From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v3 2/9] LSM: Identify the process attributes for each module
Date: Wed, 23 Nov 2022 12:15:45 -0800 [thread overview]
Message-ID: <20221123201552.7865-3-casey@schaufler-ca.com> (raw)
In-Reply-To: <20221123201552.7865-1-casey@schaufler-ca.com>
Add an integer member "attrs_used" to the struct lsm_id which
identifies the API related data associated with each security
module. The initial set of features maps to information that
has traditionaly been available in /proc/self/attr. They are
documented in a new userspace-api file.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/lsm.rst | 55 +++++++++++++++++++++++++++
include/linux/lsm_hooks.h | 2 +
include/uapi/linux/lsm.h | 12 ++++++
security/apparmor/lsm.c | 1 +
security/selinux/hooks.c | 2 +
security/smack/smack_lsm.c | 1 +
7 files changed, 74 insertions(+)
create mode 100644 Documentation/userspace-api/lsm.rst
diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst
index c78da9ce0ec4..6feff0fcd88f 100644
--- a/Documentation/userspace-api/index.rst
+++ b/Documentation/userspace-api/index.rst
@@ -30,6 +30,7 @@ place where this information is gathered.
sysfs-platform_profile
vduse
futex2
+ lsm
.. only:: subproject and html
diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst
new file mode 100644
index 000000000000..6ddf5506110b
--- /dev/null
+++ b/Documentation/userspace-api/lsm.rst
@@ -0,0 +1,55 @@
+.. SPDX-License-Identifier: GPL-2.0
+.. Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
+.. Copyright (C) 2022 Intel Corporation
+
+=====================================
+Linux Security Modules
+=====================================
+
+:Author: Casey Schaufler
+:Date: November 2022
+
+Linux security modules (LSM) provide a mechanism to implement
+additional access controls to the Linux security policies.
+
+The various security modules may support any of these attributes:
+
+``LSM_ATTR_CURRENT`` is the current, active security context of the
+process.
+The proc filesystem provides this value in ``/proc/self/attr/current``.
+This is supported by the SELinux, Smack and AppArmor security modules.
+Smack also provides this value in ``/proc/self/attr/smack/current``.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/current``.
+
+``LSM_ATTR_EXEC`` is the security context of the process at the time the
+current image was executed.
+The proc filesystem provides this value in ``/proc/self/attr/exec``.
+This is supported by the SELinux and AppArmor security modules.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/exec``.
+
+``LSM_ATTR_FSCREATE`` is the security context of the process used when
+creating file system objects.
+The proc filesystem provides this value in ``/proc/self/attr/fscreate``.
+This is supported by the SELinux security module.
+
+``LSM_ATTR_KEYCREATE`` is the security context of the process used when
+creating key objects.
+The proc filesystem provides this value in ``/proc/self/attr/keycreate``.
+This is supported by the SELinux security module.
+
+``LSM_ATTR_PREV`` is the security context of the process at the time the
+current security context was set.
+The proc filesystem provides this value in ``/proc/self/attr/prev``.
+This is supported by the SELinux and AppArmor security modules.
+AppArmor also provides this value in ``/proc/self/attr/apparmor/prev``.
+
+``LSM_ATTR_SOCKCREATE`` is the security context of the process used when
+creating socket objects.
+The proc filesystem provides this value in ``/proc/self/attr/sockcreate``.
+This is supported by the SELinux security module.
+
+Additional documentation
+========================
+
+* Documentation/security/lsm.rst
+* Documentation/security/lsm-development.rst
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d306db1044d1..7e88acc37a29 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1606,12 +1606,14 @@ struct security_hook_heads {
* struct lsm_id - identify a Linux Security Module.
* @lsm: Name of the LSM. Must be approved by the LSM maintainers.
* @id: LSM ID number from uapi/linux/lsm.h
+ * @attrs_used: Which attributes this LSM supports.
*
* Contains the information that identifies the LSM.
*/
struct lsm_id {
const u8 *lsm;
u32 id;
+ u64 attrs_used;
};
/*
diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h
index 47791c330cbf..8e9124bf622c 100644
--- a/include/uapi/linux/lsm.h
+++ b/include/uapi/linux/lsm.h
@@ -29,4 +29,16 @@
#define LSM_ID_BPF 110
#define LSM_ID_LANDLOCK 111
+/*
+ * LSM_ATTR_XXX values identify the /proc/.../attr entry that the
+ * context represents. Not all security modules provide all of these
+ * values. Some security modules provide none of them.
+ */
+#define LSM_ATTR_CURRENT 0x0001
+#define LSM_ATTR_EXEC 0x0002
+#define LSM_ATTR_FSCREATE 0x0004
+#define LSM_ATTR_KEYCREATE 0x0008
+#define LSM_ATTR_PREV 0x0010
+#define LSM_ATTR_SOCKCREATE 0x0020
+
#endif /* _UAPI_LINUX_LSM_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b859b1af6c75..3a6bf4f95d84 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1206,6 +1206,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
static struct lsm_id apparmor_lsmid __lsm_ro_after_init = {
.lsm = "apparmor",
.id = LSM_ID_APPARMOR,
+ .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_PREV | LSM_ATTR_EXEC,
};
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5fcce36267bd..e831d9c38c54 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7018,6 +7018,8 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
static struct lsm_id selinux_lsmid __lsm_ro_after_init = {
.lsm = "selinux",
.id = LSM_ID_SELINUX,
+ .attrs_used = LSM_ATTR_CURRENT | LSM_ATTR_EXEC | LSM_ATTR_FSCREATE |
+ LSM_ATTR_KEYCREATE | LSM_ATTR_PREV | LSM_ATTR_SOCKCREATE,
};
/*
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c7ba80e20b8d..c2a05217bde4 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4791,6 +4791,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
static struct lsm_id smack_lsmid __lsm_ro_after_init = {
.lsm = "smack",
.id = LSM_ID_SMACK,
+ .attrs_used = LSM_ATTR_CURRENT,
};
static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
--
2.38.1
next prev parent reply other threads:[~2022-11-23 20:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20221123201552.7865-1-casey.ref@schaufler-ca.com>
2022-11-23 20:15 ` [PATCH v3 0/9] LSM: Three basic syscalls Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 1/9] LSM: Identify modules by more than name Casey Schaufler
2022-11-24 5:40 ` Greg KH
2022-11-25 16:19 ` Mickaël Salaün
2022-11-28 3:48 ` Paul Moore
2022-11-28 7:51 ` Greg KH
2022-11-28 12:49 ` Paul Moore
2022-11-28 19:07 ` Casey Schaufler
2022-11-25 16:30 ` Mickaël Salaün
2022-11-28 3:52 ` Paul Moore
2022-11-23 20:15 ` Casey Schaufler [this message]
2022-11-25 16:41 ` [PATCH v3 2/9] LSM: Identify the process attributes for each module Mickaël Salaün
2022-11-25 18:27 ` Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 3/9] LSM: Maintain a table of LSM attribute data Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 4/9] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 5/9] LSM: lsm_get_self_attr syscall for LSM self attributes Casey Schaufler
2022-11-25 13:54 ` kernel test robot
2022-12-04 2:16 ` kernel test robot
2022-11-23 20:15 ` [PATCH v3 6/9] LSM: Create lsm_module_list system call Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 7/9] LSM: lsm_set_self_attr syscall for LSM self attributes Casey Schaufler
2022-11-23 20:15 ` [PATCH v3 8/9] LSM: wireup Linux Security Module syscalls Casey Schaufler
2022-11-27 9:50 ` kernel test robot
2022-11-23 20:15 ` [PATCH v3 9/9] LSM: selftests for Linux Security Module infrastructure syscalls Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123201552.7865-3-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).