Received: by 2002:a05:7412:3210:b0:e2:908c:2ebd with SMTP id eu16csp150500rdb; Thu, 31 Aug 2023 05:55:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDGmydq1NjbMa1VLK9mOTqnzDackbt7lSvMb3RD6HIC0j9JsZ1HDtsbmIGEStmYvKHeNLh X-Received: by 2002:a17:90b:4c4c:b0:267:f9c4:c0a8 with SMTP id np12-20020a17090b4c4c00b00267f9c4c0a8mr4919726pjb.4.1693486555081; Thu, 31 Aug 2023 05:55:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1693486555; cv=none; d=google.com; s=arc-20160816; b=EEYeuzFiIHMtMvLC/uwlAMS1/m+Jip7Lr9zdXOPBhhTEI4xQecIeH5pEngzHW9VqD4 am7XkrTsfwO//1x3Zonh0FtP4lE7/ntg7Gq5RsJOF+rOEyiz4JOS2dV5ha8YpkBTi6qD YV+U5oAWcgyrDmXIkFRZpDftSwf+TPUS2qEOORkRjpBPoUdRnHsYw54YPjJqyTpoZuGl G6L0CnXwIbAA5oz6m1htadVWrDMqCAVDspj/HkQTjyiC0oht3r0/P1Lf+neVzwDARY32 7Sf4G/xTANnMZEjRKU77U/ZN9HUKUCBTUcKNnBQSQl02SzFL/IGX56as86gsgK2nbRqB +fBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=VOvXDhWU8qDLGqxaDqjW5w2fV/zezsbedMQzBgcOK/0=; fh=ZhQZvtUJr/vinStRe/fLjcmSrOCsze6H5x9tCaYQJfY=; b=rkA5p1imgD3xsiRJ5v0+IhYqwgo4ZqIEL8M4u+BrzGD0XlhxeDc16NxKtm0Ymk4GTv 3AWvihpSv3sIsK+OZZm8yEn+Nkaxum3NeEegnkWBstHOcf0qq5ya2b7W++Mdii19Z+iH gRjQhgVF0jMpvkAQXN7rnlj/MIqgYG9oKxe5dSMB/7q9GAVjSeBxU3dsmwFJIN2TBT4r 2N5E/8kUdr7K/jDn3YVpoQSWG1anrzblC3S/imGFWpep8DmP6PODgKnl/p1dzO7UHEeg RRn0jxHSadXVBv2f+b/wz/LlBeFgJnZgPM0VNcuRjDUvMZ2lrl9YxCaQ6JcNN94cXoHO D4Hg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z15-20020a17090a608f00b002700bcdbff1si3603448pji.154.2023.08.31.05.55.43; Thu, 31 Aug 2023 05:55:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345288AbjHaKqo (ORCPT + 46 others); Thu, 31 Aug 2023 06:46:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345124AbjHaKqh (ORCPT ); Thu, 31 Aug 2023 06:46:37 -0400 Received: from frasgout12.his.huawei.com (unknown [14.137.139.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E2C0E7E; Thu, 31 Aug 2023 03:46:16 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.228]) by frasgout12.his.huawei.com (SkyGuard) with ESMTP id 4RbyBS6YYTz9xtRm; Thu, 31 Aug 2023 18:31:28 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP1 (Coremail) with SMTP id LxC2BwBXC7t9bvBkiGfdAQ--.39787S16; Thu, 31 Aug 2023 11:45:21 +0100 (CET) From: Roberto Sassu To: viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de, kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, dhowells@redhat.com, jarkko@kernel.org, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, Roberto Sassu , Stefan Berger Subject: [PATCH v2 14/25] security: Introduce file_post_open hook Date: Thu, 31 Aug 2023 12:41:25 +0200 Message-Id: <20230831104136.903180-15-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230831104136.903180-1-roberto.sassu@huaweicloud.com> References: <20230831104136.903180-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: LxC2BwBXC7t9bvBkiGfdAQ--.39787S16 X-Coremail-Antispam: 1UD129KBjvJXoWxGFy5WrWfXFyUurWUZry7Jrb_yoWrXFy3pF ZYy3WUGrW8GFy7Wrn7Aanrua4ag39agryUWrZ5u345tF1vqrnYgFZ0yr15Cr15JrZ5AFyI q3W2grW3CrnrZrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPqb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUAV Cq3wA2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0 rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW7JVWDJwA2z4x0Y4vE2Ix0cI8IcVCY1x0267 AKxVWxJr0_GcWl84ACjcxK6I8E87Iv67AKxVWxJVW8Jr1l84ACjcxK6I8E87Iv6xkF7I0E 14v26F4UJVW0owAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I 80ewAv7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCj c4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7MxkF7I0En4 kS14v26r4a6rW5MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E 5I8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVW8ZV WrXwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26F1j6w1UMIIF0xvE2Ix0cI8IcVCY 1x0267AKxVWxJr0_GcWlIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14 v26r4j6F4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Cr1j6rxdYxBIdaVFxhVjvjDU0xZFpf9x 07j7GYLUUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAGBF1jj49c5wAGsD X-CFilter-Loop: Reflected X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00,MAY_BE_FORGED, RCVD_IN_DNSWL_BLOCKED,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Roberto Sassu In preparation to move IMA and EVM to the LSM infrastructure, introduce the file_post_open hook. Also, export security_file_post_open() for NFS. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- fs/namei.c | 2 ++ fs/nfsd/vfs.c | 6 ++++++ include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 6 ++++++ security/security.c | 17 +++++++++++++++++ 5 files changed, 32 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index 1f5ec71360de..7dc4626859f0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3634,6 +3634,8 @@ static int do_open(struct nameidata *nd, error = may_open(idmap, &nd->path, acc_mode, open_flag); if (!error && !(file->f_mode & FMODE_OPENED)) error = vfs_open(&nd->path, file); + if (!error) + error = security_file_post_open(file, op->acc_mode); if (!error) error = ima_file_check(file, op->acc_mode); if (!error && do_truncate) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 8a2321d19194..3450bb1c8a18 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -862,6 +862,12 @@ __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, goto out_nfserr; } + host_err = security_file_post_open(file, may_flags); + if (host_err) { + fput(file); + goto out_nfserr; + } + host_err = ima_file_check(file, may_flags); if (host_err) { fput(file); diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 1153e7163b8b..60ed33f0c80d 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -188,6 +188,7 @@ LSM_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk, struct fown_struct *fown, int sig) LSM_HOOK(int, 0, file_receive, struct file *file) LSM_HOOK(int, 0, file_open, struct file *file) +LSM_HOOK(int, 0, file_post_open, struct file *file, int mask) LSM_HOOK(int, 0, file_truncate, struct file *file) LSM_HOOK(int, 0, task_alloc, struct task_struct *task, unsigned long clone_flags) diff --git a/include/linux/security.h b/include/linux/security.h index 665bba3e0081..a0f16511c059 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -403,6 +403,7 @@ int security_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int sig); int security_file_receive(struct file *file); int security_file_open(struct file *file); +int security_file_post_open(struct file *file, int mask); int security_file_truncate(struct file *file); int security_task_alloc(struct task_struct *task, unsigned long clone_flags); void security_task_free(struct task_struct *task); @@ -1044,6 +1045,11 @@ static inline int security_file_open(struct file *file) return 0; } +static inline int security_file_post_open(struct file *file, int mask) +{ + return 0; +} + static inline int security_file_truncate(struct file *file) { return 0; diff --git a/security/security.c b/security/security.c index 3947159ba5e9..3e0078b51e46 100644 --- a/security/security.c +++ b/security/security.c @@ -2856,6 +2856,23 @@ int security_file_open(struct file *file) return fsnotify_perm(file, MAY_OPEN); } +/** + * security_file_post_open() - Recheck access to a file after it has been opened + * @file: the file + * @mask: access mask + * + * Recheck access with mask after the file has been opened. The hook is useful + * for LSMs that require the file content to be available in order to make + * decisions. + * + * Return: Returns 0 if permission is granted. + */ +int security_file_post_open(struct file *file, int mask) +{ + return call_int_hook(file_post_open, 0, file, mask); +} +EXPORT_SYMBOL_GPL(security_file_post_open); + /** * security_file_truncate() - Check if truncating a file is allowed * @file: file -- 2.34.1