On 9/24/2020 1:51 AM, Richard Haines wrote:
> The GTP security hooks are explained in:
> Documentation/security/GTP.rst
>
> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> ---
> Documentation/security/GTP.rst | 39 ++++++++++++++++++++++++++++++++
> Documentation/security/index.rst | 1 +
> include/linux/lsm_hook_defs.h | 3 +++
> include/linux/lsm_hooks.h | 16 +++++++++++++
> include/linux/security.h | 19 ++++++++++++++++
> security/security.c | 18 +++++++++++++++
> 6 files changed, 96 insertions(+)
> create mode 100644 Documentation/security/GTP.rst
>
> diff --git a/Documentation/security/GTP.rst b/Documentation/security/GTP.rst
> new file mode 100644
> index 000000000..e307d0b59
> --- /dev/null
> +++ b/Documentation/security/GTP.rst
> @@ -0,0 +1,39 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +=============================
> +GPRS Tunneling Protocol (GTP)
> +=============================
> +
> +GTP LSM Support
> +===============
> +
> +Security Hooks
> +--------------
> +For security module support, three GTP specific hooks have been implemented::
> +
> + security_gtp_dev_add()
> + security_gtp_dev_del()
> + security_gtp_dev_cmd()
> +
> +
> +security_gtp_dev_add()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to allocate a security structure for a GTP device. Returns a
> +zero on success, negative values on failure.
> +If successful the GTP device ``struct gtp_dev`` will hold the allocated
> +pointer in ``void *security;``.
> +
> +
> +security_gtp_dev_del()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to free the security structure for a GTP device. Returns a
> +zero on success, negative values on failure.
> +
> +
> +security_gtp_dev_cmd()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to validate a command for the selected GTP device. Returns a
> +zero on success, negative values on failure. The commands are based on values
> +from ``include/uapi/linux/gtp.h`` as follows::
> +
> +``enum gtp_genl_cmds { GTP_CMD_NEWPDP, GTP_CMD_DELPDP, GTP_CMD_GETPDP };``
> diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst
> index 8129405eb..cdbdaa83b 100644
> --- a/Documentation/security/index.rst
> +++ b/Documentation/security/index.rst
> @@ -16,3 +16,4 @@ Security Documentation
> siphash
> tpm/index
> digsig
> + GTP
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 2a8c74d99..a994417fb 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -322,6 +322,9 @@ LSM_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
> struct sockaddr *address, int addrlen)
> LSM_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_endpoint *ep,
> struct sock *sk, struct sock *newsk)
> +LSM_HOOK(int, 0, gtp_dev_add, void **security)
This should be gtp_dev_alloc by convention.
> +LSM_HOOK(int, 0, gtp_dev_del, void *security)
This should be gtp_dev_free by convention.
> +LSM_HOOK(int, 0, gtp_dev_cmd, void *security, enum gtp_genl_cmds cmd)
Please pass a pointer to the structure that contains the security blob,
not the pointer to the blob itself in these hooks.
> #endif /* CONFIG_SECURITY_NETWORK */
>
> #ifdef CONFIG_SECURITY_INFINIBAND
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 9e2e3e637..3d6888d51 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -982,6 +982,22 @@
> * This hook can be used by the module to update any security state
> * associated with the TUN device's security structure.
> * @security pointer to the TUN devices's security structure.
> + * @gtp_dev_add:
> + * This hook allows a module to allocate a security structure for a GTP
> + * device.
> + * @security pointer to a security structure pointer.
change per earlier comments.
> + * Returns a zero on success, negative values on failure.
> + * @gtp_dev_del:
> + * This hook allows a module to free the security structure for a GTP
> + * device.
> + * @security pointer to the GTP device's security structure.
change per earlier comments.
> + * Returns a zero on success, negative values on failure.
> + * @gtp_dev_cmd:
> + * This hook allows a module to free the security structure for a GTP
> + * device.
> + * @security pointer to the GTP device's security structure.
change per earlier comments.
> + * @cmd contains the GTP command.
> + * Returns a zero on success, negative values on failure.
> *
> * Security hooks for SCTP
> *
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 0a0a03b36..67ff43afa 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -30,6 +30,7 @@
> #include <linux/err.h>
> #include <linux/string.h>
> #include <linux/mm.h>
> +#include <linux/gtp.h>
>
> struct linux_binprm;
> struct cred;
> @@ -1365,6 +1366,9 @@ int security_sctp_bind_connect(struct sock *sk, int optname,
> struct sockaddr *address, int addrlen);
> void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
> struct sock *newsk);
> +int security_gtp_dev_add(void **security);
> +int security_gtp_dev_del(void *security);
> +int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd);
>
> #else /* CONFIG_SECURITY_NETWORK */
> static inline int security_unix_stream_connect(struct sock *sock,
> @@ -1582,6 +1586,21 @@ static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
> struct sock *newsk)
> {
> }
> +
> +static inline int security_gtp_dev_add(void **security)
> +{
> + return 0;
> +}
> +
> +static inline int security_gtp_dev_del(void *security)
> +{
> + return 0;
> +}
> +
> +static inline int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd)
> +{
> + return 0;
> +}
> #endif /* CONFIG_SECURITY_NETWORK */
>
> #ifdef CONFIG_SECURITY_INFINIBAND
> diff --git a/security/security.c b/security/security.c
> index 70a7ad357..63b656848 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2304,6 +2304,24 @@ void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
> }
> EXPORT_SYMBOL(security_sctp_sk_clone);
>
> +int security_gtp_dev_add(void **security)
> +{
> + return call_int_hook(gtp_dev_add, 0, security);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_add);
> +
> +int security_gtp_dev_del(void *security)
> +{
> + return call_int_hook(gtp_dev_del, 0, security);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_del);
> +
> +int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd)
> +{
> + return call_int_hook(gtp_dev_cmd, 0, security, cmd);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_cmd);
> +
> #endif /* CONFIG_SECURITY_NETWORK */
>
> #ifdef CONFIG_SECURITY_INFINIBAND
