[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221107205754.2635439-3-cukie@google.com>
Date: Mon, 7 Nov 2022 15:57:53 -0500
From: Gil Cukierman <cukie@...gle.com>
To: Paul Moore <paul@...l-moore.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>
Cc: Gil Cukierman <cukie@...gle.com>, kernel-team@...roid.com,
selinux@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v1 2/2] selinux: add support for the io_uring setup permission
This patch implements a new io_uring permission that controls
access to the io_uring_setup system call. The new permission,
io_uring { setup }, is added to the existing io_uring class.
This is important as it allows users to restrict their attack
surface by limiting which subjects are allowed retrieve fds
from the kernel that are necessary for the use of all other
io_uring functionality.
Signed-off-by: Gil Cukierman <cukie@...gle.com>
---
security/selinux/hooks.c | 13 +++++++++++++
security/selinux/include/classmap.h | 2 +-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f553c370397e..d2becf833a07 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7012,6 +7012,18 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
return avc_has_perm(&selinux_state, current_sid(), isec->sid,
SECCLASS_IO_URING, IO_URING__CMD, &ad);
}
+/**
+ * selinux_uring_setup - check to see if io_uring setup is allowed
+ *
+ * Check to see if the current task is allowed to execute io_uring_setup.
+ */
+static int selinux_uring_setup(void)
+{
+ int sid = current_sid();
+
+ return avc_has_perm(&selinux_state, sid, sid, SECCLASS_IO_URING,
+ IO_URING__SETUP, NULL);
+}
#endif /* CONFIG_IO_URING */
/*
@@ -7258,6 +7270,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(uring_override_creds, selinux_uring_override_creds),
LSM_HOOK_INIT(uring_sqpoll, selinux_uring_sqpoll),
LSM_HOOK_INIT(uring_cmd, selinux_uring_cmd),
+ LSM_HOOK_INIT(uring_setup, selinux_uring_setup),
#endif
/*
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a3c380775d41..48da4e7f7d62 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -253,7 +253,7 @@ const struct security_class_mapping secclass_map[] = {
{ "anon_inode",
{ COMMON_FILE_PERMS, NULL } },
{ "io_uring",
- { "override_creds", "sqpoll", "cmd", NULL } },
+ { "override_creds", "sqpoll", "cmd", "setup", NULL } },
{ "user_namespace",
{ "create", NULL } },
{ NULL }
--
2.38.0.135.g90850a2211-goog
Powered by blists - more mailing lists