Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2422268rwb;
        Mon, 7 Nov 2022 13:07:18 -0800 (PST)
X-Google-Smtp-Source: AMsMyM4yvFsxtKKX9RpaAzqvyjV2gMqYmvdS8fH2oVC5o3uo2/yL454HNBiqr862G9puqzzwJMIT
X-Received: by 2002:a17:902:ebca:b0:183:d123:e2a7 with SMTP id p10-20020a170902ebca00b00183d123e2a7mr53043307plg.105.1667855238508;
        Mon, 07 Nov 2022 13:07:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1667855238; cv=none;
        d=google.com; s=arc-20160816;
        b=EF4MRX7YK7BkgD+RAgmIrbOEayFesiKQDscCZjpXvvGDwmBJusSkaiJTjRAGJfRaO+
         p9poDq+BmDjeESnJj4gBdatNP3yDdY0P7koYO7KoUBIJi2ujzqUw+2d18VBJmMDd4yE0
         ans6D0oS8aDLIhehNZD2P6M5PFElr9eF5G0Mz37We+45MZ0ldivw2zDKjKJ3nFx1HxL/
         /9pHkWfanwCyDPdUeAON8jIWO6/FPASHZ6jk/uWs5+q79M2YmCyfSw0qjQpe3WY7hpw4
         4Cr12j0TOsc5gbY/m2MhIYUgLHKSWMOcJ05ZE+zAFZ5XiEgxMfT1X0k+k0vJ9dZl1NCa
         5a3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
         :dkim-signature;
        bh=IAoAra9R2Xqdytgvb5FHE5lvqaFSAU/5jMDpLKBjdb4=;
        b=o8yF9RHnjd4xl2HWzlUw7xx5VyRlhj31FxctwveDnmDoRpwaT2QHr7HnDMjnAl34pN
         f2VjOgJixwzw/hWkmrnB8ygbq03aXj39EvgMxIfTx0qdi/vU+kKAsS1pmFDcMByUPc0J
         B2zeNtsAv9Fg8wVnNwXaTwVf7VncwormZ96PLH62LYudPm3GX49Y61uPZQAY89sk485P
         9K9/1zeJjcOiZRE1/A8i2X7CXJYO4wuZ8RMMRf9i2aSHp9j1RChErBjvF/z+WSPLujeG
         Dpn4SjfEpxdeD7cRWevHwGwKOE1CP02uxQFsa7Ti2sSmyE4W/qvCtgDGvPpmTdLZ4936
         /XUA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=NB8+Ew0A;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id pq3-20020a17090b3d8300b001f2757da25asi10991320pjb.91.2022.11.07.13.07.05;
        Mon, 07 Nov 2022 13:07:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=NB8+Ew0A;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232848AbiKGU6N (ORCPT <rfc822;yangyccccc@gmail.com> + 92 others);
        Mon, 7 Nov 2022 15:58:13 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45696 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232976AbiKGU6L (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Nov 2022 15:58:11 -0500
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5AFD32B63A
        for <linux-kernel@vger.kernel.org>; Mon,  7 Nov 2022 12:58:10 -0800 (PST)
Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-348608c1cd3so119933707b3.10
        for <linux-kernel@vger.kernel.org>; Mon, 07 Nov 2022 12:58:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=IAoAra9R2Xqdytgvb5FHE5lvqaFSAU/5jMDpLKBjdb4=;
        b=NB8+Ew0AYfjmdPJdO0XSLwfeZ+OYwIKA9BIG0WqV9UrxO3UPzg8TrtAk7vX7Fpgouh
         Rr0mu5WbmN5eVwxYMl0tb6d8HqaeDN5jziODCiHZrIr9GkLq1ikFlFRNaSGPbJrtaSha
         97hu4cLAScRvpdzS9lRQ3nMVtwtkOwhNnGz+F5c9kScSKtHJ8UkXaOIOjWXW+/NXl3os
         Vkk/TDoxm/DmVPBMqFDueVrFsDxqB87yhGLX9L4d/gGZsbHNcLoNaVM6Rzh0c5lZQEFK
         O1owrltdz5foiqAOjZEUYB8vm97E2wbZMy0EzGX4LIDDSF/FtmUJB7dspANhyP0/E8Aw
         7vOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=IAoAra9R2Xqdytgvb5FHE5lvqaFSAU/5jMDpLKBjdb4=;
        b=7zntX7h0jAxZ9oPOYW1N6peiipOeVks+dmDeSg+0Dcu6ykZ9G4aTn+/9CjC0S6GwJO
         AsVS2DzWnwoYeCdqo8fSOJmCu7mJZHghC+9F5LV0CMVXuWWpBAj1wx99i2Amg3ZwK7I9
         xOB9qeSHP4Y1faK91XFfXw6xu3Az3kBf+6CqQVjyAbKZq/socYyq4J/DYvRb4Y6XBYCo
         xpCTt8jb2DPw8WbD5CQgeIN44fMoDQSjD8aPLkM5dV5m4/H9/mbwKdlxzC2JWVS4ouUc
         ajjkeOa/GdIQ/+Xt8YLLeKQB0H34IzB00mJsIom9/WXZosbu286zrUCmGEYHEvvRPbHC
         B14w==
X-Gm-Message-State: ACrzQf0JY7rQzaydKyyHzr5q2IRYAI577HfnAL16kUpcdTUFMujXcnrU
        gBATEQZXHI18eglSRJPtSZlMszt2nA==
X-Received: from cukie91.nyc.corp.google.com ([2620:0:1003:314:8113:36e9:8e90:5fb8])
 (user=cukie job=sendgmr) by 2002:a0d:c481:0:b0:35b:cbe2:d66a with SMTP id
 g123-20020a0dc481000000b0035bcbe2d66amr833796ywd.125.1667854689567; Mon, 07
 Nov 2022 12:58:09 -0800 (PST)
Date:   Mon,  7 Nov 2022 15:57:51 -0500
Mime-Version: 1.0
X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog
Message-ID: <20221107205754.2635439-1-cukie@google.com>
Subject: [PATCH v1 0/2] Add LSM access controls for io_uring_setup
From:   Gil Cukierman <cukie@google.com>
To:     Jens Axboe <axboe@kernel.dk>,
        Pavel Begunkov <asml.silence@gmail.com>,
        Paul Moore <paul@paul-moore.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>
Cc:     Gil Cukierman <cukie@google.com>, kernel-team@android.com,
        linux-kernel@vger.kernel.org, io-uring@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patchset provides the changes required for controlling access to
the io_uring_setup system call by LSMs. It does this by adding a new
hook to io_uring. It also provides the SELinux implementation for a new
permission, io_uring { setup }, using the new hook.

This is important because existing io_uring hooks only support limiting
the sharing of credentials and access to the sensitive uring_cmd file
op. Users of LSMs may also want the ability to tightly control which
callers can retrieve an io_uring capable fd from the kernel, which is
needed for all subsequent io_uring operations.

This was tested by running the liburing test suite on a kernel
containing these patches.

Gil Cukierman (2):
  lsm,io_uring: add LSM hook for io_uring_setup
  selinux: add support for the io_uring setup permission

 include/linux/lsm_hook_defs.h       |  1 +
 include/linux/lsm_hooks.h           |  3 +++
 include/linux/security.h            |  5 +++++
 io_uring/io_uring.c                 |  5 +++++
 security/security.c                 |  4 ++++
 security/selinux/hooks.c            | 13 +++++++++++++
 security/selinux/include/classmap.h |  2 +-
 7 files changed, 32 insertions(+), 1 deletion(-)

-- 
2.38.0.135.g90850a2211-goog