Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3706936rdg; Wed, 18 Oct 2023 03:52:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHHcUuF6DpIklKmKxZt2AhwK5zTlslu4dYQGVu9Rs1LGBhrhIV84bhkg2C8qGL9QWzJeuwQ X-Received: by 2002:a25:2393:0:b0:d9b:ff50:b100 with SMTP id j141-20020a252393000000b00d9bff50b100mr4421750ybj.28.1697626347501; Wed, 18 Oct 2023 03:52:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626347; cv=none; d=google.com; s=arc-20160816; b=BaXInAvT/eXi6oa5g8/V3FsSHNVo4XiE4j/Jye2VE1kP6meA6r2CRJui6J11xH0hWE Ija94hZy7uxuCqBvc/+k8jvFvj9c2b60hmKzaN0A0fLaojm7YTI6fTT2qkuj/JmBYrnu 1dGYoeoypbdT3yw/9SIvRqRwdJbIJwqn1R0Sbl+sON7RhOGERpACLBQaya02aaqEnXmD w25OPxyOMTzD/M14ukyGgXjM2vIJ/CUuguL2kkzyWR9MxjIC3Obss1xL2aH4KFTUkWTX fZfPiyZelN6ko2f4IIee+3h5BjEzybSil8uuTGgX6EkkXx/CL2cXKiQqJrxUwf4iwxe9 Tjfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=eNA5R7VCDf3s+K7CJ2VvwOwnH95MgEVYTnt2SgmQHMFcuERPs5hv6vPZUACIjcE1nK Gb4CaKe/VVuJ2G125k8uka4xStPBrBudZqqOqgq05S5shLDdKkBxfnAvGeU3hr/WkRKg GxbbR+GxrcgEspC8YHIaFOfo2xNe2eGNrbEY3tKsdvSQ1UgJYy7aPzp1XvrwPp9KgzNc KzgvzoqHqyS6b/S0NXDU1kLDJd9s62QYQntcZjjDetNvr5fwraplvooU6Kto1Xo2Ir31 JUEeJofEKwO8iI6H+SB/gPOoLSUs88qQ2pHl2xvofeeyxokSA7IavNEugF5ii0I99nnT wzoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id o3-20020aa79783000000b0069335e0c824si3557820pfp.204.2023.10.18.03.52.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 8B06581113BA; Wed, 18 Oct 2023 03:52:19 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235204AbjJRKwC (ORCPT + 99 others); Wed, 18 Oct 2023 06:52:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234836AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76E76100; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MgiPE-1rTChh25ls-00h8BM; Wed, 18 Oct 2023 12:50:57 +0200 From: =?UTF-8?q?Michael=20Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?UTF-8?q?Michael=20Wei=C3=9F?= Subject: [RFC PATCH v2 04/14] lsm: Add security_dev_permission() hook Date: Wed, 18 Oct 2023 12:50:23 +0200 Message-Id: <20231018105033.13669-5-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:38OgFLKeLVyUNOGAHePjb9eXHvugerr9x590L1H0mtjlQz8+EhP XV0kjjYTVCFzyaGkdhflveir1VfTbHqWmEmrXQtyoLpF30n5KODUjF3UU+cpbTyyK1iwGUL 98DKPB1ud8WTDseAR2vCjioz+6oMKBxUcVxt/HrIf66Xag9WZPXIjI0gSRad84Fo9+Qg+f+ r8wUVsa/nedGZEQ7akf6g== UI-OutboundReport: notjunk:1;M01:P0:h+FTMlalFCk=;nEnL1o6Gxl+hnMse0JkKqyiTNUJ ZAsW1h9B9jFe9bGHwcaWr467ig8PZpstHYQG7WQb1NchktAHHKDokiRO+JrvwTk4Av+LyUoiS L5q8T9Fb7ZHcO32E1EeceOoInCWL9znSy7i8DVTwFw2t8G4Kk3PrRxHP9uqBorYYZt4E3NChi ZysfQvdgvpn6Qp415qcslsXB52+IBzvoQOjnpD4ke5Ls9A3Qe0pY5f3C0uP4vLU154f+IB5xC Sa/NUMrKYPewac4z/4M1hF3IF320oOaO8IOqHE52C/XOGPmIVmSyXix5PHxeToJN/9CK7et4D DXxg/OT4E83tyI42zOoo8FFUL6GIrimliJRSpQmVIrfuJn7SIAG6ddhs1Efqq02voeqfrVVgi QcDozmGbeDOEtVn0gcJMhGLl/b7gfe6Hbl5wgLEJKWzIBEDX+Y1IbVpXN2o/qjo8wXFmygbW6 IgIJNNFEzUf/UMI4As47VOBj6F2umR3Cc09C3M/GWv3mYXipKH2kcj7m5ccDGkx+PO25Auwis TO/7DJ33E+EgDrMr04RTMIqYsUUW5s+/4rusgFphWcvx0NnNGYhLxwv3HGCS67vTzfG2SJGYu VLB1YWLZvyl1rWt6oYGhp82pZbS4vGLVh5QM5r86idKGBpdsdzOsDcOlRpDwsNKFCJFv0YeCg XJgsbSmSP+XVk9BEz6ouI47jOic5UBkWqacPs34puXKn/r7ocNFHV5Z8V+1YfUg2GXPouWg1U cpJKJsJH8rmEnQ+uAzvjY4NzgajwUzaMMIAoAJZ9H5qKc/Yyhi/EBAkpPqyY+ab/lLQbw/0qH 1xjOpR+6kspKQ9DIMs02Nq48Ezkj3R8zk/0KaoK1UInHp8JdPjMvsI3pezMofo0hEBA+KrT6J VhdlJzkEMdwdOW6VrM/Tt3Wzlq203rPvQM+E= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:20 -0700 (PDT) Provide a new lsm hook which may be used to check permission on a device by its dev_t representation only. This could be used if an inode is not available and the security_inode_permission check is not applicable. A first lsm to use this will be the lately converted cgroup_device module, to allow permission checks inside driver implementations. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ac962c4cb44b..a868982725a9 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -275,6 +275,7 @@ LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) +LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..8bc6ac8816c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_dev_permission(umode_t mode, dev_t dev, int mask); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 23b129d482a7..40f6787df3b1 100644 --- a/security/security.c +++ b/security/security.c @@ -4016,6 +4016,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } EXPORT_SYMBOL(security_inode_getsecctx); +/** + * security_dev_permission() - Check if accessing a dev is allowed + * @mode: file mode holding device type + * @dev: device + * @mask: access mask + * + * Check permission before accessing an device by its major minor. + * This hook is called by drivers which may not have an inode but only + * the dev_t representation of a device to check permission. + * + * Return: Returns 0 if permission is granted. + */ +int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return call_int_hook(dev_permission, 0, mode, dev, mask); +} +EXPORT_SYMBOL(security_dev_permission); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted -- 2.30.2