tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull lsm updates from Paul Moore:

- Promote IMA/EVM to a proper LSM

This is the bulk of the diffstat, and the source of all the changes
in the VFS code. Prior to the start of the LSM stacking work it was
important that IMA/EVM were separate from the rest of the LSMs,
complete with their own hooks, infrastructure, etc. as it was the
only way to enable IMA/EVM at the same time as a LSM.

However, now that the bulk of the LSM infrastructure supports
multiple simultaneous LSMs, we can simplify things greatly by
bringing IMA/EVM into the LSM infrastructure as proper LSMs. This is
something I've wanted to see happen for quite some time and Roberto
was kind enough to put in the work to make it happen.

- Use the LSM hook default values to simplify the call_int_hook() macro

Previously the call_int_hook() macro required callers to supply a
default return value, despite a default value being specified when
the LSM hook was defined.

This simplifies the macro by using the defined default return value
which makes life easier for callers and should also reduce the number
of return value bugs in the future (we've had a few pop up recently,
hence this work).

- Use the KMEM_CACHE() macro instead of kmem_cache_create()

The guidance appears to be to use the KMEM_CACHE() macro when
possible and there is no reason why we can't use the macro, so let's
use it.

- Fix a number of comment typos in the LSM hook comment blocks

Not much to say here, we fixed some questionable grammar decisions in
the LSM hook comment blocks.

* tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (28 commits)
cred: Use KMEM_CACHE() instead of kmem_cache_create()
lsm: use default hook return value in call_int_hook()
lsm: fix typos in security/security.c comment headers
integrity: Remove LSM
ima: Make it independent from 'integrity' LSM
evm: Make it independent from 'integrity' LSM
evm: Move to LSM infrastructure
ima: Move IMA-Appraisal to LSM infrastructure
ima: Move to LSM infrastructure
integrity: Move integrity_kernel_module_request() to IMA
security: Introduce key_post_create_or_update hook
security: Introduce inode_post_remove_acl hook
security: Introduce inode_post_set_acl hook
security: Introduce inode_post_create_tmpfile hook
security: Introduce path_post_mknod hook
security: Introduce file_release hook
security: Introduce file_post_open hook
security: Introduce inode_post_removexattr hook
security: Introduce inode_post_setattr hook
security: Align inode_setattr hook definition with EVM
...

Linus Torvalds cc4a875c ca661c5e

+1126 -1141
+1 -4
fs/attr.c
··· 16 16 #include <linux/fcntl.h> 17 17 #include <linux/filelock.h> 18 18 #include <linux/security.h> 19 - #include <linux/evm.h> 20 - #include <linux/ima.h> 21 19 22 20 #include "internal.h" 23 21 ··· 500 502 501 503 if (!error) { 502 504 fsnotify_change(dentry, ia_valid); 503 - ima_inode_post_setattr(idmap, dentry); 504 - evm_inode_post_setattr(dentry, ia_valid); 505 + security_inode_post_setattr(idmap, dentry, ia_valid); 505 506 } 506 507 507 508 return error;
+1 -2
fs/file_table.c
··· 26 26 #include <linux/percpu_counter.h> 27 27 #include <linux/percpu.h> 28 28 #include <linux/task_work.h> 29 - #include <linux/ima.h> 30 29 #include <linux/swap.h> 31 30 #include <linux/kmemleak.h> 32 31 ··· 413 414 eventpoll_release(file); 414 415 locks_remove_file(file); 415 416 416 - ima_file_free(file); 417 + security_file_release(file); 417 418 if (unlikely(file->f_flags & FASYNC)) { 418 419 if (file->f_op->fasync) 419 420 file->f_op->fasync(-1, file, 0);
+7 -5
fs/namei.c
··· 27 27 #include <linux/fsnotify.h> 28 28 #include <linux/personality.h> 29 29 #include <linux/security.h> 30 - #include <linux/ima.h> 31 30 #include <linux/syscalls.h> 32 31 #include <linux/mount.h> 33 32 #include <linux/audit.h> ··· 3641 3642 if (!error && !(file->f_mode & FMODE_OPENED)) 3642 3643 error = vfs_open(&nd->path, file); 3643 3644 if (!error) 3644 - error = ima_file_check(file, op->acc_mode); 3645 + error = security_file_post_open(file, op->acc_mode); 3645 3646 if (!error && do_truncate) 3646 3647 error = handle_truncate(idmap, file); 3647 3648 if (unlikely(error > 0)) { ··· 3704 3705 inode->i_state |= I_LINKABLE; 3705 3706 spin_unlock(&inode->i_lock); 3706 3707 } 3707 - ima_post_create_tmpfile(idmap, inode); 3708 + security_inode_post_create_tmpfile(idmap, inode); 3708 3709 return 0; 3709 3710 } 3710 3711 ··· 4050 4051 case 0: case S_IFREG: 4051 4052 error = vfs_create(idmap, path.dentry->d_inode, 4052 4053 dentry, mode, true); 4053 - if (!error) 4054 - ima_post_path_mknod(idmap, dentry); 4055 4054 break; 4056 4055 case S_IFCHR: case S_IFBLK: 4057 4056 error = vfs_mknod(idmap, path.dentry->d_inode, ··· 4060 4063 dentry, mode, 0); 4061 4064 break; 4062 4065 } 4066 + 4067 + if (error) 4068 + goto out2; 4069 + 4070 + security_path_post_mknod(idmap, dentry); 4063 4071 out2: 4064 4072 done_path_create(&path, dentry); 4065 4073 if (retry_estale(error, lookup_flags)) {
+1 -2
fs/nfsd/vfs.c
··· 25 25 #include <linux/posix_acl_xattr.h> 26 26 #include <linux/xattr.h> 27 27 #include <linux/jhash.h> 28 - #include <linux/ima.h> 29 28 #include <linux/pagemap.h> 30 29 #include <linux/slab.h> 31 30 #include <linux/uaccess.h> ··· 894 895 goto out; 895 896 } 896 897 897 - host_err = ima_file_check(file, may_flags); 898 + host_err = security_file_post_open(file, may_flags); 898 899 if (host_err) { 899 900 fput(file); 900 901 goto out;
-1
fs/open.c
··· 29 29 #include <linux/audit.h> 30 30 #include <linux/falloc.h> 31 31 #include <linux/fs_struct.h> 32 - #include <linux/ima.h> 33 32 #include <linux/dnotify.h> 34 33 #include <linux/compat.h> 35 34 #include <linux/mnt_idmapping.h>
+2 -3
fs/posix_acl.c
··· 26 26 #include <linux/mnt_idmapping.h> 27 27 #include <linux/iversion.h> 28 28 #include <linux/security.h> 29 - #include <linux/evm.h> 30 29 #include <linux/fsnotify.h> 31 30 #include <linux/filelock.h> 32 31 ··· 1136 1137 error = -EIO; 1137 1138 if (!error) { 1138 1139 fsnotify_xattr(dentry); 1139 - evm_inode_post_set_acl(dentry, acl_name, kacl); 1140 + security_inode_post_set_acl(dentry, acl_name, kacl); 1140 1141 } 1141 1142 1142 1143 out_inode_unlock: ··· 1244 1245 error = -EIO; 1245 1246 if (!error) { 1246 1247 fsnotify_xattr(dentry); 1247 - evm_inode_post_remove_acl(idmap, dentry, acl_name); 1248 + security_inode_post_remove_acl(idmap, dentry, acl_name); 1248 1249 } 1249 1250 1250 1251 out_inode_unlock:
+4 -5
fs/xattr.c
··· 16 16 #include <linux/mount.h> 17 17 #include <linux/namei.h> 18 18 #include <linux/security.h> 19 - #include <linux/evm.h> 20 19 #include <linux/syscalls.h> 21 20 #include <linux/export.h> 22 21 #include <linux/fsnotify.h> ··· 551 552 goto out; 552 553 553 554 error = __vfs_removexattr(idmap, dentry, name); 555 + if (error) 556 + return error; 554 557 555 - if (!error) { 556 - fsnotify_xattr(dentry); 557 - evm_inode_post_removexattr(dentry, name); 558 - } 558 + fsnotify_xattr(dentry); 559 + security_inode_post_removexattr(dentry, name); 559 560 560 561 out: 561 562 return error;
+2 -115
include/linux/evm.h
··· 12 12 #include <linux/integrity.h> 13 13 #include <linux/xattr.h> 14 14 15 - struct integrity_iint_cache; 16 - 17 15 #ifdef CONFIG_EVM 18 16 extern int evm_set_key(void *key, size_t keylen); 19 17 extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 20 18 const char *xattr_name, 21 19 void *xattr_value, 22 - size_t xattr_value_len, 23 - struct integrity_iint_cache *iint); 24 - extern int evm_inode_setattr(struct mnt_idmap *idmap, 25 - struct dentry *dentry, struct iattr *attr); 26 - extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 27 - extern int evm_inode_setxattr(struct mnt_idmap *idmap, 28 - struct dentry *dentry, const char *name, 29 - const void *value, size_t size); 30 - extern void evm_inode_post_setxattr(struct dentry *dentry, 31 - const char *xattr_name, 32 - const void *xattr_value, 33 - size_t xattr_value_len); 34 - extern int evm_inode_copy_up_xattr(const char *name); 35 - extern int evm_inode_removexattr(struct mnt_idmap *idmap, 36 - struct dentry *dentry, const char *xattr_name); 37 - extern void evm_inode_post_removexattr(struct dentry *dentry, 38 - const char *xattr_name); 39 - static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 40 - struct dentry *dentry, 41 - const char *acl_name) 42 - { 43 - evm_inode_post_removexattr(dentry, acl_name); 44 - } 45 - extern int evm_inode_set_acl(struct mnt_idmap *idmap, 46 - struct dentry *dentry, const char *acl_name, 47 - struct posix_acl *kacl); 48 - static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 49 - struct dentry *dentry, 50 - const char *acl_name) 51 - { 52 - return evm_inode_set_acl(idmap, dentry, acl_name, NULL); 53 - } 54 - static inline void evm_inode_post_set_acl(struct dentry *dentry, 55 - const char *acl_name, 56 - struct posix_acl *kacl) 57 - { 58 - return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); 59 - } 60 - 20 + size_t xattr_value_len); 61 21 int evm_inode_init_security(struct inode *inode, struct inode *dir, 62 22 const struct qstr *qstr, struct xattr *xattrs, 63 23 int *xattr_count); ··· 45 85 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 46 86 const char *xattr_name, 47 87 void *xattr_value, 48 - size_t xattr_value_len, 49 - struct integrity_iint_cache *iint) 88 + size_t xattr_value_len) 50 89 { 51 90 return INTEGRITY_UNKNOWN; 52 91 } 53 92 #endif 54 - 55 - static inline int evm_inode_setattr(struct mnt_idmap *idmap, 56 - struct dentry *dentry, struct iattr *attr) 57 - { 58 - return 0; 59 - } 60 - 61 - static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 62 - { 63 - return; 64 - } 65 - 66 - static inline int evm_inode_setxattr(struct mnt_idmap *idmap, 67 - struct dentry *dentry, const char *name, 68 - const void *value, size_t size) 69 - { 70 - return 0; 71 - } 72 - 73 - static inline void evm_inode_post_setxattr(struct dentry *dentry, 74 - const char *xattr_name, 75 - const void *xattr_value, 76 - size_t xattr_value_len) 77 - { 78 - return; 79 - } 80 - 81 - static inline int evm_inode_copy_up_xattr(const char *name) 82 - { 83 - return 0; 84 - } 85 - 86 - static inline int evm_inode_removexattr(struct mnt_idmap *idmap, 87 - struct dentry *dentry, 88 - const char *xattr_name) 89 - { 90 - return 0; 91 - } 92 - 93 - static inline void evm_inode_post_removexattr(struct dentry *dentry, 94 - const char *xattr_name) 95 - { 96 - return; 97 - } 98 - 99 - static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 100 - struct dentry *dentry, 101 - const char *acl_name) 102 - { 103 - return; 104 - } 105 - 106 - static inline int evm_inode_set_acl(struct mnt_idmap *idmap, 107 - struct dentry *dentry, const char *acl_name, 108 - struct posix_acl *kacl) 109 - { 110 - return 0; 111 - } 112 - 113 - static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 114 - struct dentry *dentry, 115 - const char *acl_name) 116 - { 117 - return 0; 118 - } 119 - 120 - static inline void evm_inode_post_set_acl(struct dentry *dentry, 121 - const char *acl_name, 122 - struct posix_acl *kacl) 123 - { 124 - return; 125 - } 126 93 127 94 static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, 128 95 const struct qstr *qstr,
-142
include/linux/ima.h
··· 16 16 17 17 #ifdef CONFIG_IMA 18 18 extern enum hash_algo ima_get_current_hash_algo(void); 19 - extern int ima_bprm_check(struct linux_binprm *bprm); 20 - extern int ima_file_check(struct file *file, int mask); 21 - extern void ima_post_create_tmpfile(struct mnt_idmap *idmap, 22 - struct inode *inode); 23 - extern void ima_file_free(struct file *file); 24 - extern int ima_file_mmap(struct file *file, unsigned long reqprot, 25 - unsigned long prot, unsigned long flags); 26 - extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 27 - extern int ima_load_data(enum kernel_load_data_id id, bool contents); 28 - extern int ima_post_load_data(char *buf, loff_t size, 29 - enum kernel_load_data_id id, char *description); 30 - extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 31 - bool contents); 32 - extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 33 - enum kernel_read_file_id id); 34 - extern void ima_post_path_mknod(struct mnt_idmap *idmap, 35 - struct dentry *dentry); 36 19 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 37 20 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 38 21 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); ··· 38 55 static inline enum hash_algo ima_get_current_hash_algo(void) 39 56 { 40 57 return HASH_ALGO__LAST; 41 - } 42 - 43 - static inline int ima_bprm_check(struct linux_binprm *bprm) 44 - { 45 - return 0; 46 - } 47 - 48 - static inline int ima_file_check(struct file *file, int mask) 49 - { 50 - return 0; 51 - } 52 - 53 - static inline void ima_post_create_tmpfile(struct mnt_idmap *idmap, 54 - struct inode *inode) 55 - { 56 - } 57 - 58 - static inline void ima_file_free(struct file *file) 59 - { 60 - return; 61 - } 62 - 63 - static inline int ima_file_mmap(struct file *file, unsigned long reqprot, 64 - unsigned long prot, unsigned long flags) 65 - { 66 - return 0; 67 - } 68 - 69 - static inline int ima_file_mprotect(struct vm_area_struct *vma, 70 - unsigned long prot) 71 - { 72 - return 0; 73 - } 74 - 75 - static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 76 - { 77 - return 0; 78 - } 79 - 80 - static inline int ima_post_load_data(char *buf, loff_t size, 81 - enum kernel_load_data_id id, 82 - char *description) 83 - { 84 - return 0; 85 - } 86 - 87 - static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 88 - bool contents) 89 - { 90 - return 0; 91 - } 92 - 93 - static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 94 - enum kernel_read_file_id id) 95 - { 96 - return 0; 97 - } 98 - 99 - static inline void ima_post_path_mknod(struct mnt_idmap *idmap, 100 - struct dentry *dentry) 101 - { 102 - return; 103 58 } 104 59 105 60 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) ··· 90 169 {} 91 170 #endif 92 171 93 - #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 94 - extern void ima_post_key_create_or_update(struct key *keyring, 95 - struct key *key, 96 - const void *payload, size_t plen, 97 - unsigned long flags, bool create); 98 - #else 99 - static inline void ima_post_key_create_or_update(struct key *keyring, 100 - struct key *key, 101 - const void *payload, 102 - size_t plen, 103 - unsigned long flags, 104 - bool create) {} 105 - #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 106 - 107 172 #ifdef CONFIG_IMA_APPRAISE 108 173 extern bool is_ima_appraise_enabled(void); 109 - extern void ima_inode_post_setattr(struct mnt_idmap *idmap, 110 - struct dentry *dentry); 111 - extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 112 - const void *xattr_value, size_t xattr_value_len); 113 - extern int ima_inode_set_acl(struct mnt_idmap *idmap, 114 - struct dentry *dentry, const char *acl_name, 115 - struct posix_acl *kacl); 116 - static inline int ima_inode_remove_acl(struct mnt_idmap *idmap, 117 - struct dentry *dentry, 118 - const char *acl_name) 119 - { 120 - return ima_inode_set_acl(idmap, dentry, acl_name, NULL); 121 - } 122 - extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 123 174 #else 124 175 static inline bool is_ima_appraise_enabled(void) 125 - { 126 - return 0; 127 - } 128 - 129 - static inline void ima_inode_post_setattr(struct mnt_idmap *idmap, 130 - struct dentry *dentry) 131 - { 132 - return; 133 - } 134 - 135 - static inline int ima_inode_setxattr(struct dentry *dentry, 136 - const char *xattr_name, 137 - const void *xattr_value, 138 - size_t xattr_value_len) 139 - { 140 - return 0; 141 - } 142 - 143 - static inline int ima_inode_set_acl(struct mnt_idmap *idmap, 144 - struct dentry *dentry, const char *acl_name, 145 - struct posix_acl *kacl) 146 - { 147 - 148 - return 0; 149 - } 150 - 151 - static inline int ima_inode_removexattr(struct dentry *dentry, 152 - const char *xattr_name) 153 - { 154 - return 0; 155 - } 156 - 157 - static inline int ima_inode_remove_acl(struct mnt_idmap *idmap, 158 - struct dentry *dentry, 159 - const char *acl_name) 160 176 { 161 177 return 0; 162 178 }
-27
include/linux/integrity.h
··· 19 19 INTEGRITY_UNKNOWN, 20 20 }; 21 21 22 - /* List of EVM protected security xattrs */ 23 22 #ifdef CONFIG_INTEGRITY 24 - extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode); 25 - extern void integrity_inode_free(struct inode *inode); 26 23 extern void __init integrity_load_keys(void); 27 24 28 25 #else 29 - static inline struct integrity_iint_cache * 30 - integrity_inode_get(struct inode *inode) 31 - { 32 - return NULL; 33 - } 34 - 35 - static inline void integrity_inode_free(struct inode *inode) 36 - { 37 - return; 38 - } 39 - 40 26 static inline void integrity_load_keys(void) 41 27 { 42 28 } 43 29 #endif /* CONFIG_INTEGRITY */ 44 - 45 - #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 46 - 47 - extern int integrity_kernel_module_request(char *kmod_name); 48 - 49 - #else 50 - 51 - static inline int integrity_kernel_module_request(char *kmod_name) 52 - { 53 - return 0; 54 - } 55 - 56 - #endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */ 57 30 58 31 #endif /* _LINUX_INTEGRITY_H */
+19 -1
include/linux/lsm_hook_defs.h
··· 94 94 LSM_HOOK(int, 0, path_rmdir, const struct path *dir, struct dentry *dentry) 95 95 LSM_HOOK(int, 0, path_mknod, const struct path *dir, struct dentry *dentry, 96 96 umode_t mode, unsigned int dev) 97 + LSM_HOOK(void, LSM_RET_VOID, path_post_mknod, struct mnt_idmap *idmap, 98 + struct dentry *dentry) 97 99 LSM_HOOK(int, 0, path_truncate, const struct path *path) 98 100 LSM_HOOK(int, 0, path_symlink, const struct path *dir, struct dentry *dentry, 99 101 const char *old_name) ··· 121 119 const struct qstr *name, const struct inode *context_inode) 122 120 LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry, 123 121 umode_t mode) 122 + LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap, 123 + struct inode *inode) 124 124 LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir, 125 125 struct dentry *new_dentry) 126 126 LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry) ··· 139 135 LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode, 140 136 bool rcu) 141 137 LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask) 142 - LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr) 138 + LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry, 139 + struct iattr *attr) 140 + LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, struct mnt_idmap *idmap, 141 + struct dentry *dentry, int ia_valid) 143 142 LSM_HOOK(int, 0, inode_getattr, const struct path *path) 144 143 LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap, 145 144 struct dentry *dentry, const char *name, const void *value, ··· 153 146 LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry) 154 147 LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap, 155 148 struct dentry *dentry, const char *name) 149 + LSM_HOOK(void, LSM_RET_VOID, inode_post_removexattr, struct dentry *dentry, 150 + const char *name) 156 151 LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap, 157 152 struct dentry *dentry, const char *acl_name, struct posix_acl *kacl) 153 + LSM_HOOK(void, LSM_RET_VOID, inode_post_set_acl, struct dentry *dentry, 154 + const char *acl_name, struct posix_acl *kacl) 158 155 LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap, 159 156 struct dentry *dentry, const char *acl_name) 160 157 LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap, 158 + struct dentry *dentry, const char *acl_name) 159 + LSM_HOOK(void, LSM_RET_VOID, inode_post_remove_acl, struct mnt_idmap *idmap, 161 160 struct dentry *dentry, const char *acl_name) 162 161 LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry) 163 162 LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap, ··· 181 168 struct kernfs_node *kn) 182 169 LSM_HOOK(int, 0, file_permission, struct file *file, int mask) 183 170 LSM_HOOK(int, 0, file_alloc_security, struct file *file) 171 + LSM_HOOK(void, LSM_RET_VOID, file_release, struct file *file) 184 172 LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file) 185 173 LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd, 186 174 unsigned long arg) ··· 200 186 struct fown_struct *fown, int sig) 201 187 LSM_HOOK(int, 0, file_receive, struct file *file) 202 188 LSM_HOOK(int, 0, file_open, struct file *file) 189 + LSM_HOOK(int, 0, file_post_open, struct file *file, int mask) 203 190 LSM_HOOK(int, 0, file_truncate, struct file *file) 204 191 LSM_HOOK(int, 0, task_alloc, struct task_struct *task, 205 192 unsigned long clone_flags) ··· 405 390 LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred, 406 391 enum key_need_perm need_perm) 407 392 LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer) 393 + LSM_HOOK(void, LSM_RET_VOID, key_post_create_or_update, struct key *keyring, 394 + struct key *key, const void *payload, size_t payload_len, 395 + unsigned long flags, bool create) 408 396 #endif /* CONFIG_KEYS */ 409 397 410 398 #ifdef CONFIG_AUDIT
+59
include/linux/security.h
··· 345 345 const struct qstr *name, 346 346 const struct inode *context_inode); 347 347 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 348 + void security_inode_post_create_tmpfile(struct mnt_idmap *idmap, 349 + struct inode *inode); 348 350 int security_inode_link(struct dentry *old_dentry, struct inode *dir, 349 351 struct dentry *new_dentry); 350 352 int security_inode_unlink(struct inode *dir, struct dentry *dentry); ··· 364 362 int security_inode_permission(struct inode *inode, int mask); 365 363 int security_inode_setattr(struct mnt_idmap *idmap, 366 364 struct dentry *dentry, struct iattr *attr); 365 + void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 366 + int ia_valid); 367 367 int security_inode_getattr(const struct path *path); 368 368 int security_inode_setxattr(struct mnt_idmap *idmap, 369 369 struct dentry *dentry, const char *name, ··· 373 369 int security_inode_set_acl(struct mnt_idmap *idmap, 374 370 struct dentry *dentry, const char *acl_name, 375 371 struct posix_acl *kacl); 372 + void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name, 373 + struct posix_acl *kacl); 376 374 int security_inode_get_acl(struct mnt_idmap *idmap, 377 375 struct dentry *dentry, const char *acl_name); 378 376 int security_inode_remove_acl(struct mnt_idmap *idmap, 379 377 struct dentry *dentry, const char *acl_name); 378 + void security_inode_post_remove_acl(struct mnt_idmap *idmap, 379 + struct dentry *dentry, 380 + const char *acl_name); 380 381 void security_inode_post_setxattr(struct dentry *dentry, const char *name, 381 382 const void *value, size_t size, int flags); 382 383 int security_inode_getxattr(struct dentry *dentry, const char *name); 383 384 int security_inode_listxattr(struct dentry *dentry); 384 385 int security_inode_removexattr(struct mnt_idmap *idmap, 385 386 struct dentry *dentry, const char *name); 387 + void security_inode_post_removexattr(struct dentry *dentry, const char *name); 386 388 int security_inode_need_killpriv(struct dentry *dentry); 387 389 int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry); 388 390 int security_inode_getsecurity(struct mnt_idmap *idmap, ··· 403 393 struct kernfs_node *kn); 404 394 int security_file_permission(struct file *file, int mask); 405 395 int security_file_alloc(struct file *file); 396 + void security_file_release(struct file *file); 406 397 void security_file_free(struct file *file); 407 398 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 408 399 int security_file_ioctl_compat(struct file *file, unsigned int cmd, ··· 420 409 struct fown_struct *fown, int sig); 421 410 int security_file_receive(struct file *file); 422 411 int security_file_open(struct file *file); 412 + int security_file_post_open(struct file *file, int mask); 423 413 int security_file_truncate(struct file *file); 424 414 int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 425 415 void security_task_free(struct task_struct *task); ··· 819 807 return 0; 820 808 } 821 809 810 + static inline void 811 + security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode) 812 + { } 813 + 822 814 static inline int security_inode_link(struct dentry *old_dentry, 823 815 struct inode *dir, 824 816 struct dentry *new_dentry) ··· 896 880 return 0; 897 881 } 898 882 883 + static inline void 884 + security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 885 + int ia_valid) 886 + { } 887 + 899 888 static inline int security_inode_getattr(const struct path *path) 900 889 { 901 890 return 0; ··· 921 900 return 0; 922 901 } 923 902 903 + static inline void security_inode_post_set_acl(struct dentry *dentry, 904 + const char *acl_name, 905 + struct posix_acl *kacl) 906 + { } 907 + 924 908 static inline int security_inode_get_acl(struct mnt_idmap *idmap, 925 909 struct dentry *dentry, 926 910 const char *acl_name) ··· 939 913 { 940 914 return 0; 941 915 } 916 + 917 + static inline void security_inode_post_remove_acl(struct mnt_idmap *idmap, 918 + struct dentry *dentry, 919 + const char *acl_name) 920 + { } 942 921 943 922 static inline void security_inode_post_setxattr(struct dentry *dentry, 944 923 const char *name, const void *value, size_t size, int flags) ··· 966 935 { 967 936 return cap_inode_removexattr(idmap, dentry, name); 968 937 } 938 + 939 + static inline void security_inode_post_removexattr(struct dentry *dentry, 940 + const char *name) 941 + { } 969 942 970 943 static inline int security_inode_need_killpriv(struct dentry *dentry) 971 944 { ··· 1030 995 { 1031 996 return 0; 1032 997 } 998 + 999 + static inline void security_file_release(struct file *file) 1000 + { } 1033 1001 1034 1002 static inline void security_file_free(struct file *file) 1035 1003 { } ··· 1097 1059 } 1098 1060 1099 1061 static inline int security_file_open(struct file *file) 1062 + { 1063 + return 0; 1064 + } 1065 + 1066 + static inline int security_file_post_open(struct file *file, int mask) 1100 1067 { 1101 1068 return 0; 1102 1069 } ··· 1915 1872 int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1916 1873 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1917 1874 unsigned int dev); 1875 + void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry); 1918 1876 int security_path_truncate(const struct path *path); 1919 1877 int security_path_symlink(const struct path *dir, struct dentry *dentry, 1920 1878 const char *old_name); ··· 1949 1905 { 1950 1906 return 0; 1951 1907 } 1908 + 1909 + static inline void security_path_post_mknod(struct mnt_idmap *idmap, 1910 + struct dentry *dentry) 1911 + { } 1952 1912 1953 1913 static inline int security_path_truncate(const struct path *path) 1954 1914 { ··· 2005 1957 int security_key_permission(key_ref_t key_ref, const struct cred *cred, 2006 1958 enum key_need_perm need_perm); 2007 1959 int security_key_getsecurity(struct key *key, char **_buffer); 1960 + void security_key_post_create_or_update(struct key *keyring, struct key *key, 1961 + const void *payload, size_t payload_len, 1962 + unsigned long flags, bool create); 2008 1963 2009 1964 #else 2010 1965 ··· 2034 1983 *_buffer = NULL; 2035 1984 return 0; 2036 1985 } 1986 + 1987 + static inline void security_key_post_create_or_update(struct key *keyring, 1988 + struct key *key, 1989 + const void *payload, 1990 + size_t payload_len, 1991 + unsigned long flags, 1992 + bool create) 1993 + { } 2037 1994 2038 1995 #endif 2039 1996 #endif /* CONFIG_KEYS */
+2
include/uapi/linux/lsm.h
··· 62 62 #define LSM_ID_LOCKDOWN 108 63 63 #define LSM_ID_BPF 109 64 64 #define LSM_ID_LANDLOCK 110 65 + #define LSM_ID_IMA 111 66 + #define LSM_ID_EVM 112 65 67 66 68 /* 67 69 * LSM_ATTR_XXX definitions identify different LSM attributes
+2 -2
kernel/cred.c
··· 606 606 void __init cred_init(void) 607 607 { 608 608 /* allocate a slab in which we can store credentials */ 609 - cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), 0, 610 - SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL); 609 + cred_jar = KMEM_CACHE(cred, 610 + SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT); 611 611 } 612 612 613 613 /**
+1
security/integrity/Makefile
··· 18 18 integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \ 19 19 platform_certs/load_powerpc.o \ 20 20 platform_certs/keyring_handler.o 21 + # The relative order of the 'ima' and 'evm' LSMs depends on the order below. 21 22 obj-$(CONFIG_IMA) += ima/ 22 23 obj-$(CONFIG_EVM) += evm/
-23
security/integrity/digsig_asymmetric.c
··· 132 132 pr_debug("%s() = %d\n", __func__, ret); 133 133 return ret; 134 134 } 135 - 136 - /** 137 - * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests 138 - * @kmod_name: kernel module name 139 - * 140 - * We have situation, when public_key_verify_signature() in case of RSA 141 - * algorithm use alg_name to store internal information in order to 142 - * construct an algorithm on the fly, but crypto_larval_lookup() will try 143 - * to use alg_name in order to load kernel module with same name. 144 - * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules, 145 - * we are safe to fail such module request from crypto_larval_lookup(). 146 - * 147 - * In this way we prevent modprobe execution during digsig verification 148 - * and avoid possible deadlock if modprobe and/or it's dependencies 149 - * also signed with digsig. 150 - */ 151 - int integrity_kernel_module_request(char *kmod_name) 152 - { 153 - if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0) 154 - return -EINVAL; 155 - 156 - return 0; 157 - }
+1
security/integrity/evm/Kconfig
··· 6 6 select CRYPTO_HMAC 7 7 select CRYPTO_SHA1 8 8 select CRYPTO_HASH_INFO 9 + select SECURITY_PATH 9 10 default n 10 11 help 11 12 EVM protects a file's security extended attributes against
+19
security/integrity/evm/evm.h
··· 32 32 bool enabled; 33 33 }; 34 34 35 + #define EVM_NEW_FILE 0x00000001 36 + #define EVM_IMMUTABLE_DIGSIG 0x00000002 37 + 38 + /* EVM integrity metadata associated with an inode */ 39 + struct evm_iint_cache { 40 + unsigned long flags; 41 + enum integrity_status evm_status:4; 42 + }; 43 + 44 + extern struct lsm_blob_sizes evm_blob_sizes; 45 + 46 + static inline struct evm_iint_cache *evm_iint_inode(const struct inode *inode) 47 + { 48 + if (unlikely(!inode->i_security)) 49 + return NULL; 50 + 51 + return inode->i_security + evm_blob_sizes.lbs_inode; 52 + } 53 + 35 54 extern int evm_initialized; 36 55 37 56 #define EVM_ATTR_FSUUID 0x0001
+2 -2
security/integrity/evm/evm_crypto.c
··· 322 322 static int evm_is_immutable(struct dentry *dentry, struct inode *inode) 323 323 { 324 324 const struct evm_ima_xattr_data *xattr_data = NULL; 325 - struct integrity_iint_cache *iint; 325 + struct evm_iint_cache *iint; 326 326 int rc = 0; 327 327 328 - iint = integrity_iint_find(inode); 328 + iint = evm_iint_inode(inode); 329 329 if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) 330 330 return 1; 331 331
+161 -34
security/integrity/evm/evm_main.c
··· 178 178 static enum integrity_status evm_verify_hmac(struct dentry *dentry, 179 179 const char *xattr_name, 180 180 char *xattr_value, 181 - size_t xattr_value_len, 182 - struct integrity_iint_cache *iint) 181 + size_t xattr_value_len) 183 182 { 184 183 struct evm_ima_xattr_data *xattr_data = NULL; 185 184 struct signature_v2_hdr *hdr; 186 185 enum integrity_status evm_status = INTEGRITY_PASS; 187 186 struct evm_digest digest; 188 - struct inode *inode; 187 + struct inode *inode = d_backing_inode(dentry); 188 + struct evm_iint_cache *iint = evm_iint_inode(inode); 189 189 int rc, xattr_len, evm_immutable = 0; 190 190 191 191 if (iint && (iint->evm_status == INTEGRITY_PASS || ··· 254 254 (const char *)xattr_data, xattr_len, 255 255 digest.digest, digest.hdr.length); 256 256 if (!rc) { 257 - inode = d_backing_inode(dentry); 258 - 259 257 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) { 260 258 if (iint) 261 259 iint->flags |= EVM_IMMUTABLE_DIGSIG; ··· 401 403 * @xattr_name: requested xattr 402 404 * @xattr_value: requested xattr value 403 405 * @xattr_value_len: requested xattr value length 404 - * @iint: inode integrity metadata 405 406 * 406 407 * Calculate the HMAC for the given dentry and verify it against the stored 407 408 * security.evm xattr. For performance, use the xattr value and length ··· 413 416 */ 414 417 enum integrity_status evm_verifyxattr(struct dentry *dentry, 415 418 const char *xattr_name, 416 - void *xattr_value, size_t xattr_value_len, 417 - struct integrity_iint_cache *iint) 419 + void *xattr_value, size_t xattr_value_len) 418 420 { 419 421 if (!evm_key_loaded() || !evm_protected_xattr(xattr_name)) 420 422 return INTEGRITY_UNKNOWN; ··· 421 425 if (is_unsupported_fs(dentry)) 422 426 return INTEGRITY_UNKNOWN; 423 427 424 - if (!iint) { 425 - iint = integrity_iint_find(d_backing_inode(dentry)); 426 - if (!iint) 427 - return INTEGRITY_UNKNOWN; 428 - } 429 428 return evm_verify_hmac(dentry, xattr_name, xattr_value, 430 - xattr_value_len, iint); 429 + xattr_value_len); 431 430 } 432 431 EXPORT_SYMBOL_GPL(evm_verifyxattr); 433 432 ··· 439 448 440 449 if (!evm_key_loaded() || !S_ISREG(inode->i_mode) || evm_fixmode) 441 450 return INTEGRITY_PASS; 442 - return evm_verify_hmac(dentry, NULL, NULL, 0, NULL); 451 + return evm_verify_hmac(dentry, NULL, NULL, 0); 443 452 } 444 453 445 454 /* ··· 517 526 518 527 evm_status = evm_verify_current_integrity(dentry); 519 528 if (evm_status == INTEGRITY_NOXATTRS) { 520 - struct integrity_iint_cache *iint; 529 + struct evm_iint_cache *iint; 521 530 522 531 /* Exception if the HMAC is not going to be calculated. */ 523 532 if (evm_hmac_disabled()) 524 533 return 0; 525 534 526 - iint = integrity_iint_find(d_backing_inode(dentry)); 527 - if (iint && (iint->flags & IMA_NEW_FILE)) 535 + iint = evm_iint_inode(d_backing_inode(dentry)); 536 + if (iint && (iint->flags & EVM_NEW_FILE)) 528 537 return 0; 529 538 530 539 /* exception for pseudo filesystems */ ··· 572 581 * @xattr_name: pointer to the affected extended attribute name 573 582 * @xattr_value: pointer to the new extended attribute value 574 583 * @xattr_value_len: pointer to the new extended attribute value length 584 + * @flags: flags to pass into filesystem operations 575 585 * 576 586 * Before allowing the 'security.evm' protected xattr to be updated, 577 587 * verify the existing value is valid. As only the kernel should have ··· 580 588 * userspace from writing HMAC value. Writing 'security.evm' requires 581 589 * requires CAP_SYS_ADMIN privileges. 582 590 */ 583 - int evm_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 584 - const char *xattr_name, const void *xattr_value, 585 - size_t xattr_value_len) 591 + static int evm_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 592 + const char *xattr_name, const void *xattr_value, 593 + size_t xattr_value_len, int flags) 586 594 { 587 595 const struct evm_ima_xattr_data *xattr_data = xattr_value; 588 596 ··· 612 620 * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that 613 621 * the current value is valid. 614 622 */ 615 - int evm_inode_removexattr(struct mnt_idmap *idmap, 616 - struct dentry *dentry, const char *xattr_name) 623 + static int evm_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 624 + const char *xattr_name) 617 625 { 618 626 /* Policy permits modification of the protected xattrs even though 619 627 * there's no HMAC key loaded ··· 663 671 * Prevent modifying posix acls causing the EVM HMAC to be re-calculated 664 672 * and 'security.evm' xattr updated, unless the existing 'security.evm' is 665 673 * valid. 674 + * 675 + * Return: zero on success, -EPERM on failure. 666 676 */ 667 - int evm_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, 668 - const char *acl_name, struct posix_acl *kacl) 677 + static int evm_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, 678 + const char *acl_name, struct posix_acl *kacl) 669 679 { 670 680 enum integrity_status evm_status; 671 681 ··· 706 712 return -EPERM; 707 713 } 708 714 715 + /** 716 + * evm_inode_remove_acl - Protect the EVM extended attribute from posix acls 717 + * @idmap: idmap of the mount 718 + * @dentry: pointer to the affected dentry 719 + * @acl_name: name of the posix acl 720 + * 721 + * Prevent removing posix acls causing the EVM HMAC to be re-calculated 722 + * and 'security.evm' xattr updated, unless the existing 'security.evm' is 723 + * valid. 724 + * 725 + * Return: zero on success, -EPERM on failure. 726 + */ 727 + static int evm_inode_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry, 728 + const char *acl_name) 729 + { 730 + return evm_inode_set_acl(idmap, dentry, acl_name, NULL); 731 + } 732 + 709 733 static void evm_reset_status(struct inode *inode) 710 734 { 711 - struct integrity_iint_cache *iint; 735 + struct evm_iint_cache *iint; 712 736 713 - iint = integrity_iint_find(inode); 737 + iint = evm_iint_inode(inode); 714 738 if (iint) 715 739 iint->evm_status = INTEGRITY_UNKNOWN; 716 740 } ··· 764 752 * @xattr_name: pointer to the affected extended attribute name 765 753 * @xattr_value: pointer to the new extended attribute value 766 754 * @xattr_value_len: pointer to the new extended attribute value length 755 + * @flags: flags to pass into filesystem operations 767 756 * 768 757 * Update the HMAC stored in 'security.evm' to reflect the change. 769 758 * ··· 772 759 * __vfs_setxattr_noperm(). The caller of which has taken the inode's 773 760 * i_mutex lock. 774 761 */ 775 - void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, 776 - const void *xattr_value, size_t xattr_value_len) 762 + static void evm_inode_post_setxattr(struct dentry *dentry, 763 + const char *xattr_name, 764 + const void *xattr_value, 765 + size_t xattr_value_len, 766 + int flags) 777 767 { 778 768 if (!evm_revalidate_status(xattr_name)) 779 769 return; ··· 796 780 } 797 781 798 782 /** 783 + * evm_inode_post_set_acl - Update the EVM extended attribute from posix acls 784 + * @dentry: pointer to the affected dentry 785 + * @acl_name: name of the posix acl 786 + * @kacl: pointer to the posix acls 787 + * 788 + * Update the 'security.evm' xattr with the EVM HMAC re-calculated after setting 789 + * posix acls. 790 + */ 791 + static void evm_inode_post_set_acl(struct dentry *dentry, const char *acl_name, 792 + struct posix_acl *kacl) 793 + { 794 + return evm_inode_post_setxattr(dentry, acl_name, NULL, 0, 0); 795 + } 796 + 797 + /** 799 798 * evm_inode_post_removexattr - update 'security.evm' after removing the xattr 800 799 * @dentry: pointer to the affected dentry 801 800 * @xattr_name: pointer to the affected extended attribute name ··· 820 789 * No need to take the i_mutex lock here, as this function is called from 821 790 * vfs_removexattr() which takes the i_mutex. 822 791 */ 823 - void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name) 792 + static void evm_inode_post_removexattr(struct dentry *dentry, 793 + const char *xattr_name) 824 794 { 825 795 if (!evm_revalidate_status(xattr_name)) 826 796 return; ··· 835 803 return; 836 804 837 805 evm_update_evmxattr(dentry, xattr_name, NULL, 0); 806 + } 807 + 808 + /** 809 + * evm_inode_post_remove_acl - Update the EVM extended attribute from posix acls 810 + * @idmap: idmap of the mount 811 + * @dentry: pointer to the affected dentry 812 + * @acl_name: name of the posix acl 813 + * 814 + * Update the 'security.evm' xattr with the EVM HMAC re-calculated after 815 + * removing posix acls. 816 + */ 817 + static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 818 + struct dentry *dentry, 819 + const char *acl_name) 820 + { 821 + evm_inode_post_removexattr(dentry, acl_name); 838 822 } 839 823 840 824 static int evm_attr_change(struct mnt_idmap *idmap, ··· 876 828 * Permit update of file attributes when files have a valid EVM signature, 877 829 * except in the case of them having an immutable portable signature. 878 830 */ 879 - int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 880 - struct iattr *attr) 831 + static int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 832 + struct iattr *attr) 881 833 { 882 834 unsigned int ia_valid = attr->ia_valid; 883 835 enum integrity_status evm_status; ··· 918 870 919 871 /** 920 872 * evm_inode_post_setattr - update 'security.evm' after modifying metadata 873 + * @idmap: idmap of the idmapped mount 921 874 * @dentry: pointer to the affected dentry 922 875 * @ia_valid: for the UID and GID status 923 876 * ··· 928 879 * This function is called from notify_change(), which expects the caller 929 880 * to lock the inode's i_mutex. 930 881 */ 931 - void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 882 + static void evm_inode_post_setattr(struct mnt_idmap *idmap, 883 + struct dentry *dentry, int ia_valid) 932 884 { 933 885 if (!evm_revalidate_status(NULL)) 934 886 return; ··· 946 896 evm_update_evmxattr(dentry, NULL, NULL, 0); 947 897 } 948 898 949 - int evm_inode_copy_up_xattr(const char *name) 899 + static int evm_inode_copy_up_xattr(const char *name) 950 900 { 951 901 if (strcmp(name, XATTR_NAME_EVM) == 0) 952 902 return 1; /* Discard */ ··· 1010 960 } 1011 961 EXPORT_SYMBOL_GPL(evm_inode_init_security); 1012 962 963 + static int evm_inode_alloc_security(struct inode *inode) 964 + { 965 + struct evm_iint_cache *iint = evm_iint_inode(inode); 966 + 967 + /* Called by security_inode_alloc(), it cannot be NULL. */ 968 + iint->flags = 0UL; 969 + iint->evm_status = INTEGRITY_UNKNOWN; 970 + 971 + return 0; 972 + } 973 + 974 + static void evm_file_release(struct file *file) 975 + { 976 + struct inode *inode = file_inode(file); 977 + struct evm_iint_cache *iint = evm_iint_inode(inode); 978 + fmode_t mode = file->f_mode; 979 + 980 + if (!S_ISREG(inode->i_mode) || !(mode & FMODE_WRITE)) 981 + return; 982 + 983 + if (iint && atomic_read(&inode->i_writecount) == 1) 984 + iint->flags &= ~EVM_NEW_FILE; 985 + } 986 + 987 + static void evm_post_path_mknod(struct mnt_idmap *idmap, struct dentry *dentry) 988 + { 989 + struct inode *inode = d_backing_inode(dentry); 990 + struct evm_iint_cache *iint = evm_iint_inode(inode); 991 + 992 + if (!S_ISREG(inode->i_mode)) 993 + return; 994 + 995 + if (iint) 996 + iint->flags |= EVM_NEW_FILE; 997 + } 998 + 1013 999 #ifdef CONFIG_EVM_LOAD_X509 1014 1000 void __init evm_load_x509(void) 1015 1001 { ··· 1084 998 1085 999 return error; 1086 1000 } 1001 + 1002 + static struct security_hook_list evm_hooks[] __ro_after_init = { 1003 + LSM_HOOK_INIT(inode_setattr, evm_inode_setattr), 1004 + LSM_HOOK_INIT(inode_post_setattr, evm_inode_post_setattr), 1005 + LSM_HOOK_INIT(inode_copy_up_xattr, evm_inode_copy_up_xattr), 1006 + LSM_HOOK_INIT(inode_setxattr, evm_inode_setxattr), 1007 + LSM_HOOK_INIT(inode_post_setxattr, evm_inode_post_setxattr), 1008 + LSM_HOOK_INIT(inode_set_acl, evm_inode_set_acl), 1009 + LSM_HOOK_INIT(inode_post_set_acl, evm_inode_post_set_acl), 1010 + LSM_HOOK_INIT(inode_remove_acl, evm_inode_remove_acl), 1011 + LSM_HOOK_INIT(inode_post_remove_acl, evm_inode_post_remove_acl), 1012 + LSM_HOOK_INIT(inode_removexattr, evm_inode_removexattr), 1013 + LSM_HOOK_INIT(inode_post_removexattr, evm_inode_post_removexattr), 1014 + LSM_HOOK_INIT(inode_init_security, evm_inode_init_security), 1015 + LSM_HOOK_INIT(inode_alloc_security, evm_inode_alloc_security), 1016 + LSM_HOOK_INIT(file_release, evm_file_release), 1017 + LSM_HOOK_INIT(path_post_mknod, evm_post_path_mknod), 1018 + }; 1019 + 1020 + static const struct lsm_id evm_lsmid = { 1021 + .name = "evm", 1022 + .id = LSM_ID_EVM, 1023 + }; 1024 + 1025 + static int __init init_evm_lsm(void) 1026 + { 1027 + security_add_hooks(evm_hooks, ARRAY_SIZE(evm_hooks), &evm_lsmid); 1028 + return 0; 1029 + } 1030 + 1031 + struct lsm_blob_sizes evm_blob_sizes __ro_after_init = { 1032 + .lbs_inode = sizeof(struct evm_iint_cache), 1033 + .lbs_xattr_count = 1, 1034 + }; 1035 + 1036 + DEFINE_LSM(evm) = { 1037 + .name = "evm", 1038 + .init = init_evm_lsm, 1039 + .order = LSM_ORDER_LAST, 1040 + .blobs = &evm_blob_sizes, 1041 + }; 1087 1042 1088 1043 late_initcall(init_evm);
+2 -195
security/integrity/iint.c
··· 6 6 * Mimi Zohar <zohar@us.ibm.com> 7 7 * 8 8 * File: integrity_iint.c 9 - * - implements the integrity hooks: integrity_inode_alloc, 10 - * integrity_inode_free 11 - * - cache integrity information associated with an inode 12 - * using a rbtree tree. 9 + * - initialize the integrity directory in securityfs 10 + * - load IMA and EVM keys 13 11 */ 14 - #include <linux/slab.h> 15 - #include <linux/init.h> 16 - #include <linux/spinlock.h> 17 - #include <linux/rbtree.h> 18 - #include <linux/file.h> 19 - #include <linux/uaccess.h> 20 12 #include <linux/security.h> 21 - #include <linux/lsm_hooks.h> 22 13 #include "integrity.h" 23 14 24 - static struct rb_root integrity_iint_tree = RB_ROOT; 25 - static DEFINE_RWLOCK(integrity_iint_lock); 26 - static struct kmem_cache *iint_cache __ro_after_init; 27 - 28 15 struct dentry *integrity_dir; 29 - 30 - /* 31 - * __integrity_iint_find - return the iint associated with an inode 32 - */ 33 - static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode) 34 - { 35 - struct integrity_iint_cache *iint; 36 - struct rb_node *n = integrity_iint_tree.rb_node; 37 - 38 - while (n) { 39 - iint = rb_entry(n, struct integrity_iint_cache, rb_node); 40 - 41 - if (inode < iint->inode) 42 - n = n->rb_left; 43 - else if (inode > iint->inode) 44 - n = n->rb_right; 45 - else 46 - return iint; 47 - } 48 - 49 - return NULL; 50 - } 51 - 52 - /* 53 - * integrity_iint_find - return the iint associated with an inode 54 - */ 55 - struct integrity_iint_cache *integrity_iint_find(struct inode *inode) 56 - { 57 - struct integrity_iint_cache *iint; 58 - 59 - if (!IS_IMA(inode)) 60 - return NULL; 61 - 62 - read_lock(&integrity_iint_lock); 63 - iint = __integrity_iint_find(inode); 64 - read_unlock(&integrity_iint_lock); 65 - 66 - return iint; 67 - } 68 - 69 - #define IMA_MAX_NESTING (FILESYSTEM_MAX_STACK_DEPTH+1) 70 - 71 - /* 72 - * It is not clear that IMA should be nested at all, but as long is it measures 73 - * files both on overlayfs and on underlying fs, we need to annotate the iint 74 - * mutex to avoid lockdep false positives related to IMA + overlayfs. 75 - * See ovl_lockdep_annotate_inode_mutex_key() for more details. 76 - */ 77 - static inline void iint_lockdep_annotate(struct integrity_iint_cache *iint, 78 - struct inode *inode) 79 - { 80 - #ifdef CONFIG_LOCKDEP 81 - static struct lock_class_key iint_mutex_key[IMA_MAX_NESTING]; 82 - 83 - int depth = inode->i_sb->s_stack_depth; 84 - 85 - if (WARN_ON_ONCE(depth < 0 || depth >= IMA_MAX_NESTING)) 86 - depth = 0; 87 - 88 - lockdep_set_class(&iint->mutex, &iint_mutex_key[depth]); 89 - #endif 90 - } 91 - 92 - static void iint_init_always(struct integrity_iint_cache *iint, 93 - struct inode *inode) 94 - { 95 - iint->ima_hash = NULL; 96 - iint->version = 0; 97 - iint->flags = 0UL; 98 - iint->atomic_flags = 0UL; 99 - iint->ima_file_status = INTEGRITY_UNKNOWN; 100 - iint->ima_mmap_status = INTEGRITY_UNKNOWN; 101 - iint->ima_bprm_status = INTEGRITY_UNKNOWN; 102 - iint->ima_read_status = INTEGRITY_UNKNOWN; 103 - iint->ima_creds_status = INTEGRITY_UNKNOWN; 104 - iint->evm_status = INTEGRITY_UNKNOWN; 105 - iint->measured_pcrs = 0; 106 - mutex_init(&iint->mutex); 107 - iint_lockdep_annotate(iint, inode); 108 - } 109 - 110 - static void iint_free(struct integrity_iint_cache *iint) 111 - { 112 - kfree(iint->ima_hash); 113 - mutex_destroy(&iint->mutex); 114 - kmem_cache_free(iint_cache, iint); 115 - } 116 - 117 - /** 118 - * integrity_inode_get - find or allocate an iint associated with an inode 119 - * @inode: pointer to the inode 120 - * @return: allocated iint 121 - * 122 - * Caller must lock i_mutex 123 - */ 124 - struct integrity_iint_cache *integrity_inode_get(struct inode *inode) 125 - { 126 - struct rb_node **p; 127 - struct rb_node *node, *parent = NULL; 128 - struct integrity_iint_cache *iint, *test_iint; 129 - 130 - iint = integrity_iint_find(inode); 131 - if (iint) 132 - return iint; 133 - 134 - iint = kmem_cache_alloc(iint_cache, GFP_NOFS); 135 - if (!iint) 136 - return NULL; 137 - 138 - iint_init_always(iint, inode); 139 - 140 - write_lock(&integrity_iint_lock); 141 - 142 - p = &integrity_iint_tree.rb_node; 143 - while (*p) { 144 - parent = *p; 145 - test_iint = rb_entry(parent, struct integrity_iint_cache, 146 - rb_node); 147 - if (inode < test_iint->inode) { 148 - p = &(*p)->rb_left; 149 - } else if (inode > test_iint->inode) { 150 - p = &(*p)->rb_right; 151 - } else { 152 - write_unlock(&integrity_iint_lock); 153 - kmem_cache_free(iint_cache, iint); 154 - return test_iint; 155 - } 156 - } 157 - 158 - iint->inode = inode; 159 - node = &iint->rb_node; 160 - inode->i_flags |= S_IMA; 161 - rb_link_node(node, parent, p); 162 - rb_insert_color(node, &integrity_iint_tree); 163 - 164 - write_unlock(&integrity_iint_lock); 165 - return iint; 166 - } 167 - 168 - /** 169 - * integrity_inode_free - called on security_inode_free 170 - * @inode: pointer to the inode 171 - * 172 - * Free the integrity information(iint) associated with an inode. 173 - */ 174 - void integrity_inode_free(struct inode *inode) 175 - { 176 - struct integrity_iint_cache *iint; 177 - 178 - if (!IS_IMA(inode)) 179 - return; 180 - 181 - write_lock(&integrity_iint_lock); 182 - iint = __integrity_iint_find(inode); 183 - rb_erase(&iint->rb_node, &integrity_iint_tree); 184 - write_unlock(&integrity_iint_lock); 185 - 186 - iint_free(iint); 187 - } 188 - 189 - static void iint_init_once(void *foo) 190 - { 191 - struct integrity_iint_cache *iint = (struct integrity_iint_cache *) foo; 192 - 193 - memset(iint, 0, sizeof(*iint)); 194 - } 195 - 196 - static int __init integrity_iintcache_init(void) 197 - { 198 - iint_cache = 199 - kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), 200 - 0, SLAB_PANIC, iint_init_once); 201 - return 0; 202 - } 203 - DEFINE_LSM(integrity) = { 204 - .name = "integrity", 205 - .init = integrity_iintcache_init, 206 - .order = LSM_ORDER_LAST, 207 - }; 208 - 209 16 210 17 /* 211 18 * integrity_kernel_read - read data from the file
+1
security/integrity/ima/Kconfig
··· 8 8 select CRYPTO_HMAC 9 9 select CRYPTO_SHA1 10 10 select CRYPTO_HASH_INFO 11 + select SECURITY_PATH 11 12 select TCG_TPM if HAS_IOMEM 12 13 select TCG_TIS if TCG_TPM && X86 13 14 select TCG_CRB if TCG_TPM && ACPI
+1 -1
security/integrity/ima/Makefile
··· 4 4 # Measurement Architecture(IMA). 5 5 # 6 6 7 - obj-$(CONFIG_IMA) += ima.o 7 + obj-$(CONFIG_IMA) += ima.o ima_iint.o 8 8 9 9 ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ 10 10 ima_policy.o ima_template.o ima_template_lib.o
+129 -19
security/integrity/ima/ima.h
··· 60 60 61 61 /* IMA event related data */ 62 62 struct ima_event_data { 63 - struct integrity_iint_cache *iint; 63 + struct ima_iint_cache *iint; 64 64 struct file *file; 65 65 const unsigned char *filename; 66 66 struct evm_ima_xattr_data *xattr_value; ··· 119 119 u64 count; 120 120 }; 121 121 122 + /* IMA iint action cache flags */ 123 + #define IMA_MEASURE 0x00000001 124 + #define IMA_MEASURED 0x00000002 125 + #define IMA_APPRAISE 0x00000004 126 + #define IMA_APPRAISED 0x00000008 127 + /*#define IMA_COLLECT 0x00000010 do not use this flag */ 128 + #define IMA_COLLECTED 0x00000020 129 + #define IMA_AUDIT 0x00000040 130 + #define IMA_AUDITED 0x00000080 131 + #define IMA_HASH 0x00000100 132 + #define IMA_HASHED 0x00000200 133 + 134 + /* IMA iint policy rule cache flags */ 135 + #define IMA_NONACTION_FLAGS 0xff000000 136 + #define IMA_DIGSIG_REQUIRED 0x01000000 137 + #define IMA_PERMIT_DIRECTIO 0x02000000 138 + #define IMA_NEW_FILE 0x04000000 139 + #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 140 + #define IMA_MODSIG_ALLOWED 0x20000000 141 + #define IMA_CHECK_BLACKLIST 0x40000000 142 + #define IMA_VERITY_REQUIRED 0x80000000 143 + 144 + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 145 + IMA_HASH | IMA_APPRAISE_SUBMASK) 146 + #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 147 + IMA_HASHED | IMA_COLLECTED | \ 148 + IMA_APPRAISED_SUBMASK) 149 + 150 + /* IMA iint subaction appraise cache flags */ 151 + #define IMA_FILE_APPRAISE 0x00001000 152 + #define IMA_FILE_APPRAISED 0x00002000 153 + #define IMA_MMAP_APPRAISE 0x00004000 154 + #define IMA_MMAP_APPRAISED 0x00008000 155 + #define IMA_BPRM_APPRAISE 0x00010000 156 + #define IMA_BPRM_APPRAISED 0x00020000 157 + #define IMA_READ_APPRAISE 0x00040000 158 + #define IMA_READ_APPRAISED 0x00080000 159 + #define IMA_CREDS_APPRAISE 0x00100000 160 + #define IMA_CREDS_APPRAISED 0x00200000 161 + #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 162 + IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 163 + IMA_CREDS_APPRAISE) 164 + #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 165 + IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 166 + IMA_CREDS_APPRAISED) 167 + 168 + /* IMA iint cache atomic_flags */ 169 + #define IMA_CHANGE_XATTR 0 170 + #define IMA_UPDATE_XATTR 1 171 + #define IMA_CHANGE_ATTR 2 172 + #define IMA_DIGSIG 3 173 + #define IMA_MUST_MEASURE 4 174 + 175 + /* IMA integrity metadata associated with an inode */ 176 + struct ima_iint_cache { 177 + struct mutex mutex; /* protects: version, flags, digest */ 178 + u64 version; /* track inode changes */ 179 + unsigned long flags; 180 + unsigned long measured_pcrs; 181 + unsigned long atomic_flags; 182 + unsigned long real_ino; 183 + dev_t real_dev; 184 + enum integrity_status ima_file_status:4; 185 + enum integrity_status ima_mmap_status:4; 186 + enum integrity_status ima_bprm_status:4; 187 + enum integrity_status ima_read_status:4; 188 + enum integrity_status ima_creds_status:4; 189 + struct ima_digest_data *ima_hash; 190 + }; 191 + 192 + extern struct lsm_blob_sizes ima_blob_sizes; 193 + 194 + static inline struct ima_iint_cache * 195 + ima_inode_get_iint(const struct inode *inode) 196 + { 197 + struct ima_iint_cache **iint_sec; 198 + 199 + if (unlikely(!inode->i_security)) 200 + return NULL; 201 + 202 + iint_sec = inode->i_security + ima_blob_sizes.lbs_inode; 203 + return *iint_sec; 204 + } 205 + 206 + static inline void ima_inode_set_iint(const struct inode *inode, 207 + struct ima_iint_cache *iint) 208 + { 209 + struct ima_iint_cache **iint_sec; 210 + 211 + if (unlikely(!inode->i_security)) 212 + return; 213 + 214 + iint_sec = inode->i_security + ima_blob_sizes.lbs_inode; 215 + *iint_sec = iint; 216 + } 217 + 218 + struct ima_iint_cache *ima_iint_find(struct inode *inode); 219 + struct ima_iint_cache *ima_inode_get(struct inode *inode); 220 + void ima_inode_free(struct inode *inode); 221 + void __init ima_iintcache_init(void); 222 + 122 223 extern const int read_idmap[]; 123 224 124 225 #ifdef CONFIG_HAVE_IMA_KEXEC ··· 227 126 #else 228 127 static inline void ima_load_kexec_buffer(void) {} 229 128 #endif /* CONFIG_HAVE_IMA_KEXEC */ 129 + 130 + #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 131 + void ima_post_key_create_or_update(struct key *keyring, struct key *key, 132 + const void *payload, size_t plen, 133 + unsigned long flags, bool create); 134 + #endif 230 135 231 136 /* 232 137 * The default binary_runtime_measurements list format is defined as the ··· 253 146 struct ima_template_entry *entry); 254 147 int ima_calc_boot_aggregate(struct ima_digest_data *hash); 255 148 void ima_add_violation(struct file *file, const unsigned char *filename, 256 - struct integrity_iint_cache *iint, 257 - const char *op, const char *cause); 149 + struct ima_iint_cache *iint, const char *op, 150 + const char *cause); 258 151 int ima_init_crypto(void); 259 152 void ima_putc(struct seq_file *m, void *data, int datalen); 260 153 void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); ··· 368 261 struct ima_template_desc **template_desc, 369 262 const char *func_data, unsigned int *allowed_algos); 370 263 int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 371 - int ima_collect_measurement(struct integrity_iint_cache *iint, 372 - struct file *file, void *buf, loff_t size, 373 - enum hash_algo algo, struct modsig *modsig); 374 - void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 264 + int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file, 265 + void *buf, loff_t size, enum hash_algo algo, 266 + struct modsig *modsig); 267 + void ima_store_measurement(struct ima_iint_cache *iint, struct file *file, 375 268 const unsigned char *filename, 376 269 struct evm_ima_xattr_data *xattr_value, 377 270 int xattr_len, const struct modsig *modsig, int pcr, ··· 381 274 const char *eventname, enum ima_hooks func, 382 275 int pcr, const char *func_data, 383 276 bool buf_hash, u8 *digest, size_t digest_len); 384 - void ima_audit_measurement(struct integrity_iint_cache *iint, 277 + void ima_audit_measurement(struct ima_iint_cache *iint, 385 278 const unsigned char *filename); 386 279 int ima_alloc_init_template(struct ima_event_data *event_data, 387 280 struct ima_template_entry **entry, ··· 419 312 #define IMA_APPRAISE_KEXEC 0x40 420 313 421 314 #ifdef CONFIG_IMA_APPRAISE 422 - int ima_check_blacklist(struct integrity_iint_cache *iint, 315 + int ima_check_blacklist(struct ima_iint_cache *iint, 423 316 const struct modsig *modsig, int pcr); 424 - int ima_appraise_measurement(enum ima_hooks func, 425 - struct integrity_iint_cache *iint, 317 + int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint, 426 318 struct file *file, const unsigned char *filename, 427 319 struct evm_ima_xattr_data *xattr_value, 428 320 int xattr_len, const struct modsig *modsig); 429 321 int ima_must_appraise(struct mnt_idmap *idmap, struct inode *inode, 430 322 int mask, enum ima_hooks func); 431 - void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 432 - enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 323 + void ima_update_xattr(struct ima_iint_cache *iint, struct file *file); 324 + enum integrity_status ima_get_cache_status(struct ima_iint_cache *iint, 433 325 enum ima_hooks func); 434 326 enum hash_algo ima_get_hash_algo(const struct evm_ima_xattr_data *xattr_value, 435 327 int xattr_len); 436 328 int ima_read_xattr(struct dentry *dentry, 437 329 struct evm_ima_xattr_data **xattr_value, int xattr_len); 330 + void __init init_ima_appraise_lsm(const struct lsm_id *lsmid); 438 331 439 332 #else 440 - static inline int ima_check_blacklist(struct integrity_iint_cache *iint, 333 + static inline int ima_check_blacklist(struct ima_iint_cache *iint, 441 334 const struct modsig *modsig, int pcr) 442 335 { 443 336 return 0; 444 337 } 445 338 446 339 static inline int ima_appraise_measurement(enum ima_hooks func, 447 - struct integrity_iint_cache *iint, 340 + struct ima_iint_cache *iint, 448 341 struct file *file, 449 342 const unsigned char *filename, 450 343 struct evm_ima_xattr_data *xattr_value, ··· 461 354 return 0; 462 355 } 463 356 464 - static inline void ima_update_xattr(struct integrity_iint_cache *iint, 357 + static inline void ima_update_xattr(struct ima_iint_cache *iint, 465 358 struct file *file) 466 359 { 467 360 } 468 361 469 - static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache 470 - *iint, 471 - enum ima_hooks func) 362 + static inline enum integrity_status 363 + ima_get_cache_status(struct ima_iint_cache *iint, enum ima_hooks func) 472 364 { 473 365 return INTEGRITY_UNKNOWN; 474 366 } ··· 483 377 int xattr_len) 484 378 { 485 379 return 0; 380 + } 381 + 382 + static inline void __init init_ima_appraise_lsm(const struct lsm_id *lsmid) 383 + { 486 384 } 487 385 488 386 #endif /* CONFIG_IMA_APPRAISE */
+12 -11
security/integrity/ima/ima_api.c
··· 131 131 * value is invalidated. 132 132 */ 133 133 void ima_add_violation(struct file *file, const unsigned char *filename, 134 - struct integrity_iint_cache *iint, 135 - const char *op, const char *cause) 134 + struct ima_iint_cache *iint, const char *op, 135 + const char *cause) 136 136 { 137 137 struct ima_template_entry *entry; 138 138 struct inode *inode = file_inode(file); ··· 201 201 allowed_algos); 202 202 } 203 203 204 - static bool ima_get_verity_digest(struct integrity_iint_cache *iint, 204 + static bool ima_get_verity_digest(struct ima_iint_cache *iint, 205 + struct inode *inode, 205 206 struct ima_max_digest_data *hash) 206 207 { 207 208 enum hash_algo alg; ··· 212 211 * On failure, 'measure' policy rules will result in a file data 213 212 * hash containing 0's. 214 213 */ 215 - digest_len = fsverity_get_digest(iint->inode, hash->digest, NULL, &alg); 214 + digest_len = fsverity_get_digest(inode, hash->digest, NULL, &alg); 216 215 if (digest_len == 0) 217 216 return false; 218 217 ··· 238 237 * 239 238 * Return 0 on success, error code otherwise 240 239 */ 241 - int ima_collect_measurement(struct integrity_iint_cache *iint, 242 - struct file *file, void *buf, loff_t size, 243 - enum hash_algo algo, struct modsig *modsig) 240 + int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file, 241 + void *buf, loff_t size, enum hash_algo algo, 242 + struct modsig *modsig) 244 243 { 245 244 const char *audit_cause = "failed"; 246 245 struct inode *inode = file_inode(file); ··· 281 280 memset(&hash.digest, 0, sizeof(hash.digest)); 282 281 283 282 if (iint->flags & IMA_VERITY_REQUIRED) { 284 - if (!ima_get_verity_digest(iint, &hash)) { 283 + if (!ima_get_verity_digest(iint, inode, &hash)) { 285 284 audit_cause = "no-verity-digest"; 286 285 result = -ENODATA; 287 286 } ··· 339 338 * 340 339 * Must be called with iint->mutex held. 341 340 */ 342 - void ima_store_measurement(struct integrity_iint_cache *iint, 343 - struct file *file, const unsigned char *filename, 341 + void ima_store_measurement(struct ima_iint_cache *iint, struct file *file, 342 + const unsigned char *filename, 344 343 struct evm_ima_xattr_data *xattr_value, 345 344 int xattr_len, const struct modsig *modsig, int pcr, 346 345 struct ima_template_desc *template_desc) ··· 383 382 ima_free_template_entry(entry); 384 383 } 385 384 386 - void ima_audit_measurement(struct integrity_iint_cache *iint, 385 + void ima_audit_measurement(struct ima_iint_cache *iint, 387 386 const unsigned char *filename) 388 387 { 389 388 struct audit_buffer *ab;
+43 -23
security/integrity/ima/ima_appraise.c
··· 84 84 NULL, NULL, NULL); 85 85 } 86 86 87 - static int ima_fix_xattr(struct dentry *dentry, 88 - struct integrity_iint_cache *iint) 87 + static int ima_fix_xattr(struct dentry *dentry, struct ima_iint_cache *iint) 89 88 { 90 89 int rc, offset; 91 90 u8 algo = iint->ima_hash->algo; ··· 105 106 } 106 107 107 108 /* Return specific func appraised cached result */ 108 - enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 109 + enum integrity_status ima_get_cache_status(struct ima_iint_cache *iint, 109 110 enum ima_hooks func) 110 111 { 111 112 switch (func) { ··· 125 126 } 126 127 } 127 128 128 - static void ima_set_cache_status(struct integrity_iint_cache *iint, 129 + static void ima_set_cache_status(struct ima_iint_cache *iint, 129 130 enum ima_hooks func, 130 131 enum integrity_status status) 131 132 { ··· 151 152 } 152 153 } 153 154 154 - static void ima_cache_flags(struct integrity_iint_cache *iint, 155 - enum ima_hooks func) 155 + static void ima_cache_flags(struct ima_iint_cache *iint, enum ima_hooks func) 156 156 { 157 157 switch (func) { 158 158 case MMAP_CHECK: ··· 274 276 * 275 277 * Return 0 on success, error code otherwise. 276 278 */ 277 - static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, 279 + static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint, 278 280 struct evm_ima_xattr_data *xattr_value, int xattr_len, 279 281 enum integrity_status *status, const char **cause) 280 282 { ··· 441 443 * 442 444 * Returns -EPERM if the hash is blacklisted. 443 445 */ 444 - int ima_check_blacklist(struct integrity_iint_cache *iint, 446 + int ima_check_blacklist(struct ima_iint_cache *iint, 445 447 const struct modsig *modsig, int pcr) 446 448 { 447 449 enum hash_algo hash_algo; ··· 475 477 * 476 478 * Return 0 on success, error code otherwise 477 479 */ 478 - int ima_appraise_measurement(enum ima_hooks func, 479 - struct integrity_iint_cache *iint, 480 + int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint, 480 481 struct file *file, const unsigned char *filename, 481 482 struct evm_ima_xattr_data *xattr_value, 482 483 int xattr_len, const struct modsig *modsig) ··· 517 520 } 518 521 519 522 status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, 520 - rc < 0 ? 0 : rc, iint); 523 + rc < 0 ? 0 : rc); 521 524 switch (status) { 522 525 case INTEGRITY_PASS: 523 526 case INTEGRITY_PASS_IMMUTABLE: ··· 600 603 /* 601 604 * ima_update_xattr - update 'security.ima' hash value 602 605 */ 603 - void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) 606 + void ima_update_xattr(struct ima_iint_cache *iint, struct file *file) 604 607 { 605 608 struct dentry *dentry = file_dentry(file); 606 609 int rc = 0; ··· 626 629 * ima_inode_post_setattr - reflect file metadata changes 627 630 * @idmap: idmap of the mount the inode was found from 628 631 * @dentry: pointer to the affected dentry 632 + * @ia_valid: for the UID and GID status 629 633 * 630 634 * Changes to a dentry's metadata might result in needing to appraise. 631 635 * 632 636 * This function is called from notify_change(), which expects the caller 633 637 * to lock the inode's i_mutex. 634 638 */ 635 - void ima_inode_post_setattr(struct mnt_idmap *idmap, 636 - struct dentry *dentry) 639 + static void ima_inode_post_setattr(struct mnt_idmap *idmap, 640 + struct dentry *dentry, int ia_valid) 637 641 { 638 642 struct inode *inode = d_backing_inode(dentry); 639 - struct integrity_iint_cache *iint; 643 + struct ima_iint_cache *iint; 640 644 int action; 641 645 642 646 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode) ··· 645 647 return; 646 648 647 649 action = ima_must_appraise(idmap, inode, MAY_ACCESS, POST_SETATTR); 648 - iint = integrity_iint_find(inode); 650 + iint = ima_iint_find(inode); 649 651 if (iint) { 650 652 set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags); 651 653 if (!action) ··· 671 673 672 674 static void ima_reset_appraise_flags(struct inode *inode, int digsig) 673 675 { 674 - struct integrity_iint_cache *iint; 676 + struct ima_iint_cache *iint; 675 677 676 678 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode)) 677 679 return; 678 680 679 - iint = integrity_iint_find(inode); 681 + iint = ima_iint_find(inode); 680 682 if (!iint) 681 683 return; 682 684 iint->measured_pcrs = 0; ··· 747 749 return -EACCES; 748 750 } 749 751 750 - int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 751 - const void *xattr_value, size_t xattr_value_len) 752 + static int ima_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 753 + const char *xattr_name, const void *xattr_value, 754 + size_t xattr_value_len, int flags) 752 755 { 753 756 const struct evm_ima_xattr_data *xvalue = xattr_value; 754 757 int digsig = 0; ··· 778 779 return result; 779 780 } 780 781 781 - int ima_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, 782 - const char *acl_name, struct posix_acl *kacl) 782 + static int ima_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, 783 + const char *acl_name, struct posix_acl *kacl) 783 784 { 784 785 if (evm_revalidate_status(acl_name)) 785 786 ima_reset_appraise_flags(d_backing_inode(dentry), 0); ··· 787 788 return 0; 788 789 } 789 790 790 - int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) 791 + static int ima_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 792 + const char *xattr_name) 791 793 { 792 794 int result; 793 795 ··· 799 799 result = 0; 800 800 } 801 801 return result; 802 + } 803 + 804 + static int ima_inode_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry, 805 + const char *acl_name) 806 + { 807 + return ima_inode_set_acl(idmap, dentry, acl_name, NULL); 808 + } 809 + 810 + static struct security_hook_list ima_appraise_hooks[] __ro_after_init = { 811 + LSM_HOOK_INIT(inode_post_setattr, ima_inode_post_setattr), 812 + LSM_HOOK_INIT(inode_setxattr, ima_inode_setxattr), 813 + LSM_HOOK_INIT(inode_set_acl, ima_inode_set_acl), 814 + LSM_HOOK_INIT(inode_removexattr, ima_inode_removexattr), 815 + LSM_HOOK_INIT(inode_remove_acl, ima_inode_remove_acl), 816 + }; 817 + 818 + void __init init_ima_appraise_lsm(const struct lsm_id *lsmid) 819 + { 820 + security_add_hooks(ima_appraise_hooks, ARRAY_SIZE(ima_appraise_hooks), 821 + lsmid); 802 822 }
+142
security/integrity/ima/ima_iint.c
··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* 3 + * Copyright (C) 2008 IBM Corporation 4 + * 5 + * Authors: 6 + * Mimi Zohar <zohar@us.ibm.com> 7 + * 8 + * File: ima_iint.c 9 + * - implements the IMA hook: ima_inode_free 10 + * - cache integrity information in the inode security blob 11 + */ 12 + #include <linux/slab.h> 13 + 14 + #include "ima.h" 15 + 16 + static struct kmem_cache *ima_iint_cache __ro_after_init; 17 + 18 + /** 19 + * ima_iint_find - Return the iint associated with an inode 20 + * @inode: Pointer to the inode 21 + * 22 + * Return the IMA integrity information (iint) associated with an inode, if the 23 + * inode was processed by IMA. 24 + * 25 + * Return: Found iint or NULL. 26 + */ 27 + struct ima_iint_cache *ima_iint_find(struct inode *inode) 28 + { 29 + if (!IS_IMA(inode)) 30 + return NULL; 31 + 32 + return ima_inode_get_iint(inode); 33 + } 34 + 35 + #define IMA_MAX_NESTING (FILESYSTEM_MAX_STACK_DEPTH + 1) 36 + 37 + /* 38 + * It is not clear that IMA should be nested at all, but as long is it measures 39 + * files both on overlayfs and on underlying fs, we need to annotate the iint 40 + * mutex to avoid lockdep false positives related to IMA + overlayfs. 41 + * See ovl_lockdep_annotate_inode_mutex_key() for more details. 42 + */ 43 + static inline void ima_iint_lockdep_annotate(struct ima_iint_cache *iint, 44 + struct inode *inode) 45 + { 46 + #ifdef CONFIG_LOCKDEP 47 + static struct lock_class_key ima_iint_mutex_key[IMA_MAX_NESTING]; 48 + 49 + int depth = inode->i_sb->s_stack_depth; 50 + 51 + if (WARN_ON_ONCE(depth < 0 || depth >= IMA_MAX_NESTING)) 52 + depth = 0; 53 + 54 + lockdep_set_class(&iint->mutex, &ima_iint_mutex_key[depth]); 55 + #endif 56 + } 57 + 58 + static void ima_iint_init_always(struct ima_iint_cache *iint, 59 + struct inode *inode) 60 + { 61 + iint->ima_hash = NULL; 62 + iint->version = 0; 63 + iint->flags = 0UL; 64 + iint->atomic_flags = 0UL; 65 + iint->ima_file_status = INTEGRITY_UNKNOWN; 66 + iint->ima_mmap_status = INTEGRITY_UNKNOWN; 67 + iint->ima_bprm_status = INTEGRITY_UNKNOWN; 68 + iint->ima_read_status = INTEGRITY_UNKNOWN; 69 + iint->ima_creds_status = INTEGRITY_UNKNOWN; 70 + iint->measured_pcrs = 0; 71 + mutex_init(&iint->mutex); 72 + ima_iint_lockdep_annotate(iint, inode); 73 + } 74 + 75 + static void ima_iint_free(struct ima_iint_cache *iint) 76 + { 77 + kfree(iint->ima_hash); 78 + mutex_destroy(&iint->mutex); 79 + kmem_cache_free(ima_iint_cache, iint); 80 + } 81 + 82 + /** 83 + * ima_inode_get - Find or allocate an iint associated with an inode 84 + * @inode: Pointer to the inode 85 + * 86 + * Find an iint associated with an inode, and allocate a new one if not found. 87 + * Caller must lock i_mutex. 88 + * 89 + * Return: An iint on success, NULL on error. 90 + */ 91 + struct ima_iint_cache *ima_inode_get(struct inode *inode) 92 + { 93 + struct ima_iint_cache *iint; 94 + 95 + iint = ima_iint_find(inode); 96 + if (iint) 97 + return iint; 98 + 99 + iint = kmem_cache_alloc(ima_iint_cache, GFP_NOFS); 100 + if (!iint) 101 + return NULL; 102 + 103 + ima_iint_init_always(iint, inode); 104 + 105 + inode->i_flags |= S_IMA; 106 + ima_inode_set_iint(inode, iint); 107 + 108 + return iint; 109 + } 110 + 111 + /** 112 + * ima_inode_free - Called on inode free 113 + * @inode: Pointer to the inode 114 + * 115 + * Free the iint associated with an inode. 116 + */ 117 + void ima_inode_free(struct inode *inode) 118 + { 119 + struct ima_iint_cache *iint; 120 + 121 + if (!IS_IMA(inode)) 122 + return; 123 + 124 + iint = ima_iint_find(inode); 125 + ima_inode_set_iint(inode, NULL); 126 + 127 + ima_iint_free(iint); 128 + } 129 + 130 + static void ima_iint_init_once(void *foo) 131 + { 132 + struct ima_iint_cache *iint = (struct ima_iint_cache *)foo; 133 + 134 + memset(iint, 0, sizeof(*iint)); 135 + } 136 + 137 + void __init ima_iintcache_init(void) 138 + { 139 + ima_iint_cache = 140 + kmem_cache_create("ima_iint_cache", sizeof(struct ima_iint_cache), 141 + 0, SLAB_PANIC, ima_iint_init_once); 142 + }
+1 -1
security/integrity/ima/ima_init.c
··· 44 44 static const char op[] = "add_boot_aggregate"; 45 45 const char *audit_cause = "ENOMEM"; 46 46 struct ima_template_entry *entry; 47 - struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; 47 + struct ima_iint_cache tmp_iint, *iint = &tmp_iint; 48 48 struct ima_event_data event_data = { .iint = iint, 49 49 .filename = boot_aggregate_name }; 50 50 struct ima_max_digest_data hash;
+113 -35
security/integrity/ima/ima_main.c
··· 114 114 * 115 115 */ 116 116 static void ima_rdwr_violation_check(struct file *file, 117 - struct integrity_iint_cache *iint, 117 + struct ima_iint_cache *iint, 118 118 int must_measure, 119 119 char **pathbuf, 120 120 const char **pathname, ··· 127 127 if (mode & FMODE_WRITE) { 128 128 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { 129 129 if (!iint) 130 - iint = integrity_iint_find(inode); 130 + iint = ima_iint_find(inode); 131 131 /* IMA_MEASURE is set from reader side */ 132 132 if (iint && test_bit(IMA_MUST_MEASURE, 133 133 &iint->atomic_flags)) ··· 153 153 "invalid_pcr", "open_writers"); 154 154 } 155 155 156 - static void ima_check_last_writer(struct integrity_iint_cache *iint, 156 + static void ima_check_last_writer(struct ima_iint_cache *iint, 157 157 struct inode *inode, struct file *file) 158 158 { 159 159 fmode_t mode = file->f_mode; ··· 189 189 * 190 190 * Flag files that changed, based on i_version 191 191 */ 192 - void ima_file_free(struct file *file) 192 + static void ima_file_free(struct file *file) 193 193 { 194 194 struct inode *inode = file_inode(file); 195 - struct integrity_iint_cache *iint; 195 + struct ima_iint_cache *iint; 196 196 197 197 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) 198 198 return; 199 199 200 - iint = integrity_iint_find(inode); 200 + iint = ima_iint_find(inode); 201 201 if (!iint) 202 202 return; 203 203 ··· 209 209 enum ima_hooks func) 210 210 { 211 211 struct inode *backing_inode, *inode = file_inode(file); 212 - struct integrity_iint_cache *iint = NULL; 212 + struct ima_iint_cache *iint = NULL; 213 213 struct ima_template_desc *template_desc = NULL; 214 214 char *pathbuf = NULL; 215 215 char filename[NAME_MAX]; ··· 248 248 inode_lock(inode); 249 249 250 250 if (action) { 251 - iint = integrity_inode_get(inode); 251 + iint = ima_inode_get(inode); 252 252 if (!iint) 253 253 rc = -ENOMEM; 254 254 } ··· 427 427 * On success return 0. On integrity appraisal error, assuming the file 428 428 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 429 429 */ 430 - int ima_file_mmap(struct file *file, unsigned long reqprot, 431 - unsigned long prot, unsigned long flags) 430 + static int ima_file_mmap(struct file *file, unsigned long reqprot, 431 + unsigned long prot, unsigned long flags) 432 432 { 433 433 u32 secid; 434 434 int ret; ··· 455 455 /** 456 456 * ima_file_mprotect - based on policy, limit mprotect change 457 457 * @vma: vm_area_struct protection is set to 458 - * @prot: contains the protection that will be applied by the kernel. 458 + * @reqprot: protection requested by the application 459 + * @prot: protection that will be applied by the kernel 459 460 * 460 461 * Files can be mmap'ed read/write and later changed to execute to circumvent 461 462 * IMA's mmap appraisal policy rules. Due to locking issues (mmap semaphore ··· 466 465 * 467 466 * On mprotect change success, return 0. On failure, return -EACESS. 468 467 */ 469 - int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) 468 + static int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 469 + unsigned long prot) 470 470 { 471 471 struct ima_template_desc *template = NULL; 472 472 struct file *file; ··· 525 523 * On success return 0. On integrity appraisal error, assuming the file 526 524 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 527 525 */ 528 - int ima_bprm_check(struct linux_binprm *bprm) 526 + static int ima_bprm_check(struct linux_binprm *bprm) 529 527 { 530 528 int ret; 531 529 u32 secid; ··· 551 549 * On success return 0. On integrity appraisal error, assuming the file 552 550 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 553 551 */ 554 - int ima_file_check(struct file *file, int mask) 552 + static int ima_file_check(struct file *file, int mask) 555 553 { 556 554 u32 secid; 557 555 ··· 560 558 mask & (MAY_READ | MAY_WRITE | MAY_EXEC | 561 559 MAY_APPEND), FILE_CHECK); 562 560 } 563 - EXPORT_SYMBOL_GPL(ima_file_check); 564 561 565 562 static int __ima_inode_hash(struct inode *inode, struct file *file, char *buf, 566 563 size_t buf_size) 567 564 { 568 - struct integrity_iint_cache *iint = NULL, tmp_iint; 565 + struct ima_iint_cache *iint = NULL, tmp_iint; 569 566 int rc, hash_algo; 570 567 571 568 if (ima_policy_flag) { 572 - iint = integrity_iint_find(inode); 569 + iint = ima_iint_find(inode); 573 570 if (iint) 574 571 mutex_lock(&iint->mutex); 575 572 } ··· 578 577 mutex_unlock(&iint->mutex); 579 578 580 579 memset(&tmp_iint, 0, sizeof(tmp_iint)); 581 - tmp_iint.inode = inode; 582 580 mutex_init(&tmp_iint.mutex); 583 581 584 582 rc = ima_collect_measurement(&tmp_iint, file, NULL, 0, ··· 683 683 * Skip calling process_measurement(), but indicate which newly, created 684 684 * tmpfiles are in policy. 685 685 */ 686 - void ima_post_create_tmpfile(struct mnt_idmap *idmap, 687 - struct inode *inode) 686 + static void ima_post_create_tmpfile(struct mnt_idmap *idmap, 687 + struct inode *inode) 688 + 688 689 { 689 - struct integrity_iint_cache *iint; 690 + struct ima_iint_cache *iint; 690 691 int must_appraise; 691 692 692 693 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) ··· 699 698 return; 700 699 701 700 /* Nothing to do if we can't allocate memory */ 702 - iint = integrity_inode_get(inode); 701 + iint = ima_inode_get(inode); 703 702 if (!iint) 704 703 return; 705 704 ··· 716 715 * Mark files created via the mknodat syscall as new, so that the 717 716 * file data can be written later. 718 717 */ 719 - void ima_post_path_mknod(struct mnt_idmap *idmap, 720 - struct dentry *dentry) 718 + static void ima_post_path_mknod(struct mnt_idmap *idmap, struct dentry *dentry) 721 719 { 722 - struct integrity_iint_cache *iint; 720 + struct ima_iint_cache *iint; 723 721 struct inode *inode = dentry->d_inode; 724 722 int must_appraise; 725 723 ··· 731 731 return; 732 732 733 733 /* Nothing to do if we can't allocate memory */ 734 - iint = integrity_inode_get(inode); 734 + iint = ima_inode_get(inode); 735 735 if (!iint) 736 736 return; 737 737 ··· 751 751 * 752 752 * For permission return 0, otherwise return -EACCES. 753 753 */ 754 - int ima_read_file(struct file *file, enum kernel_read_file_id read_id, 755 - bool contents) 754 + static int ima_read_file(struct file *file, enum kernel_read_file_id read_id, 755 + bool contents) 756 756 { 757 757 enum ima_hooks func; 758 758 u32 secid; ··· 801 801 * On success return 0. On integrity appraisal error, assuming the file 802 802 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 803 803 */ 804 - int ima_post_read_file(struct file *file, void *buf, loff_t size, 805 - enum kernel_read_file_id read_id) 804 + static int ima_post_read_file(struct file *file, char *buf, loff_t size, 805 + enum kernel_read_file_id read_id) 806 806 { 807 807 enum ima_hooks func; 808 808 u32 secid; ··· 835 835 * 836 836 * For permission return 0, otherwise return -EACCES. 837 837 */ 838 - int ima_load_data(enum kernel_load_data_id id, bool contents) 838 + static int ima_load_data(enum kernel_load_data_id id, bool contents) 839 839 { 840 840 bool ima_enforce, sig_enforce; 841 841 ··· 889 889 * On success return 0. On integrity appraisal error, assuming the file 890 890 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 891 891 */ 892 - int ima_post_load_data(char *buf, loff_t size, 893 - enum kernel_load_data_id load_id, 894 - char *description) 892 + static int ima_post_load_data(char *buf, loff_t size, 893 + enum kernel_load_data_id load_id, 894 + char *description) 895 895 { 896 896 if (load_id == LOADING_FIRMWARE) { 897 897 if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && ··· 934 934 int ret = 0; 935 935 const char *audit_cause = "ENOMEM"; 936 936 struct ima_template_entry *entry = NULL; 937 - struct integrity_iint_cache iint = {}; 937 + struct ima_iint_cache iint = {}; 938 938 struct ima_event_data event_data = {.iint = &iint, 939 939 .filename = eventname, 940 940 .buf = buf, ··· 1089 1089 } 1090 1090 EXPORT_SYMBOL_GPL(ima_measure_critical_data); 1091 1091 1092 + #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 1093 + 1094 + /** 1095 + * ima_kernel_module_request - Prevent crypto-pkcs1pad(rsa,*) requests 1096 + * @kmod_name: kernel module name 1097 + * 1098 + * Avoid a verification loop where verifying the signature of the modprobe 1099 + * binary requires executing modprobe itself. Since the modprobe iint->mutex 1100 + * is already held when the signature verification is performed, a deadlock 1101 + * occurs as soon as modprobe is executed within the critical region, since 1102 + * the same lock cannot be taken again. 1103 + * 1104 + * This happens when public_key_verify_signature(), in case of RSA algorithm, 1105 + * use alg_name to store internal information in order to construct an 1106 + * algorithm on the fly, but crypto_larval_lookup() will try to use alg_name 1107 + * in order to load a kernel module with same name. 1108 + * 1109 + * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules, 1110 + * we are safe to fail such module request from crypto_larval_lookup(), and 1111 + * avoid the verification loop. 1112 + * 1113 + * Return: Zero if it is safe to load the kernel module, -EINVAL otherwise. 1114 + */ 1115 + static int ima_kernel_module_request(char *kmod_name) 1116 + { 1117 + if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0) 1118 + return -EINVAL; 1119 + 1120 + return 0; 1121 + } 1122 + 1123 + #endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */ 1124 + 1092 1125 static int __init init_ima(void) 1093 1126 { 1094 1127 int error; ··· 1152 1119 1153 1120 return error; 1154 1121 } 1122 + 1123 + static struct security_hook_list ima_hooks[] __ro_after_init = { 1124 + LSM_HOOK_INIT(bprm_check_security, ima_bprm_check), 1125 + LSM_HOOK_INIT(file_post_open, ima_file_check), 1126 + LSM_HOOK_INIT(inode_post_create_tmpfile, ima_post_create_tmpfile), 1127 + LSM_HOOK_INIT(file_release, ima_file_free), 1128 + LSM_HOOK_INIT(mmap_file, ima_file_mmap), 1129 + LSM_HOOK_INIT(file_mprotect, ima_file_mprotect), 1130 + LSM_HOOK_INIT(kernel_load_data, ima_load_data), 1131 + LSM_HOOK_INIT(kernel_post_load_data, ima_post_load_data), 1132 + LSM_HOOK_INIT(kernel_read_file, ima_read_file), 1133 + LSM_HOOK_INIT(kernel_post_read_file, ima_post_read_file), 1134 + LSM_HOOK_INIT(path_post_mknod, ima_post_path_mknod), 1135 + #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 1136 + LSM_HOOK_INIT(key_post_create_or_update, ima_post_key_create_or_update), 1137 + #endif 1138 + #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 1139 + LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), 1140 + #endif 1141 + LSM_HOOK_INIT(inode_free_security, ima_inode_free), 1142 + }; 1143 + 1144 + static const struct lsm_id ima_lsmid = { 1145 + .name = "ima", 1146 + .id = LSM_ID_IMA, 1147 + }; 1148 + 1149 + static int __init init_ima_lsm(void) 1150 + { 1151 + ima_iintcache_init(); 1152 + security_add_hooks(ima_hooks, ARRAY_SIZE(ima_hooks), &ima_lsmid); 1153 + init_ima_appraise_lsm(&ima_lsmid); 1154 + return 0; 1155 + } 1156 + 1157 + struct lsm_blob_sizes ima_blob_sizes __ro_after_init = { 1158 + .lbs_inode = sizeof(struct ima_iint_cache *), 1159 + }; 1160 + 1161 + DEFINE_LSM(ima) = { 1162 + .name = "ima", 1163 + .init = init_ima_lsm, 1164 + .order = LSM_ORDER_LAST, 1165 + .blobs = &ima_blob_sizes, 1166 + }; 1155 1167 1156 1168 late_initcall(init_ima); /* Start IMA after the TPM is available */
+1 -1
security/integrity/ima/ima_policy.c
··· 49 49 #define DONT_HASH 0x0200 50 50 51 51 #define INVALID_PCR(a) (((a) < 0) || \ 52 - (a) >= (sizeof_field(struct integrity_iint_cache, measured_pcrs) * 8)) 52 + (a) >= (sizeof_field(struct ima_iint_cache, measured_pcrs) * 8)) 53 53 54 54 int ima_policy_flag; 55 55 static int temp_ima_appraise;
+1 -79
security/integrity/integrity.h
··· 18 18 #include <crypto/hash.h> 19 19 #include <linux/key.h> 20 20 #include <linux/audit.h> 21 - 22 - /* iint action cache flags */ 23 - #define IMA_MEASURE 0x00000001 24 - #define IMA_MEASURED 0x00000002 25 - #define IMA_APPRAISE 0x00000004 26 - #define IMA_APPRAISED 0x00000008 27 - /*#define IMA_COLLECT 0x00000010 do not use this flag */ 28 - #define IMA_COLLECTED 0x00000020 29 - #define IMA_AUDIT 0x00000040 30 - #define IMA_AUDITED 0x00000080 31 - #define IMA_HASH 0x00000100 32 - #define IMA_HASHED 0x00000200 33 - 34 - /* iint policy rule cache flags */ 35 - #define IMA_NONACTION_FLAGS 0xff000000 36 - #define IMA_DIGSIG_REQUIRED 0x01000000 37 - #define IMA_PERMIT_DIRECTIO 0x02000000 38 - #define IMA_NEW_FILE 0x04000000 39 - #define EVM_IMMUTABLE_DIGSIG 0x08000000 40 - #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 41 - #define IMA_MODSIG_ALLOWED 0x20000000 42 - #define IMA_CHECK_BLACKLIST 0x40000000 43 - #define IMA_VERITY_REQUIRED 0x80000000 44 - 45 - #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 46 - IMA_HASH | IMA_APPRAISE_SUBMASK) 47 - #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 48 - IMA_HASHED | IMA_COLLECTED | \ 49 - IMA_APPRAISED_SUBMASK) 50 - 51 - /* iint subaction appraise cache flags */ 52 - #define IMA_FILE_APPRAISE 0x00001000 53 - #define IMA_FILE_APPRAISED 0x00002000 54 - #define IMA_MMAP_APPRAISE 0x00004000 55 - #define IMA_MMAP_APPRAISED 0x00008000 56 - #define IMA_BPRM_APPRAISE 0x00010000 57 - #define IMA_BPRM_APPRAISED 0x00020000 58 - #define IMA_READ_APPRAISE 0x00040000 59 - #define IMA_READ_APPRAISED 0x00080000 60 - #define IMA_CREDS_APPRAISE 0x00100000 61 - #define IMA_CREDS_APPRAISED 0x00200000 62 - #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 63 - IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 64 - IMA_CREDS_APPRAISE) 65 - #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 66 - IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 67 - IMA_CREDS_APPRAISED) 68 - 69 - /* iint cache atomic_flags */ 70 - #define IMA_CHANGE_XATTR 0 71 - #define IMA_UPDATE_XATTR 1 72 - #define IMA_CHANGE_ATTR 2 73 - #define IMA_DIGSIG 3 74 - #define IMA_MUST_MEASURE 4 21 + #include <linux/lsm_hooks.h> 75 22 76 23 enum evm_ima_xattr_type { 77 24 IMA_XATTR_DIGEST = 0x01, ··· 101 154 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ 102 155 __u8 hash[HASH_MAX_DIGESTSIZE]; 103 156 } __packed; 104 - 105 - /* integrity data associated with an inode */ 106 - struct integrity_iint_cache { 107 - struct rb_node rb_node; /* rooted in integrity_iint_tree */ 108 - struct mutex mutex; /* protects: version, flags, digest */ 109 - struct inode *inode; /* back pointer to inode in question */ 110 - u64 version; /* track inode changes */ 111 - unsigned long flags; 112 - unsigned long measured_pcrs; 113 - unsigned long atomic_flags; 114 - unsigned long real_ino; 115 - dev_t real_dev; 116 - enum integrity_status ima_file_status:4; 117 - enum integrity_status ima_mmap_status:4; 118 - enum integrity_status ima_bprm_status:4; 119 - enum integrity_status ima_read_status:4; 120 - enum integrity_status ima_creds_status:4; 121 - enum integrity_status evm_status:4; 122 - struct ima_digest_data *ima_hash; 123 - }; 124 - 125 - /* rbtree tree calls to lookup, insert, delete 126 - * integrity data associated with an inode. 127 - */ 128 - struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 129 157 130 158 int integrity_kernel_read(struct file *file, loff_t offset, 131 159 void *addr, unsigned long count);
+4 -6
security/keys/key.c
··· 13 13 #include <linux/security.h> 14 14 #include <linux/workqueue.h> 15 15 #include <linux/random.h> 16 - #include <linux/ima.h> 17 16 #include <linux/err.h> 18 17 #include "internal.h" 19 18 ··· 929 930 goto error_link_end; 930 931 } 931 932 932 - ima_post_key_create_or_update(keyring, key, payload, plen, 933 - flags, true); 933 + security_key_post_create_or_update(keyring, key, payload, plen, flags, 934 + true); 934 935 935 936 key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); 936 937 ··· 963 964 key_ref = __key_update(key_ref, &prep); 964 965 965 966 if (!IS_ERR(key_ref)) 966 - ima_post_key_create_or_update(keyring, key, 967 - payload, plen, 968 - flags, false); 967 + security_key_post_create_or_update(keyring, key, payload, plen, 968 + flags, false); 969 969 970 970 goto error_free_prep; 971 971 }
+381 -400
security/security.c
··· 19 19 #include <linux/kernel.h> 20 20 #include <linux/kernel_read_file.h> 21 21 #include <linux/lsm_hooks.h> 22 - #include <linux/integrity.h> 23 - #include <linux/ima.h> 24 - #include <linux/evm.h> 25 22 #include <linux/fsnotify.h> 26 23 #include <linux/mman.h> 27 24 #include <linux/mount.h> 28 25 #include <linux/personality.h> 29 26 #include <linux/backing-dev.h> 30 27 #include <linux/string.h> 28 + #include <linux/xattr.h> 31 29 #include <linux/msg.h> 32 30 #include <linux/overflow.h> 33 31 #include <net/flow.h> ··· 49 51 (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ 50 52 (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \ 51 53 (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ 52 - (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) 54 + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \ 55 + (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ 56 + (IS_ENABLED(CONFIG_EVM) ? 1 : 0)) 53 57 54 58 /* 55 59 * These are descriptions of the reasons that can be passed to the ··· 856 856 P->hook.FUNC(__VA_ARGS__); \ 857 857 } while (0) 858 858 859 - #define call_int_hook(FUNC, IRC, ...) ({ \ 860 - int RC = IRC; \ 859 + #define call_int_hook(FUNC, ...) ({ \ 860 + int RC = LSM_RET_DEFAULT(FUNC); \ 861 861 do { \ 862 862 struct security_hook_list *P; \ 863 863 \ 864 864 hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ 865 865 RC = P->hook.FUNC(__VA_ARGS__); \ 866 - if (RC != 0) \ 866 + if (RC != LSM_RET_DEFAULT(FUNC)) \ 867 867 break; \ 868 868 } \ 869 869 } while (0); \ ··· 882 882 */ 883 883 int security_binder_set_context_mgr(const struct cred *mgr) 884 884 { 885 - return call_int_hook(binder_set_context_mgr, 0, mgr); 885 + return call_int_hook(binder_set_context_mgr, mgr); 886 886 } 887 887 888 888 /** ··· 897 897 int security_binder_transaction(const struct cred *from, 898 898 const struct cred *to) 899 899 { 900 - return call_int_hook(binder_transaction, 0, from, to); 900 + return call_int_hook(binder_transaction, from, to); 901 901 } 902 902 903 903 /** ··· 912 912 int security_binder_transfer_binder(const struct cred *from, 913 913 const struct cred *to) 914 914 { 915 - return call_int_hook(binder_transfer_binder, 0, from, to); 915 + return call_int_hook(binder_transfer_binder, from, to); 916 916 } 917 917 918 918 /** ··· 928 928 int security_binder_transfer_file(const struct cred *from, 929 929 const struct cred *to, const struct file *file) 930 930 { 931 - return call_int_hook(binder_transfer_file, 0, from, to, file); 931 + return call_int_hook(binder_transfer_file, from, to, file); 932 932 } 933 933 934 934 /** ··· 947 947 */ 948 948 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) 949 949 { 950 - return call_int_hook(ptrace_access_check, 0, child, mode); 950 + return call_int_hook(ptrace_access_check, child, mode); 951 951 } 952 952 953 953 /** ··· 962 962 */ 963 963 int security_ptrace_traceme(struct task_struct *parent) 964 964 { 965 - return call_int_hook(ptrace_traceme, 0, parent); 965 + return call_int_hook(ptrace_traceme, parent); 966 966 } 967 967 968 968 /** ··· 984 984 kernel_cap_t *inheritable, 985 985 kernel_cap_t *permitted) 986 986 { 987 - return call_int_hook(capget, 0, target, 988 - effective, inheritable, permitted); 987 + return call_int_hook(capget, target, effective, inheritable, permitted); 989 988 } 990 989 991 990 /** ··· 1005 1006 const kernel_cap_t *inheritable, 1006 1007 const kernel_cap_t *permitted) 1007 1008 { 1008 - return call_int_hook(capset, 0, new, old, 1009 - effective, inheritable, permitted); 1009 + return call_int_hook(capset, new, old, effective, inheritable, 1010 + permitted); 1010 1011 } 1011 1012 1012 1013 /** ··· 1027 1028 int cap, 1028 1029 unsigned int opts) 1029 1030 { 1030 - return call_int_hook(capable, 0, cred, ns, cap, opts); 1031 + return call_int_hook(capable, cred, ns, cap, opts); 1031 1032 } 1032 1033 1033 1034 /** ··· 1043 1044 */ 1044 1045 int security_quotactl(int cmds, int type, int id, const struct super_block *sb) 1045 1046 { 1046 - return call_int_hook(quotactl, 0, cmds, type, id, sb); 1047 + return call_int_hook(quotactl, cmds, type, id, sb); 1047 1048 } 1048 1049 1049 1050 /** ··· 1056 1057 */ 1057 1058 int security_quota_on(struct dentry *dentry) 1058 1059 { 1059 - return call_int_hook(quota_on, 0, dentry); 1060 + return call_int_hook(quota_on, dentry); 1060 1061 } 1061 1062 1062 1063 /** ··· 1071 1072 */ 1072 1073 int security_syslog(int type) 1073 1074 { 1074 - return call_int_hook(syslog, 0, type); 1075 + return call_int_hook(syslog, type); 1075 1076 } 1076 1077 1077 1078 /** ··· 1086 1087 */ 1087 1088 int security_settime64(const struct timespec64 *ts, const struct timezone *tz) 1088 1089 { 1089 - return call_int_hook(settime, 0, ts, tz); 1090 + return call_int_hook(settime, ts, tz); 1090 1091 } 1091 1092 1092 1093 /** ··· 1141 1142 */ 1142 1143 int security_bprm_creds_for_exec(struct linux_binprm *bprm) 1143 1144 { 1144 - return call_int_hook(bprm_creds_for_exec, 0, bprm); 1145 + return call_int_hook(bprm_creds_for_exec, bprm); 1145 1146 } 1146 1147 1147 1148 /** ··· 1165 1166 */ 1166 1167 int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file) 1167 1168 { 1168 - return call_int_hook(bprm_creds_from_file, 0, bprm, file); 1169 + return call_int_hook(bprm_creds_from_file, bprm, file); 1169 1170 } 1170 1171 1171 1172 /** ··· 1182 1183 */ 1183 1184 int security_bprm_check(struct linux_binprm *bprm) 1184 1185 { 1185 - int ret; 1186 - 1187 - ret = call_int_hook(bprm_check_security, 0, bprm); 1188 - if (ret) 1189 - return ret; 1190 - return ima_bprm_check(bprm); 1186 + return call_int_hook(bprm_check_security, bprm); 1191 1187 } 1192 1188 1193 1189 /** ··· 1229 1235 */ 1230 1236 int security_fs_context_submount(struct fs_context *fc, struct super_block *reference) 1231 1237 { 1232 - return call_int_hook(fs_context_submount, 0, fc, reference); 1238 + return call_int_hook(fs_context_submount, fc, reference); 1233 1239 } 1234 1240 1235 1241 /** ··· 1245 1251 */ 1246 1252 int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) 1247 1253 { 1248 - return call_int_hook(fs_context_dup, 0, fc, src_fc); 1254 + return call_int_hook(fs_context_dup, fc, src_fc); 1249 1255 } 1250 1256 1251 1257 /** ··· 1294 1300 1295 1301 if (unlikely(rc)) 1296 1302 return rc; 1297 - rc = call_int_hook(sb_alloc_security, 0, sb); 1303 + rc = call_int_hook(sb_alloc_security, sb); 1298 1304 if (unlikely(rc)) 1299 1305 security_sb_free(sb); 1300 1306 return rc; ··· 1352 1358 */ 1353 1359 int security_sb_eat_lsm_opts(char *options, void **mnt_opts) 1354 1360 { 1355 - return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts); 1361 + return call_int_hook(sb_eat_lsm_opts, options, mnt_opts); 1356 1362 } 1357 1363 EXPORT_SYMBOL(security_sb_eat_lsm_opts); 1358 1364 ··· 1369 1375 int security_sb_mnt_opts_compat(struct super_block *sb, 1370 1376 void *mnt_opts) 1371 1377 { 1372 - return call_int_hook(sb_mnt_opts_compat, 0, sb, mnt_opts); 1378 + return call_int_hook(sb_mnt_opts_compat, sb, mnt_opts); 1373 1379 } 1374 1380 EXPORT_SYMBOL(security_sb_mnt_opts_compat); 1375 1381 ··· 1386 1392 int security_sb_remount(struct super_block *sb, 1387 1393 void *mnt_opts) 1388 1394 { 1389 - return call_int_hook(sb_remount, 0, sb, mnt_opts); 1395 + return call_int_hook(sb_remount, sb, mnt_opts); 1390 1396 } 1391 1397 EXPORT_SYMBOL(security_sb_remount); 1392 1398 ··· 1400 1406 */ 1401 1407 int security_sb_kern_mount(const struct super_block *sb) 1402 1408 { 1403 - return call_int_hook(sb_kern_mount, 0, sb); 1409 + return call_int_hook(sb_kern_mount, sb); 1404 1410 } 1405 1411 1406 1412 /** ··· 1414 1420 */ 1415 1421 int security_sb_show_options(struct seq_file *m, struct super_block *sb) 1416 1422 { 1417 - return call_int_hook(sb_show_options, 0, m, sb); 1423 + return call_int_hook(sb_show_options, m, sb); 1418 1424 } 1419 1425 1420 1426 /** ··· 1428 1434 */ 1429 1435 int security_sb_statfs(struct dentry *dentry) 1430 1436 { 1431 - return call_int_hook(sb_statfs, 0, dentry); 1437 + return call_int_hook(sb_statfs, dentry); 1432 1438 } 1433 1439 1434 1440 /** ··· 1451 1457 int security_sb_mount(const char *dev_name, const struct path *path, 1452 1458 const char *type, unsigned long flags, void *data) 1453 1459 { 1454 - return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); 1460 + return call_int_hook(sb_mount, dev_name, path, type, flags, data); 1455 1461 } 1456 1462 1457 1463 /** ··· 1465 1471 */ 1466 1472 int security_sb_umount(struct vfsmount *mnt, int flags) 1467 1473 { 1468 - return call_int_hook(sb_umount, 0, mnt, flags); 1474 + return call_int_hook(sb_umount, mnt, flags); 1469 1475 } 1470 1476 1471 1477 /** ··· 1480 1486 int security_sb_pivotroot(const struct path *old_path, 1481 1487 const struct path *new_path) 1482 1488 { 1483 - return call_int_hook(sb_pivotroot, 0, old_path, new_path); 1489 + return call_int_hook(sb_pivotroot, old_path, new_path); 1484 1490 } 1485 1491 1486 1492 /** ··· 1499 1505 unsigned long kern_flags, 1500 1506 unsigned long *set_kern_flags) 1501 1507 { 1502 - return call_int_hook(sb_set_mnt_opts, 1503 - mnt_opts ? -EOPNOTSUPP : 0, sb, 1504 - mnt_opts, kern_flags, set_kern_flags); 1508 + struct security_hook_list *hp; 1509 + int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts); 1510 + 1511 + hlist_for_each_entry(hp, &security_hook_heads.sb_set_mnt_opts, 1512 + list) { 1513 + rc = hp->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags, 1514 + set_kern_flags); 1515 + if (rc != LSM_RET_DEFAULT(sb_set_mnt_opts)) 1516 + break; 1517 + } 1518 + return rc; 1505 1519 } 1506 1520 EXPORT_SYMBOL(security_sb_set_mnt_opts); 1507 1521 ··· 1529 1527 unsigned long kern_flags, 1530 1528 unsigned long *set_kern_flags) 1531 1529 { 1532 - return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb, 1530 + return call_int_hook(sb_clone_mnt_opts, oldsb, newsb, 1533 1531 kern_flags, set_kern_flags); 1534 1532 } 1535 1533 EXPORT_SYMBOL(security_sb_clone_mnt_opts); ··· 1546 1544 int security_move_mount(const struct path *from_path, 1547 1545 const struct path *to_path) 1548 1546 { 1549 - return call_int_hook(move_mount, 0, from_path, to_path); 1547 + return call_int_hook(move_mount, from_path, to_path); 1550 1548 } 1551 1549 1552 1550 /** ··· 1563 1561 int security_path_notify(const struct path *path, u64 mask, 1564 1562 unsigned int obj_type) 1565 1563 { 1566 - return call_int_hook(path_notify, 0, path, mask, obj_type); 1564 + return call_int_hook(path_notify, path, mask, obj_type); 1567 1565 } 1568 1566 1569 1567 /** ··· 1582 1580 1583 1581 if (unlikely(rc)) 1584 1582 return rc; 1585 - rc = call_int_hook(inode_alloc_security, 0, inode); 1583 + rc = call_int_hook(inode_alloc_security, inode); 1586 1584 if (unlikely(rc)) 1587 1585 security_inode_free(inode); 1588 1586 return rc; ··· 1604 1602 */ 1605 1603 void security_inode_free(struct inode *inode) 1606 1604 { 1607 - integrity_inode_free(inode); 1608 1605 call_void_hook(inode_free_security, inode); 1609 1606 /* 1610 1607 * The inode may still be referenced in a path walk and ··· 1639 1638 const char **xattr_name, void **ctx, 1640 1639 u32 *ctxlen) 1641 1640 { 1642 - struct security_hook_list *hp; 1643 - int rc; 1644 - 1645 - /* 1646 - * Only one module will provide a security context. 1647 - */ 1648 - hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security, 1649 - list) { 1650 - rc = hp->hook.dentry_init_security(dentry, mode, name, 1651 - xattr_name, ctx, ctxlen); 1652 - if (rc != LSM_RET_DEFAULT(dentry_init_security)) 1653 - return rc; 1654 - } 1655 - return LSM_RET_DEFAULT(dentry_init_security); 1641 + return call_int_hook(dentry_init_security, dentry, mode, name, 1642 + xattr_name, ctx, ctxlen); 1656 1643 } 1657 1644 EXPORT_SYMBOL(security_dentry_init_security); 1658 1645 ··· 1663 1674 struct qstr *name, 1664 1675 const struct cred *old, struct cred *new) 1665 1676 { 1666 - return call_int_hook(dentry_create_files_as, 0, dentry, mode, 1677 + return call_int_hook(dentry_create_files_as, dentry, mode, 1667 1678 name, old, new); 1668 1679 } 1669 1680 EXPORT_SYMBOL(security_dentry_create_files_as); ··· 1710 1721 return 0; 1711 1722 1712 1723 if (initxattrs) { 1713 - /* Allocate +1 for EVM and +1 as terminator. */ 1714 - new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 2, 1724 + /* Allocate +1 as terminator. */ 1725 + new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 1, 1715 1726 sizeof(*new_xattrs), GFP_NOFS); 1716 1727 if (!new_xattrs) 1717 1728 return -ENOMEM; ··· 1735 1746 if (!xattr_count) 1736 1747 goto out; 1737 1748 1738 - ret = evm_inode_init_security(inode, dir, qstr, new_xattrs, 1739 - &xattr_count); 1740 - if (ret) 1741 - goto out; 1742 1749 ret = initxattrs(inode, new_xattrs, fs_data); 1743 1750 out: 1744 1751 for (; xattr_count > 0; xattr_count--) ··· 1760 1775 const struct qstr *name, 1761 1776 const struct inode *context_inode) 1762 1777 { 1763 - return call_int_hook(inode_init_security_anon, 0, inode, name, 1778 + return call_int_hook(inode_init_security_anon, inode, name, 1764 1779 context_inode); 1765 1780 } 1766 1781 ··· 1782 1797 { 1783 1798 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) 1784 1799 return 0; 1785 - return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); 1800 + return call_int_hook(path_mknod, dir, dentry, mode, dev); 1786 1801 } 1787 1802 EXPORT_SYMBOL(security_path_mknod); 1803 + 1804 + /** 1805 + * security_path_post_mknod() - Update inode security field after file creation 1806 + * @idmap: idmap of the mount 1807 + * @dentry: new file 1808 + * 1809 + * Update inode security field after a file has been created. 1810 + */ 1811 + void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry) 1812 + { 1813 + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 1814 + return; 1815 + call_void_hook(path_post_mknod, idmap, dentry); 1816 + } 1788 1817 1789 1818 /** 1790 1819 * security_path_mkdir() - Check if creating a new directory is allowed ··· 1815 1816 { 1816 1817 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) 1817 1818 return 0; 1818 - return call_int_hook(path_mkdir, 0, dir, dentry, mode); 1819 + return call_int_hook(path_mkdir, dir, dentry, mode); 1819 1820 } 1820 1821 EXPORT_SYMBOL(security_path_mkdir); 1821 1822 ··· 1832 1833 { 1833 1834 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) 1834 1835 return 0; 1835 - return call_int_hook(path_rmdir, 0, dir, dentry); 1836 + return call_int_hook(path_rmdir, dir, dentry); 1836 1837 } 1837 1838 1838 1839 /** ··· 1848 1849 { 1849 1850 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) 1850 1851 return 0; 1851 - return call_int_hook(path_unlink, 0, dir, dentry); 1852 + return call_int_hook(path_unlink, dir, dentry); 1852 1853 } 1853 1854 EXPORT_SYMBOL(security_path_unlink); 1854 1855 ··· 1867 1868 { 1868 1869 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) 1869 1870 return 0; 1870 - return call_int_hook(path_symlink, 0, dir, dentry, old_name); 1871 + return call_int_hook(path_symlink, dir, dentry, old_name); 1871 1872 } 1872 1873 1873 1874 /** ··· 1885 1886 { 1886 1887 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) 1887 1888 return 0; 1888 - return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); 1889 + return call_int_hook(path_link, old_dentry, new_dir, new_dentry); 1889 1890 } 1890 1891 1891 1892 /** ··· 1909 1910 IS_PRIVATE(d_backing_inode(new_dentry))))) 1910 1911 return 0; 1911 1912 1912 - return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir, 1913 + return call_int_hook(path_rename, old_dir, old_dentry, new_dir, 1913 1914 new_dentry, flags); 1914 1915 } 1915 1916 EXPORT_SYMBOL(security_path_rename); ··· 1928 1929 { 1929 1930 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) 1930 1931 return 0; 1931 - return call_int_hook(path_truncate, 0, path); 1932 + return call_int_hook(path_truncate, path); 1932 1933 } 1933 1934 1934 1935 /** ··· 1946 1947 { 1947 1948 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) 1948 1949 return 0; 1949 - return call_int_hook(path_chmod, 0, path, mode); 1950 + return call_int_hook(path_chmod, path, mode); 1950 1951 } 1951 1952 1952 1953 /** ··· 1963 1964 { 1964 1965 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) 1965 1966 return 0; 1966 - return call_int_hook(path_chown, 0, path, uid, gid); 1967 + return call_int_hook(path_chown, path, uid, gid); 1967 1968 } 1968 1969 1969 1970 /** ··· 1976 1977 */ 1977 1978 int security_path_chroot(const struct path *path) 1978 1979 { 1979 - return call_int_hook(path_chroot, 0, path); 1980 + return call_int_hook(path_chroot, path); 1980 1981 } 1981 1982 #endif /* CONFIG_SECURITY_PATH */ 1982 1983 ··· 1995 1996 { 1996 1997 if (unlikely(IS_PRIVATE(dir))) 1997 1998 return 0; 1998 - return call_int_hook(inode_create, 0, dir, dentry, mode); 1999 + return call_int_hook(inode_create, dir, dentry, mode); 1999 2000 } 2000 2001 EXPORT_SYMBOL_GPL(security_inode_create); 2002 + 2003 + /** 2004 + * security_inode_post_create_tmpfile() - Update inode security of new tmpfile 2005 + * @idmap: idmap of the mount 2006 + * @inode: inode of the new tmpfile 2007 + * 2008 + * Update inode security data after a tmpfile has been created. 2009 + */ 2010 + void security_inode_post_create_tmpfile(struct mnt_idmap *idmap, 2011 + struct inode *inode) 2012 + { 2013 + if (unlikely(IS_PRIVATE(inode))) 2014 + return; 2015 + call_void_hook(inode_post_create_tmpfile, idmap, inode); 2016 + } 2001 2017 2002 2018 /** 2003 2019 * security_inode_link() - Check if creating a hard link is allowed ··· 2029 2015 { 2030 2016 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) 2031 2017 return 0; 2032 - return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry); 2018 + return call_int_hook(inode_link, old_dentry, dir, new_dentry); 2033 2019 } 2034 2020 2035 2021 /** ··· 2045 2031 { 2046 2032 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2047 2033 return 0; 2048 - return call_int_hook(inode_unlink, 0, dir, dentry); 2034 + return call_int_hook(inode_unlink, dir, dentry); 2049 2035 } 2050 2036 2051 2037 /** ··· 2063 2049 { 2064 2050 if (unlikely(IS_PRIVATE(dir))) 2065 2051 return 0; 2066 - return call_int_hook(inode_symlink, 0, dir, dentry, old_name); 2052 + return call_int_hook(inode_symlink, dir, dentry, old_name); 2067 2053 } 2068 2054 2069 2055 /** ··· 2081 2067 { 2082 2068 if (unlikely(IS_PRIVATE(dir))) 2083 2069 return 0; 2084 - return call_int_hook(inode_mkdir, 0, dir, dentry, mode); 2070 + return call_int_hook(inode_mkdir, dir, dentry, mode); 2085 2071 } 2086 2072 EXPORT_SYMBOL_GPL(security_inode_mkdir); 2087 2073 ··· 2098 2084 { 2099 2085 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2100 2086 return 0; 2101 - return call_int_hook(inode_rmdir, 0, dir, dentry); 2087 + return call_int_hook(inode_rmdir, dir, dentry); 2102 2088 } 2103 2089 2104 2090 /** ··· 2120 2106 { 2121 2107 if (unlikely(IS_PRIVATE(dir))) 2122 2108 return 0; 2123 - return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev); 2109 + return call_int_hook(inode_mknod, dir, dentry, mode, dev); 2124 2110 } 2125 2111 2126 2112 /** ··· 2145 2131 return 0; 2146 2132 2147 2133 if (flags & RENAME_EXCHANGE) { 2148 - int err = call_int_hook(inode_rename, 0, new_dir, new_dentry, 2134 + int err = call_int_hook(inode_rename, new_dir, new_dentry, 2149 2135 old_dir, old_dentry); 2150 2136 if (err) 2151 2137 return err; 2152 2138 } 2153 2139 2154 - return call_int_hook(inode_rename, 0, old_dir, old_dentry, 2140 + return call_int_hook(inode_rename, old_dir, old_dentry, 2155 2141 new_dir, new_dentry); 2156 2142 } 2157 2143 ··· 2167 2153 { 2168 2154 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2169 2155 return 0; 2170 - return call_int_hook(inode_readlink, 0, dentry); 2156 + return call_int_hook(inode_readlink, dentry); 2171 2157 } 2172 2158 2173 2159 /** ··· 2186 2172 { 2187 2173 if (unlikely(IS_PRIVATE(inode))) 2188 2174 return 0; 2189 - return call_int_hook(inode_follow_link, 0, dentry, inode, rcu); 2175 + return call_int_hook(inode_follow_link, dentry, inode, rcu); 2190 2176 } 2191 2177 2192 2178 /** ··· 2207 2193 { 2208 2194 if (unlikely(IS_PRIVATE(inode))) 2209 2195 return 0; 2210 - return call_int_hook(inode_permission, 0, inode, mask); 2196 + return call_int_hook(inode_permission, inode, mask); 2211 2197 } 2212 2198 2213 2199 /** ··· 2226 2212 int security_inode_setattr(struct mnt_idmap *idmap, 2227 2213 struct dentry *dentry, struct iattr *attr) 2228 2214 { 2229 - int ret; 2230 - 2231 2215 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2232 2216 return 0; 2233 - ret = call_int_hook(inode_setattr, 0, dentry, attr); 2234 - if (ret) 2235 - return ret; 2236 - return evm_inode_setattr(idmap, dentry, attr); 2217 + return call_int_hook(inode_setattr, idmap, dentry, attr); 2237 2218 } 2238 2219 EXPORT_SYMBOL_GPL(security_inode_setattr); 2220 + 2221 + /** 2222 + * security_inode_post_setattr() - Update the inode after a setattr operation 2223 + * @idmap: idmap of the mount 2224 + * @dentry: file 2225 + * @ia_valid: file attributes set 2226 + * 2227 + * Update inode security field after successful setting file attributes. 2228 + */ 2229 + void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 2230 + int ia_valid) 2231 + { 2232 + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2233 + return; 2234 + call_void_hook(inode_post_setattr, idmap, dentry, ia_valid); 2235 + } 2239 2236 2240 2237 /** 2241 2238 * security_inode_getattr() - Check if getting file attributes is allowed ··· 2260 2235 { 2261 2236 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) 2262 2237 return 0; 2263 - return call_int_hook(inode_getattr, 0, path); 2238 + return call_int_hook(inode_getattr, path); 2264 2239 } 2265 2240 2266 2241 /** ··· 2288 2263 * SELinux and Smack integrate the cap call, 2289 2264 * so assume that all LSMs supplying this call do so. 2290 2265 */ 2291 - ret = call_int_hook(inode_setxattr, 1, idmap, dentry, name, value, 2292 - size, flags); 2266 + ret = call_int_hook(inode_setxattr, idmap, dentry, name, value, size, 2267 + flags); 2293 2268 2294 2269 if (ret == 1) 2295 2270 ret = cap_inode_setxattr(dentry, name, value, size, flags); 2296 - if (ret) 2297 - return ret; 2298 - ret = ima_inode_setxattr(dentry, name, value, size); 2299 - if (ret) 2300 - return ret; 2301 - return evm_inode_setxattr(idmap, dentry, name, value, size); 2271 + return ret; 2302 2272 } 2303 2273 2304 2274 /** ··· 2312 2292 struct dentry *dentry, const char *acl_name, 2313 2293 struct posix_acl *kacl) 2314 2294 { 2315 - int ret; 2316 - 2317 2295 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2318 2296 return 0; 2319 - ret = call_int_hook(inode_set_acl, 0, idmap, dentry, acl_name, 2320 - kacl); 2321 - if (ret) 2322 - return ret; 2323 - ret = ima_inode_set_acl(idmap, dentry, acl_name, kacl); 2324 - if (ret) 2325 - return ret; 2326 - return evm_inode_set_acl(idmap, dentry, acl_name, kacl); 2297 + return call_int_hook(inode_set_acl, idmap, dentry, acl_name, kacl); 2298 + } 2299 + 2300 + /** 2301 + * security_inode_post_set_acl() - Update inode security from posix acls set 2302 + * @dentry: file 2303 + * @acl_name: acl name 2304 + * @kacl: acl struct 2305 + * 2306 + * Update inode security data after successfully setting posix acls on @dentry. 2307 + * The posix acls in @kacl are identified by @acl_name. 2308 + */ 2309 + void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name, 2310 + struct posix_acl *kacl) 2311 + { 2312 + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2313 + return; 2314 + call_void_hook(inode_post_set_acl, dentry, acl_name, kacl); 2327 2315 } 2328 2316 2329 2317 /** ··· 2350 2322 { 2351 2323 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2352 2324 return 0; 2353 - return call_int_hook(inode_get_acl, 0, idmap, dentry, acl_name); 2325 + return call_int_hook(inode_get_acl, idmap, dentry, acl_name); 2354 2326 } 2355 2327 2356 2328 /** ··· 2367 2339 int security_inode_remove_acl(struct mnt_idmap *idmap, 2368 2340 struct dentry *dentry, const char *acl_name) 2369 2341 { 2370 - int ret; 2371 - 2372 2342 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2373 2343 return 0; 2374 - ret = call_int_hook(inode_remove_acl, 0, idmap, dentry, acl_name); 2375 - if (ret) 2376 - return ret; 2377 - ret = ima_inode_remove_acl(idmap, dentry, acl_name); 2378 - if (ret) 2379 - return ret; 2380 - return evm_inode_remove_acl(idmap, dentry, acl_name); 2344 + return call_int_hook(inode_remove_acl, idmap, dentry, acl_name); 2345 + } 2346 + 2347 + /** 2348 + * security_inode_post_remove_acl() - Update inode security after rm posix acls 2349 + * @idmap: idmap of the mount 2350 + * @dentry: file 2351 + * @acl_name: acl name 2352 + * 2353 + * Update inode security data after successfully removing posix acls on 2354 + * @dentry in @idmap. The posix acls are identified by @acl_name. 2355 + */ 2356 + void security_inode_post_remove_acl(struct mnt_idmap *idmap, 2357 + struct dentry *dentry, const char *acl_name) 2358 + { 2359 + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2360 + return; 2361 + call_void_hook(inode_post_remove_acl, idmap, dentry, acl_name); 2381 2362 } 2382 2363 2383 2364 /** ··· 2405 2368 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2406 2369 return; 2407 2370 call_void_hook(inode_post_setxattr, dentry, name, value, size, flags); 2408 - evm_inode_post_setxattr(dentry, name, value, size); 2409 2371 } 2410 2372 2411 2373 /** ··· 2421 2385 { 2422 2386 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2423 2387 return 0; 2424 - return call_int_hook(inode_getxattr, 0, dentry, name); 2388 + return call_int_hook(inode_getxattr, dentry, name); 2425 2389 } 2426 2390 2427 2391 /** ··· 2437 2401 { 2438 2402 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2439 2403 return 0; 2440 - return call_int_hook(inode_listxattr, 0, dentry); 2404 + return call_int_hook(inode_listxattr, dentry); 2441 2405 } 2442 2406 2443 2407 /** ··· 2462 2426 * SELinux and Smack integrate the cap call, 2463 2427 * so assume that all LSMs supplying this call do so. 2464 2428 */ 2465 - ret = call_int_hook(inode_removexattr, 1, idmap, dentry, name); 2429 + ret = call_int_hook(inode_removexattr, idmap, dentry, name); 2466 2430 if (ret == 1) 2467 2431 ret = cap_inode_removexattr(idmap, dentry, name); 2468 - if (ret) 2469 - return ret; 2470 - ret = ima_inode_removexattr(dentry, name); 2471 - if (ret) 2472 - return ret; 2473 - return evm_inode_removexattr(idmap, dentry, name); 2432 + return ret; 2433 + } 2434 + 2435 + /** 2436 + * security_inode_post_removexattr() - Update the inode after a removexattr op 2437 + * @dentry: file 2438 + * @name: xattr name 2439 + * 2440 + * Update the inode after a successful removexattr operation. 2441 + */ 2442 + void security_inode_post_removexattr(struct dentry *dentry, const char *name) 2443 + { 2444 + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2445 + return; 2446 + call_void_hook(inode_post_removexattr, dentry, name); 2474 2447 } 2475 2448 2476 2449 /** ··· 2495 2450 */ 2496 2451 int security_inode_need_killpriv(struct dentry *dentry) 2497 2452 { 2498 - return call_int_hook(inode_need_killpriv, 0, dentry); 2453 + return call_int_hook(inode_need_killpriv, dentry); 2499 2454 } 2500 2455 2501 2456 /** ··· 2512 2467 int security_inode_killpriv(struct mnt_idmap *idmap, 2513 2468 struct dentry *dentry) 2514 2469 { 2515 - return call_int_hook(inode_killpriv, 0, idmap, dentry); 2470 + return call_int_hook(inode_killpriv, idmap, dentry); 2516 2471 } 2517 2472 2518 2473 /** ··· 2535 2490 struct inode *inode, const char *name, 2536 2491 void **buffer, bool alloc) 2537 2492 { 2538 - struct security_hook_list *hp; 2539 - int rc; 2540 - 2541 2493 if (unlikely(IS_PRIVATE(inode))) 2542 2494 return LSM_RET_DEFAULT(inode_getsecurity); 2543 - /* 2544 - * Only one module will provide an attribute with a given name. 2545 - */ 2546 - hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) { 2547 - rc = hp->hook.inode_getsecurity(idmap, inode, name, buffer, 2548 - alloc); 2549 - if (rc != LSM_RET_DEFAULT(inode_getsecurity)) 2550 - return rc; 2551 - } 2552 - return LSM_RET_DEFAULT(inode_getsecurity); 2495 + 2496 + return call_int_hook(inode_getsecurity, idmap, inode, name, buffer, 2497 + alloc); 2553 2498 } 2554 2499 2555 2500 /** ··· 2560 2525 int security_inode_setsecurity(struct inode *inode, const char *name, 2561 2526 const void *value, size_t size, int flags) 2562 2527 { 2563 - struct security_hook_list *hp; 2564 - int rc; 2565 - 2566 2528 if (unlikely(IS_PRIVATE(inode))) 2567 2529 return LSM_RET_DEFAULT(inode_setsecurity); 2568 - /* 2569 - * Only one module will provide an attribute with a given name. 2570 - */ 2571 - hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) { 2572 - rc = hp->hook.inode_setsecurity(inode, name, value, size, 2573 - flags); 2574 - if (rc != LSM_RET_DEFAULT(inode_setsecurity)) 2575 - return rc; 2576 - } 2577 - return LSM_RET_DEFAULT(inode_setsecurity); 2530 + 2531 + return call_int_hook(inode_setsecurity, inode, name, value, size, 2532 + flags); 2578 2533 } 2579 2534 2580 2535 /** ··· 2585 2560 { 2586 2561 if (unlikely(IS_PRIVATE(inode))) 2587 2562 return 0; 2588 - return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size); 2563 + return call_int_hook(inode_listsecurity, inode, buffer, buffer_size); 2589 2564 } 2590 2565 EXPORT_SYMBOL(security_inode_listsecurity); 2591 2566 ··· 2616 2591 */ 2617 2592 int security_inode_copy_up(struct dentry *src, struct cred **new) 2618 2593 { 2619 - return call_int_hook(inode_copy_up, 0, src, new); 2594 + return call_int_hook(inode_copy_up, src, new); 2620 2595 } 2621 2596 EXPORT_SYMBOL(security_inode_copy_up); 2622 2597 ··· 2634 2609 */ 2635 2610 int security_inode_copy_up_xattr(const char *name) 2636 2611 { 2637 - struct security_hook_list *hp; 2638 2612 int rc; 2639 2613 2640 2614 /* ··· 2641 2617 * xattr), -EOPNOTSUPP if it does not know anything about the xattr or 2642 2618 * any other error code in case of an error. 2643 2619 */ 2644 - hlist_for_each_entry(hp, 2645 - &security_hook_heads.inode_copy_up_xattr, list) { 2646 - rc = hp->hook.inode_copy_up_xattr(name); 2647 - if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr)) 2648 - return rc; 2649 - } 2620 + rc = call_int_hook(inode_copy_up_xattr, name); 2621 + if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr)) 2622 + return rc; 2650 2623 2651 - return evm_inode_copy_up_xattr(name); 2624 + return LSM_RET_DEFAULT(inode_copy_up_xattr); 2652 2625 } 2653 2626 EXPORT_SYMBOL(security_inode_copy_up_xattr); 2654 2627 ··· 2662 2641 int security_kernfs_init_security(struct kernfs_node *kn_dir, 2663 2642 struct kernfs_node *kn) 2664 2643 { 2665 - return call_int_hook(kernfs_init_security, 0, kn_dir, kn); 2644 + return call_int_hook(kernfs_init_security, kn_dir, kn); 2666 2645 } 2667 2646 2668 2647 /** ··· 2686 2665 */ 2687 2666 int security_file_permission(struct file *file, int mask) 2688 2667 { 2689 - return call_int_hook(file_permission, 0, file, mask); 2668 + return call_int_hook(file_permission, file, mask); 2690 2669 } 2691 2670 2692 2671 /** ··· 2704 2683 2705 2684 if (rc) 2706 2685 return rc; 2707 - rc = call_int_hook(file_alloc_security, 0, file); 2686 + rc = call_int_hook(file_alloc_security, file); 2708 2687 if (unlikely(rc)) 2709 2688 security_file_free(file); 2710 2689 return rc; 2690 + } 2691 + 2692 + /** 2693 + * security_file_release() - Perform actions before releasing the file ref 2694 + * @file: the file 2695 + * 2696 + * Perform actions before releasing the last reference to a file. 2697 + */ 2698 + void security_file_release(struct file *file) 2699 + { 2700 + call_void_hook(file_release, file); 2711 2701 } 2712 2702 2713 2703 /** ··· 2755 2723 */ 2756 2724 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2757 2725 { 2758 - return call_int_hook(file_ioctl, 0, file, cmd, arg); 2726 + return call_int_hook(file_ioctl, file, cmd, arg); 2759 2727 } 2760 2728 EXPORT_SYMBOL_GPL(security_file_ioctl); 2761 2729 ··· 2773 2741 int security_file_ioctl_compat(struct file *file, unsigned int cmd, 2774 2742 unsigned long arg) 2775 2743 { 2776 - return call_int_hook(file_ioctl_compat, 0, file, cmd, arg); 2744 + return call_int_hook(file_ioctl_compat, file, cmd, arg); 2777 2745 } 2778 2746 EXPORT_SYMBOL_GPL(security_file_ioctl_compat); 2779 2747 ··· 2824 2792 int security_mmap_file(struct file *file, unsigned long prot, 2825 2793 unsigned long flags) 2826 2794 { 2827 - unsigned long prot_adj = mmap_prot(file, prot); 2828 - int ret; 2829 - 2830 - ret = call_int_hook(mmap_file, 0, file, prot, prot_adj, flags); 2831 - if (ret) 2832 - return ret; 2833 - return ima_file_mmap(file, prot, prot_adj, flags); 2795 + return call_int_hook(mmap_file, file, prot, mmap_prot(file, prot), 2796 + flags); 2834 2797 } 2835 2798 2836 2799 /** ··· 2838 2811 */ 2839 2812 int security_mmap_addr(unsigned long addr) 2840 2813 { 2841 - return call_int_hook(mmap_addr, 0, addr); 2814 + return call_int_hook(mmap_addr, addr); 2842 2815 } 2843 2816 2844 2817 /** ··· 2854 2827 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 2855 2828 unsigned long prot) 2856 2829 { 2857 - int ret; 2858 - 2859 - ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot); 2860 - if (ret) 2861 - return ret; 2862 - return ima_file_mprotect(vma, prot); 2830 + return call_int_hook(file_mprotect, vma, reqprot, prot); 2863 2831 } 2864 2832 2865 2833 /** ··· 2869 2847 */ 2870 2848 int security_file_lock(struct file *file, unsigned int cmd) 2871 2849 { 2872 - return call_int_hook(file_lock, 0, file, cmd); 2850 + return call_int_hook(file_lock, file, cmd); 2873 2851 } 2874 2852 2875 2853 /** ··· 2888 2866 */ 2889 2867 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) 2890 2868 { 2891 - return call_int_hook(file_fcntl, 0, file, cmd, arg); 2869 + return call_int_hook(file_fcntl, file, cmd, arg); 2892 2870 } 2893 2871 2894 2872 /** ··· 2922 2900 int security_file_send_sigiotask(struct task_struct *tsk, 2923 2901 struct fown_struct *fown, int sig) 2924 2902 { 2925 - return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig); 2903 + return call_int_hook(file_send_sigiotask, tsk, fown, sig); 2926 2904 } 2927 2905 2928 2906 /** 2929 - * security_file_receive() - Check is receiving a file via IPC is allowed 2907 + * security_file_receive() - Check if receiving a file via IPC is allowed 2930 2908 * @file: file being received 2931 2909 * 2932 2910 * This hook allows security modules to control the ability of a process to ··· 2936 2914 */ 2937 2915 int security_file_receive(struct file *file) 2938 2916 { 2939 - return call_int_hook(file_receive, 0, file); 2917 + return call_int_hook(file_receive, file); 2940 2918 } 2941 2919 2942 2920 /** ··· 2952 2930 { 2953 2931 int ret; 2954 2932 2955 - ret = call_int_hook(file_open, 0, file); 2933 + ret = call_int_hook(file_open, file); 2956 2934 if (ret) 2957 2935 return ret; 2958 2936 2959 2937 return fsnotify_open_perm(file); 2960 2938 } 2939 + 2940 + /** 2941 + * security_file_post_open() - Evaluate a file after it has been opened 2942 + * @file: the file 2943 + * @mask: access mask 2944 + * 2945 + * Evaluate an opened file and the access mask requested with open(). The hook 2946 + * is useful for LSMs that require the file content to be available in order to 2947 + * make decisions. 2948 + * 2949 + * Return: Returns 0 if permission is granted. 2950 + */ 2951 + int security_file_post_open(struct file *file, int mask) 2952 + { 2953 + return call_int_hook(file_post_open, file, mask); 2954 + } 2955 + EXPORT_SYMBOL_GPL(security_file_post_open); 2961 2956 2962 2957 /** 2963 2958 * security_file_truncate() - Check if truncating a file is allowed ··· 2988 2949 */ 2989 2950 int security_file_truncate(struct file *file) 2990 2951 { 2991 - return call_int_hook(file_truncate, 0, file); 2952 + return call_int_hook(file_truncate, file); 2992 2953 } 2993 2954 2994 2955 /** ··· 3006 2967 3007 2968 if (rc) 3008 2969 return rc; 3009 - rc = call_int_hook(task_alloc, 0, task, clone_flags); 2970 + rc = call_int_hook(task_alloc, task, clone_flags); 3010 2971 if (unlikely(rc)) 3011 2972 security_task_free(task); 3012 2973 return rc; ··· 3044 3005 if (rc) 3045 3006 return rc; 3046 3007 3047 - rc = call_int_hook(cred_alloc_blank, 0, cred, gfp); 3008 + rc = call_int_hook(cred_alloc_blank, cred, gfp); 3048 3009 if (unlikely(rc)) 3049 3010 security_cred_free(cred); 3050 3011 return rc; ··· 3088 3049 if (rc) 3089 3050 return rc; 3090 3051 3091 - rc = call_int_hook(cred_prepare, 0, new, old, gfp); 3052 + rc = call_int_hook(cred_prepare, new, old, gfp); 3092 3053 if (unlikely(rc)) 3093 3054 security_cred_free(new); 3094 3055 return rc; ··· 3133 3094 */ 3134 3095 int security_kernel_act_as(struct cred *new, u32 secid) 3135 3096 { 3136 - return call_int_hook(kernel_act_as, 0, new, secid); 3097 + return call_int_hook(kernel_act_as, new, secid); 3137 3098 } 3138 3099 3139 3100 /** ··· 3149 3110 */ 3150 3111 int security_kernel_create_files_as(struct cred *new, struct inode *inode) 3151 3112 { 3152 - return call_int_hook(kernel_create_files_as, 0, new, inode); 3113 + return call_int_hook(kernel_create_files_as, new, inode); 3153 3114 } 3154 3115 3155 3116 /** 3156 - * security_kernel_module_request() - Check is loading a module is allowed 3117 + * security_kernel_module_request() - Check if loading a module is allowed 3157 3118 * @kmod_name: module name 3158 3119 * 3159 3120 * Ability to trigger the kernel to automatically upcall to userspace for ··· 3163 3124 */ 3164 3125 int security_kernel_module_request(char *kmod_name) 3165 3126 { 3166 - int ret; 3167 - 3168 - ret = call_int_hook(kernel_module_request, 0, kmod_name); 3169 - if (ret) 3170 - return ret; 3171 - return integrity_kernel_module_request(kmod_name); 3127 + return call_int_hook(kernel_module_request, kmod_name); 3172 3128 } 3173 3129 3174 3130 /** ··· 3179 3145 int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, 3180 3146 bool contents) 3181 3147 { 3182 - int ret; 3183 - 3184 - ret = call_int_hook(kernel_read_file, 0, file, id, contents); 3185 - if (ret) 3186 - return ret; 3187 - return ima_read_file(file, id, contents); 3148 + return call_int_hook(kernel_read_file, file, id, contents); 3188 3149 } 3189 3150 EXPORT_SYMBOL_GPL(security_kernel_read_file); 3190 3151 ··· 3199 3170 int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 3200 3171 enum kernel_read_file_id id) 3201 3172 { 3202 - int ret; 3203 - 3204 - ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id); 3205 - if (ret) 3206 - return ret; 3207 - return ima_post_read_file(file, buf, size, id); 3173 + return call_int_hook(kernel_post_read_file, file, buf, size, id); 3208 3174 } 3209 3175 EXPORT_SYMBOL_GPL(security_kernel_post_read_file); 3210 3176 ··· 3214 3190 */ 3215 3191 int security_kernel_load_data(enum kernel_load_data_id id, bool contents) 3216 3192 { 3217 - int ret; 3218 - 3219 - ret = call_int_hook(kernel_load_data, 0, id, contents); 3220 - if (ret) 3221 - return ret; 3222 - return ima_load_data(id, contents); 3193 + return call_int_hook(kernel_load_data, id, contents); 3223 3194 } 3224 3195 EXPORT_SYMBOL_GPL(security_kernel_load_data); 3225 3196 ··· 3236 3217 enum kernel_load_data_id id, 3237 3218 char *description) 3238 3219 { 3239 - int ret; 3240 - 3241 - ret = call_int_hook(kernel_post_load_data, 0, buf, size, id, 3242 - description); 3243 - if (ret) 3244 - return ret; 3245 - return ima_post_load_data(buf, size, id, description); 3220 + return call_int_hook(kernel_post_load_data, buf, size, id, description); 3246 3221 } 3247 3222 EXPORT_SYMBOL_GPL(security_kernel_post_load_data); 3248 3223 ··· 3257 3244 int security_task_fix_setuid(struct cred *new, const struct cred *old, 3258 3245 int flags) 3259 3246 { 3260 - return call_int_hook(task_fix_setuid, 0, new, old, flags); 3247 + return call_int_hook(task_fix_setuid, new, old, flags); 3261 3248 } 3262 3249 3263 3250 /** ··· 3277 3264 int security_task_fix_setgid(struct cred *new, const struct cred *old, 3278 3265 int flags) 3279 3266 { 3280 - return call_int_hook(task_fix_setgid, 0, new, old, flags); 3267 + return call_int_hook(task_fix_setgid, new, old, flags); 3281 3268 } 3282 3269 3283 3270 /** ··· 3294 3281 */ 3295 3282 int security_task_fix_setgroups(struct cred *new, const struct cred *old) 3296 3283 { 3297 - return call_int_hook(task_fix_setgroups, 0, new, old); 3284 + return call_int_hook(task_fix_setgroups, new, old); 3298 3285 } 3299 3286 3300 3287 /** ··· 3309 3296 */ 3310 3297 int security_task_setpgid(struct task_struct *p, pid_t pgid) 3311 3298 { 3312 - return call_int_hook(task_setpgid, 0, p, pgid); 3299 + return call_int_hook(task_setpgid, p, pgid); 3313 3300 } 3314 3301 3315 3302 /** ··· 3323 3310 */ 3324 3311 int security_task_getpgid(struct task_struct *p) 3325 3312 { 3326 - return call_int_hook(task_getpgid, 0, p); 3313 + return call_int_hook(task_getpgid, p); 3327 3314 } 3328 3315 3329 3316 /** ··· 3336 3323 */ 3337 3324 int security_task_getsid(struct task_struct *p) 3338 3325 { 3339 - return call_int_hook(task_getsid, 0, p); 3326 + return call_int_hook(task_getsid, p); 3340 3327 } 3341 3328 3342 3329 /** ··· 3379 3366 */ 3380 3367 int security_task_setnice(struct task_struct *p, int nice) 3381 3368 { 3382 - return call_int_hook(task_setnice, 0, p, nice); 3369 + return call_int_hook(task_setnice, p, nice); 3383 3370 } 3384 3371 3385 3372 /** ··· 3393 3380 */ 3394 3381 int security_task_setioprio(struct task_struct *p, int ioprio) 3395 3382 { 3396 - return call_int_hook(task_setioprio, 0, p, ioprio); 3383 + return call_int_hook(task_setioprio, p, ioprio); 3397 3384 } 3398 3385 3399 3386 /** ··· 3406 3393 */ 3407 3394 int security_task_getioprio(struct task_struct *p) 3408 3395 { 3409 - return call_int_hook(task_getioprio, 0, p); 3396 + return call_int_hook(task_getioprio, p); 3410 3397 } 3411 3398 3412 3399 /** ··· 3423 3410 int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 3424 3411 unsigned int flags) 3425 3412 { 3426 - return call_int_hook(task_prlimit, 0, cred, tcred, flags); 3413 + return call_int_hook(task_prlimit, cred, tcred, flags); 3427 3414 } 3428 3415 3429 3416 /** ··· 3441 3428 int security_task_setrlimit(struct task_struct *p, unsigned int resource, 3442 3429 struct rlimit *new_rlim) 3443 3430 { 3444 - return call_int_hook(task_setrlimit, 0, p, resource, new_rlim); 3431 + return call_int_hook(task_setrlimit, p, resource, new_rlim); 3445 3432 } 3446 3433 3447 3434 /** ··· 3455 3442 */ 3456 3443 int security_task_setscheduler(struct task_struct *p) 3457 3444 { 3458 - return call_int_hook(task_setscheduler, 0, p); 3445 + return call_int_hook(task_setscheduler, p); 3459 3446 } 3460 3447 3461 3448 /** ··· 3468 3455 */ 3469 3456 int security_task_getscheduler(struct task_struct *p) 3470 3457 { 3471 - return call_int_hook(task_getscheduler, 0, p); 3458 + return call_int_hook(task_getscheduler, p); 3472 3459 } 3473 3460 3474 3461 /** ··· 3481 3468 */ 3482 3469 int security_task_movememory(struct task_struct *p) 3483 3470 { 3484 - return call_int_hook(task_movememory, 0, p); 3471 + return call_int_hook(task_movememory, p); 3485 3472 } 3486 3473 3487 3474 /** ··· 3502 3489 int security_task_kill(struct task_struct *p, struct kernel_siginfo *info, 3503 3490 int sig, const struct cred *cred) 3504 3491 { 3505 - return call_int_hook(task_kill, 0, p, info, sig, cred); 3492 + return call_int_hook(task_kill, p, info, sig, cred); 3506 3493 } 3507 3494 3508 3495 /** ··· 3560 3547 */ 3561 3548 int security_create_user_ns(const struct cred *cred) 3562 3549 { 3563 - return call_int_hook(userns_create, 0, cred); 3550 + return call_int_hook(userns_create, cred); 3564 3551 } 3565 3552 3566 3553 /** ··· 3574 3561 */ 3575 3562 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 3576 3563 { 3577 - return call_int_hook(ipc_permission, 0, ipcp, flag); 3564 + return call_int_hook(ipc_permission, ipcp, flag); 3578 3565 } 3579 3566 3580 3567 /** ··· 3606 3593 3607 3594 if (unlikely(rc)) 3608 3595 return rc; 3609 - rc = call_int_hook(msg_msg_alloc_security, 0, msg); 3596 + rc = call_int_hook(msg_msg_alloc_security, msg); 3610 3597 if (unlikely(rc)) 3611 3598 security_msg_msg_free(msg); 3612 3599 return rc; ··· 3640 3627 3641 3628 if (unlikely(rc)) 3642 3629 return rc; 3643 - rc = call_int_hook(msg_queue_alloc_security, 0, msq); 3630 + rc = call_int_hook(msg_queue_alloc_security, msq); 3644 3631 if (unlikely(rc)) 3645 3632 security_msg_queue_free(msq); 3646 3633 return rc; ··· 3672 3659 */ 3673 3660 int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) 3674 3661 { 3675 - return call_int_hook(msg_queue_associate, 0, msq, msqflg); 3662 + return call_int_hook(msg_queue_associate, msq, msqflg); 3676 3663 } 3677 3664 3678 3665 /** ··· 3687 3674 */ 3688 3675 int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) 3689 3676 { 3690 - return call_int_hook(msg_queue_msgctl, 0, msq, cmd); 3677 + return call_int_hook(msg_queue_msgctl, msq, cmd); 3691 3678 } 3692 3679 3693 3680 /** ··· 3704 3691 int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 3705 3692 struct msg_msg *msg, int msqflg) 3706 3693 { 3707 - return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg); 3694 + return call_int_hook(msg_queue_msgsnd, msq, msg, msqflg); 3708 3695 } 3709 3696 3710 3697 /** ··· 3725 3712 int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, 3726 3713 struct task_struct *target, long type, int mode) 3727 3714 { 3728 - return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode); 3715 + return call_int_hook(msg_queue_msgrcv, msq, msg, target, type, mode); 3729 3716 } 3730 3717 3731 3718 /** ··· 3743 3730 3744 3731 if (unlikely(rc)) 3745 3732 return rc; 3746 - rc = call_int_hook(shm_alloc_security, 0, shp); 3733 + rc = call_int_hook(shm_alloc_security, shp); 3747 3734 if (unlikely(rc)) 3748 3735 security_shm_free(shp); 3749 3736 return rc; ··· 3776 3763 */ 3777 3764 int security_shm_associate(struct kern_ipc_perm *shp, int shmflg) 3778 3765 { 3779 - return call_int_hook(shm_associate, 0, shp, shmflg); 3766 + return call_int_hook(shm_associate, shp, shmflg); 3780 3767 } 3781 3768 3782 3769 /** ··· 3791 3778 */ 3792 3779 int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 3793 3780 { 3794 - return call_int_hook(shm_shmctl, 0, shp, cmd); 3781 + return call_int_hook(shm_shmctl, shp, cmd); 3795 3782 } 3796 3783 3797 3784 /** ··· 3809 3796 int security_shm_shmat(struct kern_ipc_perm *shp, 3810 3797 char __user *shmaddr, int shmflg) 3811 3798 { 3812 - return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg); 3799 + return call_int_hook(shm_shmat, shp, shmaddr, shmflg); 3813 3800 } 3814 3801 3815 3802 /** ··· 3827 3814 3828 3815 if (unlikely(rc)) 3829 3816 return rc; 3830 - rc = call_int_hook(sem_alloc_security, 0, sma); 3817 + rc = call_int_hook(sem_alloc_security, sma); 3831 3818 if (unlikely(rc)) 3832 3819 security_sem_free(sma); 3833 3820 return rc; ··· 3859 3846 */ 3860 3847 int security_sem_associate(struct kern_ipc_perm *sma, int semflg) 3861 3848 { 3862 - return call_int_hook(sem_associate, 0, sma, semflg); 3849 + return call_int_hook(sem_associate, sma, semflg); 3863 3850 } 3864 3851 3865 3852 /** ··· 3874 3861 */ 3875 3862 int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) 3876 3863 { 3877 - return call_int_hook(sem_semctl, 0, sma, cmd); 3864 + return call_int_hook(sem_semctl, sma, cmd); 3878 3865 } 3879 3866 3880 3867 /** ··· 3892 3879 int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 3893 3880 unsigned nsops, int alter) 3894 3881 { 3895 - return call_int_hook(sem_semop, 0, sma, sops, nsops, alter); 3882 + return call_int_hook(sem_semop, sma, sops, nsops, alter); 3896 3883 } 3897 3884 3898 3885 /** ··· 4123 4110 */ 4124 4111 int security_netlink_send(struct sock *sk, struct sk_buff *skb) 4125 4112 { 4126 - return call_int_hook(netlink_send, 0, sk, skb); 4113 + return call_int_hook(netlink_send, sk, skb); 4127 4114 } 4128 4115 4129 4116 /** 4130 - * security_ismaclabel() - Check is the named attribute is a MAC label 4117 + * security_ismaclabel() - Check if the named attribute is a MAC label 4131 4118 * @name: full extended attribute name 4132 4119 * 4133 4120 * Check if the extended attribute specified by @name represents a MAC label. ··· 4136 4123 */ 4137 4124 int security_ismaclabel(const char *name) 4138 4125 { 4139 - return call_int_hook(ismaclabel, 0, name); 4126 + return call_int_hook(ismaclabel, name); 4140 4127 } 4141 4128 EXPORT_SYMBOL(security_ismaclabel); 4142 4129 ··· 4155 4142 */ 4156 4143 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 4157 4144 { 4158 - struct security_hook_list *hp; 4159 - int rc; 4160 - 4161 - /* 4162 - * Currently, only one LSM can implement secid_to_secctx (i.e this 4163 - * LSM hook is not "stackable"). 4164 - */ 4165 - hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { 4166 - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); 4167 - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) 4168 - return rc; 4169 - } 4170 - 4171 - return LSM_RET_DEFAULT(secid_to_secctx); 4145 + return call_int_hook(secid_to_secctx, secid, secdata, seclen); 4172 4146 } 4173 4147 EXPORT_SYMBOL(security_secid_to_secctx); 4174 4148 ··· 4172 4172 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 4173 4173 { 4174 4174 *secid = 0; 4175 - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); 4175 + return call_int_hook(secctx_to_secid, secdata, seclen, secid); 4176 4176 } 4177 4177 EXPORT_SYMBOL(security_secctx_to_secid); 4178 4178 ··· 4219 4219 */ 4220 4220 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4221 4221 { 4222 - return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); 4222 + return call_int_hook(inode_notifysecctx, inode, ctx, ctxlen); 4223 4223 } 4224 4224 EXPORT_SYMBOL(security_inode_notifysecctx); 4225 4225 ··· 4241 4241 */ 4242 4242 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 4243 4243 { 4244 - return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); 4244 + return call_int_hook(inode_setsecctx, dentry, ctx, ctxlen); 4245 4245 } 4246 4246 EXPORT_SYMBOL(security_inode_setsecctx); 4247 4247 ··· 4258 4258 */ 4259 4259 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 4260 4260 { 4261 - struct security_hook_list *hp; 4262 - int rc; 4263 - 4264 - /* 4265 - * Only one module will provide a security context. 4266 - */ 4267 - hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { 4268 - rc = hp->hook.inode_getsecctx(inode, ctx, ctxlen); 4269 - if (rc != LSM_RET_DEFAULT(inode_getsecctx)) 4270 - return rc; 4271 - } 4272 - 4273 - return LSM_RET_DEFAULT(inode_getsecctx); 4261 + return call_int_hook(inode_getsecctx, inode, ctx, ctxlen); 4274 4262 } 4275 4263 EXPORT_SYMBOL(security_inode_getsecctx); 4276 4264 ··· 4277 4289 const struct cred *cred, 4278 4290 struct watch_notification *n) 4279 4291 { 4280 - return call_int_hook(post_notification, 0, w_cred, cred, n); 4292 + return call_int_hook(post_notification, w_cred, cred, n); 4281 4293 } 4282 4294 #endif /* CONFIG_WATCH_QUEUE */ 4283 4295 ··· 4293 4305 */ 4294 4306 int security_watch_key(struct key *key) 4295 4307 { 4296 - return call_int_hook(watch_key, 0, key); 4308 + return call_int_hook(watch_key, key); 4297 4309 } 4298 4310 #endif /* CONFIG_KEY_NOTIFICATIONS */ 4299 4311 ··· 4322 4334 int security_unix_stream_connect(struct sock *sock, struct sock *other, 4323 4335 struct sock *newsk) 4324 4336 { 4325 - return call_int_hook(unix_stream_connect, 0, sock, other, newsk); 4337 + return call_int_hook(unix_stream_connect, sock, other, newsk); 4326 4338 } 4327 4339 EXPORT_SYMBOL(security_unix_stream_connect); 4328 4340 ··· 4348 4360 */ 4349 4361 int security_unix_may_send(struct socket *sock, struct socket *other) 4350 4362 { 4351 - return call_int_hook(unix_may_send, 0, sock, other); 4363 + return call_int_hook(unix_may_send, sock, other); 4352 4364 } 4353 4365 EXPORT_SYMBOL(security_unix_may_send); 4354 4366 ··· 4365 4377 */ 4366 4378 int security_socket_create(int family, int type, int protocol, int kern) 4367 4379 { 4368 - return call_int_hook(socket_create, 0, family, type, protocol, kern); 4380 + return call_int_hook(socket_create, family, type, protocol, kern); 4369 4381 } 4370 4382 4371 4383 /** ··· 4389 4401 int security_socket_post_create(struct socket *sock, int family, 4390 4402 int type, int protocol, int kern) 4391 4403 { 4392 - return call_int_hook(socket_post_create, 0, sock, family, type, 4404 + return call_int_hook(socket_post_create, sock, family, type, 4393 4405 protocol, kern); 4394 4406 } 4395 4407 ··· 4405 4417 */ 4406 4418 int security_socket_socketpair(struct socket *socka, struct socket *sockb) 4407 4419 { 4408 - return call_int_hook(socket_socketpair, 0, socka, sockb); 4420 + return call_int_hook(socket_socketpair, socka, sockb); 4409 4421 } 4410 4422 EXPORT_SYMBOL(security_socket_socketpair); 4411 4423 ··· 4424 4436 int security_socket_bind(struct socket *sock, 4425 4437 struct sockaddr *address, int addrlen) 4426 4438 { 4427 - return call_int_hook(socket_bind, 0, sock, address, addrlen); 4439 + return call_int_hook(socket_bind, sock, address, addrlen); 4428 4440 } 4429 4441 4430 4442 /** ··· 4441 4453 int security_socket_connect(struct socket *sock, 4442 4454 struct sockaddr *address, int addrlen) 4443 4455 { 4444 - return call_int_hook(socket_connect, 0, sock, address, addrlen); 4456 + return call_int_hook(socket_connect, sock, address, addrlen); 4445 4457 } 4446 4458 4447 4459 /** ··· 4455 4467 */ 4456 4468 int security_socket_listen(struct socket *sock, int backlog) 4457 4469 { 4458 - return call_int_hook(socket_listen, 0, sock, backlog); 4470 + return call_int_hook(socket_listen, sock, backlog); 4459 4471 } 4460 4472 4461 4473 /** ··· 4471 4483 */ 4472 4484 int security_socket_accept(struct socket *sock, struct socket *newsock) 4473 4485 { 4474 - return call_int_hook(socket_accept, 0, sock, newsock); 4486 + return call_int_hook(socket_accept, sock, newsock); 4475 4487 } 4476 4488 4477 4489 /** 4478 - * security_socket_sendmsg() - Check is sending a message is allowed 4490 + * security_socket_sendmsg() - Check if sending a message is allowed 4479 4491 * @sock: sending socket 4480 4492 * @msg: message to send 4481 4493 * @size: size of message ··· 4486 4498 */ 4487 4499 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) 4488 4500 { 4489 - return call_int_hook(socket_sendmsg, 0, sock, msg, size); 4501 + return call_int_hook(socket_sendmsg, sock, msg, size); 4490 4502 } 4491 4503 4492 4504 /** ··· 4503 4515 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 4504 4516 int size, int flags) 4505 4517 { 4506 - return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags); 4518 + return call_int_hook(socket_recvmsg, sock, msg, size, flags); 4507 4519 } 4508 4520 4509 4521 /** ··· 4517 4529 */ 4518 4530 int security_socket_getsockname(struct socket *sock) 4519 4531 { 4520 - return call_int_hook(socket_getsockname, 0, sock); 4532 + return call_int_hook(socket_getsockname, sock); 4521 4533 } 4522 4534 4523 4535 /** ··· 4530 4542 */ 4531 4543 int security_socket_getpeername(struct socket *sock) 4532 4544 { 4533 - return call_int_hook(socket_getpeername, 0, sock); 4545 + return call_int_hook(socket_getpeername, sock); 4534 4546 } 4535 4547 4536 4548 /** ··· 4546 4558 */ 4547 4559 int security_socket_getsockopt(struct socket *sock, int level, int optname) 4548 4560 { 4549 - return call_int_hook(socket_getsockopt, 0, sock, level, optname); 4561 + return call_int_hook(socket_getsockopt, sock, level, optname); 4550 4562 } 4551 4563 4552 4564 /** ··· 4561 4573 */ 4562 4574 int security_socket_setsockopt(struct socket *sock, int level, int optname) 4563 4575 { 4564 - return call_int_hook(socket_setsockopt, 0, sock, level, optname); 4576 + return call_int_hook(socket_setsockopt, sock, level, optname); 4565 4577 } 4566 4578 4567 4579 /** ··· 4576 4588 */ 4577 4589 int security_socket_shutdown(struct socket *sock, int how) 4578 4590 { 4579 - return call_int_hook(socket_shutdown, 0, sock, how); 4591 + return call_int_hook(socket_shutdown, sock, how); 4580 4592 } 4581 4593 4582 4594 /** ··· 4593 4605 */ 4594 4606 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4595 4607 { 4596 - return call_int_hook(socket_sock_rcv_skb, 0, sk, skb); 4608 + return call_int_hook(socket_sock_rcv_skb, sk, skb); 4597 4609 } 4598 4610 EXPORT_SYMBOL(security_sock_rcv_skb); 4599 4611 ··· 4615 4627 int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, 4616 4628 sockptr_t optlen, unsigned int len) 4617 4629 { 4618 - struct security_hook_list *hp; 4619 - int rc; 4620 - 4621 - /* 4622 - * Only one module will provide a security context. 4623 - */ 4624 - hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, 4625 - list) { 4626 - rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, 4627 - len); 4628 - if (rc != LSM_RET_DEFAULT(socket_getpeersec_stream)) 4629 - return rc; 4630 - } 4631 - return LSM_RET_DEFAULT(socket_getpeersec_stream); 4630 + return call_int_hook(socket_getpeersec_stream, sock, optval, optlen, 4631 + len); 4632 4632 } 4633 4633 4634 4634 /** ··· 4636 4660 int security_socket_getpeersec_dgram(struct socket *sock, 4637 4661 struct sk_buff *skb, u32 *secid) 4638 4662 { 4639 - struct security_hook_list *hp; 4640 - int rc; 4641 - 4642 - /* 4643 - * Only one module will provide a security context. 4644 - */ 4645 - hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, 4646 - list) { 4647 - rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); 4648 - if (rc != LSM_RET_DEFAULT(socket_getpeersec_dgram)) 4649 - return rc; 4650 - } 4651 - return LSM_RET_DEFAULT(socket_getpeersec_dgram); 4663 + return call_int_hook(socket_getpeersec_dgram, sock, skb, secid); 4652 4664 } 4653 4665 EXPORT_SYMBOL(security_socket_getpeersec_dgram); 4654 4666 ··· 4653 4689 */ 4654 4690 int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 4655 4691 { 4656 - return call_int_hook(sk_alloc_security, 0, sk, family, priority); 4692 + return call_int_hook(sk_alloc_security, sk, family, priority); 4657 4693 } 4658 4694 4659 4695 /** ··· 4734 4770 int security_inet_conn_request(const struct sock *sk, 4735 4771 struct sk_buff *skb, struct request_sock *req) 4736 4772 { 4737 - return call_int_hook(inet_conn_request, 0, sk, skb, req); 4773 + return call_int_hook(inet_conn_request, sk, skb, req); 4738 4774 } 4739 4775 EXPORT_SYMBOL(security_inet_conn_request); 4740 4776 ··· 4775 4811 */ 4776 4812 int security_secmark_relabel_packet(u32 secid) 4777 4813 { 4778 - return call_int_hook(secmark_relabel_packet, 0, secid); 4814 + return call_int_hook(secmark_relabel_packet, secid); 4779 4815 } 4780 4816 EXPORT_SYMBOL(security_secmark_relabel_packet); 4781 4817 ··· 4812 4848 */ 4813 4849 int security_tun_dev_alloc_security(void **security) 4814 4850 { 4815 - return call_int_hook(tun_dev_alloc_security, 0, security); 4851 + return call_int_hook(tun_dev_alloc_security, security); 4816 4852 } 4817 4853 EXPORT_SYMBOL(security_tun_dev_alloc_security); 4818 4854 ··· 4837 4873 */ 4838 4874 int security_tun_dev_create(void) 4839 4875 { 4840 - return call_int_hook(tun_dev_create, 0); 4876 + return call_int_hook(tun_dev_create); 4841 4877 } 4842 4878 EXPORT_SYMBOL(security_tun_dev_create); 4843 4879 ··· 4851 4887 */ 4852 4888 int security_tun_dev_attach_queue(void *security) 4853 4889 { 4854 - return call_int_hook(tun_dev_attach_queue, 0, security); 4890 + return call_int_hook(tun_dev_attach_queue, security); 4855 4891 } 4856 4892 EXPORT_SYMBOL(security_tun_dev_attach_queue); 4857 4893 ··· 4867 4903 */ 4868 4904 int security_tun_dev_attach(struct sock *sk, void *security) 4869 4905 { 4870 - return call_int_hook(tun_dev_attach, 0, sk, security); 4906 + return call_int_hook(tun_dev_attach, sk, security); 4871 4907 } 4872 4908 EXPORT_SYMBOL(security_tun_dev_attach); 4873 4909 ··· 4882 4918 */ 4883 4919 int security_tun_dev_open(void *security) 4884 4920 { 4885 - return call_int_hook(tun_dev_open, 0, security); 4921 + return call_int_hook(tun_dev_open, security); 4886 4922 } 4887 4923 EXPORT_SYMBOL(security_tun_dev_open); 4888 4924 ··· 4898 4934 int security_sctp_assoc_request(struct sctp_association *asoc, 4899 4935 struct sk_buff *skb) 4900 4936 { 4901 - return call_int_hook(sctp_assoc_request, 0, asoc, skb); 4937 + return call_int_hook(sctp_assoc_request, asoc, skb); 4902 4938 } 4903 4939 EXPORT_SYMBOL(security_sctp_assoc_request); 4904 4940 ··· 4919 4955 int security_sctp_bind_connect(struct sock *sk, int optname, 4920 4956 struct sockaddr *address, int addrlen) 4921 4957 { 4922 - return call_int_hook(sctp_bind_connect, 0, sk, optname, 4923 - address, addrlen); 4958 + return call_int_hook(sctp_bind_connect, sk, optname, address, addrlen); 4924 4959 } 4925 4960 EXPORT_SYMBOL(security_sctp_bind_connect); 4926 4961 ··· 4953 4990 int security_sctp_assoc_established(struct sctp_association *asoc, 4954 4991 struct sk_buff *skb) 4955 4992 { 4956 - return call_int_hook(sctp_assoc_established, 0, asoc, skb); 4993 + return call_int_hook(sctp_assoc_established, asoc, skb); 4957 4994 } 4958 4995 EXPORT_SYMBOL(security_sctp_assoc_established); 4959 4996 ··· 4971 5008 */ 4972 5009 int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk) 4973 5010 { 4974 - return call_int_hook(mptcp_add_subflow, 0, sk, ssk); 5011 + return call_int_hook(mptcp_add_subflow, sk, ssk); 4975 5012 } 4976 5013 4977 5014 #endif /* CONFIG_SECURITY_NETWORK */ ··· 4989 5026 */ 4990 5027 int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) 4991 5028 { 4992 - return call_int_hook(ib_pkey_access, 0, sec, subnet_prefix, pkey); 5029 + return call_int_hook(ib_pkey_access, sec, subnet_prefix, pkey); 4993 5030 } 4994 5031 EXPORT_SYMBOL(security_ib_pkey_access); 4995 5032 ··· 5006 5043 int security_ib_endport_manage_subnet(void *sec, 5007 5044 const char *dev_name, u8 port_num) 5008 5045 { 5009 - return call_int_hook(ib_endport_manage_subnet, 0, sec, 5010 - dev_name, port_num); 5046 + return call_int_hook(ib_endport_manage_subnet, sec, dev_name, port_num); 5011 5047 } 5012 5048 EXPORT_SYMBOL(security_ib_endport_manage_subnet); 5013 5049 ··· 5020 5058 */ 5021 5059 int security_ib_alloc_security(void **sec) 5022 5060 { 5023 - return call_int_hook(ib_alloc_security, 0, sec); 5061 + return call_int_hook(ib_alloc_security, sec); 5024 5062 } 5025 5063 EXPORT_SYMBOL(security_ib_alloc_security); 5026 5064 ··· 5053 5091 struct xfrm_user_sec_ctx *sec_ctx, 5054 5092 gfp_t gfp) 5055 5093 { 5056 - return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp); 5094 + return call_int_hook(xfrm_policy_alloc_security, ctxp, sec_ctx, gfp); 5057 5095 } 5058 5096 EXPORT_SYMBOL(security_xfrm_policy_alloc); 5059 5097 ··· 5070 5108 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, 5071 5109 struct xfrm_sec_ctx **new_ctxp) 5072 5110 { 5073 - return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp); 5111 + return call_int_hook(xfrm_policy_clone_security, old_ctx, new_ctxp); 5074 5112 } 5075 5113 5076 5114 /** ··· 5095 5133 */ 5096 5134 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 5097 5135 { 5098 - return call_int_hook(xfrm_policy_delete_security, 0, ctx); 5136 + return call_int_hook(xfrm_policy_delete_security, ctx); 5099 5137 } 5100 5138 5101 5139 /** ··· 5112 5150 int security_xfrm_state_alloc(struct xfrm_state *x, 5113 5151 struct xfrm_user_sec_ctx *sec_ctx) 5114 5152 { 5115 - return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx); 5153 + return call_int_hook(xfrm_state_alloc, x, sec_ctx); 5116 5154 } 5117 5155 EXPORT_SYMBOL(security_xfrm_state_alloc); 5118 5156 ··· 5131 5169 int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 5132 5170 struct xfrm_sec_ctx *polsec, u32 secid) 5133 5171 { 5134 - return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid); 5172 + return call_int_hook(xfrm_state_alloc_acquire, x, polsec, secid); 5135 5173 } 5136 5174 5137 5175 /** ··· 5144 5182 */ 5145 5183 int security_xfrm_state_delete(struct xfrm_state *x) 5146 5184 { 5147 - return call_int_hook(xfrm_state_delete_security, 0, x); 5185 + return call_int_hook(xfrm_state_delete_security, x); 5148 5186 } 5149 5187 EXPORT_SYMBOL(security_xfrm_state_delete); 5150 5188 ··· 5173 5211 */ 5174 5212 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 5175 5213 { 5176 - return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid); 5214 + return call_int_hook(xfrm_policy_lookup, ctx, fl_secid); 5177 5215 } 5178 5216 5179 5217 /** ··· 5221 5259 */ 5222 5260 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 5223 5261 { 5224 - return call_int_hook(xfrm_decode_session, 0, skb, secid, 1); 5262 + return call_int_hook(xfrm_decode_session, skb, secid, 1); 5225 5263 } 5226 5264 5227 5265 void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic) 5228 5266 { 5229 - int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid, 5267 + int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid, 5230 5268 0); 5231 5269 5232 5270 BUG_ON(rc); ··· 5249 5287 int security_key_alloc(struct key *key, const struct cred *cred, 5250 5288 unsigned long flags) 5251 5289 { 5252 - return call_int_hook(key_alloc, 0, key, cred, flags); 5290 + return call_int_hook(key_alloc, key, cred, flags); 5253 5291 } 5254 5292 5255 5293 /** ··· 5276 5314 int security_key_permission(key_ref_t key_ref, const struct cred *cred, 5277 5315 enum key_need_perm need_perm) 5278 5316 { 5279 - return call_int_hook(key_permission, 0, key_ref, cred, need_perm); 5317 + return call_int_hook(key_permission, key_ref, cred, need_perm); 5280 5318 } 5281 5319 5282 5320 /** ··· 5295 5333 int security_key_getsecurity(struct key *key, char **buffer) 5296 5334 { 5297 5335 *buffer = NULL; 5298 - return call_int_hook(key_getsecurity, 0, key, buffer); 5336 + return call_int_hook(key_getsecurity, key, buffer); 5337 + } 5338 + 5339 + /** 5340 + * security_key_post_create_or_update() - Notification of key create or update 5341 + * @keyring: keyring to which the key is linked to 5342 + * @key: created or updated key 5343 + * @payload: data used to instantiate or update the key 5344 + * @payload_len: length of payload 5345 + * @flags: key flags 5346 + * @create: flag indicating whether the key was created or updated 5347 + * 5348 + * Notify the caller of a key creation or update. 5349 + */ 5350 + void security_key_post_create_or_update(struct key *keyring, struct key *key, 5351 + const void *payload, size_t payload_len, 5352 + unsigned long flags, bool create) 5353 + { 5354 + call_void_hook(key_post_create_or_update, keyring, key, payload, 5355 + payload_len, flags, create); 5299 5356 } 5300 5357 #endif /* CONFIG_KEYS */ 5301 5358 ··· 5333 5352 */ 5334 5353 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) 5335 5354 { 5336 - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); 5355 + return call_int_hook(audit_rule_init, field, op, rulestr, lsmrule); 5337 5356 } 5338 5357 5339 5358 /** ··· 5347 5366 */ 5348 5367 int security_audit_rule_known(struct audit_krule *krule) 5349 5368 { 5350 - return call_int_hook(audit_rule_known, 0, krule); 5369 + return call_int_hook(audit_rule_known, krule); 5351 5370 } 5352 5371 5353 5372 /** ··· 5377 5396 */ 5378 5397 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) 5379 5398 { 5380 - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); 5399 + return call_int_hook(audit_rule_match, secid, field, op, lsmrule); 5381 5400 } 5382 5401 #endif /* CONFIG_AUDIT */ 5383 5402 ··· 5396 5415 */ 5397 5416 int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) 5398 5417 { 5399 - return call_int_hook(bpf, 0, cmd, attr, size); 5418 + return call_int_hook(bpf, cmd, attr, size); 5400 5419 } 5401 5420 5402 5421 /** ··· 5411 5430 */ 5412 5431 int security_bpf_map(struct bpf_map *map, fmode_t fmode) 5413 5432 { 5414 - return call_int_hook(bpf_map, 0, map, fmode); 5433 + return call_int_hook(bpf_map, map, fmode); 5415 5434 } 5416 5435 5417 5436 /** ··· 5425 5444 */ 5426 5445 int security_bpf_prog(struct bpf_prog *prog) 5427 5446 { 5428 - return call_int_hook(bpf_prog, 0, prog); 5447 + return call_int_hook(bpf_prog, prog); 5429 5448 } 5430 5449 5431 5450 /** ··· 5442 5461 int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr, 5443 5462 struct bpf_token *token) 5444 5463 { 5445 - return call_int_hook(bpf_map_create, 0, map, attr, token); 5464 + return call_int_hook(bpf_map_create, map, attr, token); 5446 5465 } 5447 5466 5448 5467 /** ··· 5460 5479 int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr, 5461 5480 struct bpf_token *token) 5462 5481 { 5463 - return call_int_hook(bpf_prog_load, 0, prog, attr, token); 5482 + return call_int_hook(bpf_prog_load, prog, attr, token); 5464 5483 } 5465 5484 5466 5485 /** ··· 5477 5496 int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 5478 5497 struct path *path) 5479 5498 { 5480 - return call_int_hook(bpf_token_create, 0, token, attr, path); 5499 + return call_int_hook(bpf_token_create, token, attr, path); 5481 5500 } 5482 5501 5483 5502 /** ··· 5493 5512 */ 5494 5513 int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd) 5495 5514 { 5496 - return call_int_hook(bpf_token_cmd, 0, token, cmd); 5515 + return call_int_hook(bpf_token_cmd, token, cmd); 5497 5516 } 5498 5517 5499 5518 /** ··· 5509 5528 */ 5510 5529 int security_bpf_token_capable(const struct bpf_token *token, int cap) 5511 5530 { 5512 - return call_int_hook(bpf_token_capable, 0, token, cap); 5531 + return call_int_hook(bpf_token_capable, token, cap); 5513 5532 } 5514 5533 5515 5534 /** ··· 5557 5576 */ 5558 5577 int security_locked_down(enum lockdown_reason what) 5559 5578 { 5560 - return call_int_hook(locked_down, 0, what); 5579 + return call_int_hook(locked_down, what); 5561 5580 } 5562 5581 EXPORT_SYMBOL(security_locked_down); 5563 5582 ··· 5573 5592 */ 5574 5593 int security_perf_event_open(struct perf_event_attr *attr, int type) 5575 5594 { 5576 - return call_int_hook(perf_event_open, 0, attr, type); 5595 + return call_int_hook(perf_event_open, attr, type); 5577 5596 } 5578 5597 5579 5598 /** ··· 5586 5605 */ 5587 5606 int security_perf_event_alloc(struct perf_event *event) 5588 5607 { 5589 - return call_int_hook(perf_event_alloc, 0, event); 5608 + return call_int_hook(perf_event_alloc, event); 5590 5609 } 5591 5610 5592 5611 /** ··· 5610 5629 */ 5611 5630 int security_perf_event_read(struct perf_event *event) 5612 5631 { 5613 - return call_int_hook(perf_event_read, 0, event); 5632 + return call_int_hook(perf_event_read, event); 5614 5633 } 5615 5634 5616 5635 /** ··· 5623 5642 */ 5624 5643 int security_perf_event_write(struct perf_event *event) 5625 5644 { 5626 - return call_int_hook(perf_event_write, 0, event); 5645 + return call_int_hook(perf_event_write, event); 5627 5646 } 5628 5647 #endif /* CONFIG_PERF_EVENTS */ 5629 5648 ··· 5639 5658 */ 5640 5659 int security_uring_override_creds(const struct cred *new) 5641 5660 { 5642 - return call_int_hook(uring_override_creds, 0, new); 5661 + return call_int_hook(uring_override_creds, new); 5643 5662 } 5644 5663 5645 5664 /** ··· 5652 5671 */ 5653 5672 int security_uring_sqpoll(void) 5654 5673 { 5655 - return call_int_hook(uring_sqpoll, 0); 5674 + return call_int_hook(uring_sqpoll); 5656 5675 } 5657 5676 5658 5677 /** ··· 5665 5684 */ 5666 5685 int security_uring_cmd(struct io_uring_cmd *ioucmd) 5667 5686 { 5668 - return call_int_hook(uring_cmd, 0, ioucmd); 5687 + return call_int_hook(uring_cmd, ioucmd); 5669 5688 } 5670 5689 #endif /* CONFIG_IO_URING */
+2 -1
security/selinux/hooks.c
··· 3135 3135 return rc; 3136 3136 } 3137 3137 3138 - static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 3138 + static int selinux_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 3139 + struct iattr *iattr) 3139 3140 { 3140 3141 const struct cred *cred = current_cred(); 3141 3142 struct inode *inode = d_backing_inode(dentry);
+3 -1
security/smack/smack_lsm.c
··· 1238 1238 1239 1239 /** 1240 1240 * smack_inode_setattr - Smack check for setting attributes 1241 + * @idmap: idmap of the mount 1241 1242 * @dentry: the object 1242 1243 * @iattr: for the force flag 1243 1244 * 1244 1245 * Returns 0 if access is permitted, an error code otherwise 1245 1246 */ 1246 - static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 1247 + static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 1248 + struct iattr *iattr) 1247 1249 { 1248 1250 struct smk_audit_info ad; 1249 1251 int rc;
+6
tools/testing/selftests/lsm/lsm_list_modules_test.c
··· 122 122 case LSM_ID_LANDLOCK: 123 123 name = "landlock"; 124 124 break; 125 + case LSM_ID_IMA: 126 + name = "ima"; 127 + break; 128 + case LSM_ID_EVM: 129 + name = "evm"; 130 + break; 125 131 default: 126 132 name = "INVALID"; 127 133 break;