From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: viro@zeniv.linux.org.uk, brauner@kernel.org,
chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de,
kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
dhowells@redhat.com, jarkko@kernel.org,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com, mic@digikod.net
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v4 10/23] security: Introduce inode_post_setattr hook
Date: Fri, 27 Oct 2023 10:35:45 +0200 [thread overview]
Message-ID: <20231027083558.484911-11-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20231027083558.484911-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
At inode_setattr hook, EVM verifies the file's existing HMAC value. At
inode_post_setattr, EVM re-calculates the file's HMAC based on the modified
file attributes and other file metadata.
Other LSMs could similarly take some action after successful file attribute
change.
The new hook cannot return an error and cannot cause the operation to be
reverted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
fs/attr.c | 1 +
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 7 +++++++
security/security.c | 16 ++++++++++++++++
4 files changed, 26 insertions(+)
diff --git a/fs/attr.c b/fs/attr.c
index 9ecafb13a53b..ebd8d61a3b8b 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -502,6 +502,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry,
if (!error) {
fsnotify_change(dentry, ia_valid);
+ security_inode_post_setattr(idmap, dentry, ia_valid);
ima_inode_post_setattr(idmap, dentry, ia_valid);
evm_inode_post_setattr(idmap, dentry, ia_valid);
}
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 751b084185ac..e9d66af8ce84 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -137,6 +137,8 @@ LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
+LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, struct mnt_idmap *idmap,
+ struct dentry *dentry, int ia_valid)
LSM_HOOK(int, 0, inode_getattr, const struct path *path)
LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
struct dentry *dentry, const char *name, const void *value,
diff --git a/include/linux/security.h b/include/linux/security.h
index e567f910a1c2..f729e5c8f1fe 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -361,6 +361,8 @@ int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
int security_inode_permission(struct inode *inode, int mask);
int security_inode_setattr(struct mnt_idmap *idmap,
struct dentry *dentry, struct iattr *attr);
+void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid);
int security_inode_getattr(const struct path *path);
int security_inode_setxattr(struct mnt_idmap *idmap,
struct dentry *dentry, const char *name,
@@ -877,6 +879,11 @@ static inline int security_inode_setattr(struct mnt_idmap *idmap,
return 0;
}
+static inline void
+security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid)
+{ }
+
static inline int security_inode_getattr(const struct path *path)
{
return 0;
diff --git a/security/security.c b/security/security.c
index da10da5fd79f..c8074b4f6d71 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2215,6 +2215,22 @@ int security_inode_setattr(struct mnt_idmap *idmap,
}
EXPORT_SYMBOL_GPL(security_inode_setattr);
+/**
+ * security_inode_post_setattr() - Update the inode after a setattr operation
+ * @idmap: idmap of the mount
+ * @dentry: file
+ * @ia_valid: file attributes set
+ *
+ * Update inode security field after successful setting file attributes.
+ */
+void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ int ia_valid)
+{
+ if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
+ return;
+ call_void_hook(inode_post_setattr, idmap, dentry, ia_valid);
+}
+
/**
* security_inode_getattr() - Check if getting file attributes is allowed
* @path: file
--
2.34.1
next prev parent reply other threads:[~2023-10-27 8:40 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-27 8:35 [PATCH v4 00/23] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 01/23] ima: Align ima_inode_post_setattr() definition with " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 02/23] ima: Align ima_file_mprotect() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 03/23] ima: Align ima_inode_setxattr() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 04/23] ima: Align ima_inode_removexattr() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 05/23] ima: Align ima_post_read_file() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 06/23] evm: Align evm_inode_post_setattr() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 07/23] evm: Align evm_inode_setxattr() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 08/23] evm: Align evm_inode_post_setxattr() " Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 09/23] security: Align inode_setattr hook definition with EVM Roberto Sassu
2023-10-27 8:35 ` Roberto Sassu [this message]
2023-10-27 8:35 ` [PATCH v4 11/23] security: Introduce inode_post_removexattr hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 12/23] security: Introduce file_post_open hook Roberto Sassu
2023-11-06 16:40 ` Mimi Zohar
2023-10-27 8:35 ` [PATCH v4 13/23] security: Introduce file_pre_free_security hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 14/23] security: Introduce path_post_mknod hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 15/23] security: Introduce inode_post_create_tmpfile hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 16/23] security: Introduce inode_post_set_acl hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 17/23] security: Introduce inode_post_remove_acl hook Roberto Sassu
2023-11-06 16:34 ` Mimi Zohar
2023-10-27 8:35 ` [PATCH v4 18/23] security: Introduce key_post_create_or_update hook Roberto Sassu
2023-10-27 8:35 ` [PATCH v4 19/23] ima: Move to LSM infrastructure Roberto Sassu
2023-10-27 8:42 ` [PATCH v4 20/23] ima: Move IMA-Appraisal " Roberto Sassu
2023-11-06 16:33 ` Mimi Zohar
2023-10-27 8:42 ` [PATCH v4 21/23] evm: Move " Roberto Sassu
2023-10-27 8:42 ` [PATCH v4 22/23] integrity: Move integrity functions to the " Roberto Sassu
2023-10-27 8:42 ` [PATCH v4 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache Roberto Sassu
2023-11-06 16:37 ` [PATCH v4 00/23] security: Move IMA and EVM to the LSM infrastructure Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231027083558.484911-11-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=Dai.Ngo@oracle.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jarkko@kernel.org \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tom@talpey.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).