Re: [PATCH v5 4/8] LSM: lsm_get_self_attr syscall for LSM self attributes

From: Mickaël Salaün
Date: Tue Feb 14 2023 - 12:41:22 EST



On 09/01/2023 19:07, Casey Schaufler wrote:
Create a system call lsm_get_self_attr() to provide the security
module maintained attributes of the current process. Historically
these attributes have been exposed to user space via entries in
procfs under /proc/self/attr.

Attributes are provided as a collection of lsm_ctx structures
which are placed into a user supplied buffer. Each structure
identifys the size of the attribute, and the attribute value.
The format of the attribute value is defined by the security
module, but will always be \0 terminated. The ctx_len value
will always be strlen(ctx)+1.

---------------------------
| __u32 id |
---------------------------
| __u64 flags |
---------------------------
| __kernel_size_t ctx_len |
---------------------------
| __u8 ctx[ctx_len] |
---------------------------
| __u32 id |
---------------------------
| __u64 flags |
---------------------------
| __kernel_size_t ctx_len |
---------------------------
| __u8 ctx[ctx_len] |
---------------------------

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
---
Documentation/userspace-api/lsm.rst | 9 ++
include/linux/syscalls.h | 3 +
include/uapi/linux/lsm.h | 21 ++++
kernel/sys_ni.c | 3 +
security/Makefile | 1 +
security/lsm_syscalls.c | 182 ++++++++++++++++++++++++++++
6 files changed, 219 insertions(+)
create mode 100644 security/lsm_syscalls.c

For new files (e.g. lsm_syscalls.c), it would be nice to auto-format them with clang-format. It helps maintenance by keeping a consistent style across commits, which should also help backports, and it avoids nitpicking on style issues.