On 21/10/2022 17:26, Konstantin Meskhidze wrote:
Modifies landlock_add_rule() syscall to support new rule types in future
Change the landlock_add_rule() syscall…
Landlock versions. Adds add_rule_path_beneath() helper to support
Add the…
current filesystem rules.
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
---
Changes since v7:
* None
Changes since v6:
* None
Changes since v5:
* Refactors syscall landlock_add_rule() and add_rule_path_beneath() helper
to make argument check ordering consistent and get rid of partial revertings
in following patches.
* Rolls back refactoring base_test.c seltest.
* Formats code with clang-format-14.
Changes since v4:
* Refactors add_rule_path_beneath() and landlock_add_rule() functions
to optimize code usage.
* Refactors base_test.c seltest: adds LANDLOCK_RULE_PATH_BENEATH
rule type in landlock_add_rule() call.
Changes since v3:
* Split commit.
* Refactors landlock_add_rule syscall.
---
security/landlock/syscalls.c | 92 +++++++++++++++++++-----------------
1 file changed, 48 insertions(+), 44 deletions(-)
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 71aca7f990bc..87389d7bfbf2 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -274,6 +274,47 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
return err;
}
+static int add_rule_path_beneath(struct landlock_ruleset *const ruleset,
+ const void __user *const rule_attr)
+{
+ struct landlock_path_beneath_attr path_beneath_attr;
+ struct path path;
+ int res, err;
+ u32 mask;
access_mask_t mask;
