Message ID | 20211013110113.13239-2-zohar@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/2] ima: define ima_trusted_for hook | expand |
Nice! On 13/10/2021 13:01, Mimi Zohar wrote: > Extend the trusted_for syscall to call the newly defined > ima_trusted_for hook. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > fs/open.c | 3 +++ > include/linux/ima.h | 9 +++++++++ > 2 files changed, 12 insertions(+) > > diff --git a/fs/open.c b/fs/open.c > index c79c138a638c..4d54e2a727e1 100644 > --- a/fs/open.c > +++ b/fs/open.c > @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage, > err = inode_permission(file_mnt_user_ns(f.file), inode, > mask | MAY_ACCESS); > > + if (!err) > + err = ima_trusted_for(f.file, usage); Could you please implement a new LSM hook instead? Other LSMs may want to use this information as well.
[CC'ing Casey] On Wed, 2021-10-13 at 17:26 +0200, Mickaël Salaün wrote: > Nice! > > On 13/10/2021 13:01, Mimi Zohar wrote: > > Extend the trusted_for syscall to call the newly defined > > ima_trusted_for hook. > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > --- > > fs/open.c | 3 +++ > > include/linux/ima.h | 9 +++++++++ > > 2 files changed, 12 insertions(+) > > > > diff --git a/fs/open.c b/fs/open.c > > index c79c138a638c..4d54e2a727e1 100644 > > --- a/fs/open.c > > +++ b/fs/open.c > > @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage, > > err = inode_permission(file_mnt_user_ns(f.file), inode, > > mask | MAY_ACCESS); > > > > + if (!err) > > + err = ima_trusted_for(f.file, usage); > > Could you please implement a new LSM hook instead? Other LSMs may want > to use this information as well. Casey normally pushes back on my defining a new LSM hook, when IMA is the only user. If any of the LSM maintainers are planning on defining this hook, please chime in. thanks, Mimi
On 10/13/2021 8:45 AM, Mimi Zohar wrote: > [CC'ing Casey] > > On Wed, 2021-10-13 at 17:26 +0200, Mickaël Salaün wrote: >> Nice! >> >> On 13/10/2021 13:01, Mimi Zohar wrote: >>> Extend the trusted_for syscall to call the newly defined >>> ima_trusted_for hook. >>> >>> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> >>> --- >>> fs/open.c | 3 +++ >>> include/linux/ima.h | 9 +++++++++ >>> 2 files changed, 12 insertions(+) >>> >>> diff --git a/fs/open.c b/fs/open.c >>> index c79c138a638c..4d54e2a727e1 100644 >>> --- a/fs/open.c >>> +++ b/fs/open.c >>> @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage, >>> err = inode_permission(file_mnt_user_ns(f.file), inode, >>> mask | MAY_ACCESS); >>> >>> + if (!err) >>> + err = ima_trusted_for(f.file, usage); >> Could you please implement a new LSM hook instead? Other LSMs may want >> to use this information as well. > Casey normally pushes back on my defining a new LSM hook, when IMA is > the only user. If any of the LSM maintainers are planning on defining > this hook, please chime in. That's correct. Adding the overhead of checking for security module hooks when we know there aren't any does nothing to dispel the perception that security developers don't care about performance. > thanks, > > Mimi >
diff --git a/fs/open.c b/fs/open.c index c79c138a638c..4d54e2a727e1 100644 --- a/fs/open.c +++ b/fs/open.c @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage, err = inode_permission(file_mnt_user_ns(f.file), inode, mask | MAY_ACCESS); + if (!err) + err = ima_trusted_for(f.file, usage); + out_fd: fdput(f); return err; diff --git a/include/linux/ima.h b/include/linux/ima.h index b6ab66a546ae..603df9932817 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -12,12 +12,15 @@ #include <linux/security.h> #include <linux/kexec.h> #include <crypto/hash_info.h> +#include <uapi/linux/trusted-for.h> struct linux_binprm; #ifdef CONFIG_IMA extern enum hash_algo ima_get_current_hash_algo(void); extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask); +extern int ima_trusted_for(struct file *file, + const enum trusted_for_usage usage); extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode); extern void ima_file_free(struct file *file); @@ -81,6 +84,12 @@ static inline int ima_file_check(struct file *file, int mask) return 0; } +static inline int ima_trusted_for(struct file *file, + const enum trusted_for_usage usage) +{ + return 0; +} + static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct inode *inode) {
Extend the trusted_for syscall to call the newly defined ima_trusted_for hook. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- fs/open.c | 3 +++ include/linux/ima.h | 9 +++++++++ 2 files changed, 12 insertions(+)