From: Paolo Abeni <pabeni@redhat.com>
To: linux-security-module@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
KP Singh <kpsingh@kernel.org>
Subject: [PATCH RFC 2/3] security: two more call_int_hook_ignore_default use-cases
Date: Thu, 3 Aug 2023 19:12:41 +0200 [thread overview]
Message-ID: <d48c8c4f84acac7536b8b48e44574c81a96e5cdc.1691082677.git.pabeni@redhat.com> (raw)
In-Reply-To: <cover.1691082677.git.pabeni@redhat.com>
Quite similar to the previous commit, the hooks:
inode_setxattr
inode_removexattr
don't allow the LSM to tell the core to ignore it's return code.
The main difference it that the above mentioned hooks explicitly check
for a non zero return value from the hook to perform the default action.
Changing the LSM_RET_DEFAULT to 1 and using call_int_hook_ignore_default
allows LSM returning the LSM_RET_DEFAULT value will become no-op for the
mentioned hooks.
All the exiting LSM except BPF never use 1 as return value, so no
functional change is expected.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
include/linux/lsm_hook_defs.h | 4 ++--
security/security.c | 7 ++++---
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index c9032e20d0b3..49f1f9bed958 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -136,14 +136,14 @@ LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr)
LSM_HOOK(int, 0, inode_getattr, const struct path *path)
-LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
+LSM_HOOK(int, 1, inode_setxattr, struct mnt_idmap *idmap,
struct dentry *dentry, const char *name, const void *value,
size_t size, int flags)
LSM_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry,
const char *name, const void *value, size_t size, int flags)
LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap,
+LSM_HOOK(int, 1, inode_removexattr, struct mnt_idmap *idmap,
struct dentry *dentry, const char *name)
LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap,
struct dentry *dentry, const char *acl_name, struct posix_acl *kacl)
diff --git a/security/security.c b/security/security.c
index b9a7b15e269e..0528cbef0624 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2158,8 +2158,8 @@ int security_inode_setxattr(struct mnt_idmap *idmap,
* SELinux and Smack integrate the cap call,
* so assume that all LSMs supplying this call do so.
*/
- ret = call_int_hook(inode_setxattr, 1, idmap, dentry, name, value,
- size, flags);
+ ret = call_int_hook_ignore_default(inode_setxattr, 1, idmap, dentry, name,
+ value, size, flags);
if (ret == 1)
ret = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -2321,7 +2321,8 @@ int security_inode_removexattr(struct mnt_idmap *idmap,
* SELinux and Smack integrate the cap call,
* so assume that all LSMs supplying this call do so.
*/
- ret = call_int_hook(inode_removexattr, 1, idmap, dentry, name);
+ ret = call_int_hook_ignore_default(inode_removexattr, 1, idmap, dentry,
+ name);
if (ret == 1)
ret = cap_inode_removexattr(idmap, dentry, name);
if (ret)
--
2.41.0
next prev parent reply other threads:[~2023-08-03 17:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 17:12 [PATCH RFC 0/3] security: allow a LSM to specify NO-OP return code Paolo Abeni
2023-08-03 17:12 ` [PATCH RFC 1/3] security: introduce and use call_int_hook_ignore_default() Paolo Abeni
2023-08-03 17:12 ` Paolo Abeni [this message]
2023-08-03 17:12 ` [PATCH RFC 3/3] security: more call_int_hook_ignore_default use-cases Paolo Abeni
2023-08-07 18:57 ` [PATCH RFC 0/3] security: allow a LSM to specify NO-OP return code Casey Schaufler
2023-08-23 15:06 ` Paolo Abeni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d48c8c4f84acac7536b8b48e44574c81a96e5cdc.1691082677.git.pabeni@redhat.com \
--to=pabeni@redhat.com \
--cc=jmorris@namei.org \
--cc=kpsingh@kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.