mirror of https://github.com/OpenIPC/firmware.git
99 lines
2.9 KiB
Diff
99 lines
2.9 KiB
Diff
diff -drupN a/security/security.c b/security/security.c
|
|
--- a/security/security.c 2018-08-06 17:23:04.000000000 +0300
|
|
+++ b/security/security.c 2022-06-12 05:28:14.000000000 +0300
|
|
@@ -11,6 +11,7 @@
|
|
* (at your option) any later version.
|
|
*/
|
|
|
|
+#include <linux/bpf.h>
|
|
#include <linux/capability.h>
|
|
#include <linux/dcache.h>
|
|
#include <linux/module.h>
|
|
@@ -20,6 +21,7 @@
|
|
#include <linux/integrity.h>
|
|
#include <linux/ima.h>
|
|
#include <linux/evm.h>
|
|
+#include <linux/fivm.h>
|
|
#include <linux/fsnotify.h>
|
|
#include <linux/mman.h>
|
|
#include <linux/mount.h>
|
|
@@ -508,6 +510,7 @@ int security_path_chown(const struct pat
|
|
return 0;
|
|
return call_int_hook(path_chown, 0, path, uid, gid);
|
|
}
|
|
+EXPORT_SYMBOL(security_path_chown);
|
|
|
|
int security_path_chroot(const struct path *path)
|
|
{
|
|
@@ -833,7 +836,10 @@ int security_mmap_file(struct file *file
|
|
{
|
|
int ret;
|
|
ret = call_int_hook(mmap_file, 0, file, prot,
|
|
- mmap_prot(file, prot), flags);
|
|
+ mmap_prot(file, prot), flags);
|
|
+ if (ret)
|
|
+ return ret;
|
|
+ ret = fivm_mmap_verify(file, prot);
|
|
if (ret)
|
|
return ret;
|
|
return ima_file_mmap(file, prot);
|
|
@@ -1589,6 +1595,37 @@ int security_audit_rule_match(u32 secid,
|
|
}
|
|
#endif /* CONFIG_AUDIT */
|
|
|
|
+#ifdef CONFIG_BPF_SYSCALL
|
|
+int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
|
|
+{
|
|
+ return call_int_hook(bpf, 0, cmd, attr, size);
|
|
+}
|
|
+int security_bpf_map(struct bpf_map *map, fmode_t fmode)
|
|
+{
|
|
+ return call_int_hook(bpf_map, 0, map, fmode);
|
|
+}
|
|
+int security_bpf_prog(struct bpf_prog *prog)
|
|
+{
|
|
+ return call_int_hook(bpf_prog, 0, prog);
|
|
+}
|
|
+int security_bpf_map_alloc(struct bpf_map *map)
|
|
+{
|
|
+ return call_int_hook(bpf_map_alloc_security, 0, map);
|
|
+}
|
|
+int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
|
|
+{
|
|
+ return call_int_hook(bpf_prog_alloc_security, 0, aux);
|
|
+}
|
|
+void security_bpf_map_free(struct bpf_map *map)
|
|
+{
|
|
+ call_void_hook(bpf_map_free_security, map);
|
|
+}
|
|
+void security_bpf_prog_free(struct bpf_prog_aux *aux)
|
|
+{
|
|
+ call_void_hook(bpf_prog_free_security, aux);
|
|
+}
|
|
+#endif /* CONFIG_BPF_SYSCALL */
|
|
+
|
|
struct security_hook_heads security_hook_heads = {
|
|
.binder_set_context_mgr =
|
|
LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
|
|
@@ -1940,4 +1977,20 @@ struct security_hook_heads security_hook
|
|
.audit_rule_free =
|
|
LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
|
|
#endif /* CONFIG_AUDIT */
|
|
+#ifdef CONFIG_BPF_SYSCALL
|
|
+ .bpf =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf),
|
|
+ .bpf_map =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_map),
|
|
+ .bpf_prog =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_prog),
|
|
+ .bpf_map_alloc_security =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_map_alloc_security),
|
|
+ .bpf_map_free_security =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_map_free_security),
|
|
+ .bpf_prog_alloc_security =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_prog_alloc_security),
|
|
+ .bpf_prog_free_security =
|
|
+ LIST_HEAD_INIT(security_hook_heads.bpf_prog_free_security),
|
|
+#endif /* CONFIG_BPF_SYSCALL */
|
|
};
|