From: Roberto Sassu via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com
Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>,
reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [PATCH v8 6/6] evm: Support multiple LSMs providing an xattr
Date: Tue, 14 Mar 2023 09:17:20 +0100 [thread overview]
Message-ID: <20230314081720.4158676-7-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
Currently, evm_inode_init_security() processes a single LSM xattr from
the array passed by security_inode_init_security(), and calculates the
HMAC on it and other inode metadata.
Given that initxattrs() callbacks, called by
security_inode_init_security(), expect that this array is terminated when
the xattr name is set to NULL, reuse the same assumption to scan all xattrs
and to calculate the HMAC on all of them.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
security/integrity/evm/evm.h | 2 ++
security/integrity/evm/evm_crypto.c | 9 ++++++++-
security/integrity/evm/evm_main.c | 16 +++++++++++-----
3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
index f8b8c5004fc..f799d72a59f 100644
--- a/security/integrity/evm/evm.h
+++ b/security/integrity/evm/evm.h
@@ -46,6 +46,8 @@ struct evm_digest {
char digest[IMA_MAX_DIGEST_SIZE];
} __packed;
+int evm_protected_xattr(const char *req_xattr_name);
+
int evm_init_key(void);
int evm_update_evmxattr(struct dentry *dentry,
const char *req_xattr_name,
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 033804f5a5f..5d8b5ecf594 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -389,6 +389,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
char *hmac_val)
{
struct shash_desc *desc;
+ const struct xattr *xattr;
desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1);
if (IS_ERR(desc)) {
@@ -396,7 +397,13 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
return PTR_ERR(desc);
}
- crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len);
+ for (xattr = lsm_xattr; xattr->name != NULL; xattr++) {
+ if (!evm_protected_xattr(xattr->name))
+ continue;
+
+ crypto_shash_update(desc, xattr->value, xattr->value_len);
+ }
+
hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val);
kfree(desc);
return 0;
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 7d20ce83915..013eb220cc5 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -305,7 +305,7 @@ static int evm_protected_xattr_common(const char *req_xattr_name,
return found;
}
-static int evm_protected_xattr(const char *req_xattr_name)
+int evm_protected_xattr(const char *req_xattr_name)
{
return evm_protected_xattr_common(req_xattr_name, false);
}
@@ -870,10 +870,10 @@ int evm_inode_init_security(struct inode *inode, struct inode *dir,
{
struct evm_xattr *xattr_data;
struct xattr *xattr, *evm_xattr;
+ bool evm_protected_xattrs = false;
int rc;
- if (!(evm_initialized & EVM_INIT_HMAC) || !xattrs ||
- !evm_protected_xattr(xattrs->name))
+ if (!(evm_initialized & EVM_INIT_HMAC) || !xattrs)
return -EOPNOTSUPP;
/*
@@ -881,8 +881,14 @@ int evm_inode_init_security(struct inode *inode, struct inode *dir,
* contiguous, there is enough space for security.evm, and that there is
* a terminator at the end of the array.
*/
- for (xattr = xattrs; xattr->name != NULL; xattr++)
- ;
+ for (xattr = xattrs; xattr->name != NULL; xattr++) {
+ if (evm_protected_xattr(xattr->name))
+ evm_protected_xattrs = true;
+ }
+
+ /* EVM xattr not needed. */
+ if (!evm_protected_xattrs)
+ return -EOPNOTSUPP;
evm_xattr = xattr;
--
2.25.1
_______________________________________________
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
next prev parent reply other threads:[~2023-03-14 8:19 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-14 8:17 [Ocfs2-devel] [PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes Roberto Sassu via Ocfs2-devel
2023-03-14 8:17 ` [Ocfs2-devel] [PATCH v8 1/6] reiserfs: Switch to security_inode_init_security() Roberto Sassu via Ocfs2-devel
2023-03-23 23:33 ` Paul Moore via Ocfs2-devel
2023-03-14 8:17 ` [Ocfs2-devel] [PATCH v8 2/6] ocfs2: " Roberto Sassu via Ocfs2-devel
2023-03-17 19:39 ` Mimi Zohar via Ocfs2-devel
2023-03-23 23:37 ` Paul Moore via Ocfs2-devel
2023-03-14 8:17 ` [Ocfs2-devel] [PATCH v8 3/6] security: Remove security_old_inode_init_security() Roberto Sassu via Ocfs2-devel
2023-03-23 23:41 ` Paul Moore via Ocfs2-devel
2023-03-14 8:17 ` [Ocfs2-devel] [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook Roberto Sassu via Ocfs2-devel
2023-03-24 0:09 ` Paul Moore via Ocfs2-devel
2023-03-24 1:01 ` Casey Schaufler via Ocfs2-devel
2023-03-24 14:17 ` Paul Moore via Ocfs2-devel
2023-03-24 10:18 ` Roberto Sassu via Ocfs2-devel
2023-03-24 13:25 ` Roberto Sassu via Ocfs2-devel
2023-03-24 21:39 ` Paul Moore via Ocfs2-devel
2023-03-27 7:29 ` Roberto Sassu via Ocfs2-devel
2023-03-27 21:02 ` Paul Moore via Ocfs2-devel
2023-03-28 7:46 ` Roberto Sassu via Ocfs2-devel
2023-03-28 20:19 ` Paul Moore via Ocfs2-devel
2023-03-29 7:11 ` Roberto Sassu via Ocfs2-devel
2023-03-24 21:19 ` Paul Moore via Ocfs2-devel
2023-03-27 7:35 ` Roberto Sassu via Ocfs2-devel
2023-03-14 8:17 ` [Ocfs2-devel] [PATCH v8 5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure Roberto Sassu via Ocfs2-devel
2023-03-14 8:17 ` Roberto Sassu via Ocfs2-devel [this message]
2023-03-14 8:21 ` [Ocfs2-devel] [PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes Roberto Sassu via Ocfs2-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230314081720.4158676-7-roberto.sassu@huaweicloud.com \
--to=ocfs2-devel@oss.oracle.com \
--cc=casey@schaufler-ca.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jlbec@evilplan.org \
--cc=jmorris@namei.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=keescook@chromium.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=nicolas.bouchinet@clip-os.org \
--cc=paul@paul-moore.com \
--cc=reiserfs-devel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).