Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4282229imu;
        Tue, 18 Dec 2018 12:02:55 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XZreD24h9XfPzb+1yBpoBAVKCtgGuy6D1aWYke478c4hzHOx++ik7be9x6Uy+rEHoUOfzC
X-Received: by 2002:a63:d50f:: with SMTP id c15mr15449193pgg.287.1545163375691;
        Tue, 18 Dec 2018 12:02:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545163375; cv=none;
        d=google.com; s=arc-20160816;
        b=gXknunZlU9pk7cQgC1xbJCjgyJ/85mEeqUy7WYYR89V6JTapLNqzFjcKSzp/g58xRc
         rH1DTTO8FMkIarcT+bbiiIGZ0MmplITKzlXV0cSTxRXwpzPaLTJnmRxHnQIgiAFbwLCo
         jRqIc0c7CDvs6Tddr4mvN9jXtHHF8cs5UsEmuYa2CU+fkP66yfMHUHbhauy6xstNkxEj
         aLCnha8QiMTMbbyyXv5ovJVJ5oxhdLRim+ISVi4OnLikLODjRjgnlxUEDOIUFs/jUzR+
         kOBB4mGyoHPvUToMq94Qjv5yEgxJWT1ChlNebbVt7cB1hyYBNjYCffBQ/1JyBBNrt/2T
         JsrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :mime-version:date:cc:to:from:subject;
        bh=Lwy/USTdxK2q6niLAeWohWDclAWsG8VMdsa5CznsxCY=;
        b=w3MU+C5GpApOF7H/S7akt8+uLoGKWA2H7sNwQVmN0ElzrBNby0g+8TLti9jGSHITqy
         hltYLvLnfECvlW8Ix7ibeQeyA35tKS9JBJbES5GDaX76pAlZSo4DTigb6ClGcjYlGG/r
         tjZ3ojrm1Cz9wGud/SS3kgESpKZeQk7vvyUFNaTyV8fGl94zMRVLGrbEiFf2wz+cqVlY
         EOgMI91Jy10Vua2W4NT14W5xDfXDkVEk1KYlhW4muj+bhYZfWmXqbRE4KOizDB4SStMd
         U2Rvxmu/Gs/6GpDmae5xKFIX7XYkMx6nv8DHLeM/DI5qnqSk9mBT/G0kbhjI9ABEd8kV
         fTZA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n15si13284870pgk.27.2018.12.18.12.02.24;
        Tue, 18 Dec 2018 12:02:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726766AbeLRSsC (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Tue, 18 Dec 2018 13:48:02 -0500
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:53790 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726723AbeLRSsB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Dec 2018 13:48:01 -0500
Received: from pps.filterd (m0098416.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBIId3Yo017899
        for <linux-kernel@vger.kernel.org>; Tue, 18 Dec 2018 13:48:00 -0500
Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2pf33b98xy-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Tue, 18 Dec 2018 13:47:59 -0500
Received: from localhost
        by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Tue, 18 Dec 2018 18:47:58 -0000
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Tue, 18 Dec 2018 18:47:55 -0000
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wBIIlsB95439790
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Tue, 18 Dec 2018 18:47:54 GMT
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id B7732A4064;
        Tue, 18 Dec 2018 18:47:54 +0000 (GMT)
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id F1D5AA405B;
        Tue, 18 Dec 2018 18:47:53 +0000 (GMT)
Received: from dhcp-9-31-102-82.watson.ibm.com (unknown [9.31.102.82])
        by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Tue, 18 Dec 2018 18:47:53 +0000 (GMT)
Subject: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add
 missing call
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     gnaz Forster <iforster@suse.de>
Cc:     linux-integrity <linux-integrity@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        Goldwyn Rodrigues <rgoldwyn@suse.com>,
        Fabian Vogt <fvogt@suse.de>, Al Viro <viro@ZenIV.linux.org.uk>
Date:   Tue, 18 Dec 2018 13:47:53 -0500
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
x-cbid: 18121818-0008-0000-0000-000002A32EAC
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18121818-0009-0000-0000-0000220DC357
Message-Id: <1545158873.4206.86.camel@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-18_08:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=11 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1812180155
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

If tmpfiles can be made persistent, then newly created tmpfiles need to
be treated like any other new files in policy.

This patch indicates which newly created tmpfiles are in policy, causing
the file hash to be calculated on __fput().

Reported-by: Ignaz Forster <ignaz.forster@gmx.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
Changelog:
- Fixed Subject line function name
- Addressed 0-day report: warning: 'return' with a value, in function returning void

 fs/namei.c                        |  2 ++
 include/linux/ima.h               |  6 ++++++
 security/integrity/ima/ima_main.c | 36 ++++++++++++++++++++++++++++++++++--
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 0cab6494978c..0911837979f6 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3495,6 +3495,8 @@ static int do_tmpfile(struct nameidata *nd, unsigned flags,
 		goto out2;
 	file->f_path.mnt = path.mnt;
 	error = finish_open(file, child, NULL);
+	if (!error)
+		ima_post_create_tmpfile(file);
 out2:
 	mnt_drop_write(path.mnt);
 out:
diff --git a/include/linux/ima.h b/include/linux/ima.h
index b5e16b8c50b7..e863c82bb258 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -18,6 +18,7 @@ struct linux_binprm;
 #ifdef CONFIG_IMA
 extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
+extern void ima_post_create_tmpfile(const struct file *file);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern int ima_load_data(enum kernel_load_data_id id);
@@ -56,6 +57,11 @@ static inline int ima_file_check(struct file *file, int mask)
 	return 0;
 }
 
+static inline void ima_post_create_tmpfile(const struct file *file)
+{
+	return;
+}
+
 static inline void ima_file_free(struct file *file)
 {
 	return;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index bd9bd5f88206..388458c8ec29 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -395,6 +395,34 @@ int ima_file_check(struct file *file, int mask)
 EXPORT_SYMBOL_GPL(ima_file_check);
 
 /**
+ * ima_post_create_tmpfile - mark newly created tmpfile as new
+ * @file : newly created tmpfile
+ *
+ * No measuring, appraising or auditing of newly created tmpfiles is needed.
+ * Skip calling process_measurement(), but indicate which newly, created
+ * tmpfiles are in policy.
+ */
+void ima_post_create_tmpfile(const struct file *file)
+{
+	struct inode *inode = file_inode(file);
+	struct integrity_iint_cache *iint;
+	int must_appraise;
+
+	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
+	if (!must_appraise)
+		return;
+
+	/* Nothing to do if we can't allocate memory */
+	iint = integrity_inode_get(inode);
+	if (!iint)
+		return;
+
+	/* needed for writing the security xattrs */
+	set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
+	iint->ima_file_status = INTEGRITY_PASS;
+}
+
+/**
  * ima_post_path_mknod - mark as a new inode
  * @dentry: newly created dentry
  *
@@ -411,9 +439,13 @@ void ima_post_path_mknod(struct dentry *dentry)
 	if (!must_appraise)
 		return;
 
+	/* Nothing to do if we can't allocate memory */
 	iint = integrity_inode_get(inode);
-	if (iint)
-		iint->flags |= IMA_NEW_FILE;
+	if (!iint)
+		return;
+
+	/* needed for re-opening empty files */
+	iint->flags |= IMA_NEW_FILE;
 }
 
 /**
-- 
2.7.5