From patchwork Thu Oct 13 22:36:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2429 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510804wrs; Thu, 13 Oct 2022 15:39:54 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5DaSX0pospmEh+VAdP4rHaszBS66mnFavMhXF2IByQlZ3bL6og39obT+iZmFujEpw5UKB+ X-Received: by 2002:a05:6402:27c8:b0:458:ecf7:7248 with SMTP id c8-20020a05640227c800b00458ecf77248mr1737198ede.67.1665700793836; Thu, 13 Oct 2022 15:39:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700793; cv=none; d=google.com; s=arc-20160816; b=D7Z69it6BEN/dUDWecfWumWFkUKrjPa2idT/TIgPky7xdZEnFwHFzxcJT5b8AS6HdG G88lY3jsNqki6aC9RTwWYTJ6xvKmBNssaZFwDIm0XEBnWB6+Z/vzHf6gBb2MuHNzmUvL TPeNYFbOb20X7ZNBgsa18NHz0OljNCXKVvdaHo6ZkXULZqKNHl25AghuvlFpDWqqTRxr taYARB4g9QhViXj0GFwKzi/c85syszfAAK4XVmfaMR/P6ys/P2eIrLlMaIo1f4xzwGEc 5nv3yYMRXUr5wOarZtr+D8BFag9XfWL/9je2Qvq5a58pr4dfhchVg+mpSeGqUbTgRcFj MElw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=EEm2lN8fJs/PQxcZ9et4pJZLrPdDPlOxYZTs4CfWAYjww1FGut/fQEhxW1y6EFP14Y 9BJXZ69XVJLLeIMozVRBk2F53ntYsQeGI7MUVH97b3u4Bzw+yYcVAp4TuLlOk9OM37V+ URP8C+sr2XLLvEekNed2MWOTsbGW8yD4cYHWZD5+c9aOsubl67HJYeCuY5ZXTPsMokKq NfkR6nq7hcpZtOYaYRRH4ko3rQdu52yEF1zQZb/Jv5q5jXlsxNSFzgUzeUQ3XuIebRcS jO6BcbWYTmF6W5KgD7jgznShcizrlyGZ0NPvwkjj8LA7VNf1bPHGjOTa0mljZfpuVDL8 JlUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QYx587gs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r11-20020a170906704b00b0078d44b51f66si671909ejj.1008.2022.10.13.15.39.27; Thu, 13 Oct 2022 15:39:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QYx587gs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229894AbiJMWhl (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229797AbiJMWhI (ORCPT ); Thu, 13 Oct 2022 18:37:08 -0400 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1074153821 for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id r18so2741408pgr.12 for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=QYx587gsPoZ2Rt2D31lwneKBIE0nlruGRbmbSxEd/wU1/e+ZARKYeK3iBavfszJMpM 1rdsc3DARoEg5VnS/veGem8AflPWSHFlpLtT8GshvYDBN7qk5Mr4i5Pqa0foKF19eZSx b8TpbYuA0q39bY4XbbSsFmEZKiZC2QIMQjSrk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=c+FAsR/eMuUa15yhpnhXvI8Ek17iKV2hI0AnAkx70Hl6+2jEDw+lez56i5xjpl8ZDT hn+ysuhNqDNFuOnfvnT1upo6B3U3kgW7PJR6GJqTrK9lxVAiJ1EjCwGzOHziN4AUWSn/ d4z6P1pKP2jdxhc7EvXbmhjuO9044S+dXiQCVN7F2p50KL/ILWDII6kxV9ugTJ+5D8Ac oMfWRIy+M3HWz1hcqp5+xfk6P4UxfSrZhipXdlhsSJTx8ir72cVfEVJzht1XcgoWf7ML 2oe6stlBiU0TYEpVSnRMG5pAxFyFcNBzFPrjl6LM6uI6w7RopMv9FeTtunK3xi/4sYlM E4Cg== X-Gm-Message-State: ACrzQf0ZxsvYzDOcClxQUKWMNxMqAupnaIkZ5/6taqke5ndNUa//YdHR qFjmpjCEGPLDbWAy8DGAWvEydw== X-Received: by 2002:a05:6a00:2393:b0:566:813c:ae26 with SMTP id f19-20020a056a00239300b00566813cae26mr185199pfc.8.1665700621319; Thu, 13 Oct 2022 15:37:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q6-20020a170902f78600b001769cfa5cd4sm356820pln.49.2022.10.13.15.36.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 6/9] fs: Introduce file_to_perms() helper Date: Thu, 13 Oct 2022 15:36:51 -0700 Message-Id: <20221013223654.659758-6-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2624; h=from:subject; bh=kHSufPh8mIo/bjTRCkWIphPq0T9RFTX/D7KSIVqq6E4=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMFgxBLCCrCvM8fbbAU6HUNSc0X+NBZd2coINEr PLUeV+uJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBQAKCRCJcvTf3G3AJuVVD/ 9dmweB5gcNNSwinfSOe+1SYjVoMp4pO/YbGKyzqp9iSQDnAu53m7/BKTysFNovCaUKyEh7197U6MUp LUlQFWZ0CQWe0ka2lwW89FLpkV2OI0Bd6U3SUeprwQa2Xm1ttkhbUuoUCH+IPzzpntm5qSaJ99vZcS zymhCi9swcwU28oJ6sd46pKWNe8UCm1d19nZbAFtIX17D07kJ026Aj8ODCCy2P6nMrLAGUJmaLkx9r 0+pX3zQpYs64lI1r953yaxCB/BIlz1RJrnyT1mz8fGVAH55bKakonK2JEd9CRd8KGNa+kRc83RDhA4 lFPpkEh/aNMoSXbYKrfc8SkyyDTOXJ5vDZ2KCWLZdwQIpac0vqg1CLH9N2sm0W6TckUP7vPvOmOM4Z f5eTZrLB84wp0DHMJCXrRZO79S56OiUwLCarTCtv0f5BZpgnThuf6BYDrLC054KiryunDIv2oAklMu p0Khd4nmP2MDptUEyCH2zfVmqZu9uoljoXA/Ry+tm/0Az96oaddZz6DS+mNs/sI8Q/F7PVMSVWbgGP 3Xow9kjRWe1Gybq5wjsfkZS/r7XPQih8TCBKJY7MBEguI9la9e/RULiGW2vtROMTuQ20u2IoU9zcp4 bpHEEfkAQeBR301m7ACV50ZLukKFNsCdbLDykTL4Q/jWHPFmMvi0iMknRKZw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613875149623390?= X-GMAIL-MSGID: =?utf-8?q?1746613875149623390?= Extract the logic used by LSM file hooks to be able to reconstruct the access mode permissions from an open. Cc: John Johansen Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/fs.h | 22 ++++++++++++++++++++++ security/apparmor/include/file.h | 18 ++++-------------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 9eced4cc286e..814f10d4132e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -993,6 +993,28 @@ static inline struct file *get_file(struct file *f) #define get_file_rcu(x) atomic_long_inc_not_zero(&(x)->f_count) #define file_count(x) atomic_long_read(&(x)->f_count) +/* Calculate the basic MAY_* flags needed for a given file. */ +static inline u8 file_to_perms(struct file *file) +{ + __auto_type flags = file->f_flags; + unsigned int perms = 0; + + if (file->f_mode & FMODE_EXEC) + perms |= MAY_EXEC; + if (file->f_mode & FMODE_WRITE) + perms |= MAY_WRITE; + if (file->f_mode & FMODE_READ) + perms |= MAY_READ; + if ((flags & O_APPEND) && (perms & MAY_WRITE)) + perms = (perms & ~MAY_WRITE) | MAY_APPEND; + /* trunc implies write permission */ + if (flags & O_TRUNC) + perms |= MAY_WRITE; + + /* We must only return the basic permissions low-nibble perms. */ + return (perms | (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)); +} + #define MAX_NON_LFS ((1UL<<31) - 1) /* Page cache limit. The filesystems should put that into their s_maxbytes diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 029cb20e322d..505d6da02af3 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -218,20 +218,10 @@ static inline void aa_free_file_rules(struct aa_file_rules *rules) */ static inline u32 aa_map_file_to_perms(struct file *file) { - int flags = file->f_flags; - u32 perms = 0; - - if (file->f_mode & FMODE_WRITE) - perms |= MAY_WRITE; - if (file->f_mode & FMODE_READ) - perms |= MAY_READ; - - if ((flags & O_APPEND) && (perms & MAY_WRITE)) - perms = (perms & ~MAY_WRITE) | MAY_APPEND; - /* trunc implies write permission */ - if (flags & O_TRUNC) - perms |= MAY_WRITE; - if (flags & O_CREAT) + u32 perms = file_to_perms(file); + + /* Also want to check O_CREAT */ + if (file->f_flags & O_CREAT) perms |= AA_MAY_CREATE; return perms;