From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 682AAC28D13 for ; Mon, 22 Aug 2022 21:21:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238020AbiHVVVT (ORCPT ); Mon, 22 Aug 2022 17:21:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238063AbiHVVVQ (ORCPT ); Mon, 22 Aug 2022 17:21:16 -0400 Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 203F55208E for ; Mon, 22 Aug 2022 14:21:15 -0700 (PDT) Received: by mail-qk1-x72d.google.com with SMTP id n21so8929410qkk.3 for ; Mon, 22 Aug 2022 14:21:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:from:to:cc; bh=TfAr+WtZsNrKIQGkjBb/tfdPalG4u+PDPJ+/5QKn8xM=; b=6NLLC2at5hobLZFMb/PRSHQIazCOxWgouYVmGv9etSZepkU7+Mol1KWuO2tIQMgtn2 899uZRz49DXPgdDGBwQKpV2H3FID/pXUncy8UgFZ0T2fC473arwt0vvUMYMBwskH7Mev yzHDyAjy45x1NM9nGjXXLTyDaFXH+VvpJGNg6Y2XcCDkKGSRbvI2UqLpC7setLR3CNNh +r7xB+roPetL+0c58wMVrDYTznXtTa6BVqgLueF0NKQzbLFKfw/CNGkhqeyO/XkEkGl+ AN2ljaY60XfTDTvBIhJ1QnZBEPWyK5VGy6cAzlekIRJXxZZ4nHnDfW7b14QoFqkKNchu urOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:x-gm-message-state :from:to:cc; bh=TfAr+WtZsNrKIQGkjBb/tfdPalG4u+PDPJ+/5QKn8xM=; b=sKRrtek0yn7wfD2r72ozaRClApnKjRmmCqi4/UGw2+yNwmLcuxTkxK6j9Zq+ZQoKNv dj180Qlall2QgXNOFLXlzI0uTVhjT62ugU8nuxPIc9egTFqVUmPw+jLB+Ol/iVdzTj7t O0xOO8gKdRC7XD2SIEi+cc40928J8OBuKC+rA5VwCcaKr4BMtiIxkC3vZqhlQqkaYLja BJKO8sIVrkeM113SgmxkcYvEQcm713OEi66oObS7bEfoftBlNZ6kZRyRTQZ4kv0sJe4n ocZ92gRwr64o/ZyCcLLV6NiQ9+2r0zcQ1oFqKDzRuLUrdZt5LWDyRT/9drpUXo5E6bG4 OSpw== X-Gm-Message-State: ACgBeo2lLlcXColwFpvfzZFy0oEAOIidvAa5/YDO3qy7QR4Di9TzpGit nzWAR0V/kkuELaxdOzmpT6au X-Google-Smtp-Source: AA6agR6Trm+m8bjvG4fQ14EYIOo8A5RaBj693BOZCa3YPkrDe2BHnFjHxb/65s6KEWTuVm8/Nnqj0A== X-Received: by 2002:a37:a9d8:0:b0:6ba:be20:48e2 with SMTP id s207-20020a37a9d8000000b006babe2048e2mr13655458qke.301.1661203274726; Mon, 22 Aug 2022 14:21:14 -0700 (PDT) Received: from localhost (pool-96-237-52-46.bstnma.fios.verizon.net. [96.237.52.46]) by smtp.gmail.com with ESMTPSA id dt2-20020a05620a478200b006bb024c5021sm11980198qkb.25.2022.08.22.14.21.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Aug 2022 14:21:14 -0700 (PDT) Subject: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook From: Paul Moore To: linux-security-module@vger.kernel.org, selinux@vger.kernel.org, io-uring@vger.kernel.org Cc: Arnd Bergmann , Greg Kroah-Hartman , Luis Chamberlain Date: Mon, 22 Aug 2022 17:21:13 -0400 Message-ID: <166120327379.369593.4939320600435400704.stgit@olly> In-Reply-To: <166120321387.369593.7400426327771894334.stgit@olly> References: <166120321387.369593.7400426327771894334.stgit@olly> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: io-uring@vger.kernel.org Add a SELinux access control for the iouring IORING_OP_URING_CMD command. This includes the addition of a new permission in the existing "io_uring" object class: "cmd". The subject of the new permission check is the domain of the process requesting access, the object is the open file which points to the device/file that is the target of the IORING_OP_URING_CMD operation. A sample policy rule is shown below: allow :io_uring { cmd }; Cc: stable@vger.kernel.org Fixes: ee692a21e9bf ("fs,io_uring: add infrastructure for uring-cmd") Signed-off-by: Paul Moore --- security/selinux/hooks.c | 24 ++++++++++++++++++++++++ security/selinux/include/classmap.h | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79573504783b..03bca97c8b29 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -91,6 +91,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -6987,6 +6988,28 @@ static int selinux_uring_sqpoll(void) return avc_has_perm(&selinux_state, sid, sid, SECCLASS_IO_URING, IO_URING__SQPOLL, NULL); } + +/** + * selinux_uring_cmd - check if IORING_OP_URING_CMD is allowed + * @ioucmd: the io_uring command structure + * + * Check to see if the current domain is allowed to execute an + * IORING_OP_URING_CMD against the device/file specified in @ioucmd. + * + */ +static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) +{ + struct file *file = ioucmd->file; + struct inode *inode = file_inode(file); + struct inode_security_struct *isec = selinux_inode(inode); + struct common_audit_data ad; + + ad.type = LSM_AUDIT_DATA_FILE; + ad.u.file = file; + + return avc_has_perm(&selinux_state, current_sid(), isec->sid, + SECCLASS_IO_URING, IO_URING__CMD, &ad); +} #endif /* CONFIG_IO_URING */ /* @@ -7231,6 +7254,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { #ifdef CONFIG_IO_URING LSM_HOOK_INIT(uring_override_creds, selinux_uring_override_creds), LSM_HOOK_INIT(uring_sqpoll, selinux_uring_sqpoll), + LSM_HOOK_INIT(uring_cmd, selinux_uring_cmd), #endif /* diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index ff757ae5f253..1c2f41ff4e55 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -253,7 +253,7 @@ const struct security_class_mapping secclass_map[] = { { "anon_inode", { COMMON_FILE_PERMS, NULL } }, { "io_uring", - { "override_creds", "sqpoll", NULL } }, + { "override_creds", "sqpoll", "cmd", NULL } }, { NULL } };