[RFC PATCH 1/3] security: Add GPRS Tunneling Protocol (GTP) security hooks

Casey Schaufler casey at schaufler-ca.com
Thu Sep 24 20:40:44 UTC 2020


On 9/24/2020 1:51 AM, Richard Haines wrote:
> The GTP security hooks are explained in:
> Documentation/security/GTP.rst
>
> Signed-off-by: Richard Haines <richard_c_haines at btinternet.com>
> ---
>  Documentation/security/GTP.rst   | 39 ++++++++++++++++++++++++++++++++
>  Documentation/security/index.rst |  1 +
>  include/linux/lsm_hook_defs.h    |  3 +++
>  include/linux/lsm_hooks.h        | 16 +++++++++++++
>  include/linux/security.h         | 19 ++++++++++++++++
>  security/security.c              | 18 +++++++++++++++
>  6 files changed, 96 insertions(+)
>  create mode 100644 Documentation/security/GTP.rst
>
> diff --git a/Documentation/security/GTP.rst b/Documentation/security/GTP.rst
> new file mode 100644
> index 000000000..e307d0b59
> --- /dev/null
> +++ b/Documentation/security/GTP.rst
> @@ -0,0 +1,39 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +=============================
> +GPRS Tunneling Protocol (GTP)
> +=============================
> +
> +GTP LSM Support
> +===============
> +
> +Security Hooks
> +--------------
> +For security module support, three GTP specific hooks have been implemented::
> +
> +    security_gtp_dev_add()
> +    security_gtp_dev_del()
> +    security_gtp_dev_cmd()
> +
> +
> +security_gtp_dev_add()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to allocate a security structure for a GTP device. Returns a
> +zero on success, negative values on failure.
> +If successful the GTP device ``struct gtp_dev`` will hold the allocated
> +pointer in ``void *security;``.
> +
> +
> +security_gtp_dev_del()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to free the security structure for a GTP device. Returns a
> +zero on success, negative values on failure.
> +
> +
> +security_gtp_dev_cmd()
> +~~~~~~~~~~~~~~~~~~~~~~
> +Allows a module to validate a command for the selected GTP device. Returns a
> +zero on success, negative values on failure. The commands are based on values
> +from ``include/uapi/linux/gtp.h`` as follows::
> +
> +``enum gtp_genl_cmds { GTP_CMD_NEWPDP, GTP_CMD_DELPDP, GTP_CMD_GETPDP };``
> diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst
> index 8129405eb..cdbdaa83b 100644
> --- a/Documentation/security/index.rst
> +++ b/Documentation/security/index.rst
> @@ -16,3 +16,4 @@ Security Documentation
>     siphash
>     tpm/index
>     digsig
> +   GTP
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 2a8c74d99..a994417fb 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -322,6 +322,9 @@ LSM_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
>  	 struct sockaddr *address, int addrlen)
>  LSM_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_endpoint *ep,
>  	 struct sock *sk, struct sock *newsk)
> +LSM_HOOK(int, 0, gtp_dev_add, void **security)

This should be gtp_dev_alloc by convention.

> +LSM_HOOK(int, 0, gtp_dev_del, void *security)

This should be gtp_dev_free by convention.

> +LSM_HOOK(int, 0, gtp_dev_cmd, void *security, enum gtp_genl_cmds cmd)

Please pass a pointer to the structure that contains the security blob,
not the pointer to the blob itself in these hooks.

>  #endif /* CONFIG_SECURITY_NETWORK */
>  
>  #ifdef CONFIG_SECURITY_INFINIBAND
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 9e2e3e637..3d6888d51 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -982,6 +982,22 @@
>   *	This hook can be used by the module to update any security state
>   *	associated with the TUN device's security structure.
>   *	@security pointer to the TUN devices's security structure.
> + * @gtp_dev_add:
> + *	This hook allows a module to allocate a security structure for a GTP
> + *	device.
> + *	@security pointer to a security structure pointer.

change per earlier comments.

> + *	Returns a zero on success, negative values on failure.
> + * @gtp_dev_del:
> + *	This hook allows a module to free the security structure for a GTP
> + *	device.
> + *	@security pointer to the GTP device's security structure.

change per earlier comments.

> + *	Returns a zero on success, negative values on failure.
> + * @gtp_dev_cmd:
> + *	This hook allows a module to free the security structure for a GTP
> + *	device.
> + *	@security pointer to the GTP device's security structure.

change per earlier comments.

> + *	@cmd contains the GTP command.
> + *	Returns a zero on success, negative values on failure.
>   *
>   * Security hooks for SCTP
>   *
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 0a0a03b36..67ff43afa 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -30,6 +30,7 @@
>  #include <linux/err.h>
>  #include <linux/string.h>
>  #include <linux/mm.h>
> +#include <linux/gtp.h>
>  
>  struct linux_binprm;
>  struct cred;
> @@ -1365,6 +1366,9 @@ int security_sctp_bind_connect(struct sock *sk, int optname,
>  			       struct sockaddr *address, int addrlen);
>  void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
>  			    struct sock *newsk);
> +int security_gtp_dev_add(void **security);
> +int security_gtp_dev_del(void *security);
> +int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd);
>  
>  #else	/* CONFIG_SECURITY_NETWORK */
>  static inline int security_unix_stream_connect(struct sock *sock,
> @@ -1582,6 +1586,21 @@ static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
>  					  struct sock *newsk)
>  {
>  }
> +
> +static inline int security_gtp_dev_add(void **security)
> +{
> +	return 0;
> +}
> +
> +static inline int security_gtp_dev_del(void *security)
> +{
> +	return 0;
> +}
> +
> +static inline int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd)
> +{
> +	return 0;
> +}
>  #endif	/* CONFIG_SECURITY_NETWORK */
>  
>  #ifdef CONFIG_SECURITY_INFINIBAND
> diff --git a/security/security.c b/security/security.c
> index 70a7ad357..63b656848 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2304,6 +2304,24 @@ void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
>  }
>  EXPORT_SYMBOL(security_sctp_sk_clone);
>  
> +int security_gtp_dev_add(void **security)
> +{
> +	return call_int_hook(gtp_dev_add, 0, security);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_add);
> +
> +int security_gtp_dev_del(void *security)
> +{
> +	return call_int_hook(gtp_dev_del, 0, security);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_del);
> +
> +int security_gtp_dev_cmd(void *security, enum gtp_genl_cmds cmd)
> +{
> +	return call_int_hook(gtp_dev_cmd, 0, security, cmd);
> +}
> +EXPORT_SYMBOL(security_gtp_dev_cmd);
> +
>  #endif	/* CONFIG_SECURITY_NETWORK */
>  
>  #ifdef CONFIG_SECURITY_INFINIBAND



More information about the Linux-security-module-archive mailing list