From patchwork Wed Oct 18 10:50:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154809 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701417vqb; Wed, 18 Oct 2023 03:52:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4yIUDD0rJpYJmWmIsY+R+38wWgHNmGZmvPeMBIpcWXRNzEe7a8+dmNnJa0sCYTMBQyC3S X-Received: by 2002:a17:903:290c:b0:1c6:2902:24f9 with SMTP id lh12-20020a170903290c00b001c6290224f9mr5012044plb.1.1697626340833; Wed, 18 Oct 2023 03:52:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626340; cv=none; d=google.com; s=arc-20160816; b=uvtMWhZ/wJoRs3tloE7qNBklHbgXuoQNHNEpENSe39DX72NwHSfMmlbTVTg/LcKd2d 6JJcpI9uNEnkJjTyHo2OOVIL57s6OClh138yA0t+jLQGXzROaJmIVi2oBtsrCqwlCJsv ikglTt/8soBKasHD1kzo2zZgrqKx86tW+NEShDd0KmDqi1/fTAyGyUZAS24YLnUiD4A+ Hj2IsQYhXihSlj7XbV/CEcff5VMUPe5E7id4aI0KCgWEkoj14GdOwMI0yoON9vrsHl8s brTPNsS5ge3Vu0+y2nxmmkuhwlESYMcRzmYOUpVqvxRffjWvdxiqdHVgbmiF3nq/SV/b c/Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=eNA5R7VCDf3s+K7CJ2VvwOwnH95MgEVYTnt2SgmQHMFcuERPs5hv6vPZUACIjcE1nK Gb4CaKe/VVuJ2G125k8uka4xStPBrBudZqqOqgq05S5shLDdKkBxfnAvGeU3hr/WkRKg GxbbR+GxrcgEspC8YHIaFOfo2xNe2eGNrbEY3tKsdvSQ1UgJYy7aPzp1XvrwPp9KgzNc KzgvzoqHqyS6b/S0NXDU1kLDJd9s62QYQntcZjjDetNvr5fwraplvooU6Kto1Xo2Ir31 JUEeJofEKwO8iI6H+SB/gPOoLSUs88qQ2pHl2xvofeeyxokSA7IavNEugF5ii0I99nnT wzoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id g11-20020a170902740b00b001c60a0a8d2asi3563291pll.282.2023.10.18.03.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 58F49816F003; Wed, 18 Oct 2023 03:52:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235252AbjJRKwD (ORCPT + 24 others); Wed, 18 Oct 2023 06:52:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234836AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76E76100; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MgiPE-1rTChh25ls-00h8BM; Wed, 18 Oct 2023 12:50:57 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 04/14] lsm: Add security_dev_permission() hook Date: Wed, 18 Oct 2023 12:50:23 +0200 Message-Id: <20231018105033.13669-5-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:38OgFLKeLVyUNOGAHePjb9eXHvugerr9x590L1H0mtjlQz8+EhP XV0kjjYTVCFzyaGkdhflveir1VfTbHqWmEmrXQtyoLpF30n5KODUjF3UU+cpbTyyK1iwGUL 98DKPB1ud8WTDseAR2vCjioz+6oMKBxUcVxt/HrIf66Xag9WZPXIjI0gSRad84Fo9+Qg+f+ r8wUVsa/nedGZEQ7akf6g== UI-OutboundReport: notjunk:1;M01:P0:h+FTMlalFCk=;nEnL1o6Gxl+hnMse0JkKqyiTNUJ ZAsW1h9B9jFe9bGHwcaWr467ig8PZpstHYQG7WQb1NchktAHHKDokiRO+JrvwTk4Av+LyUoiS L5q8T9Fb7ZHcO32E1EeceOoInCWL9znSy7i8DVTwFw2t8G4Kk3PrRxHP9uqBorYYZt4E3NChi ZysfQvdgvpn6Qp415qcslsXB52+IBzvoQOjnpD4ke5Ls9A3Qe0pY5f3C0uP4vLU154f+IB5xC Sa/NUMrKYPewac4z/4M1hF3IF320oOaO8IOqHE52C/XOGPmIVmSyXix5PHxeToJN/9CK7et4D DXxg/OT4E83tyI42zOoo8FFUL6GIrimliJRSpQmVIrfuJn7SIAG6ddhs1Efqq02voeqfrVVgi QcDozmGbeDOEtVn0gcJMhGLl/b7gfe6Hbl5wgLEJKWzIBEDX+Y1IbVpXN2o/qjo8wXFmygbW6 IgIJNNFEzUf/UMI4As47VOBj6F2umR3Cc09C3M/GWv3mYXipKH2kcj7m5ccDGkx+PO25Auwis TO/7DJ33E+EgDrMr04RTMIqYsUUW5s+/4rusgFphWcvx0NnNGYhLxwv3HGCS67vTzfG2SJGYu VLB1YWLZvyl1rWt6oYGhp82pZbS4vGLVh5QM5r86idKGBpdsdzOsDcOlRpDwsNKFCJFv0YeCg XJgsbSmSP+XVk9BEz6ouI47jOic5UBkWqacPs34puXKn/r7ocNFHV5Z8V+1YfUg2GXPouWg1U cpJKJsJH8rmEnQ+uAzvjY4NzgajwUzaMMIAoAJZ9H5qKc/Yyhi/EBAkpPqyY+ab/lLQbw/0qH 1xjOpR+6kspKQ9DIMs02Nq48Ezkj3R8zk/0KaoK1UInHp8JdPjMvsI3pezMofo0hEBA+KrT6J VhdlJzkEMdwdOW6VrM/Tt3Wzlq203rPvQM+E= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:18 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090237718704629 X-GMAIL-MSGID: 1780090237718704629 Provide a new lsm hook which may be used to check permission on a device by its dev_t representation only. This could be used if an inode is not available and the security_inode_permission check is not applicable. A first lsm to use this will be the lately converted cgroup_device module, to allow permission checks inside driver implementations. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ac962c4cb44b..a868982725a9 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -275,6 +275,7 @@ LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) +LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..8bc6ac8816c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_dev_permission(umode_t mode, dev_t dev, int mask); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 23b129d482a7..40f6787df3b1 100644 --- a/security/security.c +++ b/security/security.c @@ -4016,6 +4016,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } EXPORT_SYMBOL(security_inode_getsecctx); +/** + * security_dev_permission() - Check if accessing a dev is allowed + * @mode: file mode holding device type + * @dev: device + * @mask: access mask + * + * Check permission before accessing an device by its major minor. + * This hook is called by drivers which may not have an inode but only + * the dev_t representation of a device to check permission. + * + * Return: Returns 0 if permission is granted. + */ +int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return call_int_hook(dev_permission, 0, mode, dev, mask); +} +EXPORT_SYMBOL(security_dev_permission); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted