security: Add TestLSM

This patch adds a simple LSM to test HMAC calculation at file creation.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>

security/Kconfig

@@ -241,6 +241,8 @@ source "security/lockdown/Kconfig"
 
 source "security/integrity/Kconfig"
 
+source "security/testlsm/Kconfig"
+
 choice
 	prompt "First legacy 'major LSM' to be initialized"
 	default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX

security/Makefile

@@ -36,3 +36,6 @@ obj-$(CONFIG_BPF_LSM)			+= bpf/
 # Object integrity file lists
 subdir-$(CONFIG_INTEGRITY)		+= integrity
 obj-$(CONFIG_INTEGRITY)			+= integrity/
+
+subdir-$(CONFIG_SECURITY_TESTLSM)	+= testlsm
+obj-$(CONFIG_SECURITY_TESTLSM)		+= testlsm/

security/testlsm/Kconfig

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config SECURITY_TESTLSM
+	bool "TestLSM"
+	depends on SECURITY
+	help
+	  This is a test LSM.

security/testlsm/Makefile

@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0-only
+CFLAGS_testlsm-xattr.o += -DTESTLSM_NAME=\"testlsm-xattr\" -DXATTR
+CFLAGS_testlsm-xattr-2.o += -DTESTLSM_NAME=\"testlsm-xattr-2\" -DXATTR
+CFLAGS_testlsm-xattr-3.o += -DTESTLSM_NAME=\"testlsm-xattr-3\" -DXATTR
+CFLAGS_testlsm-xattr-bug.o += -DTESTLSM_NAME=\"testlsm-xattr-bug\" -DXATTR -DLSMBUG
+CFLAGS_testlsm-noxattr.o += -DTESTLSM_NAME=\"testlsm-noxattr\"
+CFLAGS_testlsm-noxattr-2.o += -DTESTLSM_NAME=\"testlsm-noxattr-2\"
+CFLAGS_testlsm-noxattr-3.o += -DTESTLSM_NAME=\"testlsm-noxattr-3\"
+
+obj-$(CONFIG_SECURITY_TESTLSM) += testlsm-xattr.o testlsm-xattr-2.o \
+				  testlsm-xattr-3.o testlsm-xattr-bug.o \
+				  testlsm-noxattr.o testlsm-noxattr-2.o \
+				  testlsm-noxattr-3.o

security/testlsm/testlsm-noxattr-2.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-noxattr-3.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-noxattr.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-xattr-2.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-xattr-3.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-xattr-bug.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm-xattr.c

@@ -0,0 +1 @@
+testlsm.c

security/testlsm/testlsm.c

@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * TestLSM
+ *
+ * Copyright 2021 Huawei Technologies Duesseldorf GmbH
+ *
+ * Author: Roberto Sassu <roberto.sassu@huawei.com>
+ */
+
+#define pr_fmt(fmt) "TestLSM: " fmt
+
+#include <linux/lsm_hooks.h>
+#include <linux/xattr.h>
+
+#define XATTR_TESTLSM_SUFFIX TESTLSM_NAME
+#define XATTR_NAME_TESTLSM XATTR_SECURITY_PREFIX TESTLSM_NAME
+
+#define IMA_UUID "28b23254-9467-44c0-b6ba-34b12e85a26d"
+#define IMA_UUID2 "28b23254-9467-44c0-b6ba-34b12e85a26e"
+
+static int testlsm_inode_init_security(struct inode *inode,
+				struct inode *dir, const struct qstr *qstr,
+				const char **name, void **value, size_t *len,
+				struct xattr *lsm_xattrs)
+{
+#ifdef LSMBUG
+	uuid_t ima_uuid, ima_uuid2;
+#endif
+	int ret = -EOPNOTSUPP;
+#ifdef XATTR
+	if (name)
+		*name = lsm_xattrs ? XATTR_TESTLSM_SUFFIX : XATTR_NAME_TESTLSM;
+#ifdef LSMBUG
+	ret = uuid_parse(IMA_UUID, &ima_uuid);
+	if (ret < 0)
+		return ret;
+
+	ret = uuid_parse(IMA_UUID2, &ima_uuid2);
+	if (ret < 0)
+		return ret;
+
+	if (uuid_equal(&ima_uuid, &inode->i_sb->s_uuid) ||
+	   !strcmp(inode->i_sb->s_type->name, "reiserfs"))
+		return 0;
+#endif
+	if (value && len) {
+		*value = kstrdup(TESTLSM_NAME, GFP_NOFS);
+		if (!*value)
+			return -ENOMEM;
+
+		*len = sizeof(TESTLSM_NAME);
+	}
+
+	ret = 0;
+#endif
+	return ret;
+}
+
+static struct security_hook_list testlsm_hook[] __lsm_ro_after_init = {
+	LSM_HOOK_INIT(inode_init_security, testlsm_inode_init_security),
+};
+
+static int __init testlsm_init(void)
+{
+	security_add_hooks(testlsm_hook, ARRAY_SIZE(testlsm_hook),
+			   TESTLSM_NAME);
+	return 0;
+}
+
+DEFINE_LSM(testlsm) = {
+	.name = TESTLSM_NAME,
+	.init = testlsm_init,
+};