security/safesetid/securityfs.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0
 /*
  * SafeSetID Linux Security Module
  *
  * Author: Micah Morton <mortonm@chromium.org>
  *
  * Copyright (C) 2018 The Chromium OS Authors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2, as
  * published by the Free Software Foundation.
  *
  */
 #include <linux/security.h>
 #include <linux/cred.h>

 #include "lsm.h"

 static struct dentry *safesetid_policy_dir;

 struct safesetid_file_entry {
 	const char *name;
 	enum safesetid_whitelist_file_write_type type;
 	struct dentry *dentry;
 };

 static struct safesetid_file_entry safesetid_files[] = {
 	{.name = "add_whitelist_policy",
 	 .type = SAFESETID_WHITELIST_ADD},
 	{.name = "flush_whitelist_policies",
 	 .type = SAFESETID_WHITELIST_FLUSH},
 };

 /*
  * In the case the input buffer contains one or more invalid UIDs, the kuid_t
  * variables pointed to by 'parent' and 'child' will get updated but this
  * function will return an error.
  */
 static int parse_safesetid_whitelist_policy(const char __user *buf,
 					    size_t len,
 					    kuid_t *parent,
 					    kuid_t *child)
 {
 	char *kern_buf;
 	char *parent_buf;
 	char *child_buf;
 	const char separator[] = ":";
 	int ret;
 	size_t first_substring_length;
 	long parsed_parent;
 	long parsed_child;

 	/* Duplicate string from user memory and NULL-terminate */
 	kern_buf = memdup_user_nul(buf, len);
 	if (IS_ERR(kern_buf))
 		return PTR_ERR(kern_buf);

 	/*
 	 * Format of |buf| string should be <UID>:<UID>.
 	 * Find location of ":" in kern_buf (copied from |buf|).
 	 */
 	first_substring_length = strcspn(kern_buf, separator);
 	if (first_substring_length == 0 || first_substring_length == len) {
 		ret = -EINVAL;
 		goto free_kern;
 	}

 	parent_buf = kmemdup_nul(kern_buf, first_substring_length, GFP_KERNEL);
 	if (!parent_buf) {
 		ret = -ENOMEM;
 		goto free_kern;
 	}

 	ret = kstrtol(parent_buf, 0, &parsed_parent);
 	if (ret)
 		goto free_both;

 	child_buf = kern_buf + first_substring_length + 1;
 	ret = kstrtol(child_buf, 0, &parsed_child);
 	if (ret)
 		goto free_both;

 	*parent = make_kuid(current_user_ns(), parsed_parent);
 	if (!uid_valid(*parent)) {
 		ret = -EINVAL;
 		goto free_both;
 	}

 	*child = make_kuid(current_user_ns(), parsed_child);
 	if (!uid_valid(*child)) {
 		ret = -EINVAL;
 		goto free_both;
 	}

 free_both:
 	kfree(parent_buf);
 free_kern:
 	kfree(kern_buf);
 	return ret;
 }

 static ssize_t safesetid_file_write(struct file *file,
 				    const char __user *buf,
 				    size_t len,
 				    loff_t *ppos)
 {
 	struct safesetid_file_entry *file_entry =
 		file->f_inode->i_private;
 	kuid_t parent;
 	kuid_t child;
 	int ret;

 	if (!ns_capable(current_user_ns(), CAP_MAC_ADMIN))
 		return -EPERM;

 	if (*ppos != 0)
 		return -EINVAL;

 	switch (file_entry->type) {
 	case SAFESETID_WHITELIST_FLUSH:
 		flush_safesetid_whitelist_entries();
 		break;
 	case SAFESETID_WHITELIST_ADD:
 		ret = parse_safesetid_whitelist_policy(buf, len, &parent,
 								 &child);
 		if (ret)
 			return ret;

 		ret = add_safesetid_whitelist_entry(parent, child);
 		if (ret)
 			return ret;
 		break;
 	default:
 		pr_warn("Unknown securityfs file %d\n", file_entry->type);
 		break;
 	}

 	/* Return len on success so caller won't keep trying to write */
 	return len;
 }

 static const struct file_operations safesetid_file_fops = {
 	.write = safesetid_file_write,
 };

 static void safesetid_shutdown_securityfs(void)
 {
 	int i;

 	for (i = 0; i < ARRAY_SIZE(safesetid_files); ++i) {
 		struct safesetid_file_entry *entry =
 			&safesetid_files[i];
 		securityfs_remove(entry->dentry);
 		entry->dentry = NULL;
 	}

 	securityfs_remove(safesetid_policy_dir);
 	safesetid_policy_dir = NULL;
 }

 static int __init safesetid_init_securityfs(void)
 {
 	int i;
 	int ret;

 	if (!safesetid_initialized)
 		return 0;

 	safesetid_policy_dir = securityfs_create_dir("safesetid", NULL);
 	if (IS_ERR(safesetid_policy_dir)) {
 		ret = PTR_ERR(safesetid_policy_dir);
 		goto error;
 	}

 	for (i = 0; i < ARRAY_SIZE(safesetid_files); ++i) {
 		struct safesetid_file_entry *entry =
 			&safesetid_files[i];
 		entry->dentry = securityfs_create_file(
 			entry->name, 0200, safesetid_policy_dir,
 			entry, &safesetid_file_fops);
 		if (IS_ERR(entry->dentry)) {
 			ret = PTR_ERR(entry->dentry);
 			goto error;
 		}
 	}

 	return 0;

 error:
 	safesetid_shutdown_securityfs();
 	return ret;
 }
 fs_initcall(safesetid_init_securityfs);
	// SPDX-License-Identifier: GPL-2.0
	/*
	* SafeSetID Linux Security Module
	*
	* Author: Micah Morton <mortonm@chromium.org>
	*
	* Copyright (C) 2018 The Chromium OS Authors.
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2, as
	* published by the Free Software Foundation.
	*
	*/
	#include <linux/security.h>
	#include <linux/cred.h>

	#include "lsm.h"

	static struct dentry *safesetid_policy_dir;

	struct safesetid_file_entry {
	const char *name;
	enum safesetid_whitelist_file_write_type type;
	struct dentry *dentry;
	};

	static struct safesetid_file_entry safesetid_files[] = {
	{.name = "add_whitelist_policy",
	.type = SAFESETID_WHITELIST_ADD},
	{.name = "flush_whitelist_policies",
	.type = SAFESETID_WHITELIST_FLUSH},
	};

	/*
	* In the case the input buffer contains one or more invalid UIDs, the kuid_t
	* variables pointed to by 'parent' and 'child' will get updated but this
	* function will return an error.
	*/
	static int parse_safesetid_whitelist_policy(const char __user *buf,
	size_t len,
	kuid_t *parent,
	kuid_t *child)
	{
	char *kern_buf;
	char *parent_buf;
	char *child_buf;
	const char separator[] = ":";
	int ret;
	size_t first_substring_length;
	long parsed_parent;
	long parsed_child;

	/* Duplicate string from user memory and NULL-terminate */
	kern_buf = memdup_user_nul(buf, len);
	if (IS_ERR(kern_buf))
	return PTR_ERR(kern_buf);

	/*
	* Format of \|buf\| string should be <UID>:<UID>.
	* Find location of ":" in kern_buf (copied from \|buf\|).
	*/
	first_substring_length = strcspn(kern_buf, separator);
	if (first_substring_length == 0 \|\| first_substring_length == len) {
	ret = -EINVAL;
	goto free_kern;
	}

	parent_buf = kmemdup_nul(kern_buf, first_substring_length, GFP_KERNEL);
	if (!parent_buf) {
	ret = -ENOMEM;
	goto free_kern;
	}

	ret = kstrtol(parent_buf, 0, &parsed_parent);
	if (ret)
	goto free_both;

	child_buf = kern_buf + first_substring_length + 1;
	ret = kstrtol(child_buf, 0, &parsed_child);
	if (ret)
	goto free_both;

	*parent = make_kuid(current_user_ns(), parsed_parent);
	if (!uid_valid(*parent)) {
	ret = -EINVAL;
	goto free_both;
	}

	*child = make_kuid(current_user_ns(), parsed_child);
	if (!uid_valid(*child)) {
	ret = -EINVAL;
	goto free_both;
	}

	free_both:
	kfree(parent_buf);
	free_kern:
	kfree(kern_buf);
	return ret;
	}

	static ssize_t safesetid_file_write(struct file *file,
	const char __user *buf,
	size_t len,
	loff_t *ppos)
	{
	struct safesetid_file_entry *file_entry =
	file->f_inode->i_private;
	kuid_t parent;
	kuid_t child;
	int ret;

	if (!ns_capable(current_user_ns(), CAP_MAC_ADMIN))
	return -EPERM;

	if (*ppos != 0)
	return -EINVAL;

	switch (file_entry->type) {
	case SAFESETID_WHITELIST_FLUSH:
	flush_safesetid_whitelist_entries();
	break;
	case SAFESETID_WHITELIST_ADD:
	ret = parse_safesetid_whitelist_policy(buf, len, &parent,
	&child);
	if (ret)
	return ret;

	ret = add_safesetid_whitelist_entry(parent, child);
	if (ret)
	return ret;
	break;
	default:
	pr_warn("Unknown securityfs file %d\n", file_entry->type);
	break;
	}

	/* Return len on success so caller won't keep trying to write */
	return len;
	}

	static const struct file_operations safesetid_file_fops = {
	.write = safesetid_file_write,
	};

	static void safesetid_shutdown_securityfs(void)
	{
	int i;

	for (i = 0; i < ARRAY_SIZE(safesetid_files); ++i) {
	struct safesetid_file_entry *entry =
	&safesetid_files[i];
	securityfs_remove(entry->dentry);
	entry->dentry = NULL;
	}

	securityfs_remove(safesetid_policy_dir);
	safesetid_policy_dir = NULL;
	}

	static int __init safesetid_init_securityfs(void)
	{
	int i;
	int ret;

	if (!safesetid_initialized)
	return 0;

	safesetid_policy_dir = securityfs_create_dir("safesetid", NULL);
	if (IS_ERR(safesetid_policy_dir)) {
	ret = PTR_ERR(safesetid_policy_dir);
	goto error;
	}

	for (i = 0; i < ARRAY_SIZE(safesetid_files); ++i) {
	struct safesetid_file_entry *entry =
	&safesetid_files[i];
	entry->dentry = securityfs_create_file(
	entry->name, 0200, safesetid_policy_dir,
	entry, &safesetid_file_fops);
	if (IS_ERR(entry->dentry)) {
	ret = PTR_ERR(entry->dentry);
	goto error;
	}
	}

	return 0;

	error:
	safesetid_shutdown_securityfs();
	return ret;
	}
	fs_initcall(safesetid_init_securityfs);