[PATCH v9 07/12] landlock: Refactor landlock_add_rule() syscall

Tue Feb 14 10:18:45 UTC 2023


2/10/2023 8:38 PM, Mickaël Salaün пишет:
> 
> On 16/01/2023 09:58, Konstantin Meskhidze wrote:
>> Change the landlock_add_rule() syscall to support new rule types
>> in future Landlock versions. Add the add_rule_path_beneath() helper
>> to support current filesystem rules.
>> 
>> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze at huawei.com>
>> ---
>> 
>> Changes since v8:
>> * Refactors commit message.
>> * Minor fixes.
>> 
>> Changes since v7:
>> * None
>> 
>> Changes since v6:
>> * None
>> 
>> Changes since v5:
>> * Refactors syscall landlock_add_rule() and add_rule_path_beneath() helper
>> to make argument check ordering consistent and get rid of partial revertings
>> in following patches.
>> * Rolls back refactoring base_test.c seltest.
>> * Formats code with clang-format-14.
>> 
>> Changes since v4:
>> * Refactors add_rule_path_beneath() and landlock_add_rule() functions
>> to optimize code usage.
>> * Refactors base_test.c seltest: adds LANDLOCK_RULE_PATH_BENEATH
>> rule type in landlock_add_rule() call.
>> 
>> Changes since v3:
>> * Split commit.
>> * Refactors landlock_add_rule syscall.
>> 
>> ---
>>   security/landlock/syscalls.c | 94 +++++++++++++++++++-----------------
>>   1 file changed, 50 insertions(+), 44 deletions(-)
>> 
>> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
>> index d35cd5d304db..73c80cd2cdbe 100644
>> --- a/security/landlock/syscalls.c
>> +++ b/security/landlock/syscalls.c
>> @@ -274,6 +274,49 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
>>   	return err;
>>   }
>>   
>> +static int add_rule_path_beneath(struct landlock_ruleset *const ruleset,
>> +				 const void __user *const rule_attr)
>> +{
>> +	struct landlock_path_beneath_attr path_beneath_attr;
>> +	struct path path;
>> +	int res, err;
>> +	access_mask_t mask;
>> +
>> +	/* Copies raw user space buffer, only one type for now. */
>> +	res = copy_from_user(&path_beneath_attr, rule_attr,
>> +			     sizeof(path_beneath_attr));
>> +	if (res)
>> +		return -EFAULT;
>> +
>> +	/*
>> +	 * Informs about useless rule: empty allowed_access (i.e. deny rules)
>> +	 * are ignored in path walks.
>> +	 */
>> +	if (!path_beneath_attr.allowed_access) {
>> +		return -ENOMSG;
>> +	}
> 
> Please follows the ./scripts/checkpatch.pl conventions (i.e. no curly
> braces). You should add an empty line after this return though.
> 
  Ok. I will fix it.
> 
> 
>> +	/*
>> +	 * Checks that allowed_access matches the @ruleset constraints
>> +	 * (ruleset->access_masks[0] is automatically upgraded to 64-bits).
>> +	 */
>> +	mask = landlock_get_raw_fs_access_mask(ruleset, 0);
>> +	if ((path_beneath_attr.allowed_access | mask) != mask) {
>> +		return -EINVAL;
>> +	}
> 
> Same here.

   Got it.
> 
>> +
>> +	/* Gets and checks the new rule. */
>> +	err = get_path_from_fd(path_beneath_attr.parent_fd, &path);
>> +	if (err)
>> +		return err;
>> +
>> +	/* Imports the new rule. */
>> +	err = landlock_append_fs_rule(ruleset, &path,
>> +				      path_beneath_attr.allowed_access);
>> +	path_put(&path);
>> +
> 
> No need for this empty line.

   Ok. Thanks for noticing.
> 
>> +	return err;
>> +}
>> +
> .