~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/progs/test_sig_in_xattr.c

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0
  2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
  3 
  4 #include "vmlinux.h"
  5 #include <errno.h>
  6 #include <bpf/bpf_helpers.h>
  7 #include <bpf/bpf_tracing.h>
  8 #include "bpf_kfuncs.h"
  9 #include "err.h"
 10 
 11 char _license[] SEC("license") = "GPL";
 12 
 13 #ifndef SHA256_DIGEST_SIZE
 14 #define SHA256_DIGEST_SIZE      32
 15 #endif
 16 
 17 #define MAX_SIG_SIZE 1024
 18 
 19 /* By default, "fsverity sign" signs a file with fsverity_formatted_digest
 20  * of the file. fsverity_formatted_digest on the kernel side is only used
 21  * with CONFIG_FS_VERITY_BUILTIN_SIGNATURES. However, BPF LSM doesn't not
 22  * require CONFIG_FS_VERITY_BUILTIN_SIGNATURES, so vmlinux.h may not have
 23  * fsverity_formatted_digest. In this test, we intentionally avoid using
 24  * fsverity_formatted_digest.
 25  *
 26  * Luckily, fsverity_formatted_digest is simply 8-byte magic followed by
 27  * fsverity_digest. We use a char array of size fsverity_formatted_digest
 28  * plus SHA256_DIGEST_SIZE. The magic part of it is filled by user space,
 29  * and the rest of it is filled by bpf_get_fsverity_digest.
 30  *
 31  * Note that, generating signatures based on fsverity_formatted_digest is
 32  * the design choice of this selftest (and "fsverity sign"). With BPF
 33  * LSM, we have the flexibility to generate signature based on other data
 34  * sets, for example, fsverity_digest or only the digest[] part of it.
 35  */
 36 #define MAGIC_SIZE 8
 37 #define SIZEOF_STRUCT_FSVERITY_DIGEST 4  /* sizeof(struct fsverity_digest) */
 38 char digest[MAGIC_SIZE + SIZEOF_STRUCT_FSVERITY_DIGEST + SHA256_DIGEST_SIZE];
 39 
 40 __u32 monitored_pid;
 41 char sig[MAX_SIG_SIZE];
 42 __u32 sig_size;
 43 __u32 user_keyring_serial;
 44 
 45 SEC("lsm.s/file_open")
 46 int BPF_PROG(test_file_open, struct file *f)
 47 {
 48         struct bpf_dynptr digest_ptr, sig_ptr;
 49         struct bpf_key *trusted_keyring;
 50         __u32 pid;
 51         int ret;
 52 
 53         pid = bpf_get_current_pid_tgid() >> 32;
 54         if (pid != monitored_pid)
 55                 return 0;
 56 
 57         /* digest_ptr points to fsverity_digest */
 58         bpf_dynptr_from_mem(digest + MAGIC_SIZE, sizeof(digest) - MAGIC_SIZE, 0, &digest_ptr);
 59 
 60         ret = bpf_get_fsverity_digest(f, &digest_ptr);
 61         /* No verity, allow access */
 62         if (ret < 0)
 63                 return 0;
 64 
 65         /* Move digest_ptr to fsverity_formatted_digest */
 66         bpf_dynptr_from_mem(digest, sizeof(digest), 0, &digest_ptr);
 67 
 68         /* Read signature from xattr */
 69         bpf_dynptr_from_mem(sig, sizeof(sig), 0, &sig_ptr);
 70         ret = bpf_get_file_xattr(f, "user.sig", &sig_ptr);
 71         /* No signature, reject access */
 72         if (ret < 0)
 73                 return -EPERM;
 74 
 75         trusted_keyring = bpf_lookup_user_key(user_keyring_serial, 0);
 76         if (!trusted_keyring)
 77                 return -ENOENT;
 78 
 79         /* Verify signature */
 80         ret = bpf_verify_pkcs7_signature(&digest_ptr, &sig_ptr, trusted_keyring);
 81 
 82         bpf_key_put(trusted_keyring);
 83 
 84         set_if_not_errno_or_zero(ret, -EFAULT);
 85 
 86         return ret;
 87 }
 88
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php