From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v1 7/8] LSM: Create lsm_module_list system call
Date: Wed, 23 Nov 2022 11:57:42 -0800 [thread overview]
Message-ID: <20221123195744.7738-8-casey@schaufler-ca.com> (raw)
In-Reply-To: <20221123195744.7738-1-casey@schaufler-ca.com>
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
The calling application can use this list determine what LSM
specific actions it might take. That might include chosing an
output format, determining required privilege or bypassing
security module specific behavior.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/syscalls.h | 1 +
kernel/sys_ni.c | 1 +
security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+)
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 2d9033e9e5a0..02bb82142e24 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -1058,6 +1058,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l
unsigned long home_node,
unsigned long flags);
asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags);
+asmlinkage long sys_lsm_module_list(unsigned int *ids, size_t *size, int flags);
/*
* Architecture-specific system calls
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index 0fdb0341251d..bde9e74a3473 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -264,6 +264,7 @@ COND_SYSCALL(mremap);
/* security/lsm_syscalls.c */
COND_SYSCALL(lsm_self_attr);
+COND_SYSCALL(lsm_module_list);
/* security/keys/keyctl.c */
COND_SYSCALL(add_key);
diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c
index da0fab7065e2..cd5db370b974 100644
--- a/security/lsm_syscalls.c
+++ b/security/lsm_syscalls.c
@@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr,
kfree(final);
return rc;
}
+
+/**
+ * lsm_module_list - Return a list of the active security modules
+ * @ids: the LSM module ids
+ * @size: size of @ids, updated on return
+ * @flags: reserved for future use, must be zero
+ *
+ * Returns a list of the active LSM ids. On success this function
+ * returns the number of @ids array elements. This value may be zero
+ * if there are no LSMs active. If @size is insufficient to contain
+ * the return data -E2BIG is returned and @size is set to the minimum
+ * required size. In all other cases a negative value indicating the
+ * error is returned.
+ */
+SYSCALL_DEFINE3(lsm_module_list,
+ unsigned int __user *, ids,
+ size_t __user *, size,
+ unsigned int, flags)
+{
+ size_t total_size = lsm_id * sizeof(*ids);
+ size_t usize;
+ int i;
+
+ if (get_user(usize, size))
+ return -EFAULT;
+
+ if (put_user(total_size, size) != 0)
+ return -EFAULT;
+
+ if (usize < total_size)
+ return -E2BIG;
+
+ for (i = 0; i < lsm_id; i++)
+ if (put_user(lsm_idlist[i]->id, ids++))
+ return -EFAULT;
+
+ return lsm_id;
+}
--
2.37.3
next prev parent reply other threads:[~2022-11-23 20:02 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20221123195744.7738-1-casey.ref@schaufler-ca.com>
2022-11-23 19:57 ` [PATCH v1 0/8] LSM: Two basic syscalls Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 1/8] LSM: Identify modules by more than name Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 2/8] LSM: Add an LSM identifier for external use Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 3/8] LSM: Identify the process attributes for each module Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 4/8] LSM: Maintain a table of LSM attribute data Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 5/8] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2022-11-23 19:57 ` [PATCH v1 6/8] LSM: lsm_self_attr syscall for LSM self attributes Casey Schaufler
2022-11-23 19:57 ` Casey Schaufler [this message]
2022-11-23 19:57 ` [PATCH v1 8/8] lsm: wireup syscalls lsm_self_attr and lsm_module_list Casey Schaufler
2022-11-23 20:11 ` [PATCH v1 0/8] LSM: Two basic syscalls Casey Schaufler
2022-10-25 18:45 Casey Schaufler
2022-10-25 18:45 ` [PATCH v1 7/8] LSM: Create lsm_module_list system call Casey Schaufler
2022-10-26 6:02 ` Greg KH
2022-10-26 12:07 ` kernel test robot
2022-11-09 23:35 ` Paul Moore
2022-11-10 1:37 ` Casey Schaufler
2022-11-10 3:17 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123195744.7738-8-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.