Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1004457imm;
        Sat, 14 Jul 2018 19:31:10 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpd9e2uzvN+dIrbzWGwQnG8iQ3izswBp68O3K6D2hULQ+iR+FBw39c8xiR5BGSKS/JFEmp4T
X-Received: by 2002:a65:420d:: with SMTP id c13-v6mr11088956pgq.265.1531621870179;
        Sat, 14 Jul 2018 19:31:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531621870; cv=none;
        d=google.com; s=arc-20160816;
        b=gciJTNcHCa3v2+OPSI4+RrxycxiW+Hw/VAyvUik8IGwJvbAVHwlcjMc4c/z6Zb7IEa
         U0NWeztD7ggdWOhj9fBFMnmWUpMy3Ux/Okw+UcwWSb1fumSdBKobKGid9yH/NqRQcMJk
         7A8UC6RaBwUJ2ceESx0Q2B08wMq3PmSIGjPjiwRts/GknoYh4iNJkVR01EiPwwB100Ac
         Kep6kA5Weqp/qNfQbWMg3s/ynxy1miZTjWn4IRoTsA9zhZ8jpGuDbvkt0+TJj5kyhqeB
         Q6AwwcrbDj2Oy/ZIPUfKEV+Sb/eOelC+oXMFXt1LfMlsNVRyKHSx6JG2NTcuM7DsYPWU
         WaYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=yFzM0RpwZnn2muQmo+WABxL3IzHrDcFuE91R9M0ENio=;
        b=b8pnoqtfwhRPuXQCANJA3+olNvl/V8bgXpX37JE/O7rOBP2vgTb2ZDdU65SoqIKNL4
         ZquitDmxooiw75nxXAtSNCKXbryWSZ0+hAfWKpsqkHJdoUSZAHktv/DOXrYueqfQylNK
         cLtJRYTq4ko7KLhnjahm7/WaD/5bR4PcBLGB+V99U7pOiTRagnYSYPYb33ABsPkWg98E
         rb3ZnDFfMWfLoL5h2gziBUHLELwQzY80HMhcVgQCWCA08ryITkEJwR9hecfblTrbd1dQ
         oIkuoCu9Bp38nAlcrU71UYDC6lLE/hEfmRvWAeDFiS029K6rrkhZernuT1Ob8T/eNPQj
         pT0A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=CM33lOZ5;
       dkim=fail header.i=@chromium.org header.s=google header.b=VaHK0NhW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g1-v6si27720614pld.11.2018.07.14.19.30.55;
        Sat, 14 Jul 2018 19:31:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=CM33lOZ5;
       dkim=fail header.i=@chromium.org header.s=google header.b=VaHK0NhW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732896AbeGOCvX (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Sat, 14 Jul 2018 22:51:23 -0400
Received: from mail-yw0-f196.google.com ([209.85.161.196]:45176 "EHLO
        mail-yw0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732006AbeGOCvX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 14 Jul 2018 22:51:23 -0400
Received: by mail-yw0-f196.google.com with SMTP id 139-v6so13090604ywg.12
        for <linux-kernel@vger.kernel.org>; Sat, 14 Jul 2018 19:30:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=yFzM0RpwZnn2muQmo+WABxL3IzHrDcFuE91R9M0ENio=;
        b=CM33lOZ5inIR4/Xz417T8TYZT7HwY0zhISTfm47sHKhYEF9nHmmbCGpupYWXVf/65p
         O4fl90W7PKOAlJQsiSojaVtdzetkg6+UHksnTr9C2UIYpJaI15o3KOXKEuBAcJuCPgPX
         S3PDrp0KgtubyM6f5tAUDySvtpC0SZKwUayKtcwxWkPRUb4fsmKF+j+kcZzPEu2BX0Pn
         OV2B15lh6vvh40pzwW10CGae5NOt9np9n/MVTD/LX7WyPUuppyOts5pvYV0if4ClSnRB
         lFrF8Es6oogxsQgM2tgmw7ZMoFBTf0MQbYz1IJ/OnAHT0/9k5nJ8iVq1H5zkdgKt1GYN
         ZF0Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=yFzM0RpwZnn2muQmo+WABxL3IzHrDcFuE91R9M0ENio=;
        b=VaHK0NhWLSaEv/B46qJpG+4B9etbMz3lkmD9qLTsQNu4kLBwJ7Qp8F/FTF6p8ik/Zw
         23QGiLYx4lWEkIXlWjgu4e0gkEMjpt3FW6t8kA6RjFnWbfDVYzBskFtmMOKYWVq5jrSv
         3Nnd5SjIqruuJoEbdEWqDeCgOvdPsUBAnNjB0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=yFzM0RpwZnn2muQmo+WABxL3IzHrDcFuE91R9M0ENio=;
        b=HCOKWNhNKki5yuO02WILWDgN8QVGkfnc5pJcuvOJgJq9Rgk9qRfP5WvV4muyDJjCDk
         nzi5GNrcs9xflVgDPA46xomZFFHVRZcwBYIbDxhf0dpBrmKL3nWekC4/fWvaN+jStg0m
         NGIg3Zr4uVGtAC3RYMZOmFPyLSERG0HQzeZ/+oXRkLcmHUS7h8aoqIrk+rsEHRUUWM73
         0y2BxSj2KbmisjmeElV06Nvp5vgD3kVbV2t4DpnGjsFBPR4bbe1tRZdKuqI8/OR6E91/
         mPJ+NMkRBDnZ6h0jF+9lJ57Dy5aizSfUB5P61XkY9EF3K/wMiqUu66OWVUKb2r/hmp4Y
         Fsjw==
X-Gm-Message-State: AOUpUlExDbSLxyE6N0K71C4za2+13JwXWbsu1/mdCqkJLrgYeX5Xpcdy
        bdExJWtl6Ox+oJCsPtm08phb5B3xAQOlAs5RYD296g==
X-Received: by 2002:a81:8742:: with SMTP id x63-v6mr5877480ywf.129.1531621810833;
 Sat, 14 Jul 2018 19:30:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:6602:0:0:0:0:0 with HTTP; Sat, 14 Jul 2018 19:30:10
 -0700 (PDT)
In-Reply-To: <1531505163-20227-8-git-send-email-zohar@linux.vnet.ibm.com>
References: <1531505163-20227-1-git-send-email-zohar@linux.vnet.ibm.com> <1531505163-20227-8-git-send-email-zohar@linux.vnet.ibm.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Sat, 14 Jul 2018 19:30:10 -0700
X-Google-Sender-Auth: dXe2F_noq_hjktFHg70rwvVclkk
Message-ID: <CAGXu5j+RvX+CKMP5PWjAPmDpvO4N+t1JQ3C5zr3F-y-T-AH_ng@mail.gmail.com>
Subject: Re: [PATCH v6 7/8] module: replace the existing LSM hook in init_module
To:     Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc:     linux-integrity <linux-integrity@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "Luis R . Rodriguez" <mcgrof@kernel.org>,
        Eric Biederman <ebiederm@xmission.com>,
        Kexec Mailing List <kexec@lists.infradead.org>,
        Andres Rodriguez <andresx7@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Jeff Vander Stoep <jeffv@google.com>,
        Casey Schaufler <casey@schaufler-ca.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jul 13, 2018 at 11:06 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Both the init_module and finit_module syscalls call either directly
> or indirectly the security_kernel_read_file LSM hook.  This patch
> replaces the direct call in init_module with a call to the new
> security_kernel_load_data hook and makes the corresponding changes
> in SELinux, LoadPin, and IMA.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Jeff Vander Stoep <jeffv@google.com>
> Cc: Casey Schaufler <casey@schaufler-ca.com>
> Cc: Kees Cook <keescook@chromium.org>
> Acked-by: Jessica Yu <jeyu@kernel.org>
> Acked-by: Paul Moore <paul@paul-moore.com>

Acked-by: Kees Cook <keescook@chromium.org>

Thanks!

-Kees

-- 
Kees Cook
Pixel Security