Add two system calls for the Linux Security Module ABI. lsm_self_attr() provides the security module specific attributes that have previously been visible in the /proc/self/attr directory. For each attribute that is set on the current process the system call will return an LSM identifier, an attribute identifier and the value of the attribute. The LSM and attribute identifier values are defined in include/uapi/linux/lsm.h lsm_module_list() provides the LSM identifiers, in order, of the security modules that are active on the system. This has been available in the securityfs file /sys/kernel/security/lsm. Patch 0001 changes the LSM registration from passing the name of the module to passing a lsm_id structure that contains the name of the module. Patch 0002 adds an LSM identifier number to the lsm_id structure. Patch 0003 adds an attribute identifier to the lsm_id. Patch 0004 adds the registered lsm_ids to a table. Patch 0005 changes security_[gs]etprocattr() to use LSM IDs instead of LSM names. Patch 0006 implements lsm_self_attr(). Patch 0007 implements lsm_module_list(). Patch 0008 wires up the two syscalls. Casey Schaufler (8): LSM: Identify modules by more than name LSM: Add an LSM identifier for external use LSM: Identify the process attributes for each module LSM: Maintain a table of LSM attribute data proc: Use lsmids instead of lsm names for attrs LSM: lsm_self_attr syscall for LSM self attributes LSM: Create lsm_module_list system call lsm: wireup syscalls lsm_self_attr and lsm_module_list arch/alpha/kernel/syscalls/syscall.tbl | 2 + arch/arm/tools/syscall.tbl | 2 + arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 2 + arch/m68k/kernel/syscalls/syscall.tbl | 2 + arch/microblaze/kernel/syscalls/syscall.tbl | 2 + arch/mips/kernel/syscalls/syscall_n32.tbl | 2 + arch/mips/kernel/syscalls/syscall_n64.tbl | 2 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 + arch/parisc/kernel/syscalls/syscall.tbl | 2 + arch/powerpc/kernel/syscalls/syscall.tbl | 2 + arch/s390/kernel/syscalls/syscall.tbl | 2 + arch/sh/kernel/syscalls/syscall.tbl | 2 + arch/sparc/kernel/syscalls/syscall.tbl | 2 + arch/x86/entry/syscalls/syscall_32.tbl | 2 + arch/x86/entry/syscalls/syscall_64.tbl | 2 + arch/xtensa/kernel/syscalls/syscall.tbl | 2 + fs/proc/base.c | 29 +-- fs/proc/internal.h | 2 +- include/linux/lsm_hooks.h | 13 +- include/linux/security.h | 28 ++- include/linux/syscalls.h | 3 + include/uapi/asm-generic/unistd.h | 5 +- include/uapi/linux/lsm.h | 67 ++++++ kernel/sys_ni.c | 4 + security/Makefile | 1 + security/apparmor/lsm.c | 9 +- security/bpf/hooks.c | 13 +- security/commoncap.c | 8 +- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 6 + security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 9 +- security/lockdown/lockdown.c | 8 +- security/lsm_syscalls.c | 194 ++++++++++++++++++ security/safesetid/lsm.c | 9 +- security/security.c | 37 +++- security/selinux/hooks.c | 11 +- security/smack/smack_lsm.c | 9 +- security/tomoyo/tomoyo.c | 9 +- security/yama/yama_lsm.c | 8 +- .../arch/mips/entry/syscalls/syscall_n64.tbl | 2 + .../arch/powerpc/entry/syscalls/syscall.tbl | 2 + .../perf/arch/s390/entry/syscalls/syscall.tbl | 2 + .../arch/x86/entry/syscalls/syscall_64.tbl | 2 + 47 files changed, 484 insertions(+), 47 deletions(-) create mode 100644 include/uapi/linux/lsm.h create mode 100644 security/lsm_syscalls.c base-commit: 247f34f7b80357943234f93f247a1ae6b6c3a740 -- 2.37.3
