Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp3189301pxa;
        Tue, 18 Aug 2020 08:46:47 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxM5ot2R2uWmanNIn/MouLdMAbgymFu/3EMnR1n2WnJamUD4M7WkC7oI9ZJNT4fYdR1KeWu
X-Received: by 2002:a50:e109:: with SMTP id h9mr20621258edl.47.1597765607112;
        Tue, 18 Aug 2020 08:46:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597765607; cv=none;
        d=google.com; s=arc-20160816;
        b=Xy8avdvnr5raXU5mgTz8NuEciY5T/7EU8Ztt85kgmFXgkIYXc3knPRZHm1+Tpd6eN+
         J2QuFUh/22Crpq/FgPahD7fPwuUf3NRnaSPOM87KoyRseLIvOk+47WOjD6XIL7dNHZEN
         CZX4vLsCqenkNOQ1vyAvqY0VRuC5f8rxBS+xN3A4Qzy51sC/+zCkikheIFr1LdDJUojx
         1U31yRkuJY5SpcN7sy9r4VhxzCHsxVSYu8yHC+iNJvMRkxKszKUifwaIWSiBDGr6ZffO
         8GHatduP2Y+T9aKuaMLyqY35I2uMtVbjQ1IKQhaJGp60VedwGPrmETtdHEWc8loYp8nX
         eBYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=N3iexbtWVaSapQBiNL26eq7u9ZzdSr96nMwW96S+4Jo=;
        b=TNAPDG8YVt/OpGtxV4HElo8rLM10Tn3Jm+G8gzWpntzWt7k5B3OIlrA1J5h4tmSWe+
         oy0pYTOgLaRGoQwsYBQO4t7J5fye2AuGZVIdOsZA3Q1lF0W+1jVPfpniQ4ZCXTj/ZPMm
         z/msjqhwyAPfq3lRLWbxA/KE01D58k9SqBQkJYjCIjw8XviKw+h4IGEVg0YIQeazUw/W
         i1U7ZWVL4B7rUsymTzDV+hGJ9gFZuEB2XXGEmrcuXdLE+ff/QDKkNK97AcFd/j7Lk73s
         5afJ5wojus/uWosinERcWiYw5FL+weagTgZaW3KI39B8dlLeSajHzQYcRtjG4b4EDtBw
         fpLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bi9si17591065edb.366.2020.08.18.08.46.22;
        Tue, 18 Aug 2020 08:46:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727979AbgHRPo4 (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Tue, 18 Aug 2020 11:44:56 -0400
Received: from lhrrgout.huawei.com ([185.176.76.210]:2636 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726685AbgHRPob (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Aug 2020 11:44:31 -0400
Received: from lhreml722-chm.china.huawei.com (unknown [172.18.7.107])
        by Forcepoint Email with ESMTP id 87348B7096922947690A;
        Tue, 18 Aug 2020 16:44:30 +0100 (IST)
Received: from kstruczy-linux-box (10.204.65.138) by
 lhreml722-chm.china.huawei.com (10.201.108.73) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1913.5; Tue, 18 Aug 2020 16:44:28 +0100
Received: by kstruczy-linux-box (sSMTP sendmail emulation); Tue, 18 Aug 2020 17:44:31 +0200
From:   <krzysztof.struczynski@huawei.com>
To:     <linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <containers@lists.linux-foundation.org>,
        <linux-security-module@vger.kernel.org>
CC:     <zohar@linux.ibm.com>, <stefanb@linux.vnet.ibm.com>,
        <sunyuqiong1988@gmail.com>, <mkayaalp@cs.binghamton.edu>,
        <dmitry.kasatkin@gmail.com>, <serge@hallyn.com>,
        <jmorris@namei.org>, <christian@brauner.io>,
        <silviu.vlasceanu@huawei.com>, <roberto.sassu@huawei.com>,
        Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Subject: [RFC PATCH 13/30] ima: Add a new ima template that includes namespace ID
Date:   Tue, 18 Aug 2020 17:42:13 +0200
Message-ID: <20200818154230.14016-4-krzysztof.struczynski@huawei.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200818154230.14016-1-krzysztof.struczynski@huawei.com>
References: <20200818154230.14016-1-krzysztof.struczynski@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.204.65.138]
X-ClientProxiedBy: fraeml707-chm.china.huawei.com (10.206.15.35) To
 lhreml722-chm.china.huawei.com (10.201.108.73)
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>

Add a new ima-ns template:
"d-ng|n-ng|ns"

Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
---
 security/integrity/ima/ima_template.c     |  5 ++++-
 security/integrity/ima/ima_template_lib.c | 13 +++++++++++++
 security/integrity/ima/ima_template_lib.h |  2 ++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 945e70fafd2e..2020bd5176a4 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -22,6 +22,7 @@ static struct ima_template_desc builtin_templates[] = {
 	{.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
 	{.name = "ima-buf", .fmt = "d-ng|n-ng|buf"},
 	{.name = "ima-modsig", .fmt = "d-ng|n-ng|sig|d-modsig|modsig"},
+	{.name = "ima-ns", .fmt = "d-ng|n-ng|ns"},
 	{.name = "", .fmt = ""},	/* placeholder for a custom format */
 };
 
@@ -45,6 +46,8 @@ static const struct ima_template_field supported_fields[] = {
 	 .field_show = ima_show_template_digest_ng},
 	{.field_id = "modsig", .field_init = ima_eventmodsig_init,
 	 .field_show = ima_show_template_sig},
+	{.field_id = "ns", .field_init = ima_eventns_init,
+	 .field_show = ima_show_template_buf},
 };
 
 /*
@@ -52,7 +55,7 @@ static const struct ima_template_field supported_fields[] = {
  * need to be accounted for since they shouldn't be defined in the same template
  * description as 'd-ng' and 'n-ng' respectively.
  */
-#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf|d-modisg|modsig")
+#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf|d-modisg|modsig|ns")
 
 static struct ima_template_desc *ima_template;
 
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 635c6ac05050..cda5374dbbc4 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -484,3 +484,16 @@ int ima_eventmodsig_init(struct ima_event_data *event_data,
 	return ima_write_template_field_data(data, data_len, DATA_FMT_HEX,
 					     field_data);
 }
+
+/*
+ *  ima_eventns_init - include the ima namespace id as part of the
+ *  template data
+ */
+int ima_eventns_init(struct ima_event_data *event_data,
+		     struct ima_field_data *field_data)
+{
+	return ima_write_template_field_data(&(event_data->ns_id),
+					     sizeof(event_data->ns_id),
+					     DATA_FMT_HEX,
+					     field_data);
+}
diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h
index 9a88c79a7a61..7e67d1402192 100644
--- a/security/integrity/ima/ima_template_lib.h
+++ b/security/integrity/ima/ima_template_lib.h
@@ -46,4 +46,6 @@ int ima_eventbuf_init(struct ima_event_data *event_data,
 		      struct ima_field_data *field_data);
 int ima_eventmodsig_init(struct ima_event_data *event_data,
 			 struct ima_field_data *field_data);
+int ima_eventns_init(struct ima_event_data *event_data,
+		     struct ima_field_data *field_data);
 #endif /* __LINUX_IMA_TEMPLATE_LIB_H */
-- 
2.20.1