--- v25
+++ v28
@@ -30,25 +30,31 @@
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
To: Mimi Zohar <zohar@linux.ibm.com>
+To: Mickaël Salaün <mic@linux.microsoft.com>
---
include/linux/audit.h | 4 +-
include/linux/lsm_hooks.h | 12 ++++-
- include/linux/security.h | 67 +++++++++++++++++++++++++--
+ include/linux/security.h | 67 ++++++++++++++++++++++++--
kernel/auditfilter.c | 24 +++++-----
- kernel/auditsc.c | 12 ++---
+ kernel/auditsc.c | 13 +++--
security/apparmor/lsm.c | 7 ++-
security/bpf/hooks.c | 12 ++++-
security/commoncap.c | 7 ++-
security/integrity/ima/ima_policy.c | 40 +++++++++++-----
+ security/landlock/cred.c | 2 +-
+ security/landlock/fs.c | 2 +-
+ security/landlock/ptrace.c | 2 +-
+ security/landlock/setup.c | 5 ++
+ security/landlock/setup.h | 1 +
security/loadpin/loadpin.c | 8 +++-
security/lockdown/lockdown.c | 7 ++-
security/safesetid/lsm.c | 8 +++-
- security/security.c | 72 ++++++++++++++++++++++++-----
+ security/security.c | 74 ++++++++++++++++++++++++-----
security/selinux/hooks.c | 8 +++-
security/smack/smack_lsm.c | 7 ++-
security/tomoyo/tomoyo.c | 8 +++-
security/yama/yama_lsm.c | 7 ++-
- 17 files changed, 254 insertions(+), 56 deletions(-)
+ 22 files changed, 265 insertions(+), 60 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 82b7c1116a85..418a485af114 100644
@@ -74,10 +80,10 @@
};
u32 op;
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
-index 00d155d32ff3..5509e4ed9829 100644
+index afd3b16875b0..c61a16f0a5bc 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
-@@ -1555,6 +1555,14 @@ struct security_hook_heads {
+@@ -1570,6 +1570,14 @@ struct security_hook_heads {
#undef LSM_HOOK
} __randomize_layout;
@@ -92,7 +98,7 @@
/*
* Security module hook list structure.
* For use with generic list macros for common operations.
-@@ -1563,7 +1571,7 @@ struct security_hook_list {
+@@ -1578,7 +1586,7 @@ struct security_hook_list {
struct hlist_node list;
struct hlist_head *head;
union security_list_options hook;
@@ -101,7 +107,7 @@
} __randomize_layout;
/*
-@@ -1598,7 +1606,7 @@ extern struct security_hook_heads security_hook_heads;
+@@ -1614,7 +1622,7 @@ extern struct security_hook_heads security_hook_heads;
extern char *lsm_names;
extern void security_add_hooks(struct security_hook_list *hooks, int count,
@@ -111,7 +117,7 @@
#define LSM_FLAG_LEGACY_MAJOR BIT(0)
#define LSM_FLAG_EXCLUSIVE BIT(1)
diff --git a/include/linux/security.h b/include/linux/security.h
-index 8aeebd6646dc..0be689d0fd69 100644
+index 24eda04221e9..7655bfce4b96 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -133,6 +133,65 @@ enum lockdown_reason {
@@ -180,7 +186,7 @@
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
-@@ -1863,8 +1922,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
+@@ -1881,8 +1940,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
@@ -191,7 +197,7 @@
#else
-@@ -1880,12 +1939,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
+@@ -1898,12 +1957,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
}
static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
@@ -207,7 +213,7 @@
#endif /* CONFIG_SECURITY */
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
-index 333b3bcfc545..45da229f9f1f 100644
+index db2c6b59dfc3..a2340e81cfa7 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -74,7 +74,7 @@ static void audit_free_lsm_field(struct audit_field *f)
@@ -261,13 +267,14 @@
* the originals will all be freed when the old rule is freed. */
for (i = 0; i < fcount; i++) {
switch (new->fields[i].type) {
-@@ -1358,10 +1359,11 @@ int audit_filter(int msgtype, unsigned int listtype)
+@@ -1358,11 +1359,12 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_TYPE:
case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR:
- if (f->lsm_rule) {
+ if (f->lsm_isset) {
- security_task_getsecid(current, &sid);
+ security_task_getsecid_subj(current,
+ &sid);
result = security_audit_rule_match(sid,
- f->type, f->op, f->lsm_rule);
+ f->type, f->op,
@@ -275,7 +282,7 @@
}
break;
case AUDIT_EXE:
-@@ -1388,7 +1390,7 @@ int audit_filter(int msgtype, unsigned int listtype)
+@@ -1389,7 +1391,7 @@ int audit_filter(int msgtype, unsigned int listtype)
return ret;
}
@@ -284,7 +291,7 @@
{
struct audit_entry *entry = container_of(r, struct audit_entry, rule);
struct audit_entry *nentry;
-@@ -1420,7 +1422,7 @@ static int update_lsm_rule(struct audit_krule *r)
+@@ -1421,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r)
return err;
}
@@ -293,7 +300,7 @@
* It will traverse the filter lists serarching for rules that contain LSM
* specific filter fields. When such a rule is found, it is copied, the
* LSM field is re-initialized, and the old rule is replaced with the
-@@ -1435,7 +1437,7 @@ int audit_update_lsm_rules(void)
+@@ -1436,7 +1438,7 @@ int audit_update_lsm_rules(void)
for (i = 0; i < AUDIT_NR_FILTERS; i++) {
list_for_each_entry_safe(r, n, &audit_rules_list[i], list) {
@@ -303,27 +310,27 @@
err = res;
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 47fb48f42c93..385f7769ae5b 100644
+index 8dd73a64f921..acbd896f54a5 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -665,14 +665,14 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -671,14 +671,13 @@ static int audit_filter_rules(struct task_struct *tsk,
match for now to avoid losing information that
may be wanted. An error message will also be
logged upon error */
- if (f->lsm_rule) {
+ if (f->lsm_isset) {
if (need_sid) {
- security_task_getsecid(tsk, &sid);
+ security_task_getsecid_subj(tsk, &sid);
need_sid = 0;
}
result = security_audit_rule_match(sid, f->type,
- f->op,
+- f->op,
- f->lsm_rule);
-+ f->lsm_rules);
++ f->op, f->lsm_rules);
}
break;
case AUDIT_OBJ_USER:
-@@ -682,21 +682,21 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -688,21 +687,21 @@ static int audit_filter_rules(struct task_struct *tsk,
case AUDIT_OBJ_LEV_HIGH:
/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
also applies here */
@@ -348,7 +355,7 @@
++result;
break;
}
-@@ -707,7 +707,7 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -713,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk,
break;
if (security_audit_rule_match(ctx->ipc.osid,
f->type, f->op,
@@ -358,7 +365,7 @@
}
break;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 028b5a5c4468..7d5559b4c417 100644
+index 4113516fb62e..392e25940d1f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1161,6 +1161,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
@@ -373,7 +380,7 @@
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
-@@ -1861,7 +1866,7 @@ static int __init apparmor_init(void)
+@@ -1862,7 +1867,7 @@ static int __init apparmor_init(void)
goto buffers_out;
}
security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks),
@@ -408,10 +415,10 @@
return 0;
}
diff --git a/security/commoncap.c b/security/commoncap.c
-index 28f4d25480df..776b90420f7d 100644
+index 3f810d37b71b..628685cf20e3 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -1437,6 +1437,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
+@@ -1443,6 +1443,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
#ifdef CONFIG_SECURITY
@@ -423,7 +430,7 @@
static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(capable, cap_capable),
LSM_HOOK_INIT(settime, cap_settime),
-@@ -1461,7 +1466,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
+@@ -1467,7 +1472,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
static int __init capability_init(void)
{
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks),
@@ -433,7 +440,7 @@
}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
-index 4f8cb155e4fd..ce4b8a70ca43 100644
+index fd5d46e511f1..5c40677e881c 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -80,7 +80,7 @@ struct ima_rule_entry {
@@ -515,10 +522,10 @@
Audit_equal,
- rule->lsm[i].rule);
+ rule->lsm[i].rules);
+ break;
default:
break;
- }
-@@ -992,7 +1010,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
+@@ -994,7 +1012,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
{
int result;
@@ -527,7 +534,7 @@
return -EINVAL;
entry->lsm[lsm_rule].args_p = match_strdup(args);
-@@ -1002,8 +1020,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
+@@ -1004,8 +1022,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
entry->lsm[lsm_rule].type = audit_type;
result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal,
entry->lsm[lsm_rule].args_p,
@@ -538,7 +545,7 @@
pr_warn("rule for LSM \'%s\' is undefined\n",
entry->lsm[lsm_rule].args_p);
-@@ -1810,7 +1828,7 @@ int ima_policy_show(struct seq_file *m, void *v)
+@@ -1812,7 +1830,7 @@ int ima_policy_show(struct seq_file *m, void *v)
}
for (i = 0; i < MAX_LSM_RULES; i++) {
@@ -547,6 +554,66 @@
switch (i) {
case LSM_OBJ_USER:
seq_printf(m, pt(Opt_obj_user),
+diff --git a/security/landlock/cred.c b/security/landlock/cred.c
+index 6725af24c684..56b121d65436 100644
+--- a/security/landlock/cred.c
++++ b/security/landlock/cred.c
+@@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+ __init void landlock_add_cred_hooks(void)
+ {
+ security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
+- LANDLOCK_NAME);
++ &landlock_lsmid);
+ }
+diff --git a/security/landlock/fs.c b/security/landlock/fs.c
+index 97b8e421f617..319e90e9290c 100644
+--- a/security/landlock/fs.c
++++ b/security/landlock/fs.c
+@@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+ __init void landlock_add_fs_hooks(void)
+ {
+ security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
+- LANDLOCK_NAME);
++ &landlock_lsmid);
+ }
+diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c
+index f55b82446de2..54ccf55a077a 100644
+--- a/security/landlock/ptrace.c
++++ b/security/landlock/ptrace.c
+@@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+ __init void landlock_add_ptrace_hooks(void)
+ {
+ security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
+- LANDLOCK_NAME);
++ &landlock_lsmid);
+ }
+diff --git a/security/landlock/setup.c b/security/landlock/setup.c
+index f8e8e980454c..759e00b9436c 100644
+--- a/security/landlock/setup.c
++++ b/security/landlock/setup.c
+@@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
+ .lbs_superblock = sizeof(struct landlock_superblock_security),
+ };
+
++struct lsm_id landlock_lsmid __lsm_ro_after_init = {
++ .lsm = LANDLOCK_NAME,
++ .slot = LSMBLOB_NOT_NEEDED,
++};
++
+ static int __init landlock_init(void)
+ {
+ landlock_add_cred_hooks();
+diff --git a/security/landlock/setup.h b/security/landlock/setup.h
+index 1daffab1ab4b..38bce5b172dc 100644
+--- a/security/landlock/setup.h
++++ b/security/landlock/setup.h
+@@ -14,5 +14,6 @@
+ extern bool landlock_initialized;
+
+ extern struct lsm_blob_sizes landlock_blob_sizes;
++extern struct lsm_id landlock_lsmid;
+
+ #endif /* _SECURITY_LANDLOCK_SETUP_H */
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index b12f7d986b1e..b569f3bc170b 100644
--- a/security/loadpin/loadpin.c
@@ -599,10 +666,10 @@
}
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
-index 8a176b6adbe5..7c7ac9bfe5cd 100644
+index 963f4ad9cb66..0c368950dc14 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
-@@ -244,6 +244,11 @@ static int safesetid_task_fix_setgid(struct cred *new,
+@@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new,
return -EACCES;
}
@@ -614,7 +681,7 @@
static struct security_hook_list safesetid_security_hooks[] = {
LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid),
LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid),
-@@ -253,7 +258,8 @@ static struct security_hook_list safesetid_security_hooks[] = {
+@@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = {
static int __init safesetid_security_init(void)
{
security_add_hooks(safesetid_security_hooks,
@@ -625,18 +692,18 @@
/* Report that SafeSetID successfully initialized */
safesetid_initialized = 1;
diff --git a/security/security.c b/security/security.c
-index 59e1509c76d9..2d780e82b527 100644
+index 335c313a668d..5f1b281511f2 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -342,6 +342,7 @@ static void __init ordered_lsm_init(void)
- init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
- init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
- init_debug("task blob size = %d\n", blob_sizes.lbs_task);
-+ init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob));
+@@ -344,6 +344,7 @@ static void __init ordered_lsm_init(void)
+ init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
+ init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
+ init_debug("task blob size = %d\n", blob_sizes.lbs_task);
++ init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob));
/*
* Create any kmem_caches needed for blobs
-@@ -469,21 +470,36 @@ static int lsm_append(const char *new, char **result)
+@@ -471,21 +472,38 @@ static int lsm_append(const char *new, char **result)
return 0;
}
@@ -662,6 +729,8 @@
{
int i;
++ WARN_ON(!lsmid->slot || !lsmid->lsm);
++
+ if (lsmid->slot == LSMBLOB_NEEDED) {
+ if (lsm_slot >= LSMBLOB_ENTRIES)
+ panic("%s Too many LSMs registered.\n", __func__);
@@ -676,7 +745,7 @@
hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
}
-@@ -492,7 +508,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
+@@ -494,7 +512,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
* and fix this up afterwards.
*/
if (slab_is_available()) {
@@ -685,7 +754,7 @@
panic("%s - Cannot get early memory.\n", __func__);
}
}
-@@ -2019,7 +2035,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
+@@ -2070,7 +2088,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
struct security_hook_list *hp;
hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
@@ -694,7 +763,7 @@
continue;
return hp->hook.getprocattr(p, name, value);
}
-@@ -2032,7 +2048,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
+@@ -2083,7 +2101,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
struct security_hook_list *hp;
hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
@@ -703,7 +772,7 @@
continue;
return hp->hook.setprocattr(name, value, size);
}
-@@ -2525,7 +2541,24 @@ int security_key_getsecurity(struct key *key, char **_buffer)
+@@ -2576,7 +2594,24 @@ int security_key_getsecurity(struct key *key, char **_buffer)
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
@@ -729,7 +798,7 @@
}
int security_audit_rule_known(struct audit_krule *krule)
-@@ -2533,14 +2566,31 @@ int security_audit_rule_known(struct audit_krule *krule)
+@@ -2584,14 +2619,31 @@ int security_audit_rule_known(struct audit_krule *krule)
return call_int_hook(audit_rule_known, 0, krule);
}
@@ -766,10 +835,10 @@
#endif /* CONFIG_AUDIT */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 57b8a07bef96..96c560760c4c 100644
+index e2c4a1fd952f..f84b6c274a10 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
-@@ -7034,6 +7034,11 @@ static int selinux_perf_event_write(struct perf_event *event)
+@@ -7101,6 +7101,11 @@ static int selinux_perf_event_write(struct perf_event *event)
}
#endif
@@ -781,7 +850,7 @@
/*
* IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
* 1. any hooks that don't belong to (2.) or (3.) below,
-@@ -7346,7 +7351,8 @@ static __init int selinux_init(void)
+@@ -7414,7 +7419,8 @@ static __init int selinux_init(void)
hashtab_cache_init();
@@ -792,11 +861,11 @@
if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
panic("SELinux: Unable to register AVC netcache callback\n");
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 112c2c03c70b..023876c3f3a3 100644
+index 1ee0bf1493f6..5c10ad27be37 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
-@@ -4696,6 +4696,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
- .lbs_sock = sizeof(struct socket_smack),
+@@ -4694,6 +4694,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
+ .lbs_superblock = sizeof(struct superblock_smack),
};
+static struct lsm_id smack_lsmid __lsm_ro_after_init = {
@@ -807,7 +876,7 @@
static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
-@@ -4895,7 +4900,7 @@ static __init int smack_init(void)
+@@ -4893,7 +4898,7 @@ static __init int smack_init(void)
/*
* Register with LSM
*/
@@ -817,10 +886,10 @@
pr_info("Smack: Initializing.\n");
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index 1f3cd432d830..22f62c67f2ec 100644
+index b6a31901f289..e8f6bb9782c1 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
-@@ -523,6 +523,11 @@ static void tomoyo_task_free(struct task_struct *task)
+@@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task)
}
}
@@ -832,7 +901,7 @@
/*
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
-@@ -575,7 +580,8 @@ static int __init tomoyo_init(void)
+@@ -573,7 +578,8 @@ static int __init tomoyo_init(void)
struct tomoyo_task *s = tomoyo_task(current);
/* register ourselves with the security framework */
@@ -868,5 +937,5 @@
return 0;
}
--
-2.29.2
+2.31.1