From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: viro@zeniv.linux.org.uk, brauner@kernel.org,
chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de,
kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
dhowells@redhat.com, jarkko@kernel.org,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v3 20/25] security: Introduce key_post_create_or_update hook
Date: Mon, 4 Sep 2023 15:40:44 +0200 [thread overview]
Message-ID: <20230904134049.1802006-1-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230904133415.1799503-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
It is useful for IMA to measure the key content after creation or update,
so that remote verifiers are aware of the operation.
LSMs can benefit from this hook to make their decision on the new or
successfully updated key content. The new hook cannot return an error and
cannot cause the operation to be reverted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
include/linux/lsm_hook_defs.h | 3 +++
include/linux/security.h | 11 +++++++++++
security/keys/key.c | 7 ++++++-
security/security.c | 19 +++++++++++++++++++
4 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index eedc26790a07..7512b4c46aa8 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -399,6 +399,9 @@ LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
enum key_need_perm need_perm)
LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
+LSM_HOOK(void, LSM_RET_VOID, key_post_create_or_update, struct key *keyring,
+ struct key *key, const void *payload, size_t payload_len,
+ unsigned long flags, bool create)
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
diff --git a/include/linux/security.h b/include/linux/security.h
index e543ae80309b..f50b78481753 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1959,6 +1959,9 @@ void security_key_free(struct key *key);
int security_key_permission(key_ref_t key_ref, const struct cred *cred,
enum key_need_perm need_perm);
int security_key_getsecurity(struct key *key, char **_buffer);
+void security_key_post_create_or_update(struct key *keyring, struct key *key,
+ const void *payload, size_t payload_len,
+ unsigned long flags, bool create);
#else
@@ -1986,6 +1989,14 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
return 0;
}
+static inline void security_key_post_create_or_update(struct key *keyring,
+ struct key *key,
+ const void *payload,
+ size_t payload_len,
+ unsigned long flags,
+ bool create)
+{ }
+
#endif
#endif /* CONFIG_KEYS */
diff --git a/security/keys/key.c b/security/keys/key.c
index 5c0c7df833f8..0f9c6faf3491 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -934,6 +934,8 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
goto error_link_end;
}
+ security_key_post_create_or_update(keyring, key, payload, plen, flags,
+ true);
ima_post_key_create_or_update(keyring, key, payload, plen,
flags, true);
@@ -967,10 +969,13 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
key_ref = __key_update(key_ref, &prep);
- if (!IS_ERR(key_ref))
+ if (!IS_ERR(key_ref)) {
+ security_key_post_create_or_update(keyring, key, payload, plen,
+ flags, false);
ima_post_key_create_or_update(keyring, key,
payload, plen,
flags, false);
+ }
goto error_free_prep;
}
diff --git a/security/security.c b/security/security.c
index 554f4925323d..957e53ba904f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -5169,6 +5169,25 @@ int security_key_getsecurity(struct key *key, char **buffer)
*buffer = NULL;
return call_int_hook(key_getsecurity, 0, key, buffer);
}
+
+/**
+ * security_key_post_create_or_update() - Notification of key create or update
+ * @keyring: keyring to which the key is linked to
+ * @key: created or updated key
+ * @payload: data used to instantiate or update the key
+ * @payload_len: length of payload
+ * @flags: key flags
+ * @create: flag indicating whether the key was created or updated
+ *
+ * Notify the caller of a key creation or update.
+ */
+void security_key_post_create_or_update(struct key *keyring, struct key *key,
+ const void *payload, size_t payload_len,
+ unsigned long flags, bool create)
+{
+ call_void_hook(key_post_create_or_update, keyring, key, payload,
+ payload_len, flags, create);
+}
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
--
2.34.1
next prev parent reply other threads:[~2023-09-04 13:42 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 13:33 [PATCH v3 00/25] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 01/25] ima: Align ima_inode_post_setattr() definition with " Roberto Sassu
2023-10-11 14:26 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 02/25] ima: Align ima_post_path_mknod() " Roberto Sassu
2023-09-05 17:23 ` Stefan Berger
2023-10-11 14:38 ` Mimi Zohar
2023-10-11 16:02 ` Roberto Sassu
2023-10-11 19:01 ` Mimi Zohar
2023-10-12 7:29 ` Roberto Sassu
2023-10-12 11:42 ` Mimi Zohar
2023-10-12 12:19 ` Roberto Sassu
2023-10-12 13:25 ` Mimi Zohar
2023-10-12 13:33 ` Roberto Sassu
2023-10-12 17:10 ` Mimi Zohar
2023-10-13 7:38 ` Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 03/25] ima: Align ima_post_create_tmpfile() " Roberto Sassu
2023-09-05 17:26 ` Stefan Berger
2023-09-04 13:33 ` [PATCH v3 04/25] ima: Align ima_file_mprotect() " Roberto Sassu
2023-10-11 14:51 ` Mimi Zohar
2023-10-11 15:43 ` Roberto Sassu
2023-10-11 20:17 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 05/25] ima: Align ima_inode_setxattr() " Roberto Sassu
2023-10-11 19:20 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 06/25] ima: Align ima_inode_removexattr() " Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 07/25] ima: Align ima_post_read_file() " Roberto Sassu
2023-10-12 0:07 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 08/25] evm: Align evm_inode_post_setattr() " Roberto Sassu
2023-10-12 0:07 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 09/25] evm: Align evm_inode_setxattr() " Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 10/25] evm: Align evm_inode_post_setxattr() " Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 11/25] security: Align inode_setattr hook definition with EVM Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 12/25] security: Introduce inode_post_setattr hook Roberto Sassu
2023-09-05 17:40 ` Stefan Berger
2023-09-26 11:14 ` Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-10-12 7:42 ` Roberto Sassu
2023-10-12 11:43 ` Mimi Zohar
2023-10-12 12:25 ` Roberto Sassu
2023-09-04 13:34 ` [PATCH v3 13/25] security: Introduce inode_post_removexattr hook Roberto Sassu
2023-09-05 17:55 ` Stefan Berger
2023-10-12 0:09 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 14/25] security: Introduce file_post_open hook Roberto Sassu
2023-09-05 18:10 ` Stefan Berger
2023-10-12 12:36 ` Mimi Zohar
2023-10-12 12:45 ` Roberto Sassu
2023-10-12 13:35 ` Mimi Zohar
2023-10-12 13:49 ` Roberto Sassu
2023-09-04 13:34 ` [PATCH v3 15/25] security: Introduce file_pre_free_security hook Roberto Sassu
2023-09-05 18:36 ` Stefan Berger
2023-10-13 13:50 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 16/25] security: Introduce path_post_mknod hook Roberto Sassu
2023-09-05 18:48 ` Stefan Berger
2023-10-13 13:12 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 17/25] security: Introduce inode_post_create_tmpfile hook Roberto Sassu
2023-09-05 18:52 ` Stefan Berger
2023-10-13 13:18 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 18/25] security: Introduce inode_post_set_acl hook Roberto Sassu
2023-09-05 19:00 ` Stefan Berger
2023-10-13 13:27 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 19/25] security: Introduce inode_post_remove_acl hook Roberto Sassu
2023-09-05 19:01 ` Stefan Berger
2023-09-04 13:40 ` Roberto Sassu [this message]
2023-09-05 19:04 ` [PATCH v3 20/25] security: Introduce key_post_create_or_update hook Stefan Berger
2023-09-26 11:15 ` Roberto Sassu
2023-10-13 13:37 ` Mimi Zohar
2023-09-04 13:40 ` [PATCH v3 21/25] ima: Move to LSM infrastructure Roberto Sassu
2023-09-05 19:17 ` Stefan Berger
2023-10-13 16:55 ` Mimi Zohar
2023-09-04 13:40 ` [PATCH v3 22/25] ima: Move IMA-Appraisal " Roberto Sassu
2023-09-05 20:54 ` Stefan Berger
2023-09-04 13:40 ` [PATCH v3 23/25] evm: Move " Roberto Sassu
2023-09-04 13:40 ` [PATCH v3 24/25] integrity: Move integrity functions to the " Roberto Sassu
2023-09-04 13:40 ` [PATCH v3 25/25] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache Roberto Sassu
2023-09-12 16:19 ` Stefan Berger
2023-09-15 9:39 ` Roberto Sassu
2023-10-13 11:31 ` Roberto Sassu
2023-10-13 19:45 ` [PATCH v3 00/25] security: Move IMA and EVM to the LSM infrastructure Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230904134049.1802006-1-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=Dai.Ngo@oracle.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jarkko@kernel.org \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tom@talpey.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).