Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4662726rdb; Fri, 15 Sep 2023 08:41:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGBBHVLlO96/XKaenhUr7/GMFEpObYdmyDGqblWBD9wRi3S6RawC2me52ONziK/m9QTuv/H X-Received: by 2002:a17:902:e5ca:b0:1c1:fbec:bc3f with SMTP id u10-20020a170902e5ca00b001c1fbecbc3fmr2073314plf.5.1694792464172; Fri, 15 Sep 2023 08:41:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694792464; cv=none; d=google.com; s=arc-20160816; b=Tt2HmIsyNUxZGncjGR6bkOVZzpToST7kGPwK67/oRmlENDsc+9DyuGX2VdPK7HRWyD rwQzX5FWx3q2ZyEGViuk6D/QXNWGXQEZtSVjBmuEwWs58J2tdlmo2O6/tT1fHMClPMe0 j/q/ICrPk+OWU4cyI7lG6In+klXuCPM+2iQbEDQGRdYj/80+UFDQWM47QOMSoH5Xw1dN RCglRggqfdfZMxWvPGzomm2L+0dTcAoAsjxxk1fRlh8+dae/KjOQsfToDfOR7TwerwGg b2y98FXzom+JNH/5MHl7inRizRCjmE8ldzr69+COnExhSFULkEp009aV565XS83YksTd pAiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=LtD6KMOIHByDNCaAmrbxv1WflL5SNUT0XM10oUa27PY=; fh=ll47VoWWVEqkkuj6V8zQm5NhVoIH3QNWSC48tgEQzCs=; b=uHrbqnbqyd3dCphGSA+BHZT6zgob2EpLZ2rjSJwPiGpSBx9smfCbijjfvw8HuI1ohH c/hZ9DnnWDlci61NVFL/UzI2uw6rEuJLhybwzTL/H2b7ifJuG3CEiN8+Gwp0JhqAtlaN GX4imiGDYNd5UGMAnMaNzHQE3kogSoS5I1PBOHDJSEW5UslIRsNCd4hajUKPKQRsrlPg r5zdpwPqZVIsDqNwsbInB1bzFHegjEL3nd0YDezq+2NTJksSB2qs0HvCDbMcjnLgGkLU 61xoRH5j14Kn7E9fuXpCoZHhWrvXrhSDnfeDNus1B+7ijaiX99pyWpZieCPM5OQsl69O Ab1A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id y2-20020a17090264c200b001bb7b0d358bsi3498184pli.272.2023.09.15.08.41.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 08:41:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 08E1B8327F81; Fri, 15 Sep 2023 04:33:21 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234331AbjIOLdQ (ORCPT + 99 others); Fri, 15 Sep 2023 07:33:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233695AbjIOLdP (ORCPT ); Fri, 15 Sep 2023 07:33:15 -0400 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44574CC6; Fri, 15 Sep 2023 04:33:10 -0700 (PDT) Received: from fsav314.sakura.ne.jp (fsav314.sakura.ne.jp [153.120.85.145]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 38FBWXI2019756; Fri, 15 Sep 2023 20:32:33 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav314.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav314.sakura.ne.jp); Fri, 15 Sep 2023 20:32:33 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav314.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 38FBWW8A019752 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Fri, 15 Sep 2023 20:32:32 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <1f5e725d-58b6-eca2-97dc-d7c1209ff167@I-love.SAKURA.ne.jp> Date: Fri, 15 Sep 2023 20:32:32 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH v15 01/11] LSM: Identify modules by more than name Content-Language: en-US To: Casey Schaufler , paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net References: <20230912205658.3432-1-casey@schaufler-ca.com> <20230912205658.3432-2-casey@schaufler-ca.com> From: Tetsuo Handa In-Reply-To: <20230912205658.3432-2-casey@schaufler-ca.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 15 Sep 2023 04:33:21 -0700 (PDT) On 2023/09/13 5:56, Casey Schaufler wrote: > Create a struct lsm_id to contain identifying information about Linux > Security Modules (LSMs). At inception this contains the name of the > module and an identifier associated with the security module. Change > the security_add_hooks() interface to use this structure. Change the > individual modules to maintain their own struct lsm_id and pass it to > security_add_hooks(). > > The values are for LSM identifiers are defined in a new UAPI > header file linux/lsm.h. Each existing LSM has been updated to > include it's LSMID in the lsm_id. > > The LSM ID values are sequential, with the oldest module > LSM_ID_CAPABILITY being the lowest value and the existing modules > numbered in the order they were included in the main line kernel. > This is an arbitrary convention for assigning the values, but > none better presents itself. The value 0 is defined as being invalid. > The values 1-99 are reserved for any special case uses which may > arise in the future. This may include attributes of the LSM > infrastructure itself, possibly related to namespacing or network > attribute management. A special range is identified for such attributes > to help reduce confusion for developers unfamiliar with LSMs. > > LSM attribute values are defined for the attributes presented by > modules that are available today. As with the LSM IDs, The value 0 > is defined as being invalid. The values 1-99 are reserved for any > special case uses which may arise in the future. > > Signed-off-by: Casey Schaufler > Cc: linux-security-module > Reviewed-by: Kees Cook > Reviewed-by: Serge Hallyn > Reviewed-by: Mickael Salaun > Reviewed-by: John Johansen Nacked-by: Tetsuo Handa https://lkml.kernel.org/r/4a6b6e2c-9872-4d4c-e42e-4ff0fb79f3ae@I-love.SAKURA.ne.jp