diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/asm-generic/vmlinux.lds.h | 8 | ||||
| -rw-r--r-- | include/linux/acpi.h | 6 | ||||
| -rw-r--r-- | include/linux/ima.h | 9 | ||||
| -rw-r--r-- | include/linux/kexec.h | 4 | ||||
| -rw-r--r-- | include/linux/lsm_hooks.h | 13 | ||||
| -rw-r--r-- | include/linux/security.h | 59 |
6 files changed, 96 insertions, 3 deletions
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index cd28f63bfbc7..dae64600ccbf 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h | |||
| @@ -215,8 +215,13 @@ | |||
| 215 | __start_lsm_info = .; \ | 215 | __start_lsm_info = .; \ |
| 216 | KEEP(*(.lsm_info.init)) \ | 216 | KEEP(*(.lsm_info.init)) \ |
| 217 | __end_lsm_info = .; | 217 | __end_lsm_info = .; |
| 218 | #define EARLY_LSM_TABLE() . = ALIGN(8); \ | ||
| 219 | __start_early_lsm_info = .; \ | ||
| 220 | KEEP(*(.early_lsm_info.init)) \ | ||
| 221 | __end_early_lsm_info = .; | ||
| 218 | #else | 222 | #else |
| 219 | #define LSM_TABLE() | 223 | #define LSM_TABLE() |
| 224 | #define EARLY_LSM_TABLE() | ||
| 220 | #endif | 225 | #endif |
| 221 | 226 | ||
| 222 | #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name) | 227 | #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name) |
| @@ -627,7 +632,8 @@ | |||
| 627 | ACPI_PROBE_TABLE(timer) \ | 632 | ACPI_PROBE_TABLE(timer) \ |
| 628 | THERMAL_TABLE(governor) \ | 633 | THERMAL_TABLE(governor) \ |
| 629 | EARLYCON_TABLE() \ | 634 | EARLYCON_TABLE() \ |
| 630 | LSM_TABLE() | 635 | LSM_TABLE() \ |
| 636 | EARLY_LSM_TABLE() | ||
| 631 | 637 | ||
| 632 | #define INIT_TEXT \ | 638 | #define INIT_TEXT \ |
| 633 | *(.init.text .init.text.*) \ | 639 | *(.init.text .init.text.*) \ |
diff --git a/include/linux/acpi.h b/include/linux/acpi.h index 978cc239f23b..8b4e516bac00 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h | |||
| @@ -643,6 +643,12 @@ bool acpi_gtdt_c3stop(int type); | |||
| 643 | int acpi_arch_timer_mem_init(struct arch_timer_mem *timer_mem, int *timer_count); | 643 | int acpi_arch_timer_mem_init(struct arch_timer_mem *timer_mem, int *timer_count); |
| 644 | #endif | 644 | #endif |
| 645 | 645 | ||
| 646 | #ifndef ACPI_HAVE_ARCH_SET_ROOT_POINTER | ||
| 647 | static inline void acpi_arch_set_root_pointer(u64 addr) | ||
| 648 | { | ||
| 649 | } | ||
| 650 | #endif | ||
| 651 | |||
| 646 | #ifndef ACPI_HAVE_ARCH_GET_ROOT_POINTER | 652 | #ifndef ACPI_HAVE_ARCH_GET_ROOT_POINTER |
| 647 | static inline u64 acpi_arch_get_root_pointer(void) | 653 | static inline u64 acpi_arch_get_root_pointer(void) |
| 648 | { | 654 | { |
diff --git a/include/linux/ima.h b/include/linux/ima.h index a20ad398d260..1c37f17f7203 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h | |||
| @@ -131,4 +131,13 @@ static inline int ima_inode_removexattr(struct dentry *dentry, | |||
| 131 | return 0; | 131 | return 0; |
| 132 | } | 132 | } |
| 133 | #endif /* CONFIG_IMA_APPRAISE */ | 133 | #endif /* CONFIG_IMA_APPRAISE */ |
| 134 | |||
| 135 | #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) | ||
| 136 | extern bool ima_appraise_signature(enum kernel_read_file_id func); | ||
| 137 | #else | ||
| 138 | static inline bool ima_appraise_signature(enum kernel_read_file_id func) | ||
| 139 | { | ||
| 140 | return false; | ||
| 141 | } | ||
| 142 | #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ | ||
| 134 | #endif /* _LINUX_IMA_H */ | 143 | #endif /* _LINUX_IMA_H */ |
diff --git a/include/linux/kexec.h b/include/linux/kexec.h index cc162f3e6461..1776eb2e43a4 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h | |||
| @@ -125,7 +125,7 @@ typedef void *(kexec_load_t)(struct kimage *image, char *kernel_buf, | |||
| 125 | unsigned long cmdline_len); | 125 | unsigned long cmdline_len); |
| 126 | typedef int (kexec_cleanup_t)(void *loader_data); | 126 | typedef int (kexec_cleanup_t)(void *loader_data); |
| 127 | 127 | ||
| 128 | #ifdef CONFIG_KEXEC_VERIFY_SIG | 128 | #ifdef CONFIG_KEXEC_SIG |
| 129 | typedef int (kexec_verify_sig_t)(const char *kernel_buf, | 129 | typedef int (kexec_verify_sig_t)(const char *kernel_buf, |
| 130 | unsigned long kernel_len); | 130 | unsigned long kernel_len); |
| 131 | #endif | 131 | #endif |
| @@ -134,7 +134,7 @@ struct kexec_file_ops { | |||
| 134 | kexec_probe_t *probe; | 134 | kexec_probe_t *probe; |
| 135 | kexec_load_t *load; | 135 | kexec_load_t *load; |
| 136 | kexec_cleanup_t *cleanup; | 136 | kexec_cleanup_t *cleanup; |
| 137 | #ifdef CONFIG_KEXEC_VERIFY_SIG | 137 | #ifdef CONFIG_KEXEC_SIG |
| 138 | kexec_verify_sig_t *verify_sig; | 138 | kexec_verify_sig_t *verify_sig; |
| 139 | #endif | 139 | #endif |
| 140 | }; | 140 | }; |
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 3fced5824aee..a3763247547c 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h | |||
| @@ -1449,6 +1449,11 @@ | |||
| 1449 | * @bpf_prog_free_security: | 1449 | * @bpf_prog_free_security: |
| 1450 | * Clean up the security information stored inside bpf prog. | 1450 | * Clean up the security information stored inside bpf prog. |
| 1451 | * | 1451 | * |
| 1452 | * @locked_down | ||
| 1453 | * Determine whether a kernel feature that potentially enables arbitrary | ||
| 1454 | * code execution in kernel space should be permitted. | ||
| 1455 | * | ||
| 1456 | * @what: kernel feature being accessed | ||
| 1452 | */ | 1457 | */ |
| 1453 | union security_list_options { | 1458 | union security_list_options { |
| 1454 | int (*binder_set_context_mgr)(struct task_struct *mgr); | 1459 | int (*binder_set_context_mgr)(struct task_struct *mgr); |
| @@ -1812,6 +1817,7 @@ union security_list_options { | |||
| 1812 | int (*bpf_prog_alloc_security)(struct bpf_prog_aux *aux); | 1817 | int (*bpf_prog_alloc_security)(struct bpf_prog_aux *aux); |
| 1813 | void (*bpf_prog_free_security)(struct bpf_prog_aux *aux); | 1818 | void (*bpf_prog_free_security)(struct bpf_prog_aux *aux); |
| 1814 | #endif /* CONFIG_BPF_SYSCALL */ | 1819 | #endif /* CONFIG_BPF_SYSCALL */ |
| 1820 | int (*locked_down)(enum lockdown_reason what); | ||
| 1815 | }; | 1821 | }; |
| 1816 | 1822 | ||
| 1817 | struct security_hook_heads { | 1823 | struct security_hook_heads { |
| @@ -2053,6 +2059,7 @@ struct security_hook_heads { | |||
| 2053 | struct hlist_head bpf_prog_alloc_security; | 2059 | struct hlist_head bpf_prog_alloc_security; |
| 2054 | struct hlist_head bpf_prog_free_security; | 2060 | struct hlist_head bpf_prog_free_security; |
| 2055 | #endif /* CONFIG_BPF_SYSCALL */ | 2061 | #endif /* CONFIG_BPF_SYSCALL */ |
| 2062 | struct hlist_head locked_down; | ||
| 2056 | } __randomize_layout; | 2063 | } __randomize_layout; |
| 2057 | 2064 | ||
| 2058 | /* | 2065 | /* |
| @@ -2111,12 +2118,18 @@ struct lsm_info { | |||
| 2111 | }; | 2118 | }; |
| 2112 | 2119 | ||
| 2113 | extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; | 2120 | extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; |
| 2121 | extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; | ||
| 2114 | 2122 | ||
| 2115 | #define DEFINE_LSM(lsm) \ | 2123 | #define DEFINE_LSM(lsm) \ |
| 2116 | static struct lsm_info __lsm_##lsm \ | 2124 | static struct lsm_info __lsm_##lsm \ |
| 2117 | __used __section(.lsm_info.init) \ | 2125 | __used __section(.lsm_info.init) \ |
| 2118 | __aligned(sizeof(unsigned long)) | 2126 | __aligned(sizeof(unsigned long)) |
| 2119 | 2127 | ||
| 2128 | #define DEFINE_EARLY_LSM(lsm) \ | ||
| 2129 | static struct lsm_info __early_lsm_##lsm \ | ||
| 2130 | __used __section(.early_lsm_info.init) \ | ||
| 2131 | __aligned(sizeof(unsigned long)) | ||
| 2132 | |||
| 2120 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 2133 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| 2121 | /* | 2134 | /* |
| 2122 | * Assuring the safety of deleting a security module is up to | 2135 | * Assuring the safety of deleting a security module is up to |
diff --git a/include/linux/security.h b/include/linux/security.h index ace6fdb604f9..a8d59d612d27 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -77,6 +77,54 @@ enum lsm_event { | |||
| 77 | LSM_POLICY_CHANGE, | 77 | LSM_POLICY_CHANGE, |
| 78 | }; | 78 | }; |
| 79 | 79 | ||
| 80 | /* | ||
| 81 | * These are reasons that can be passed to the security_locked_down() | ||
| 82 | * LSM hook. Lockdown reasons that protect kernel integrity (ie, the | ||
| 83 | * ability for userland to modify kernel code) are placed before | ||
| 84 | * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel | ||
| 85 | * confidentiality (ie, the ability for userland to extract | ||
| 86 | * information from the running kernel that would otherwise be | ||
| 87 | * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX. | ||
| 88 | * | ||
| 89 | * LSM authors should note that the semantics of any given lockdown | ||
| 90 | * reason are not guaranteed to be stable - the same reason may block | ||
| 91 | * one set of features in one kernel release, and a slightly different | ||
| 92 | * set of features in a later kernel release. LSMs that seek to expose | ||
| 93 | * lockdown policy at any level of granularity other than "none", | ||
| 94 | * "integrity" or "confidentiality" are responsible for either | ||
| 95 | * ensuring that they expose a consistent level of functionality to | ||
| 96 | * userland, or ensuring that userland is aware that this is | ||
| 97 | * potentially a moving target. It is easy to misuse this information | ||
| 98 | * in a way that could break userspace. Please be careful not to do | ||
| 99 | * so. | ||
| 100 | * | ||
| 101 | * If you add to this, remember to extend lockdown_reasons in | ||
| 102 | * security/lockdown/lockdown.c. | ||
| 103 | */ | ||
| 104 | enum lockdown_reason { | ||
| 105 | LOCKDOWN_NONE, | ||
| 106 | LOCKDOWN_MODULE_SIGNATURE, | ||
| 107 | LOCKDOWN_DEV_MEM, | ||
| 108 | LOCKDOWN_KEXEC, | ||
| 109 | LOCKDOWN_HIBERNATION, | ||
| 110 | LOCKDOWN_PCI_ACCESS, | ||
| 111 | LOCKDOWN_IOPORT, | ||
| 112 | LOCKDOWN_MSR, | ||
| 113 | LOCKDOWN_ACPI_TABLES, | ||
| 114 | LOCKDOWN_PCMCIA_CIS, | ||
| 115 | LOCKDOWN_TIOCSSERIAL, | ||
| 116 | LOCKDOWN_MODULE_PARAMETERS, | ||
| 117 | LOCKDOWN_MMIOTRACE, | ||
| 118 | LOCKDOWN_DEBUGFS, | ||
| 119 | LOCKDOWN_INTEGRITY_MAX, | ||
| 120 | LOCKDOWN_KCORE, | ||
| 121 | LOCKDOWN_KPROBES, | ||
| 122 | LOCKDOWN_BPF_READ, | ||
| 123 | LOCKDOWN_PERF, | ||
| 124 | LOCKDOWN_TRACEFS, | ||
| 125 | LOCKDOWN_CONFIDENTIALITY_MAX, | ||
| 126 | }; | ||
| 127 | |||
| 80 | /* These functions are in security/commoncap.c */ | 128 | /* These functions are in security/commoncap.c */ |
| 81 | extern int cap_capable(const struct cred *cred, struct user_namespace *ns, | 129 | extern int cap_capable(const struct cred *cred, struct user_namespace *ns, |
| 82 | int cap, unsigned int opts); | 130 | int cap, unsigned int opts); |
| @@ -195,6 +243,7 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb); | |||
| 195 | 243 | ||
| 196 | /* prototypes */ | 244 | /* prototypes */ |
| 197 | extern int security_init(void); | 245 | extern int security_init(void); |
| 246 | extern int early_security_init(void); | ||
| 198 | 247 | ||
| 199 | /* Security operations */ | 248 | /* Security operations */ |
| 200 | int security_binder_set_context_mgr(struct task_struct *mgr); | 249 | int security_binder_set_context_mgr(struct task_struct *mgr); |
| @@ -392,6 +441,7 @@ void security_inode_invalidate_secctx(struct inode *inode); | |||
| 392 | int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); | 441 | int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); |
| 393 | int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); | 442 | int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); |
| 394 | int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); | 443 | int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); |
| 444 | int security_locked_down(enum lockdown_reason what); | ||
| 395 | #else /* CONFIG_SECURITY */ | 445 | #else /* CONFIG_SECURITY */ |
| 396 | 446 | ||
| 397 | static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) | 447 | static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) |
| @@ -423,6 +473,11 @@ static inline int security_init(void) | |||
| 423 | return 0; | 473 | return 0; |
| 424 | } | 474 | } |
| 425 | 475 | ||
| 476 | static inline int early_security_init(void) | ||
| 477 | { | ||
| 478 | return 0; | ||
| 479 | } | ||
| 480 | |||
| 426 | static inline int security_binder_set_context_mgr(struct task_struct *mgr) | 481 | static inline int security_binder_set_context_mgr(struct task_struct *mgr) |
| 427 | { | 482 | { |
| 428 | return 0; | 483 | return 0; |
| @@ -1210,6 +1265,10 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 | |||
| 1210 | { | 1265 | { |
| 1211 | return -EOPNOTSUPP; | 1266 | return -EOPNOTSUPP; |
| 1212 | } | 1267 | } |
| 1268 | static inline int security_locked_down(enum lockdown_reason what) | ||
| 1269 | { | ||
| 1270 | return 0; | ||
| 1271 | } | ||
| 1213 | #endif /* CONFIG_SECURITY */ | 1272 | #endif /* CONFIG_SECURITY */ |
| 1214 | 1273 | ||
| 1215 | #ifdef CONFIG_SECURITY_NETWORK | 1274 | #ifdef CONFIG_SECURITY_NETWORK |