Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1559978rwi;
        Thu, 13 Oct 2022 15:56:59 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7vf3jjWGt1vjcReUHiIcQdhAGEioMyQ/firHKBJplsli32sdT7LxDrSeh4HfsslzIY5iNd
X-Received: by 2002:a17:90b:4c8c:b0:20b:d3f:3c8a with SMTP id my12-20020a17090b4c8c00b0020b0d3f3c8amr2187898pjb.219.1665701819050;
        Thu, 13 Oct 2022 15:56:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665701819; cv=none;
        d=google.com; s=arc-20160816;
        b=YNBtjNRWUi0fnSEle/1UgikWJGp4Lhle+vtQt0khpJBV+TprseammoFitMWBKsgDqP
         y20z2YV612SiwYngdQQ1AFelV3yJPplNOpaQ+0vl4YfMGmvfvISLGBgRC+nO17HcGAQD
         CEsm0ommMufPFPhmN5FYj4TDHJ/0/efd1GcfY36S7GZuXY8G12EU8a2W6o3glCj7rra5
         Sla6j3YLg62frhi77eVtr60R5elk0mg/3bpBZZwf8AQvRxF3KG5CCKiPsEuRMsCgDKgU
         kC/qMZcnuyQiZ5PuelmqKZbnrhy+0oRpwJZmqkttib6PA6joaYlEDB7Y1WxDqLoft0fM
         YMYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=jQAeNxeJTyn1Cn+RS6Vx/H+Tf8STo7ROWsmXYvM9Qw8=;
        b=HkzwipuDEHkgeuByAgej6QpkfmuiV/bECnp5z7QhJsqUTZYXD46bF4R1RFQdWUqDe2
         h1qQ8b2MmH89a516SL9QKntiJT9M3wiA8STZq60xHdoqf0+7Innom4HshPUG7dQptBr4
         gi01NvOElfLVDIyMsez/usC182S6MOL/KixM2MGNRUREHPAkZyyLRmG7CWI5aYRvWcr7
         iwRhTBo+jPKpraCzIUM+cln4LGu51kQ6ZF//IkoQ+CXNbw9a4k29UKC6mDBMEGSgQa6L
         tn5lDcPBC+KzhS/c/4uOINXRgyPAtcHFXgq5QZW1Lxb7FU8OykI/lKBkC+OlhDyMCuwo
         EgpA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=SNm7kh5c;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i6-20020a17090ad34600b001fd81d07d0esi798111pjx.123.2022.10.13.15.56.47;
        Thu, 13 Oct 2022 15:56:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=SNm7kh5c;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229751AbiJMWhK (ORCPT <rfc822;aradford@gmail.com> + 99 others);
        Thu, 13 Oct 2022 18:37:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43464 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229715AbiJMWhC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Oct 2022 18:37:02 -0400
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D39EAE84C
        for <linux-kernel@vger.kernel.org>; Thu, 13 Oct 2022 15:36:59 -0700 (PDT)
Received: by mail-pj1-x1035.google.com with SMTP id t12-20020a17090a3b4c00b0020b04251529so3132877pjf.5
        for <linux-kernel@vger.kernel.org>; Thu, 13 Oct 2022 15:36:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=jQAeNxeJTyn1Cn+RS6Vx/H+Tf8STo7ROWsmXYvM9Qw8=;
        b=SNm7kh5cQEfxOs/f0jz3d4Jijz9U3R0dSyHk83VFHEj3lKztL9+ZZBtOQsrmRusMAP
         vQ7Wb/df4yYUiVKsIpuC2RxcKVugp3kjAvaZcAGdJAQZrPkLvpMiLHd6/6kmsuEVI6mh
         gqPlQNFg+XW8QwdJ3y2wI4e5o3b5PHnLwp3jo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jQAeNxeJTyn1Cn+RS6Vx/H+Tf8STo7ROWsmXYvM9Qw8=;
        b=l3MMoDtV08MC+ELDSl/yZurH3bSb9dQ8iV1s05pDksI3s+a76PPuwflp9QJt63j5n9
         0odvUzdz5Ig//jFbJ1eqvaG3Wp0dGL7uEjil1WjVehfzurJXh5jN/qdXCn4vR/4mtD6k
         8v1VwqP/hSkg53VKqI7nYu8PV8tyNAmoxvhuBMRdeaHG6QalzjV17SQhjuUYDLmIScyt
         iMKU58sTgs5td0YeiMNWh2pci5s/QOy2plM7YA4r1BKor4x87ZyyVVnT86VbZ+b3n3YV
         f/LsSjL8VUhCMcACNC2iuChEamChg8cHcN0uwOIF5J3kVZybq1nyuvUYeSXrTEWGU/sr
         nUfA==
X-Gm-Message-State: ACrzQf3gE939Hot+yd1knJpWUln3WyB9QrpIsFHVMGzauZjV0gJ4sua4
        WKldIz4BWys4tHXB63FXOlFLzw==
X-Received: by 2002:a17:902:bd98:b0:182:631b:7dd5 with SMTP id q24-20020a170902bd9800b00182631b7dd5mr1848776pls.165.1665700618483;
        Thu, 13 Oct 2022 15:36:58 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id i3-20020a17090a2a0300b0020a1f091a0asm3685673pjd.55.2022.10.13.15.36.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Oct 2022 15:36:56 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     Mimi Zohar <zohar@linux.ibm.com>
Cc:     Kees Cook <keescook@chromium.org>,
        Paul Moore <paul@paul-moore.com>,
        =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net>,
        KP Singh <kpsingh@kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        John Johansen <john.johansen@canonical.com>,
        James Morris <jmorris@namei.org>, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-integrity@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH 0/9] integrity: Move hooks into LSM
Date:   Thu, 13 Oct 2022 15:36:45 -0700
Message-Id: <20221013222702.never.990-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Developer-Signature: v=1; a=openpgp-sha256; l=2329; h=from:subject:message-id; bh=Rqb1/7Rmsyt9YO6WJZlgGJd4M6/XeTOUzpcOQEF2HJw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjSJMDeaBP2XLSDLNB3r+80mq1j5GFVEDof8xNcCU3 kutSPj6JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY0iTAwAKCRCJcvTf3G3AJjtxEA CX4on0FfpHi6vw4tRbZo7sYkWND2hfsGJx0dve8cpcdOLP00fga+uc+6ELIMcpIV4W76BKZp8WLZgA 8iz2mvEp+kAtKrO+MymemcX2gWvBNFQ6oqKDJTafK3LuQtVhl6KoYMuTyOYB0ZYFfLU2LZZ0zCABw+ 9xSIjtSrKzKbBLeFvOC66vyTTmwoKUrw+NYgFu+vE2qVK2OOyhy88qAL8YiGt7WRfbUbUKCPkzWSSe Z8zOzGTm8tsJEJUdgV1GBi6YeluCVM1YLQGc8ZDsQJwYsFcDfTxI1MftUBU1O1/4iqcSXVVhJLvcuj iyANrNCCyUlc5suVeGWwJjwBpK2J68zlCkWpMPkcqpvvca8FW2jRJGK9KLgBv4F5yKEvZvVHhkSKSy PrbaBmIqxwaF+N8TI3/d/EO2DOds1yN7OL32SkX8EdV3oLZQJ4hVvhlr4kFZHmUd7pgVwn8Vqv+uK0 UFan4RQ1+I3qkErQAANveVvY5pXtci9ipFe4FGoWoSUTDG1UgUSINTEVskfUOFyB9qoHI36yRNUl2F jqQrqP9+un1/0GisyWHFVg/4yk1APsDuL/bcZfD8mXL28M2fC8F7ih+gObJ65mNiTSlnS/noOYmMur gzjHkQGd9Iy9zVdgXvpuTvJYV/by/kknnK2M4nUw6VwG1HmoDpR9ErQG8zxw==
X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

It's been over 4 years since LSM stack was introduced. The integrity
subsystem is long overdue for moving to this infrastructure. Here's my
first pass at converting integrity and ima (and some of evm) into LSM
hooks. This should be enough of an example to finish evm, and introduce
the missing hooks for both. For example, after this, it looks like ima
only has a couple places it's still doing things outside of the LSM. At
least these stood out:

fs/namei.c:     ima_post_create_tmpfile(mnt_userns, inode);
fs/namei.c:                             ima_post_path_mknod(mnt_userns, dentry);

Mimi, can you please take this series and finish the conversion for
what's missing in ima and evm?

I would also call attention to "175 insertions(+), 240 deletions(-)" --
as expected, this is a net reduction in code.

Thanks!

-Kees

Kees Cook (9):
  integrity: Prepare for having "ima" and "evm" available in "integrity"
    LSM
  security: Move trivial IMA hooks into LSM
  ima: Move xattr hooks into LSM
  ima: Move ima_file_free() into LSM
  LSM: Introduce inode_post_setattr hook
  fs: Introduce file_to_perms() helper
  ima: Move ima_file_check() into LSM
  integrity: Move trivial hooks into LSM
  integrity: Move integrity_inode_get() out of global header

 fs/attr.c                             |  3 +-
 fs/file_table.c                       |  1 -
 fs/namei.c                            |  2 -
 fs/nfsd/vfs.c                         |  6 --
 include/linux/evm.h                   |  6 --
 include/linux/fs.h                    | 22 +++++++
 include/linux/ima.h                   | 87 ---------------------------
 include/linux/integrity.h             | 30 +--------
 include/linux/lsm_hook_defs.h         |  3 +
 security/Kconfig                      | 10 +--
 security/apparmor/include/file.h      | 18 ++----
 security/integrity/evm/evm_main.c     | 14 ++++-
 security/integrity/iint.c             | 28 +++++++--
 security/integrity/ima/ima.h          | 12 ++++
 security/integrity/ima/ima_appraise.c | 21 +++++--
 security/integrity/ima/ima_main.c     | 66 ++++++++++++++------
 security/integrity/integrity.h        |  8 +++
 security/security.c                   | 78 ++++++------------------
 18 files changed, 175 insertions(+), 240 deletions(-)

-- 
2.34.1