ima: Align ima_file_mprotect() definition with LSM infrastructure

robertosassu · pcmoore · commit 0298c5a9b168 · 2024-02-15T23:43:38.000-05:00
Change ima_file_mprotect() definition, so that it can be registered
as implementation of the file_mprotect hook.

Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Reviewed-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
Reviewed-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
Acked-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/include/linux/ima.h b/include/linux/ima.h
@@ -23,7 +23,8 @@ extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long reqprot,
 			 unsigned long prot, unsigned long flags);
-extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
+extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
+			     unsigned long prot);
 extern int ima_load_data(enum kernel_load_data_id id, bool contents);
 extern int ima_post_load_data(char *buf, loff_t size,
 			      enum kernel_load_data_id id, char *description);
@@ -84,7 +85,7 @@ static inline int ima_file_mmap(struct file *file, unsigned long reqprot,
 }
 
 static inline int ima_file_mprotect(struct vm_area_struct *vma,
-				    unsigned long prot)
+				    unsigned long reqprot, unsigned long prot)
 {
 	return 0;
 }
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
@@ -455,7 +455,8 @@ int ima_file_mmap(struct file *file, unsigned long reqprot,
 /**
  * ima_file_mprotect - based on policy, limit mprotect change
  * @vma: vm_area_struct protection is set to
- * @prot: contains the protection that will be applied by the kernel.
+ * @reqprot: protection requested by the application
+ * @prot: protection that will be applied by the kernel
  *
  * Files can be mmap'ed read/write and later changed to execute to circumvent
  * IMA's mmap appraisal policy rules.  Due to locking issues (mmap semaphore
@@ -465,7 +466,8 @@ int ima_file_mmap(struct file *file, unsigned long reqprot,
  *
  * On mprotect change success, return 0.  On failure, return -EACESS.
  */
-int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
+int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
+		      unsigned long prot)
 {
 	struct ima_template_desc *template = NULL;
 	struct file *file;
diff --git a/security/security.c b/security/security.c
@@ -2831,7 +2831,7 @@ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 	ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot);
 	if (ret)
 		return ret;
-	return ima_file_mprotect(vma, prot);
+	return ima_file_mprotect(vma, reqprot, prot);
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,8 @@ extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,`
`23`	`23`	`extern void ima_file_free(struct file *file);`
`24`	`24`	`extern int ima_file_mmap(struct file *file, unsigned long reqprot,`
`25`	`25`	`unsigned long prot, unsigned long flags);`
`26`		`-extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);`
	`26`	`+extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,`
	`27`	`+ unsigned long prot);`
`27`	`28`	`extern int ima_load_data(enum kernel_load_data_id id, bool contents);`
`28`	`29`	`extern int ima_post_load_data(char *buf, loff_t size,`
`29`	`30`	`enum kernel_load_data_id id, char *description);`
`@@ -84,7 +85,7 @@ static inline int ima_file_mmap(struct file *file, unsigned long reqprot,`
`84`	`85`	`}`
`85`	`86`
`86`	`87`	`static inline int ima_file_mprotect(struct vm_area_struct *vma,`
`87`		`- unsigned long prot)`
	`88`	`+ unsigned long reqprot, unsigned long prot)`
`88`	`89`	`{`
`89`	`90`	`return 0;`
`90`	`91`	`}`
Original file line number	Diff line number	Diff line change
`@@ -455,7 +455,8 @@ int ima_file_mmap(struct file *file, unsigned long reqprot,`
`455`	`455`	`/**`
`456`	`456`	`* ima_file_mprotect - based on policy, limit mprotect change`
`457`	`457`	`* @vma: vm_area_struct protection is set to`
`458`		`- * @prot: contains the protection that will be applied by the kernel.`
	`458`	`+ * @reqprot: protection requested by the application`
	`459`	`+ * @prot: protection that will be applied by the kernel`
`459`	`460`	`*`
`460`	`461`	`* Files can be mmap'ed read/write and later changed to execute to circumvent`
`461`	`462`	`* IMA's mmap appraisal policy rules. Due to locking issues (mmap semaphore`
`@@ -465,7 +466,8 @@ int ima_file_mmap(struct file *file, unsigned long reqprot,`
`465`	`466`	`*`
`466`	`467`	`* On mprotect change success, return 0. On failure, return -EACESS.`
`467`	`468`	`*/`
`468`		`-int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)`
	`469`	`+int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,`
	`470`	`+ unsigned long prot)`
`469`	`471`	`{`
`470`	`472`	`struct ima_template_desc *template = NULL;`
`471`	`473`	`struct file *file;`
Original file line number	Diff line number	Diff line change
`@@ -2831,7 +2831,7 @@ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,`
`2831`	`2831`	`ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot);`
`2832`	`2832`	`if (ret)`
`2833`	`2833`	`return ret;`
`2834`		`- return ima_file_mprotect(vma, prot);`
	`2834`	`+ return ima_file_mprotect(vma, reqprot, prot);`
`2835`	`2835`	`}`
`2836`	`2836`
`2837`	`2837`	`/**`