mirror of
https://github.com/torvalds/linux
synced 2024-07-21 10:41:44 +00:00
Smack: implement setselfattr and getselfattr hooks
Implement Smack support for security_[gs]etselfattr. Refactor the setprocattr hook to avoid code duplication. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler
Paul Moore
parent
e1ca7129db
commit
38b323e588
|
|
@ -3626,6 +3626,46 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
|||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_getselfattr - Smack current process attribute
|
||||
* @attr: which attribute to fetch
|
||||
* @ctx: buffer to receive the result
|
||||
* @size: available size in, actual size out
|
||||
* @flags: unused
|
||||
*
|
||||
* Fill the passed user space @ctx with the details of the requested
|
||||
* attribute.
|
||||
*
|
||||
* Returns the number of attributes on success, an error code otherwise.
|
||||
* There will only ever be one attribute.
|
||||
*/
|
||||
static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
|
||||
size_t *size, u32 flags)
|
||||
{
|
||||
struct smack_known *skp = smk_of_current();
|
||||
int total;
|
||||
int slen;
|
||||
int rc;
|
||||
|
||||
if (attr != LSM_ATTR_CURRENT)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
slen = strlen(skp->smk_known) + 1;
|
||||
total = ALIGN(slen + sizeof(*ctx), 8);
|
||||
if (total > *size)
|
||||
rc = -E2BIG;
|
||||
else if (ctx)
|
||||
rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK,
|
||||
0);
|
||||
else
|
||||
rc = 1;
|
||||
|
||||
*size = total;
|
||||
if (rc >= 0)
|
||||
return 1;
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_getprocattr - Smack process attribute access
|
||||
* @p: the object task
|
||||
|
|
@ -3655,8 +3695,8 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val
|
|||
}
|
||||
|
||||
/**
|
||||
* smack_setprocattr - Smack process attribute setting
|
||||
* @name: the name of the attribute in /proc/.../attr
|
||||
* do_setattr - Smack process attribute setting
|
||||
* @attr: the ID of the attribute
|
||||
* @value: the value to set
|
||||
* @size: the size of the value
|
||||
*
|
||||
|
|
@ -3665,7 +3705,7 @@ static int smack_getprocattr(struct task_struct *p, const char *name, char **val
|
|||
*
|
||||
* Returns the length of the smack label or an error code
|
||||
*/
|
||||
static int smack_setprocattr(const char *name, void *value, size_t size)
|
||||
static int do_setattr(u64 attr, void *value, size_t size)
|
||||
{
|
||||
struct task_smack *tsp = smack_cred(current_cred());
|
||||
struct cred *new;
|
||||
|
|
@ -3679,8 +3719,8 @@ static int smack_setprocattr(const char *name, void *value, size_t size)
|
|||
if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
|
||||
return -EINVAL;
|
||||
|
||||
if (strcmp(name, "current") != 0)
|
||||
return -EINVAL;
|
||||
if (attr != LSM_ATTR_CURRENT)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
skp = smk_import_entry(value, size);
|
||||
if (IS_ERR(skp))
|
||||
|
|
@ -3719,6 +3759,49 @@ static int smack_setprocattr(const char *name, void *value, size_t size)
|
|||
return size;
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_setselfattr - Set a Smack process attribute
|
||||
* @attr: which attribute to set
|
||||
* @ctx: buffer containing the data
|
||||
* @size: size of @ctx
|
||||
* @flags: unused
|
||||
*
|
||||
* Fill the passed user space @ctx with the details of the requested
|
||||
* attribute.
|
||||
*
|
||||
* Returns 0 on success, an error code otherwise.
|
||||
*/
|
||||
static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx,
|
||||
size_t size, u32 flags)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = do_setattr(attr, ctx->ctx, ctx->ctx_len);
|
||||
if (rc > 0)
|
||||
return 0;
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_setprocattr - Smack process attribute setting
|
||||
* @name: the name of the attribute in /proc/.../attr
|
||||
* @value: the value to set
|
||||
* @size: the size of the value
|
||||
*
|
||||
* Sets the Smack value of the task. Only setting self
|
||||
* is permitted and only with privilege
|
||||
*
|
||||
* Returns the length of the smack label or an error code
|
||||
*/
|
||||
static int smack_setprocattr(const char *name, void *value, size_t size)
|
||||
{
|
||||
int attr = lsm_name_to_attr(name);
|
||||
|
||||
if (attr != LSM_ATTR_UNDEF)
|
||||
return do_setattr(attr, value, size);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_unix_stream_connect - Smack access on UDS
|
||||
* @sock: one sock
|
||||
|
|
@ -5033,6 +5116,8 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
|
|||
|
||||
LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
|
||||
|
||||
LSM_HOOK_INIT(getselfattr, smack_getselfattr),
|
||||
LSM_HOOK_INIT(setselfattr, smack_setselfattr),
|
||||
LSM_HOOK_INIT(getprocattr, smack_getprocattr),
|
||||
LSM_HOOK_INIT(setprocattr, smack_setprocattr),
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue