diff mbox series

[2/2] fs: extend the trusted_for syscall to call IMA

Message ID 20211013110113.13239-2-zohar@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series [1/2] ima: define ima_trusted_for hook | expand

Commit Message

Mimi Zohar Oct. 13, 2021, 11:01 a.m. UTC
Extend the trusted_for syscall to call the newly defined
ima_trusted_for hook.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 fs/open.c           | 3 +++
 include/linux/ima.h | 9 +++++++++
 2 files changed, 12 insertions(+)

Comments

Mickaël Salaün Oct. 13, 2021, 3:26 p.m. UTC | #1
Nice!

On 13/10/2021 13:01, Mimi Zohar wrote:
> Extend the trusted_for syscall to call the newly defined
> ima_trusted_for hook.
> 
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
>  fs/open.c           | 3 +++
>  include/linux/ima.h | 9 +++++++++
>  2 files changed, 12 insertions(+)
> 
> diff --git a/fs/open.c b/fs/open.c
> index c79c138a638c..4d54e2a727e1 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
>  	err = inode_permission(file_mnt_user_ns(f.file), inode,
>  			mask | MAY_ACCESS);
>  
> +	if (!err)
> +		err = ima_trusted_for(f.file, usage);

Could you please implement a new LSM hook instead? Other LSMs may want
to use this information as well.
Mimi Zohar Oct. 13, 2021, 3:45 p.m. UTC | #2
[CC'ing Casey]

On Wed, 2021-10-13 at 17:26 +0200, Mickaël Salaün wrote:
> Nice!
> 
> On 13/10/2021 13:01, Mimi Zohar wrote:
> > Extend the trusted_for syscall to call the newly defined
> > ima_trusted_for hook.
> > 
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > ---
> >  fs/open.c           | 3 +++
> >  include/linux/ima.h | 9 +++++++++
> >  2 files changed, 12 insertions(+)
> > 
> > diff --git a/fs/open.c b/fs/open.c
> > index c79c138a638c..4d54e2a727e1 100644
> > --- a/fs/open.c
> > +++ b/fs/open.c
> > @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
> >  	err = inode_permission(file_mnt_user_ns(f.file), inode,
> >  			mask | MAY_ACCESS);
> >  
> > +	if (!err)
> > +		err = ima_trusted_for(f.file, usage);
> 
> Could you please implement a new LSM hook instead? Other LSMs may want
> to use this information as well.

Casey normally pushes back on my defining a new LSM hook, when IMA is
the only user.  If any of the LSM maintainers are planning on defining
this hook, please chime in.

thanks,

Mimi
Casey Schaufler Oct. 13, 2021, 5:24 p.m. UTC | #3
On 10/13/2021 8:45 AM, Mimi Zohar wrote:
> [CC'ing Casey]
>
> On Wed, 2021-10-13 at 17:26 +0200, Mickaël Salaün wrote:
>> Nice!
>>
>> On 13/10/2021 13:01, Mimi Zohar wrote:
>>> Extend the trusted_for syscall to call the newly defined
>>> ima_trusted_for hook.
>>>
>>> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
>>> ---
>>>  fs/open.c           | 3 +++
>>>  include/linux/ima.h | 9 +++++++++
>>>  2 files changed, 12 insertions(+)
>>>
>>> diff --git a/fs/open.c b/fs/open.c
>>> index c79c138a638c..4d54e2a727e1 100644
>>> --- a/fs/open.c
>>> +++ b/fs/open.c
>>> @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
>>>  	err = inode_permission(file_mnt_user_ns(f.file), inode,
>>>  			mask | MAY_ACCESS);
>>>  
>>> +	if (!err)
>>> +		err = ima_trusted_for(f.file, usage);
>> Could you please implement a new LSM hook instead? Other LSMs may want
>> to use this information as well.
> Casey normally pushes back on my defining a new LSM hook, when IMA is
> the only user.  If any of the LSM maintainers are planning on defining
> this hook, please chime in.

That's correct. Adding the overhead of checking for security module hooks
when we know there aren't any does nothing to dispel the perception that
security developers don't care about performance.


> thanks,
>
> Mimi
>
diff mbox series

Patch

diff --git a/fs/open.c b/fs/open.c
index c79c138a638c..4d54e2a727e1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -585,6 +585,9 @@  SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
 	err = inode_permission(file_mnt_user_ns(f.file), inode,
 			mask | MAY_ACCESS);
 
+	if (!err)
+		err = ima_trusted_for(f.file, usage);
+
 out_fd:
 	fdput(f);
 	return err;
diff --git a/include/linux/ima.h b/include/linux/ima.h
index b6ab66a546ae..603df9932817 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -12,12 +12,15 @@ 
 #include <linux/security.h>
 #include <linux/kexec.h>
 #include <crypto/hash_info.h>
+#include <uapi/linux/trusted-for.h>
 struct linux_binprm;
 
 #ifdef CONFIG_IMA
 extern enum hash_algo ima_get_current_hash_algo(void);
 extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
+extern int ima_trusted_for(struct file *file,
+			   const enum trusted_for_usage usage);
 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 				    struct inode *inode);
 extern void ima_file_free(struct file *file);
@@ -81,6 +84,12 @@  static inline int ima_file_check(struct file *file, int mask)
 	return 0;
 }
 
+static inline int ima_trusted_for(struct file *file,
+				  const enum trusted_for_usage usage)
+{
+	return 0;
+}
+
 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 					   struct inode *inode)
 {