2019-06-04 10:11:33 +02:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
2005-04-16 15:20:36 -07:00
|
|
|
/*
|
2023-07-18 13:13:35 -04:00
|
|
|
* Security-Enhanced Linux (SELinux) security module
|
2005-04-16 15:20:36 -07:00
|
|
|
*
|
|
|
|
|
* This file contains the SELinux security data structures for kernel objects.
|
|
|
|
|
*
|
2023-07-19 11:12:50 -04:00
|
|
|
* Author(s): Stephen Smalley, <stephen.smalley.work@gmail.com>
|
2008-04-22 17:46:10 -04:00
|
|
|
* Chris Vance, <cvance@nai.com>
|
|
|
|
|
* Wayne Salamon, <wsalamon@nai.com>
|
|
|
|
|
* James Morris <jmorris@redhat.com>
|
2005-04-16 15:20:36 -07:00
|
|
|
*
|
|
|
|
|
* Copyright (C) 2001,2002 Networks Associates Technology, Inc.
|
|
|
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
2017-05-19 15:48:56 +03:00
|
|
|
* Copyright (C) 2016 Mellanox Technologies
|
2005-04-16 15:20:36 -07:00
|
|
|
*/
|
2023-12-21 17:18:53 -05:00
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
#ifndef _SELINUX_OBJSEC_H_
|
|
|
|
|
#define _SELINUX_OBJSEC_H_
|
|
|
|
|
|
|
|
|
|
#include <linux/list.h>
|
|
|
|
|
#include <linux/sched.h>
|
|
|
|
|
#include <linux/fs.h>
|
|
|
|
|
#include <linux/binfmts.h>
|
|
|
|
|
#include <linux/in.h>
|
2006-11-17 17:38:53 -05:00
|
|
|
#include <linux/spinlock.h>
|
2018-11-12 09:30:56 -08:00
|
|
|
#include <linux/lsm_hooks.h>
|
2018-09-21 17:19:45 -07:00
|
|
|
#include <linux/msg.h>
|
2014-09-10 17:09:57 -04:00
|
|
|
#include <net/net_namespace.h>
|
2005-04-16 15:20:36 -07:00
|
|
|
#include "flask.h"
|
|
|
|
|
#include "avc.h"
|
|
|
|
|
|
selinux: reduce path walk overhead
Reduce the SELinux performance overhead during path walks through the
use of a per-task directory access cache and some minor code
optimizations. The directory access cache is per-task because it allows
for a lockless cache while also fitting well with a common application
pattern of heavily accessing a relatively small number of SELinux
directory labels. The cache is inherited by child processes when the
child runs with the same SELinux domain as the parent, and invalidated
on changes to the task's SELinux domain or the loaded SELinux policy.
A cache of four entries was chosen based on testing with the Fedora
"targeted" policy, a SELinux Reference Policy variant, and
'make allmodconfig' on Linux v6.14.
Code optimizations include better use of inline functions to reduce
function calls in the common case, especially in the inode revalidation
code paths, and elimination of redundant checks between the LSM and
SELinux layers.
As mentioned briefly above, aside from general use and regression
testing with the selinux-testsuite, performance was measured using
'make allmodconfig' with Linux v6.14 as a base reference. As expected,
there were variations from one test run to another, but the measurements
below are a good representation of the test results seen on my test
system.
* Linux v6.14
REF
1.26% [k] __d_lookup_rcu
SELINUX (1.31%)
0.58% [k] selinux_inode_permission
0.29% [k] avc_lookup
0.25% [k] avc_has_perm_noaudit
0.19% [k] __inode_security_revalidate
* Linux v6.14 + patch
REF
1.41% [k] __d_lookup_rcu
SELINUX (0.89%)
0.65% [k] selinux_inode_permission
0.15% [k] avc_lookup
0.05% [k] avc_has_perm_noaudit
0.04% [k] avc_policy_seqno
X.XX% [k] __inode_security_revalidate (now inline)
In both cases the __d_lookup_rcu() function was used as a reference
point to establish a context for the SELinux related functions. On a
unpatched Linux v6.14 system we see the time spent in the combined
SELinux functions exceeded that of __d_lookup_rcu(), 1.31% compared to
1.26%. However, with this patch applied the time spent in the combined
SELinux functions dropped to roughly 65% of the time spent in
__d_lookup_rcu(), 0.89% compared to 1.41%. Aside from the significant
decrease in time spent in the SELinux AVC, it appears that any additional
time spent searching and updating the cache is offset by other code
improvements, e.g. time spent in selinux_inode_permission() +
__inode_security_revalidate() + avc_policy_seqno() is less on the
patched kernel than the unpatched kernel.
It is worth noting that in this patch the use of the per-task cache is
limited to the security_inode_permission() LSM callback,
selinux_inode_permission(), but future work could expand the cache into
inode_has_perm(), likely through consolidation of the two functions.
While this would likely have little to no impact on path walks, it
may benefit other operations.
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-04-10 15:20:32 -04:00
|
|
|
struct avdc_entry {
|
|
|
|
|
u32 isid; /* inode SID */
|
|
|
|
|
u32 allowed; /* allowed permission bitmask */
|
|
|
|
|
u32 audited; /* audited permission bitmask */
|
|
|
|
|
bool permissive; /* AVC permissive flag */
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
struct task_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 osid; /* SID prior to last execve */
|
|
|
|
|
u32 sid; /* current SID */
|
|
|
|
|
u32 exec_sid; /* exec SID */
|
|
|
|
|
u32 create_sid; /* fscreate SID */
|
|
|
|
|
u32 keycreate_sid; /* keycreate SID */
|
|
|
|
|
u32 sockcreate_sid; /* fscreate SID */
|
selinux: reduce path walk overhead
Reduce the SELinux performance overhead during path walks through the
use of a per-task directory access cache and some minor code
optimizations. The directory access cache is per-task because it allows
for a lockless cache while also fitting well with a common application
pattern of heavily accessing a relatively small number of SELinux
directory labels. The cache is inherited by child processes when the
child runs with the same SELinux domain as the parent, and invalidated
on changes to the task's SELinux domain or the loaded SELinux policy.
A cache of four entries was chosen based on testing with the Fedora
"targeted" policy, a SELinux Reference Policy variant, and
'make allmodconfig' on Linux v6.14.
Code optimizations include better use of inline functions to reduce
function calls in the common case, especially in the inode revalidation
code paths, and elimination of redundant checks between the LSM and
SELinux layers.
As mentioned briefly above, aside from general use and regression
testing with the selinux-testsuite, performance was measured using
'make allmodconfig' with Linux v6.14 as a base reference. As expected,
there were variations from one test run to another, but the measurements
below are a good representation of the test results seen on my test
system.
* Linux v6.14
REF
1.26% [k] __d_lookup_rcu
SELINUX (1.31%)
0.58% [k] selinux_inode_permission
0.29% [k] avc_lookup
0.25% [k] avc_has_perm_noaudit
0.19% [k] __inode_security_revalidate
* Linux v6.14 + patch
REF
1.41% [k] __d_lookup_rcu
SELINUX (0.89%)
0.65% [k] selinux_inode_permission
0.15% [k] avc_lookup
0.05% [k] avc_has_perm_noaudit
0.04% [k] avc_policy_seqno
X.XX% [k] __inode_security_revalidate (now inline)
In both cases the __d_lookup_rcu() function was used as a reference
point to establish a context for the SELinux related functions. On a
unpatched Linux v6.14 system we see the time spent in the combined
SELinux functions exceeded that of __d_lookup_rcu(), 1.31% compared to
1.26%. However, with this patch applied the time spent in the combined
SELinux functions dropped to roughly 65% of the time spent in
__d_lookup_rcu(), 0.89% compared to 1.41%. Aside from the significant
decrease in time spent in the SELinux AVC, it appears that any additional
time spent searching and updating the cache is offset by other code
improvements, e.g. time spent in selinux_inode_permission() +
__inode_security_revalidate() + avc_policy_seqno() is less on the
patched kernel than the unpatched kernel.
It is worth noting that in this patch the use of the per-task cache is
limited to the security_inode_permission() LSM callback,
selinux_inode_permission(), but future work could expand the cache into
inode_has_perm(), likely through consolidation of the two functions.
While this would likely have little to no impact on path walks, it
may benefit other operations.
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-04-10 15:20:32 -04:00
|
|
|
#define TSEC_AVDC_DIR_SIZE (1 << 2)
|
|
|
|
|
struct {
|
|
|
|
|
u32 sid; /* current SID for cached entries */
|
|
|
|
|
u32 seqno; /* AVC sequence number */
|
|
|
|
|
unsigned int dir_spot; /* dir cache index to check first */
|
|
|
|
|
struct avdc_entry dir[TSEC_AVDC_DIR_SIZE]; /* dir entries */
|
2025-05-21 10:41:25 -04:00
|
|
|
bool permissive_neveraudit; /* permissive and neveraudit */
|
selinux: reduce path walk overhead
Reduce the SELinux performance overhead during path walks through the
use of a per-task directory access cache and some minor code
optimizations. The directory access cache is per-task because it allows
for a lockless cache while also fitting well with a common application
pattern of heavily accessing a relatively small number of SELinux
directory labels. The cache is inherited by child processes when the
child runs with the same SELinux domain as the parent, and invalidated
on changes to the task's SELinux domain or the loaded SELinux policy.
A cache of four entries was chosen based on testing with the Fedora
"targeted" policy, a SELinux Reference Policy variant, and
'make allmodconfig' on Linux v6.14.
Code optimizations include better use of inline functions to reduce
function calls in the common case, especially in the inode revalidation
code paths, and elimination of redundant checks between the LSM and
SELinux layers.
As mentioned briefly above, aside from general use and regression
testing with the selinux-testsuite, performance was measured using
'make allmodconfig' with Linux v6.14 as a base reference. As expected,
there were variations from one test run to another, but the measurements
below are a good representation of the test results seen on my test
system.
* Linux v6.14
REF
1.26% [k] __d_lookup_rcu
SELINUX (1.31%)
0.58% [k] selinux_inode_permission
0.29% [k] avc_lookup
0.25% [k] avc_has_perm_noaudit
0.19% [k] __inode_security_revalidate
* Linux v6.14 + patch
REF
1.41% [k] __d_lookup_rcu
SELINUX (0.89%)
0.65% [k] selinux_inode_permission
0.15% [k] avc_lookup
0.05% [k] avc_has_perm_noaudit
0.04% [k] avc_policy_seqno
X.XX% [k] __inode_security_revalidate (now inline)
In both cases the __d_lookup_rcu() function was used as a reference
point to establish a context for the SELinux related functions. On a
unpatched Linux v6.14 system we see the time spent in the combined
SELinux functions exceeded that of __d_lookup_rcu(), 1.31% compared to
1.26%. However, with this patch applied the time spent in the combined
SELinux functions dropped to roughly 65% of the time spent in
__d_lookup_rcu(), 0.89% compared to 1.41%. Aside from the significant
decrease in time spent in the SELinux AVC, it appears that any additional
time spent searching and updating the cache is offset by other code
improvements, e.g. time spent in selinux_inode_permission() +
__inode_security_revalidate() + avc_policy_seqno() is less on the
patched kernel than the unpatched kernel.
It is worth noting that in this patch the use of the per-task cache is
limited to the security_inode_permission() LSM callback,
selinux_inode_permission(), but future work could expand the cache into
inode_has_perm(), likely through consolidation of the two functions.
While this would likely have little to no impact on path walks, it
may benefit other operations.
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-04-10 15:20:32 -04:00
|
|
|
} avdcache;
|
2019-12-13 15:28:38 -05:00
|
|
|
} __randomize_layout;
|
2005-04-16 15:20:36 -07:00
|
|
|
|
2025-05-21 10:41:25 -04:00
|
|
|
static inline bool task_avdcache_permnoaudit(struct task_security_struct *tsec)
|
|
|
|
|
{
|
|
|
|
|
return (tsec->avdcache.permissive_neveraudit &&
|
|
|
|
|
tsec->sid == tsec->avdcache.sid &&
|
|
|
|
|
tsec->avdcache.seqno == avc_policy_seqno());
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-24 11:09:40 -05:00
|
|
|
enum label_initialized {
|
2023-12-21 17:18:53 -05:00
|
|
|
LABEL_INVALID, /* invalid or not initialized */
|
|
|
|
|
LABEL_INITIALIZED, /* initialized */
|
selinux: Convert isec->lock into a spinlock
Convert isec->lock from a mutex into a spinlock. Instead of holding
the lock while sleeping in inode_doinit_with_dentry, set
isec->initialized to LABEL_PENDING and release the lock. Then, when
the sid has been determined, re-acquire the lock. If isec->initialized
is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has
been set by another task (LABEL_INITIALIZED) or invalidated
(LABEL_INVALID) in the meantime.
This fixes a deadlock on gfs2 where
* one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds
isec->lock, and tries to acquire the inode's glock, and
* another task is in do_xmote -> inode_go_inval ->
selinux_inode_invalidate_secctx, holds the inode's glock, and
tries to acquire isec->lock.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
[PM: minor tweaks to keep checkpatch.pl happy]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-11-15 11:06:40 +01:00
|
|
|
LABEL_PENDING
|
2015-12-24 11:09:40 -05:00
|
|
|
};
|
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
struct inode_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
struct inode *inode; /* back pointer to inode object */
|
|
|
|
|
struct list_head list; /* list of inode_security_struct */
|
|
|
|
|
u32 task_sid; /* SID of creating task */
|
|
|
|
|
u32 sid; /* SID of this object */
|
|
|
|
|
u16 sclass; /* security class of this object */
|
|
|
|
|
unsigned char initialized; /* initialization flag */
|
selinux: Convert isec->lock into a spinlock
Convert isec->lock from a mutex into a spinlock. Instead of holding
the lock while sleeping in inode_doinit_with_dentry, set
isec->initialized to LABEL_PENDING and release the lock. Then, when
the sid has been determined, re-acquire the lock. If isec->initialized
is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has
been set by another task (LABEL_INITIALIZED) or invalidated
(LABEL_INVALID) in the meantime.
This fixes a deadlock on gfs2 where
* one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds
isec->lock, and tries to acquire the inode's glock, and
* another task is in do_xmote -> inode_go_inval ->
selinux_inode_invalidate_secctx, holds the inode's glock, and
tries to acquire isec->lock.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
[PM: minor tweaks to keep checkpatch.pl happy]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-11-15 11:06:40 +01:00
|
|
|
spinlock_t lock;
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct file_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of open file description */
|
|
|
|
|
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
|
|
|
|
u32 isid; /* SID of inode at the time of file open */
|
|
|
|
|
u32 pseqno; /* Policy seqno at the time of file open */
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct superblock_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of file system superblock */
|
|
|
|
|
u32 def_sid; /* default SID for labeling */
|
|
|
|
|
u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
|
|
|
|
|
unsigned short behavior; /* labeling behavior */
|
|
|
|
|
unsigned short flags; /* which mount options were specified */
|
2006-09-25 23:32:02 -07:00
|
|
|
struct mutex lock;
|
2005-04-16 15:20:36 -07:00
|
|
|
struct list_head isec_head;
|
|
|
|
|
spinlock_t isec_lock;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct msg_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of message */
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ipc_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u16 sclass; /* security class of this object */
|
|
|
|
|
u32 sid; /* SID of IPC resource */
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct netif_security_struct {
|
2025-03-18 09:33:29 +01:00
|
|
|
const struct net *ns; /* network namespace */
|
2023-12-21 17:18:53 -05:00
|
|
|
int ifindex; /* device index */
|
|
|
|
|
u32 sid; /* SID for this interface */
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
2008-01-29 08:38:13 -05:00
|
|
|
struct netnode_security_struct {
|
|
|
|
|
union {
|
2023-12-21 17:18:53 -05:00
|
|
|
__be32 ipv4; /* IPv4 node address */
|
|
|
|
|
struct in6_addr ipv6; /* IPv6 node address */
|
2008-01-29 08:38:13 -05:00
|
|
|
} addr;
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID for this node */
|
|
|
|
|
u16 family; /* address family */
|
2008-01-29 08:38:13 -05:00
|
|
|
};
|
|
|
|
|
|
2008-04-10 10:48:14 -04:00
|
|
|
struct netport_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID for this node */
|
|
|
|
|
u16 port; /* port number */
|
|
|
|
|
u8 protocol; /* transport protocol */
|
2008-04-10 10:48:14 -04:00
|
|
|
};
|
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
struct sk_security_struct {
|
2008-01-29 08:38:23 -05:00
|
|
|
#ifdef CONFIG_NETLABEL
|
2023-12-21 17:18:53 -05:00
|
|
|
enum { /* NetLabel state */
|
|
|
|
|
NLBL_UNSET = 0,
|
|
|
|
|
NLBL_REQUIRE,
|
|
|
|
|
NLBL_LABELED,
|
|
|
|
|
NLBL_REQSKB,
|
|
|
|
|
NLBL_CONNLABELED,
|
2006-08-04 23:17:57 -07:00
|
|
|
} nlbl_state;
|
2008-10-10 10:16:33 -04:00
|
|
|
struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
|
2006-08-04 23:17:57 -07:00
|
|
|
#endif
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of this object */
|
|
|
|
|
u32 peer_sid; /* SID of peer */
|
|
|
|
|
u16 sclass; /* sock security class */
|
|
|
|
|
enum { /* SCTP association state */
|
|
|
|
|
SCTP_ASSOC_UNSET = 0,
|
|
|
|
|
SCTP_ASSOC_SET,
|
2018-02-13 20:57:18 +00:00
|
|
|
} sctp_assoc_state;
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
2013-01-14 07:12:19 +00:00
|
|
|
struct tun_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID for the tun device sockets */
|
2013-01-14 07:12:19 +00:00
|
|
|
};
|
|
|
|
|
|
2006-06-22 14:47:17 -07:00
|
|
|
struct key_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of key */
|
2006-06-22 14:47:17 -07:00
|
|
|
};
|
|
|
|
|
|
2017-05-19 15:48:56 +03:00
|
|
|
struct ib_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of the queue pair or MAD agent */
|
2017-05-19 15:48:56 +03:00
|
|
|
};
|
|
|
|
|
|
2017-05-19 15:48:59 +03:00
|
|
|
struct pkey_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u64 subnet_prefix; /* Port subnet prefix */
|
|
|
|
|
u16 pkey; /* PKey number */
|
|
|
|
|
u32 sid; /* SID of pkey */
|
2017-05-19 15:48:59 +03:00
|
|
|
};
|
|
|
|
|
|
2017-10-18 13:00:25 -07:00
|
|
|
struct bpf_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of bpf obj creator */
|
perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system
call depends on the perf_event_paranoid sysctl. This has a number of
limitations:
1. The sysctl is only a single value. Many types of accesses are controlled
based on the single value thus making the control very limited and
coarse grained.
2. The sysctl is global, so if the sysctl is changed, then that means
all processes get access to perf_event_open(2) opening the door to
security issues.
This patch adds LSM and SELinux access checking which will be used in
Android to access perf_event_open(2) for the purposes of attaching BPF
programs to tracepoints, perf profiling and other operations from
userspace. These operations are intended for production systems.
5 new LSM hooks are added:
1. perf_event_open: This controls access during the perf_event_open(2)
syscall itself. The hook is called from all the places that the
perf_event_paranoid sysctl is checked to keep it consistent with the
systctl. The hook gets passed a 'type' argument which controls CPU,
kernel and tracepoint accesses (in this context, CPU, kernel and
tracepoint have the same semantics as the perf_event_paranoid sysctl).
Additionally, I added an 'open' type which is similar to
perf_event_paranoid sysctl == 3 patch carried in Android and several other
distros but was rejected in mainline [1] in 2016.
2. perf_event_alloc: This allocates a new security object for the event
which stores the current SID within the event. It will be useful when
the perf event's FD is passed through IPC to another process which may
try to read the FD. Appropriate security checks will limit access.
3. perf_event_free: Called when the event is closed.
4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event.
5. perf_event_write: Called from the ioctl(2) syscalls for the event.
[1] https://lwn.net/Articles/696240/
Since Peter had suggest LSM hooks in 2016 [1], I am adding his
Suggested-by tag below.
To use this patch, we set the perf_event_paranoid sysctl to -1 and then
apply selinux checking as appropriate (default deny everything, and then
add policy rules to give access to domains that need it). In the future
we can remove the perf_event_paranoid sysctl altogether.
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Co-developed-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: James Morris <jmorris@namei.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: rostedt@goodmis.org
Cc: Yonghong Song <yhs@fb.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: jeffv@google.com
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: primiano@google.com
Cc: Song Liu <songliubraving@fb.com>
Cc: rsavitski@google.com
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Matthew Garrett <matthewgarrett@google.com>
Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org
2019-10-14 13:03:08 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct perf_event_security_struct {
|
2023-12-21 17:18:53 -05:00
|
|
|
u32 sid; /* SID of perf_event obj creator */
|
2017-10-18 13:00:25 -07:00
|
|
|
};
|
|
|
|
|
|
2018-11-12 09:30:56 -08:00
|
|
|
extern struct lsm_blob_sizes selinux_blob_sizes;
|
2018-09-21 17:17:16 -07:00
|
|
|
static inline struct task_security_struct *selinux_cred(const struct cred *cred)
|
|
|
|
|
{
|
2018-11-12 09:30:56 -08:00
|
|
|
return cred->security + selinux_blob_sizes.lbs_cred;
|
2018-09-21 17:17:16 -07:00
|
|
|
}
|
|
|
|
|
|
2018-09-21 17:22:32 -07:00
|
|
|
static inline struct file_security_struct *selinux_file(const struct file *file)
|
|
|
|
|
{
|
2018-11-12 12:02:49 -08:00
|
|
|
return file->f_security + selinux_blob_sizes.lbs_file;
|
2018-09-21 17:22:32 -07:00
|
|
|
}
|
|
|
|
|
|
2023-12-21 17:18:53 -05:00
|
|
|
static inline struct inode_security_struct *
|
|
|
|
|
selinux_inode(const struct inode *inode)
|
2018-09-21 17:19:11 -07:00
|
|
|
{
|
2018-09-21 17:19:29 -07:00
|
|
|
if (unlikely(!inode->i_security))
|
|
|
|
|
return NULL;
|
|
|
|
|
return inode->i_security + selinux_blob_sizes.lbs_inode;
|
2018-09-21 17:19:11 -07:00
|
|
|
}
|
|
|
|
|
|
2023-12-21 17:18:53 -05:00
|
|
|
static inline struct msg_security_struct *
|
|
|
|
|
selinux_msg_msg(const struct msg_msg *msg_msg)
|
2018-09-21 17:19:45 -07:00
|
|
|
{
|
2018-11-20 11:55:02 -08:00
|
|
|
return msg_msg->security + selinux_blob_sizes.lbs_msg_msg;
|
2018-09-21 17:19:45 -07:00
|
|
|
}
|
|
|
|
|
|
2023-12-21 17:18:53 -05:00
|
|
|
static inline struct ipc_security_struct *
|
|
|
|
|
selinux_ipc(const struct kern_ipc_perm *ipc)
|
2018-09-21 17:19:45 -07:00
|
|
|
{
|
2018-11-20 11:55:02 -08:00
|
|
|
return ipc->security + selinux_blob_sizes.lbs_ipc;
|
2018-09-21 17:19:45 -07:00
|
|
|
}
|
|
|
|
|
|
2019-09-04 10:32:48 -04:00
|
|
|
/*
|
|
|
|
|
* get the subjective security ID of the current task
|
|
|
|
|
*/
|
|
|
|
|
static inline u32 current_sid(void)
|
|
|
|
|
{
|
|
|
|
|
const struct task_security_struct *tsec = selinux_cred(current_cred());
|
|
|
|
|
|
|
|
|
|
return tsec->sid;
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-21 17:18:53 -05:00
|
|
|
static inline struct superblock_security_struct *
|
|
|
|
|
selinux_superblock(const struct super_block *superblock)
|
2021-04-22 17:41:15 +02:00
|
|
|
{
|
|
|
|
|
return superblock->s_security + selinux_blob_sizes.lbs_superblock;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-10 14:32:26 -07:00
|
|
|
#ifdef CONFIG_KEYS
|
|
|
|
|
static inline struct key_security_struct *selinux_key(const struct key *key)
|
|
|
|
|
{
|
|
|
|
|
return key->security + selinux_blob_sizes.lbs_key;
|
|
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_KEYS */
|
|
|
|
|
|
2024-07-10 14:32:25 -07:00
|
|
|
static inline struct sk_security_struct *selinux_sock(const struct sock *sock)
|
|
|
|
|
{
|
|
|
|
|
return sock->sk_security + selinux_blob_sizes.lbs_sock;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-10 14:32:28 -07:00
|
|
|
static inline struct tun_security_struct *selinux_tun_dev(void *security)
|
|
|
|
|
{
|
|
|
|
|
return security + selinux_blob_sizes.lbs_tun_dev;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-10 14:32:29 -07:00
|
|
|
static inline struct ib_security_struct *selinux_ib(void *ib_sec)
|
|
|
|
|
{
|
|
|
|
|
return ib_sec + selinux_blob_sizes.lbs_ib;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-10 14:32:30 -07:00
|
|
|
static inline struct perf_event_security_struct *
|
|
|
|
|
selinux_perf_event(void *perf_event)
|
|
|
|
|
{
|
|
|
|
|
return perf_event + selinux_blob_sizes.lbs_perf_event;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
#endif /* _SELINUX_OBJSEC_H_ */
|