[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20231027083558.484911-16-roberto.sassu@huaweicloud.com>
Date: Fri, 27 Oct 2023 10:35:50 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: viro@...iv.linux.org.uk, brauner@...nel.org,
chuck.lever@...cle.com, jlayton@...nel.org, neilb@...e.de,
kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
zohar@...ux.ibm.com, dmitry.kasatkin@...il.com,
dhowells@...hat.com, jarkko@...nel.org,
stephen.smalley.work@...il.com, eparis@...isplace.org,
casey@...aufler-ca.com, mic@...ikod.net
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
selinux@...r.kernel.org, Roberto Sassu <roberto.sassu@...wei.com>
Subject: [PATCH v4 15/23] security: Introduce inode_post_create_tmpfile hook
From: Roberto Sassu <roberto.sassu@...wei.com>
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could also take some action after temp files have been created.
The new hook cannot return an error and cannot cause the operation to be
canceled.
Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
---
fs/namei.c | 1 +
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 6 ++++++
security/security.c | 15 +++++++++++++++
4 files changed, 24 insertions(+)
diff --git a/fs/namei.c b/fs/namei.c
index 955a03aa51b7..ef08053185a2 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3703,6 +3703,7 @@ static int vfs_tmpfile(struct mnt_idmap *idmap,
inode->i_state |= I_LINKABLE;
spin_unlock(&inode->i_lock);
}
+ security_inode_post_create_tmpfile(idmap, inode);
ima_post_create_tmpfile(idmap, inode);
return 0;
}
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 0163c781f950..945ed6078890 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -121,6 +121,8 @@ LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
const struct qstr *name, const struct inode *context_inode)
LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
umode_t mode)
+LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap,
+ struct inode *inode)
LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,
struct dentry *new_dentry)
LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry)
diff --git a/include/linux/security.h b/include/linux/security.h
index 9673a7f45bf0..fbc57f2fa158 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -344,6 +344,8 @@ int security_inode_init_security_anon(struct inode *inode,
const struct qstr *name,
const struct inode *context_inode);
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
+void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
+ struct inode *inode);
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
struct dentry *new_dentry);
int security_inode_unlink(struct inode *dir, struct dentry *dentry);
@@ -809,6 +811,10 @@ static inline int security_inode_create(struct inode *dir,
return 0;
}
+static inline void
+security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode)
+{ }
+
static inline int security_inode_link(struct dentry *old_dentry,
struct inode *dir,
struct dentry *new_dentry)
diff --git a/security/security.c b/security/security.c
index 35e5b5d901ac..fcd16e853c42 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2006,6 +2006,21 @@ int security_inode_create(struct inode *dir, struct dentry *dentry,
}
EXPORT_SYMBOL_GPL(security_inode_create);
+/**
+ * security_inode_post_create_tmpfile() - Update inode security field after creation of tmpfile
+ * @idmap: idmap of the mount
+ * @inode: inode of the new tmpfile
+ *
+ * Update inode security field after a tmpfile has been created.
+ */
+void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
+ struct inode *inode)
+{
+ if (unlikely(IS_PRIVATE(inode)))
+ return;
+ call_void_hook(inode_post_create_tmpfile, idmap, inode);
+}
+
/**
* security_inode_link() - Check if creating a hard link is allowed
* @old_dentry: existing file
--
2.34.1
Powered by blists - more mailing lists