Commit 344fa64e authored by David Howells's avatar David Howells
Browse files

security: Add a hook for the point of notification insertion 



Add a security hook that allows an LSM to rule on whether a notification
message is allowed to be inserted into a particular watch queue.

The hook is given the following information:

 (1) The credentials of the triggerer (which may be init_cred for a system
     notification, eg. a hardware error).

 (2) The credentials of the whoever set the watch.

 (3) The notification message.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarJames Morris <jamorris@linux.microsoft.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-security-module@vger.kernel.org
parent 0858caa4

include/linux/lsm_hook_defs.h

+5 −0
Original line number Diff line number Diff line
@@ -253,6 +253,11 @@ LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) 
LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx,

	 u32 *ctxlen)



#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)

LSM_HOOK(int, 0, post_notification, const struct cred *w_cred,

	 const struct cred *cred, struct watch_notification *n)

#endif /* CONFIG_SECURITY && CONFIG_KEY_NOTIFICATIONS */



#ifdef CONFIG_SECURITY_NETWORK

LSM_HOOK(int, 0, unix_stream_connect, struct sock *sock, struct sock *other,

	 struct sock *newsk)

include/linux/lsm_hooks.h

+9 −0
Original line number Diff line number Diff line
@@ -1437,6 +1437,15 @@ 
 *	@ctx is a pointer in which to place the allocated security context.

 *	@ctxlen points to the place to put the length of @ctx.

 *

 * Security hooks for the general notification queue:

 *

 * @post_notification:

 *	Check to see if a watch notification can be posted to a particular

 *	queue.

 *	@w_cred: The credentials of the whoever set the watch.

 *	@cred: The event-triggerer's credentials

 *	@n: The notification being posted

 *

 * Security hooks for using the eBPF maps and programs functionalities through

 * eBPF syscalls.

 *

include/linux/security.h

+15 −0
Original line number Diff line number Diff line
@@ -56,6 +56,8 @@ struct mm_struct; 
struct fs_context;

struct fs_parameter;

enum fs_value_type;

struct watch;

struct watch_notification;



/* Default (no) options for the capable function */

#define CAP_OPT_NONE 0x0
@@ -1275,6 +1277,19 @@ static inline int security_locked_down(enum lockdown_reason what) 
}

#endif	/* CONFIG_SECURITY */



#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)

int security_post_notification(const struct cred *w_cred,

			       const struct cred *cred,

			       struct watch_notification *n);

#else

static inline int security_post_notification(const struct cred *w_cred,

					     const struct cred *cred,

					     struct watch_notification *n)

{

	return 0;

}

#endif



#ifdef CONFIG_SECURITY_NETWORK



int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);

security/security.c

+9 −0
Original line number Diff line number Diff line
@@ -2007,6 +2007,15 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 
}

EXPORT_SYMBOL(security_inode_getsecctx);



#ifdef CONFIG_WATCH_QUEUE

int security_post_notification(const struct cred *w_cred,

			       const struct cred *cred,

			       struct watch_notification *n)

{

	return call_int_hook(post_notification, 0, w_cred, cred, n);

}

#endif /* CONFIG_WATCH_QUEUE */



#ifdef CONFIG_SECURITY_NETWORK



int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)

CRA Git | Maintained and supported by SUSTech CRA and CCSE