[PATCH v3 13/15] ima: add ima_inode_setxattr and ima_inode_removexattr

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, James Morris <jmorris@namei.org>,
	David Safford <safford@watson.ibm.com>,
	Dave Hansen <dave@linux.vnet.ibm.com>,
	Mimi Zohar <zohar@us.ibm.com>
Subject: [PATCH v3 13/15] ima: add ima_inode_setxattr and ima_inode_removexattr
Date: Fri, 30 Jul 2010 11:45:44 -0400	[thread overview]
Message-ID: <1280504746-20256-14-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1280504746-20256-1-git-send-email-zohar@linux.vnet.ibm.com>

Based on xattr_permission comments, the restriction to modify
'security' xattr is left up to the underlying fs or lsm. Ensure
that not just anyone can modify or remove 'security.ima'.

Changelog:
  - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN
  - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs
  - ima_protect_xattr should be static

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
 include/linux/ima.h               |   16 ++++++++++++++++
 security/integrity/ima/ima_main.c |   26 ++++++++++++++++++++++++++
 security/security.c               |    6 ++++++
 3 files changed, 48 insertions(+), 0 deletions(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index ce82e29..2f87cf8 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -20,6 +20,9 @@ extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern void ima_counts_get(struct file *file);
 extern void ima_inode_post_setattr(struct dentry *dentry);
+extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
+		       const void *xattr_value, size_t xattr_value_len);
+extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
 
 #else
 static inline int ima_bprm_check(struct linux_binprm *bprm)
@@ -52,5 +55,18 @@ static inline void ima_inode_post_setattr(struct dentry *dentry)
 	return;
 }
 
+static inline int ima_inode_setxattr(struct dentry *dentry,
+				     const char *xattr_name,
+				     const void *xattr_value,
+				     size_t xattr_value_len)
+{
+	return 0;
+}
+
+static inline int ima_inode_removexattr(struct dentry *dentry,
+				        const char *xattr_name)
+{
+	return 0;
+}
 #endif /* CONFIG_IMA_H */
 #endif /* _LINUX_IMA_H */
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index d6132b9..6531765 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -372,6 +372,32 @@ void ima_inode_post_setattr(struct dentry *dentry)
 	return;
 }
 
+/*
+ * ima_protect_xattr - protect 'security.ima'
+ *
+ * Ensure that not just anyone can modify or remove 'security.ima'.
+ */
+static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name,
+			     const void *xattr_value, size_t xattr_value_len)
+{
+	if ((strcmp(xattr_name, XATTR_NAME_IMA) == 0)
+	    && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
+		       const void *xattr_value, size_t xattr_value_len)
+{
+	return ima_protect_xattr(dentry, xattr_name, xattr_value,
+				 xattr_value_len);
+}
+
+int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
+{
+	return ima_protect_xattr(dentry, xattr_name, NULL, 0);
+}
+
 static int __init init_ima(void)
 {
 	int error;
diff --git a/security/security.c b/security/security.c
index c373c5f..53c6285 100644
--- a/security/security.c
+++ b/security/security.c
@@ -556,6 +556,9 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
 	ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
 	if (ret)
 		return ret;
+	ret = ima_inode_setxattr(dentry, name, value, size);
+	if (ret)
+		return ret;
 	return evm_inode_setxattr(dentry, name, value, size);
 }
 
@@ -591,6 +594,9 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
 	ret = security_ops->inode_removexattr(dentry, name);
 	if (ret)
 		return ret;
+	ret = ima_inode_removexattr(dentry, name);
+	if (ret)
+		return ret;
 	return evm_inode_removexattr(dentry, name);
 }
 
-- 
1.7.1.1

next prev parent reply	other threads:[~2010-07-30 15:45 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-30 15:45 [PATCH v3 00/15] EVM Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 01/15] integrity: move ima inode integrity data management Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 02/15] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 03/15] evm: re-release Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 04/15] ima: move ima_file_free before releasing the file Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 05/15] security: imbed evm calls in security hooks Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 06/15] evm: inode post removexattr Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 07/15] evm: imbed evm_inode_post_setattr Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 08/15] evm: inode_post_init Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 09/15] fs: add evm_inode_post_init calls Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 10/15] ima: integrity appraisal extension Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 11/15] ima: appraise default rules Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 12/15] ima: inode post_setattr Mimi Zohar
2010-07-30 15:45 ` Mimi Zohar [this message]
2010-07-30 15:45 ` [PATCH v3 14/15] ima: appraise measurement required Mimi Zohar
2010-07-30 15:45 ` [PATCH v3 15/15] ima: extend policy language to support owner Mimi Zohar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ce82e29 dfblob:2f87cf8 dfblob:d6132b9 dfblob:6531765
dfblob:c373c5f dfblob:53c6285 )
 OR (
bs:"[PATCH v3 13/15] ima: add ima_inode_setxattr and ima_inode_removexattr" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1280504746-20256-14-git-send-email-zohar@linux.vnet.ibm.com \
    --to=zohar@linux.vnet.ibm.com \
    --cc=dave@linux.vnet.ibm.com \
    --cc=jmorris@namei.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=safford@watson.ibm.com \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).