ima: define ima_post_create_tmpfile() hook and add missing call

If tmpfiles can be made persistent, then newly created tmpfiles need to be treated like any other new files in policy. This patch indicates which newly created tmpfiles are in policy, causing the file hash to be calculated on __fput(). Reported-by: Ignaz Forster <ignaz.forster@gmx.de> [rgoldwyn@suse.com: Call ima_post_create_tmpfile() in vfs_tmpfile() as opposed to do_tmpfile(). This will help the case for overlayfs where copy_up is denied while overwriting a file.] Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Mimi Zohar <zohar@linux.ibm.com> 2019-01-22 15:06:49 -0500
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-02-04 17:36:01 -0500
commit: fdb2410f7702f25f82804a261f90ad03422bd2c3 (patch)
tree: 1e1389a728449aec6871e473414903bbcd3be0b9
parent: c8b37524d3cdbcf07426529cb83b38b1240cb54d (diff)
3 files changed, 39 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 914178cdbe94..373a7ec4b09d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3462,6 +3462,7 @@ struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, int open_flag)
                inode->i_state |= I_LINKABLE;
                spin_unlock(&inode->i_lock);
        }
+        ima_post_create_tmpfile(inode);
        return child;
 out_err:
diff --git a/include/linux/ima.h b/include/linux/ima.h
index b5e16b8c50b7..dc12fbcf484c 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -18,6 +18,7 @@ struct linux_binprm;
 #ifdef CONFIG_IMA
 extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
+extern void ima_post_create_tmpfile(struct inode *inode);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern int ima_load_data(enum kernel_load_data_id id);
@@ -56,6 +57,10 @@ static inline int ima_file_check(struct file *file, int mask)
        return 0;
 }
+static inline void ima_post_create_tmpfile(struct inode *inode)
+{
+}
 static inline void ima_file_free(struct file *file)
 {
        return;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 4ffac4f5c647..357edd140c09 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -397,6 +397,33 @@ int ima_file_check(struct file *file, int mask)
 EXPORT_SYMBOL_GPL(ima_file_check);
 /**
+ * ima_post_create_tmpfile - mark newly created tmpfile as new
+ * @file : newly created tmpfile
+ *
+ * No measuring, appraising or auditing of newly created tmpfiles is needed.
+ * Skip calling process_measurement(), but indicate which newly, created
+ * tmpfiles are in policy.
+ */
+void ima_post_create_tmpfile(struct inode *inode)
+{
+        struct integrity_iint_cache *iint;
+        int must_appraise;
+        must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
+        if (!must_appraise)
+                return;
+        /* Nothing to do if we can't allocate memory */
+        iint = integrity_inode_get(inode);
+        if (!iint)
+                return;
+        /* needed for writing the security xattrs */
+        set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
+        iint->ima_file_status = INTEGRITY_PASS;
+}
+/**
 * ima_post_path_mknod - mark as a new inode
 * @dentry: newly created dentry
 *
@@ -413,9 +440,13 @@ void ima_post_path_mknod(struct dentry *dentry)
        if (!must_appraise)
                return;
+        /* Nothing to do if we can't allocate memory */
        iint = integrity_inode_get(inode);
-        if (iint)
+        if (!iint)
-                iint->flags |= IMA_NEW_FILE;
+                return;
+        /* needed for re-opening empty files */
+        iint->flags |= IMA_NEW_FILE;
 }
 /**
author	Mimi Zohar <zohar@linux.ibm.com>	2019-01-22 15:06:49 -0500
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-02-04 17:36:01 -0500
commit	fdb2410f7702f25f82804a261f90ad03422bd2c3 (patch)
tree	1e1389a728449aec6871e473414903bbcd3be0b9
parent	c8b37524d3cdbcf07426529cb83b38b1240cb54d (diff)

diff --git a/fs/namei.c b/fs/namei.c index 914178cdbe94..373a7ec4b09d 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -3462,6 +3462,7 @@ struct dentry vfs_tmpfile(struct dentry dentry, umode_t mode, int open_flag)
3462	inode->i_state \|= I_LINKABLE;	3462	inode->i_state \|= I_LINKABLE;
3463	spin_unlock(&inode->i_lock);	3463	spin_unlock(&inode->i_lock);
3464	}	3464	}
		3465	ima_post_create_tmpfile(inode);
3465	return child;	3466	return child;
3466		3467
3467	out_err:	3468	out_err:


diff --git a/include/linux/ima.h b/include/linux/ima.h index b5e16b8c50b7..dc12fbcf484c 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h
@@ -18,6 +18,7 @@ struct linux_binprm;
18	#ifdef CONFIG_IMA	18	#ifdef CONFIG_IMA
19	extern int ima_bprm_check(struct linux_binprm *bprm);	19	extern int ima_bprm_check(struct linux_binprm *bprm);
20	extern int ima_file_check(struct file *file, int mask);	20	extern int ima_file_check(struct file *file, int mask);
		21	extern void ima_post_create_tmpfile(struct inode *inode);
21	extern void ima_file_free(struct file *file);	22	extern void ima_file_free(struct file *file);
22	extern int ima_file_mmap(struct file *file, unsigned long prot);	23	extern int ima_file_mmap(struct file *file, unsigned long prot);
23	extern int ima_load_data(enum kernel_load_data_id id);	24	extern int ima_load_data(enum kernel_load_data_id id);
@@ -56,6 +57,10 @@ static inline int ima_file_check(struct file *file, int mask)
56	return 0;	57	return 0;
57	}	58	}
58		59
		60	static inline void ima_post_create_tmpfile(struct inode *inode)
		61	{
		62	}
		63
59	static inline void ima_file_free(struct file *file)	64	static inline void ima_file_free(struct file *file)
60	{	65	{
61	return;	66	return;


diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 4ffac4f5c647..357edd140c09 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c
@@ -397,6 +397,33 @@ int ima_file_check(struct file *file, int mask)
397	EXPORT_SYMBOL_GPL(ima_file_check);	397	EXPORT_SYMBOL_GPL(ima_file_check);
398		398
399	/**	399	/**
		400	* ima_post_create_tmpfile - mark newly created tmpfile as new
		401	* @file : newly created tmpfile
		402	*
		403	* No measuring, appraising or auditing of newly created tmpfiles is needed.
		404	* Skip calling process_measurement(), but indicate which newly, created
		405	* tmpfiles are in policy.
		406	*/
		407	void ima_post_create_tmpfile(struct inode *inode)
		408	{
		409	struct integrity_iint_cache *iint;
		410	int must_appraise;
		411
		412	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
		413	if (!must_appraise)
		414	return;
		415
		416	/* Nothing to do if we can't allocate memory */
		417	iint = integrity_inode_get(inode);
		418	if (!iint)
		419	return;
		420
		421	/* needed for writing the security xattrs */
		422	set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
		423	iint->ima_file_status = INTEGRITY_PASS;
		424	}
		425
		426	/**
400	* ima_post_path_mknod - mark as a new inode	427	* ima_post_path_mknod - mark as a new inode
401	* @dentry: newly created dentry	428	* @dentry: newly created dentry
402	*	429	*
@@ -413,9 +440,13 @@ void ima_post_path_mknod(struct dentry *dentry)
413	if (!must_appraise)	440	if (!must_appraise)
414	return;	441	return;
415		442
		443	/* Nothing to do if we can't allocate memory */
416	iint = integrity_inode_get(inode);	444	iint = integrity_inode_get(inode);
417	if (iint)	445	if (!iint)
418	iint->flags \|= IMA_NEW_FILE;	446	return;
		447
		448	/* needed for re-opening empty files */
		449	iint->flags \|= IMA_NEW_FILE;
419	}	450	}
420		451
421	/**	452	/**