path: root/security/integrity
diff options
authorKees Cook <>2020-10-02 10:38:23 -0700
committerGreg Kroah-Hartman <>2020-10-05 13:37:03 +0200
commit2039bda1fa8dad3f4275b29eeaffef545bcbc85d (patch)
tree68a81272505370153df7eca21780bf3f91f0f2eb /security/integrity
parent38f901735a9e2b3d182fc04a1dfcdb0d3325ea5d (diff)
LSM: Add "contents" flag to kernel_read_file hook
As with the kernel_load_data LSM hook, add a "contents" flag to the kernel_read_file LSM hook that indicates whether the LSM can expect a matching call to the kernel_post_read_file LSM hook with the full contents of the file. With the coming addition of partial file read support for kernel_read_file*() API, the LSM will no longer be able to always see the entire contents of a file during the read calls. For cases where the LSM must read examine the complete file contents, it will need to do so on its own every time the kernel_read_file hook is called with contents=false (or reject such cases). Adjust all existing LSMs to retain existing behavior. Signed-off-by: Kees Cook <> Reviewed-by: Mimi Zohar <> Link: Signed-off-by: Greg Kroah-Hartman <>
Diffstat (limited to 'security/integrity')
1 files changed, 9 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 6f2b8352573a..939f53d02627 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -602,6 +602,7 @@ void ima_post_path_mknod(struct dentry *dentry)
* ima_read_file - pre-measure/appraise hook decision based on policy
* @file: pointer to the file to be measured/appraised/audit
* @read_id: caller identifier
+ * @contents: whether a subsequent call will be made to ima_post_read_file()
* Permit reading a file based on policy. The policy rules are written
* in terms of the policy identifier. Appraising the integrity of
@@ -609,8 +610,15 @@ void ima_post_path_mknod(struct dentry *dentry)
* For permission return 0, otherwise return -EACCES.
-int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
+int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
+ bool contents)
+ /* Reject all partial reads during appraisal. */
+ if (!contents) {
+ if (ima_appraise & IMA_APPRAISE_ENFORCE)
+ return -EACCES;
+ }
* Do devices using pre-allocated memory run the risk of the
* firmware being accessible to the device prior to the completion