Wrap new lsm_get_self_attr and lsm_set_self_attr syscalls

Create a system call lsm_get_self_attr() to provide the security
module maintained attributes of the current process.
Create a system call lsm_set_self_attr() to set a security
module maintained attribute of the current process.
Historically these attributes have been exposed to user space via
entries in procfs under /proc/self/attr.

Declare lsm_get_self_attr and lsm_set_self_attr wrappers in
priv_syswrap-linux.h and hook it for {amd64,arm,arm64,mips64,\
ppc32,ppc64,riscv64,s390x,x86}-linux.

https://bugs.kde.org/show_bug.cgi?id=510563

diff --git a/NEWS b/NEWS
index 0702dbc94f05a5283cdf0469481b76a00b4ecc15..6583e5807c7a9426e6c33667b7075d0ae6799477 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
 487055  memcheck/tests/x86-linux/scalar fails running in Docker
 509562  s390x: Define minimum required machine model
 510416  Missing syswraps for file_getattr and file_setattr
+510563  Add missing syswraps for lsm_get_self_attr and lsm_set_self_attr
 510864  Add SSE4.1 PMAXSD and PMINSD instructions support for 32-bit x86
 511329  Darwin and FreeBSD: Move setting of carry flag out of
         ML_(do_syscall_for_client_WRK)

diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h
index 2c878c8c56918542094a049bec8d6517e5bfc54e..b02701d27b0a9387949be8051ddabbda57430ef7 100644 (file)
--- a/coregrind/m_syswrap/priv_syswrap-linux.h
+++ b/coregrind/m_syswrap/priv_syswrap-linux.h
@@ -372,6 +372,8 @@ DECL_TEMPLATE(linux, sys_statmount);
 
 // Since Linux 6.10
 DECL_TEMPLATE(linux, sys_mseal);
+DECL_TEMPLATE(linux, sys_lsm_get_self_attr);
+DECL_TEMPLATE(linux, sys_lsm_set_self_attr);
 
 // Since Linux 6.17-rc1
 DECL_TEMPLATE(linux, sys_file_getattr);

diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c
index a6e76690adaca3c10e4e31f76d39a6116b61257c..0a05d7cb51b7b8865b7d2bc668bbe0e31b4bf3ff 100644 (file)
--- a/coregrind/m_syswrap/syswrap-amd64-linux.c
+++ b/coregrind/m_syswrap/syswrap-amd64-linux.c
@@ -909,6 +909,8 @@ static SyscallTableEntry syscall_table[] = {
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
    LINXY(__NR_statmount,         sys_statmount),         // 457
    LINXY(__NR_listmount,         sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_(__NR_mseal,             sys_mseal),             // 462
    LINXY(__NR_file_getattr,      sys_file_getattr),      // 468
    LINX_(__NR_file_setattr,      sys_file_setattr),      // 469

diff --git a/coregrind/m_syswrap/syswrap-arm-linux.c b/coregrind/m_syswrap/syswrap-arm-linux.c
index b7860710c417e41f6c378ec2345c0fdedf0a4df3..e923bee9c90cbe95531b7357b819058d0ea2ff36 100644 (file)
--- a/coregrind/m_syswrap/syswrap-arm-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm-linux.c
@@ -1079,6 +1079,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
    LINXY(__NR_statmount,         sys_statmount),         // 457
    LINXY(__NR_listmount,         sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_(__NR_mseal,             sys_mseal),             // 462
    LINXY(__NR_file_getattr,      sys_file_getattr),      // 468
    LINX_(__NR_file_setattr,      sys_file_setattr),      // 469

diff --git a/coregrind/m_syswrap/syswrap-arm64-linux.c b/coregrind/m_syswrap/syswrap-arm64-linux.c
index 890bb7b8f9be697a71f5640b555f2e230f29bef5..9b6e05dbc960f86671a2a9f9a0038bf2209a1f86 100644 (file)
--- a/coregrind/m_syswrap/syswrap-arm64-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm64-linux.c
@@ -860,6 +860,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
    LINXY(__NR_statmount,         sys_statmount),         // 457
    LINXY(__NR_listmount,         sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_(__NR_mseal,             sys_mseal),             // 462
    LINXY(__NR_file_getattr,      sys_file_getattr),      // 468
    LINX_(__NR_file_setattr,      sys_file_setattr),      // 469

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 3bfbef761415726dab7b13523f7df0c1401aa5f5..7186cf0c4825e7f5e1e7ec5c670148b439351320 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -4637,6 +4637,45 @@ PRE(sys_file_setattr)
    PRE_MEM_READ("file_setattr(ufattr)", ARG3, ARG4);
 }
 
+PRE(sys_lsm_get_self_attr)
+{
+   //  * sys_lsm_get_self_attr - Return current task's security module attributes
+   //  * @attr: which attribute to return
+   //  * @ctx: the user-space destination for the information, or NULL
+   //  * @size: pointer to the size of space available to receive the data
+   //  * @flags: special handling options. LSM_FLAG_SINGLE indicates that only
+   //  * attributes associated with the LSM identified in the passed @ctx be
+   //  * reported.
+   // SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *,
+   //                 ctx, u32 __user *, size, u32, flags)
+   PRINT("sys_lsm_get_self_attr (  %#" FMT_REGWORD "x, %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %#" FMT_REGWORD "x)", ARG1, ARG2, ARG3, ARG4);
+   PRE_REG_READ4(long, "lsm_get_self_attr", unsigned int, attr, struct vki_lsm_ctx *, ctx, __vki_u32 *, size, __vki_u32, flags);
+   if (ML_(safe_to_deref)((__vki_u32 *)ARG3,sizeof(__vki_u32))) {
+      PRE_MEM_READ("lsm_get_self_attr(size)", ARG3, sizeof(__vki_u32));
+      PRE_MEM_READ("lsm_get_self_attr(ctx)", ARG2, *(__vki_u32 *)ARG3);
+   }
+}
+
+POST(sys_lsm_get_self_attr)
+{
+   POST_MEM_WRITE((Addr)ARG3, sizeof(__vki_u32));
+   POST_MEM_WRITE(ARG2, *(__vki_u32 *)ARG3);
+}
+
+PRE(sys_lsm_set_self_attr)
+{
+   //  * sys_lsm_set_self_attr - Set current task's security module attribute
+   //  * @attr: which attribute to set
+   //  * @ctx: the LSM contexts
+   //  * @size: size of @ctx
+   //  * @flags: reserved for future use
+   // SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
+   //                 ctx, u32, size, u32, flags)
+   PRINT("sys_lsm_get_self_attr (  %#" FMT_REGWORD "x, %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %#" FMT_REGWORD "x)", ARG1, ARG2, ARG3, ARG4);
+   PRE_REG_READ4(long, "lsm_set_self_attr", unsigned int, attr, struct vki_lsm_ctx *, ctx, __vki_u32 *, size, __vki_u32, flags);
+   PRE_MEM_READ("lsm_get_self_attr(ctx)", ARG2, ARG3);
+}
+
 PRE(sys_syncfs)
 {
    *flags |= SfMayBlock;

diff --git a/coregrind/m_syswrap/syswrap-mips32-linux.c b/coregrind/m_syswrap/syswrap-mips32-linux.c
index 5541f4c7231295009519a16ec5da45d3ab5124f8..43c9b861d9bb39eafd32001cd7aa962d7aa2a403 100644 (file)
--- a/coregrind/m_syswrap/syswrap-mips32-linux.c
+++ b/coregrind/m_syswrap/syswrap-mips32-linux.c
@@ -1188,6 +1188,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_(__NR_fchmodat2,               sys_fchmodat2),               // 452
    LINXY(__NR_statmount,               sys_statmount),               // 457
    LINXY(__NR_listmount,               sys_listmount),               // 458
+   LINXY(__NR_lsm_get_self_attr,       sys_lsm_get_self_attr),       // 459
+   LINX_(__NR_lsm_set_self_attr,       sys_lsm_set_self_attr),       // 460
    LINX_(__NR_mseal,                   sys_mseal),                   // 462
    LINXY(__NR_file_getattr,            sys_file_getattr),            // 468
    LINX_(__NR_file_setattr,            sys_file_setattr),            // 469

diff --git a/coregrind/m_syswrap/syswrap-mips64-linux.c b/coregrind/m_syswrap/syswrap-mips64-linux.c
index 57a522d87a9e4614844f0ecd46cff35048c68632..d78e59842b7118b7cfd6177b61f02f071a1c19d7 100644 (file)
--- a/coregrind/m_syswrap/syswrap-mips64-linux.c
+++ b/coregrind/m_syswrap/syswrap-mips64-linux.c
@@ -797,6 +797,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINXY (__NR_userfaultfd, sys_userfaultfd),
    LINXY (__NR_statmount, sys_statmount),
    LINXY (__NR_listmount, sys_listmount),
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr),
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr),
    LINX_ (__NR_mseal, sys_mseal),
    LINX_ (__NR_futex_waitv, sys_futex_waitv),
    LINXY (__NR_quotactl_fd, sys_quotactl_fd),

diff --git a/coregrind/m_syswrap/syswrap-nanomips-linux.c b/coregrind/m_syswrap/syswrap-nanomips-linux.c
index ac4d6aa7e6de5661b47a2ff8ecd8e1cbb152dd0d..e5c642572209c1c6f31ef4c241720b81dd420a13 100644 (file)
--- a/coregrind/m_syswrap/syswrap-nanomips-linux.c
+++ b/coregrind/m_syswrap/syswrap-nanomips-linux.c
@@ -823,6 +823,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_ (__NR_fchmodat2,              sys_fchmodat2),
    LINXY (__NR_statmount,              sys_statmount),
    LINXY (__NR_listmount,              sys_listmount),
+   LINXY(__NR_lsm_get_self_attr,       sys_lsm_get_self_attr),
+   LINX_(__NR_lsm_set_self_attr,       sys_lsm_set_self_attr),
    LINX_ (__NR_mseal,                  sys_mseal),
    LINX_ (__NR_futex_waitv,            sys_futex_waitv),
    LINXY (__NR_file_getattr,           sys_file_getattr),

diff --git a/coregrind/m_syswrap/syswrap-ppc32-linux.c b/coregrind/m_syswrap/syswrap-ppc32-linux.c
index d3b84a57d5a86c6f046b1339b465cebd4e036fb3..82b67afe348af2ccb7a9d2ba2125eddc0a5ec772 100644 (file)
--- a/coregrind/m_syswrap/syswrap-ppc32-linux.c
+++ b/coregrind/m_syswrap/syswrap-ppc32-linux.c
@@ -1087,6 +1087,8 @@ static SyscallTableEntry syscall_table[] = {
    LINX_ (__NR_fchmodat2,        sys_fchmodat2),         // 452
    LINXY (__NR_statmount,        sys_statmount),         // 457
    LINXY (__NR_listmount,        sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_ (__NR_mseal,            sys_mseal),             // 462
    LINXY (__NR_file_getattr,     sys_file_getattr),      // 468
    LINX_ (__NR_file_setattr,     sys_file_setattr),      // 469

diff --git a/coregrind/m_syswrap/syswrap-ppc64-linux.c b/coregrind/m_syswrap/syswrap-ppc64-linux.c
index 56b16bb8fb7d235e077e613e2c74aac66ff8c583..445ee30f39582af47a05fa6b7deac71a567dfe1f 100644 (file)
--- a/coregrind/m_syswrap/syswrap-ppc64-linux.c
+++ b/coregrind/m_syswrap/syswrap-ppc64-linux.c
@@ -1065,6 +1065,8 @@ static SyscallTableEntry syscall_table[] = {
    LINX_ (__NR_fchmodat2,        sys_fchmodat2),         // 452
    LINXY (__NR_statmount,        sys_statmount),         // 457
    LINXY (__NR_listmount,        sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_ (__NR_mseal,            sys_mseal),             // 462
    LINXY (__NR_file_getattr,     sys_file_getattr),      // 468
    LINX_ (__NR_file_setattr,     sys_file_setattr),      // 469

diff --git a/coregrind/m_syswrap/syswrap-riscv64-linux.c b/coregrind/m_syswrap/syswrap-riscv64-linux.c
index 3774c797e8a729b4b820fe5662bfde7268549b61..92e279485435eb7df544170c135c35e41d82bc94 100644 (file)
--- a/coregrind/m_syswrap/syswrap-riscv64-linux.c
+++ b/coregrind/m_syswrap/syswrap-riscv64-linux.c
@@ -608,6 +608,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_(__NR_fchmodat2, sys_fchmodat2),                           /* 452 */
    LINXY(__NR_statmount, sys_statmount),                           /* 457 */
    LINXY(__NR_listmount, sys_listmount),                           /* 458 */
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr),           /* 459 */
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr),           /* 460 */
    LINX_(__NR_mseal, sys_mseal),                                   /* 462 */
    LINXY(__NR_file_getattr, sys_file_getattr),                     /* 468 */
    LINX_(__NR_file_setattr, sys_file_setattr),                     /* 469 */

diff --git a/coregrind/m_syswrap/syswrap-s390x-linux.c b/coregrind/m_syswrap/syswrap-s390x-linux.c
index 8d45a55b1169af4faf98ec632124e64482ccb51d..0b5d436b053ca1c9b028a172815f6abd157add95 100644 (file)
--- a/coregrind/m_syswrap/syswrap-s390x-linux.c
+++ b/coregrind/m_syswrap/syswrap-s390x-linux.c
@@ -900,6 +900,8 @@ static SyscallTableEntry syscall_table[] = {
    LINX_ (__NR_fchmodat2, sys_fchmodat2),                             // 452
    LINXY (__NR_statmount, sys_statmount),                             // 457
    LINXY (__NR_listmount, sys_listmount),                             // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr),              // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr),              // 460
    LINX_ (__NR_mseal, sys_mseal),                                     // 462
    LINXY (__NR_file_getattr, sys_file_getattr),                       // 468
    LINX_ (__NR_file_setattr, sys_file_setattr),                       // 469

diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c
index b6224321f389f76ebbb0fa33c786ccdac6f749fb..1165304da3d67db91d7334dec5fcc131100d7807 100644 (file)
--- a/coregrind/m_syswrap/syswrap-x86-linux.c
+++ b/coregrind/m_syswrap/syswrap-x86-linux.c
@@ -1690,6 +1690,8 @@ static SyscallTableEntry syscall_table[] = {
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
    LINXY(__NR_statmount,         sys_statmount),         // 457
    LINXY(__NR_listmount,         sys_listmount),         // 458
+   LINXY(__NR_lsm_get_self_attr, sys_lsm_get_self_attr), // 459
+   LINX_(__NR_lsm_set_self_attr, sys_lsm_set_self_attr), // 460
    LINX_(__NR_mseal,             sys_mseal),             // 462
    LINXY(__NR_file_getattr,      sys_file_getattr),      // 468
    LINX_(__NR_file_setattr,      sys_file_setattr),      // 469

diff --git a/include/vki/vki-linux.h b/include/vki/vki-linux.h
index e0636378c4731ce17dd5f5c103afd3d786f37cea..bb6b8d72d784df97b08aa21f69be34cb4b5271d3 100644 (file)
--- a/include/vki/vki-linux.h
+++ b/include/vki/vki-linux.h
@@ -5661,6 +5661,18 @@ struct vki_dqinfo {
        __vki_u32 dqi_valid;
 };
 
+//----------------------------------------------------------------------
+// From uapi/linux/lsm.h
+//----------------------------------------------------------------------
+
+struct vki_lsm_ctx {
+       __vki_u64 id;
+       __vki_u64 flags;
+       __vki_u64 len;
+       __vki_u64 ctx_len;
+       __vki_u8 ctx[]; /* __counted_by(ctx_len); */
+};
+
 /*--------------------------------------------------------------------*/
 /*--- end                                                          ---*/
 /*--------------------------------------------------------------------*/

diff --git a/include/vki/vki-scnums-shared-linux.h b/include/vki/vki-scnums-shared-linux.h
index 704e6378cc251c20b2cc110b4e0a5a9ab36be2ad..231372af4306c15e34db059e218fbe3b5af6a94e 100644 (file)
--- a/include/vki/vki-scnums-shared-linux.h
+++ b/include/vki/vki-scnums-shared-linux.h
@@ -60,6 +60,8 @@
 #define __NR_fchmodat2         452
 #define __NR_statmount         457
 #define __NR_listmount         458
+#define __NR_lsm_get_self_attr 459
+#define __NR_lsm_set_self_attr 460
 #define __NR_mseal             462
 #define __NR_file_getattr      468
 #define __NR_file_setattr      469