On 21/08/2017 02:09, Mickaël Salaün wrote: > Handle 33 filesystem-related LSM hooks for the Landlock filesystem > event: LANDLOCK_SUBTYPE_EVENT_FS. > > A Landlock event wrap LSM hooks for similar kernel object types (e.g. > struct file, struct path...). Multiple LSM hooks can trigger the same > Landlock event. > > Landlock handle nine coarse-grained actions: read, write, execute, new, > get, remove, ioctl, lock and fcntl. Each of them abstract LSM hook > access control in a way that can be extended in the future. > > The Landlock LSM hook registration is done after other LSM to only run > actions from user-space, via eBPF programs, if the access was granted by > major (privileged) LSMs. > > Signed-off-by: Mickaël Salaün <[email protected]> > Cc: Alexei Starovoitov <[email protected]> > Cc: Andy Lutomirski <[email protected]> > Cc: Daniel Borkmann <[email protected]> > Cc: David S. Miller <[email protected]> > Cc: James Morris <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Serge E. Hallyn <[email protected]> > --- > > Changes since v6: > * add 3 more sub-events: IOCTL, LOCK, FCNTL > https://lkml.kernel.org/r/[email protected] > * use the new security_add_hooks() > * explain the -Werror=unused-function > * constify pointers > * cleanup headers > > Changes since v5: > * split hooks.[ch] into hooks.[ch] and hooks_fs.[ch] > * add more documentation > * cosmetic fixes > * rebase (SCALAR_VALUE) > > Changes since v4: > * add LSM hook abstraction called Landlock event > * use the compiler type checking to verify hooks use by an event > * handle all filesystem related LSM hooks (e.g. file_permission, > mmap_file, sb_mount...) > * register BPF programs for Landlock just after LSM hooks registration > * move hooks registration after other LSMs > * add failsafes to check if a hook is not used by the kernel > * allow partial raw value access form the context (needed for programs > generated by LLVM) > > Changes since v3: > * split commit > * add hooks dealing with struct inode and struct path pointers: > inode_permission and inode_getattr > * add abstraction over eBPF helper arguments thanks to wrapping structs > --- > include/linux/lsm_hooks.h | 5 + > security/landlock/Makefile | 7 +- > security/landlock/common.h | 2 + > security/landlock/hooks.c | 83 ++++++ > security/landlock/hooks.h | 177 +++++++++++++ > security/landlock/hooks_fs.c | 586 > +++++++++++++++++++++++++++++++++++++++++++ > security/landlock/hooks_fs.h | 19 ++ > security/landlock/init.c | 10 + > security/security.c | 12 +- > 9 files changed, 899 insertions(+), 2 deletions(-) > create mode 100644 security/landlock/hooks.c > create mode 100644 security/landlock/hooks.h > create mode 100644 security/landlock/hooks_fs.c > create mode 100644 security/landlock/hooks_fs.h
> diff --git a/security/landlock/init.c b/security/landlock/init.c
> index 09acbc74abd6..1e6660fed697 100644
> --- a/security/landlock/init.c
> +++ b/security/landlock/init.c
> @@ -10,8 +10,10 @@
>
> #include <linux/bpf.h> /* enum bpf_access_type */
> #include <linux/capability.h> /* capable */
> +#include <linux/lsm_hooks.h>
>
> #include "common.h" /* LANDLOCK_* */
> +#include "hooks_fs.h"
>
>
> static inline bool bpf_landlock_is_valid_access(int off, int size,
> @@ -23,6 +25,8 @@ static inline bool bpf_landlock_is_valid_access(int off,
> int size,
>
> switch (prog_subtype->landlock_rule.event) {
> case LANDLOCK_SUBTYPE_EVENT_FS:
> + return landlock_is_valid_access_event_FS(off, size, type,
> + &info->reg_type, prog_subtype);
I forgot to handle LANDLOCK_SUBTYPE_EVENT_FS_{IOCTL,LOCK_FCNTL} here and
I included some hunks in the wrong patches. I will fix this in the next
series and add tests for those anyway. :)
Regards,
Mickaël
signature.asc
Description: OpenPGP digital signature
