| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250415071017.3261009-2-dualli@chromium.org>
Date: Tue, 15 Apr 2025 00:10:15 -0700
From: Li Li <dualli@...omium.org>
To: dualli@...gle.com,
corbet@....net,
davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
donald.hunter@...il.com,
gregkh@...uxfoundation.org,
arve@...roid.com,
tkjos@...roid.com,
maco@...roid.com,
joel@...lfernandes.org,
brauner@...nel.org,
cmllamas@...gle.com,
surenb@...gle.com,
omosnace@...hat.com,
shuah@...nel.org,
arnd@...db.de,
masahiroy@...nel.org,
bagasdotme@...il.com,
horms@...nel.org,
tweek@...gle.com,
paul@...l-moore.com,
linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
netdev@...r.kernel.org,
selinux@...r.kernel.org,
hridya@...gle.com
Cc: smoreland@...gle.com,
ynaffit@...gle.com,
kernel-team@...roid.com
Subject: [PATCH v17 1/3] lsm, selinux: Add setup_report permission to binder
From: ThiƩbaud Weksteen <tweek@...gle.com>
Introduce a new permission "setup_report" to the "binder" class.
This persmission controls the ability to set up the binder generic
netlink driver to report certain binder transactions.
Signed-off-by: ThiƩbaud Weksteen <tweek@...gle.com>
Signed-off-by: Li Li <dualli@...gle.com>
---
include/linux/lsm_hook_defs.h | 1 +
include/linux/security.h | 6 ++++++
security/security.c | 13 +++++++++++++
security/selinux/hooks.c | 7 +++++++
security/selinux/include/classmap.h | 3 ++-
5 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index bf3bbac4e02a..795a507db537 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -33,6 +33,7 @@ LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
const struct cred *to)
LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
const struct cred *to, const struct file *file)
+LSM_HOOK(int, 0, binder_setup_report, const struct cred *to)
LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
unsigned int mode)
LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
diff --git a/include/linux/security.h b/include/linux/security.h
index cc9b54d95d22..fe600fb37c98 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -338,6 +338,7 @@ int security_binder_transfer_binder(const struct cred *from,
const struct cred *to);
int security_binder_transfer_file(const struct cred *from,
const struct cred *to, const struct file *file);
+int security_binder_setup_report(const struct cred *to);
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
int security_ptrace_traceme(struct task_struct *parent);
int security_capget(const struct task_struct *target,
@@ -657,6 +658,11 @@ static inline int security_binder_transfer_file(const struct cred *from,
return 0;
}
+static inline int security_binder_setup_report(const struct cred *to)
+{
+ return 0;
+}
+
static inline int security_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
diff --git a/security/security.c b/security/security.c
index fb57e8fddd91..5acf364e610f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred *from,
return call_int_hook(binder_transfer_file, from, to, file);
}
+/**
+ * security_binder_setup_report() - Check if binder report is allowed
+ * @to: receiving process
+ *
+ * Check whether @to is allowed to set up binder reports.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
+int security_binder_setup_report(const struct cred *to)
+{
+ return call_int_hook(binder_setup_report, to);
+}
+
/**
* security_ptrace_access_check() - Check if tracing is allowed
* @child: target process
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 595ceb314aeb..f02249345c4b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2103,6 +2103,12 @@ static int selinux_binder_transfer_file(const struct cred *from,
&ad);
}
+static int selinux_binder_setup_report(const struct cred *to)
+{
+ return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER,
+ BINDER__SETUP_REPORT, NULL);
+}
+
static int selinux_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
@@ -7295,6 +7301,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
+ LSM_HOOK_INIT(binder_setup_report, selinux_binder_setup_report),
LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 5665aa5e7853..de7e28572fda 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -133,7 +133,8 @@ const struct security_class_mapping secclass_map[] = {
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ "binder",
- { "impersonate", "call", "set_context_mgr", "transfer", NULL } },
+ { "impersonate", "call", "set_context_mgr", "transfer",
+ "setup_report", NULL } },
{ "cap_userns", { COMMON_CAP_PERMS, NULL } },
{ "cap2_userns", { COMMON_CAP2_PERMS, NULL } },
{ "sctp_socket",
--
2.49.0.604.gff1f9ca942-goog
Powered by blists - more mailing lists