[LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

Wei Gao wegao@suse.com
Tue Nov 12 09:26:17 CET 2024 

On Tue, Nov 12, 2024 at 08:15:32AM +0100, Andrea Cervesato wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
> 
> Fallback definition for the following syscalls:
> 
> - lsm_get_self_attr
> - lsm_set_self_attr
> - lsm_list_modules
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  configure.ac       |   3 +-
>  include/lapi/lsm.h | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 174 insertions(+), 1 deletion(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 6992d75ca300ccc4cc21a45a916f6b3be1a3b8fe..99c00d1b9b4cda48cb0ce07af03b97855dcdfd36 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -62,6 +62,7 @@ AC_CHECK_HEADERS_ONCE([ \
>      linux/ioprio.h \
>      linux/keyctl.h \
>      linux/landlock.h \
> +    linux/lsm.h \
>      linux/mempolicy.h \
>      linux/module.h \
>      linux/mount.h \
> @@ -196,7 +197,7 @@ AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
>  AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
>  AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include <linux/landlock.h>])
>  AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include <linux/landlock.h>])
> -
> +AC_CHECK_TYPES([struct lsm_ctx],,,[#include <linux/lsm.h>])
>  AC_CHECK_TYPES([struct mmsghdr],,,[
>  #define _GNU_SOURCE
>  #include <sys/types.h>
> diff --git a/include/lapi/lsm.h b/include/lapi/lsm.h
> new file mode 100644
> index 0000000000000000000000000000000000000000..a37ed0175289c420040ea744e4eaa524d17cbe7d
> --- /dev/null
> +++ b/include/lapi/lsm.h
> @@ -0,0 +1,172 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LAPI_LSM_H__
> +#define LAPI_LSM_H__
> +
> +#include "config.h"
> +
> +#ifdef HAVE_LINUX_LSM_H
> +#include <linux/lsm.h>
> +#endif
I guess s/#endif/#else ?
> +
> +#include <stdint.h>
> +#include "lapi/syscalls.h"
> +
> +#ifndef HAVE_STRUCT_LSM_CTX
> +
> +/**
> + * struct lsm_ctx - LSM context information
> + * @id: the LSM id number, see LSM_ID_XXX
> + * @flags: LSM specific flags
> + * @len: length of the lsm_ctx struct, @ctx and any other data or padding
> + * @ctx_len: the size of @ctx
> + * @ctx: the LSM context value
> + *
> + * The @len field MUST be equal to the size of the lsm_ctx struct
> + * plus any additional padding and/or data placed after @ctx.
> + *
> + * In all cases @ctx_len MUST be equal to the length of @ctx.
> + * If @ctx is a string value it should be nul terminated with
> + * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
> + * supported.
> + *
> + * The @flags and @ctx fields SHOULD only be interpreted by the
> + * LSM specified by @id; they MUST be set to zero/0 when not used.
> + */
> +struct lsm_ctx {
> +	uint64_t id;
> +	uint64_t flags;
> +	uint64_t len;
> +	uint64_t ctx_len;
> +	uint8_t ctx[4096];
> +};
> +#endif
> +
> +/*
> + * ID tokens to identify Linux Security Modules (LSMs)
> + *
> + * These token values are used to uniquely identify specific LSMs
> + * in the kernel as well as in the kernel's LSM userspace API.
> + */
> +#ifndef LSM_ID_UNDEF
> +# define LSM_ID_UNDEF		0
> +#endif
> +
> +#ifndef LSM_ID_CAPABILITY
> +# define LSM_ID_CAPABILITY	100
> +#endif
> +
> +#ifndef LSM_ID_SELINUX
> +# define LSM_ID_SELINUX		101
> +#endif
> +
> +#ifndef LSM_ID_SMACK
> +# define LSM_ID_SMACK		102
> +#endif
> +
> +#ifndef LSM_ID_TOMOYO
> +# define LSM_ID_TOMOYO		103
> +#endif
> +
> +#ifndef LSM_ID_APPARMOR
> +# define LSM_ID_APPARMOR	104
> +#endif
> +
> +#ifndef LSM_ID_YAMA
> +# define LSM_ID_YAMA		105
> +#endif
> +
> +#ifndef LSM_ID_LOADPIN
> +# define LSM_ID_LOADPIN		106
> +#endif
> +
> +#ifndef LSM_ID_SAFESETID
> +# define LSM_ID_SAFESETID	107
> +#endif
> +
> +#ifndef LSM_ID_LOCKDOWN
> +# define LSM_ID_LOCKDOWN	108
> +#endif
> +
> +#ifndef LSM_ID_BPF
> +# define LSM_ID_BPF		109
> +#endif
> +
> +#ifndef LSM_ID_LANDLOCK
> +# define LSM_ID_LANDLOCK	110
> +#endif
> +
> +#ifndef LSM_ID_IMA
> +# define LSM_ID_IMA		111
> +#endif
> +
> +#ifndef LSM_ID_EVM
> +# define LSM_ID_EVM		112
> +#endif
> +
> +#ifndef LSM_ID_IPE
> +# define LSM_ID_IPE		113
> +#endif
> +
> +/*
> + * LSM_ATTR_XXX definitions identify different LSM attributes
> + * which are used in the kernel's LSM userspace API. Support
> + * for these attributes vary across the different LSMs. None
> + * are required.
> + */
> +#ifndef LSM_ATTR_UNDEF
> +# define LSM_ATTR_UNDEF		0
> +#endif
> +
> +#ifndef LSM_ATTR_CURRENT
> +# define LSM_ATTR_CURRENT	100
> +#endif
> +
> +#ifndef LSM_ATTR_EXEC
> +# define LSM_ATTR_EXEC		101
> +#endif
> +
> +#ifndef LSM_ATTR_FSCREATE
> +# define LSM_ATTR_FSCREATE	102
> +#endif
> +
> +#ifndef LSM_ATTR_KEYCREATE
> +# define LSM_ATTR_KEYCREATE	103
> +#endif
> +
> +#ifndef LSM_ATTR_PREV
> +# define LSM_ATTR_PREV		104
> +#endif
> +
> +#ifndef LSM_ATTR_SOCKCREATE
> +# define LSM_ATTR_SOCKCREATE	105
> +#endif
> +
> +/*
> + * LSM_FLAG_XXX definitions identify special handling instructions
> + * for the API.
> + */
> +#ifndef LSM_FLAG_SINGLE
> +# define LSM_FLAG_SINGLE	0x0001
> +#endif
> +
> +static inline int lsm_get_self_attr(uint32_t attr, struct lsm_ctx *ctx,
> +				    uint32_t *size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags);
> +}
> +
> +static inline int lsm_set_self_attr(uint32_t attr, struct lsm_ctx *ctx,
> +				    uint32_t size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags);
> +}
> +
> +static inline int lsm_list_modules(uint64_t *ids, uint32_t *size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_list_modules, ids, size, flags);
> +}
> +#endif
> 
> -- 
> 2.43.0
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

More information about the ltp mailing list