From 23536c231026652872d17e3b6cdcbf64a07eecc7 Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@linux.microsoft.com>
Date: Tue, 13 Feb 2024 13:57:41 +0100
Subject: sys/linux: add LSM syscalls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add 3 new system calls available with Linux 6.8:
* lsm_set_self_attr()
* lsm_get_self_attr()
* lsm_list_modules()

This helped find these bugs:
https://lore.kernel.org/all/20240223190546.3329966-1-mic@digikod.net/

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
---
 sys/linux/lsm.txt       | 22 ++++++++++++++++++++++
 sys/linux/lsm.txt.const | 25 +++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 sys/linux/lsm.txt
 create mode 100644 sys/linux/lsm.txt.const

(limited to 'sys')

diff --git a/sys/linux/lsm.txt b/sys/linux/lsm.txt
new file mode 100644
index 000000000..062176b6d
--- /dev/null
+++ b/sys/linux/lsm.txt
@@ -0,0 +1,22 @@
+# Copyright 2024 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <uapi/linux/lsm.h>
+
+lsm_set_self_attr(attr flags[lsm_attr_flags], ctx ptr[in, lsm_ctx], size bytesize[ctx], flags const[0])
+lsm_get_self_attr(attr flags[lsm_attr_flags], ctx ptr[out, lsm_ctx], size ptr[inout, bytesize[ctx, intptr]], flags flags[lsm_get_self_attr_flags])
+lsm_list_modules(ids ptr[out, array[int64]], size ptr[inout, bytesize[ids, intptr]], flags const[0])
+
+lsm_ctx {
+	id	flags[lsm_id_flags, int64]
+	flags	int64
+	len	bytesize[parent, int64]
+	ctx_len	bytesize[ctx, int64]
+	ctx	array[int8]
+}
+
+lsm_attr_flags = LSM_ATTR_UNDEF, LSM_ATTR_CURRENT, LSM_ATTR_EXEC, LSM_ATTR_FSCREATE, LSM_ATTR_KEYCREATE, LSM_ATTR_PREV, LSM_ATTR_SOCKCREATE
+
+lsm_id_flags = LSM_ID_UNDEF, LSM_ID_CAPABILITY, LSM_ID_SELINUX, LSM_ID_SMACK, LSM_ID_TOMOYO, LSM_ID_APPARMOR, LSM_ID_YAMA, LSM_ID_LOADPIN, LSM_ID_SAFESETID, LSM_ID_LOCKDOWN, LSM_ID_BPF, LSM_ID_LANDLOCK
+
+lsm_get_self_attr_flags = LSM_FLAG_SINGLE
diff --git a/sys/linux/lsm.txt.const b/sys/linux/lsm.txt.const
new file mode 100644
index 000000000..aecf31e90
--- /dev/null
+++ b/sys/linux/lsm.txt.const
@@ -0,0 +1,25 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x
+LSM_ATTR_CURRENT = 100
+LSM_ATTR_EXEC = 101
+LSM_ATTR_FSCREATE = 102
+LSM_ATTR_KEYCREATE = 103
+LSM_ATTR_PREV = 104
+LSM_ATTR_SOCKCREATE = 105
+LSM_ATTR_UNDEF = 0
+LSM_FLAG_SINGLE = 1
+LSM_ID_APPARMOR = 104
+LSM_ID_BPF = 109
+LSM_ID_CAPABILITY = 100
+LSM_ID_LANDLOCK = 110
+LSM_ID_LOADPIN = 106
+LSM_ID_LOCKDOWN = 108
+LSM_ID_SAFESETID = 107
+LSM_ID_SELINUX = 101
+LSM_ID_SMACK = 102
+LSM_ID_TOMOYO = 103
+LSM_ID_UNDEF = 0
+LSM_ID_YAMA = 105
+__NR_lsm_get_self_attr = 459, mips64le:5459
+__NR_lsm_list_modules = 461, mips64le:5461
+__NR_lsm_set_self_attr = 460, mips64le:5460
-- 
cgit mrf-deployment