On 21/08/2017 02:09, Mickaël Salaün wrote: > Handle 33 filesystem-related LSM hooks for the Landlock filesystem > event: LANDLOCK_SUBTYPE_EVENT_FS. > > A Landlock event wrap LSM hooks for similar kernel object types (e.g. > struct file, struct path...). Multiple LSM hooks can trigger the same > Landlock event. > > Landlock handle nine coarse-grained actions: read, write, execute, new, > get, remove, ioctl, lock and fcntl. Each of them abstract LSM hook > access control in a way that can be extended in the future. > > The Landlock LSM hook registration is done after other LSM to only run > actions from user-space, via eBPF programs, if the access was granted by > major (privileged) LSMs. > > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx> > Cc: Alexei Starovoitov <ast@xxxxxxxxxx> > Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx> > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > Cc: James Morris <james.l.morris@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Serge E. Hallyn <serge@xxxxxxxxxx> > --- > > Changes since v6: > * add 3 more sub-events: IOCTL, LOCK, FCNTL > https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@xxxxxxxxxxx > * use the new security_add_hooks() > * explain the -Werror=unused-function > * constify pointers > * cleanup headers > > Changes since v5: > * split hooks.[ch] into hooks.[ch] and hooks_fs.[ch] > * add more documentation > * cosmetic fixes > * rebase (SCALAR_VALUE) > > Changes since v4: > * add LSM hook abstraction called Landlock event > * use the compiler type checking to verify hooks use by an event > * handle all filesystem related LSM hooks (e.g. file_permission, > mmap_file, sb_mount...) > * register BPF programs for Landlock just after LSM hooks registration > * move hooks registration after other LSMs > * add failsafes to check if a hook is not used by the kernel > * allow partial raw value access form the context (needed for programs > generated by LLVM) > > Changes since v3: > * split commit > * add hooks dealing with struct inode and struct path pointers: > inode_permission and inode_getattr > * add abstraction over eBPF helper arguments thanks to wrapping structs > --- > include/linux/lsm_hooks.h | 5 + > security/landlock/Makefile | 7 +- > security/landlock/common.h | 2 + > security/landlock/hooks.c | 83 ++++++ > security/landlock/hooks.h | 177 +++++++++++++ > security/landlock/hooks_fs.c | 586 +++++++++++++++++++++++++++++++++++++++++++ > security/landlock/hooks_fs.h | 19 ++ > security/landlock/init.c | 10 + > security/security.c | 12 +- > 9 files changed, 899 insertions(+), 2 deletions(-) > create mode 100644 security/landlock/hooks.c > create mode 100644 security/landlock/hooks.h > create mode 100644 security/landlock/hooks_fs.c > create mode 100644 security/landlock/hooks_fs.h > diff --git a/security/landlock/init.c b/security/landlock/init.c > index 09acbc74abd6..1e6660fed697 100644 > --- a/security/landlock/init.c > +++ b/security/landlock/init.c > @@ -10,8 +10,10 @@ > > #include <linux/bpf.h> /* enum bpf_access_type */ > #include <linux/capability.h> /* capable */ > +#include <linux/lsm_hooks.h> > > #include "common.h" /* LANDLOCK_* */ > +#include "hooks_fs.h" > > > static inline bool bpf_landlock_is_valid_access(int off, int size, > @@ -23,6 +25,8 @@ static inline bool bpf_landlock_is_valid_access(int off, int size, > > switch (prog_subtype->landlock_rule.event) { > case LANDLOCK_SUBTYPE_EVENT_FS: > + return landlock_is_valid_access_event_FS(off, size, type, > + &info->reg_type, prog_subtype); I forgot to handle LANDLOCK_SUBTYPE_EVENT_FS_{IOCTL,LOCK_FCNTL} here and I included some hunks in the wrong patches. I will fix this in the next series and add tests for those anyway. :) Regards, Mickaël
Attachment:
signature.asc
Description: OpenPGP digital signature
