From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
linux-security-module@vger.kernel.org,
dhowells@redhat.comcasey@schaufler-ca.comsds@tycho.nsa.gov,
nicolas.dichtel@6wind.com, raven@themaw.net,
christian@brauner.io, andres@anarazel.de, jlayton@redhat.com,
dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org,
linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.orglinux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 02/17] security: Add hooks to rule on setting a watch [ver #5]
Date: Wed, 18 Mar 2020 15:03:30 +0000 [thread overview]
Message-ID: <158454381028.2863966.13720387027986442186.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <158454378820.2863966.10496767254293183123.stgit@warthog.procyon.org.uk>
Add security hooks that will allow an LSM to rule on whether or not a watch
may be set. More than one hook is required as the watches watch different
types of object.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-security-module@vger.kernel.org
---
include/linux/lsm_hooks.h | 24 ++++++++++++++++++++++++
include/linux/security.h | 17 +++++++++++++++++
security/security.c | 14 ++++++++++++++
3 files changed, 55 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 20d8cf194fb7..79d7c73676d7 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1416,6 +1416,18 @@
* @ctx is a pointer in which to place the allocated security context.
* @ctxlen points to the place to put the length of @ctx.
*
+ * Security hooks for the general notification queue:
+ *
+ * @watch_key:
+ * Check to see if a process is allowed to watch for event notifications
+ * from a key or keyring.
+ * @key: The key to watch.
+ *
+ * @watch_devices:
+ * Check to see if a process is allowed to watch for event notifications
+ * from devices (as a global set).
+ *
+ *
* Security hooks for using the eBPF maps and programs functionalities through
* eBPF syscalls.
*
@@ -1698,6 +1710,12 @@ union security_list_options {
int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+#ifdef CONFIG_KEY_NOTIFICATIONS
+ int (*watch_key)(struct key *key);
+#endif
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+ int (*watch_devices)(void);
+#endif
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
@@ -1985,6 +2003,12 @@ struct security_hook_heads {
struct hlist_head inode_notifysecctx;
struct hlist_head inode_setsecctx;
struct hlist_head inode_getsecctx;
+#ifdef CONFIG_KEY_NOTIFICATIONS
+ struct hlist_head watch_key;
+#endif
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+ struct hlist_head watch_devices;
+#endif
#ifdef CONFIG_SECURITY_NETWORK
struct hlist_head unix_stream_connect;
struct hlist_head unix_may_send;
diff --git a/include/linux/security.h b/include/linux/security.h
index 64b19f050343..7a36064a64ea 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1276,6 +1276,23 @@ static inline int security_locked_down(enum lockdown_reason what)
}
#endif /* CONFIG_SECURITY */
+#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
+int security_watch_key(struct key *key);
+#else
+static inline int security_watch_key(struct key *key)
+{
+ return 0;
+}
+#endif
+#if defined(CONFIG_SECURITY) && defined(CONFIG_DEVICE_NOTIFICATIONS)
+int security_watch_devices(void);
+#else
+static inline int security_watch_devices(void)
+{
+ return 0;
+}
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
diff --git a/security/security.c b/security/security.c
index 565bc9b67276..22877f47cf62 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1988,6 +1988,20 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_KEY_NOTIFICATIONS
+int security_watch_key(struct key *key)
+{
+ return call_int_hook(watch_key, 0, key);
+}
+#endif
+
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+int security_watch_devices(void)
+{
+ return call_int_hook(watch_devices, 0);
+}
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
linux-security-module@vger.kernel.org, dhowells@redhat.com,
casey@schaufler-ca.com, sds@tycho.nsa.gov,
nicolas.dichtel@6wind.com, raven@themaw.net,
christian@brauner.io, andres@anarazel.de, jlayton@redhat.com,
dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org,
linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 02/17] security: Add hooks to rule on setting a watch [ver #5]
Date: Wed, 18 Mar 2020 15:03:30 +0000 [thread overview]
Message-ID: <158454381028.2863966.13720387027986442186.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <158454378820.2863966.10496767254293183123.stgit@warthog.procyon.org.uk>
Add security hooks that will allow an LSM to rule on whether or not a watch
may be set. More than one hook is required as the watches watch different
types of object.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-security-module@vger.kernel.org
---
include/linux/lsm_hooks.h | 24 ++++++++++++++++++++++++
include/linux/security.h | 17 +++++++++++++++++
security/security.c | 14 ++++++++++++++
3 files changed, 55 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 20d8cf194fb7..79d7c73676d7 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1416,6 +1416,18 @@
* @ctx is a pointer in which to place the allocated security context.
* @ctxlen points to the place to put the length of @ctx.
*
+ * Security hooks for the general notification queue:
+ *
+ * @watch_key:
+ * Check to see if a process is allowed to watch for event notifications
+ * from a key or keyring.
+ * @key: The key to watch.
+ *
+ * @watch_devices:
+ * Check to see if a process is allowed to watch for event notifications
+ * from devices (as a global set).
+ *
+ *
* Security hooks for using the eBPF maps and programs functionalities through
* eBPF syscalls.
*
@@ -1698,6 +1710,12 @@ union security_list_options {
int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+#ifdef CONFIG_KEY_NOTIFICATIONS
+ int (*watch_key)(struct key *key);
+#endif
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+ int (*watch_devices)(void);
+#endif
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
@@ -1985,6 +2003,12 @@ struct security_hook_heads {
struct hlist_head inode_notifysecctx;
struct hlist_head inode_setsecctx;
struct hlist_head inode_getsecctx;
+#ifdef CONFIG_KEY_NOTIFICATIONS
+ struct hlist_head watch_key;
+#endif
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+ struct hlist_head watch_devices;
+#endif
#ifdef CONFIG_SECURITY_NETWORK
struct hlist_head unix_stream_connect;
struct hlist_head unix_may_send;
diff --git a/include/linux/security.h b/include/linux/security.h
index 64b19f050343..7a36064a64ea 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1276,6 +1276,23 @@ static inline int security_locked_down(enum lockdown_reason what)
}
#endif /* CONFIG_SECURITY */
+#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
+int security_watch_key(struct key *key);
+#else
+static inline int security_watch_key(struct key *key)
+{
+ return 0;
+}
+#endif
+#if defined(CONFIG_SECURITY) && defined(CONFIG_DEVICE_NOTIFICATIONS)
+int security_watch_devices(void);
+#else
+static inline int security_watch_devices(void)
+{
+ return 0;
+}
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
diff --git a/security/security.c b/security/security.c
index 565bc9b67276..22877f47cf62 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1988,6 +1988,20 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_KEY_NOTIFICATIONS
+int security_watch_key(struct key *key)
+{
+ return call_int_hook(watch_key, 0, key);
+}
+#endif
+
+#ifdef CONFIG_DEVICE_NOTIFICATIONS
+int security_watch_devices(void)
+{
+ return call_int_hook(watch_devices, 0);
+}
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
next prev parent reply other threads:[~2020-03-18 15:03 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-18 15:03 [PATCH 00/17] pipe: Keyrings, mount and superblock notifications [ver #5] David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 15:03 ` [PATCH 01/17] uapi: General notification queue definitions " David Howells
2020-03-18 15:03 ` David Howells [this message]
2020-03-18 15:03 ` [PATCH 02/17] security: Add hooks to rule on setting a watch " David Howells
2020-03-18 18:56 ` James Morris
2020-03-18 18:56 ` James Morris
2020-03-18 15:03 ` [PATCH 03/17] security: Add a hook for the point of notification insertion " David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 18:57 ` James Morris
2020-03-18 18:57 ` James Morris
2020-03-18 15:03 ` [PATCH 04/17] pipe: Add O_NOTIFICATION_PIPE " David Howells
2020-03-18 15:03 ` [PATCH 05/17] pipe: Add general notification queue support " David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 15:04 ` [PATCH 06/17] watch_queue: Add a key/keyring notification facility " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 19:04 ` James Morris
2020-03-18 19:04 ` James Morris
2020-03-18 15:04 ` [PATCH 07/17] Add sample notification program " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 08/17] pipe: Allow buffers to be marked read-whole-or-error for notifications " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 09/17] pipe: Add notification lossage handling " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 10/17] selinux: Implement the watch_key security hook " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 19:06 ` James Morris
2020-03-18 19:06 ` James Morris
2020-03-18 15:04 ` [PATCH 11/17] smack: Implement the watch_key and post_notification hooks " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:05 ` [PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 19:07 ` James Morris
2020-03-18 19:07 ` James Morris
2020-03-18 15:05 ` [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications " David Howells
2020-03-18 15:05 ` David Howells
2020-04-02 15:19 ` Miklos Szeredi
2020-04-02 15:19 ` Miklos Szeredi
2020-06-14 3:07 ` Ian Kent
2020-06-14 3:07 ` Ian Kent
2020-06-15 8:44 ` Miklos Szeredi
2020-06-15 8:44 ` Miklos Szeredi
2020-07-23 10:48 ` David Howells
2020-07-23 10:48 ` David Howells
2020-08-03 9:29 ` Miklos Szeredi
2020-08-03 9:29 ` Miklos Szeredi
2020-08-04 11:38 ` Ian Kent
2020-08-04 11:38 ` Ian Kent
2020-08-04 13:19 ` Miklos Szeredi
2020-08-04 13:19 ` Miklos Szeredi
2020-08-05 1:53 ` Ian Kent
2020-08-05 1:53 ` Ian Kent
2020-08-05 7:43 ` Miklos Szeredi
2020-08-05 7:43 ` Miklos Szeredi
2020-08-05 11:36 ` Ian Kent
2020-08-05 11:36 ` Ian Kent
2020-08-05 11:56 ` Miklos Szeredi
2020-08-05 11:56 ` Miklos Szeredi
2020-07-24 10:19 ` David Howells
2020-07-24 10:19 ` David Howells
2020-07-24 10:44 ` Ian Kent
2020-07-24 10:44 ` Ian Kent
2020-07-24 11:36 ` David Howells
2020-07-24 11:36 ` David Howells
2020-08-03 10:02 ` Miklos Szeredi
2020-08-03 10:02 ` Miklos Szeredi
2020-08-03 10:08 ` David Howells
2020-08-03 10:08 ` David Howells
2020-08-03 10:18 ` David Howells
2020-08-03 10:18 ` David Howells
2020-08-03 11:17 ` Miklos Szeredi
2020-08-03 11:17 ` Miklos Szeredi
2020-08-03 11:49 ` David Howells
2020-08-03 11:49 ` David Howells
2020-08-03 12:01 ` Ian Kent
2020-08-03 12:01 ` Ian Kent
2020-08-03 12:31 ` David Howells
2020-08-03 12:31 ` David Howells
2020-08-03 14:30 ` Ian Kent
2020-08-03 14:30 ` Ian Kent
2020-03-18 15:05 ` [PATCH 14/17] watch_queue: sample: Display mount tree " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 15:05 ` [PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID " David Howells
2020-03-18 15:05 ` [PATCH 16/17] watch_queue: Add superblock notifications " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 15:05 ` [PATCH 17/17] watch_queue: sample: Display " David Howells
2020-03-18 15:05 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=158454381028.2863966.13720387027986442186.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.comcasey \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.