2023-09-12 20:56:56 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
/*
|
|
|
|
|
* Linux Security Module infrastructure tests
|
|
|
|
|
* Tests for the lsm_list_modules system call
|
|
|
|
|
*
|
|
|
|
|
* Copyright © 2022 Casey Schaufler <casey@schaufler-ca.com>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
|
#include <linux/lsm.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include "../kselftest_harness.h"
|
|
|
|
|
#include "common.h"
|
|
|
|
|
|
|
|
|
|
TEST(size_null_lsm_list_modules)
|
|
|
|
|
{
|
|
|
|
|
const long page_size = sysconf(_SC_PAGESIZE);
|
|
|
|
|
__u64 *syscall_lsms = calloc(page_size, 1);
|
|
|
|
|
|
|
|
|
|
ASSERT_NE(NULL, syscall_lsms);
|
|
|
|
|
errno = 0;
|
|
|
|
|
ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, NULL, 0));
|
|
|
|
|
ASSERT_EQ(EFAULT, errno);
|
|
|
|
|
|
|
|
|
|
free(syscall_lsms);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ids_null_lsm_list_modules)
|
|
|
|
|
{
|
|
|
|
|
const long page_size = sysconf(_SC_PAGESIZE);
|
|
|
|
|
size_t size = page_size;
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
ASSERT_EQ(-1, lsm_list_modules(NULL, &size, 0));
|
|
|
|
|
ASSERT_EQ(EFAULT, errno);
|
|
|
|
|
ASSERT_NE(1, size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(size_too_small_lsm_list_modules)
|
|
|
|
|
{
|
|
|
|
|
const long page_size = sysconf(_SC_PAGESIZE);
|
|
|
|
|
__u64 *syscall_lsms = calloc(page_size, 1);
|
|
|
|
|
size_t size = 1;
|
|
|
|
|
|
|
|
|
|
ASSERT_NE(NULL, syscall_lsms);
|
|
|
|
|
errno = 0;
|
|
|
|
|
ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 0));
|
|
|
|
|
ASSERT_EQ(E2BIG, errno);
|
|
|
|
|
ASSERT_NE(1, size);
|
|
|
|
|
|
|
|
|
|
free(syscall_lsms);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(flags_set_lsm_list_modules)
|
|
|
|
|
{
|
|
|
|
|
const long page_size = sysconf(_SC_PAGESIZE);
|
|
|
|
|
__u64 *syscall_lsms = calloc(page_size, 1);
|
|
|
|
|
size_t size = page_size;
|
|
|
|
|
|
|
|
|
|
ASSERT_NE(NULL, syscall_lsms);
|
|
|
|
|
errno = 0;
|
|
|
|
|
ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 7));
|
|
|
|
|
ASSERT_EQ(EINVAL, errno);
|
|
|
|
|
ASSERT_EQ(page_size, size);
|
|
|
|
|
|
|
|
|
|
free(syscall_lsms);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(correct_lsm_list_modules)
|
|
|
|
|
{
|
|
|
|
|
const long page_size = sysconf(_SC_PAGESIZE);
|
|
|
|
|
size_t size = page_size;
|
|
|
|
|
__u64 *syscall_lsms = calloc(page_size, 1);
|
|
|
|
|
char *sysfs_lsms = calloc(page_size, 1);
|
|
|
|
|
char *name;
|
|
|
|
|
char *cp;
|
|
|
|
|
int count;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
ASSERT_NE(NULL, sysfs_lsms);
|
|
|
|
|
ASSERT_NE(NULL, syscall_lsms);
|
|
|
|
|
ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size));
|
|
|
|
|
|
|
|
|
|
count = lsm_list_modules(syscall_lsms, &size, 0);
|
|
|
|
|
ASSERT_LE(1, count);
|
|
|
|
|
cp = sysfs_lsms;
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
|
switch (syscall_lsms[i]) {
|
|
|
|
|
case LSM_ID_CAPABILITY:
|
|
|
|
|
name = "capability";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_SELINUX:
|
|
|
|
|
name = "selinux";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_SMACK:
|
|
|
|
|
name = "smack";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_TOMOYO:
|
|
|
|
|
name = "tomoyo";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_APPARMOR:
|
|
|
|
|
name = "apparmor";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_YAMA:
|
|
|
|
|
name = "yama";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_LOADPIN:
|
|
|
|
|
name = "loadpin";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_SAFESETID:
|
|
|
|
|
name = "safesetid";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_LOCKDOWN:
|
|
|
|
|
name = "lockdown";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_BPF:
|
|
|
|
|
name = "bpf";
|
|
|
|
|
break;
|
|
|
|
|
case LSM_ID_LANDLOCK:
|
|
|
|
|
name = "landlock";
|
|
|
|
|
break;
|
ima: Move to LSM infrastructure
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Having IMA before EVM in the Makefile is sufficient to preserve the
relative order of the new 'ima' LSM in respect to the upcoming 'evm' LSM,
and thus the order of IMA and EVM function calls as when they were
hardcoded.
Make moved functions as static (except ima_post_key_create_or_update(),
which is not in ima_main.c), and register them as implementation of the
respective hooks in the new function init_ima_lsm().
Select CONFIG_SECURITY_PATH, to ensure that the path-based LSM hook
path_post_mknod is always available and ima_post_path_mknod() is always
executed to mark files as new, as before the move.
A slight difference is that IMA and EVM functions registered for the
inode_post_setattr, inode_post_removexattr, path_post_mknod,
inode_post_create_tmpfile, inode_post_set_acl and inode_post_remove_acl
won't be executed for private inodes. Since those inodes are supposed to be
fs-internal, they should not be of interest to IMA or EVM. The S_PRIVATE
flag is used for anonymous inodes, hugetlbfs, reiserfs xattrs, XFS scrub
and kernel-internal tmpfs files.
Conditionally register ima_post_key_create_or_update() if
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Also, conditionally register
ima_kernel_module_request() if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled.
Finally, add the LSM_ID_IMA case in lsm_list_modules_test.c.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 10:31:08 +00:00
|
|
|
case LSM_ID_IMA:
|
|
|
|
|
name = "ima";
|
|
|
|
|
break;
|
evm: Move to LSM infrastructure
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(last and always enabled like 'ima'). The order in the Makefile ensures
that 'evm' hooks are executed after 'ima' ones.
Make EVM functions as static (except for evm_inode_init_security(), which
is exported), and register them as hook implementations in init_evm_lsm().
Also move the inline functions evm_inode_remove_acl(),
evm_inode_post_remove_acl(), and evm_inode_post_set_acl() from the public
evm.h header to evm_main.c.
Unlike before (see commit to move IMA to the LSM infrastructure),
evm_inode_post_setattr(), evm_inode_post_set_acl(),
evm_inode_post_remove_acl(), and evm_inode_post_removexattr() are not
executed for private inodes.
Finally, add the LSM_ID_EVM case in lsm_list_modules_test.c
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 10:31:10 +00:00
|
|
|
case LSM_ID_EVM:
|
|
|
|
|
name = "evm";
|
|
|
|
|
break;
|
2023-09-12 20:56:56 +00:00
|
|
|
default:
|
|
|
|
|
name = "INVALID";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
ASSERT_EQ(0, strncmp(cp, name, strlen(name)));
|
|
|
|
|
cp += strlen(name) + 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(sysfs_lsms);
|
|
|
|
|
free(syscall_lsms);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_HARNESS_MAIN
|