From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v3 2/9] LSM: Identify the process attributes for each module
Date: Wed, 23 Nov 2022 12:15:45 -0800 [thread overview]
Message-ID: <20221123201552.7865-3-casey@schaufler-ca.com> (raw)
In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com>
Add an integer member "attrs_used" to the struct lsm_id which
identifies the API related data associated with each security
module. The initial set of features maps to information that
has traditionaly been available in /proc/self/attr. They are
documented in a new userspace-api file.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++
include/linux/lsm_hooks.h | 2 +
include/uapi/linux/lsm.h | 12 ++++++
security/apparmor/lsm.c | 1 +
security/selinux/hooks.c | 2 +
security/smack/smack_lsm.c | 1 +
7 files changed, 74 insertions(+)
create mode 100644 Documentation/userspace-api/lsm.rst
diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst
index c78da9ce0ec4..6feff0fcd88f 100644
--- a/Documentation/userspace-api/index.rst
+++ b/Documentation/userspace-api/index.rst
@@ -30,6 +30,7 @@ place where this information is gathered.
sysfs-platform_profile
vduse
futex2
+ lsm
.. only:: subproject and html
diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst
new file mode 100644
index 000000000000..6ddf5506110b
--- /dev/null
+++ b/Documentation/userspace-api/lsm.rst
@@ -0,0 +1,55 @@
+.. SPDX-License-Identifier: GPL-2.0
+.. Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
+.. Copyright (C) 2022 Intel Corporation
+
+=====================================
+Linux Security Modules
+=====================================
+
+:Author: Casey Schaufler
+:Date: November 2022
+
+Linux security modules (LSM) provide a mechanism to implement
+additional access controls to the Linux security policies.
+
+The various security modules may support any of these attributes:
+
+``LSM_ATTR_CURRENT`` is the current, active security context of the
+process.
+The proc filesystem provides this value in ``/proc/self/attr/current``.
+This is supported by the SELinux, Smack and AppArmor security modules.
+Smack also provides this value in ``/proc/self/attr/smack/current``.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/current``.
+
+``LSM_ATTR_EXEC`` is the security context of the process at the time the
+current image was executed.
+The proc filesystem provides this value in ``/proc/self/attr/exec``.
+This is supported by the SELinux and AppArmor security modules.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``.
+
+``LSM_ATTR_FSCREATE`` is the security context of the process used when
+creating file system objects.
+The proc filesystem provides this value in ``/proc/self/attr/fscreate``.
+This is supported by the SELinux security module.
+
+``LSM_ATTR_KEYCREATE`` is the security context of the process used when
+creating key objects.
+The proc filesystem provides this value in ``/proc/self/attr/keycreate``.
+This is supported by the SELinux security module.
+
+``LSM_ATTR_PREV`` is the security context of the process at the time the
+current security context was set.
+The proc filesystem provides this value in ``/proc/self/attr/prev``.
+This is supported by the SELinux and AppArmor security modules.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``.
+
+``LSM_ATTR_SOCKCREATE`` is the security context of the process used when
+creating socket objects.
+The proc filesystem provides this value in ``/proc/self/attr/sockcreate``.
+This is supported by the SELinux security module.
+
+Additional documentation
+========================
+
+* Documentation/security/lsm.rst
+* Documentation/security/lsm-development.rst
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d306db1044d1..7e88acc37a29 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1606,12 +1606,14 @@ struct security_hook_heads {
* struct lsm_id - identify a Linux Security Module.
* @lsm: Name of the LSM. Must be approved by the LSM maintainers.
* @id: LSM ID number from uapi/linux/lsm.h
+ * @attrs_used: Which attributes this LSM supports.
*
* Contains the information that identifies the LSM.
*/
struct lsm_id {
const u8 *lsm;
u32 id;
+ u64 attrs_used;
};
/*
diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h
index 47791c330cbf..8e9124bf622c 100644
--- a/include/uapi/linux/lsm.h
+++ b/include/uapi/linux/lsm.h
@@ -29,4 +29,16 @@
#define LSM_ID_BPF 110
#define LSM_ID_LANDLOCK 111
+/*
+ * LSM_ATTR_XXX values identify the /proc/.../attr entry that the
+ * context represents. Not all security modules provide all of these
+ * values. Some security modules provide none of them.
+ */
+#define LSM_ATTR_CURRENT 0x0001
+#define LSM_ATTR_EXEC 0x0002
+#define LSM_ATTR_FSCREATE 0x0004
+#define LSM_ATTR_KEYCREATE 0x0008
+#define LSM_ATTR_PREV 0x0010
+#define LSM_ATTR_SOCKCREATE 0x0020
+
#endif /* _UAPI_LINUX_LSM_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b859b1af6c75..3a6bf4f95d84 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1206,6 +1206,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
static struct lsm_id apparmor_lsmid __lsm_ro_after_init = {
.lsm = "apparmor",
.id = LSM_ID_APPARMOR,
+ .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_PREV | LSM_ATTR_EXEC,
};
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5fcce36267bd..e831d9c38c54 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7018,6 +7018,8 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
static struct lsm_id selinux_lsmid __lsm_ro_after_init = {
.lsm = "selinux",
.id = LSM_ID_SELINUX,
+ .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_EXEC | LSM_ATTR_FSCREATE |
+ LSM_ATTR_KEYCREATE | LSM_ATTR_PREV | LSM_ATTR_SOCKCREATE,
};
/*
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c7ba80e20b8d..c2a05217bde4 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4791,6 +4791,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
static struct lsm_id smack_lsmid __lsm_ro_after_init = {
.lsm = "smack",
.id = LSM_ID_SMACK,
+ .attrs_used = LSM_ATTR_CURRENT,
};
static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
--
2.38.1
next prev parent reply other threads:[~2022-11-23 20:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20221123201552.7865-1-casey.ref@schaufler-ca.com>
2022-11-23 20:15 ` [PATCH v3 0/9] LSM: Three basic syscalls Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 1/9] LSM: Identify modules by more than name Casey Schaufler
2022-11-24 5:40 ` Greg KH
2022-11-25 16:19 ` Mickaël Salaün
2022-11-28 3:48 ` Paul Moore
2022-11-28 7:51 ` Greg KH
2022-11-28 12:49 ` Paul Moore
2022-11-28 19:07 ` Casey Schaufler
2022-11-25 16:30 ` Mickaël Salaün
2022-11-28 3:52 ` Paul Moore
2022-11-23 20:15 ` Casey Schaufler [this message]
2022-11-25 16:41 ` [PATCH v3 2/9] LSM: Identify the process attributes for each module Mickaël Salaün
2022-11-25 18:27 ` Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 3/9] LSM: Maintain a table of LSM attribute data Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 4/9] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 5/9] LSM: lsm_get_self_attr syscall for LSM self attributes Casey Schaufler
2022-11-25 13:54 ` kernel test robot
2022-12-04 2:16 ` kernel test robot
2022-11-23 20:15 ` [PATCH v3 6/9] LSM: Create lsm_module_list system call Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 7/9] LSM: lsm_set_self_attr syscall for LSM self attributes Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 8/9] LSM: wireup Linux Security Module syscalls Casey Schaufler
2022-11-27 9:50 ` kernel test robot
2022-11-23 20:15 ` [PATCH v3 9/9] LSM: selftests for Linux Security Module infrastructure syscalls Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123201552.7865-3-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.