Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3709059rdg; Wed, 18 Oct 2023 03:57:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE2wM08QTtrJK9wXdxh9kSQrsAsuVTjzFJ8s880OvCURth7JAEWUMYaURR2LosNZVRNmLei X-Received: by 2002:a17:902:bd07:b0:1c9:c951:57f9 with SMTP id p7-20020a170902bd0700b001c9c95157f9mr3932170pls.68.1697626650290; Wed, 18 Oct 2023 03:57:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626650; cv=none; d=google.com; s=arc-20160816; b=lGUeKf/F+ioG80bN7DlltBpUeOlrZZvfyrPvc/FOVvlhkjb2GZ9tgjfRp/0qCtnjZW jGS2DFrBxjwq6+o9NmQJ3EvFidYSxTv66SexV/zgdUd9XEGV7JhsamigkMEmwcpTrYk0 p1xxjjbTF9Qf44lYk6OqdoGdIiSDE0F7c67tWzPqnU2xdHuv+duHbHCZxX0VHi4Cbbbm bemR87uxobWC7f8zjzxigOa6ESfXgqe3/Pc3KYYjSu+XDe8ma/FTv6hL+Arf2HBzVyXv 7yTkXzvKCA/K0Pr+4QOF6S2ZdYzbpoPS7tl0en+R0Ab88svaoMTXxDT0QGEF91GvZTRj 0Wdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9B3vG4AqSkyndYqXFCb2qiY7Gja6nxIbjcaEafCQSuo=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=PiYTK25c1gC0N/C4gHs3pBiTe0tbrmYk6m3Ow8xwy+4TbYmQoplIwmM8RM330SAfIA KBtRsSlwQOngAb4FpUQ4gIWpIXiejJMtzwS71U7FPW/7sU5YS1SfifFRyRYrLeNihA8z RLpZpU7g3GE8JgqjdEQLDHFu73M3dsDbnH4kryWUUb1fEcnpyDx0tCBVdYNSENSonMhG fU/D0Bo3kaWFB8uAeqxIiBHn6sLlJSfldwfGIzuRXJMc9bXZG3/wIyqaqRNsm04iBTBV b8Qfs+7Na8pY1vK9keeCc8Op3zHGeTrm+dITcuQ8axRpOKWSwSGm5sUyTZiK8SMzZRRs /lDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id b3-20020a170903228300b001c32fe6cdf9si3840567plh.386.2023.10.18.03.57.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 7F742817297A; Wed, 18 Oct 2023 03:57:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230097AbjJRK5Q (ORCPT + 99 others); Wed, 18 Oct 2023 06:57:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229957AbjJRK5H (ORCPT ); Wed, 18 Oct 2023 06:57:07 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F054D10F; Wed, 18 Oct 2023 03:57:00 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MMH2M-1r95ee1XaI-00JFRa; Wed, 18 Oct 2023 12:50:58 +0200 From: =?UTF-8?q?Michael=20Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?UTF-8?q?Michael=20Wei=C3=9F?= Subject: [RFC PATCH v2 05/14] device_cgroup: Implement dev_permission() hook Date: Wed, 18 Oct 2023 12:50:24 +0200 Message-Id: <20231018105033.13669-6-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:6fQpbyJ4yqJDdtOE6U4o2qVRNJKIJVyBf29udf+uc+/N6tF9IoH 8t1C1cC3mS3KGqZ/fM8NSuVnL6Vku/6d75OreD1W+PTZyYWT+AMUoZD8nvd5WUkz4It8oYV mgBzW/YuC1VAn4JxY8EG2yvXiiH+neM+67Kx7SQvAdbY4iqGXZEZfndLZ2yjmFqmQKH7x7O WCKWWnxi80y53tE+xJeDQ== UI-OutboundReport: notjunk:1;M01:P0:KPld94mI8N4=;N5vkTOFrb90fmkbkDDAVyBwDY1S iSSlHRHjf4q3fcYpQi2uV4atpZakxYxRd5K/nnE5ZtC5OHztPnS+HrvCIicEdHDg0+dFvoP10 9+osU9/vMqFSITdyeVzNKkDAcnG1s+80I0sonWh4ew4v/+uO9NOcfPV41jbKxk9finPj+wCYx Kf/R8sfgSSQdwc5WD7Jf912gqMx8ZJCk832N1cOv1dJta18N5Fp5zugPTrbgJ4nBN8VF1Dp34 deE1sQxseptMz9Nu/2Jaq/FgSikZltEcyTYxvgLdpjKrCgt0yAzYk0mRp6qzZxldPIhp72DqE oCmYvd15SWqbRtsAk8Kosrwm2aOsaf63lOBgYL3TwYACa6U6jA/RlGVr7/0zNrLqJGSfXOHew Fija+0MTBFjwPztpJjjuRe/UV5oVpRqo+R/RpPbX6ZVtZlIJNO0j7V2HUqqGIvXDHqKDdhBDV 0+qNsqdffVqcNUEzfM2SFk/ldpy6XAwm/rtuqhLPN8eDNdAGThTMVwHZrv1Tk2UiZ+ITMhjU+ 54q4O5fgJvI1Z/m3dfpahcZNyaPh9rJp+4EkzdtRthcZbK+aNpVtL2+3GQPYeuXNwzjMqS3+j 0uL1A59J6xyLXFa0hBymQ7mB7SyOMUDCbwK9HxPrxBW3v3Q/E+d39PNe1+l/TKGp8a3nTEMVg ENSiswgiFJ0GYnRIDO85VWmEue6ZDo0jLMR0+vJOOJNY7+wGCpawu+w1R1VYSVhhto1BWjz9d 1I99ijX+DKqk0YMLZchWWuaUpjODgCG4U2v/OEhdR74RUTdLqtIapgRVU5F5+zBjHm2QlrYC2 SbQE1DWntVeHqDajVQJBuN4lODsT3u+riJIlOMK7El+bDwq+ZtxUxaweSmGRJYJYYa8ut2Y01 Y1xFRIGWq0aAocm8sER2aELs2LbzJwq4bxJw= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:27 -0700 (PDT) Wrap devcgroup_check_permission() by implementing the new security hook dev_permission(). Signed-off-by: Michael Weiß --- security/device_cgroup/lsm.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index ef30cff1f610..987d2c20a577 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -14,29 +14,32 @@ #include #include -static int devcg_inode_permission(struct inode *inode, int mask) +static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0; - if (likely(!inode->i_rdev)) - return 0; - - if (S_ISBLK(inode->i_mode)) + if (S_ISBLK(mode)) type = DEVCG_DEV_BLOCK; - else if (S_ISCHR(inode->i_mode)) - type = DEVCG_DEV_CHAR; else - return 0; + type = DEVCG_DEV_CHAR; if (mask & MAY_WRITE) access |= DEVCG_ACC_WRITE; if (mask & MAY_READ) access |= DEVCG_ACC_READ; - return devcgroup_check_permission(type, imajor(inode), iminor(inode), + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), access); } +static int devcg_inode_permission(struct inode *inode, int mask) +{ + if (likely(!inode->i_rdev)) + return 0; + + return devcg_dev_permission(inode->i_mode, inode->i_rdev, mask); +} + static int __devcg_inode_mknod(int mode, dev_t dev, short access) { short type; @@ -65,6 +68,7 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), + LSM_HOOK_INIT(dev_permission, devcg_dev_permission), }; static int __init devcgroup_init(void) -- 2.30.2