[PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.

kernel test robot lkp at intel.com
Mon Nov 20 22:28:09 UTC 2023


Hi Tetsuo,

kernel test robot noticed the following build warnings:

[auto build test WARNING on bpf/master]
[also build test WARNING on pcmoore-audit/next pcmoore-selinux/next linus/master v6.7-rc2]
[cannot apply to bpf-next/master next-20231120]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Tetsuo-Handa/LSM-Auto-undef-LSM_HOOK-macro/20231120-214522
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
patch link:    https://lore.kernel.org/r/34be5cd8-1fdd-4323-82a3-40f2e7d35db3%40I-love.SAKURA.ne.jp
patch subject: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
config: arm64-randconfig-002-20231121 (https://download.01.org/0day-ci/archive/20231121/202311210652.jzysT4DZ-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231121/202311210652.jzysT4DZ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202311210652.jzysT4DZ-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> security/security.c:822: warning: Incorrect use of kernel-doc format:  * security_binder_transaction() - Check if a binder transaction is allowed
>> security/security.c:832: warning: Incorrect use of kernel-doc format:  * security_binder_transfer_binder() - Check if a binder transfer is allowed
>> security/security.c:842: warning: Incorrect use of kernel-doc format:  * security_binder_transfer_file() - Check if a binder file xfer is allowed
>> security/security.c:853: warning: Incorrect use of kernel-doc format:  * security_ptrace_access_check() - Check if tracing is allowed
>> security/security.c:868: warning: Incorrect use of kernel-doc format:  * security_ptrace_traceme() - Check if tracing is allowed
>> security/security.c:879: warning: Incorrect use of kernel-doc format:  * security_capget() - Get the capability sets for a process
>> security/security.c:894: warning: Incorrect use of kernel-doc format:  * security_capset() - Set the capability sets for a process
>> security/security.c:908: warning: Incorrect use of kernel-doc format:  * security_capable() - Check if a process has the necessary capability
>> security/security.c:922: warning: Incorrect use of kernel-doc format:  * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
>> security/security.c:934: warning: Incorrect use of kernel-doc format:  * security_quota_on() - Check if QUOTAON is allowed for a dentry
>> security/security.c:943: warning: Incorrect use of kernel-doc format:  * security_syslog() - Check if accessing the kernel message ring is allowed
>> security/security.c:954: warning: Incorrect use of kernel-doc format:  * security_settime64() - Check if changing the system time is allowed
>> security/security.c:964: warning: Function parameter or member 'ts' not described in 'security_settime64'
>> security/security.c:964: warning: Function parameter or member 'tz' not described in 'security_settime64'
>> security/security.c:964: warning: expecting prototype for security_binder_set_context_mgr(). Prototype was for security_settime64() instead
>> security/security.c:1020: warning: Incorrect use of kernel-doc format:  * security_bprm_creds_from_file() - Update linux_binprm creds based on file
>> security/security.c:1040: warning: Incorrect use of kernel-doc format:  * security_bprm_check() - Mediate binary handler search
>> security/security.c:1052: warning: expecting prototype for security_bprm_creds_for_exec(). Prototype was for security_bprm_check() instead
>> security/security.c:1075: warning: Incorrect use of kernel-doc format:  * security_bprm_committed_creds() - Tidy up after cred install during exec()
>> security/security.c:1087: warning: Incorrect use of kernel-doc format:  * security_fs_context_submount() - Initialise fc->security
   security/security.c:1097: warning: Incorrect use of kernel-doc format:  * security_fs_context_dup() - Duplicate a fs_context LSM blob
   security/security.c:1109: warning: Incorrect use of kernel-doc format:  * security_fs_context_parse_param() - Configure a filesystem context
   security/security.c:1122: warning: Function parameter or member 'fc' not described in 'security_fs_context_parse_param'
   security/security.c:1122: warning: Function parameter or member 'param' not described in 'security_fs_context_parse_param'
   security/security.c:1122: warning: expecting prototype for security_bprm_committing_creds(). Prototype was for security_fs_context_parse_param() instead
   security/security.c:1169: warning: Incorrect use of kernel-doc format:  * security_sb_free() - Free a super_block LSM blob
   security/security.c:1176: warning: expecting prototype for security_sb_delete(). Prototype was for security_sb_free() instead
   security/security.c:1206: warning: Function parameter or member 'security_sb_eat_lsm_opts' not described in 'EXPORT_SYMBOL'
   security/security.c:1206: warning: expecting prototype for security_sb_eat_lsm_opts(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1218: warning: Function parameter or member 'security_sb_mnt_opts_compat' not described in 'EXPORT_SYMBOL'
   security/security.c:1218: warning: expecting prototype for security_sb_mnt_opts_compat(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1230: warning: Function parameter or member 'security_sb_remount' not described in 'EXPORT_SYMBOL'
   security/security.c:1230: warning: expecting prototype for security_sb_remount(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1242: warning: Incorrect use of kernel-doc format:  * security_sb_show_options() - Output the mount options for a superblock
   security/security.c:1252: warning: Incorrect use of kernel-doc format:  * security_sb_statfs() - Check if accessing fs stats is allowed
   security/security.c:1262: warning: Incorrect use of kernel-doc format:  * security_sb_mount() - Check permission for mounting a filesystem
   security/security.c:1280: warning: Incorrect use of kernel-doc format:  * security_sb_umount() - Check permission for unmounting a filesystem
   security/security.c:1290: warning: Incorrect use of kernel-doc format:  * security_sb_pivotroot() - Check permissions for pivoting the rootfs
   security/security.c:1300: warning: Incorrect use of kernel-doc format:  * security_sb_set_mnt_opts() - Set the mount options for a filesystem
   security/security.c:1314: warning: Function parameter or member 'mnt_opts' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: Function parameter or member 'kern_flags' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: Function parameter or member 'set_kern_flags' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: expecting prototype for security_sb_kern_mount(). Prototype was for security_sb_set_mnt_opts() instead
   security/security.c:1332: warning: Function parameter or member 'security_sb_clone_mnt_opts' not described in 'EXPORT_SYMBOL'
   security/security.c:1332: warning: expecting prototype for security_sb_clone_mnt_opts(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1345: warning: Incorrect use of kernel-doc format:  * security_path_notify() - Check if setting a watch is allowed
   security/security.c:1357: warning: Incorrect use of kernel-doc format:  * security_inode_alloc() - Allocate an inode LSM blob
   security/security.c:1367: warning: Function parameter or member 'inode' not described in 'security_inode_alloc'
   security/security.c:1367: warning: expecting prototype for security_move_mount(). Prototype was for security_inode_alloc() instead
   security/security.c:1425: warning: Function parameter or member 'security_dentry_init_security' not described in 'EXPORT_SYMBOL'
   security/security.c:1425: warning: expecting prototype for security_dentry_init_security(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1442: warning: Function parameter or member 'security_dentry_create_files_as' not described in 'EXPORT_SYMBOL'
   security/security.c:1442: warning: expecting prototype for security_dentry_create_files_as(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1539: warning: Incorrect use of kernel-doc format:  * security_path_mknod() - Check if creating a special file is allowed
   security/security.c:1552: warning: Function parameter or member 'dir' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'dentry' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'mode' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'dev' not described in 'security_path_mknod'
   security/security.c:1552: warning: expecting prototype for security_inode_init_security_anon(). Prototype was for security_path_mknod() instead
   security/security.c:1736: warning: Incorrect use of kernel-doc format:  * security_inode_create() - Check if creating a file is allowed
   security/security.c:1747: warning: Function parameter or member 'dir' not described in 'security_inode_create'
   security/security.c:1747: warning: Function parameter or member 'dentry' not described in 'security_inode_create'
   security/security.c:1747: warning: Function parameter or member 'mode' not described in 'security_inode_create'
   security/security.c:1747: warning: expecting prototype for security_path_chroot(). Prototype was for security_inode_create() instead
   security/security.c:2204: warning: Incorrect use of kernel-doc format:  * security_inode_killpriv() - The setuid bit is removed, update LSM state
   security/security.c:2216: warning: Incorrect use of kernel-doc format:  * security_inode_getsecurity() - Get the xattr security label of an inode
   security/security.c:2234: warning: Function parameter or member 'idmap' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'inode' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'name' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'buffer' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'alloc' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: expecting prototype for security_inode_need_killpriv(). Prototype was for security_inode_getsecurity() instead
   security/security.c:2319: warning: Incorrect use of kernel-doc format:  * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
   security/security.c:2330: warning: Function parameter or member 'security_inode_copy_up' not described in 'EXPORT_SYMBOL'
   security/security.c:2330: warning: expecting prototype for security_inode_getsecid(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:2377: warning: Incorrect use of kernel-doc format:  * security_file_permission() - Check file permissions
   security/security.c:2396: warning: Function parameter or member 'file' not described in 'security_file_permission'
   security/security.c:2396: warning: Function parameter or member 'mask' not described in 'security_file_permission'
   security/security.c:2396: warning: expecting prototype for security_kernfs_init_security(). Prototype was for security_file_permission() instead
   security/security.c:2459: warning: Function parameter or member 'security_file_ioctl' not described in 'EXPORT_SYMBOL_GPL'
   security/security.c:2459: warning: expecting prototype for security_file_ioctl(). Prototype was for EXPORT_SYMBOL_GPL() instead
   security/security.c:2527: warning: Incorrect use of kernel-doc format:  * security_file_mprotect() - Check if changing memory protections is allowed
   security/security.c:2538: warning: Function parameter or member 'vma' not described in 'security_file_mprotect'
   security/security.c:2538: warning: Function parameter or member 'reqprot' not described in 'security_file_mprotect'
   security/security.c:2538: warning: Function parameter or member 'prot' not described in 'security_file_mprotect'
   security/security.c:2538: warning: expecting prototype for security_mmap_addr(). Prototype was for security_file_mprotect() instead
   security/security.c:2559: warning: Incorrect use of kernel-doc format:  * security_file_fcntl() - Check if fcntl() op is allowed
   security/security.c:2574: warning: Incorrect use of kernel-doc format:  * security_file_set_fowner() - Set the file owner info in the LSM blob
   security/security.c:2584: warning: Incorrect use of kernel-doc format:  * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
   security/security.c:2599: warning: Incorrect use of kernel-doc format:  * security_file_receive() - Check is receiving a file via IPC is allowed
   security/security.c:2609: warning: Incorrect use of kernel-doc format:  * security_file_open() - Save open() time state for late use by the LSM
   security/security.c:2618: warning: expecting prototype for security_file_lock(). Prototype was for security_file_open() instead
   security/security.c:2640: warning: Incorrect use of kernel-doc format:  * security_task_alloc() - Allocate a task's LSM blob
   security/security.c:2649: warning: Function parameter or member 'task' not described in 'security_task_alloc'
   security/security.c:2649: warning: Function parameter or member 'clone_flags' not described in 'security_task_alloc'
   security/security.c:2649: warning: expecting prototype for security_file_truncate(). Prototype was for security_task_alloc() instead
   security/security.c:2781: warning: Incorrect use of kernel-doc format:  * security_kernel_create_files_as() - Set file creation context using an inode
   security/security.c:2793: warning: Incorrect use of kernel-doc format:  * security_kernel_module_request() - Check is loading a module is allowed
   security/security.c:2802: warning: Function parameter or member 'kmod_name' not described in 'security_kernel_module_request'
   security/security.c:2802: warning: expecting prototype for security_kernel_act_as(). Prototype was for security_kernel_module_request() instead
   security/security.c:2922: warning: Incorrect use of kernel-doc format:  * security_task_fix_setgid() - Update LSM with new group id attributes
   security/security.c:2937: warning: Incorrect use of kernel-doc format:  * security_task_fix_setgroups() - Update LSM with new supplementary groups
   security/security.c:2950: warning: Incorrect use of kernel-doc format:  * security_task_setpgid() - Check if setting the pgid is allowed
   security/security.c:2961: warning: Incorrect use of kernel-doc format:  * security_task_getpgid() - Check if getting the pgid is allowed
   security/security.c:2971: warning: Incorrect use of kernel-doc format:  * security_task_getsid() - Check if getting the session id is allowed
   security/security.c:2980: warning: Incorrect use of kernel-doc format:  * security_current_getsecid_subj() - Get the current task's subjective secid
   security/security.c:2987: warning: Function parameter or member 'secid' not described in 'security_current_getsecid_subj'
   security/security.c:2987: warning: expecting prototype for security_task_fix_setuid(). Prototype was for security_current_getsecid_subj() instead
   security/security.c:3019: warning: Incorrect use of kernel-doc format:  * security_task_setioprio() - Check if setting a task's ioprio is allowed
   security/security.c:3029: warning: Incorrect use of kernel-doc format:  * security_task_getioprio() - Check if getting a task's ioprio is allowed
   security/security.c:3038: warning: Incorrect use of kernel-doc format:  * security_task_prlimit() - Check if get/setting resources limits is allowed
   security/security.c:3050: warning: Incorrect use of kernel-doc format:  * security_task_setrlimit() - Check if setting a new rlimit value is allowed
   security/security.c:3063: warning: Incorrect use of kernel-doc format:  * security_task_setscheduler() - Check if setting sched policy/param is allowed
   security/security.c:3073: warning: Incorrect use of kernel-doc format:  * security_task_getscheduler() - Check if getting scheduling info is allowed
   security/security.c:3082: warning: Incorrect use of kernel-doc format:  * security_task_movememory() - Check if moving memory is allowed
   security/security.c:3091: warning: Incorrect use of kernel-doc format:  * security_task_kill() - Check if sending a signal is allowed
   security/security.c:3107: warning: Incorrect use of kernel-doc format:  * security_task_prctl() - Check if a prctl op is allowed
   security/security.c:3122: warning: Function parameter or member 'option' not described in 'security_task_prctl'
   security/security.c:3122: warning: Function parameter or member 'arg2' not described in 'security_task_prctl'
   security/security.c:3122: warning: Function parameter or member 'arg3' not described in 'security_task_prctl'


vim +822 security/security.c

20510f2f4e2dab James Morris      2007-10-16   811  
1427ddbe5cc1a3 Paul Moore        2023-02-16   812  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16   813   * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
1427ddbe5cc1a3 Paul Moore        2023-02-16   814   * @mgr: task credentials of current binder process
1427ddbe5cc1a3 Paul Moore        2023-02-16   815   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   816   * Check whether @mgr is allowed to be the binder context manager.
1427ddbe5cc1a3 Paul Moore        2023-02-16   817   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   818   * Return: Return 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   819   */
79af73079d753b Stephen Smalley   2015-01-21   820  
1427ddbe5cc1a3 Paul Moore        2023-02-16   821  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @822   * security_binder_transaction() - Check if a binder transaction is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   823   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   824   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   825   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   826   * Check whether @from is allowed to invoke a binder transaction call to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   827   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   828   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   829   */
79af73079d753b Stephen Smalley   2015-01-21   830  
1427ddbe5cc1a3 Paul Moore        2023-02-16   831  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @832   * security_binder_transfer_binder() - Check if a binder transfer is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   833   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   834   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   835   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   836   * Check whether @from is allowed to transfer a binder reference to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   837   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   838   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   839   */
79af73079d753b Stephen Smalley   2015-01-21   840  
1427ddbe5cc1a3 Paul Moore        2023-02-16   841  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @842   * security_binder_transfer_file() - Check if a binder file xfer is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   843   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   844   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   845   * @file: file being transferred
1427ddbe5cc1a3 Paul Moore        2023-02-16   846   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   847   * Check whether @from is allowed to transfer @file to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   848   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   849   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   850   */
79af73079d753b Stephen Smalley   2015-01-21   851  
e261301c851aee Paul Moore        2023-02-16   852  /**
e261301c851aee Paul Moore        2023-02-16  @853   * security_ptrace_access_check() - Check if tracing is allowed
e261301c851aee Paul Moore        2023-02-16   854   * @child: target process
e261301c851aee Paul Moore        2023-02-16   855   * @mode: PTRACE_MODE flags
e261301c851aee Paul Moore        2023-02-16   856   *
e261301c851aee Paul Moore        2023-02-16   857   * Check permission before allowing the current process to trace the @child
e261301c851aee Paul Moore        2023-02-16   858   * process.  Security modules may also want to perform a process tracing check
e261301c851aee Paul Moore        2023-02-16   859   * during an execve in the set_security or apply_creds hooks of tracing check
e261301c851aee Paul Moore        2023-02-16   860   * during an execve in the bprm_set_creds hook of binprm_security_ops if the
e261301c851aee Paul Moore        2023-02-16   861   * process is being traced and its security attributes would be changed by the
e261301c851aee Paul Moore        2023-02-16   862   * execve.
e261301c851aee Paul Moore        2023-02-16   863   *
e261301c851aee Paul Moore        2023-02-16   864   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   865   */
5cd9c58fbe9ec9 David Howells     2008-08-14   866  
e261301c851aee Paul Moore        2023-02-16   867  /**
e261301c851aee Paul Moore        2023-02-16  @868   * security_ptrace_traceme() - Check if tracing is allowed
e261301c851aee Paul Moore        2023-02-16   869   * @parent: tracing process
e261301c851aee Paul Moore        2023-02-16   870   *
e261301c851aee Paul Moore        2023-02-16   871   * Check that the @parent process has sufficient permission to trace the
e261301c851aee Paul Moore        2023-02-16   872   * current process before allowing the current process to present itself to the
e261301c851aee Paul Moore        2023-02-16   873   * @parent process for tracing.
e261301c851aee Paul Moore        2023-02-16   874   *
e261301c851aee Paul Moore        2023-02-16   875   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   876   */
20510f2f4e2dab James Morris      2007-10-16   877  
e261301c851aee Paul Moore        2023-02-16   878  /**
e261301c851aee Paul Moore        2023-02-16  @879   * security_capget() - Get the capability sets for a process
e261301c851aee Paul Moore        2023-02-16   880   * @target: target process
e261301c851aee Paul Moore        2023-02-16   881   * @effective: effective capability set
e261301c851aee Paul Moore        2023-02-16   882   * @inheritable: inheritable capability set
e261301c851aee Paul Moore        2023-02-16   883   * @permitted: permitted capability set
e261301c851aee Paul Moore        2023-02-16   884   *
e261301c851aee Paul Moore        2023-02-16   885   * Get the @effective, @inheritable, and @permitted capability sets for the
e261301c851aee Paul Moore        2023-02-16   886   * @target process.  The hook may also perform permission checking to determine
e261301c851aee Paul Moore        2023-02-16   887   * if the current process is allowed to see the capability sets of the @target
e261301c851aee Paul Moore        2023-02-16   888   * process.
e261301c851aee Paul Moore        2023-02-16   889   *
e261301c851aee Paul Moore        2023-02-16   890   * Return: Returns 0 if the capability sets were successfully obtained.
e261301c851aee Paul Moore        2023-02-16   891   */
20510f2f4e2dab James Morris      2007-10-16   892  
e261301c851aee Paul Moore        2023-02-16   893  /**
e261301c851aee Paul Moore        2023-02-16  @894   * security_capset() - Set the capability sets for a process
e261301c851aee Paul Moore        2023-02-16   895   * @new: new credentials for the target process
e261301c851aee Paul Moore        2023-02-16   896   * @old: current credentials of the target process
e261301c851aee Paul Moore        2023-02-16   897   * @effective: effective capability set
e261301c851aee Paul Moore        2023-02-16   898   * @inheritable: inheritable capability set
e261301c851aee Paul Moore        2023-02-16   899   * @permitted: permitted capability set
e261301c851aee Paul Moore        2023-02-16   900   *
e261301c851aee Paul Moore        2023-02-16   901   * Set the @effective, @inheritable, and @permitted capability sets for the
e261301c851aee Paul Moore        2023-02-16   902   * current process.
e261301c851aee Paul Moore        2023-02-16   903   *
e261301c851aee Paul Moore        2023-02-16   904   * Return: Returns 0 and update @new if permission is granted.
e261301c851aee Paul Moore        2023-02-16   905   */
20510f2f4e2dab James Morris      2007-10-16   906  
e261301c851aee Paul Moore        2023-02-16   907  /**
e261301c851aee Paul Moore        2023-02-16  @908   * security_capable() - Check if a process has the necessary capability
e261301c851aee Paul Moore        2023-02-16   909   * @cred: credentials to examine
e261301c851aee Paul Moore        2023-02-16   910   * @ns: user namespace
e261301c851aee Paul Moore        2023-02-16   911   * @cap: capability requested
e261301c851aee Paul Moore        2023-02-16   912   * @opts: capability check options
e261301c851aee Paul Moore        2023-02-16   913   *
e261301c851aee Paul Moore        2023-02-16   914   * Check whether the @tsk process has the @cap capability in the indicated
e261301c851aee Paul Moore        2023-02-16   915   * credentials.  @cap contains the capability <include/linux/capability.h>.
e261301c851aee Paul Moore        2023-02-16   916   * @opts contains options for the capable check <include/linux/security.h>.
e261301c851aee Paul Moore        2023-02-16   917   *
e261301c851aee Paul Moore        2023-02-16   918   * Return: Returns 0 if the capability is granted.
e261301c851aee Paul Moore        2023-02-16   919   */
20510f2f4e2dab James Morris      2007-10-16   920  
e261301c851aee Paul Moore        2023-02-16   921  /**
e261301c851aee Paul Moore        2023-02-16  @922   * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
e261301c851aee Paul Moore        2023-02-16   923   * @cmds: commands
e261301c851aee Paul Moore        2023-02-16   924   * @type: type
e261301c851aee Paul Moore        2023-02-16   925   * @id: id
e261301c851aee Paul Moore        2023-02-16   926   * @sb: filesystem
e261301c851aee Paul Moore        2023-02-16   927   *
e261301c851aee Paul Moore        2023-02-16   928   * Check whether the quotactl syscall is allowed for this @sb.
e261301c851aee Paul Moore        2023-02-16   929   *
e261301c851aee Paul Moore        2023-02-16   930   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   931   */
20510f2f4e2dab James Morris      2007-10-16   932  
e261301c851aee Paul Moore        2023-02-16   933  /**
e261301c851aee Paul Moore        2023-02-16  @934   * security_quota_on() - Check if QUOTAON is allowed for a dentry
e261301c851aee Paul Moore        2023-02-16   935   * @dentry: dentry
e261301c851aee Paul Moore        2023-02-16   936   *
e261301c851aee Paul Moore        2023-02-16   937   * Check whether QUOTAON is allowed for @dentry.
e261301c851aee Paul Moore        2023-02-16   938   *
e261301c851aee Paul Moore        2023-02-16   939   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   940   */
20510f2f4e2dab James Morris      2007-10-16   941  
e261301c851aee Paul Moore        2023-02-16   942  /**
e261301c851aee Paul Moore        2023-02-16  @943   * security_syslog() - Check if accessing the kernel message ring is allowed
e261301c851aee Paul Moore        2023-02-16   944   * @type: SYSLOG_ACTION_* type
e261301c851aee Paul Moore        2023-02-16   945   *
e261301c851aee Paul Moore        2023-02-16   946   * Check permission before accessing the kernel message ring or changing
e261301c851aee Paul Moore        2023-02-16   947   * logging to the console.  See the syslog(2) manual page for an explanation of
e261301c851aee Paul Moore        2023-02-16   948   * the @type values.
e261301c851aee Paul Moore        2023-02-16   949   *
e261301c851aee Paul Moore        2023-02-16   950   * Return: Return 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   951   */
20510f2f4e2dab James Morris      2007-10-16   952  
e261301c851aee Paul Moore        2023-02-16   953  /**
e261301c851aee Paul Moore        2023-02-16  @954   * security_settime64() - Check if changing the system time is allowed
e261301c851aee Paul Moore        2023-02-16   955   * @ts: new time
e261301c851aee Paul Moore        2023-02-16   956   * @tz: timezone
e261301c851aee Paul Moore        2023-02-16   957   *
e261301c851aee Paul Moore        2023-02-16   958   * Check permission to change the system time, struct timespec64 is defined in
e261301c851aee Paul Moore        2023-02-16   959   * <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
e261301c851aee Paul Moore        2023-02-16   960   *
e261301c851aee Paul Moore        2023-02-16   961   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   962   */
457db29bfcfd1d Baolin Wang       2016-04-08   963  int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
20510f2f4e2dab James Morris      2007-10-16  @964  {
f25fce3e8f1f15 Casey Schaufler   2015-05-02   965  	return call_int_hook(settime, 0, ts, tz);
20510f2f4e2dab James Morris      2007-10-16   966  }
20510f2f4e2dab James Morris      2007-10-16   967  
e261301c851aee Paul Moore        2023-02-16   968  /**
e261301c851aee Paul Moore        2023-02-16   969   * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
e261301c851aee Paul Moore        2023-02-16   970   * @mm: mm struct
e261301c851aee Paul Moore        2023-02-16   971   * @pages: number of pages
e261301c851aee Paul Moore        2023-02-16   972   *
e261301c851aee Paul Moore        2023-02-16   973   * Check permissions for allocating a new virtual mapping.  If all LSMs return
e261301c851aee Paul Moore        2023-02-16   974   * a positive value, __vm_enough_memory() will be called with cap_sys_admin
e261301c851aee Paul Moore        2023-02-16   975   * set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
e261301c851aee Paul Moore        2023-02-16   976   * called with cap_sys_admin cleared.
e261301c851aee Paul Moore        2023-02-16   977   *
e261301c851aee Paul Moore        2023-02-16   978   * Return: Returns 0 if permission is granted by the LSM infrastructure to the
e261301c851aee Paul Moore        2023-02-16   979   *         caller.
e261301c851aee Paul Moore        2023-02-16   980   */
20510f2f4e2dab James Morris      2007-10-16   981  int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
20510f2f4e2dab James Morris      2007-10-16   982  {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   983  	struct security_hook_list *hp;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   984  	int cap_sys_admin = 1;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   985  	int rc;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   986  
b1d9e6b0646d0e Casey Schaufler   2015-05-02   987  	/*
b1d9e6b0646d0e Casey Schaufler   2015-05-02   988  	 * The module will respond with a positive value if
b1d9e6b0646d0e Casey Schaufler   2015-05-02   989  	 * it thinks the __vm_enough_memory() call should be
b1d9e6b0646d0e Casey Schaufler   2015-05-02   990  	 * made with the cap_sys_admin set. If all of the modules
b1d9e6b0646d0e Casey Schaufler   2015-05-02   991  	 * agree that it should be set it will. If any module
b1d9e6b0646d0e Casey Schaufler   2015-05-02   992  	 * thinks it should not be set it won't.
b1d9e6b0646d0e Casey Schaufler   2015-05-02   993  	 */
df0ce17331e250 Sargun Dhillon    2018-03-29   994  	hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   995  		rc = hp->hook.vm_enough_memory(mm, pages);
b1d9e6b0646d0e Casey Schaufler   2015-05-02   996  		if (rc <= 0) {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   997  			cap_sys_admin = 0;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   998  			break;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   999  		}
b1d9e6b0646d0e Casey Schaufler   2015-05-02  1000  	}
b1d9e6b0646d0e Casey Schaufler   2015-05-02  1001  	return __vm_enough_memory(mm, pages, cap_sys_admin);
20510f2f4e2dab James Morris      2007-10-16  1002  }
20510f2f4e2dab James Morris      2007-10-16  1003  
1661372c912d19 Paul Moore        2023-02-07  1004  /**
1661372c912d19 Paul Moore        2023-02-07  1005   * security_bprm_creds_for_exec() - Prepare the credentials for exec()
1661372c912d19 Paul Moore        2023-02-07  1006   * @bprm: binary program information
1661372c912d19 Paul Moore        2023-02-07  1007   *
1661372c912d19 Paul Moore        2023-02-07  1008   * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1661372c912d19 Paul Moore        2023-02-07  1009   * properly for executing @bprm->file, update the LSM's portion of
1661372c912d19 Paul Moore        2023-02-07  1010   * @bprm->cred->security to be what commit_creds needs to install for the new
1661372c912d19 Paul Moore        2023-02-07  1011   * program.  This hook may also optionally check permissions (e.g. for
1661372c912d19 Paul Moore        2023-02-07  1012   * transitions between security domains).  The hook must set @bprm->secureexec
1661372c912d19 Paul Moore        2023-02-07  1013   * to 1 if AT_SECURE should be set to request libc enable secure mode.  @bprm
1661372c912d19 Paul Moore        2023-02-07  1014   * contains the linux_binprm structure.
1661372c912d19 Paul Moore        2023-02-07  1015   *
1661372c912d19 Paul Moore        2023-02-07  1016   * Return: Returns 0 if the hook is successful and permission is granted.
1661372c912d19 Paul Moore        2023-02-07  1017   */
b8bff599261c93 Eric W. Biederman 2020-03-22  1018  
1661372c912d19 Paul Moore        2023-02-07  1019  /**
1661372c912d19 Paul Moore        2023-02-07 @1020   * security_bprm_creds_from_file() - Update linux_binprm creds based on file
1661372c912d19 Paul Moore        2023-02-07  1021   * @bprm: binary program information
1661372c912d19 Paul Moore        2023-02-07  1022   * @file: associated file
1661372c912d19 Paul Moore        2023-02-07  1023   *
1661372c912d19 Paul Moore        2023-02-07  1024   * If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
1661372c912d19 Paul Moore        2023-02-07  1025   * exec, update @bprm->cred to reflect that change. This is called after
1661372c912d19 Paul Moore        2023-02-07  1026   * finding the binary that will be executed without an interpreter.  This
1661372c912d19 Paul Moore        2023-02-07  1027   * ensures that the credentials will not be derived from a script that the
1661372c912d19 Paul Moore        2023-02-07  1028   * binary will need to reopen, which when reopend may end up being a completely
1661372c912d19 Paul Moore        2023-02-07  1029   * different file.  This hook may also optionally check permissions (e.g. for
1661372c912d19 Paul Moore        2023-02-07  1030   * transitions between security domains).  The hook must set @bprm->secureexec
1661372c912d19 Paul Moore        2023-02-07  1031   * to 1 if AT_SECURE should be set to request libc enable secure mode.  The
1661372c912d19 Paul Moore        2023-02-07  1032   * hook must add to @bprm->per_clear any personality flags that should be
1661372c912d19 Paul Moore        2023-02-07  1033   * cleared from current->personality.  @bprm contains the linux_binprm
1661372c912d19 Paul Moore        2023-02-07  1034   * structure.
1661372c912d19 Paul Moore        2023-02-07  1035   *
1661372c912d19 Paul Moore        2023-02-07  1036   * Return: Returns 0 if the hook is successful and permission is granted.
1661372c912d19 Paul Moore        2023-02-07  1037   */
20510f2f4e2dab James Morris      2007-10-16  1038  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki



More information about the Linux-security-module-archive mailing list