starnix_core/security/mod.rs
1// Copyright 2024 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5//! This module provides types and hook APIs supporting Linux Security Modules
6//! functionality in Starnix. LSM provides a generic set of hooks, and opaque
7//! types, used to decouple the rest of the kernel from the details of any
8//! specific security enforcement subsystem (e.g. SELinux, POSIX.1e, etc).
9//!
10//! Although this module is hard-wired to the SELinux implementation, callers
11//! should treat the types as opaque; hook implementations necessarily have access
12//! to kernel structures, but not the other way around.
13
14use selinux::{SecurityId, SecurityServer};
15use std::sync::Arc;
16
17/// SELinux implementations called by the LSM hooks.
18mod selinux_hooks;
19pub use selinux_hooks::audit::Auditable;
20
21/// Common capabilities hook implementations called by the LSM hooks.
22mod common_cap;
23
24/// YAMA hook implementations used to restirct ptrace access.
25pub mod yama;
26
27/// Linux Security Modules hooks for use within the Starnix kernel.
28mod hooks;
29pub use hooks::*;
30
31/// Audit logging to be used from different kernel components
32mod audit;
33pub use audit::*;
34
35/// Opaque structure encapsulating security subsystem state for the whole system.
36pub struct KernelState {
37 state: Option<selinux_hooks::KernelState>,
38}
39
40impl KernelState {
41 pub fn access_denial_count(&self) -> u64 {
42 self.state.as_ref().map_or(0u64, |state| state.access_denial_count())
43 }
44}
45
46/// Structure holding security state associated with a `ResolvedElf` instance.
47/// TODO(https://fxbug.dev/378835222): Consider restructuring hook calls so that
48/// the kernel does not need to depend on the contents of this struct.
49#[derive(Clone, Debug, PartialEq)]
50pub struct ResolvedElfState {
51 sid: Option<SecurityId>,
52 /// Whether SELinux requires that this executable runs in secure mode.
53 require_secure_exec: bool,
54}
55
56impl ResolvedElfState {
57 pub fn require_secure_exec(&self) -> bool {
58 self.require_secure_exec
59 }
60}
61
62/// The opaque type used by [`crate::vfs::FsNodeInfo`] to store security state.
63#[derive(Debug, Default)]
64pub struct FsNodeState(selinux_hooks::FsNodeState);
65
66/// Opaque structure holding security state for a [`binderfs::BinderConnection`].
67#[derive(Debug)]
68pub struct BinderConnectionState {
69 state: selinux_hooks::BinderConnectionState,
70}
71
72/// Opaque structure holding security state for a [`crate::vfs::socket::Socket`].
73#[derive(Debug, Default)]
74pub struct SocketState {
75 state: selinux_hooks::SocketState,
76}
77
78/// Opaque structure holding security state for a [`crate::vfs::FileObject`].
79#[derive(Debug)]
80pub struct FileObjectState {
81 state: selinux_hooks::FileObjectState,
82}
83
84/// Opaque structure holding security state for a [`crate::vfs::FileSystem`].
85#[derive(Debug)]
86pub struct FileSystemState {
87 state: selinux_hooks::FileSystemState,
88}
89
90/// Opaque structure holding security state for a bpf [`ebpf_api::maps::Map`].
91#[derive(Debug)]
92pub struct BpfMapState {
93 state: selinux_hooks::BpfMapState,
94}
95
96/// Opaque structure holding security state for a bpf [`crate::bpf::program::Program`].
97#[derive(Debug)]
98pub struct BpfProgState {
99 state: selinux_hooks::BpfProgState,
100}
101
102/// Opaque structure holding security state for a PerfEventFileState.
103#[derive(Debug)]
104pub struct PerfEventState {
105 state: selinux_hooks::PerfEventState,
106}