[PATCH v1 2/8] LSM: Add an LSM identifier for external use
From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2022-10-25 18:46:01
Also in:
linux-security-module, lkml
Subsystem:
apparmor security module, bpf [security & lsm] (security audit and enforcement using bpf), capabilities, landlock security module, loadpin security module, lockdown security module, safesetid security module, security subsystem, selinux security module, smack security module, the rest, tomoyo security module, yama security module · Maintainers:
John Johansen, KP Singh, Matt Bobrowski, Serge Hallyn, Mickaël Salaün, Kees Cook, Nicolas Bouchinet, Xiu Jianfeng, Micah Morton, Paul Moore, James Morris, "Serge E. Hallyn", Stephen Smalley, Casey Schaufler, Linus Torvalds, Kentaro Takeda, Tetsuo Handa
Possibly related (same subject, not in this thread)
- 2022-11-23 · [PATCH v1 2/8] LSM: Add an LSM identifier for external use · Casey Schaufler <casey@schaufler-ca.com>
Add an integer member "id" to the struct lsm_id. This value is a unique identifier associated with each security module. The values are defined in a new UAPI header file. Each existing LSM has been updated to include it's LSMID in the lsm_id. The LSM ID values are sequential, with the oldest module LSM_ID_CAPABILITY being the lowest value and the existing modules numbered in the order they were included in the main line kernel. The first 32 values (0 - 31) are reserved for some as yet unknown but important use. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- include/linux/lsm_hooks.h | 1 + include/uapi/linux/lsm.h | 32 ++++++++++++++++++++++++++++++++ security/apparmor/lsm.c | 2 ++ security/bpf/hooks.c | 2 ++ security/commoncap.c | 2 ++ security/landlock/setup.c | 2 ++ security/loadpin/loadpin.c | 2 ++ security/lockdown/lockdown.c | 2 ++ security/safesetid/lsm.c | 2 ++ security/selinux/hooks.c | 2 ++ security/smack/smack_lsm.c | 2 ++ security/tomoyo/tomoyo.c | 2 ++ security/yama/yama_lsm.c | 2 ++ 13 files changed, 55 insertions(+) create mode 100644 include/uapi/linux/lsm.h
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e383e468f742..dd4b4d95a172 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h@@ -1607,6 +1607,7 @@ struct security_hook_heads { */ struct lsm_id { const char *lsm; /* Name of the LSM */ + int id; /* LSM ID */ }; /*
diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h
new file mode 100644
index 000000000000..d5bcbb9375df
--- /dev/null
+++ b/include/uapi/linux/lsm.h@@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Linus Security Modules (LSM) - User space API + * + * Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com> + * Copyright (C) Intel Corporation + */ + +#ifndef _UAPI_LINUX_LSM_H +#define _UAPI_LINUX_LSM_H + +/* + * ID values to identify security modules. + * A system may use more than one security module. + * + * LSM_ID_XXX values 0 - 31 are reserved for future use + */ +#define LSM_ID_INVALID -1 +#define LSM_ID_CAPABILITY 32 +#define LSM_ID_SELINUX 33 +#define LSM_ID_SMACK 34 +#define LSM_ID_TOMOYO 35 +#define LSM_ID_IMA 36 +#define LSM_ID_APPARMOR 37 +#define LSM_ID_YAMA 38 +#define LSM_ID_LOADPIN 39 +#define LSM_ID_SAFESETID 40 +#define LSM_ID_LOCKDOWN 41 +#define LSM_ID_BPF 42 +#define LSM_ID_LANDLOCK 43 + +#endif /* _UAPI_LINUX_LSM_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index e708c1ad7267..b859b1af6c75 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c@@ -24,6 +24,7 @@ #include <linux/zlib.h> #include <net/sock.h> #include <uapi/linux/mount.h> +#include <uapi/linux/lsm.h> #include "include/apparmor.h" #include "include/apparmorfs.h"
@@ -1204,6 +1205,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { .lsm = "apparmor", + .id = LSM_ID_APPARMOR, }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index ef9b1d983665..20983ae8d31f 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c@@ -5,6 +5,7 @@ */ #include <linux/lsm_hooks.h> #include <linux/bpf_lsm.h> +#include <uapi/linux/lsm.h> static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
@@ -21,6 +22,7 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { */ struct lsm_id bpf_lsmid __lsm_ro_after_init = { .lsm = "bpf", + .id = LSM_ID_BPF, }; static int __init bpf_lsm_init(void)
diff --git a/security/commoncap.c b/security/commoncap.c
index 986920da0c26..940e36d8503d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c@@ -25,6 +25,7 @@ #include <linux/binfmts.h> #include <linux/personality.h> #include <linux/mnt_idmapping.h> +#include <uapi/linux/lsm.h> /* * If a non-root user executes a setuid-root binary in
@@ -1448,6 +1449,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, static struct lsm_id capability_lsmid __lsm_ro_after_init = { .lsm = "capability", + .id = LSM_ID_CAPABILITY, }; static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 4a12666a4090..5b32c087e34b 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c@@ -8,6 +8,7 @@ #include <linux/init.h> #include <linux/lsm_hooks.h> +#include <uapi/linux/lsm.h> #include "common.h" #include "cred.h"
@@ -25,6 +26,7 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { struct lsm_id landlock_lsmid __lsm_ro_after_init = { .lsm = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, }; static int __init landlock_init(void)
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index 24d041a888b8..32bdf7294a6f 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c@@ -20,6 +20,7 @@ #include <linux/string_helpers.h> #include <linux/dm-verity-loadpin.h> #include <uapi/linux/loadpin.h> +#include <uapi/linux/lsm.h> #define VERITY_DIGEST_FILE_HEADER "# LOADPIN_TRUSTED_VERITY_ROOT_DIGESTS"
@@ -199,6 +200,7 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { .lsm = "loadpin", + .id = LSM_ID_LOADPIN, }; static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 2004d67f7201..e8c41a0caf7d 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c@@ -13,6 +13,7 @@ #include <linux/security.h> #include <linux/export.h> #include <linux/lsm_hooks.h> +#include <uapi/linux/lsm.h> static enum lockdown_reason kernel_locked_down;
@@ -77,6 +78,7 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { .lsm = "lockdown", + .id = LSM_ID_LOCKDOWN, }; static int __init lockdown_lsm_init(void)
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index d9af1d04d293..8d0742ba045d 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c@@ -19,6 +19,7 @@ #include <linux/ptrace.h> #include <linux/sched/task_stack.h> #include <linux/security.h> +#include <uapi/linux/lsm.h> #include "lsm.h" /* Flag indicating whether initialization completed */
@@ -263,6 +264,7 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { .lsm = "safesetid", + .id = LSM_ID_SAFESETID, }; static struct security_hook_list safesetid_security_hooks[] = {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aee20bb1778d..5fcce36267bd 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c@@ -92,6 +92,7 @@ #include <linux/fsnotify.h> #include <linux/fanotify.h> #include <linux/io_uring.h> +#include <uapi/linux/lsm.h> #include "avc.h" #include "objsec.h"
@@ -7016,6 +7017,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) static struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", + .id = LSM_ID_SELINUX, }; /*
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0c0fea933bbd..c7ba80e20b8d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c@@ -43,6 +43,7 @@ #include <linux/fs_parser.h> #include <linux/watch_queue.h> #include <linux/io_uring.h> +#include <uapi/linux/lsm.h> #include "smack.h" #define TRANS_TRUE "TRUE"
@@ -4789,6 +4790,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { static struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", + .id = LSM_ID_SMACK, }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 80fbab5d2d7e..1916eb6216f7 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c@@ -6,6 +6,7 @@ */ #include <linux/lsm_hooks.h> +#include <uapi/linux/lsm.h> #include "common.h" /**
@@ -532,6 +533,7 @@ static void tomoyo_task_free(struct task_struct *task) static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { .lsm = "tomoyo", + .id = LSM_ID_TOMOYO, }; /*
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 4f60158850a7..2487b8f847f3 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c@@ -18,6 +18,7 @@ #include <linux/task_work.h> #include <linux/sched.h> #include <linux/spinlock.h> +#include <uapi/linux/lsm.h> #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1
@@ -423,6 +424,7 @@ static int yama_ptrace_traceme(struct task_struct *parent) static struct lsm_id yama_lsmid __lsm_ro_after_init = { .lsm = "yama", + .id = LSM_ID_YAMA, }; static struct security_hook_list yama_hooks[] __lsm_ro_after_init = {
--
2.37.3