On Tue, Dec 13, 2022 at 11:06 PM Kees Cook [off-list ref] wrote:

On Mon, Dec 12, 2022 at 03:13:19PM -0600, Serge E. Hallyn wrote:

quoted

On Fri, Dec 09, 2022 at 11:54:57AM -0800, Kees Cook wrote:

quoted

LoadPin only enforces the read-only origin of kernel file reads. Whether
or not it was a partial read isn't important. Remove the overly
conservative checks so that things like partial firmware reads will
succeed (i.e. reading a firmware header).

Fixes: 2039bda1fa8d ("LSM: Add "contents" flag to kernel_read_file hook")
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>

Acked-by: Serge Hallyn <serge@hallyn.com>

Seems reasonable.

Thanks!

quoted

So the patch which introduced this was
2039bda1f: LSM: Add "contents" flag to kernel_read_file hook
It sounds like the usage of @contents which it added to ima still
makes sense.  But what about the selinux_kernel_read_file() one?

I think those continue to make sense since those LSM may be sensitive to
the _content_ (rather than the _origin_) of the file.

Agreed.  When @contents is false SELinux does a permission check
between the calling process and itself, but when @contents is true it
performs a check between the calling process and the file being read.

-- 
paul-moore.com