From patchwork Mon Jan 15 18:17:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 188307 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2614:b0:101:6a76:bbe3 with SMTP id mm20csp1879875dyc; Mon, 15 Jan 2024 10:42:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IHfTMkVOVYAFcqUODVCB+7Ws03E6dhxcHB6qJIdARnSBQAimRR1qsog5uZJKQh01IUZqm6a X-Received: by 2002:a05:6870:46a9:b0:206:85d2:88f5 with SMTP id a41-20020a05687046a900b0020685d288f5mr9271198oap.63.1705344126907; Mon, 15 Jan 2024 10:42:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705344126; cv=none; d=google.com; s=arc-20160816; b=CanFjJSVr+HiVMSDJUjgVhtWm4L8npDsTdgrVRHY7CdrHIUzTxKQ8Rc9Oh0pPP8/n+ cpmUD+81XQ8Pw2C5Sl54x5+a32uov4jZTp/eSJxKXHvnWpofE6otZGwv9O2scYvtTVk+ DvFhnGjv28H4flAmR8/00djM3Yi1wtMf52bEU1avqjkfKKEBSCvbRKhRFRQ4+o+aacCY BPZB0q4+gOD0JNqMk7VIPXjxtsfJYoKcmAC+mL9KD96VMrJmfp1z6z9RZeiK3E4EvGZc Og0XNl6Fon2Soh1vuNWNmkwysJxwJY6TkxqdG+Z1r0N77k1GOXAA1qu04cLjGqRiC53A E06w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=R36XCkpoeTwbOXiJ2eYkTtCD6cNBUZdVpCYwlJoHd74=; fh=apZIBi5vaQ8Hj5PiD1njiyZXz0lfm1rYPhBE8L44ot4=; b=qvdmwHW1on9fnyeuCnE4WRhdnCmTgupfbxmZRVzp3YyrTFnpwb82AzOOt5vCVX0hg8 PgISNkgbzOHQGZVsG6q6ciqBKfDnjOVixjZIQrbEhCheVMandFjE9QQw+9fQQYyhMNjp PImEAaCX1tzdtMSsmWBfZCou1ZPtqU74neSqZmeGjIG5w+SnZOj1ZPDoeAWcUdS4A9iO ZGnm12W6p7lYimWEmtzlmgFcf/+tBuL2HAfKZkDkrVyT2vxS1P37x+YZsJVI2BTup39v 8tqEA3/SJYOUVZtiKTKgvUi6Gni36ekh9ZEO8O/RsfhQFMmiuY/gcOSxawJ1ioEFdBCq yNRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26406-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26406-ouuuleilei=gmail.com@vger.kernel.org" Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id s18-20020a635252000000b005ce19c6867bsi9307070pgl.507.2024.01.15.10.42.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 10:42:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-26406-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26406-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26406-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 77928B21917 for ; Mon, 15 Jan 2024 18:42:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 943B318E1A; Mon, 15 Jan 2024 18:41:38 +0000 (UTC) Received: from frasgout12.his.huawei.com (frasgout12.his.huawei.com [14.137.139.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC49518C01; Mon, 15 Jan 2024 18:41:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.29]) by frasgout12.his.huawei.com (SkyGuard) with ESMTP id 4TDKm50Jv9z9xxn6; Tue, 16 Jan 2024 02:04:37 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.27]) by mail.maildlp.com (Postfix) with ESMTP id 1ECF71407FA; Tue, 16 Jan 2024 02:22:43 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwDn0ia8d6VlgjybAA--.56873S5; Mon, 15 Jan 2024 19:22:42 +0100 (CET) From: Roberto Sassu To: viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de, kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, dhowells@redhat.com, jarkko@kernel.org, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, shuah@kernel.org, mic@digikod.net Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, Roberto Sassu Subject: [PATCH v9 13/25] security: Introduce file_release hook Date: Mon, 15 Jan 2024 19:17:57 +0100 Message-Id: <20240115181809.885385-14-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240115181809.885385-1-roberto.sassu@huaweicloud.com> References: <20240115181809.885385-1-roberto.sassu@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-CM-TRANSID: GxC2BwDn0ia8d6VlgjybAA--.56873S5 X-Coremail-Antispam: 1UD129KBjvJXoWxuryDJryDZw1rGryDAFW8JFb_yoW5uF1DpF Z8t3WUGF45GFy2grn7Aa9rua4fK393Kr9rWrZ5W34rtFn7Jr95GFs8Cr1UuF1DJrWkJr1v q3W2grW3Gr1DArJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUB2b4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUWw A2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVW8JVW5JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v2 6F4UJVW0owAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ew Av7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Gr0_Cr1lOx8S6xCaFVCjc4AY 6r1j6r4UM4x0Y48IcxkI7VAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7MxAIw28IcxkI7V AKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCj r7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVW8ZVWrXwCIc40Y0x0EwIxGrwCI42IY6x IIjxv20xvE14v26r4j6ryUMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UMIIF0xvE 42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVW8JVWxJwCI42IY6I8E87Iv6x kF7I0E14v26F4UJVW0obIYCTnIWIevJa73UjIFyTuYvjxUFg4SUUUUU X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQADBF1jj5iR1AAAsq X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788182922948189242 X-GMAIL-MSGID: 1788182922948189242 From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_release hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. An LSM could implement an exclusive access scheme for files, only allowing access to files that have no references. The new hook cannot return an error and cannot cause the operation to be reverted. Signed-off-by: Roberto Sassu Acked-by: Paul Moore Acked-by: Christian Brauner Reviewed-by: Stefan Berger --- fs/file_table.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 4 ++++ security/security.c | 11 +++++++++++ 4 files changed, 17 insertions(+) diff --git a/fs/file_table.c b/fs/file_table.c index de4a2915bfd4..c72dc75f2bd3 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -385,6 +385,7 @@ static void __fput(struct file *file) eventpoll_release(file); locks_remove_file(file); + security_file_release(file); ima_file_free(file); if (unlikely(file->f_flags & FASYNC)) { if (file->f_op->fasync) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index c3fecc7dcb0b..229f84ce12ae 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -173,6 +173,7 @@ LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, struct kernfs_node *kn) LSM_HOOK(int, 0, file_permission, struct file *file, int mask) LSM_HOOK(int, 0, file_alloc_security, struct file *file) +LSM_HOOK(void, LSM_RET_VOID, file_release, struct file *file) LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file) LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd, unsigned long arg) diff --git a/include/linux/security.h b/include/linux/security.h index 97f2212c13b6..2997348afcb7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -395,6 +395,7 @@ int security_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn); int security_file_permission(struct file *file, int mask); int security_file_alloc(struct file *file); +void security_file_release(struct file *file); void security_file_free(struct file *file); int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); int security_file_ioctl_compat(struct file *file, unsigned int cmd, @@ -1008,6 +1009,9 @@ static inline int security_file_alloc(struct file *file) return 0; } +static inline void security_file_release(struct file *file) +{ } + static inline void security_file_free(struct file *file) { } diff --git a/security/security.c b/security/security.c index f3d92bffd02f..7d10724872f8 100644 --- a/security/security.c +++ b/security/security.c @@ -2724,6 +2724,17 @@ int security_file_alloc(struct file *file) return rc; } +/** + * security_file_release() - Perform actions before releasing the file ref + * @file: the file + * + * Perform actions before releasing the last reference to a file. + */ +void security_file_release(struct file *file) +{ + call_void_hook(file_release, file); +} + /** * security_file_free() - Free a file's LSM blob * @file: the file