From patchwork Thu Oct 13 22:36:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2425 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510349wrs; Thu, 13 Oct 2022 15:37:55 -0700 (PDT) X-Google-Smtp-Source: AMsMyM700gmKcQwY39pG+eQlntFj9VhrdTQ2ig8GRPAu1PuHk12PPKjQOKbFCntwphWizpX+dWF0 X-Received: by 2002:a17:907:1c98:b0:78d:3b08:33ef with SMTP id nb24-20020a1709071c9800b0078d3b0833efmr1454232ejc.175.1665700675276; Thu, 13 Oct 2022 15:37:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700675; cv=none; d=google.com; s=arc-20160816; b=P49cSMSUxYs20axZVECSDb/j5jF9wKxNFSu4v+oTUmjjrqA0mReoY5wH6zOuy53chY n340YkYK2IOSZcPcXzxr4Mmqscy9Ji9uHbJwrl+z1pGsedRrlXe2WCO5KjLOvhH2W9Rn cLTeze1BNSZDvHK7Nw1VeHX1c/uHz48w32/khX/n/61blafHsGTwz/rA7jqNUEk1BUoA 9AE4xAjbLhEyev5KwNW1up8xAycIYmybVzmyFLoPAEHIWHZX9iVamHv2owSvFMtKHY21 otOuzTRxnxTasPavtIbJ6Ymr++puSWDdEPvonGYLYr3CvXaoqRbBQmovD7mKIaQMLbfp h5KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eKnBh/rdccA0d/5kVDkVm6ZffK/rrsQm1/mENkeAGwY=; b=VcUM/sezRkeqvgk8b5oEa6p5mLNV+lyp5oR6baOrm/jhpQDqlZmApNHHDCCbUIRbR+ /O2HpmcbwEgp6rXHK7IRQSyeCpP61KSGrQBX7YaKf0WC+DFulP9MHypJp3Cm/Mo3SyL1 QveWhHgDuKbqKzAmj/FXlM1BN1GLbOT0iKsijTOAC06KVzRXRV6mu6j5BKBc16CrEeDy /9ZmRT4VK5drrtrDstFQ6H/hw8zd4UAfFcAhYwu1RHBK15iVMOieYjDMFGRBYt1fXrn3 lcrDXL5bFr+gKF3DiSWVpjr3wprk4Z0dmTPneBzkX5XOsGK3eCvk5m72AzwDytcLIsfB XBMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MRwg26Ds; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i5-20020a17090671c500b0077083e6dde7si721612ejk.183.2022.10.13.15.37.30; Thu, 13 Oct 2022 15:37:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MRwg26Ds; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229702AbiJMWhB (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229541AbiJMWg6 (ORCPT ); Thu, 13 Oct 2022 18:36:58 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E4EEAE84C for ; Thu, 13 Oct 2022 15:36:57 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id o9-20020a17090a0a0900b0020ad4e758b3so3136461pjo.4 for ; Thu, 13 Oct 2022 15:36:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eKnBh/rdccA0d/5kVDkVm6ZffK/rrsQm1/mENkeAGwY=; b=MRwg26DsZVrrk+VGAgo/rSdkC/qC7KiEipRVjOFTuBqV9YnpOxXq7E9su5tYXVzB5g nYaDzinYZhQP2TEUi4jYSOCbNfOziDti66Jt/gbuqcSNDZW1aI5wNfEX4pS1AlWJoAkB n3TZsGwPtpDgaZdB04jwByap6i2mjq1+rmKSE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eKnBh/rdccA0d/5kVDkVm6ZffK/rrsQm1/mENkeAGwY=; b=OM4ARGy4aaivTxkTGc93OH3qQKxHY3671GOMN5a5BuKa4u8IY8dvM34VOOVT7OtKRh Iktfxg/5UiArvaVHr4swg/qYH8dm8PY5lxNBmhexlYIMiUhlOdOBAM/pwOgxf2532W5C /MDuinMs601209JC6RaDAZgKBcu9udQi7kyfDmajDGbJabF2XSRLFhl/NV4tCuP5wZRc Mdoms+cgQcbJcMWz0wA5W2VAC5iKSliFxzMlgh3ODyaykntllpHWTwbAUdFU0hkNcpY9 dymrVyIK+uevnmUnB1Lcg/0zQfyqfE3/fPKPN09XabMplsALFDqPgpGJBCtwJ+Wxhhj0 Ds9Q== X-Gm-Message-State: ACrzQf2NFEwbevxM4zW6oERbYjmBDyFCV5vjtD+zS9CyizCdUltXr2AF sBT/VXUvrvNGrKbKLfdl8ly9oA== X-Received: by 2002:a17:90b:4b47:b0:20a:cfcb:8561 with SMTP id mi7-20020a17090b4b4700b0020acfcb8561mr2139159pjb.55.1665700616917; Thu, 13 Oct 2022 15:36:56 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q13-20020a170902dacd00b00176a715653dsm336002plx.145.2022.10.13.15.36.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:36:56 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Paul Moore , James Morris , "Serge E. Hallyn" , Dmitry Kasatkin , =?utf-8?q?Micka=C3=ABl_Sala?= =?utf-8?q?=C3=BCn?= , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 1/9] integrity: Prepare for having "ima" and "evm" available in "integrity" LSM Date: Thu, 13 Oct 2022 15:36:46 -0700 Message-Id: <20221013223654.659758-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4972; h=from:subject; bh=X25ar5cnDAOImSwIPi4dRS33/W6S8V04RVdvF3svy1g=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMEI4he7aV1fUMbAUP8+xOlSU/Mc/mejIzZVgwZ MgicjxaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBAAKCRCJcvTf3G3AJi2ID/ 9IBaUFqXWRxmua4MK2h4HUvB+6dgAfWu8nN+BNz69h5r6S4m+jTtsTJ4xDfUgtPrnzzm8Z6rL/5UzJ R1QclfS45ROQRyvcqlyzKJqsxMZIRjzbWLmW0wnmOktcinGIbcvzYoVNZHTvmD+ALd2KNfkHIrXX6J 97OKhNAwRpbcLcitq566kjcbJvGDwYdRwlUa5Ft5l3a6cGqES+sm3RSc95zLLf5UBLgFq/sVPDacYt RdKywXjefO9oqFW54hg2ehfZEHkRENdcZvfIeIrNiJibJ9KYGamJ9xAY4HEFfcCns8CVpiRjdl9dhq zmgmyFKvwDFcZWE1qwxgsuVRQDVxqKEhozcV26CoiS5SzYhZqiTEoOzNv/ZyNjVGLVIiGI3dQpggTA bckOlVsVLymnQw1ab3sddZ4I9MCjbCYTwIQBw76dqO4MfgaHbejC6naXOaI5SDxxIeH9a58xHLsnV5 OeSpsGDa4xAWuQejlQMVcJA5/CodmZiWoScJ7ALKEuLwHahBlNzxsPL48hu3zYfimHTArbc34fvgyr 5R8O7Sfp1ApmjbKchmAIfdZoK6AqzMECbgiBAAAVfIcRms6TP4OJF9O6jSPHHBzfmnk9vSJ2rMVDML y/8VotNFwVeFAazDw8bmqdealoYdhDXNGpWOoxUOSg7LufhqzZlv4hZymShA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613751529520373?= X-GMAIL-MSGID: =?utf-8?q?1746613751529520373?= Move "integrity" LSM to the end of the Kconfig list and prepare for having ima and evm LSM initialization called from the top-level "integrity" LSM. Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: "Mickaël Salaün" Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Signed-off-by: Kees Cook --- security/Kconfig | 10 +++++----- security/integrity/evm/evm_main.c | 4 ++++ security/integrity/iint.c | 17 +++++++++++++---- security/integrity/ima/ima_main.c | 4 ++++ security/integrity/integrity.h | 6 ++++++ 5 files changed, 32 insertions(+), 9 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index e6db09a779b7..d472e87a2fc4 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -246,11 +246,11 @@ endchoice config LSM string "Ordered list of enabled LSMs" - default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK - default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR - default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO - default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC - default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf,integrity" if DEFAULT_SECURITY_SMACK + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf,integrity" if DEFAULT_SECURITY_APPARMOR + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf,integrity" if DEFAULT_SECURITY_TOMOYO + default "landlock,lockdown,yama,loadpin,safesetid,bpf,integrity" if DEFAULT_SECURITY_DAC + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf,integrity" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 2e6fb6e2ffd2..1ef965089417 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -904,3 +904,7 @@ static int __init init_evm(void) } late_initcall(init_evm); + +void __init integrity_lsm_evm_init(void) +{ +} diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 8638976f7990..4f322324449d 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -18,7 +18,6 @@ #include #include #include -#include #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; @@ -172,19 +171,29 @@ static void init_once(void *foo) mutex_init(&iint->mutex); } -static int __init integrity_iintcache_init(void) +void __init integrity_add_lsm_hooks(struct security_hook_list *hooks, + int count) +{ + security_add_hooks(hooks, count, "integrity"); +} + +static int __init integrity_lsm_init(void) { iint_cache = kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), 0, SLAB_PANIC, init_once); + + integrity_lsm_ima_init(); + integrity_lsm_evm_init(); + return 0; } + DEFINE_LSM(integrity) = { .name = "integrity", - .init = integrity_iintcache_init, + .init = integrity_lsm_init, }; - /* * integrity_kernel_read - read data from the file * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 040b03ddc1c7..e617863af5ff 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1076,3 +1076,7 @@ static int __init init_ima(void) } late_initcall(init_ima); /* Start IMA after the TPM is available */ + +void __init integrity_lsm_ima_init(void) +{ +} diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 7167a6e99bdc..3707349271c9 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -18,6 +18,7 @@ #include #include #include +#include /* iint action cache flags */ #define IMA_MEASURE 0x00000001 @@ -191,6 +192,11 @@ extern struct dentry *integrity_dir; struct modsig; +void __init integrity_lsm_ima_init(void); +void __init integrity_lsm_evm_init(void); +void __init integrity_add_lsm_hooks(struct security_hook_list *hooks, + int count); + #ifdef CONFIG_INTEGRITY_SIGNATURE int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, From patchwork Thu Oct 13 22:36:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2427 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510545wrs; Thu, 13 Oct 2022 15:38:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6204paq4rVh8YJjd4lpJKNGNrsPV/SR9ikqjutKu3IjC895RMFFMcjN6nzTqrBNG+xhrks X-Received: by 2002:a05:6402:4505:b0:451:1551:7b14 with SMTP id ez5-20020a056402450500b0045115517b14mr1706496edb.300.1665700727452; Thu, 13 Oct 2022 15:38:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700727; cv=none; d=google.com; s=arc-20160816; b=pknYgA8skjaCwt7qGGPkGFhbsr2y08JucAixLT8+Ul0h2+Lh71HedwMKXh8IHE794n heP0KN+HqmuOnIYoEuF5iA2lIX4+9M0x2pGfBQgAUlJ9XqcU79IwiZx7G8WVaCNOd6X7 5jeE6WEvNKOHbAduOL3C0/d0uAPce+mabSEnKQ5pFRagSMOGicffAZIdQOxVwMDdYZ39 uzjuiZwfgeMlLw4Cc4nc7dYCLtaWHk8wspLllhJA5TkMZ1rnaPjxIWk8LoGkHERbPZ2h PZUMroZf6c/H8r9Vm9EVWQQS9Whivf4kaVws8nUD207iiq/D8GXOerDwzThyd3envaNu dm7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4QtMvi+okgythLC0BZ5AgbF6b/T036dwH9EuwQzqT3w=; b=t2xviPoTAkM3sHVqKTkbN+O42WlD6Dsx636cKXBs2BuntK74YCbdRoFxtRZ29KfKO1 xhs2r3s5klZ9OsIJdTVRE7i5/caFgo+1MoMAnJbNKFvt9JJ80+BDHcH9nMYvV3RkArsX rAOBFenES8oqT92dMNoWoi/0D8kNig1TRyOYmlsAlVan/pcN6RVNbHYiuByIrhb6aVay YutmFN5clfNScU9+R1WOS7qL5DenCv04WOe0Q8agVBM2HNIMp6uhZXgDFQFLp5VxhEWn U9KdDRiKj7RKUXVZHOOHz9uhKtmj3Lkm8WbNyzg8M4GjaA2pKak/ACkGQCW16uIVb0s5 xsCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oPHpU2FN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cs13-20020a170906dc8d00b0077b4248b138si766427ejc.127.2022.10.13.15.38.19; Thu, 13 Oct 2022 15:38:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oPHpU2FN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229780AbiJMWhR (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43528 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229683AbiJMWhD (ORCPT ); Thu, 13 Oct 2022 18:37:03 -0400 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 283ED11A975 for ; Thu, 13 Oct 2022 15:37:00 -0700 (PDT) Received: by mail-pl1-x631.google.com with SMTP id k9so2673376pll.11 for ; Thu, 13 Oct 2022 15:36:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4QtMvi+okgythLC0BZ5AgbF6b/T036dwH9EuwQzqT3w=; b=oPHpU2FNCIKE86DHkbE5v7YdCVfFxuOh2IeHYY2DreHarIwYexNLRoxwOscPXlk54Z 2XsBONOx9Ca9mdC2873canzK4z+yM15aoISs7hNWPzcT1YPJUreGCcYGFpRBB6gle9kl 5vsX6q8Bvc8b4zxMGfPt3LYcWr74dN592yUGU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4QtMvi+okgythLC0BZ5AgbF6b/T036dwH9EuwQzqT3w=; b=kALKxd81UlPRA1ISd8hEb04amHN7DcsjoEXc9rQgc2W0YriJOWWKM7VOPxrUn+/vw0 iA6GchE/H1zJPYanOpobNwI5Wu9FDZ194DQ62nJ/7Z0kiq9i1HZmeOqKc/k9unaq5JZh rZlF2uZ0LUA4MjZK/zjG4lbgobFb8DoHxPqm7sp+A3A+aulqQUdr0uEgUGg5Rvssl/u3 3RhXnvEqvLkAbb+Bu64z/JxsRMv6gVNrjkd8ADiRGvFKzAahizm9ZDRqToQHz5bitPi1 UZnosJDXymA6yq8NgAUOhAYgI381AqBkethyhAWB9vpFIMn4n6YO1JphgtRTZHYBxIdA atFA== X-Gm-Message-State: ACrzQf11flTeXSSeE0HYVi+bisaq04OBTAp9TGXE9dqcU3QXUaONWfLR Kf7ObdS74DHhu/v8Y3O3TQl64w== X-Received: by 2002:a17:90b:1e0b:b0:20d:7ddf:9b08 with SMTP id pg11-20020a17090b1e0b00b0020d7ddf9b08mr2169714pjb.187.1665700618898; Thu, 13 Oct 2022 15:36:58 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q135-20020a632a8d000000b004277f43b736sm188041pgq.92.2022.10.13.15.36.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:36:56 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Paul Moore , James Morris , "Serge E. Hallyn" , Dmitry Kasatkin , =?utf-8?q?Micka=C3=ABl_Sala?= =?utf-8?q?=C3=BCn?= , Petr Vorel , Borislav Petkov , Takashi Iwai , Jonathan McDowell , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 2/9] security: Move trivial IMA hooks into LSM Date: Thu, 13 Oct 2022 15:36:47 -0700 Message-Id: <20221013223654.659758-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=11716; h=from:subject; bh=JPYrXEme63zNrHu8RasMAYqzn5dsYfwQ9sKlRFYwCmg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMEBD/MwZ0ABEhYQJlMhma7ILk1MIOCXpU03Rs0 Pj96qRKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBAAKCRCJcvTf3G3AJgJlEA Cl24Ozc1VocmsUXHG32wY4+VYx+AcAuzOiJniFxKvvLj9WZt1tVP6AZjctFfMVwWIYt2Nlp0w5NaLq KR6DqQStima1UGNyAr4KydA8JnaQnpwN77IwaHZ1ICYrUrKzOrdOXu5F+QhyxgHODuswpWPtwVK+ew x8JxGGC1WNatLweiisDHYYWDztKqyLRM5zAdyVG29XHOoXyKvEcLVuYuRaJFLZhCgoL6rWTqQHibTE L3ZJ15erp8I3sBCswkF/cutq1D/h4FkF0ipjXmE4sq5Q4sDFAMLzsVeLoS+77uNySIufqHNEzEJvsv MtkRe9YfjdQ1ebLBOmRTwJ4DK9ygu5UYyEFE3DVjl6s9WCF7xoeeyw1xGeAmWZCGEISesOX3EK1qc6 QG2Qvh0zysfKi4bQh+X/w7YHus44k+O8wibXQXMCOeMA7MayrCMPXDiSLOU13TyewKQKYAR1MaNfMo T2CssSFp7cVYpPa2V1ko6UScmuAnLVwuzGlDI97OoskTZeNpZUCU0SDObm1+NrjbO/OVm4Oz6q3Rry hToO3DDPLYNqpYUahPlARDjFN5Yd85npwGh+K3T3xS75m7UM1ZXJnG1yltz+N2SBik1ARXebC7yHhh PymeAcPzWH1I8+VKQ4In6NgU0I2xesFr6C2GXdeu8txN30aQHn3wLGlT3Y0A== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613806180123338?= X-GMAIL-MSGID: =?utf-8?q?1746613806180123338?= This moves the trivial hard-coded stacking of IMA LSM hooks into the existing LSM infrastructure. Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: "Mickaël Salaün" Cc: Petr Vorel Cc: Borislav Petkov Cc: Takashi Iwai Cc: Jonathan McDowell Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/ima.h | 50 ----------------------------- security/integrity/ima/ima_main.c | 40 +++++++++++++++++------- security/security.c | 52 ++++++------------------------- 3 files changed, 37 insertions(+), 105 deletions(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index 81708ca0ebc7..3c641cc65270 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -16,20 +16,10 @@ struct linux_binprm; #ifdef CONFIG_IMA extern enum hash_algo ima_get_current_hash_algo(void); -extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode); extern void ima_file_free(struct file *file); -extern int ima_file_mmap(struct file *file, unsigned long prot); -extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); -extern int ima_load_data(enum kernel_load_data_id id, bool contents); -extern int ima_post_load_data(char *buf, loff_t size, - enum kernel_load_data_id id, char *description); -extern int ima_read_file(struct file *file, enum kernel_read_file_id id, - bool contents); -extern int ima_post_read_file(struct file *file, void *buf, loff_t size, - enum kernel_read_file_id id); extern void ima_post_path_mknod(struct user_namespace *mnt_userns, struct dentry *dentry); extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); @@ -56,11 +46,6 @@ static inline enum hash_algo ima_get_current_hash_algo(void) return HASH_ALGO__LAST; } -static inline int ima_bprm_check(struct linux_binprm *bprm) -{ - return 0; -} - static inline int ima_file_check(struct file *file, int mask) { return 0; @@ -76,41 +61,6 @@ static inline void ima_file_free(struct file *file) return; } -static inline int ima_file_mmap(struct file *file, unsigned long prot) -{ - return 0; -} - -static inline int ima_file_mprotect(struct vm_area_struct *vma, - unsigned long prot) -{ - return 0; -} - -static inline int ima_load_data(enum kernel_load_data_id id, bool contents) -{ - return 0; -} - -static inline int ima_post_load_data(char *buf, loff_t size, - enum kernel_load_data_id id, - char *description) -{ - return 0; -} - -static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, - bool contents) -{ - return 0; -} - -static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, - enum kernel_read_file_id id) -{ - return 0; -} - static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, struct dentry *dentry) { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e617863af5ff..2cff001b02e4 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -395,6 +395,7 @@ static int process_measurement(struct file *file, const struct cred *cred, /** * ima_file_mmap - based on policy, collect/store measurement. * @file: pointer to the file to be measured (May be NULL) + * @reqprot: contains the protection that will be applied by the kernel. * @prot: contains the protection that will be applied by the kernel. * * Measure files being mmapped executable based on the ima_must_measure() @@ -403,11 +404,12 @@ static int process_measurement(struct file *file, const struct cred *cred, * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_file_mmap(struct file *file, unsigned long prot) +static int ima_file_mmap(struct file *file, unsigned long reqprot, + unsigned long prot, unsigned long flags) { u32 secid; - if (file && (prot & PROT_EXEC)) { + if (file && (reqprot & PROT_EXEC)) { security_current_getsecid_subj(&secid); return process_measurement(file, current_cred(), secid, NULL, 0, MAY_EXEC, MMAP_CHECK); @@ -419,6 +421,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) /** * ima_file_mprotect - based on policy, limit mprotect change * @vma: vm_area_struct protection is set to + * @reqprot: contains the protection that were requested. * @prot: contains the protection that will be applied by the kernel. * * Files can be mmap'ed read/write and later changed to execute to circumvent @@ -429,7 +432,8 @@ int ima_file_mmap(struct file *file, unsigned long prot) * * On mprotect change success, return 0. On failure, return -EACESS. */ -int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) +static int ima_file_mprotect(struct vm_area_struct *vma, + unsigned long reqprot, unsigned long prot) { struct ima_template_desc *template = NULL; struct file *file; @@ -483,7 +487,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_bprm_check(struct linux_binprm *bprm) +static int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; @@ -706,8 +710,8 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns, * * For permission return 0, otherwise return -EACCES. */ -int ima_read_file(struct file *file, enum kernel_read_file_id read_id, - bool contents) +static int ima_read_file(struct file *file, enum kernel_read_file_id read_id, + bool contents) { enum ima_hooks func; u32 secid; @@ -756,8 +760,8 @@ const int read_idmap[READING_MAX_ID] = { * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_post_read_file(struct file *file, void *buf, loff_t size, - enum kernel_read_file_id read_id) +static int ima_post_read_file(struct file *file, char *buf, loff_t size, + enum kernel_read_file_id read_id) { enum ima_hooks func; u32 secid; @@ -790,7 +794,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, * * For permission return 0, otherwise return -EACCES. */ -int ima_load_data(enum kernel_load_data_id id, bool contents) +static int ima_load_data(enum kernel_load_data_id id, bool contents) { bool ima_enforce, sig_enforce; @@ -844,9 +848,9 @@ int ima_load_data(enum kernel_load_data_id id, bool contents) * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_post_load_data(char *buf, loff_t size, - enum kernel_load_data_id load_id, - char *description) +static int ima_post_load_data(char *buf, loff_t size, + enum kernel_load_data_id load_id, + char *description) { if (load_id == LOADING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -1077,6 +1081,18 @@ static int __init init_ima(void) late_initcall(init_ima); /* Start IMA after the TPM is available */ +static struct security_hook_list ima_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(bprm_check_security, ima_bprm_check), + LSM_HOOK_INIT(mmap_file, ima_file_mmap), + LSM_HOOK_INIT(file_mprotect, ima_file_mprotect), + LSM_HOOK_INIT(kernel_read_file, ima_read_file), + LSM_HOOK_INIT(kernel_post_read_file, ima_post_read_file), + LSM_HOOK_INIT(kernel_load_data, ima_load_data), + LSM_HOOK_INIT(kernel_post_load_data, ima_post_load_data), +}; + void __init integrity_lsm_ima_init(void) { + pr_info("Integrity LSM enabling IMA\n"); + integrity_add_lsm_hooks(ima_hooks, ARRAY_SIZE(ima_hooks)); } diff --git a/security/security.c b/security/security.c index 14d30fec8a00..8f7c1b5fa5fa 100644 --- a/security/security.c +++ b/security/security.c @@ -862,12 +862,7 @@ int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file) int security_bprm_check(struct linux_binprm *bprm) { - int ret; - - ret = call_int_hook(bprm_check_security, 0, bprm); - if (ret) - return ret; - return ima_bprm_check(bprm); + return call_int_hook(bprm_check_security, 0, bprm); } void security_bprm_committing_creds(struct linux_binprm *bprm) @@ -1589,12 +1584,8 @@ static inline unsigned long mmap_prot(struct file *file, unsigned long prot) int security_mmap_file(struct file *file, unsigned long prot, unsigned long flags) { - int ret; - ret = call_int_hook(mmap_file, 0, file, prot, - mmap_prot(file, prot), flags); - if (ret) - return ret; - return ima_file_mmap(file, prot); + return call_int_hook(mmap_file, 0, file, prot, + mmap_prot(file, prot), flags); } int security_mmap_addr(unsigned long addr) @@ -1605,12 +1596,7 @@ int security_mmap_addr(unsigned long addr) int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, unsigned long prot) { - int ret; - - ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot); - if (ret) - return ret; - return ima_file_mprotect(vma, prot); + return call_int_hook(file_mprotect, 0, vma, reqprot, prot); } int security_file_lock(struct file *file, unsigned int cmd) @@ -1746,35 +1732,20 @@ int security_kernel_module_request(char *kmod_name) int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, bool contents) { - int ret; - - ret = call_int_hook(kernel_read_file, 0, file, id, contents); - if (ret) - return ret; - return ima_read_file(file, id, contents); + return call_int_hook(kernel_read_file, 0, file, id, contents); } EXPORT_SYMBOL_GPL(security_kernel_read_file); int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id) { - int ret; - - ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id); - if (ret) - return ret; - return ima_post_read_file(file, buf, size, id); + return call_int_hook(kernel_post_read_file, 0, file, buf, size, id); } EXPORT_SYMBOL_GPL(security_kernel_post_read_file); int security_kernel_load_data(enum kernel_load_data_id id, bool contents) { - int ret; - - ret = call_int_hook(kernel_load_data, 0, id, contents); - if (ret) - return ret; - return ima_load_data(id, contents); + return call_int_hook(kernel_load_data, 0, id, contents); } EXPORT_SYMBOL_GPL(security_kernel_load_data); @@ -1782,13 +1753,8 @@ int security_kernel_post_load_data(char *buf, loff_t size, enum kernel_load_data_id id, char *description) { - int ret; - - ret = call_int_hook(kernel_post_load_data, 0, buf, size, id, - description); - if (ret) - return ret; - return ima_post_load_data(buf, size, id, description); + return call_int_hook(kernel_post_load_data, 0, buf, size, id, + description); } EXPORT_SYMBOL_GPL(security_kernel_post_load_data); From patchwork Thu Oct 13 22:36:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2426 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510395wrs; Thu, 13 Oct 2022 15:38:06 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6kGKe3VamsWhmhD0hOo2ojt3kuuDzFsvL0wu2RzKkYuw1Enxi/tCw4BDtgwawbmbHMkPsk X-Received: by 2002:a05:6402:540d:b0:450:bda7:f76e with SMTP id ev13-20020a056402540d00b00450bda7f76emr1675751edb.249.1665700685886; Thu, 13 Oct 2022 15:38:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700685; cv=none; d=google.com; s=arc-20160816; b=ZwmEzINfPBrCiGt86AgXjx8vmxeVcHQ1wcCprXGaTk9PKmTlnKd9T/w+96NRloF5mN Py+lEIrcAyIVJehLDY/wUR3UbS1FbPRiT0RoxfOWXiVNtfxbLPij1J6DZNIweQlwgFN3 Dc6xrgU8r6zLhsb3WF/2iK/tMytcZMFRqmGJ2D7HkR2JQOLcB3++K/OsCBnpIYxMZT4f /M3rhTRE0KSehBe6nI+gmwl97DkmP9UkEjzc9GK7855vJDHL2KZ8QaTnXJJEdG9NlSri arS4ul7uB9haBmfUof2enwHQcflSkpKX47Dl+BSlRqQo/F6OGOYlQotjOcry0tMKNEuZ KDOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ceH/RO/hzWXDxSnFXezZugzYqMJL0QzXH8UIXIXwz2A=; b=cJYqjzN/+dbPuShZkpEoWX1n0TY5Ht6yQJ53B+/Te8SyCustm6cJVtcM8Glm3DHLwf cKNpaqXfi3V//yVG9KhZENNNoOkFqGib1eCH4OIf1pxyYGwOKy1BYPycJbBnyeVPYCeH R7Fy03xfIpAkEXDThjxnNI3BQxX6ATGEDYOWyQpBLzN2W6IoRbOX41CGX6nA73uhikOK dCPD7Od8z17AzuOIamKiDFZFG0WFpx47Y5ZtPaLAF5HErKwAjun77PVtlWbiHxWPCU71 97X8BDdk4sv4dFamQ1ShlUfpWOyA7oUuYHWZZi0E41VkEj1NQfhJTHqYyy4M648FbQ4x uFPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RdhSRBgd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qb5-20020a1709077e8500b00718c7b4cbeasi684247ejc.991.2022.10.13.15.37.40; Thu, 13 Oct 2022 15:38:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RdhSRBgd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229768AbiJMWhF (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229676AbiJMWhA (ORCPT ); Thu, 13 Oct 2022 18:37:00 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11661C098E for ; Thu, 13 Oct 2022 15:36:58 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id h13so3227267pfr.7 for ; Thu, 13 Oct 2022 15:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ceH/RO/hzWXDxSnFXezZugzYqMJL0QzXH8UIXIXwz2A=; b=RdhSRBgdbmEcHTzPfBXbR/j//1diduAVoeDH1mUi7dimeFgOmnh8JxLdvqI6aFAqBz +W54LtdTNlzsY0BuVAZcaQ18xSVO9N4yN4MAX4tdqqKJ7gE+3ebIB5Mxixuf0FmFxpfX 1xPv6UCAlHueIHgZUQRe7YD+3yXNAwKrcBkjI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ceH/RO/hzWXDxSnFXezZugzYqMJL0QzXH8UIXIXwz2A=; b=iATupnQlsqK29ZAHDyS4sm+cSaoEsmCXs+10uwSyYrl4ZgPHVKRgax7cV2esOll0WI efu9WJUDVLqZolqZunsP687uOa5Qy1vLM6paorQoT+wtgPd4nVk3E2pJWa1c931Z94R3 zyMu6DtQgtV3PCO/GjMkLDOVS855cdZgEn37Ve5oG36LtLjuD3t37ShUR045S6qqFhzl M84js/LJzIZkOhXjZIEKdehsDHIMQdfwIk74doU9wYmMq601e9CEQ8RcXz+6yTmvZh6A SmgKy00sjSfmkkxRarVsWrLFSSrE4ArO4BIKDxICHcxBPeHCaFhKFCnuebqOgQWU81RC KVAQ== X-Gm-Message-State: ACrzQf3euFNP20JyB7qp7cYfgKeX7vSgYZToHwVLq5mp5UUkm84wf+6N thypuvHbXxDH5mbCPMPwqOxqVw== X-Received: by 2002:a63:1162:0:b0:450:a0e9:c996 with SMTP id 34-20020a631162000000b00450a0e9c996mr1848284pgr.140.1665700617354; Thu, 13 Oct 2022 15:36:57 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id t21-20020a635355000000b0043c9da02729sm210127pgl.6.2022.10.13.15.36.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:36:55 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , Borislav Petkov , Jonathan McDowell , Takashi Iwai , Petr Vorel , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 3/9] ima: Move xattr hooks into LSM Date: Thu, 13 Oct 2022 15:36:48 -0700 Message-Id: <20221013223654.659758-3-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7063; h=from:subject; bh=UwVZQhUAV34kLZLvWg3gW0Y3AxAoqPtrDDTwL+QIuyQ=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMEHh/BpJ8T/UrB3miOUYuzJYjTTQP/es9Hk0XI dfZG4xuJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBAAKCRCJcvTf3G3AJpZ/EA CGzX2dABmN4vM8z88raKKj3Nl+cOZLLMTHDR3tYm9/U+nievEWZnBIMlbRSDXwjwhv8yOEwkXHomUz EOhnf8FmyzCzjBzXnEacLLLfu6c+5Saz5VuJI11paPu8IUUHHbI8A2c2OOjXaunaJ0pNAuWBpzwIjJ nSNOFNj20t+3vJ/urzKa9/Pqyg8zDHFD9qqpqaBtGGoUwjY3m7XrMqpeKtruZlJUoixyAKUCBR2G+E qW868F9IuhZf12kNaRzP9ehAlWXDreKSeD9GCy8U4uy/FxHNU0llHWLXPJlznr6rSrOov5sVsAOh4Q 92NaFx4RN8V24y4Bkgxkr36IkQ+5+x4uVSNvPGIUVme+c2kVGxGFf9Z5IfDxgYkbyPBl64CF3alsB7 9Jcz7EIvyrYTFXKJapKa3vqpUrdC7L1TJrBfC8OGD2a3nk1E/Z73ZX6TKvIDfOwqY+0SP9s+ptf76q F1AL5hiY+SDsmrM8Q1aWF+Z95WVrcbfNJNezm6/hS9xn3IEeeEdiDeugPyFCMHbzxJ4Zu+GXw+rgPB aoYvjD+300H3Q//lbzYWmc3NCxS0rEwy44q2AQ+r+uqoAMcaa3j3YrJdYPCRearUIv1xpNBoeAzUtb Lr7vob6z1IlkP5lAd+cjBvbd9IbQKJNYK/WtqiqjtVs8HzFa6aaYPjxGpRYw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613762503019188?= X-GMAIL-MSGID: =?utf-8?q?1746613762503019188?= Move the xattr IMA hooks into normal LSM layer. As with SELinux and Smack, handle calling cap_inode_setxattr() internally. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Borislav Petkov Cc: Jonathan McDowell Cc: Takashi Iwai Cc: Petr Vorel Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/ima.h | 16 ---------------- security/integrity/ima/ima.h | 10 ++++++++++ security/integrity/ima/ima_appraise.c | 19 ++++++++++++++++--- security/integrity/ima/ima_main.c | 4 ++++ security/security.c | 10 ++-------- 5 files changed, 32 insertions(+), 27 deletions(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index 3c641cc65270..6dc5143f89f2 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -135,9 +135,6 @@ static inline void ima_post_key_create_or_update(struct key *keyring, extern bool is_ima_appraise_enabled(void); extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, struct dentry *dentry); -extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, - const void *xattr_value, size_t xattr_value_len); -extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); #else static inline bool is_ima_appraise_enabled(void) { @@ -150,19 +147,6 @@ static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, return; } -static inline int ima_inode_setxattr(struct dentry *dentry, - const char *xattr_name, - const void *xattr_value, - size_t xattr_value_len) -{ - return 0; -} - -static inline int ima_inode_removexattr(struct dentry *dentry, - const char *xattr_name) -{ - return 0; -} #endif /* CONFIG_IMA_APPRAISE */ #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..15a369df4c00 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -168,6 +168,16 @@ int __init ima_init_digests(void); int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, void *lsm_data); +/* LSM hooks */ +#ifdef CONFIG_IMA_APPRAISE +int ima_inode_setxattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name, + const void *xattr_value, size_t xattr_value_len, + int flags); +int ima_inode_removexattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name); +#endif + /* * used to protect h_table and sha_table */ diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index bde74fcecee3..ddd9df6b7dac 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -744,8 +744,10 @@ static int validate_hash_algo(struct dentry *dentry, return -EACCES; } -int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, - const void *xattr_value, size_t xattr_value_len) +int ima_inode_setxattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name, + const void *xattr_value, size_t xattr_value_len, + int flags) { const struct evm_ima_xattr_data *xvalue = xattr_value; int digsig = 0; @@ -754,6 +756,11 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); if (result == 1) { + result = cap_inode_setxattr(dentry, xattr_name, xattr_value, + xattr_value_len, flags); + if (result) + return result; + if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) return -EINVAL; digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG); @@ -770,11 +777,17 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, return result; } -int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) +int ima_inode_removexattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name) { int result; result = ima_protect_xattr(dentry, xattr_name, NULL, 0); + if (result == 1) { + result = cap_inode_removexattr(mnt_userns, dentry, xattr_name); + if (result) + return result; + } if (result == 1 || evm_revalidate_status(xattr_name)) { ima_reset_appraise_flags(d_backing_inode(dentry), 0); if (result == 1) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2cff001b02e4..b3b79d030a67 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1089,6 +1089,10 @@ static struct security_hook_list ima_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(kernel_post_read_file, ima_post_read_file), LSM_HOOK_INIT(kernel_load_data, ima_load_data), LSM_HOOK_INIT(kernel_post_load_data, ima_post_load_data), +#ifdef CONFIG_IMA_APPRAISE + LSM_HOOK_INIT(inode_setxattr, ima_inode_setxattr), + LSM_HOOK_INIT(inode_removexattr, ima_inode_removexattr), +#endif }; void __init integrity_lsm_ima_init(void) diff --git a/security/security.c b/security/security.c index 8f7c1b5fa5fa..ca731132a0e9 100644 --- a/security/security.c +++ b/security/security.c @@ -1349,7 +1349,7 @@ int security_inode_setxattr(struct user_namespace *mnt_userns, if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; /* - * SELinux and Smack integrate the cap call, + * SELinux, Smack, and IMA integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_setxattr, 1, mnt_userns, dentry, name, value, @@ -1357,9 +1357,6 @@ int security_inode_setxattr(struct user_namespace *mnt_userns, if (ret == 1) ret = cap_inode_setxattr(dentry, name, value, size, flags); - if (ret) - return ret; - ret = ima_inode_setxattr(dentry, name, value, size); if (ret) return ret; return evm_inode_setxattr(mnt_userns, dentry, name, value, size); @@ -1396,15 +1393,12 @@ int security_inode_removexattr(struct user_namespace *mnt_userns, if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; /* - * SELinux and Smack integrate the cap call, + * SELinux, Smack, and IMA integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_removexattr, 1, mnt_userns, dentry, name); if (ret == 1) ret = cap_inode_removexattr(mnt_userns, dentry, name); - if (ret) - return ret; - ret = ima_inode_removexattr(dentry, name); if (ret) return ret; return evm_inode_removexattr(mnt_userns, dentry, name); From patchwork Thu Oct 13 22:36:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2430 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510926wrs; Thu, 13 Oct 2022 15:40:27 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4EXTWuR1LHA86uDurBBshZIkhbSNb/d0TXkfM3SyZh+OXbTNsjKC85Ip/7lDnyPDx4zBf8 X-Received: by 2002:a17:906:cc16:b0:78d:ce93:f5af with SMTP id ml22-20020a170906cc1600b0078dce93f5afmr1348202ejb.592.1665700827275; Thu, 13 Oct 2022 15:40:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700827; cv=none; d=google.com; s=arc-20160816; b=xcKysuUZvp/tZEM6wylWEWhMZ8JXetMxb4HP1JoNd38FUq/PKTVSWMvhZWamL7ITZ/ VUDvFSch/CY2JWxeFYWOGEba/05E9OyI+Lh5Mk17LPDqdRZ5Voi4jrXypQBwmZcrJjlm Dcwrx03bccKM2AmfZsqYxg3YjpUxZOIklUgQPYFjlWwdR3swO3F+umFGGgmDukBQiM05 6I/DZIUw7MUQmKWZAUxNVNAZNQd/abq0OHn6OsbT77AdKuUmehaHSpXbiS18oC2Ondnx 8cbhUbTEa44GKZAJVRvtXOFEYFjB7j+rASErclQXYdKKRAwRyTb0HXIQaQI+tcU5dTMj fOng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RwwHIW9ubgGCNZI9bpt1owrfiGZeXb5wwl1H6trWtBY=; b=StxowNsArajBahQi05HycZxQ4tQXT5ti3rlSZeDJRPD+cdk/w/DSfo8Egml3J/AYj6 Ee4rjVI7/eL5Xscc2QKpmBPgsz16vMi/tZdRcK1R1hTxPlakOVsxufIbvjMI8I0CfXxh KgL2S6RFYxf3TevtpUUxn6F9H9cJQaiDimHtsWKD2aaVqrLlhSTxicBgo7PZwQHaM2Le lIhqctIknSi8R9QceSnU0kKEg1a8EcRpN0xmypa+ZpoYhRs5jejSVYYj4ybpcZ3N9wIp l5IHpIpfNIkkdYlFOb15YhTDI+BDQtKUqezQchqGuEXomfKT06FS28apGKkCvs3G43/R YcSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NPbuugns; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x66-20020a50bac8000000b00445e20bc95bsi703643ede.428.2022.10.13.15.40.02; Thu, 13 Oct 2022 15:40:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NPbuugns; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229811AbiJMWhY (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229749AbiJMWhF (ORCPT ); Thu, 13 Oct 2022 18:37:05 -0400 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0531EC098E for ; Thu, 13 Oct 2022 15:37:00 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id 204so3209904pfx.10 for ; Thu, 13 Oct 2022 15:37:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RwwHIW9ubgGCNZI9bpt1owrfiGZeXb5wwl1H6trWtBY=; b=NPbuugnsa8ZjJmuKOsOOSrzjod1kIYqRgRjmTGaTWJUUqeqq4o26Thx5EwcjH8ntOg 2FXLuaMoSoMJWiLmgy0LqmQpFgBGbd/D2jky5NbREy2VZpMXlHQhUgKFk4GR4LHv+2Yh AhE40vgIjDEMlzjYgT0H7Xngnyh4qql/BXqpA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RwwHIW9ubgGCNZI9bpt1owrfiGZeXb5wwl1H6trWtBY=; b=qwxB0HSlAkf7nj/dqcgLXptAm3AWsTXNQmrGsGZ0jjUadAzdb9PCDygag3GU1mh7t+ KXk1g1949YY20PSf0U9NGBtTtGwZYKaKvwwPIc43g+B5AnBluAVUSpe0/5Yy0aPMpkU5 GwYiuVV6k/YOqWTYRG4k6VsaQP6eRkxAO0hHcaNTUWfjdgRTnUerz+n239S4OQ5J7HzL LkFEoc+zDM1G7Y2h+3bXL+WSN+Z+3E6PFUmUPIVHJ9P/h0TNsfkeaVEC9B+bEj0XjJUq 2So3jCrL+glW4G3PAqNgB0lCejLqvm/Tp7QCKs7kcvunrJDInx6Vkj7Dv+e1sUeKpLZO HHcQ== X-Gm-Message-State: ACrzQf1bH5taVnHaj6nPTNZ4vWHmP9Q1GEr9AvDmovivm18RLdv5WeSe BwaMTYeUvGQQ4K9DfLqpuf2+lQ== X-Received: by 2002:a63:4753:0:b0:462:b3f0:a984 with SMTP id w19-20020a634753000000b00462b3f0a984mr1760357pgk.501.1665700619583; Thu, 13 Oct 2022 15:36:59 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a6-20020a170902710600b0016d773aae60sm363047pll.19.2022.10.13.15.36.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:36:56 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , Petr Vorel , Jonathan McDowell , Borislav Petkov , Takashi Iwai , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 4/9] ima: Move ima_file_free() into LSM Date: Thu, 13 Oct 2022 15:36:49 -0700 Message-Id: <20221013223654.659758-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3106; h=from:subject; bh=j7SUgkDxPUE08MqOt4a9Z07kxHXSo2qyUDZKl6O5dvY=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJME98uVBOBVBjxVK8UcpHvXl8yakzz5L2nvmUUm /7U1ct+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBAAKCRCJcvTf3G3AJlXUD/ 9LlocRqLBjy5RTiLduzQ0vovRa//i2jiaWLU4i+ih50alFhDMD02D29Huhx1Bpfkxw3tEd5uirD4Qm woZnL++HqvBws+6hGWHagdC04silwQ+UneqsQ9+EwvYKkgPjAXUf8EqEiroy2E5PW6tvyWQGp7DE04 5fMsRSD1C33QHyVeVM7PoXVrtGzW7ZXZRlq9qLdxpIfMps7lsUPsMQTc2kI0mXBsFDmzmFC+dvs9Kk TBA2b7kANBV4ws5RZBLHQlcNlcorhUbixldb3SD4Igl+MJgA67JGenetiOgFwYTBZT1K73uJbk5yUk WZQc601AOB4dC1ijypfacOlZMsqn3UAybG24Vl3JBK6k9KVLuk//880teg87CIZ3aouwk8oaGFjJCb MGXsSIxvhXFzaDBaD+6ZerRPCd6plADAlHpnOft2dB4URCIbURA0fsBQocvf8yBHNcbIDACPNQ+vsD o2HdBbh3bSEvxx+IZz7MNSOJtcgg19X9ybRdJ2DWUahXj4tAVcVFScJ9Y59q3grUFY4qHgtvQuDUsV VXEVwWI71XFXuUiZWOk3URctGgJ8R6g+ke4PyNtO7Os8N9dDI8SUiFqBidQyChnIfDZLrBJ3kZBTvq Fucu8VZ0mHiRAoMrfyl5lQR9vABa7Kxyt11ZCZCO9fEMV4YrarDv6b7dG5ZA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613910866917886?= X-GMAIL-MSGID: =?utf-8?q?1746613910866917886?= The file_free_security hook already exists for managing notification of released files. Use the LSM hook instead of open-coded stacking. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Petr Vorel Cc: Jonathan McDowell Cc: Borislav Petkov Cc: Takashi Iwai Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- fs/file_table.c | 1 - include/linux/ima.h | 6 ------ security/integrity/ima/ima_main.c | 3 ++- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/fs/file_table.c b/fs/file_table.c index 99c6796c9f28..fa707d221a43 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -311,7 +311,6 @@ static void __fput(struct file *file) eventpoll_release(file); locks_remove_file(file); - ima_file_free(file); if (unlikely(file->f_flags & FASYNC)) { if (file->f_op->fasync) file->f_op->fasync(-1, file, 0); diff --git a/include/linux/ima.h b/include/linux/ima.h index 6dc5143f89f2..9f18df366064 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -19,7 +19,6 @@ extern enum hash_algo ima_get_current_hash_algo(void); extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode); -extern void ima_file_free(struct file *file); extern void ima_post_path_mknod(struct user_namespace *mnt_userns, struct dentry *dentry); extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); @@ -56,11 +55,6 @@ static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, { } -static inline void ima_file_free(struct file *file) -{ - return; -} - static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, struct dentry *dentry) { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b3b79d030a67..94379ba40b58 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -183,7 +183,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, * * Flag files that changed, based on i_version */ -void ima_file_free(struct file *file) +static void ima_file_free(struct file *file) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint; @@ -1085,6 +1085,7 @@ static struct security_hook_list ima_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(bprm_check_security, ima_bprm_check), LSM_HOOK_INIT(mmap_file, ima_file_mmap), LSM_HOOK_INIT(file_mprotect, ima_file_mprotect), + LSM_HOOK_INIT(file_free_security, ima_file_free), LSM_HOOK_INIT(kernel_read_file, ima_read_file), LSM_HOOK_INIT(kernel_post_read_file, ima_post_read_file), LSM_HOOK_INIT(kernel_load_data, ima_load_data), From patchwork Thu Oct 13 22:36:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2432 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp511030wrs; Thu, 13 Oct 2022 15:40:51 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5xBv7Vk1kAchvdn3eurgovF96301L73A+nY7CHIO9AkijxQJ4nBJfWH4VyHVNUZVCgp/ht X-Received: by 2002:a17:907:a47:b0:780:6883:2a37 with SMTP id be7-20020a1709070a4700b0078068832a37mr1396995ejc.219.1665700851785; Thu, 13 Oct 2022 15:40:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700851; cv=none; d=google.com; s=arc-20160816; b=k0LNhI3S8xZdwagacPUplYodTfROJUktGTY6K5ZcFix+/nyn3sQi9Z4MI1WvchTXlc yxhkC83yh7Ter25DmZ3kqVkrsFE7Z3eX8mzX8PuFpTc53k7G+rJogHlZ7lmC8eHaRdiV l8hF+b1GXDhmwli5JSB96hJy74uQsJHsF8s5CJrdv0dXHggmkjn4qn+uj+Eue5Fl5VlC z3ApRMbtna6Idg5FmPaOK6WakfuFm7jnDZHQ/1Gqc4Cwwq3A06QztLKiJjmF4YMrugdS tQ6IjPFXHdQ5pvx6qh0Qvhwjzz3nlIb409zDLie+Ww5yVrkx14AotdycJeuLj6YWULm7 9YQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=YsVURujdxv2TmCZAOzBG5PyJ5Db0orOcMu9GXfW9Fck=; b=XETcPlbOpH8xdp2AOQGv2gQHS6grYntLRr1ZEoL6CDZWaS2ZmILxfrpuA4uY4TF0yL rrPY2vrJI9ZSqgV/f2C38D0oZs6QWeCV0JIHOCdvwQGnvvYDIkBO1woPdBX+mMI1ExEE WIt3Eo+muwnEuIMEzk9CRgkovqC40TN49zHA6mkOJvFi0NEM2ViCVdV4T5cwT9U8bjK+ lXltcL8oIjrLLBl7cKLAG3dv/kXZugFTRGisDb2oNWXKmVAuX6sErjmANfyZCVbGo6FK OVTxPAvgoepriaPMNRiXELFJJVq4jV0ESK4fLiM6b3npayV6dETa1qT//r1NFap41lHF hO7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Q6uQT6cZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nb13-20020a1709071c8d00b0078b88453306si963692ejc.285.2022.10.13.15.40.27; Thu, 13 Oct 2022 15:40:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Q6uQT6cZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229881AbiJMWhg (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229808AbiJMWhK (ORCPT ); Thu, 13 Oct 2022 18:37:10 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F65615745C for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id q10-20020a17090a304a00b0020b1d5f6975so3187586pjl.0 for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YsVURujdxv2TmCZAOzBG5PyJ5Db0orOcMu9GXfW9Fck=; b=Q6uQT6cZ6HlnR383h6WH/uQ3S8aFq0qFNpnMDAPTNxVKhhUPExQlulnkpOZFEcG4DO rkvGu+fypFN8ukziyyJYzxxpoBTmyy1iUMJDn54cWfAj/wTnNaO3mMX3ID9iCOFpoe8X RsBJfdcTkFBtAvNEDyiSrCSfUxIE9g7TpRhNg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YsVURujdxv2TmCZAOzBG5PyJ5Db0orOcMu9GXfW9Fck=; b=4E9jCYG+1t4KABtKK+Co6gyGvwbRUnr7oeBBRcQtSmx71EAHHIJfW4X5tg1poiR4KV lSTfWIurtAPVWfNMMOw65+/0OEji/Dny5YTt63fj+M1SYidf7WJd6kQdx4SVTWDHZEl8 xMO+wk46b9MpDaCj5MR11pYv2GNQn2ZGDaI7t7hcaeaqZjBLMrRP+wM3UEpp8EpctXvV 8+duAH1tL1jMdpGUwnBZVsnNwfJhoSOtOQ8b4VctukJq7xu4rzbTbFMo9WMOF8qcf2nx eoJFffuSXcYjYB9TKdSPqafjglgN3p2KErr3zZlgE3Kt2UnFcAp9/FatipmZddgHfH8e 79kw== X-Gm-Message-State: ACrzQf1o2wAzWj9Riaa8p8peirKcRzCBHyYAUAB8YmDZy07GqCNJUKnW 9ulY7791/cW+VQT99QEQKCdosg== X-Received: by 2002:a17:902:da90:b0:17e:c64c:99c2 with SMTP id j16-20020a170902da9000b0017ec64c99c2mr1943103plx.85.1665700621712; Thu, 13 Oct 2022 15:37:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e2-20020a17090ab38200b0020aaa678098sm234714pjr.49.2022.10.13.15.36.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , Takashi Iwai , Jonathan McDowell , Casey Schaufler , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 5/9] LSM: Introduce inode_post_setattr hook Date: Thu, 13 Oct 2022 15:36:50 -0700 Message-Id: <20221013223654.659758-5-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7546; h=from:subject; bh=Xca597ImY3Tk10E6V1MSqwTfNHEUXjfa0mP2kJeVjWU=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMESltMyWfjIAxwaRChBzXRUlWazuBJOtIDnt/w 1MfQKfKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBAAKCRCJcvTf3G3AJvKrEA Cv4dUFIPRnCesIjZqkLeNcMzFfxbwiPE1sa41CkqiusWgCWPpw9xThOQPNFPRXFGxfmAC4WWW1s8Pg Egp8ySPdL2Z2ZoFWspeAtEgLvpvnmuRcX6fwwpY2ScnK5la6MfxFZkePaPw3Id+v98xX/AHDV1pWNb vs8AhqXnNpd3RRPq/KFMBRDfTo+AzEHouQwqd5mlYQASMCBHJoRkJEAzhRhKOAbNE8Un0qFFOJM127 f+ack2Ke7ExNavXK4FkwW2up2biDDSZlkFUKz7WtrVP+2dS2WsYjcjfUfjUvXLm2fuSJyTDpyYSnZg W1Vs4h3zeVaiPxoX+hqHJml8C9VfVSJ9TyAL9EnML3kB6wPrlAYaqYr/P4FBqsahnbuK/7vQT0Qs/F 2KI+L2CxqiFt0ts5Kh7SShJDqx8Dm/dCYydir3f9GaGEb6RkbgNa8H7dBgr9Tlen2YDZSz3/wB/V3p r9zop5w9BfLKWggfjpWH9k4e6NNtTN7hk1PuK/D+wMADD2V6v6bJl59WNYw1ImFIlznT+6PlF00Wah zmdHVen0w0epT+QxM9hC6wN3T/hhqp0jbalmg2KFioZBCZzR3xgqQpLeWgKM3lmcI7hv1IJ2iN7MQq ScwM1fPFxBDOAqCV+moVHEi1Vs8HGXUZc8I8Xrbi4Dx7pg5pfU3LkeZ3D/eg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613936516985773?= X-GMAIL-MSGID: =?utf-8?q?1746613936516985773?= IMA and EVM need to hook after setattr finishes. Introduce this hook and move IMA and EVM's open-coded stacking to use it. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Takashi Iwai Cc: Jonathan McDowell Cc: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- fs/attr.c | 3 +-- include/linux/evm.h | 6 ------ include/linux/ima.h | 9 --------- include/linux/lsm_hook_defs.h | 3 +++ security/integrity/evm/evm_main.c | 10 +++++++++- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_main.c | 1 + security/security.c | 8 ++++++++ 9 files changed, 25 insertions(+), 19 deletions(-) diff --git a/fs/attr.c b/fs/attr.c index 1552a5f23d6b..e5731057426b 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -423,8 +423,7 @@ int notify_change(struct user_namespace *mnt_userns, struct dentry *dentry, if (!error) { fsnotify_change(dentry, ia_valid); - ima_inode_post_setattr(mnt_userns, dentry); - evm_inode_post_setattr(dentry, ia_valid); + security_inode_post_setattr(mnt_userns, dentry, ia_valid); } return error; diff --git a/include/linux/evm.h b/include/linux/evm.h index aa63e0b3c0a2..53f402bfb9f1 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -23,7 +23,6 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, struct integrity_iint_cache *iint); extern int evm_inode_setattr(struct user_namespace *mnt_userns, struct dentry *dentry, struct iattr *attr); -extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); extern int evm_inode_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, const char *name, const void *value, size_t size); @@ -75,11 +74,6 @@ static inline int evm_inode_setattr(struct user_namespace *mnt_userns, return 0; } -static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) -{ - return; -} - static inline int evm_inode_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, const char *name, const void *value, size_t size) diff --git a/include/linux/ima.h b/include/linux/ima.h index 9f18df366064..70180b9bd974 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -127,20 +127,11 @@ static inline void ima_post_key_create_or_update(struct key *keyring, #ifdef CONFIG_IMA_APPRAISE extern bool is_ima_appraise_enabled(void); -extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, - struct dentry *dentry); #else static inline bool is_ima_appraise_enabled(void) { return 0; } - -static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, - struct dentry *dentry) -{ - return; -} - #endif /* CONFIG_IMA_APPRAISE */ #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 806448173033..0b01473eee8a 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -135,6 +135,9 @@ LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode, bool rcu) LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask) LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr) +LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, + struct user_namespace *mnt_userns, struct dentry *dentry, + unsigned int ia_valid) LSM_HOOK(int, 0, inode_getattr, const struct path *path) LSM_HOOK(int, 0, inode_setxattr, struct user_namespace *mnt_userns, struct dentry *dentry, const char *name, const void *value, diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 1ef965089417..aca689dc0576 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -817,7 +817,9 @@ int evm_inode_setattr(struct user_namespace *mnt_userns, struct dentry *dentry, * This function is called from notify_change(), which expects the caller * to lock the inode's i_mutex. */ -void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) +static void evm_inode_post_setattr(struct user_namespace *mnt_userns, + struct dentry *dentry, + unsigned int ia_valid) { if (!evm_revalidate_status(NULL)) return; @@ -905,6 +907,12 @@ static int __init init_evm(void) late_initcall(init_evm); +static struct security_hook_list evm_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(inode_post_setattr, evm_inode_post_setattr), +}; + void __init integrity_lsm_evm_init(void) { + pr_info("Integrity LSM enabling EVM\n"); + integrity_add_lsm_hooks(evm_hooks, ARRAY_SIZE(evm_hooks)); } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 15a369df4c00..5c95ea6e6c94 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -176,6 +176,8 @@ int ima_inode_setxattr(struct user_namespace *mnt_userns, int flags); int ima_inode_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, const char *xattr_name); +void ima_inode_post_setattr(struct user_namespace *mnt_userns, + struct dentry *dentry, unsigned int ia_valid); #endif /* diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index ddd9df6b7dac..ccd54b50fe48 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -631,7 +631,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) * to lock the inode's i_mutex. */ void ima_inode_post_setattr(struct user_namespace *mnt_userns, - struct dentry *dentry) + struct dentry *dentry, unsigned int ia_valid) { struct inode *inode = d_backing_inode(dentry); struct integrity_iint_cache *iint; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 94379ba40b58..ffebd3236f24 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1093,6 +1093,7 @@ static struct security_hook_list ima_hooks[] __lsm_ro_after_init = { #ifdef CONFIG_IMA_APPRAISE LSM_HOOK_INIT(inode_setxattr, ima_inode_setxattr), LSM_HOOK_INIT(inode_removexattr, ima_inode_removexattr), + LSM_HOOK_INIT(inode_post_setattr, ima_inode_post_setattr), #endif }; diff --git a/security/security.c b/security/security.c index ca731132a0e9..af42264ad3e2 100644 --- a/security/security.c +++ b/security/security.c @@ -1333,6 +1333,14 @@ int security_inode_setattr(struct user_namespace *mnt_userns, } EXPORT_SYMBOL_GPL(security_inode_setattr); +void security_inode_post_setattr(struct user_namespace *mnt_userns, + struct dentry *dentry, unsigned int ia_valid) +{ + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) + return; + call_void_hook(inode_post_setattr, mnt_userns, dentry, ia_valid); +} + int security_inode_getattr(const struct path *path) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) From patchwork Thu Oct 13 22:36:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2429 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510804wrs; Thu, 13 Oct 2022 15:39:54 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5DaSX0pospmEh+VAdP4rHaszBS66mnFavMhXF2IByQlZ3bL6og39obT+iZmFujEpw5UKB+ X-Received: by 2002:a05:6402:27c8:b0:458:ecf7:7248 with SMTP id c8-20020a05640227c800b00458ecf77248mr1737198ede.67.1665700793836; Thu, 13 Oct 2022 15:39:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700793; cv=none; d=google.com; s=arc-20160816; b=D7Z69it6BEN/dUDWecfWumWFkUKrjPa2idT/TIgPky7xdZEnFwHFzxcJT5b8AS6HdG G88lY3jsNqki6aC9RTwWYTJ6xvKmBNssaZFwDIm0XEBnWB6+Z/vzHf6gBb2MuHNzmUvL TPeNYFbOb20X7ZNBgsa18NHz0OljNCXKVvdaHo6ZkXULZqKNHl25AghuvlFpDWqqTRxr taYARB4g9QhViXj0GFwKzi/c85syszfAAK4XVmfaMR/P6ys/P2eIrLlMaIo1f4xzwGEc 5nv3yYMRXUr5wOarZtr+D8BFag9XfWL/9je2Qvq5a58pr4dfhchVg+mpSeGqUbTgRcFj MElw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=EEm2lN8fJs/PQxcZ9et4pJZLrPdDPlOxYZTs4CfWAYjww1FGut/fQEhxW1y6EFP14Y 9BJXZ69XVJLLeIMozVRBk2F53ntYsQeGI7MUVH97b3u4Bzw+yYcVAp4TuLlOk9OM37V+ URP8C+sr2XLLvEekNed2MWOTsbGW8yD4cYHWZD5+c9aOsubl67HJYeCuY5ZXTPsMokKq NfkR6nq7hcpZtOYaYRRH4ko3rQdu52yEF1zQZb/Jv5q5jXlsxNSFzgUzeUQ3XuIebRcS jO6BcbWYTmF6W5KgD7jgznShcizrlyGZ0NPvwkjj8LA7VNf1bPHGjOTa0mljZfpuVDL8 JlUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QYx587gs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r11-20020a170906704b00b0078d44b51f66si671909ejj.1008.2022.10.13.15.39.27; Thu, 13 Oct 2022 15:39:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QYx587gs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229894AbiJMWhl (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229797AbiJMWhI (ORCPT ); Thu, 13 Oct 2022 18:37:08 -0400 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1074153821 for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id r18so2741408pgr.12 for ; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=QYx587gsPoZ2Rt2D31lwneKBIE0nlruGRbmbSxEd/wU1/e+ZARKYeK3iBavfszJMpM 1rdsc3DARoEg5VnS/veGem8AflPWSHFlpLtT8GshvYDBN7qk5Mr4i5Pqa0foKF19eZSx b8TpbYuA0q39bY4XbbSsFmEZKiZC2QIMQjSrk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i0+hkpiHQzJ8+JNug0yAZuhS5yrr5xFtDUDfT1r5L18=; b=c+FAsR/eMuUa15yhpnhXvI8Ek17iKV2hI0AnAkx70Hl6+2jEDw+lez56i5xjpl8ZDT hn+ysuhNqDNFuOnfvnT1upo6B3U3kgW7PJR6GJqTrK9lxVAiJ1EjCwGzOHziN4AUWSn/ d4z6P1pKP2jdxhc7EvXbmhjuO9044S+dXiQCVN7F2p50KL/ILWDII6kxV9ugTJ+5D8Ac oMfWRIy+M3HWz1hcqp5+xfk6P4UxfSrZhipXdlhsSJTx8ir72cVfEVJzht1XcgoWf7ML 2oe6stlBiU0TYEpVSnRMG5pAxFyFcNBzFPrjl6LM6uI6w7RopMv9FeTtunK3xi/4sYlM E4Cg== X-Gm-Message-State: ACrzQf0ZxsvYzDOcClxQUKWMNxMqAupnaIkZ5/6taqke5ndNUa//YdHR qFjmpjCEGPLDbWAy8DGAWvEydw== X-Received: by 2002:a05:6a00:2393:b0:566:813c:ae26 with SMTP id f19-20020a056a00239300b00566813cae26mr185199pfc.8.1665700621319; Thu, 13 Oct 2022 15:37:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q6-20020a170902f78600b001769cfa5cd4sm356820pln.49.2022.10.13.15.36.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 6/9] fs: Introduce file_to_perms() helper Date: Thu, 13 Oct 2022 15:36:51 -0700 Message-Id: <20221013223654.659758-6-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2624; h=from:subject; bh=kHSufPh8mIo/bjTRCkWIphPq0T9RFTX/D7KSIVqq6E4=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMFgxBLCCrCvM8fbbAU6HUNSc0X+NBZd2coINEr PLUeV+uJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBQAKCRCJcvTf3G3AJuVVD/ 9dmweB5gcNNSwinfSOe+1SYjVoMp4pO/YbGKyzqp9iSQDnAu53m7/BKTysFNovCaUKyEh7197U6MUp LUlQFWZ0CQWe0ka2lwW89FLpkV2OI0Bd6U3SUeprwQa2Xm1ttkhbUuoUCH+IPzzpntm5qSaJ99vZcS zymhCi9swcwU28oJ6sd46pKWNe8UCm1d19nZbAFtIX17D07kJ026Aj8ODCCy2P6nMrLAGUJmaLkx9r 0+pX3zQpYs64lI1r953yaxCB/BIlz1RJrnyT1mz8fGVAH55bKakonK2JEd9CRd8KGNa+kRc83RDhA4 lFPpkEh/aNMoSXbYKrfc8SkyyDTOXJ5vDZ2KCWLZdwQIpac0vqg1CLH9N2sm0W6TckUP7vPvOmOM4Z f5eTZrLB84wp0DHMJCXrRZO79S56OiUwLCarTCtv0f5BZpgnThuf6BYDrLC054KiryunDIv2oAklMu p0Khd4nmP2MDptUEyCH2zfVmqZu9uoljoXA/Ry+tm/0Az96oaddZz6DS+mNs/sI8Q/F7PVMSVWbgGP 3Xow9kjRWe1Gybq5wjsfkZS/r7XPQih8TCBKJY7MBEguI9la9e/RULiGW2vtROMTuQ20u2IoU9zcp4 bpHEEfkAQeBR301m7ACV50ZLukKFNsCdbLDykTL4Q/jWHPFmMvi0iMknRKZw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613875149623390?= X-GMAIL-MSGID: =?utf-8?q?1746613875149623390?= Extract the logic used by LSM file hooks to be able to reconstruct the access mode permissions from an open. Cc: John Johansen Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/fs.h | 22 ++++++++++++++++++++++ security/apparmor/include/file.h | 18 ++++-------------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 9eced4cc286e..814f10d4132e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -993,6 +993,28 @@ static inline struct file *get_file(struct file *f) #define get_file_rcu(x) atomic_long_inc_not_zero(&(x)->f_count) #define file_count(x) atomic_long_read(&(x)->f_count) +/* Calculate the basic MAY_* flags needed for a given file. */ +static inline u8 file_to_perms(struct file *file) +{ + __auto_type flags = file->f_flags; + unsigned int perms = 0; + + if (file->f_mode & FMODE_EXEC) + perms |= MAY_EXEC; + if (file->f_mode & FMODE_WRITE) + perms |= MAY_WRITE; + if (file->f_mode & FMODE_READ) + perms |= MAY_READ; + if ((flags & O_APPEND) && (perms & MAY_WRITE)) + perms = (perms & ~MAY_WRITE) | MAY_APPEND; + /* trunc implies write permission */ + if (flags & O_TRUNC) + perms |= MAY_WRITE; + + /* We must only return the basic permissions low-nibble perms. */ + return (perms | (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)); +} + #define MAX_NON_LFS ((1UL<<31) - 1) /* Page cache limit. The filesystems should put that into their s_maxbytes diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 029cb20e322d..505d6da02af3 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -218,20 +218,10 @@ static inline void aa_free_file_rules(struct aa_file_rules *rules) */ static inline u32 aa_map_file_to_perms(struct file *file) { - int flags = file->f_flags; - u32 perms = 0; - - if (file->f_mode & FMODE_WRITE) - perms |= MAY_WRITE; - if (file->f_mode & FMODE_READ) - perms |= MAY_READ; - - if ((flags & O_APPEND) && (perms & MAY_WRITE)) - perms = (perms & ~MAY_WRITE) | MAY_APPEND; - /* trunc implies write permission */ - if (flags & O_TRUNC) - perms |= MAY_WRITE; - if (flags & O_CREAT) + u32 perms = file_to_perms(file); + + /* Also want to check O_CREAT */ + if (file->f_flags & O_CREAT) perms |= AA_MAY_CREATE; return perms; From patchwork Thu Oct 13 22:36:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2433 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp511580wrs; Thu, 13 Oct 2022 15:42:58 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4b/Cm3/vBuyW8XXtYMz3n6PTUYeVdcP4/Sm2MuLT3ExcnfzYr6/xUjS7cXl5M3nTnJ1/3P X-Received: by 2002:a17:906:5a44:b0:78d:4c17:9856 with SMTP id my4-20020a1709065a4400b0078d4c179856mr1431088ejc.477.1665700978227; Thu, 13 Oct 2022 15:42:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700978; cv=none; d=google.com; s=arc-20160816; b=F9wXNP/FuqpvMXdQAzAqY3u7PH5wNcXlnLF5rIQXZyoxaZ6IL//nOCaYwDtiCySvEc SpmgtzsG+yXQl+ZvUrNTW38dR9kK4Ka+L85Lgd+iL38myG6NHwuLEpBD2+gaMbZfBKRF Zsy+fMh3omJqRCj8KfigHckaji6C0jn6p1TM1f3GoCglKb0AoD63ReuO0FUGiQ7xbOFJ yNZFF56XOtniWuFQ4if6nDg9cA37JxREqGv7MwhIHs/NIhk4eU/xvFE/BjWu+r3pcrno wBK1aFBx/TnF5EiiSRnGvjJi1tBXQiTz87o0MGWHuGdIJmjC0ZOZmoPzHJclgnv74PEU iTwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=BUjOn5k+MDTd5PUbkTwlrTScouGBjar5cnIPsWYV3Wg=; b=cgo7jrZdRvcF2q+XuZySXQxEGoJ2X/GyHwzZkP29ikDkZO+KRgBwGS0wG5cxkAFkI9 XVUE/oraTZf24qHfq3ThPhv1QEIHsE5aEwc1ssTg/QSf5gLZoJR8+0WGzXQXmq7nBYvi D60hIqtZuVj7pvX/rtn/VxYfG5Rcj5aQIAhfPYEGC2XW+Cwpr5ycHRp9eNS52TLEIh9H PxxcGDuueA6WJ79t2T2+L/mmkXjskUM0DYLMUriAtOEFzinpilNrNW2GIJh48iqIFHz4 X1+wzyqimi/hSX3jzG2H1WUiflNKHxrX9G9TMTnd36RsKHL0k2aLS1O971FAdF4Th8yE Z4WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=XGpcmGIG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hg7-20020a1709072cc700b007707ab4be28si665030ejc.972.2022.10.13.15.42.32; Thu, 13 Oct 2022 15:42:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=XGpcmGIG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229715AbiJMWhx (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229771AbiJMWhM (ORCPT ); Thu, 13 Oct 2022 18:37:12 -0400 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1ED4F19C04B for ; Thu, 13 Oct 2022 15:37:04 -0700 (PDT) Received: by mail-pj1-x1032.google.com with SMTP id 70so3262156pjo.4 for ; Thu, 13 Oct 2022 15:37:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BUjOn5k+MDTd5PUbkTwlrTScouGBjar5cnIPsWYV3Wg=; b=XGpcmGIGlJvbK+PB64IhAkNpyqWLSCW2DYyaXePgdi05Efu5gl3N0K/4rH7qa7wR2G NhgH5dEPf4bukJHrR7zvYZrFreOBcpgAzxeVjzSSwrYkx4aMtW4lC77LLu3BXkyNO5Mx WRVlvhh8AeS/RL37yp6cImouUfSHqHYIF71eE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BUjOn5k+MDTd5PUbkTwlrTScouGBjar5cnIPsWYV3Wg=; b=wwK0f/8VoXr9bLXhb4KZf7JkhgJPG7m5bfvGgq/Gm0wBbOKx1DGV+UUfSDPoqh6l2/ y8gaLh+1yexix/DwyhjlVongy/ktSLx9kOo1bJYr0fi5QJeFZ0XvcoySxP4+klof6gUY KjP0DsOrOJlYJ5iYm66CKc6s9zIxjbXLwp3u3zw81VI/xuz+2rMJTyu8+J6SMZBZqth8 /73iDfk2me1QmC/B296/7TNu4r9mHG8PfdWL/vZG8u+ZpPOpLtDALAXQLUMQrewDUwA2 Hm1q5pr5l5C37bQ6eWlZwG458cDEHFwFGkCbcIAcYiOoOswMzF5hO2aylUjsEUCunMW0 Pzpg== X-Gm-Message-State: ACrzQf2pAJuq4JKBkC0xOtTPSzx0x9j1vcGjgt7lNWkxr4rnWJpKlUd5 S/y1AX29vgs/IuI1v4UPX/6mEy0Ixr5apA== X-Received: by 2002:a17:90b:180f:b0:20d:4e7f:5f52 with SMTP id lw15-20020a17090b180f00b0020d4e7f5f52mr13961271pjb.119.1665700622896; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id f8-20020a170902ce8800b00179eb1576bbsm322449plg.190.2022.10.13.15.36.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , Jonathan McDowell , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 7/9] ima: Move ima_file_check() into LSM Date: Thu, 13 Oct 2022 15:36:52 -0700 Message-Id: <20221013223654.659758-7-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5346; h=from:subject; bh=riUsZQZoVxlZeA/zVYk5CSKXRI6ewCrtesJchBkc+2o=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMF+CD8myWrdyIkpdz8Alc9mimWJRlQS/0/dBUs QZL6Lr2JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBQAKCRCJcvTf3G3AJprMD/ 9DPdjF0nwZkAf61pNj44lk1w0pWPPsk+HTALzRGT8PvX4Qvtb+QPpOc+DSnxDdxsG1ExBqHxyr7PwY QKSjmLiFPdg77UH6m5Ifh8aXoRh7/Go0JSkxa8fLFjiuyqCzHSg5qsNwlUgGDuF+1tq/Obcl5272w0 zfvSXVlJxLxilUYRIm8jBLu5sQt9sFpBh2v4OlCdwo9Yfd2iP6wRBOY3XHSFQ6WNhPZkCPFQ/2eaCe aOHcJzozEs+UJ3k8VpfAybP2MK6ULPjPHEq7Nn+89BLF0DhnQLFKPoTqpG87NbtJuEHwcvKuPaqsjK epfWQ5HPx/WUNCbCPLkWrG3RJ5aYI/ZdHoWrhEGwPLILXvGO1xMyfgONsq3O89wwqROU95CEal7mqm 0bNbFa+3i1Qr7rHNNb7pXMtjr4H21i9/Uds+CZSMWkqaD/VLq1ahOxnoRHRuP8b4EpjZjUZxJY5XJp gro3IQrX94VDspAGt+cbC94kD5veVUHLyK0K3KyFbpc2vAvsmPP9XzupgcI84gEE0Voobxv4bGcBDU qJ+a7mbzxlbv9e3e2rzF9Twie6YgFoYm5r2iGk1VuNy88PEpTY28MpO474gixLp0ejVmwclt4uriEa PZzfyuo3/VsLdMZ3MrVpZ6/Y/jhjTOD9IPJdoIQq/LAwm+ES2ll6ez08qjfg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746614069151293929?= X-GMAIL-MSGID: =?utf-8?q?1746614069151293929?= The "file_open" hook in the LSM is the correct place to add the ima_file_check() callback. Rename it to ima_file_open(), and use the newly created helper to construct the permissions mask from the file flags and fmode. For reference, the LSM hooks across an open are: do_filp_open(dfd, filename, open_flags) path_openat(nameidata, open_flags, flags) file = alloc_empty_file(open_flags, current_cred()); do_open(nameidata, file, open_flags) may_open(path, acc_mode, open_flag) inode_permission(inode, MAY_OPEN | acc_mode) ----> security_inode_permission(inode, acc_mode) vfs_open(path, file) do_dentry_open(file, path->dentry->d_inode, open) ----> security_file_open(f) open() The open-coded hook in the VFS and NFS are removed, as they are fully covered by the security_file_open() hook. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Jonathan McDowell Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- fs/namei.c | 2 -- fs/nfsd/vfs.c | 6 ------ include/linux/ima.h | 6 ------ security/integrity/ima/ima_main.c | 14 +++++++------- 4 files changed, 7 insertions(+), 21 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 53b4bc094db2..d9bd3887e823 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3555,8 +3555,6 @@ static int do_open(struct nameidata *nd, error = may_open(mnt_userns, &nd->path, acc_mode, open_flag); if (!error && !(file->f_mode & FMODE_OPENED)) error = vfs_open(&nd->path, file); - if (!error) - error = ima_file_check(file, op->acc_mode); if (!error && do_truncate) error = handle_truncate(mnt_userns, file); if (unlikely(error > 0)) { diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 9f486b788ed0..33fe326272df 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -762,12 +762,6 @@ __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, goto out_nfserr; } - host_err = ima_file_check(file, may_flags); - if (host_err) { - fput(file); - goto out_nfserr; - } - if (may_flags & NFSD_MAY_64BIT_COOKIE) file->f_mode |= FMODE_64BITHASH; else diff --git a/include/linux/ima.h b/include/linux/ima.h index 70180b9bd974..cf1e48a2d97d 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -16,7 +16,6 @@ struct linux_binprm; #ifdef CONFIG_IMA extern enum hash_algo ima_get_current_hash_algo(void); -extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode); extern void ima_post_path_mknod(struct user_namespace *mnt_userns, @@ -45,11 +44,6 @@ static inline enum hash_algo ima_get_current_hash_algo(void) return HASH_ALGO__LAST; } -static inline int ima_file_check(struct file *file, int mask) -{ - return 0; -} - static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode) { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index ffebd3236f24..823d660b53ec 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -12,7 +12,7 @@ * * File: ima_main.c * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_file_check. + * and ima_file_open. */ #include @@ -504,25 +504,24 @@ static int ima_bprm_check(struct linux_binprm *bprm) } /** - * ima_file_check - based on policy, collect/store measurement. + * ima_file_open - based on policy, collect/store measurement. * @file: pointer to the file to be measured - * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND * * Measure files based on the ima_must_measure() policy decision. * * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_file_check(struct file *file, int mask) +static int ima_file_open(struct file *file) { + u32 perms = file_to_perms(file); u32 secid; security_current_getsecid_subj(&secid); + return process_measurement(file, current_cred(), secid, NULL, 0, - mask & (MAY_READ | MAY_WRITE | MAY_EXEC | - MAY_APPEND), FILE_CHECK); + perms, FILE_CHECK); } -EXPORT_SYMBOL_GPL(ima_file_check); static int __ima_inode_hash(struct inode *inode, struct file *file, char *buf, size_t buf_size) @@ -1085,6 +1084,7 @@ static struct security_hook_list ima_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(bprm_check_security, ima_bprm_check), LSM_HOOK_INIT(mmap_file, ima_file_mmap), LSM_HOOK_INIT(file_mprotect, ima_file_mprotect), + LSM_HOOK_INIT(file_open, ima_file_open), LSM_HOOK_INIT(file_free_security, ima_file_free), LSM_HOOK_INIT(kernel_read_file, ima_read_file), LSM_HOOK_INIT(kernel_post_read_file, ima_post_read_file), From patchwork Thu Oct 13 22:36:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2428 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510685wrs; Thu, 13 Oct 2022 15:39:23 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5F+v0MGtn4oTDB1xwePAciFzkk9DIL6pqiPT3v811KSAllxwcsbNRzJ6t8oigjHwYxDP+V X-Received: by 2002:a17:907:e93:b0:78d:b8ff:9b5f with SMTP id ho19-20020a1709070e9300b0078db8ff9b5fmr1471035ejc.12.1665700763521; Thu, 13 Oct 2022 15:39:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700763; cv=none; d=google.com; s=arc-20160816; b=JqTUCXS35zK35gSPgUVyLcaZMM1c305ImRATN9UGU3QRH2ZVbdR7WInHd9Wgfj37xL Xcv4phGDDEq0xtvKNTPz+O8RhbhBu+9mXFomQKzXOXwWGcPM3s/waHqWEHWyBteFZCxP eVrjvZFtsgjtAOdResYNZXsdWihb1tk+CgYj2y6Vu5cJBC62toW0IUe5gai+K1zkzHRN +8eLMPF4dCPlSaK0kc9CN3XiqFV1ZjVFG7VJKiYoQA/uxld/ZgpViH9RqJ5JUgL+7rlX K+Si/5CBjzxyoJsoUNVo14Gr8lfO28onYL7dpOtekPMTO3RGAzOA76ZEFdJYRpx1IrTF gvPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=th8D9izQjJ998cI4/KZV6eZrR/ZwkBVpvdjFCGv+/SY=; b=ZtM6CzL4McAJdvotQRroAUyNkuzOXLJv68jpvQtTtUp7ZfeosJN3ln8epBXjhBT4Sj +GtnyJuNj/tWvmcAdwWtJmLz/orzFz7mH03XK1YtdHp3NhK0y8sN6MIcAbl9CbdK2vYE N5HAHWYZXEXAz8MqHpt+nKbBfAxQV/JwPhERsSYz+4b7tAHvOIJkrPQ7SYbbv16chnhK KmFys5H/rI0p6SvzQ48/Bi4PK4L4njCvtV9LCxiswIewBGLGvvjcJl+p6gcfJVchgnFs hlDGN2Py6PWH4wBizXOi30/jOzR7q3CPQJxZClXmyEt2UzroPaPl5L41Yz7MVenxyP8P FAcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oFkXChlX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n1-20020a17090625c100b007417c6edb0asi816046ejb.402.2022.10.13.15.38.58; Thu, 13 Oct 2022 15:39:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oFkXChlX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229872AbiJMWha (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229798AbiJMWhI (ORCPT ); Thu, 13 Oct 2022 18:37:08 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 721BB19B64E for ; Thu, 13 Oct 2022 15:37:03 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id h10so3120996plb.2 for ; Thu, 13 Oct 2022 15:37:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=th8D9izQjJ998cI4/KZV6eZrR/ZwkBVpvdjFCGv+/SY=; b=oFkXChlXsxAQj3qYnpkg6w5DgXNz015acDxzTjiFNg+LPH4YFf92tFiNq4ILnZ5rcm K3clpPlkpKwoIQHEettguvBV3del7f89KcoavahMxa6b2QTiXUdmY3ocXpTyN4+3xWMK jQIjOmzIQzSGzLhrORBO/14AVFbusiMzsb3S8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=th8D9izQjJ998cI4/KZV6eZrR/ZwkBVpvdjFCGv+/SY=; b=kU6UCGz3pJX15ahEEHQ0WZxa3k/RGpndBNCTrE28vymWQPRZCCXNl2fUQE4zDBslfi GgfNbsTHve14Od6MNMhzttIzY6wkqYXNHRwUypLPR+Pha0GyuHh5I5nLSTknW6Wkbqoh KtUmqnq0SUHoQ182Wu+bq+AxpgbtqWKNMa7G5ULnqNZPuqp4zz1JiJc/OAL0Q4Ddo+02 qZKEaId+HNpmc5M+eE2hZ0qCe6hUt4xKOvnW9yoXUHdzLi7vL7dRjrKixxB2jytB7PqC /aPxPZiqm6QeSJK5VzxDy9PCgbQJ8c39dCcy+KHZhiO3KyHo9JCRZWzPReKMGb6mlL08 A7rQ== X-Gm-Message-State: ACrzQf0mHAms4VQcWKF1xU4k+5tkYhMIhxCFbbw+UfPBNY+nkVDyD1bM i5vPUgH8Rq6uP5pk80DA8hnp8A== X-Received: by 2002:a17:902:e806:b0:181:ebae:3ec3 with SMTP id u6-20020a170902e80600b00181ebae3ec3mr1980728plg.26.1665700622253; Thu, 13 Oct 2022 15:37:02 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id w2-20020a62c702000000b00562f431f3d2sm210782pfg.83.2022.10.13.15.36.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 8/9] integrity: Move trivial hooks into LSM Date: Thu, 13 Oct 2022 15:36:53 -0700 Message-Id: <20221013223654.659758-8-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4421; h=from:subject; bh=7RyqoeAwl+CutBMqosFojTLcMBHMS4XEBmxI0jo4aFA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMFaAp8ZLEl5taZLtxuA8Zx52dQdOpANz9PD0qy VL3NtaGJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBQAKCRCJcvTf3G3AJmDRD/ sGbgLjktgWkI9wVyG3hDP77jeZhaQHdStjWDHx6ecJa2lN/99sa8q6HtTYZWdm4T0fCfe5Q4qnD7z1 x5AR3/XV/qu6daTmfLuNpw4bTa6e9JXdjF1IogdsY84KxiiPv+l0Xfaoz16seZkRLWVammSxE/HyCA PdyZFCVy26Txvk5ACr4uI/1/M8Fy44cQFEgmlGf6soXGSRrQ8QK8xSBGLPugaexsT31/uww4f3lWin LxWBZmdWAnlbLl64IVofxF79qApzSX3+arh8wVl4nPLARJlC50nqaCnMZDKV1xGKUYU1eIjw9KxG3i 7jdDYHnP6d3rQTh5z99hPcv9oq2vip7hulX/lSYzKRZ/b9dmBAWnHPW8NYAP3iV9BoFZq/GTG2v/xp lnaCanFIfe/KCZS2w4wCEZpPmOVpchqiJ93O94AbpZ4zkdldPW3K9p0VoJKjcAniGDg9Xno2g7bVs0 YGLQ+cgp7NhiKjk520yyUpO9evF8lJhvYleFH9zTspxMeeBxC8XM79h5Vq55Ln0moqIlgGl9Pu1pwM NxcBaMQdwesGAqSTG++wsXi3vOaogZEw/7QUCPnXEw92OwhSFWYgGffJtMPIgw44YpkmYwkOAaRuKh q7uepCQceWY6ZotfI49P1IDKJ7oE8dKO04WpFF4dbcS7EwEJNyd7k9ylJgtQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613843577750034?= X-GMAIL-MSGID: =?utf-8?q?1746613843577750034?= Move the integrity_inode_free and integrity_kernel_module_request hooks into the LSM. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/integrity.h | 19 ------------------- security/integrity/iint.c | 11 ++++++++++- security/integrity/integrity.h | 1 + security/security.c | 8 +------- 4 files changed, 12 insertions(+), 27 deletions(-) diff --git a/include/linux/integrity.h b/include/linux/integrity.h index 2ea0f2f65ab6..c86bcf6b866b 100644 --- a/include/linux/integrity.h +++ b/include/linux/integrity.h @@ -22,7 +22,6 @@ enum integrity_status { /* List of EVM protected security xattrs */ #ifdef CONFIG_INTEGRITY extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode); -extern void integrity_inode_free(struct inode *inode); extern void __init integrity_load_keys(void); #else @@ -32,27 +31,9 @@ static inline struct integrity_iint_cache * return NULL; } -static inline void integrity_inode_free(struct inode *inode) -{ - return; -} - static inline void integrity_load_keys(void) { } #endif /* CONFIG_INTEGRITY */ -#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS - -extern int integrity_kernel_module_request(char *kmod_name); - -#else - -static inline int integrity_kernel_module_request(char *kmod_name) -{ - return 0; -} - -#endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */ - #endif /* _LINUX_INTEGRITY_H */ diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 4f322324449d..dea4dbb93a53 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -142,7 +142,7 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) * * Free the integrity information(iint) associated with an inode. */ -void integrity_inode_free(struct inode *inode) +static void integrity_inode_free(struct inode *inode) { struct integrity_iint_cache *iint; @@ -177,12 +177,21 @@ void __init integrity_add_lsm_hooks(struct security_hook_list *hooks, security_add_hooks(hooks, count, "integrity"); } +static struct security_hook_list integrity_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(inode_free_security, integrity_inode_free), +#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS + LSM_HOOK_INIT(kernel_module_request, integrity_kernel_module_request), +#endif +}; + static int __init integrity_lsm_init(void) { iint_cache = kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), 0, SLAB_PANIC, init_once); + integrity_add_lsm_hooks(integrity_hooks, ARRAY_SIZE(integrity_hooks)); + integrity_lsm_ima_init(); integrity_lsm_evm_init(); diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 3707349271c9..93f35b208809 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -237,6 +237,7 @@ static inline int __init integrity_load_cert(const unsigned int id, #endif /* CONFIG_INTEGRITY_SIGNATURE */ #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS +int integrity_kernel_module_request(char *kmod_name); int asymmetric_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen); #else diff --git a/security/security.c b/security/security.c index af42264ad3e2..60c0ed336b23 100644 --- a/security/security.c +++ b/security/security.c @@ -1036,7 +1036,6 @@ static void inode_free_by_rcu(struct rcu_head *head) void security_inode_free(struct inode *inode) { - integrity_inode_free(inode); call_void_hook(inode_free_security, inode); /* * The inode may still be referenced in a path walk and @@ -1723,12 +1722,7 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode) int security_kernel_module_request(char *kmod_name) { - int ret; - - ret = call_int_hook(kernel_module_request, 0, kmod_name); - if (ret) - return ret; - return integrity_kernel_module_request(kmod_name); + return call_int_hook(kernel_module_request, 0, kmod_name); } int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, From patchwork Thu Oct 13 22:36:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 2431 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp510973wrs; Thu, 13 Oct 2022 15:40:38 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6XQ9iJvCSghA7TXIl8u8OIqch0HjUqLPLXBAZiu0lOF883GHhFHTNv9K7DM2lL62sKLjO5 X-Received: by 2002:a17:907:7d8e:b0:78d:ed30:643b with SMTP id oz14-20020a1709077d8e00b0078ded30643bmr1399234ejc.253.1665700838708; Thu, 13 Oct 2022 15:40:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665700838; cv=none; d=google.com; s=arc-20160816; b=oZWesI6SUCwkEJbSdj9Y4i/oiFpXLpWkG4wzn4rbzrrB17GLlSW+BvXpu3iboxEap3 cTKIEo10DHo3si5rjJIWhuAYbJqU7KPpL4HPmjTe5Nfq6ZQuG77oo4JKgpeqkaEOhy/z p6E1nQhmAbHNwG9AvMVUXFWw1s0a5JR/Xvx8noHM5TJuCVHxy2D14ijAkEgukyYHdpMn achmQ8da2uRAtdIGgGWbJ8uRpIH7UCh1FkLuCY77SPtjx9xJtLjE0/aqk0yMtM6BR4hu XsclR9pv8eohERwna9thJgcQ6+Pmi25N7cDYy6Awp4xJraT4MPfGoa8PholwpARAXQVp fe/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NfEEfwgV0r1esosEkP9F/ee8FXM+KPxMeG8W8EWcy+c=; b=GbdVAQKBvHZdtGt/Mg2eZK1vLd7sUrkP/F3WJN0UcgUYfm7GGsPpfY/IOalRM9Kpll OwGjY0tOqZWVU7c6760ofMOknI2Bocx0s89SgsKsrcL5HWBcJ7uTUjBHq08HpIUlgUj9 iK1Capdoh/vqFG4TXmJG7ybUTGNnEJRp7gdt+q/ZkCqCK6oWkCBuloK/71qXpTmrsEAj 78WawguMo+sw5GzF1BV/mD4soJ/pQpQF1Q68EUuG4ru3r1ya1nh0X630+fJuFuC0fUGM Lvn5+hBtQaF9br0zmkdN+pVzHRHbLrRxOrHtAHbOWi+eKuW5LcWiEEF8Do59x6dij6An fhKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=JW1eReH2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bv16-20020a170906b1d000b007809c50fd78si749300ejb.262.2022.10.13.15.40.11; Thu, 13 Oct 2022 15:40:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=JW1eReH2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229704AbiJMWhs (ORCPT + 99 others); Thu, 13 Oct 2022 18:37:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229812AbiJMWhL (ORCPT ); Thu, 13 Oct 2022 18:37:11 -0400 Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E9F219C044 for ; Thu, 13 Oct 2022 15:37:04 -0700 (PDT) Received: by mail-pg1-x52a.google.com with SMTP id l6so2765032pgu.7 for ; Thu, 13 Oct 2022 15:37:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NfEEfwgV0r1esosEkP9F/ee8FXM+KPxMeG8W8EWcy+c=; b=JW1eReH2xnq/C7+qm0+Z9UsAitzAXfF7GB0HYN1tCAYKUKow3bX0dKmchXFpJokbg8 8ulCWFvoB+AlAS/hs/dQjHvgdTJZWh8sTWXS57Kyfm6/B4XXSIb3Y0YtToM6dnSU+K9I 1uP8vopBMgYMNvwEnNqbcKWN4XM7T4uvLVwTY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NfEEfwgV0r1esosEkP9F/ee8FXM+KPxMeG8W8EWcy+c=; b=ldai9JYfH2hShtPbQqxpdQZpz6HkNJSAyAlhi8XxZJ5ZSuCyp2XdXjwODaDIQTL54s +ZTMAlr57lNGw/OcKU58DlhAXsnKRXl4iR2pehZW4rjk39JEQ4RfpY+VRrjl4Mih4rd4 mGFdiP2p5Os5wT3IBbIvQxEyNnCrK/N88DbtZuBzNl77CHV6K0qJS+yDLAL+tnAuQeCi gwyx8ehU+QmqbcLtAE6I9Eo6zFXT5lZSpOwLLAPYN7ZBddsRu+Lf6/MMdeSUeNK18Fq6 bML6BsAIS2q+68okBWoRjJV1MKv483HpfQ5GmckzWCI4WCN8zCt8g9KmsJBhzE4b5Ejq ErJg== X-Gm-Message-State: ACrzQf1K/0/OWVIPwM/4OXbAMXq063ZbS0b2UXuXF0sQrOKqABzzTt/9 SxZQm3asU0p/uSqwAFy/5OJ7XA== X-Received: by 2002:a65:4508:0:b0:43c:e3c6:d1c2 with SMTP id n8-20020a654508000000b0043ce3c6d1c2mr1821471pgq.582.1665700623894; Thu, 13 Oct 2022 15:37:03 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 201-20020a6215d2000000b00563933243adsm207496pfv.85.2022.10.13.15.36.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 15:37:00 -0700 (PDT) From: Kees Cook To: Mimi Zohar Cc: Kees Cook , Dmitry Kasatkin , Paul Moore , James Morris , "Serge E. Hallyn" , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , KP Singh , Casey Schaufler , John Johansen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 9/9] integrity: Move integrity_inode_get() out of global header Date: Thu, 13 Oct 2022 15:36:54 -0700 Message-Id: <20221013223654.659758-9-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221013222702.never.990-kees@kernel.org> References: <20221013222702.never.990-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1875; h=from:subject; bh=FjECzdw5vk4KbUumDxIRN5saJ9SkT4eAnWhKYkWPT8g=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMFeyBOTwM/Gd1K9I43czpeG1w4C1JSQ7QXid4d 6uJrx+6JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTBQAKCRCJcvTf3G3AJvg9D/ oCYzGgLf4XwARfk6jZrk9TCXMGlneCjrt3Gciwcp8nh2moA085Sy+H0pocKDwzK2B6x1FgES5wCFaj ip2gVoCE8odPeGoYFCvO9A8xfM67uTH8W+BFNRnZIBnpMyWTlg4yCMMmaH5j1PPHWo7woQjrPdQPbf 0robFn9Qwaof2KTzywOGeALzfmUxWyjJGYrTbIrC1RyVwsnb1TvJVA7s6C2vU8zE7v6B0SL0x4VtKc ZzV8KpARqMpRIsLRclCbmJMRhCI+12kyHo+JNa/aHQlFNrHd2R8H5ej6kDY7UQ702ENB2Ud0I9hJjC 6fljP9Veexa4NXymEnDY8h3l+8DbAcH0/K1fSCzsU5oTNg9gd0/O8wHYUvuI82Pmz7+aXNlrUDYKVS kpce6gLgeLYBHgzuEbHJSx/R6ll1rWcsuEsiH9xvZeUwd64HbldzGDIdzwLIIjIU/hU61wBSyWFkOb o8z7/uYYAl1LKsa+7RQxRyVg6N5EWswXFNV59ThfGsrd9KR40lIeODNjy1OIcr5HGfxrNi3YsZH3aB pKdtGVi+VacVhfIu36bTLd2C+jDeHa+QkZBj4SuxgrAaWqKwGK0cWUlFZ2pDwsZVxP28zx6Ob12ZCu Mqoav641GmnwnvGBx6N8pWg45UosfbKi5OHrlP/eO0f5KAWbN42ubgkcp+ig== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746613922456706783?= X-GMAIL-MSGID: =?utf-8?q?1746613922456706783?= The function integrity_inode_get() does not need to be shared with the rest of the kernel, so move it into the internal integrity.h header. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/integrity.h | 11 +---------- security/integrity/integrity.h | 1 + 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/linux/integrity.h b/include/linux/integrity.h index c86bcf6b866b..4c6fd79b5bf8 100644 --- a/include/linux/integrity.h +++ b/include/linux/integrity.h @@ -21,19 +21,10 @@ enum integrity_status { /* List of EVM protected security xattrs */ #ifdef CONFIG_INTEGRITY -extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode); extern void __init integrity_load_keys(void); - #else -static inline struct integrity_iint_cache * - integrity_inode_get(struct inode *inode) -{ - return NULL; -} - static inline void integrity_load_keys(void) -{ -} +{ } #endif /* CONFIG_INTEGRITY */ #endif /* _LINUX_INTEGRITY_H */ diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 93f35b208809..acd904c12f87 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -178,6 +178,7 @@ struct integrity_iint_cache { * integrity data associated with an inode. */ struct integrity_iint_cache *integrity_iint_find(struct inode *inode); +struct integrity_iint_cache *integrity_inode_get(struct inode *inode); int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count);