From: "Serge E. Hallyn" <serge@hallyn.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>,
Dmitry Kasatkin <dmitry.kasatkin@nokia.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH v5 06/21] security: imbed evm calls in security hooks
Date: Thu, 19 May 2011 17:13:01 -0500 [thread overview]
Message-ID: <20110519221301.GB4332@mail.hallyn.com> (raw)
In-Reply-To: <1305557115-15652-7-git-send-email-zohar@linux.vnet.ibm.com>
Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> Imbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),
> evm_inode_removexattr() in the security hooks. evm_inode_setxattr()
> protects security.evm xattr. evm_inode_post_setxattr() and
> evm_inode_removexattr() updates the hmac associated with an inode.
>
> (Assumes an LSM module protects the setting/removing of xattr.)
>
> Changelog:
> - Don't define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.
> - xattr_name is a 'const', value is 'void *'
>
> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Still looks good, thanks.
> ---
> include/linux/evm.h | 56 +++++++++++++++++++++++++++++++++++++
> security/integrity/evm/evm_main.c | 1 +
> security/security.c | 16 +++++++++-
> 3 files changed, 71 insertions(+), 2 deletions(-)
> create mode 100644 include/linux/evm.h
>
> diff --git a/include/linux/evm.h b/include/linux/evm.h
> new file mode 100644
> index 0000000..8b4e9e3
> --- /dev/null
> +++ b/include/linux/evm.h
> @@ -0,0 +1,56 @@
> +/*
> + * evm.h
> + *
> + * Copyright (c) 2009 IBM Corporation
> + * Author: Mimi Zohar <zohar@us.ibm.com>
> + */
> +
> +#ifndef _LINUX_EVM_H
> +#define _LINUX_EVM_H
> +
> +#include <linux/integrity.h>
> +
> +#ifdef CONFIG_EVM
> +extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
> + const char *xattr_name,
> + void *xattr_value,
> + size_t xattr_value_len);
> +extern int evm_inode_setxattr(struct dentry *dentry, const char *name,
> + const void *value, size_t size);
> +extern void evm_inode_post_setxattr(struct dentry *dentry,
> + const char *xattr_name,
> + const void *xattr_value,
> + size_t xattr_value_len);
> +extern int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name);
> +#else
> +#ifdef CONFIG_INTEGRITY
> +static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
> + const char *xattr_name,
> + void *xattr_value,
> + size_t xattr_value_len)
> +{
> + return INTEGRITY_UNKNOWN;
> +}
> +#endif
> +
> +static inline int evm_inode_setxattr(struct dentry *dentry, const char *name,
> + const void *value, size_t size)
> +{
> + return 0;
> +}
> +
> +static inline void evm_inode_post_setxattr(struct dentry *dentry,
> + const char *xattr_name,
> + const void *xattr_value,
> + size_t xattr_value_len)
> +{
> + return;
> +}
> +
> +static inline int evm_inode_removexattr(struct dentry *dentry,
> + const char *xattr_name)
> +{
> + return 0;
> +}
> +#endif /* CONFIG_EVM_H */
> +#endif /* LINUX_EVM_H */
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index 42c792f..e89ceb1 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -18,6 +18,7 @@
> #include <linux/crypto.h>
> #include <linux/xattr.h>
> #include <linux/integrity.h>
> +#include <linux/evm.h>
> #include "evm.h"
>
> int evm_initialized;
> diff --git a/security/security.c b/security/security.c
> index d0c6576..635bcc9 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -18,6 +18,7 @@
> #include <linux/security.h>
> #include <linux/integrity.h>
> #include <linux/ima.h>
> +#include <linux/evm.h>
>
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> @@ -549,9 +550,14 @@ int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
> int security_inode_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags)
> {
> + int ret;
> +
> if (unlikely(IS_PRIVATE(dentry->d_inode)))
> return 0;
> - return security_ops->inode_setxattr(dentry, name, value, size, flags);
> + ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
> + if (ret)
> + return ret;
> + return evm_inode_setxattr(dentry, name, value, size);
> }
>
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> @@ -560,6 +566,7 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> if (unlikely(IS_PRIVATE(dentry->d_inode)))
> return;
> security_ops->inode_post_setxattr(dentry, name, value, size, flags);
> + evm_inode_post_setxattr(dentry, name, value, size);
> }
>
> int security_inode_getxattr(struct dentry *dentry, const char *name)
> @@ -578,9 +585,14 @@ int security_inode_listxattr(struct dentry *dentry)
>
> int security_inode_removexattr(struct dentry *dentry, const char *name)
> {
> + int ret;
> +
> if (unlikely(IS_PRIVATE(dentry->d_inode)))
> return 0;
> - return security_ops->inode_removexattr(dentry, name);
> + ret = security_ops->inode_removexattr(dentry, name);
> + if (ret)
> + return ret;
> + return evm_inode_removexattr(dentry, name);
> }
>
> int security_inode_need_killpriv(struct dentry *dentry)
> --
> 1.7.3.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2011-05-19 22:13 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-16 14:44 [PATCH v5 00/21] EVM Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 01/21] integrity: move ima inode integrity data management Mimi Zohar
2011-05-19 2:06 ` Serge E. Hallyn
2011-05-19 22:45 ` Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 02/21] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-05-19 2:11 ` Serge E. Hallyn
2011-05-16 14:44 ` [PATCH v5 03/21] evm: re-release Mimi Zohar
2011-05-19 6:05 ` Serge E. Hallyn
2011-05-19 22:49 ` Mimi Zohar
2011-05-20 11:12 ` Harald Hoyer
2011-05-20 11:21 ` Mimi Zohar
2011-05-19 21:37 ` Serge E. Hallyn
2011-05-20 12:29 ` Mimi Zohar
2011-05-20 13:43 ` Serge E. Hallyn
2011-05-16 14:44 ` [PATCH v5 04/21] evm: add support for different security.evm data types Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 05/21] ima: move ima_file_free before releasing the file Mimi Zohar
2011-05-19 22:06 ` Serge E. Hallyn
2011-05-20 0:55 ` Mimi Zohar
2011-05-20 13:40 ` Serge E. Hallyn
2011-05-20 14:34 ` Mimi Zohar
2011-05-20 15:25 ` Serge E. Hallyn
2011-05-16 14:45 ` [PATCH v5 06/21] security: imbed evm calls in security hooks Mimi Zohar
2011-05-19 22:13 ` Serge E. Hallyn [this message]
2011-05-16 14:45 ` [PATCH v5 07/21] evm: evm_inode_post_removexattr Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 08/21] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 09/21] evm: evm_inode_post_init Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 10/21] fs: add evm_inode_post_init calls Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 11/21] evm: crypto hash replaced by shash Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 12/21] evm: add evm_inode_post_init call in btrfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 13/21] evm: add evm_inode_post_init call in gfs2 Mimi Zohar
2011-05-16 15:30 ` Steven Whitehouse
2011-05-16 15:50 ` Mimi Zohar
2011-05-16 16:14 ` Steven Whitehouse
2011-05-16 16:35 ` Mimi Zohar
2011-05-16 17:50 ` Mimi Zohar
2011-05-16 17:57 ` Steven Whitehouse
2011-05-16 18:20 ` Mimi Zohar
2011-05-16 18:23 ` Casey Schaufler
2011-05-16 18:48 ` Mimi Zohar
2011-05-16 19:25 ` Casey Schaufler
2011-05-19 0:55 ` Mimi Zohar
2011-05-19 9:25 ` Steven Whitehouse
2011-05-16 14:45 ` [PATCH v5 14/21] evm: add evm_inode_post_init call in jffs2 Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 15/21] evm: add evm_inode_post_init call in jfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 16/21] evm: add evm_inode_post_init call in xfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 17/21] evm: additional parameter to pass integrity cache entry 'iint' Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 18/21] evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 19/21] evm: replace hmac_status with evm_status Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 20/21] evm: permit only valid security.evm xattrs to be updated Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 21/21] evm: add evm_inode_setattr to prevent updating an invalid security.evm Mimi Zohar
2011-05-19 0:25 ` [PATCH v5 00/21] EVM Andrew Morton
2011-05-19 1:51 ` Mimi Zohar
2011-05-20 0:51 ` James Morris
2011-05-20 1:07 ` Mimi Zohar
2011-05-20 13:06 ` David Safford
2011-05-20 14:13 ` Casey Schaufler
2011-05-26 6:08 ` Pavel Machek
2011-05-26 16:34 ` Casey Schaufler
2011-05-26 18:11 ` David Safford
2011-05-26 18:38 ` Pavel Machek
2011-05-26 19:30 ` Casey Schaufler
2011-05-26 20:02 ` Pavel Machek
2011-05-26 20:32 ` Casey Schaufler
2011-05-26 19:49 ` Mimi Zohar
2011-05-26 20:17 ` Pavel Machek
2011-05-27 17:45 ` David Safford
2011-05-29 6:58 ` Pavel Machek
2011-05-31 12:05 ` Mimi Zohar
2011-05-31 13:40 ` Valdis.Kletnieks
2011-06-01 22:11 ` Dmitry Kasatkin
2011-05-20 18:50 ` Serge E. Hallyn
2011-05-23 22:09 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110519221301.GB4332@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=akpm@linux-foundation.org \
--cc=dmitry.kasatkin@nokia.com \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).