mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-05-24 10:39:52 +00:00
906ee42cb1
Add tests for LSM interactions (both bpf_token_capable and bpf_token_cmd LSM hooks) with BPF token in bpf() subsystem. Now child process passes back token FD for parent to be able to do tests with token originating in "wrong" userns. But we also create token in initns and check that token LSMs don't accidentally reject BPF operations when capable() checks pass without BPF token. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20240124022127.2379740-31-andrii@kernel.org
32 lines
705 B
C
32 lines
705 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */
|
|
|
|
#include "vmlinux.h"
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
int my_pid;
|
|
bool reject_capable;
|
|
bool reject_cmd;
|
|
|
|
SEC("lsm/bpf_token_capable")
|
|
int BPF_PROG(token_capable, struct bpf_token *token, int cap)
|
|
{
|
|
if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32))
|
|
return 0;
|
|
if (reject_capable)
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
SEC("lsm/bpf_token_cmd")
|
|
int BPF_PROG(token_cmd, struct bpf_token *token, enum bpf_cmd cmd)
|
|
{
|
|
if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32))
|
|
return 0;
|
|
if (reject_cmd)
|
|
return -1;
|
|
return 0;
|
|
}
|