From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: viro@zeniv.linux.org.uk, brauner@kernel.org,
chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de,
kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
dhowells@redhat.com, jarkko@kernel.org,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com, mic@digikod.net
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
selinux@vger.kernel.org, Roberto Sassu <roberto.sassu@huawei.com>,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v6 18/25] security: Introduce key_post_create_or_update hook
Date: Mon, 20 Nov 2023 18:33:11 +0100 [thread overview]
Message-ID: <20231120173318.1132868-19-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20231120173318.1132868-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
Depending on policy, IMA measures the key content after creation or update,
so that remote verifiers are aware of the operation.
Other LSMs could similarly take some action after successful key creation
or update.
The new hook cannot return an error and cannot cause the operation to be
reverted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
include/linux/lsm_hook_defs.h | 3 +++
include/linux/security.h | 11 +++++++++++
security/keys/key.c | 7 ++++++-
security/security.c | 19 +++++++++++++++++++
4 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index bfb10a1e6a44..2679905f4260 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -403,6 +403,9 @@ LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
enum key_need_perm need_perm)
LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
+LSM_HOOK(void, LSM_RET_VOID, key_post_create_or_update, struct key *keyring,
+ struct key *key, const void *payload, size_t payload_len,
+ unsigned long flags, bool create)
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
diff --git a/include/linux/security.h b/include/linux/security.h
index 7b753460f09d..766eaccc4679 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1995,6 +1995,9 @@ void security_key_free(struct key *key);
int security_key_permission(key_ref_t key_ref, const struct cred *cred,
enum key_need_perm need_perm);
int security_key_getsecurity(struct key *key, char **_buffer);
+void security_key_post_create_or_update(struct key *keyring, struct key *key,
+ const void *payload, size_t payload_len,
+ unsigned long flags, bool create);
#else
@@ -2022,6 +2025,14 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
return 0;
}
+static inline void security_key_post_create_or_update(struct key *keyring,
+ struct key *key,
+ const void *payload,
+ size_t payload_len,
+ unsigned long flags,
+ bool create)
+{ }
+
#endif
#endif /* CONFIG_KEYS */
diff --git a/security/keys/key.c b/security/keys/key.c
index 0260a1902922..f75fe66c2f03 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -935,6 +935,8 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
goto error_link_end;
}
+ security_key_post_create_or_update(keyring, key, payload, plen, flags,
+ true);
ima_post_key_create_or_update(keyring, key, payload, plen,
flags, true);
@@ -968,10 +970,13 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
key_ref = __key_update(key_ref, &prep);
- if (!IS_ERR(key_ref))
+ if (!IS_ERR(key_ref)) {
+ security_key_post_create_or_update(keyring, key, payload, plen,
+ flags, false);
ima_post_key_create_or_update(keyring, key,
payload, plen,
flags, false);
+ }
goto error_free_prep;
}
diff --git a/security/security.c b/security/security.c
index a722d5db0a2c..423d53092604 100644
--- a/security/security.c
+++ b/security/security.c
@@ -5406,6 +5406,25 @@ int security_key_getsecurity(struct key *key, char **buffer)
*buffer = NULL;
return call_int_hook(key_getsecurity, 0, key, buffer);
}
+
+/**
+ * security_key_post_create_or_update() - Notification of key create or update
+ * @keyring: keyring to which the key is linked to
+ * @key: created or updated key
+ * @payload: data used to instantiate or update the key
+ * @payload_len: length of payload
+ * @flags: key flags
+ * @create: flag indicating whether the key was created or updated
+ *
+ * Notify the caller of a key creation or update.
+ */
+void security_key_post_create_or_update(struct key *keyring, struct key *key,
+ const void *payload, size_t payload_len,
+ unsigned long flags, bool create)
+{
+ call_void_hook(key_post_create_or_update, keyring, key, payload,
+ payload_len, flags, create);
+}
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
--
2.34.1
next prev parent reply other threads:[~2023-11-20 17:39 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-20 17:32 [PATCH v6 00/25] security: Move IMA and EVM to the LSM infrastructure Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 01/25] ima: Align ima_inode_post_setattr() definition with " Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 02/25] ima: Align ima_file_mprotect() " Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 03/25] ima: Align ima_inode_setxattr() " Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 04/25] ima: Align ima_inode_removexattr() " Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 05/25] ima: Align ima_post_read_file() " Roberto Sassu
2023-11-20 17:32 ` [PATCH v6 06/25] evm: Align evm_inode_post_setattr() " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 07/25] evm: Align evm_inode_setxattr() " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 08/25] evm: Align evm_inode_post_setxattr() " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 09/25] security: Align inode_setattr hook definition with EVM Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 10/25] security: Introduce inode_post_setattr hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 11/25] security: Introduce inode_post_removexattr hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 12/25] security: Introduce file_post_open hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 13/25] security: Introduce file_release hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 14/25] security: Introduce path_post_mknod hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 15/25] security: Introduce inode_post_create_tmpfile hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 16/25] security: Introduce inode_post_set_acl hook Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 17/25] security: Introduce inode_post_remove_acl hook Roberto Sassu
2023-11-20 17:33 ` Roberto Sassu [this message]
2023-11-20 17:33 ` [PATCH v6 19/25] ima: Move to LSM infrastructure Roberto Sassu
2023-11-21 8:02 ` Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 20/25] ima: Move IMA-Appraisal " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 21/25] evm: Move " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 22/25] ima: Remove dependency on 'integrity' LSM Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 23/25] evm: " Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 24/25] integrity: Remove LSM Roberto Sassu
2023-11-20 17:33 ` [PATCH v6 25/25] security: Enforce ordering of 'ima' and 'evm' LSMs Roberto Sassu
2023-11-21 0:50 ` Casey Schaufler
2023-11-21 7:57 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231120173318.1132868-19-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=Dai.Ngo@oracle.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jarkko@kernel.org \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tom@talpey.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.