[RFC PATCH 1/2] lsm: add type to security_inode_init_security_anon

Fri Aug 8 12:00:19 UTC 2025

On Thu, Aug 7, 2025 at 3:57 AM Thiébaud Weksteen <tweek at google.com> wrote:
>
> Introduce a new enum (lsm_anon_inode_id) to identify the type of
> anonymous inode being created. This enum is passed down to the
> security_inode_init_security_anon LSM hook.

The intent was to distinguish the type of anonymous inode based on
name-based type_transition rules in the policy using the provided name
string. If that doesn't suffice, this might be justified, but the next
patch doesn't appear to justify it.

>
> Signed-off-by: Thiébaud Weksteen <tweek at google.com>
> ---
>  fs/anon_inodes.c              | 5 +++--
>  include/linux/lsm_hook_defs.h | 3 ++-
>  include/linux/security.h      | 8 ++++++++
>  security/security.c           | 4 +++-
>  security/selinux/hooks.c      | 1 +
>  5 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
> index 1d847a939f29..9a2f09808f86 100644
> --- a/fs/anon_inodes.c
> +++ b/fs/anon_inodes.c
> @@ -21,6 +21,7 @@
>  #include <linux/magic.h>
>  #include <linux/anon_inodes.h>
>  #include <linux/pseudo_fs.h>
> +#include <linux/security.h>
>
>  #include <linux/uaccess.h>
>
> @@ -121,8 +122,8 @@ struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *n
>                 return inode;
>         inode->i_flags &= ~S_PRIVATE;
>         inode->i_op = &anon_inode_operations;
> -       error = security_inode_init_security_anon(inode, &QSTR(name),
> -                                                 context_inode);
> +       error = security_inode_init_security_anon(inode, LSM_ANON_INODE_GENERIC,
> +                                                 &QSTR(name), context_inode);
>         if (error) {
>                 iput(inode);
>                 return ERR_PTR(error);
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index fd11fffdd3c3..1634f41f7a3c 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -119,7 +119,8 @@ LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode,
>          struct inode *dir, const struct qstr *qstr, struct xattr *xattrs,
>          int *xattr_count)
>  LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
> -        const struct qstr *name, const struct inode *context_inode)
> +        enum lsm_anon_inode_id type, const struct qstr *name,
> +        const struct inode *context_inode)
>  LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
>          umode_t mode)
>  LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap,
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 521bcb5b9717..98a97b8a1093 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -263,6 +263,12 @@ struct request_sock;
>  #define LSM_UNSAFE_PTRACE      2
>  #define LSM_UNSAFE_NO_NEW_PRIVS        4
>
> +/* anon_inode types */
> +enum lsm_anon_inode_id {
> +       LSM_ANON_INODE_GENERIC,
> +       LSM_ANON_INODE_MEMFD
> +};
> +
>  #ifdef CONFIG_MMU
>  extern int mmap_min_addr_handler(const struct ctl_table *table, int write,
>                                  void *buffer, size_t *lenp, loff_t *ppos);
> @@ -402,6 +408,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
>                                  const struct qstr *qstr,
>                                  initxattrs initxattrs, void *fs_data);
>  int security_inode_init_security_anon(struct inode *inode,
> +                                     enum lsm_anon_inode_id type,
>                                       const struct qstr *name,
>                                       const struct inode *context_inode);
>  int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
> @@ -889,6 +896,7 @@ static inline int security_inode_init_security(struct inode *inode,
>  }
>
>  static inline int security_inode_init_security_anon(struct inode *inode,
> +                                                   enum lsm_anon_inode_id type,
>                                                     const struct qstr *name,
>                                                     const struct inode *context_inode)
>  {
> diff --git a/security/security.c b/security/security.c
> index ad163f06bf7a..09aa858819a2 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1861,6 +1861,7 @@ EXPORT_SYMBOL(security_inode_init_security);
>  /**
>   * security_inode_init_security_anon() - Initialize an anonymous inode
>   * @inode: the inode
> + * @type: the type of anonymous inode
>   * @name: the anonymous inode class
>   * @context_inode: an optional related inode
>   *
> @@ -1871,10 +1872,11 @@ EXPORT_SYMBOL(security_inode_init_security);
>   * creation of this inode, or another -errno upon other errors.
>   */
>  int security_inode_init_security_anon(struct inode *inode,
> +                                     enum lsm_anon_inode_id type,
>                                       const struct qstr *name,
>                                       const struct inode *context_inode)
>  {
> -       return call_int_hook(inode_init_security_anon, inode, name,
> +       return call_int_hook(inode_init_security_anon, inode, type, name,
>                              context_inode);
>  }
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index c95a5874bf7d..8d36d5ebb6e5 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2967,6 +2967,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
>  }
>
>  static int selinux_inode_init_security_anon(struct inode *inode,
> +                                           enum lsm_anon_inode_id type,
>                                             const struct qstr *name,
>                                             const struct inode *context_inode)
>  {
> --
> 2.50.1.703.g449372360f-goog
>