tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Smack: implement setselfattr and getselfattr hooks

Implement Smack support for security_[gs]etselfattr.
Refactor the setprocattr hook to avoid code duplication.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Casey Schaufler and committed by
Paul Moore 38b323e5 e1ca7129

+90 -5
+90 -5
security/smack/smack_lsm.c
··· 3627 3627 } 3628 3628 3629 3629 /** 3630 + * smack_getselfattr - Smack current process attribute 3631 + * @attr: which attribute to fetch 3632 + * @ctx: buffer to receive the result 3633 + * @size: available size in, actual size out 3634 + * @flags: unused 3635 + * 3636 + * Fill the passed user space @ctx with the details of the requested 3637 + * attribute. 3638 + * 3639 + * Returns the number of attributes on success, an error code otherwise. 3640 + * There will only ever be one attribute. 3641 + */ 3642 + static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, 3643 + size_t *size, u32 flags) 3644 + { 3645 + struct smack_known *skp = smk_of_current(); 3646 + int total; 3647 + int slen; 3648 + int rc; 3649 + 3650 + if (attr != LSM_ATTR_CURRENT) 3651 + return -EOPNOTSUPP; 3652 + 3653 + slen = strlen(skp->smk_known) + 1; 3654 + total = ALIGN(slen + sizeof(*ctx), 8); 3655 + if (total > *size) 3656 + rc = -E2BIG; 3657 + else if (ctx) 3658 + rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, 3659 + 0); 3660 + else 3661 + rc = 1; 3662 + 3663 + *size = total; 3664 + if (rc >= 0) 3665 + return 1; 3666 + return rc; 3667 + } 3668 + 3669 + /** 3630 3670 * smack_getprocattr - Smack process attribute access 3631 3671 * @p: the object task 3632 3672 * @name: the name of the attribute in /proc/.../attr ··· 3695 3655 } 3696 3656 3697 3657 /** 3698 - * smack_setprocattr - Smack process attribute setting 3699 - * @name: the name of the attribute in /proc/.../attr 3658 + * do_setattr - Smack process attribute setting 3659 + * @attr: the ID of the attribute 3700 3660 * @value: the value to set 3701 3661 * @size: the size of the value 3702 3662 * ··· 3705 3665 * 3706 3666 * Returns the length of the smack label or an error code 3707 3667 */ 3708 - static int smack_setprocattr(const char *name, void *value, size_t size) 3668 + static int do_setattr(u64 attr, void *value, size_t size) 3709 3669 { 3710 3670 struct task_smack *tsp = smack_cred(current_cred()); 3711 3671 struct cred *new; ··· 3719 3679 if (value == NULL || size == 0 || size >= SMK_LONGLABEL) 3720 3680 return -EINVAL; 3721 3681 3722 - if (strcmp(name, "current") != 0) 3723 - return -EINVAL; 3682 + if (attr != LSM_ATTR_CURRENT) 3683 + return -EOPNOTSUPP; 3724 3684 3725 3685 skp = smk_import_entry(value, size); 3726 3686 if (IS_ERR(skp)) ··· 3757 3717 3758 3718 commit_creds(new); 3759 3719 return size; 3720 + } 3721 + 3722 + /** 3723 + * smack_setselfattr - Set a Smack process attribute 3724 + * @attr: which attribute to set 3725 + * @ctx: buffer containing the data 3726 + * @size: size of @ctx 3727 + * @flags: unused 3728 + * 3729 + * Fill the passed user space @ctx with the details of the requested 3730 + * attribute. 3731 + * 3732 + * Returns 0 on success, an error code otherwise. 3733 + */ 3734 + static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx, 3735 + size_t size, u32 flags) 3736 + { 3737 + int rc; 3738 + 3739 + rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); 3740 + if (rc > 0) 3741 + return 0; 3742 + return rc; 3743 + } 3744 + 3745 + /** 3746 + * smack_setprocattr - Smack process attribute setting 3747 + * @name: the name of the attribute in /proc/.../attr 3748 + * @value: the value to set 3749 + * @size: the size of the value 3750 + * 3751 + * Sets the Smack value of the task. Only setting self 3752 + * is permitted and only with privilege 3753 + * 3754 + * Returns the length of the smack label or an error code 3755 + */ 3756 + static int smack_setprocattr(const char *name, void *value, size_t size) 3757 + { 3758 + int attr = lsm_name_to_attr(name); 3759 + 3760 + if (attr != LSM_ATTR_UNDEF) 3761 + return do_setattr(attr, value, size); 3762 + return -EINVAL; 3760 3763 } 3761 3764 3762 3765 /** ··· 5116 5033 5117 5034 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), 5118 5035 5036 + LSM_HOOK_INIT(getselfattr, smack_getselfattr), 5037 + LSM_HOOK_INIT(setselfattr, smack_setselfattr), 5119 5038 LSM_HOOK_INIT(getprocattr, smack_getprocattr), 5120 5039 LSM_HOOK_INIT(setprocattr, smack_setprocattr), 5121 5040