2023-09-12 20:56:46 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
|
|
/*
|
|
|
|
* Linux Security Modules (LSM) - User space API
|
|
|
|
*
|
|
|
|
* Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
|
|
|
|
* Copyright (C) 2022 Intel Corporation
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _UAPI_LINUX_LSM_H
|
|
|
|
#define _UAPI_LINUX_LSM_H
|
|
|
|
|
2023-12-22 14:54:37 +00:00
|
|
|
#include <linux/stddef.h>
|
2023-09-12 20:56:49 +00:00
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/unistd.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
* struct lsm_ctx - LSM context information
|
|
|
|
* @id: the LSM id number, see LSM_ID_XXX
|
|
|
|
* @flags: LSM specific flags
|
|
|
|
* @len: length of the lsm_ctx struct, @ctx and any other data or padding
|
|
|
|
* @ctx_len: the size of @ctx
|
|
|
|
* @ctx: the LSM context value
|
|
|
|
*
|
|
|
|
* The @len field MUST be equal to the size of the lsm_ctx struct
|
|
|
|
* plus any additional padding and/or data placed after @ctx.
|
|
|
|
*
|
|
|
|
* In all cases @ctx_len MUST be equal to the length of @ctx.
|
|
|
|
* If @ctx is a string value it should be nul terminated with
|
|
|
|
* @ctx_len equal to `strlen(@ctx) + 1`. Binary values are
|
|
|
|
* supported.
|
|
|
|
*
|
|
|
|
* The @flags and @ctx fields SHOULD only be interpreted by the
|
|
|
|
* LSM specified by @id; they MUST be set to zero/0 when not used.
|
|
|
|
*/
|
|
|
|
struct lsm_ctx {
|
|
|
|
__u64 id;
|
|
|
|
__u64 flags;
|
|
|
|
__u64 len;
|
|
|
|
__u64 ctx_len;
|
2023-12-22 14:54:37 +00:00
|
|
|
__u8 ctx[] __counted_by(ctx_len);
|
2023-09-12 20:56:49 +00:00
|
|
|
};
|
|
|
|
|
2023-09-12 20:56:46 +00:00
|
|
|
/*
|
|
|
|
* ID tokens to identify Linux Security Modules (LSMs)
|
|
|
|
*
|
|
|
|
* These token values are used to uniquely identify specific LSMs
|
|
|
|
* in the kernel as well as in the kernel's LSM userspace API.
|
|
|
|
*
|
|
|
|
* A value of zero/0 is considered undefined and should not be used
|
|
|
|
* outside the kernel. Values 1-99 are reserved for potential
|
|
|
|
* future use.
|
|
|
|
*/
|
|
|
|
#define LSM_ID_UNDEF 0
|
|
|
|
#define LSM_ID_CAPABILITY 100
|
|
|
|
#define LSM_ID_SELINUX 101
|
|
|
|
#define LSM_ID_SMACK 102
|
|
|
|
#define LSM_ID_TOMOYO 103
|
2023-10-18 21:41:41 +00:00
|
|
|
#define LSM_ID_APPARMOR 104
|
|
|
|
#define LSM_ID_YAMA 105
|
|
|
|
#define LSM_ID_LOADPIN 106
|
|
|
|
#define LSM_ID_SAFESETID 107
|
|
|
|
#define LSM_ID_LOCKDOWN 108
|
|
|
|
#define LSM_ID_BPF 109
|
|
|
|
#define LSM_ID_LANDLOCK 110
|
ima: Move to LSM infrastructure
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Having IMA before EVM in the Makefile is sufficient to preserve the
relative order of the new 'ima' LSM in respect to the upcoming 'evm' LSM,
and thus the order of IMA and EVM function calls as when they were
hardcoded.
Make moved functions as static (except ima_post_key_create_or_update(),
which is not in ima_main.c), and register them as implementation of the
respective hooks in the new function init_ima_lsm().
Select CONFIG_SECURITY_PATH, to ensure that the path-based LSM hook
path_post_mknod is always available and ima_post_path_mknod() is always
executed to mark files as new, as before the move.
A slight difference is that IMA and EVM functions registered for the
inode_post_setattr, inode_post_removexattr, path_post_mknod,
inode_post_create_tmpfile, inode_post_set_acl and inode_post_remove_acl
won't be executed for private inodes. Since those inodes are supposed to be
fs-internal, they should not be of interest to IMA or EVM. The S_PRIVATE
flag is used for anonymous inodes, hugetlbfs, reiserfs xattrs, XFS scrub
and kernel-internal tmpfs files.
Conditionally register ima_post_key_create_or_update() if
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Also, conditionally register
ima_kernel_module_request() if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled.
Finally, add the LSM_ID_IMA case in lsm_list_modules_test.c.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 10:31:08 +00:00
|
|
|
#define LSM_ID_IMA 111
|
evm: Move to LSM infrastructure
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(last and always enabled like 'ima'). The order in the Makefile ensures
that 'evm' hooks are executed after 'ima' ones.
Make EVM functions as static (except for evm_inode_init_security(), which
is exported), and register them as hook implementations in init_evm_lsm().
Also move the inline functions evm_inode_remove_acl(),
evm_inode_post_remove_acl(), and evm_inode_post_set_acl() from the public
evm.h header to evm_main.c.
Unlike before (see commit to move IMA to the LSM infrastructure),
evm_inode_post_setattr(), evm_inode_post_set_acl(),
evm_inode_post_remove_acl(), and evm_inode_post_removexattr() are not
executed for private inodes.
Finally, add the LSM_ID_EVM case in lsm_list_modules_test.c
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 10:31:10 +00:00
|
|
|
#define LSM_ID_EVM 112
|
2023-09-12 20:56:46 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* LSM_ATTR_XXX definitions identify different LSM attributes
|
|
|
|
* which are used in the kernel's LSM userspace API. Support
|
|
|
|
* for these attributes vary across the different LSMs. None
|
|
|
|
* are required.
|
|
|
|
*
|
|
|
|
* A value of zero/0 is considered undefined and should not be used
|
|
|
|
* outside the kernel. Values 1-99 are reserved for potential
|
|
|
|
* future use.
|
|
|
|
*/
|
|
|
|
#define LSM_ATTR_UNDEF 0
|
|
|
|
#define LSM_ATTR_CURRENT 100
|
|
|
|
#define LSM_ATTR_EXEC 101
|
|
|
|
#define LSM_ATTR_FSCREATE 102
|
|
|
|
#define LSM_ATTR_KEYCREATE 103
|
|
|
|
#define LSM_ATTR_PREV 104
|
|
|
|
#define LSM_ATTR_SOCKCREATE 105
|
|
|
|
|
2023-09-12 20:56:49 +00:00
|
|
|
/*
|
|
|
|
* LSM_FLAG_XXX definitions identify special handling instructions
|
|
|
|
* for the API.
|
|
|
|
*/
|
|
|
|
#define LSM_FLAG_SINGLE 0x0001
|
|
|
|
|
2023-09-12 20:56:46 +00:00
|
|
|
#endif /* _UAPI_LINUX_LSM_H */
|