lsm_init.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * LSM initialization functions
  4. */
  5. #define pr_fmt(fmt) "LSM: " fmt
  6. #include <linux/init.h>
  7. #include <linux/lsm_hooks.h>
  8. #include "lsm.h"
  9. /* LSM enabled constants. */
  10. static __initdata int lsm_enabled_true = 1;
  11. static __initdata int lsm_enabled_false = 0;
  12. /* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
  13. extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
  14. extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
  15. /* Number of "early" LSMs */
  16. static __initdata unsigned int lsm_count_early;
  17. /* Build and boot-time LSM ordering. */
  18. static __initconst const char *const lsm_order_builtin = CONFIG_LSM;
  19. static __initdata const char *lsm_order_cmdline;
  20. static __initdata const char *lsm_order_legacy;
  21. /* Ordered list of LSMs to initialize. */
  22. static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1];
  23. static __initdata struct lsm_info *lsm_exclusive;
  24. #define lsm_order_for_each(iter) \
  25. for ((iter) = lsm_order; *(iter); (iter)++)
  26. #define lsm_for_each_raw(iter) \
  27. for ((iter) = __start_lsm_info; \
  28. (iter) < __end_lsm_info; (iter)++)
  29. #define lsm_early_for_each_raw(iter) \
  30. for ((iter) = __start_early_lsm_info; \
  31. (iter) < __end_early_lsm_info; (iter)++)
  32. #define lsm_initcall(level) \
  33. ({ \
  34. int _r, _rc = 0; \
  35. struct lsm_info **_lp, *_l; \
  36. lsm_order_for_each(_lp) { \
  37. _l = *_lp; \
  38. if (!_l->initcall_##level) \
  39. continue; \
  40. lsm_pr_dbg("running %s %s initcall", \
  41. _l->id->name, #level); \
  42. _r = _l->initcall_##level(); \
  43. if (_r) { \
  44. pr_warn("failed LSM %s %s initcall with errno %d\n", \
  45. _l->id->name, #level, _r); \
  46. if (!_rc) \
  47. _rc = _r; \
  48. } \
  49. } \
  50. _rc; \
  51. })
  52. /**
  53. * lsm_choose_security - Legacy "major" LSM selection
  54. * @str: kernel command line parameter
  55. */
  56. static int __init lsm_choose_security(char *str)
  57. {
  58. lsm_order_legacy = str;
  59. return 1;
  60. }
  61. __setup("security=", lsm_choose_security);
  62. /**
  63. * lsm_choose_lsm - Modern LSM selection
  64. * @str: kernel command line parameter
  65. */
  66. static int __init lsm_choose_lsm(char *str)
  67. {
  68. lsm_order_cmdline = str;
  69. return 1;
  70. }
  71. __setup("lsm=", lsm_choose_lsm);
  72. /**
  73. * lsm_debug_enable - Enable LSM framework debugging
  74. * @str: kernel command line parameter
  75. *
  76. * Currently we only provide debug info during LSM initialization, but we may
  77. * want to expand this in the future.
  78. */
  79. static int __init lsm_debug_enable(char *str)
  80. {
  81. lsm_debug = true;
  82. return 1;
  83. }
  84. __setup("lsm.debug", lsm_debug_enable);
  85. /**
  86. * lsm_enabled_set - Mark a LSM as enabled
  87. * @lsm: LSM definition
  88. * @enabled: enabled flag
  89. */
  90. static void __init lsm_enabled_set(struct lsm_info *lsm, bool enabled)
  91. {
  92. /*
  93. * When an LSM hasn't configured an enable variable, we can use
  94. * a hard-coded location for storing the default enabled state.
  95. */
  96. if (!lsm->enabled ||
  97. lsm->enabled == &lsm_enabled_true ||
  98. lsm->enabled == &lsm_enabled_false) {
  99. lsm->enabled = enabled ? &lsm_enabled_true : &lsm_enabled_false;
  100. } else {
  101. *lsm->enabled = enabled;
  102. }
  103. }
  104. /**
  105. * lsm_is_enabled - Determine if a LSM is enabled
  106. * @lsm: LSM definition
  107. */
  108. static inline bool lsm_is_enabled(struct lsm_info *lsm)
  109. {
  110. return (lsm->enabled ? *lsm->enabled : false);
  111. }
  112. /**
  113. * lsm_order_exists - Determine if a LSM exists in the ordered list
  114. * @lsm: LSM definition
  115. */
  116. static bool __init lsm_order_exists(struct lsm_info *lsm)
  117. {
  118. struct lsm_info **check;
  119. lsm_order_for_each(check) {
  120. if (*check == lsm)
  121. return true;
  122. }
  123. return false;
  124. }
  125. /**
  126. * lsm_order_append - Append a LSM to the ordered list
  127. * @lsm: LSM definition
  128. * @src: source of the addition
  129. *
  130. * Append @lsm to the enabled LSM array after ensuring that it hasn't been
  131. * explicitly disabled, is a duplicate entry, or would run afoul of the
  132. * LSM_FLAG_EXCLUSIVE logic.
  133. */
  134. static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
  135. {
  136. /* Ignore duplicate selections. */
  137. if (lsm_order_exists(lsm))
  138. return;
  139. /* Skip explicitly disabled LSMs. */
  140. if (lsm->enabled && !lsm_is_enabled(lsm)) {
  141. lsm_pr_dbg("skip previously disabled LSM %s:%s\n",
  142. src, lsm->id->name);
  143. return;
  144. }
  145. if (lsm_active_cnt == MAX_LSM_COUNT) {
  146. pr_warn("exceeded maximum LSM count on %s:%s\n",
  147. src, lsm->id->name);
  148. lsm_enabled_set(lsm, false);
  149. return;
  150. }
  151. if (lsm->flags & LSM_FLAG_EXCLUSIVE) {
  152. if (lsm_exclusive) {
  153. lsm_pr_dbg("skip exclusive LSM conflict %s:%s\n",
  154. src, lsm->id->name);
  155. lsm_enabled_set(lsm, false);
  156. return;
  157. } else {
  158. lsm_pr_dbg("select exclusive LSM %s:%s\n",
  159. src, lsm->id->name);
  160. lsm_exclusive = lsm;
  161. }
  162. }
  163. lsm_enabled_set(lsm, true);
  164. lsm_order[lsm_active_cnt] = lsm;
  165. lsm_idlist[lsm_active_cnt++] = lsm->id;
  166. lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name);
  167. }
  168. /**
  169. * lsm_order_parse - Parse the comma delimited LSM list
  170. * @list: LSM list
  171. * @src: source of the list
  172. */
  173. static void __init lsm_order_parse(const char *list, const char *src)
  174. {
  175. struct lsm_info *lsm;
  176. char *sep, *name, *next;
  177. /* Handle any Legacy LSM exclusions if one was specified. */
  178. if (lsm_order_legacy) {
  179. /*
  180. * To match the original "security=" behavior, this explicitly
  181. * does NOT fallback to another Legacy Major if the selected
  182. * one was separately disabled: disable all non-matching
  183. * Legacy Major LSMs.
  184. */
  185. lsm_for_each_raw(lsm) {
  186. if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
  187. strcmp(lsm->id->name, lsm_order_legacy)) {
  188. lsm_enabled_set(lsm, false);
  189. lsm_pr_dbg("skip legacy LSM conflict %s:%s\n",
  190. src, lsm->id->name);
  191. }
  192. }
  193. }
  194. /* LSM_ORDER_FIRST */
  195. lsm_for_each_raw(lsm) {
  196. if (lsm->order == LSM_ORDER_FIRST)
  197. lsm_order_append(lsm, "first");
  198. }
  199. /* Normal or "mutable" LSMs */
  200. sep = kstrdup(list, GFP_KERNEL);
  201. next = sep;
  202. /* Walk the list, looking for matching LSMs. */
  203. while ((name = strsep(&next, ",")) != NULL) {
  204. lsm_for_each_raw(lsm) {
  205. if (!strcmp(lsm->id->name, name) &&
  206. lsm->order == LSM_ORDER_MUTABLE)
  207. lsm_order_append(lsm, src);
  208. }
  209. }
  210. kfree(sep);
  211. /* Legacy LSM if specified. */
  212. if (lsm_order_legacy) {
  213. lsm_for_each_raw(lsm) {
  214. if (!strcmp(lsm->id->name, lsm_order_legacy))
  215. lsm_order_append(lsm, src);
  216. }
  217. }
  218. /* LSM_ORDER_LAST */
  219. lsm_for_each_raw(lsm) {
  220. if (lsm->order == LSM_ORDER_LAST)
  221. lsm_order_append(lsm, "last");
  222. }
  223. /* Disable all LSMs not previously enabled. */
  224. lsm_for_each_raw(lsm) {
  225. if (lsm_order_exists(lsm))
  226. continue;
  227. lsm_enabled_set(lsm, false);
  228. lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name);
  229. }
  230. }
  231. /**
  232. * lsm_blob_size_update - Update the LSM blob size and offset information
  233. * @sz_req: the requested additional blob size
  234. * @sz_cur: the existing blob size
  235. */
  236. static void __init lsm_blob_size_update(unsigned int *sz_req,
  237. unsigned int *sz_cur)
  238. {
  239. unsigned int offset;
  240. if (*sz_req == 0)
  241. return;
  242. offset = ALIGN(*sz_cur, sizeof(void *));
  243. *sz_cur = offset + *sz_req;
  244. *sz_req = offset;
  245. }
  246. /**
  247. * lsm_prepare - Prepare the LSM framework for a new LSM
  248. * @lsm: LSM definition
  249. */
  250. static void __init lsm_prepare(struct lsm_info *lsm)
  251. {
  252. struct lsm_blob_sizes *blobs = lsm->blobs;
  253. if (!blobs)
  254. return;
  255. /* Register the LSM blob sizes. */
  256. blobs = lsm->blobs;
  257. lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
  258. lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
  259. lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
  260. /* inode blob gets an rcu_head in addition to LSM blobs. */
  261. if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
  262. blob_sizes.lbs_inode = sizeof(struct rcu_head);
  263. lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
  264. lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
  265. lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
  266. lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
  267. lsm_blob_size_update(&blobs->lbs_perf_event,
  268. &blob_sizes.lbs_perf_event);
  269. lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
  270. lsm_blob_size_update(&blobs->lbs_superblock,
  271. &blob_sizes.lbs_superblock);
  272. lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
  273. lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
  274. lsm_blob_size_update(&blobs->lbs_xattr_count,
  275. &blob_sizes.lbs_xattr_count);
  276. lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
  277. lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
  278. lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
  279. lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
  280. }
  281. /**
  282. * lsm_init_single - Initialize a given LSM
  283. * @lsm: LSM definition
  284. */
  285. static void __init lsm_init_single(struct lsm_info *lsm)
  286. {
  287. int ret;
  288. if (!lsm_is_enabled(lsm))
  289. return;
  290. lsm_pr_dbg("initializing %s\n", lsm->id->name);
  291. ret = lsm->init();
  292. WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
  293. }
  294. /**
  295. * lsm_static_call_init - Initialize a LSM's static calls
  296. * @hl: LSM hook list
  297. */
  298. static int __init lsm_static_call_init(struct security_hook_list *hl)
  299. {
  300. struct lsm_static_call *scall = hl->scalls;
  301. int i;
  302. for (i = 0; i < MAX_LSM_COUNT; i++) {
  303. /* Update the first static call that is not used yet */
  304. if (!scall->hl) {
  305. __static_call_update(scall->key, scall->trampoline,
  306. hl->hook.lsm_func_addr);
  307. scall->hl = hl;
  308. static_branch_enable(scall->active);
  309. return 0;
  310. }
  311. scall++;
  312. }
  313. return -ENOSPC;
  314. }
  315. /**
  316. * security_add_hooks - Add a LSM's hooks to the LSM framework's hook lists
  317. * @hooks: LSM hooks to add
  318. * @count: number of hooks to add
  319. * @lsmid: identification information for the LSM
  320. *
  321. * Each LSM has to register its hooks with the LSM framework.
  322. */
  323. void __init security_add_hooks(struct security_hook_list *hooks, int count,
  324. const struct lsm_id *lsmid)
  325. {
  326. int i;
  327. for (i = 0; i < count; i++) {
  328. hooks[i].lsmid = lsmid;
  329. if (lsm_static_call_init(&hooks[i]))
  330. panic("exhausted LSM callback slots with LSM %s\n",
  331. lsmid->name);
  332. }
  333. }
  334. /**
  335. * early_security_init - Initialize the early LSMs
  336. */
  337. int __init early_security_init(void)
  338. {
  339. struct lsm_info *lsm;
  340. /* NOTE: lsm_pr_dbg() doesn't work here as lsm_debug is not yet set */
  341. lsm_early_for_each_raw(lsm) {
  342. lsm_enabled_set(lsm, true);
  343. lsm_order_append(lsm, "early");
  344. lsm_prepare(lsm);
  345. lsm_init_single(lsm);
  346. lsm_count_early++;
  347. }
  348. return 0;
  349. }
  350. /**
  351. * security_init - Initializes the LSM framework
  352. *
  353. * This should be called early in the kernel initialization sequence.
  354. */
  355. int __init security_init(void)
  356. {
  357. unsigned int cnt;
  358. struct lsm_info **lsm;
  359. if (lsm_debug) {
  360. struct lsm_info *i;
  361. cnt = 0;
  362. lsm_pr("available LSMs: ");
  363. lsm_early_for_each_raw(i)
  364. lsm_pr_cont("%s%s(E)", (cnt++ ? "," : ""), i->id->name);
  365. lsm_for_each_raw(i)
  366. lsm_pr_cont("%s%s", (cnt++ ? "," : ""), i->id->name);
  367. lsm_pr_cont("\n");
  368. lsm_pr("built-in LSM config: %s\n", lsm_order_builtin);
  369. lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy);
  370. lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline);
  371. /* see the note about lsm_pr_dbg() in early_security_init() */
  372. lsm_early_for_each_raw(i)
  373. lsm_pr("enabled LSM early:%s\n", i->id->name);
  374. }
  375. if (lsm_order_cmdline) {
  376. if (lsm_order_legacy)
  377. lsm_order_legacy = NULL;
  378. lsm_order_parse(lsm_order_cmdline, "cmdline");
  379. } else
  380. lsm_order_parse(lsm_order_builtin, "builtin");
  381. lsm_order_for_each(lsm)
  382. lsm_prepare(*lsm);
  383. if (lsm_debug) {
  384. lsm_pr("blob(cred) size %d\n", blob_sizes.lbs_cred);
  385. lsm_pr("blob(file) size %d\n", blob_sizes.lbs_file);
  386. lsm_pr("blob(ib) size %d\n", blob_sizes.lbs_ib);
  387. lsm_pr("blob(inode) size %d\n", blob_sizes.lbs_inode);
  388. lsm_pr("blob(ipc) size %d\n", blob_sizes.lbs_ipc);
  389. lsm_pr("blob(key) size %d\n", blob_sizes.lbs_key);
  390. lsm_pr("blob(msg_msg)_size %d\n", blob_sizes.lbs_msg_msg);
  391. lsm_pr("blob(sock) size %d\n", blob_sizes.lbs_sock);
  392. lsm_pr("blob(superblock) size %d\n", blob_sizes.lbs_superblock);
  393. lsm_pr("blob(perf_event) size %d\n", blob_sizes.lbs_perf_event);
  394. lsm_pr("blob(task) size %d\n", blob_sizes.lbs_task);
  395. lsm_pr("blob(tun_dev) size %d\n", blob_sizes.lbs_tun_dev);
  396. lsm_pr("blob(xattr) count %d\n", blob_sizes.lbs_xattr_count);
  397. lsm_pr("blob(bdev) size %d\n", blob_sizes.lbs_bdev);
  398. lsm_pr("blob(bpf_map) size %d\n", blob_sizes.lbs_bpf_map);
  399. lsm_pr("blob(bpf_prog) size %d\n", blob_sizes.lbs_bpf_prog);
  400. lsm_pr("blob(bpf_token) size %d\n", blob_sizes.lbs_bpf_token);
  401. }
  402. if (blob_sizes.lbs_file)
  403. lsm_file_cache = kmem_cache_create("lsm_file_cache",
  404. blob_sizes.lbs_file, 0,
  405. SLAB_PANIC, NULL);
  406. if (blob_sizes.lbs_inode)
  407. lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
  408. blob_sizes.lbs_inode, 0,
  409. SLAB_PANIC, NULL);
  410. if (lsm_cred_alloc((struct cred *)unrcu_pointer(current->cred),
  411. GFP_KERNEL))
  412. panic("early LSM cred alloc failed\n");
  413. if (lsm_task_alloc(current))
  414. panic("early LSM task alloc failed\n");
  415. cnt = 0;
  416. lsm_order_for_each(lsm) {
  417. /* skip the "early" LSMs as they have already been setup */
  418. if (cnt++ < lsm_count_early)
  419. continue;
  420. lsm_init_single(*lsm);
  421. }
  422. return 0;
  423. }
  424. /**
  425. * security_initcall_pure - Run the LSM pure initcalls
  426. */
  427. static int __init security_initcall_pure(void)
  428. {
  429. return lsm_initcall(pure);
  430. }
  431. pure_initcall(security_initcall_pure);
  432. /**
  433. * security_initcall_early - Run the LSM early initcalls
  434. */
  435. static int __init security_initcall_early(void)
  436. {
  437. return lsm_initcall(early);
  438. }
  439. early_initcall(security_initcall_early);
  440. /**
  441. * security_initcall_core - Run the LSM core initcalls
  442. */
  443. static int __init security_initcall_core(void)
  444. {
  445. int rc_sfs, rc_lsm;
  446. rc_sfs = securityfs_init();
  447. rc_lsm = lsm_initcall(core);
  448. return (rc_sfs ? rc_sfs : rc_lsm);
  449. }
  450. core_initcall(security_initcall_core);
  451. /**
  452. * security_initcall_subsys - Run the LSM subsys initcalls
  453. */
  454. static int __init security_initcall_subsys(void)
  455. {
  456. return lsm_initcall(subsys);
  457. }
  458. subsys_initcall(security_initcall_subsys);
  459. /**
  460. * security_initcall_fs - Run the LSM fs initcalls
  461. */
  462. static int __init security_initcall_fs(void)
  463. {
  464. return lsm_initcall(fs);
  465. }
  466. fs_initcall(security_initcall_fs);
  467. /**
  468. * security_initcall_device - Run the LSM device initcalls
  469. */
  470. static int __init security_initcall_device(void)
  471. {
  472. return lsm_initcall(device);
  473. }
  474. device_initcall(security_initcall_device);
  475. /**
  476. * security_initcall_late - Run the LSM late initcalls
  477. */
  478. static int __init security_initcall_late(void)
  479. {
  480. int rc;
  481. rc = lsm_initcall(late);
  482. lsm_pr_dbg("all enabled LSMs fully activated\n");
  483. call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);
  484. return rc;
  485. }
  486. late_initcall(security_initcall_late);