[RFC PATCH 1/1] lsm: Add hook unix_path_connect
From: Justin Suess <hidden>
Date: 2025-12-31 21:33:24
Also in:
linux-security-module
Subsystem:
networking [general], networking [unix sockets], security subsystem, the rest · Maintainers:
"David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Kuniyuki Iwashima, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds
Adds an LSM hook unix_path_connect. This hook is called to check the path of a named unix socket before a connection is initiated. Signed-off-by: Justin Suess <redacted> Cc: Günther Noack <redacted> --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 6 ++++++ net/unix/af_unix.c | 8 ++++++++ security/security.c | 16 ++++++++++++++++ 4 files changed, 31 insertions(+)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 8c42b4bde09c..a42d1aaf3b8a 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h@@ -318,6 +318,7 @@ LSM_HOOK(int, 0, watch_key, struct key *key) #endif /* CONFIG_SECURITY && CONFIG_KEY_NOTIFICATIONS */ #ifdef CONFIG_SECURITY_NETWORK +LSM_HOOK(int, 0, unix_path_connect, const struct path *path) LSM_HOOK(int, 0, unix_stream_connect, struct sock *sock, struct sock *other, struct sock *newsk) LSM_HOOK(int, 0, unix_may_send, struct socket *sock, struct socket *other)
diff --git a/include/linux/security.h b/include/linux/security.h
index 83a646d72f6f..ab66f22f7e5a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h@@ -1638,6 +1638,7 @@ static inline int security_watch_key(struct key *key) #ifdef CONFIG_SECURITY_NETWORK +int security_unix_path_connect(const struct path *path); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); int security_unix_may_send(struct socket *sock, struct socket *other);
@@ -1699,6 +1700,11 @@ static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) return 0; } +static inline int security_unix_path_connect(const struct path *path) +{ + return 0; +} + static inline int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 55cdebfa0da0..af1a6083a69b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c@@ -1226,6 +1226,14 @@ static struct sock *unix_find_bsd(struct sockaddr_un *sunaddr, int addr_len, if (!S_ISSOCK(inode->i_mode)) goto path_put; + /* + * We call the hook because we know that the inode is a socket + * and we hold a valid reference to it via the path. + */ + err = security_unix_path_connect(&path); + if (err) + goto path_put; + sk = unix_find_socket_byinode(inode); if (!sk) goto path_put;
diff --git a/security/security.c b/security/security.c
index 31a688650601..17af5d0ddf28 100644
--- a/security/security.c
+++ b/security/security.c@@ -4047,6 +4047,22 @@ int security_unix_stream_connect(struct sock *sock, struct sock *other, } EXPORT_SYMBOL(security_unix_stream_connect); +/* + * security_unix_path_connect() - Check if a named AF_UNIX socket can connect + * @path: Path of the socket being connected to + * + * This hook is called to check permissions before connecting to a named + * AF_UNIX socket. This is necessary because it was not possible to check the + * VFS inode of the target socket before the connection is made. + * + * Return: Returns 0 if permission is granted. + */ +int security_unix_path_connect(const struct path *path) +{ + return call_int_hook(unix_path_connect, path); +} +EXPORT_SYMBOL(security_unix_path_connect); + /** * security_unix_may_send() - Check if AF_UNIX socket can send datagrams * @sock: originating sock
--
2.51.0