From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: viro@zeniv.linux.org.uk, brauner@kernel.org,
chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de,
kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
dhowells@redhat.com, jarkko@kernel.org,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com, mic@digikod.net
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v5 12/23] security: Introduce file_post_open hook
Date: Tue, 7 Nov 2023 14:40:01 +0100 [thread overview]
Message-ID: <20231107134012.682009-13-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20231107134012.682009-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
In preparation to move IMA and EVM to the LSM infrastructure, introduce the
file_post_open hook. Also, export security_file_post_open() for NFS.
Based on policy, IMA calculates the digest of the file content and
extends the TPM with the digest, verifies the file's integrity based on
the digest, and/or includes the file digest in the audit log.
LSMs could similarly take action depending on the file content and the
access mask requested with open().
The new hook returns a value and can cause the open to be aborted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
fs/namei.c | 2 ++
fs/nfsd/vfs.c | 6 ++++++
include/linux/lsm_hook_defs.h | 1 +
include/linux/security.h | 6 ++++++
security/security.c | 17 +++++++++++++++++
5 files changed, 32 insertions(+)
diff --git a/fs/namei.c b/fs/namei.c
index 71c13b2990b4..fb93d3e13df6 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3620,6 +3620,8 @@ static int do_open(struct nameidata *nd,
error = may_open(idmap, &nd->path, acc_mode, open_flag);
if (!error && !(file->f_mode & FMODE_OPENED))
error = vfs_open(&nd->path, file);
+ if (!error)
+ error = security_file_post_open(file, op->acc_mode);
if (!error)
error = ima_file_check(file, op->acc_mode);
if (!error && do_truncate)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index fbbea7498f02..b0c3f07a8bba 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -877,6 +877,12 @@ __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
goto out;
}
+ host_err = security_file_post_open(file, may_flags);
+ if (host_err) {
+ fput(file);
+ goto out;
+ }
+
host_err = ima_file_check(file, may_flags);
if (host_err) {
fput(file);
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 88452e45025c..4f6861fecacd 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -189,6 +189,7 @@ LSM_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk,
struct fown_struct *fown, int sig)
LSM_HOOK(int, 0, file_receive, struct file *file)
LSM_HOOK(int, 0, file_open, struct file *file)
+LSM_HOOK(int, 0, file_post_open, struct file *file, int mask)
LSM_HOOK(int, 0, file_truncate, struct file *file)
LSM_HOOK(int, 0, task_alloc, struct task_struct *task,
unsigned long clone_flags)
diff --git a/include/linux/security.h b/include/linux/security.h
index 922ea7709bae..c360458920b1 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -409,6 +409,7 @@ int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig);
int security_file_receive(struct file *file);
int security_file_open(struct file *file);
+int security_file_post_open(struct file *file, int mask);
int security_file_truncate(struct file *file);
int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
void security_task_free(struct task_struct *task);
@@ -1065,6 +1066,11 @@ static inline int security_file_open(struct file *file)
return 0;
}
+static inline int security_file_post_open(struct file *file, int mask)
+{
+ return 0;
+}
+
static inline int security_file_truncate(struct file *file)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 8aa6e9f316dd..fe6a160afc35 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2954,6 +2954,23 @@ int security_file_open(struct file *file)
return fsnotify_perm(file, MAY_OPEN);
}
+/**
+ * security_file_post_open() - Evaluate a file after it has been opened
+ * @file: the file
+ * @mask: access mask
+ *
+ * Evaluate an opened file and the access mask requested with open(). The hook
+ * is useful for LSMs that require the file content to be available in order to
+ * make decisions.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
+int security_file_post_open(struct file *file, int mask)
+{
+ return call_int_hook(file_post_open, 0, file, mask);
+}
+EXPORT_SYMBOL_GPL(security_file_post_open);
+
/**
* security_file_truncate() - Check if truncating a file is allowed
* @file: file
--
2.34.1
next prev parent reply other threads:[~2023-11-07 13:45 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 13:39 [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-11-07 13:39 ` [PATCH v5 01/23] ima: Align ima_inode_post_setattr() definition with " Roberto Sassu
2023-11-07 17:21 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 02/23] ima: Align ima_file_mprotect() " Roberto Sassu
2023-11-07 17:22 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 03/23] ima: Align ima_inode_setxattr() " Roberto Sassu
2023-11-07 17:23 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 04/23] ima: Align ima_inode_removexattr() " Roberto Sassu
2023-11-07 17:24 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 05/23] ima: Align ima_post_read_file() " Roberto Sassu
2023-11-07 17:25 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 06/23] evm: Align evm_inode_post_setattr() " Roberto Sassu
2023-11-07 17:26 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 07/23] evm: Align evm_inode_setxattr() " Roberto Sassu
2023-11-07 17:27 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 08/23] evm: Align evm_inode_post_setxattr() " Roberto Sassu
2023-11-07 17:28 ` Casey Schaufler
2023-11-07 13:39 ` [PATCH v5 09/23] security: Align inode_setattr hook definition with EVM Roberto Sassu
2023-11-07 13:39 ` [PATCH v5 10/23] security: Introduce inode_post_setattr hook Roberto Sassu
2023-11-07 17:30 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-16 9:43 ` Roberto Sassu
2023-11-16 18:46 ` Paul Moore
2023-11-07 13:40 ` [PATCH v5 11/23] security: Introduce inode_post_removexattr hook Roberto Sassu
2023-11-07 17:33 ` Casey Schaufler
2023-11-07 17:45 ` Roberto Sassu
2023-11-20 17:31 ` Roberto Sassu
2023-11-20 18:03 ` Casey Schaufler
2023-11-20 20:55 ` Paul Moore
2023-11-16 4:33 ` Paul Moore
2023-11-07 13:40 ` Roberto Sassu [this message]
2023-11-07 17:35 ` [PATCH v5 12/23] security: Introduce file_post_open hook Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 13/23] security: Introduce file_pre_free_security hook Roberto Sassu
2023-11-07 17:39 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-16 9:46 ` Roberto Sassu
2023-11-16 18:41 ` Paul Moore
2023-11-07 13:40 ` [PATCH v5 14/23] security: Introduce path_post_mknod hook Roberto Sassu
2023-11-07 17:41 ` Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 15/23] security: Introduce inode_post_create_tmpfile hook Roberto Sassu
2023-11-07 17:42 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-07 13:40 ` [PATCH v5 16/23] security: Introduce inode_post_set_acl hook Roberto Sassu
2023-11-07 17:44 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-07 13:40 ` [PATCH v5 17/23] security: Introduce inode_post_remove_acl hook Roberto Sassu
2023-11-07 17:45 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-07 13:40 ` [PATCH v5 18/23] security: Introduce key_post_create_or_update hook Roberto Sassu
2023-11-07 17:47 ` Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 19/23] ima: Move to LSM infrastructure Roberto Sassu
2023-11-07 17:52 ` Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 20/23] ima: Move IMA-Appraisal " Roberto Sassu
2023-11-07 18:43 ` Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 21/23] evm: Move " Roberto Sassu
2023-11-07 18:45 ` Casey Schaufler
2023-11-07 13:40 ` [PATCH v5 22/23] integrity: Move integrity functions to the " Roberto Sassu
2023-11-07 18:46 ` Casey Schaufler
2023-11-16 4:33 ` Paul Moore
2023-11-16 10:07 ` Roberto Sassu
2023-11-17 21:22 ` Paul Moore
2023-11-20 13:23 ` Roberto Sassu
2023-11-07 13:40 ` [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache Roberto Sassu
2023-11-17 20:57 ` Paul Moore
2023-11-20 8:16 ` Roberto Sassu
2023-11-20 21:06 ` Paul Moore
2023-11-29 12:27 ` Roberto Sassu
2023-11-29 13:58 ` Roberto Sassu
2023-11-29 17:22 ` Paul Moore
2023-11-29 18:46 ` Roberto Sassu
2023-11-30 0:41 ` Casey Schaufler
2023-11-30 8:30 ` Petr Tesarik
2023-11-30 16:15 ` Casey Schaufler
2023-11-30 21:34 ` Roberto Sassu
2023-11-30 23:31 ` Casey Schaufler
2023-11-30 23:43 ` Roberto Sassu
2023-12-01 0:12 ` Casey Schaufler
2023-11-30 11:12 ` Mimi Zohar
2023-11-30 16:59 ` Paul Moore
2023-11-30 17:00 ` Paul Moore
2023-11-30 16:34 ` Paul Moore
2023-11-30 21:56 ` Roberto Sassu
2023-12-04 13:26 ` Roberto Sassu
2023-12-04 15:01 ` Mimi Zohar
2023-12-06 13:10 ` Roberto Sassu
2023-12-06 16:11 ` Mimi Zohar
2023-12-06 16:50 ` Roberto Sassu
2023-12-01 1:05 ` Dr. Greg
2023-12-01 18:54 ` Casey Schaufler
2023-12-01 23:53 ` Dr. Greg
2023-12-02 0:17 ` Casey Schaufler
2023-12-13 10:45 ` Roberto Sassu
2023-12-13 18:08 ` Casey Schaufler
2023-11-07 14:05 ` [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-11-07 19:37 ` Mimi Zohar
2023-11-08 3:14 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231107134012.682009-13-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=Dai.Ngo@oracle.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jarkko@kernel.org \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tom@talpey.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.