lsm: add security_inode_setintegrity() hook

This patch introduces a new hook to save inode's integrity
data. For example, for fsverity enabled files, LSMs can use this hook to
save the existence of verified fsverity builtin signature into the inode's
security blob, and LSMs can make access decisions based on this data.

Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak, removed changelog]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 860821f3bf6f3d3397797c393ffc3a88267c0b6d..1d59513bf2301c442f3cce37ee90a83c8fd48746 100644 (file)
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -180,6 +180,8 @@ LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
 LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
 LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src,
         const char *name)
+LSM_HOOK(int, 0, inode_setintegrity, const struct inode *inode,
+        enum lsm_integrity_type type, const void *value, size_t size)
 LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
         struct kernfs_node *kn)
 LSM_HOOK(int, 0, file_permission, struct file *file, int mask)

diff --git a/include/linux/security.h b/include/linux/security.h
index e383022467db91cfc7da4bb76915126071ad6363..97b7c57e6560b766bbde12c9a8eddc4f1f3f5989 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -410,6 +410,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
 void security_inode_getsecid(struct inode *inode, u32 *secid);
 int security_inode_copy_up(struct dentry *src, struct cred **new);
 int security_inode_copy_up_xattr(struct dentry *src, const char *name);
+int security_inode_setintegrity(const struct inode *inode,
+                               enum lsm_integrity_type type, const void *value,
+                               size_t size);
 int security_kernfs_init_security(struct kernfs_node *kn_dir,
                                  struct kernfs_node *kn);
 int security_file_permission(struct file *file, int mask);
@@ -1026,6 +1029,13 @@ static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
        return 0;
 }
 
+static inline int security_inode_setintegrity(const struct inode *inode,
+                                             enum lsm_integrity_type type,
+                                             const void *value, size_t size)
+{
+       return 0;
+}
+
 static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
                                                struct kernfs_node *kn)
 {

diff --git a/security/security.c b/security/security.c
index 3160a017358162ffc4cdb74d54bfc359b64a3ca9..bb43ad444f1ff117bd1fac290f3aa6ab63e1d836 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -2716,6 +2716,26 @@ int security_inode_copy_up_xattr(struct dentry *src, const char *name)
 }
 EXPORT_SYMBOL(security_inode_copy_up_xattr);
 
+/**
+ * security_inode_setintegrity() - Set the inode's integrity data
+ * @inode: inode
+ * @type: type of integrity, e.g. hash digest, signature, etc
+ * @value: the integrity value
+ * @size: size of the integrity value
+ *
+ * Register a verified integrity measurement of a inode with LSMs.
+ * LSMs should free the previously saved data if @value is NULL.
+ *
+ * Return: Returns 0 on success, negative values on failure.
+ */
+int security_inode_setintegrity(const struct inode *inode,
+                               enum lsm_integrity_type type, const void *value,
+                               size_t size)
+{
+       return call_int_hook(inode_setintegrity, inode, type, value, size);
+}
+EXPORT_SYMBOL(security_inode_setintegrity);
+
 /**
  * security_kernfs_init_security() - Init LSM context for a kernfs node
  * @kn_dir: parent kernfs node