diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-31 09:23:16 -0700 | 
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-31 09:23:16 -0700 | 
| commit | 9c9d1896fa92e05e7af5a7a47e335f834aa4248c (patch) | |
| tree | bbc9f084c4b9d37201243239336c6b85172973e3 /security/selinux/hooks.c | |
| parent | dcf8e5633e2e69ad60b730ab5905608b756a032f (diff) | |
| parent | dd9373402280cf4715fdc8fd5070f7d039e43511 (diff) | |
Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
Pull LSM support for IORING_OP_URING_CMD from Paul Moore:
 "Add SELinux and Smack controls to the io_uring IORING_OP_URING_CMD.
  These are necessary as without them the IORING_OP_URING_CMD remains
  outside the purview of the LSMs (Luis' LSM patch, Casey's Smack patch,
  and my SELinux patch). They have been discussed at length with the
  io_uring folks, and Jens has given his thumbs-up on the relevant
  patches (see the commit descriptions).
  There is one patch that is not strictly necessary, but it makes
  testing much easier and is very trivial: the /dev/null
  IORING_OP_URING_CMD patch."
* tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  Smack: Provide read control for io_uring_cmd
  /dev/null: add IORING_OP_URING_CMD support
  selinux: implement the security_uring_cmd() LSM hook
  lsm,io_uring: add LSM hooks for the new uring_cmd file op
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 24 | 
1 files changed, 24 insertions, 0 deletions
| diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79573504783b..03bca97c8b29 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -91,6 +91,7 @@  #include <uapi/linux/mount.h>  #include <linux/fsnotify.h>  #include <linux/fanotify.h> +#include <linux/io_uring.h>  #include "avc.h"  #include "objsec.h" @@ -6987,6 +6988,28 @@ static int selinux_uring_sqpoll(void)  	return avc_has_perm(&selinux_state, sid, sid,  			    SECCLASS_IO_URING, IO_URING__SQPOLL, NULL);  } + +/** + * selinux_uring_cmd - check if IORING_OP_URING_CMD is allowed + * @ioucmd: the io_uring command structure + * + * Check to see if the current domain is allowed to execute an + * IORING_OP_URING_CMD against the device/file specified in @ioucmd. + * + */ +static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) +{ +	struct file *file = ioucmd->file; +	struct inode *inode = file_inode(file); +	struct inode_security_struct *isec = selinux_inode(inode); +	struct common_audit_data ad; + +	ad.type = LSM_AUDIT_DATA_FILE; +	ad.u.file = file; + +	return avc_has_perm(&selinux_state, current_sid(), isec->sid, +			    SECCLASS_IO_URING, IO_URING__CMD, &ad); +}  #endif /* CONFIG_IO_URING */  /* @@ -7231,6 +7254,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {  #ifdef CONFIG_IO_URING  	LSM_HOOK_INIT(uring_override_creds, selinux_uring_override_creds),  	LSM_HOOK_INIT(uring_sqpoll, selinux_uring_sqpoll), +	LSM_HOOK_INIT(uring_cmd, selinux_uring_cmd),  #endif  	/* | 
