From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: viro@zeniv.linux.org.uk, brauner@kernel.org,
chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de,
kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
dhowells@redhat.com, jarkko@kernel.org,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v3 12/25] security: Introduce inode_post_setattr hook
Date: Mon, 4 Sep 2023 15:34:02 +0200 [thread overview]
Message-ID: <20230904133415.1799503-13-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230904133415.1799503-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
It is useful for EVM to recalculate the HMAC on modified file attributes
and other file metadata, after it verified the HMAC of current file
metadata with the inode_setattr hook.
LSMs should use the new hook instead of inode_setattr, when they need to
know that the operation was done successfully (not known in inode_setattr).
The new hook cannot return an error and cannot cause the operation to be
reverted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
fs/attr.c | 1 +
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 7 +++++++
security/security.c | 16 ++++++++++++++++
4 files changed, 26 insertions(+)
diff --git a/fs/attr.c b/fs/attr.c
index 431f667726c7..3c309eb456c6 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -486,6 +486,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry,
if (!error) {
fsnotify_change(dentry, ia_valid);
+ security_inode_post_setattr(idmap, dentry, ia_valid);
ima_inode_post_setattr(idmap, dentry, ia_valid);
evm_inode_post_setattr(idmap, dentry, ia_valid);
}
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index fdf075a6b1bb..995d30336cfa 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -136,6 +136,8 @@ LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
+LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, struct mnt_idmap *idmap,
+ struct dentry *dentry, int ia_valid)
LSM_HOOK(int, 0, inode_getattr, const struct path *path)
LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
struct dentry *dentry, const char *name, const void *value,
diff --git a/include/linux/security.h b/include/linux/security.h
index dcb3604ffab8..820899db5276 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -355,6 +355,8 @@ int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
int security_inode_permission(struct inode *inode, int mask);
int security_inode_setattr(struct mnt_idmap *idmap,
struct dentry *dentry, struct iattr *attr);
+void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid);
int security_inode_getattr(const struct path *path);
int security_inode_setxattr(struct mnt_idmap *idmap,
struct dentry *dentry, const char *name,
@@ -856,6 +858,11 @@ static inline int security_inode_setattr(struct mnt_idmap *idmap,
return 0;
}
+static inline void
+security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid)
+{ }
+
static inline int security_inode_getattr(const struct path *path)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 2b24d01cf181..764a6f28b3b9 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2124,6 +2124,22 @@ int security_inode_setattr(struct mnt_idmap *idmap,
}
EXPORT_SYMBOL_GPL(security_inode_setattr);
+/**
+ * security_inode_post_setattr() - Update the inode after a setattr operation
+ * @idmap: idmap of the mount
+ * @dentry: file
+ * @ia_valid: file attributes set
+ *
+ * Update inode security field after successful setting file attributes.
+ */
+void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid)
+{
+ if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
+ return;
+ call_void_hook(inode_post_setattr, idmap, dentry, ia_valid);
+}
+
/**
* security_inode_getattr() - Check if getting file attributes is allowed
* @path: file
--
2.34.1
next prev parent reply other threads:[~2023-09-04 13:37 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 13:33 [PATCH v3 00/25] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 01/25] ima: Align ima_inode_post_setattr() definition with " Roberto Sassu
2023-10-11 14:26 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 02/25] ima: Align ima_post_path_mknod() " Roberto Sassu
2023-09-05 17:23 ` Stefan Berger
2023-10-11 14:38 ` Mimi Zohar
2023-10-11 16:02 ` Roberto Sassu
2023-10-11 19:01 ` Mimi Zohar
2023-10-12 7:29 ` Roberto Sassu
2023-10-12 11:42 ` Mimi Zohar
2023-10-12 12:19 ` Roberto Sassu
2023-10-12 13:25 ` Mimi Zohar
2023-10-12 13:33 ` Roberto Sassu
2023-10-12 17:10 ` Mimi Zohar
2023-10-13 7:38 ` Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 03/25] ima: Align ima_post_create_tmpfile() " Roberto Sassu
2023-09-05 17:26 ` Stefan Berger
2023-09-04 13:33 ` [PATCH v3 04/25] ima: Align ima_file_mprotect() " Roberto Sassu
2023-10-11 14:51 ` Mimi Zohar
2023-10-11 15:43 ` Roberto Sassu
2023-10-11 20:17 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 05/25] ima: Align ima_inode_setxattr() " Roberto Sassu
2023-10-11 19:20 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 06/25] ima: Align ima_inode_removexattr() " Roberto Sassu
2023-09-04 13:33 ` [PATCH v3 07/25] ima: Align ima_post_read_file() " Roberto Sassu
2023-10-12 0:07 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 08/25] evm: Align evm_inode_post_setattr() " Roberto Sassu
2023-10-12 0:07 ` Mimi Zohar
2023-09-04 13:33 ` [PATCH v3 09/25] evm: Align evm_inode_setxattr() " Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 10/25] evm: Align evm_inode_post_setxattr() " Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 11/25] security: Align inode_setattr hook definition with EVM Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-09-04 13:34 ` Roberto Sassu [this message]
2023-09-05 17:40 ` [PATCH v3 12/25] security: Introduce inode_post_setattr hook Stefan Berger
2023-09-26 11:14 ` Roberto Sassu
2023-10-12 0:08 ` Mimi Zohar
2023-10-12 7:42 ` Roberto Sassu
2023-10-12 11:43 ` Mimi Zohar
2023-10-12 12:25 ` Roberto Sassu
2023-09-04 13:34 ` [PATCH v3 13/25] security: Introduce inode_post_removexattr hook Roberto Sassu
2023-09-05 17:55 ` Stefan Berger
2023-10-12 0:09 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 14/25] security: Introduce file_post_open hook Roberto Sassu
2023-09-05 18:10 ` Stefan Berger
2023-10-12 12:36 ` Mimi Zohar
2023-10-12 12:45 ` Roberto Sassu
2023-10-12 13:35 ` Mimi Zohar
2023-10-12 13:49 ` Roberto Sassu
2023-09-04 13:34 ` [PATCH v3 15/25] security: Introduce file_pre_free_security hook Roberto Sassu
2023-09-05 18:36 ` Stefan Berger
2023-10-13 13:50 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 16/25] security: Introduce path_post_mknod hook Roberto Sassu
2023-09-05 18:48 ` Stefan Berger
2023-10-13 13:12 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 17/25] security: Introduce inode_post_create_tmpfile hook Roberto Sassu
2023-09-05 18:52 ` Stefan Berger
2023-10-13 13:18 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 18/25] security: Introduce inode_post_set_acl hook Roberto Sassu
2023-09-05 19:00 ` Stefan Berger
2023-10-13 13:27 ` Mimi Zohar
2023-09-04 13:34 ` [PATCH v3 19/25] security: Introduce inode_post_remove_acl hook Roberto Sassu
2023-09-05 19:01 ` Stefan Berger
2023-09-04 13:40 ` [PATCH v3 20/25] security: Introduce key_post_create_or_update hook Roberto Sassu
2023-09-05 19:04 ` Stefan Berger
2023-09-26 11:15 ` Roberto Sassu
2023-10-13 13:37 ` Mimi Zohar
2023-09-04 13:40 ` [PATCH v3 21/25] ima: Move to LSM infrastructure Roberto Sassu
2023-09-05 19:17 ` Stefan Berger
2023-10-13 16:55 ` Mimi Zohar
2023-09-04 13:40 ` [PATCH v3 22/25] ima: Move IMA-Appraisal " Roberto Sassu
2023-09-05 20:54 ` Stefan Berger
2023-09-04 13:40 ` [PATCH v3 23/25] evm: Move " Roberto Sassu
2023-09-04 13:40 ` [PATCH v3 24/25] integrity: Move integrity functions to the " Roberto Sassu
2023-09-04 13:40 ` [PATCH v3 25/25] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache Roberto Sassu
2023-09-12 16:19 ` Stefan Berger
2023-09-15 9:39 ` Roberto Sassu
2023-10-13 11:31 ` Roberto Sassu
2023-10-13 19:45 ` [PATCH v3 00/25] security: Move IMA and EVM to the LSM infrastructure Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230904133415.1799503-13-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=Dai.Ngo@oracle.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jarkko@kernel.org \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tom@talpey.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).