From e3e37fe022a486d83c71eacb59fb5b6b0ebdbf78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Date: Thu, 7 Mar 2024 10:39:23 +0100 Subject: landlock: Rename "ptrace" files to "task" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ptrace.[ch] are currently only used for the ptrace LSM hooks but their scope will expand with IPCs and audit support. Rename ptrace.[ch] to task.[ch], which better reflect their content. Similarly, rename landlock_add_ptrace_hooks() to landlock_add_task_hooks(). Keep header files for now. Cc: Günther Noack Cc: Paul Moore Link: https://lore.kernel.org/r/20240307093923.1466071-2-mic@digikod.net Signed-off-by: Mickaël Salaün --- security/landlock/Makefile | 2 +- security/landlock/ptrace.c | 120 --------------------------------------------- security/landlock/ptrace.h | 14 ------ security/landlock/setup.c | 4 +- security/landlock/task.c | 120 +++++++++++++++++++++++++++++++++++++++++++++ security/landlock/task.h | 14 ++++++ 6 files changed, 137 insertions(+), 137 deletions(-) delete mode 100644 security/landlock/ptrace.c delete mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/task.c create mode 100644 security/landlock/task.h diff --git a/security/landlock/Makefile b/security/landlock/Makefile index c2e116f2a299..b4538b7cf7d2 100644 --- a/security/landlock/Makefile +++ b/security/landlock/Makefile @@ -1,6 +1,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK) := landlock.o landlock-y := setup.o syscalls.o object.o ruleset.o \ - cred.o ptrace.o fs.o + cred.o task.o fs.o landlock-$(CONFIG_INET) += net.o diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c deleted file mode 100644 index 2bfc533d36e4..000000000000 --- a/security/landlock/ptrace.c +++ /dev/null @@ -1,120 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* - * Landlock LSM - Ptrace hooks - * - * Copyright © 2017-2020 Mickaël Salaün - * Copyright © 2019-2020 ANSSI - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "common.h" -#include "cred.h" -#include "ptrace.h" -#include "ruleset.h" -#include "setup.h" - -/** - * domain_scope_le - Checks domain ordering for scoped ptrace - * - * @parent: Parent domain. - * @child: Potential child of @parent. - * - * Checks if the @parent domain is less or equal to (i.e. an ancestor, which - * means a subset of) the @child domain. - */ -static bool domain_scope_le(const struct landlock_ruleset *const parent, - const struct landlock_ruleset *const child) -{ - const struct landlock_hierarchy *walker; - - if (!parent) - return true; - if (!child) - return false; - for (walker = child->hierarchy; walker; walker = walker->parent) { - if (walker == parent->hierarchy) - /* @parent is in the scoped hierarchy of @child. */ - return true; - } - /* There is no relationship between @parent and @child. */ - return false; -} - -static bool task_is_scoped(const struct task_struct *const parent, - const struct task_struct *const child) -{ - bool is_scoped; - const struct landlock_ruleset *dom_parent, *dom_child; - - rcu_read_lock(); - dom_parent = landlock_get_task_domain(parent); - dom_child = landlock_get_task_domain(child); - is_scoped = domain_scope_le(dom_parent, dom_child); - rcu_read_unlock(); - return is_scoped; -} - -static int task_ptrace(const struct task_struct *const parent, - const struct task_struct *const child) -{ - /* Quick return for non-landlocked tasks. */ - if (!landlocked(parent)) - return 0; - if (task_is_scoped(parent, child)) - return 0; - return -EPERM; -} - -/** - * hook_ptrace_access_check - Determines whether the current process may access - * another - * - * @child: Process to be accessed. - * @mode: Mode of attachment. - * - * If the current task has Landlock rules, then the child must have at least - * the same rules. Else denied. - * - * Determines whether a process may access another, returning 0 if permission - * granted, -errno if denied. - */ -static int hook_ptrace_access_check(struct task_struct *const child, - const unsigned int mode) -{ - return task_ptrace(current, child); -} - -/** - * hook_ptrace_traceme - Determines whether another process may trace the - * current one - * - * @parent: Task proposed to be the tracer. - * - * If the parent has Landlock rules, then the current task must have the same - * or more rules. Else denied. - * - * Determines whether the nominated task is permitted to trace the current - * process, returning 0 if permission is granted, -errno if denied. - */ -static int hook_ptrace_traceme(struct task_struct *const parent) -{ - return task_ptrace(parent, current); -} - -static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(ptrace_access_check, hook_ptrace_access_check), - LSM_HOOK_INIT(ptrace_traceme, hook_ptrace_traceme), -}; - -__init void landlock_add_ptrace_hooks(void) -{ - security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - &landlock_lsmid); -} diff --git a/security/landlock/ptrace.h b/security/landlock/ptrace.h deleted file mode 100644 index 265b220ae3bf..000000000000 --- a/security/landlock/ptrace.h +++ /dev/null @@ -1,14 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Landlock LSM - Ptrace hooks - * - * Copyright © 2017-2019 Mickaël Salaün - * Copyright © 2019 ANSSI - */ - -#ifndef _SECURITY_LANDLOCK_PTRACE_H -#define _SECURITY_LANDLOCK_PTRACE_H - -__init void landlock_add_ptrace_hooks(void); - -#endif /* _SECURITY_LANDLOCK_PTRACE_H */ diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f6dd33143b7f..28519a45b11f 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -14,8 +14,8 @@ #include "cred.h" #include "fs.h" #include "net.h" -#include "ptrace.h" #include "setup.h" +#include "task.h" bool landlock_initialized __ro_after_init = false; @@ -34,7 +34,7 @@ const struct lsm_id landlock_lsmid = { static int __init landlock_init(void) { landlock_add_cred_hooks(); - landlock_add_ptrace_hooks(); + landlock_add_task_hooks(); landlock_add_fs_hooks(); landlock_add_net_hooks(); landlock_initialized = true; diff --git a/security/landlock/task.c b/security/landlock/task.c new file mode 100644 index 000000000000..849f5123610b --- /dev/null +++ b/security/landlock/task.c @@ -0,0 +1,120 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Landlock LSM - Ptrace hooks + * + * Copyright © 2017-2020 Mickaël Salaün + * Copyright © 2019-2020 ANSSI + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "cred.h" +#include "ruleset.h" +#include "setup.h" +#include "task.h" + +/** + * domain_scope_le - Checks domain ordering for scoped ptrace + * + * @parent: Parent domain. + * @child: Potential child of @parent. + * + * Checks if the @parent domain is less or equal to (i.e. an ancestor, which + * means a subset of) the @child domain. + */ +static bool domain_scope_le(const struct landlock_ruleset *const parent, + const struct landlock_ruleset *const child) +{ + const struct landlock_hierarchy *walker; + + if (!parent) + return true; + if (!child) + return false; + for (walker = child->hierarchy; walker; walker = walker->parent) { + if (walker == parent->hierarchy) + /* @parent is in the scoped hierarchy of @child. */ + return true; + } + /* There is no relationship between @parent and @child. */ + return false; +} + +static bool task_is_scoped(const struct task_struct *const parent, + const struct task_struct *const child) +{ + bool is_scoped; + const struct landlock_ruleset *dom_parent, *dom_child; + + rcu_read_lock(); + dom_parent = landlock_get_task_domain(parent); + dom_child = landlock_get_task_domain(child); + is_scoped = domain_scope_le(dom_parent, dom_child); + rcu_read_unlock(); + return is_scoped; +} + +static int task_ptrace(const struct task_struct *const parent, + const struct task_struct *const child) +{ + /* Quick return for non-landlocked tasks. */ + if (!landlocked(parent)) + return 0; + if (task_is_scoped(parent, child)) + return 0; + return -EPERM; +} + +/** + * hook_ptrace_access_check - Determines whether the current process may access + * another + * + * @child: Process to be accessed. + * @mode: Mode of attachment. + * + * If the current task has Landlock rules, then the child must have at least + * the same rules. Else denied. + * + * Determines whether a process may access another, returning 0 if permission + * granted, -errno if denied. + */ +static int hook_ptrace_access_check(struct task_struct *const child, + const unsigned int mode) +{ + return task_ptrace(current, child); +} + +/** + * hook_ptrace_traceme - Determines whether another process may trace the + * current one + * + * @parent: Task proposed to be the tracer. + * + * If the parent has Landlock rules, then the current task must have the same + * or more rules. Else denied. + * + * Determines whether the nominated task is permitted to trace the current + * process, returning 0 if permission is granted, -errno if denied. + */ +static int hook_ptrace_traceme(struct task_struct *const parent) +{ + return task_ptrace(parent, current); +} + +static struct security_hook_list landlock_hooks[] __ro_after_init = { + LSM_HOOK_INIT(ptrace_access_check, hook_ptrace_access_check), + LSM_HOOK_INIT(ptrace_traceme, hook_ptrace_traceme), +}; + +__init void landlock_add_task_hooks(void) +{ + security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), + &landlock_lsmid); +} diff --git a/security/landlock/task.h b/security/landlock/task.h new file mode 100644 index 000000000000..7c00360219a2 --- /dev/null +++ b/security/landlock/task.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Landlock LSM - Ptrace hooks + * + * Copyright © 2017-2019 Mickaël Salaün + * Copyright © 2019 ANSSI + */ + +#ifndef _SECURITY_LANDLOCK_TASK_H +#define _SECURITY_LANDLOCK_TASK_H + +__init void landlock_add_task_hooks(void); + +#endif /* _SECURITY_LANDLOCK_TASK_H */ -- cgit v1.2.3