From patchwork Tue Mar 15 13:43:10 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mimi Zohar <zohar@linux.vnet.ibm.com>
X-Patchwork-Id: 8588421
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id E54E79F6E1
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 13:54:37 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 1C0B52027D
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 13:54:37 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id D20752024C
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 13:54:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934860AbcCONyZ (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 15 Mar 2016 09:54:25 -0400
Received: from [125.16.236.2] ([125.16.236.2]:50552 "EHLO
	e28smtp02.in.ibm.com"
	rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S934819AbcCONyY (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 15 Mar 2016 09:54:24 -0400
Received: from localhost
	by e28smtp02.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <linux-fsdevel@vger.kernel.org> from <zohar@linux.vnet.ibm.com>;
	Tue, 15 Mar 2016 19:13:34 +0530
Received: from d28relay01.in.ibm.com (9.184.220.58)
	by e28smtp02.in.ibm.com (192.168.1.132) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Tue, 15 Mar 2016 19:13:33 +0530
X-IBM-Helo: d28relay01.in.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: linux-fsdevel@vger.kernel.org;
	linux-security-module@vger.kernel.org
Received: from d28av02.in.ibm.com (d28av02.in.ibm.com [9.184.220.64])
	by d28relay01.in.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	u2FDhWJI20840658; Tue, 15 Mar 2016 19:13:32 +0530
Received: from d28av02.in.ibm.com (localhost [127.0.0.1])
	by d28av02.in.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	u2FDhUlm006779; Tue, 15 Mar 2016 19:13:31 +0530
Received: from localhost.localdomain.localdomain ([9.80.90.248])
	by d28av02.in.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id
	u2FDhFSw005849; Tue, 15 Mar 2016 19:13:25 +0530
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module <linux-security-module@vger.kernel.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	linux-fsdevel@vger.kernel.org
Subject: [PATCH v2 1/2] ima: fix ima_inode_post_setattr
Date: Tue, 15 Mar 2016 09:43:10 -0400
Message-Id: <1458049391-26620-2-git-send-email-zohar@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: <1458049391-26620-1-git-send-email-zohar@linux.vnet.ibm.com>
References: <1458049391-26620-1-git-send-email-zohar@linux.vnet.ibm.com>
X-TM-AS-MML: disable
x-cbid: 16031513-0005-0000-0000-00000B1B091E
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Changing file metadata (eg. uid, guid) could result in having to
re-appraise a file's integrity, but does not change the "new file"
status nor the security.ima xattr.  The IMA_PERMIT_DIRECTIO and
IMA_DIGSIG_REQUIRED flags are policy rule specific.  This patch
only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.

With this patch, changing the file timestamp will not remove the
file signature on new files.

Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
---
 security/integrity/ima/ima_appraise.c | 2 +-
 security/integrity/integrity.h        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 6b4694a..d2f28a0 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -328,7 +328,7 @@ void ima_inode_post_setattr(struct dentry *dentry)
 	if (iint) {
 		iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
 				 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
-				 IMA_ACTION_FLAGS);
+				 IMA_ACTION_RULE_FLAGS);
 		if (must_appraise)
 			iint->flags |= IMA_APPRAISE;
 	}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index e08935c..90bc57d 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -28,6 +28,7 @@
 
 /* iint cache flags */
 #define IMA_ACTION_FLAGS	0xff000000
+#define IMA_ACTION_RULE_FLAGS	0x06000000
 #define IMA_DIGSIG		0x01000000
 #define IMA_DIGSIG_REQUIRED	0x02000000
 #define IMA_PERMIT_DIRECTIO	0x04000000