Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp802561lqb; Fri, 24 May 2024 13:52:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWwRXwz2+HRvywKLUB9BCphUnMGjOVfpIUQVwQQuAcQ0sB4JZCDsxZ6EZ3/VeunmXfccWx46gMwocy/6GMdyllq4owmXorObQFVBUccWQ== X-Google-Smtp-Source: AGHT+IEKJjErNxShvjvohAE4ETDiCevGPCL4H1epZ8Al4usjxq6/+SvXnZrLk8lMzhFk7AnVMx0S X-Received: by 2002:a05:6a20:974c:b0:1af:96e8:7b9c with SMTP id adf61e73a8af0-1b212e0325bmr3482475637.47.1716583941362; Fri, 24 May 2024 13:52:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716583941; cv=pass; d=google.com; s=arc-20160816; b=GwCitnMFKnEXFEI5kIP6DLk+C9yVQTvip494p7NORbr8Q05V5IzOhTXOpBCPFJGCzY vwHEfI2ySQTl3gwy4hwNjN063icmFWT/rnlL0vpe5mfCaAjIgMK3XXX+Zj5asrUPGpNd FYMsDDUltEI/sDQ2T/7H+xFEtaEOlnQjwJv1k9/k1Bzesr+FFKuRqnsAwMncSJG4QUUY K52B5s653VrpdZauxBp77HEVtoqF6lseoJ8NxrndZSNDrxqu6EGNlh1XV6Lu7rfgxWb4 BF/YZM4xThSpxPYvxh15PYQkuP5AFGIfpdv+EFz7YS3HG8bIhv0Vpv6v5ch2OR1UdBDV K08g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :dkim-filter; bh=vBOMBcwQCO6k4hxnAcXoCQRNIv6CgwhcPskZVNgjbOY=; fh=OlkHRnschcmalg77Gt0o0+JloawjlN2zARXEVTidFzI=; b=b9jA2QpfzM3Jg5CfyT3S+Y19OoPVrioK9D404t8ew5WVYQqrsQdOIWxsVlwxeDJP3i CmKHsIKlTsgYtQcbiz9earb0EncXv9xTSoNyf6iT08PdO9M+iYuffcQZB8gW16rbgrbK UQMPm7QYX8DKsTo7HjrwYjiGPB0q2SXcS+U4CXEyKRap3EGH4yoJ+6MF2cOlzxsNJfZN VvpUIiNPiFlUP3KK+svWkMLlyZ9piwsxi+15mR/Fxk0Ck816U4iyyqfIk57L1ve3VVnf qsIbDn1CJzfVeall+ENVWwLvQzCL92s8KTE5RRo5aMyNNKL36qwdyupG1jPI/On3eFzV vm/w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=KTqFoZvo; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-189113-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189113-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-68221b73e16si1775038a12.77.2024.05.24.13.52.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 13:52:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-189113-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=KTqFoZvo; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-189113-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189113-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 014D42827A6 for ; Fri, 24 May 2024 20:52:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3796F134437; Fri, 24 May 2024 20:47:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="KTqFoZvo" Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D73A612EBFC; Fri, 24 May 2024 20:47:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716583626; cv=none; b=Y4U9IQXe146+D2hQSLbO1COUK/oIBkdzDPCV4n8rD9xV8EGBGyxrkvHGO6xDrZBb7FQrL6k9QETQfbrmGIr65Uqrcyl7r03Laz8lacUaH0bZTDkm3oMijWxmB5XAhXtYehBYRoq0zq5ugP8txeasGSCyOJ1XGybiM9kw0xLeKzs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716583626; c=relaxed/simple; bh=AhH2IqJvdgM9pOq0Cqn3h3nREs4VRy8ntYk/eAa9cO0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References; b=HBxuyF1wnMhClBmpsuGqTPNx0tjY74JzK0SVMi47csrHz0EC+oI161/sA+QAENm2W+Kp1zRWq4YbvHOA8ctQvFpKxPPf6ADz8JjFID7ozvWqL2aIoNqch9LOPE+7j66UeEo8EbCG3zx/TG2p9lupkz3GRHHEjYXV7F/LzQZ/fK0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=KTqFoZvo; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Received: by linux.microsoft.com (Postfix, from userid 1052) id E0D5920BE590; Fri, 24 May 2024 13:46:51 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E0D5920BE590 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1716583611; bh=vBOMBcwQCO6k4hxnAcXoCQRNIv6CgwhcPskZVNgjbOY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KTqFoZvo0a8F1mIbNlvZnAmq/0C5EuRRTxz6HPZOGPEcwLZVFFhUs2qrWyAW/GZXQ vFR9GqQs+yvXNVyDgAFVWyruhUs0mOGgyEm/CCT2SEf2fZ/eOEHPFP67+JRPLJ/T+e sqEnIkRhXZbZFcN788bkK8H+ddylfZtndHv7Yg5U= From: Fan Wu To: corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, mpatocka@redhat.com, eparis@redhat.com, paul@paul-moore.com Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, fsverity@lists.linux.dev, linux-block@vger.kernel.org, dm-devel@lists.linux.dev, audit@vger.kernel.org, linux-kernel@vger.kernel.org, Fan Wu Subject: [PATCH v19 14/20] security: add security_inode_setintegrity() hook Date: Fri, 24 May 2024 13:46:43 -0700 Message-Id: <1716583609-21790-15-git-send-email-wufan@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1716583609-21790-1-git-send-email-wufan@linux.microsoft.com> References: <1716583609-21790-1-git-send-email-wufan@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: This patch introduces a new hook to save inode's integrity data. For example, for fsverity enabled files, LSMs can use this hook to save the verified fsverity builtin signature into the inode's security blob, and LSMs can make access decisions based on the data inside the signature, like the signer certificate. Signed-off-by: Fan Wu -- v1-v14: + Not present v15: + Introduced v16: + Switch to call_int_hook() v17: + Fix a typo v18: + No changes v19: + Refactor hook declaration --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 10 ++++++++++ security/security.c | 20 ++++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 4f9b43a87ba5..46293ca34091 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -178,6 +178,8 @@ LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid) LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new) LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src, const char *name) +LSM_HOOK(int, 0, inode_setintegrity, const struct inode *inode, + enum lsm_integrity_type type, const void *value, size_t size) LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, struct kernfs_node *kn) LSM_HOOK(int, 0, file_permission, struct file *file, int mask) diff --git a/include/linux/security.h b/include/linux/security.h index 09c80326518f..ab489fb02f06 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -410,6 +410,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer void security_inode_getsecid(struct inode *inode, u32 *secid); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(struct dentry *src, const char *name); +int security_inode_setintegrity(const struct inode *inode, + enum lsm_integrity_type type, const void *value, + size_t size); int security_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn); int security_file_permission(struct file *file, int mask); @@ -1026,6 +1029,13 @@ static inline int security_inode_copy_up(struct dentry *src, struct cred **new) return 0; } +static inline int security_inode_setintegrity(const struct inode *inode, + enum lsm_integrity_type type, + const void *value, size_t size) +{ + return 0; +} + static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn) { diff --git a/security/security.c b/security/security.c index 743652e5e893..f4c7a13c6009 100644 --- a/security/security.c +++ b/security/security.c @@ -2682,6 +2682,26 @@ int security_inode_copy_up_xattr(struct dentry *src, const char *name) } EXPORT_SYMBOL(security_inode_copy_up_xattr); +/** + * security_inode_setintegrity() - Set the inode's integrity data + * @inode: inode + * @type: type of integrity, e.g. hash digest, signature, etc + * @value: the integrity value + * @size: size of the integrity value + * + * Register a verified integrity measurement of a inode with LSMs. + * LSMs should free the previously saved data if @value is NULL. + * + * Return: Returns 0 on success, negative values on failure. + */ +int security_inode_setintegrity(const struct inode *inode, + enum lsm_integrity_type type, const void *value, + size_t size) +{ + return call_int_hook(inode_setintegrity, inode, type, value, size); +} +EXPORT_SYMBOL(security_inode_setintegrity); + /** * security_kernfs_init_security() - Init LSM context for a kernfs node * @kn_dir: parent kernfs node -- 2.44.0