From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
linux-security-module@vger.kernel.org,
dhowells@redhat.comcasey@schaufler-ca.comsds@tycho.nsa.gov,
nicolas.dichtel@6wind.com, raven@themaw.net,
christian@brauner.io, andres@anarazel.de, jlayton@redhat.com,
dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org,
linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.orglinux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 03/17] security: Add a hook for the point of notification insertion [ver #5]
Date: Wed, 18 Mar 2020 15:03:41 +0000 [thread overview]
Message-ID: <158454382138.2863966.4611034029343321389.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <158454378820.2863966.10496767254293183123.stgit@warthog.procyon.org.uk>
Add a security hook that allows an LSM to rule on whether a notification
message is allowed to be inserted into a particular watch queue.
The hook is given the following information:
(1) The credentials of the triggerer (which may be init_cred for a system
notification, eg. a hardware error).
(2) The credentials of the whoever set the watch.
(3) The notification message.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-security-module@vger.kernel.org
---
include/linux/lsm_hooks.h | 14 ++++++++++++++
include/linux/security.h | 14 ++++++++++++++
security/security.c | 9 +++++++++
3 files changed, 37 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 79d7c73676d7..16530255dc11 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1427,6 +1427,12 @@
* Check to see if a process is allowed to watch for event notifications
* from devices (as a global set).
*
+ * @post_notification:
+ * Check to see if a watch notification can be posted to a particular
+ * queue.
+ * @w_cred: The credentials of the whoever set the watch.
+ * @cred: The event-triggerer's credentials
+ * @n: The notification being posted
*
* Security hooks for using the eBPF maps and programs functionalities through
* eBPF syscalls.
@@ -1716,6 +1722,11 @@ union security_list_options {
#ifdef CONFIG_DEVICE_NOTIFICATIONS
int (*watch_devices)(void);
#endif
+#ifdef CONFIG_WATCH_QUEUE
+ int (*post_notification)(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n);
+#endif
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
@@ -2009,6 +2020,9 @@ struct security_hook_heads {
#ifdef CONFIG_DEVICE_NOTIFICATIONS
struct hlist_head watch_devices;
#endif
+#ifdef CONFIG_WATCH_QUEUE
+ struct hlist_head post_notification;
+#endif /* CONFIG_WATCH_QUEUE */
#ifdef CONFIG_SECURITY_NETWORK
struct hlist_head unix_stream_connect;
struct hlist_head unix_may_send;
diff --git a/include/linux/security.h b/include/linux/security.h
index 7a36064a64ea..910a1efa9a79 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -57,6 +57,8 @@ struct mm_struct;
struct fs_context;
struct fs_parameter;
enum fs_value_type;
+struct watch;
+struct watch_notification;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
@@ -1292,6 +1294,18 @@ static inline int security_watch_devices(void)
return 0;
}
#endif
+#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
+int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n);
+#else
+static inline int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n)
+{
+ return 0;
+}
+#endif
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/security/security.c b/security/security.c
index 22877f47cf62..db7b574c9c70 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1988,6 +1988,15 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_WATCH_QUEUE
+int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n)
+{
+ return call_int_hook(post_notification, 0, w_cred, cred, n);
+}
+#endif /* CONFIG_WATCH_QUEUE */
+
#ifdef CONFIG_KEY_NOTIFICATIONS
int security_watch_key(struct key *key)
{
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
linux-security-module@vger.kernel.org, dhowells@redhat.com,
casey@schaufler-ca.com, sds@tycho.nsa.gov,
nicolas.dichtel@6wind.com, raven@themaw.net,
christian@brauner.io, andres@anarazel.de, jlayton@redhat.com,
dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org,
linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 03/17] security: Add a hook for the point of notification insertion [ver #5]
Date: Wed, 18 Mar 2020 15:03:41 +0000 [thread overview]
Message-ID: <158454382138.2863966.4611034029343321389.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <158454378820.2863966.10496767254293183123.stgit@warthog.procyon.org.uk>
Add a security hook that allows an LSM to rule on whether a notification
message is allowed to be inserted into a particular watch queue.
The hook is given the following information:
(1) The credentials of the triggerer (which may be init_cred for a system
notification, eg. a hardware error).
(2) The credentials of the whoever set the watch.
(3) The notification message.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-security-module@vger.kernel.org
---
include/linux/lsm_hooks.h | 14 ++++++++++++++
include/linux/security.h | 14 ++++++++++++++
security/security.c | 9 +++++++++
3 files changed, 37 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 79d7c73676d7..16530255dc11 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1427,6 +1427,12 @@
* Check to see if a process is allowed to watch for event notifications
* from devices (as a global set).
*
+ * @post_notification:
+ * Check to see if a watch notification can be posted to a particular
+ * queue.
+ * @w_cred: The credentials of the whoever set the watch.
+ * @cred: The event-triggerer's credentials
+ * @n: The notification being posted
*
* Security hooks for using the eBPF maps and programs functionalities through
* eBPF syscalls.
@@ -1716,6 +1722,11 @@ union security_list_options {
#ifdef CONFIG_DEVICE_NOTIFICATIONS
int (*watch_devices)(void);
#endif
+#ifdef CONFIG_WATCH_QUEUE
+ int (*post_notification)(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n);
+#endif
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
@@ -2009,6 +2020,9 @@ struct security_hook_heads {
#ifdef CONFIG_DEVICE_NOTIFICATIONS
struct hlist_head watch_devices;
#endif
+#ifdef CONFIG_WATCH_QUEUE
+ struct hlist_head post_notification;
+#endif /* CONFIG_WATCH_QUEUE */
#ifdef CONFIG_SECURITY_NETWORK
struct hlist_head unix_stream_connect;
struct hlist_head unix_may_send;
diff --git a/include/linux/security.h b/include/linux/security.h
index 7a36064a64ea..910a1efa9a79 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -57,6 +57,8 @@ struct mm_struct;
struct fs_context;
struct fs_parameter;
enum fs_value_type;
+struct watch;
+struct watch_notification;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
@@ -1292,6 +1294,18 @@ static inline int security_watch_devices(void)
return 0;
}
#endif
+#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
+int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n);
+#else
+static inline int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n)
+{
+ return 0;
+}
+#endif
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/security/security.c b/security/security.c
index 22877f47cf62..db7b574c9c70 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1988,6 +1988,15 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_WATCH_QUEUE
+int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n)
+{
+ return call_int_hook(post_notification, 0, w_cred, cred, n);
+}
+#endif /* CONFIG_WATCH_QUEUE */
+
#ifdef CONFIG_KEY_NOTIFICATIONS
int security_watch_key(struct key *key)
{
next prev parent reply other threads:[~2020-03-18 15:03 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-18 15:03 [PATCH 00/17] pipe: Keyrings, mount and superblock notifications [ver #5] David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 15:03 ` [PATCH 01/17] uapi: General notification queue definitions " David Howells
2020-03-18 15:03 ` [PATCH 02/17] security: Add hooks to rule on setting a watch " David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 18:56 ` James Morris
2020-03-18 18:56 ` James Morris
2020-03-18 15:03 ` David Howells [this message]
2020-03-18 15:03 ` [PATCH 03/17] security: Add a hook for the point of notification insertion " David Howells
2020-03-18 18:57 ` James Morris
2020-03-18 18:57 ` James Morris
2020-03-18 15:03 ` [PATCH 04/17] pipe: Add O_NOTIFICATION_PIPE " David Howells
2020-03-18 15:03 ` [PATCH 05/17] pipe: Add general notification queue support " David Howells
2020-03-18 15:03 ` David Howells
2020-03-18 15:04 ` [PATCH 06/17] watch_queue: Add a key/keyring notification facility " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 19:04 ` James Morris
2020-03-18 19:04 ` James Morris
2020-03-18 15:04 ` [PATCH 07/17] Add sample notification program " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 08/17] pipe: Allow buffers to be marked read-whole-or-error for notifications " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 09/17] pipe: Add notification lossage handling " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:04 ` [PATCH 10/17] selinux: Implement the watch_key security hook " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 19:06 ` James Morris
2020-03-18 19:06 ` James Morris
2020-03-18 15:04 ` [PATCH 11/17] smack: Implement the watch_key and post_notification hooks " David Howells
2020-03-18 15:04 ` David Howells
2020-03-18 15:05 ` [PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 19:07 ` James Morris
2020-03-18 19:07 ` James Morris
2020-03-18 15:05 ` [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications " David Howells
2020-03-18 15:05 ` David Howells
2020-04-02 15:19 ` Miklos Szeredi
2020-04-02 15:19 ` Miklos Szeredi
2020-06-14 3:07 ` Ian Kent
2020-06-14 3:07 ` Ian Kent
2020-06-15 8:44 ` Miklos Szeredi
2020-06-15 8:44 ` Miklos Szeredi
2020-07-23 10:48 ` David Howells
2020-07-23 10:48 ` David Howells
2020-08-03 9:29 ` Miklos Szeredi
2020-08-03 9:29 ` Miklos Szeredi
2020-08-04 11:38 ` Ian Kent
2020-08-04 11:38 ` Ian Kent
2020-08-04 13:19 ` Miklos Szeredi
2020-08-04 13:19 ` Miklos Szeredi
2020-08-05 1:53 ` Ian Kent
2020-08-05 1:53 ` Ian Kent
2020-08-05 7:43 ` Miklos Szeredi
2020-08-05 7:43 ` Miklos Szeredi
2020-08-05 11:36 ` Ian Kent
2020-08-05 11:36 ` Ian Kent
2020-08-05 11:56 ` Miklos Szeredi
2020-08-05 11:56 ` Miklos Szeredi
2020-07-24 10:19 ` David Howells
2020-07-24 10:19 ` David Howells
2020-07-24 10:44 ` Ian Kent
2020-07-24 10:44 ` Ian Kent
2020-07-24 11:36 ` David Howells
2020-07-24 11:36 ` David Howells
2020-08-03 10:02 ` Miklos Szeredi
2020-08-03 10:02 ` Miklos Szeredi
2020-08-03 10:08 ` David Howells
2020-08-03 10:08 ` David Howells
2020-08-03 10:18 ` David Howells
2020-08-03 10:18 ` David Howells
2020-08-03 11:17 ` Miklos Szeredi
2020-08-03 11:17 ` Miklos Szeredi
2020-08-03 11:49 ` David Howells
2020-08-03 11:49 ` David Howells
2020-08-03 12:01 ` Ian Kent
2020-08-03 12:01 ` Ian Kent
2020-08-03 12:31 ` David Howells
2020-08-03 12:31 ` David Howells
2020-08-03 14:30 ` Ian Kent
2020-08-03 14:30 ` Ian Kent
2020-03-18 15:05 ` [PATCH 14/17] watch_queue: sample: Display mount tree " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 15:05 ` [PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID " David Howells
2020-03-18 15:05 ` [PATCH 16/17] watch_queue: Add superblock notifications " David Howells
2020-03-18 15:05 ` David Howells
2020-03-18 15:05 ` [PATCH 17/17] watch_queue: sample: Display " David Howells
2020-03-18 15:05 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=158454382138.2863966.4611034029343321389.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.comcasey \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.