[PATCH v6 0/4] fanotify: introduce new event masks FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM

[Matthew Bobrowski <mbobrowski@mbobrowski.org>]

Currently, the fanotify API does not provide a means for user space
applications to receive events when a file has been opened specifically
for execution. New event masks FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM have
been introduced in order to provide users with this capability.

These event types, when either are explicitly requested by the user, will
be returned within the event mask when a marked file object is being
opened has __FMODE_EXEC set as one of the flags for open_flag.

Linux is used as an operating system in some products, with an environment
that can be certified under the Common Criteria Operating System
Protection Profile (OSPP). This is a formal threat model for a class of
technology. It requires specific countermeasures to mitigate threats. It
requires documentation to explain how a product implements these
countermeasures. It requires proof via a test suite to demonstrate that
the requirements are met, observed and checked by an independent qualified
third party. The latest set of requirements for OSPP v4.2 can be found
here:

https://www.niap-ccevs.org/Profile/Info.cfm?PPID=424&id=424

If you look on page 58, you will see the following requirement:

FPT_SRP_EXT.1 Software Restriction Policies FPT_SRP_EXT.1.1
administrator specified [selection:
        file path,
        file digital signature,
        version,
        hash,
        [assignment: other characteristics]
]

This patch is to help aid in meeting this requirement.

Note that this set of patches are based on Amir's fsnotify-fixes branch,
which has already been posted through for review. For those interested,
this branch can be found here:
https://github.com/amir73il/linux/commits/fsnotify-fixes

LTP tests for this feature are on my 'fanotify-exec' branch here: 
https://github.com/matthewbobrowski/ltp/commits/fanotify_exec. The files
that contains the test cases are provided below:

syscalls/fanotify03: test cases have been updated to cover
		     FAN_OPEN_EXEC_PERM events
syscalls/fanotify12: newly introduced LTP test file to cover 
		     FAN_OPEN_EXEC events
		    
The man pages updates for these newly defined event masks can be found
here:
https://github.com/matthewbobrowski/man-pages/commits/fanotify_exec.

I would like to thank both Amir and Jan for their time and help, highly
appreciated once again.

---

Matthew Bobrowski (4):
  fanotify: return only user requested event types in event mask
  fanotify: introduce new event mask FAN_OPEN_EXEC
  fanotify: introduce new event mask FAN_OPEN_EXEC_PERM
  fsnotify: don't merge events FS_OPEN_PERM and FS_OPEN_EXEC_PERM

 fs/notify/fanotify/fanotify.c    | 29 +++++++++-------
 fs/notify/fsnotify.c             |  2 +-
 include/linux/fanotify.h         |  5 +--
 include/linux/fsnotify.h         | 58 +++++++++++++++++++-------------
 include/linux/fsnotify_backend.h | 13 ++++---
 include/uapi/linux/fanotify.h    |  2 ++
 6 files changed, 66 insertions(+), 43 deletions(-)

-- 
2.17.2


-- 
Matthew Bobrowski