security: Introduce inode_post_create_tmpfile hook

In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.

As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.

LSMs could also take some action after temp files have been created.

The new hook cannot return an error and cannot cause the operation to be
canceled.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/fs/namei.c b/fs/namei.c
index 9280aa5d60a71c035c676f77997605eb2d85d43b..c7ac7fdf0f256c6de1c56ccf5cc1a02ed56e3844 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3705,6 +3705,7 @@ static int vfs_tmpfile(struct mnt_idmap *idmap,
                inode->i_state |= I_LINKABLE;
                spin_unlock(&inode->i_lock);
        }
+       security_inode_post_create_tmpfile(idmap, inode);
        ima_post_create_tmpfile(idmap, inode);
        return 0;
 }

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index dba5d8204dc5d85fdfc7c68162efb59903989ffc..87f60b47dfcadfce57b04b1e2883b2066f23644f 100644 (file)
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -121,6 +121,8 @@ LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
         const struct qstr *name, const struct inode *context_inode)
 LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
         umode_t mode)
+LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap,
+        struct inode *inode)
 LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,
         struct dentry *new_dentry)
 LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry)

diff --git a/include/linux/security.h b/include/linux/security.h
index 977dd9f7f51aaa3c2d3252ff9167a89aafca4a2b..1cb60428261778a7723c26768e63fed2abd611ed 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -344,6 +344,8 @@ int security_inode_init_security_anon(struct inode *inode,
                                      const struct qstr *name,
                                      const struct inode *context_inode);
 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
+void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
+                                       struct inode *inode);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
                         struct dentry *new_dentry);
 int security_inode_unlink(struct inode *dir, struct dentry *dentry);
@@ -811,6 +813,10 @@ static inline int security_inode_create(struct inode *dir,
        return 0;
 }
 
+static inline void
+security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode)
+{ }
+
 static inline int security_inode_link(struct dentry *old_dentry,
                                       struct inode *dir,
                                       struct dentry *new_dentry)

diff --git a/security/security.c b/security/security.c
index ee4582e1d4d073e942f166dd5927ce41efdcf5af..710db090aa8b301ff9189fc8d3f2e5dbc01df741 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -2013,6 +2013,21 @@ int security_inode_create(struct inode *dir, struct dentry *dentry,
 }
 EXPORT_SYMBOL_GPL(security_inode_create);
 
+/**
+ * security_inode_post_create_tmpfile() - Update inode security of new tmpfile
+ * @idmap: idmap of the mount
+ * @inode: inode of the new tmpfile
+ *
+ * Update inode security data after a tmpfile has been created.
+ */
+void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
+                                       struct inode *inode)
+{
+       if (unlikely(IS_PRIVATE(inode)))
+               return;
+       call_void_hook(inode_post_create_tmpfile, idmap, inode);
+}
+
 /**
  * security_inode_link() - Check if creating a hard link is allowed
  * @old_dentry: existing file