linux/security/keys
Roberto Sassu cd3cec0a02 ima: Move to LSM infrastructure
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').

Having IMA before EVM in the Makefile is sufficient to preserve the
relative order of the new 'ima' LSM in respect to the upcoming 'evm' LSM,
and thus the order of IMA and EVM function calls as when they were
hardcoded.

Make moved functions as static (except ima_post_key_create_or_update(),
which is not in ima_main.c), and register them as implementation of the
respective hooks in the new function init_ima_lsm().

Select CONFIG_SECURITY_PATH, to ensure that the path-based LSM hook
path_post_mknod is always available and ima_post_path_mknod() is always
executed to mark files as new, as before the move.

A slight difference is that IMA and EVM functions registered for the
inode_post_setattr, inode_post_removexattr, path_post_mknod,
inode_post_create_tmpfile, inode_post_set_acl and inode_post_remove_acl
won't be executed for private inodes. Since those inodes are supposed to be
fs-internal, they should not be of interest to IMA or EVM. The S_PRIVATE
flag is used for anonymous inodes, hugetlbfs, reiserfs xattrs, XFS scrub
and kernel-internal tmpfs files.

Conditionally register ima_post_key_create_or_update() if
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Also, conditionally register
ima_kernel_module_request() if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled.

Finally, add the LSM_ID_IMA case in lsm_list_modules_test.c.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 23:43:46 -05:00
..
encrypted-keys Revert "KEYS: encrypted: Add check for strsep" 2024-01-24 16:11:59 -05:00
trusted-keys KEYS: trusted: tee: Refactor register SHM usage 2023-10-24 03:06:35 +03:00
big_key.c big_keys: Use struct for internal payload 2022-05-16 16:02:21 -07:00
compat_dh.c
compat.c security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
dh.c KEYS: DH: Use crypto_wait_req 2023-02-13 18:34:48 +08:00
gc.c keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2023-12-21 13:47:38 +00:00
internal.h keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2023-12-21 13:47:38 +00:00
Kconfig KEYS: trusted: allow use of TEE as backend without TCG_TPM support 2022-05-23 18:47:50 +03:00
key.c ima: Move to LSM infrastructure 2024-02-15 23:43:46 -05:00
keyctl_pkey.c KEYS: fix length validation in keyctl_pkey_params_get_2() 2022-03-08 10:33:18 +02:00
keyctl.c iov_iter: replace import_single_range() with import_ubuf() 2023-12-05 11:57:37 +01:00
keyring.c security/keys: Remove inconsistent __user annotation 2022-10-05 00:25:56 +03:00
Makefile
permission.c keys: Make the KEY_NEED_* perms an enum rather than a mask 2020-05-19 15:42:22 +01:00
persistent.c
proc.c keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2023-12-21 13:47:38 +00:00
process_keys.c ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
request_key_auth.c KEYS: Replace all non-returning strlcpy with strscpy 2023-08-17 20:12:35 +00:00
request_key.c keys: Fix linking a duplicate key to a keyring's assoc_array 2023-07-17 19:32:30 +00:00
sysctl.c sysctl: set variable key_sysctls storage-class-specifier to static 2023-08-07 17:55:54 +00:00
user_defined.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00