https://bugs.kde.org/show_bug.cgi?id=510563
Bug ID: 510563
Summary: Add missing syswraps for lsm_get_self_attr and
lsm_set_self_attr
Classification: Developer tools
Product: valgrind
Version First 3.26 GIT
Reported In:
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
$ git tag --contains a04a1198088a1378d0389c250cc684f649bcc91e | head -1
v6.10
$
--------------------------------------------------------------------------------------------------
commit a04a1198088a1378d0389c250cc684f649bcc91e
Author: Casey Schaufler <[email protected]>
Date: Tue Sep 12 13:56:49 2023 -0700
LSM: syscalls for current process attributes
Create a system call lsm_get_self_attr() to provide the security
module maintained attributes of the current process.
Create a system call lsm_set_self_attr() to set a security
module maintained attribute of the current process.
Historically these attributes have been exposed to user space via
entries in procfs under /proc/self/attr.
The attribute value is provided in a lsm_ctx structure. The structure
identifies the size of the attribute, and the attribute value. The format
of the attribute value is defined by the security module. A flags field
is included for LSM specific information. It is currently unused and must
be 0. The total size of the data, including the lsm_ctx structure and any
padding, is maintained as well.
struct lsm_ctx {
__u64 id;
__u64 flags;
__u64 len;
__u64 ctx_len;
__u8 ctx[];
};
Two new LSM hooks are used to interface with the LSMs.
security_getselfattr() collects the lsm_ctx values from the
LSMs that support the hook, accounting for space requirements.
security_setselfattr() identifies which LSM the attribute is
intended for and passes it along.
[ ... stuff deleted ... ]
--------------------------------------------------------------------------------------------------
/**
* sys_lsm_set_self_attr - Set current task's security module attribute
* @attr: which attribute to set
* @ctx: the LSM contexts
* @size: size of @ctx
* @flags: reserved for future use
*
* Sets the calling task's LSM context. On success this function
* returns 0. If the attribute specified cannot be set a negative
* value indicating the reason for the error is returned.
*/
SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
ctx, u32, size, u32, flags)
{
return security_setselfattr(attr, ctx, size, flags);
}
/**
* sys_lsm_get_self_attr - Return current task's security module attributes
* @attr: which attribute to return
* @ctx: the user-space destination for the information, or NULL
* @size: pointer to the size of space available to receive the data
* @flags: special handling options. LSM_FLAG_SINGLE indicates that only
* attributes associated with the LSM identified in the passed @ctx be
* reported.
*
* Returns the calling task's LSM contexts. On success this
* function returns the number of @ctx array elements. This value
* may be zero if there are no LSM contexts assigned. If @size is
* insufficient to contain the return data -E2BIG is returned and
* @size is set to the minimum required size. In all other cases
* a negative value indicating the error is returned.
*/
SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *,
ctx, u32 __user *, size, u32, flags)
{
return security_getselfattr(attr, ctx, size, flags);
}
--
You are receiving this mail because:
You are watching all bug changes.
