> +/** >> + * lsm_module_list - Return a list of the active security modules >> + * @ids: the LSM module ids >> + * @size: size of @ids, updated on return >> + * @flags: reserved for future use, must be zero >> + * >> + * Returns a list of the active LSM ids. On success this function >> + * returns the number of @ids array elements. This value may be zero >> + * if there are no LSMs active. If @size is insufficient to contain >> + * the return data -E2BIG is returned and @size is set to the minimum >> + * required size. In all other cases a negative value indicating the >> + * error is returned. >> + */ > Let's make a promise that for this syscall we will order the LSM IDs > in the array in the same order as which they are configured/executed. Sure. Order registered, which can vary, as opposed to LSM ID order, which cannot. That could be important to ensure that applications that enforce the same policy as the kernel will hit the checks in the same order as the kernel. That's how it is coded. It needs to be documented. > I'm doubtful that only a *very* small number of applications will care > about this (if any), but this is something we can do so let's do it > now while we can. > >> +SYSCALL_DEFINE3(lsm_module_list, >> + unsigned int __user *, ids, >> + size_t __user *, size, >> + unsigned int, flags) > -- > paul-moore.com
On Wed, Nov 9, 2022 at 8:37 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > On 11/9/2022 3:35 PM, Paul Moore wrote: > > On Tue, Oct 25, 2022 at 2:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > >> Create a system call to report the list of Linux Security Modules > >> that are active on the system. The list is provided as an array > >> of LSM ID numbers. > >> > >> The calling application can use this list determine what LSM > >> specific actions it might take. That might include chosing an > >> output format, determining required privilege or bypassing > >> security module specific behavior. > >> > >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > >> --- > >> include/linux/syscalls.h | 1 + > >> kernel/sys_ni.c | 1 + > >> security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++ > >> 3 files changed, 40 insertions(+) > > .. > > > >> diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > >> index da0fab7065e2..cd5db370b974 100644 > >> --- a/security/lsm_syscalls.c > >> +++ b/security/lsm_syscalls.c > >> @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr, > >> kfree(final); > >> return rc; > >> } > >> + > >> +/** > >> + * lsm_module_list - Return a list of the active security modules > >> + * @ids: the LSM module ids > >> + * @size: size of @ids, updated on return > >> + * @flags: reserved for future use, must be zero > >> + * > >> + * Returns a list of the active LSM ids. On success this function > >> + * returns the number of @ids array elements. This value may be zero > >> + * if there are no LSMs active. If @size is insufficient to contain > >> + * the return data -E2BIG is returned and @size is set to the minimum > >> + * required size. In all other cases a negative value indicating the > >> + * error is returned. > >> + */ > > Let's make a promise that for this syscall we will order the LSM IDs > > in the array in the same order as which they are configured/executed. > > Sure. Order registered, which can vary, as opposed to LSM ID order, > which cannot. That could be important to ensure that applications > that enforce the same policy as the kernel will hit the checks in > the same order as the kernel. That's how it is coded. It needs to > be documented. Yep. One of the big reasons for documenting it this way is to ensure that we define the order as part of the API.
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 2d9033e9e5a0..02bb82142e24 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1058,6 +1058,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l unsigned long home_node, unsigned long flags); asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); +asmlinkage long sys_lsm_module_list(unsigned int *ids, size_t *size, int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 0fdb0341251d..bde9e74a3473 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -264,6 +264,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_self_attr); +COND_SYSCALL(lsm_module_list); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index da0fab7065e2..cd5db370b974 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr, kfree(final); return rc; } + +/** + * lsm_module_list - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_module_list, + unsigned int __user *, ids, + size_t __user *, size, + unsigned int, flags) +{ + size_t total_size = lsm_id * sizeof(*ids); + size_t usize; + int i; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_id; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_id; +}