| # Copyright 2017 syzkaller project authors. All rights reserved. |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. |
| |
| include <linux/xattr.h> |
| include <linux/uuid.h> |
| include <uapi/linux/posix_acl_xattr.h> |
| include <uapi/linux/posix_acl.h> |
| include <uapi/linux/capability.h> |
| include <security/integrity/integrity.h> |
| include <fs/overlayfs/overlayfs.h> |
| include <uapi/linux/hash_info.h> |
| |
| setxattr(path ptr[in, filename], name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) |
| lsetxattr(path ptr[in, filename], name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) |
| fsetxattr(fd fd, name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) |
| getxattr(path ptr[in, filename], name ptr[in, xattr_name], val buffer[out], size len[val]) |
| lgetxattr(path ptr[in, filename], name ptr[in, xattr_name], val buffer[out], size len[val]) |
| fgetxattr(fd fd, name ptr[in, xattr_name], val buffer[out], size len[val]) |
| listxattr(path ptr[in, filename], list buffer[out], size len[list]) |
| llistxattr(path ptr[in, filename], list buffer[out], size len[list]) |
| flistxattr(fd fd, list buffer[out], size len[list]) |
| removexattr(path ptr[in, filename], name ptr[in, xattr_name]) |
| lremovexattr(path ptr[in, filename], name ptr[in, xattr_name]) |
| fremovexattr(fd fd, name ptr[in, xattr_name]) |
| |
| xattr_name [ |
| known string[xattr_names] |
| random xattr_name_random |
| ] [varlen] |
| |
| xattr_name_random { |
| prefix stringnoz[xattr_prefix] |
| name string |
| } [packed] |
| |
| setxattr_flags = XATTR_CREATE, XATTR_REPLACE |
| |
| xattr_prefix = "system.", "trusted.", "security.", "user.", "btrfs.", "osx.", "os2." |
| |
| xattr_names = "system.posix_acl_access", "system.posix_acl_default", "system.advise", "system.sockprotoname", "com.apple.FinderInfo", "com.apple.system.Security", "user.syz", "trusted.syz", "security.apparmor", "trusted.overlay.opaque", "trusted.overlay.redirect", "trusted.overlay.origin", "trusted.overlay.impure", "trusted.overlay.nlink", "trusted.overlay.upper", "trusted.overlay.metacopy" |
| |
| setxattr$system_posix_acl(path ptr[in, filename], name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$system_posix_acl(path ptr[in, filename], name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$system_posix_acl(fd fd, name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) |
| |
| xattr_posix_acl_names = "system.posix_acl_access", "system.posix_acl_default" |
| |
| xattr_system_posix_acl_access { |
| header posix_acl_xattr_header |
| user_obj posix_acl_xattr_entry[ACL_USER_OBJ, const[0, int32]] |
| users array[posix_acl_xattr_entry[ACL_USER, uid]] |
| group_obj posix_acl_xattr_entry[ACL_GROUP_OBJ, const[0, int32]] |
| groups array[posix_acl_xattr_entry[ACL_GROUP, gid]] |
| mask posix_acl_xattr_entry[ACL_MASK, const[0, int32]] |
| other posix_acl_xattr_entry[ACL_OTHER, const[0, int32]] |
| } [packed] |
| |
| posix_acl_xattr_header { |
| a_version const[POSIX_ACL_XATTR_VERSION, int32] |
| } |
| |
| type posix_acl_xattr_entry[TAG, ID] { |
| e_tag const[TAG, int16] |
| e_perm flags[posix_acl_perm, int16] |
| e_id ID |
| } |
| |
| posix_acl_perm = ACL_READ, ACL_WRITE, ACL_EXECUTE |
| |
| setxattr$security_capability(path ptr[in, filename], name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$security_capability(path ptr[in, filename], name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$security_capability(fd fd, name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) |
| |
| vfs_cap_data_u [ |
| v1 vfs_cap_data_v1 |
| v2 vfs_cap_data |
| v3 vfs_ns_cap_data |
| ] [varlen] |
| |
| vfs_cap_data_v1 { |
| magic_etc const[VFS_CAP_REVISION_1, int32] |
| data array[vfs_cap_elem, VFS_CAP_U32_1] |
| } |
| |
| vfs_cap_data { |
| magic_etc const[VFS_CAP_REVISION_2, int32] |
| data array[vfs_cap_elem, VFS_CAP_U32_2] |
| } |
| |
| vfs_ns_cap_data { |
| magic_etc const[VFS_CAP_REVISION_3, int32] |
| data array[vfs_cap_elem, VFS_CAP_U32_3] |
| rootid uid |
| } |
| |
| vfs_cap_elem { |
| permitted int32 |
| inheritable int32 |
| } |
| |
| setxattr$security_evm(path ptr[in, filename], name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$security_evm(path ptr[in, filename], name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$security_evm(fd fd, name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| |
| setxattr$security_ima(path ptr[in, filename], name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$security_ima(path ptr[in, filename], name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$security_ima(fd fd, name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) |
| |
| evm_ima_xattr [ |
| v1 evm_ima_xattr_data |
| v2 signature_v2_hdr |
| md5 evm_ima_xattr_digest_md5 |
| sha1 evm_ima_xattr_digest_sha1 |
| ng evm_ima_xattr_digest_ng |
| ] [varlen] |
| |
| evm_ima_xattr_data { |
| type const[EVM_XATTR_HMAC, int8] |
| digest array[int8, 0:SHA1_DIGEST_SIZE] |
| } |
| |
| signature_v2_hdr { |
| type flags[evm_xattr_type, int8] |
| version int8[0:3] |
| hash_algo int8[0:HASH_ALGO__LAST] |
| keyid int32be |
| sig_size bytesize[sig, int16be] |
| sig array[int8] |
| } |
| |
| evm_xattr_type = EVM_IMA_XATTR_DIGSIG, EVM_XATTR_PORTABLE_DIGSIG |
| |
| evm_ima_xattr_digest_md5 { |
| type const[IMA_XATTR_DIGEST, int8] |
| digest array[int8, 16] |
| } |
| |
| evm_ima_xattr_digest_sha1 { |
| type const[IMA_XATTR_DIGEST, int8] |
| digest array[int8, 20] |
| } |
| |
| evm_ima_xattr_digest_ng { |
| type const[IMA_XATTR_DIGEST_NG, int8] |
| algo int8[0:HASH_ALGO__LAST] |
| digest array[int8, 0:SHA1_DIGEST_SIZE] |
| } |
| |
| setxattr$trusted_overlay_origin(path ptr[in, filename], name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$trusted_overlay_origin(path ptr[in, filename], name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$trusted_overlay_origin(fd fd, name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| |
| setxattr$trusted_overlay_opaque(path ptr[in, filename], name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$trusted_overlay_opaque(path ptr[in, filename], name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$trusted_overlay_opaque(fd fd, name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) |
| |
| setxattr$trusted_overlay_redirect(path ptr[in, filename], name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$trusted_overlay_redirect(path ptr[in, filename], name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$trusted_overlay_redirect(fd fd, name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) |
| |
| setxattr$trusted_overlay_nlink(path ptr[in, filename], name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$trusted_overlay_nlink(path ptr[in, filename], name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$trusted_overlay_nlink(fd fd, name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) |
| |
| setxattr$trusted_overlay_upper(path ptr[in, filename], name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fh], size len[val], flags flags[setxattr_flags]) |
| lsetxattr$trusted_overlay_upper(path ptr[in, filename], name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fh], size len[val], flags flags[setxattr_flags]) |
| fsetxattr$trusted_overlay_upper(fd fd, name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fh], size len[val], flags flags[setxattr_flags]) |
| |
| xattr_overlay_nlink { |
| prefix stringnoz[xattr_overlay_nlink_prefix] |
| num fmt[dec, int64] |
| } |
| |
| xattr_overlay_nlink_prefix = "U+", "U-", "L+", "L-" |
| |
| ovl_fh { |
| version const[0, int8] |
| magic const[OVL_FH_MAGIC, int8] |
| len bytesize[parent, int8] |
| flags flags[ovl_fh_flags, int8] |
| type int8 |
| uuid uuid_t |
| fid array[int8] |
| } [packed] |
| |
| type uuid_t array[int8, UUID_SIZE] |
| |
| ovl_fh_flags = OVL_FH_FLAG_BIG_ENDIAN, OVL_FH_FLAG_ANY_ENDIAN, OVL_FH_FLAG_PATH_UPPER |