tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

LSM: Create lsm_list_modules system call

Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.

The calling application can use this list determine what LSM
specific actions it might take. That might include choosing an
output format, determining required privilege or bypassing
security module specific behavior.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Casey Schaufler and committed by
Paul Moore ad4aff9e a04a1198

+44
+3
Documentation/userspace-api/lsm.rst
··· 63 63 .. kernel-doc:: security/lsm_syscalls.c 64 64 :identifiers: sys_lsm_get_self_attr 65 65 66 + .. kernel-doc:: security/lsm_syscalls.c 67 + :identifiers: sys_lsm_list_modules 68 + 66 69 Additional documentation 67 70 ======================== 68 71
+1
include/linux/syscalls.h
··· 954 954 size_t *size, __u32 flags); 955 955 asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, 956 956 size_t size, __u32 flags); 957 + asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); 957 958 958 959 /* 959 960 * Architecture-specific system calls
+1
kernel/sys_ni.c
··· 173 173 COND_SYSCALL_COMPAT(fadvise64_64); 174 174 COND_SYSCALL(lsm_get_self_attr); 175 175 COND_SYSCALL(lsm_set_self_attr); 176 + COND_SYSCALL(lsm_list_modules); 176 177 177 178 /* CONFIG_MMU only */ 178 179 COND_SYSCALL(swapon);
+39
security/lsm_syscalls.c
··· 55 55 { 56 56 return security_getselfattr(attr, ctx, size, flags); 57 57 } 58 + 59 + /** 60 + * sys_lsm_list_modules - Return a list of the active security modules 61 + * @ids: the LSM module ids 62 + * @size: pointer to size of @ids, updated on return 63 + * @flags: reserved for future use, must be zero 64 + * 65 + * Returns a list of the active LSM ids. On success this function 66 + * returns the number of @ids array elements. This value may be zero 67 + * if there are no LSMs active. If @size is insufficient to contain 68 + * the return data -E2BIG is returned and @size is set to the minimum 69 + * required size. In all other cases a negative value indicating the 70 + * error is returned. 71 + */ 72 + SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, 73 + u32, flags) 74 + { 75 + size_t total_size = lsm_active_cnt * sizeof(*ids); 76 + size_t usize; 77 + int i; 78 + 79 + if (flags) 80 + return -EINVAL; 81 + 82 + if (get_user(usize, size)) 83 + return -EFAULT; 84 + 85 + if (put_user(total_size, size) != 0) 86 + return -EFAULT; 87 + 88 + if (usize < total_size) 89 + return -E2BIG; 90 + 91 + for (i = 0; i < lsm_active_cnt; i++) 92 + if (put_user(lsm_idlist[i]->id, ids++)) 93 + return -EFAULT; 94 + 95 + return lsm_active_cnt; 96 + }