security/integrity/evm/evm_secfs.c

   1 /*
   2  * Copyright (C) 2010 IBM Corporation
   3  *
   4  * Authors:
   5  * Mimi Zohar <zohar@us.ibm.com>
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, version 2 of the License.
  10  *
  11  * File: evm_secfs.c
  12  *      - Used to signal when key is on keyring
  13  *      - Get the key and enable EVM
  14  */
  15
  16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  17
  18 #include <linux/audit.h>
  19 #include <linux/uaccess.h>
  20 #include <linux/module.h>
  21 #include <linux/mutex.h>
  22 #include "evm.h"
  23
  24 static struct dentry *evm_dir;
  25 static struct dentry *evm_init_tpm;
  26 static struct dentry *evm_symlink;
  27
  28 #ifdef CONFIG_EVM_ADD_XATTRS
  29 static struct dentry *evm_xattrs;
  30 static DEFINE_MUTEX(xattr_list_mutex);
  31 static int evm_xattrs_locked;
  32 #endif
  33
  34 /**
  35  * evm_read_key - read() for <securityfs>/evm
  36  *
  37  * @filp: file pointer, not actually used
  38  * @buf: where to put the result
  39  * @count: maximum to send along
  40  * @ppos: where to start
  41  *
  42  * Returns number of bytes read or error code, as appropriate
  43  */
  44 static ssize_t evm_read_key(struct file *filp, char __user *buf,
  45                             size_t count, loff_t *ppos)
  46 {
  47         char temp[80];
  48         ssize_t rc;
  49
  50         if (*ppos != 0)
  51                 return 0;
  52
  53         sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
  54         rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
  55
  56         return rc;
  57 }
  58
  59 /**
  60  * evm_write_key - write() for <securityfs>/evm
  61  * @file: file pointer, not actually used
  62  * @buf: where to get the data from
  63  * @count: bytes sent
  64  * @ppos: where to start
  65  *
  66  * Used to signal that key is on the kernel key ring.
  67  * - get the integrity hmac key from the kernel key ring
  68  * - create list of hmac protected extended attributes
  69  * Returns number of bytes written or error code, as appropriate
  70  */
  71 static ssize_t evm_write_key(struct file *file, const char __user *buf,
  72                              size_t count, loff_t *ppos)
  73 {
  74         int i, ret;
  75
  76         if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
  77                 return -EPERM;
  78
  79         ret = kstrtoint_from_user(buf, count, 0, &i);
  80
  81         if (ret)
  82                 return ret;
  83
  84         /* Reject invalid values */
  85         if (!i || (i & ~EVM_INIT_MASK) != 0)
  86                 return -EINVAL;
  87
  88         /* Don't allow a request to freshly enable metadata writes if
  89          * keys are loaded.
  90          */
  91         if ((i & EVM_ALLOW_METADATA_WRITES) &&
  92             ((evm_initialized & EVM_KEY_MASK) != 0) &&
  93             !(evm_initialized & EVM_ALLOW_METADATA_WRITES))
  94                 return -EPERM;
  95
  96         if (i & EVM_INIT_HMAC) {
  97                 ret = evm_init_key();
  98                 if (ret != 0)
  99                         return ret;
 100                 /* Forbid further writes after the symmetric key is loaded */
 101                 i |= EVM_SETUP_COMPLETE;
 102         }
 103
 104         evm_initialized |= i;
 105
 106         /* Don't allow protected metadata modification if a symmetric key
 107          * is loaded
 108          */
 109         if (evm_initialized & EVM_INIT_HMAC)
 110                 evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES);
 111
 112         return count;
 113 }
 114
 115 static const struct file_operations evm_key_ops = {
 116         .read           = evm_read_key,
 117         .write          = evm_write_key,
 118 };
 119
 120 #ifdef CONFIG_EVM_ADD_XATTRS
 121 /**
 122  * evm_read_xattrs - read() for <securityfs>/evm_xattrs
 123  *
 124  * @filp: file pointer, not actually used
 125  * @buf: where to put the result
 126  * @count: maximum to send along
 127  * @ppos: where to start
 128  *
 129  * Returns number of bytes read or error code, as appropriate
 130  */
 131 static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
 132                                size_t count, loff_t *ppos)
 133 {
 134         char *temp;
 135         int offset = 0;
 136         ssize_t rc, size = 0;
 137         struct xattr_list *xattr;
 138
 139         if (*ppos != 0)
 140                 return 0;
 141
 142         rc = mutex_lock_interruptible(&xattr_list_mutex);
 143         if (rc)
 144                 return -ERESTARTSYS;
 145
 146         list_for_each_entry(xattr, &evm_config_xattrnames, list)
 147                 size += strlen(xattr->name) + 1;
 148
 149         temp = kmalloc(size + 1, GFP_KERNEL);
 150         if (!temp) {
 151                 mutex_unlock(&xattr_list_mutex);
 152                 return -ENOMEM;
 153         }
 154
 155         list_for_each_entry(xattr, &evm_config_xattrnames, list) {
 156                 sprintf(temp + offset, "%s\n", xattr->name);
 157                 offset += strlen(xattr->name) + 1;
 158         }
 159
 160         mutex_unlock(&xattr_list_mutex);
 161         rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
 162
 163         kfree(temp);
 164
 165         return rc;
 166 }
 167
 168 /**
 169  * evm_write_xattrs - write() for <securityfs>/evm_xattrs
 170  * @file: file pointer, not actually used
 171  * @buf: where to get the data from
 172  * @count: bytes sent
 173  * @ppos: where to start
 174  *
 175  * Returns number of bytes written or error code, as appropriate
 176  */
 177 static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
 178                                 size_t count, loff_t *ppos)
 179 {
 180         int len, err;
 181         struct xattr_list *xattr, *tmp;
 182         struct audit_buffer *ab;
 183         struct iattr newattrs;
 184         struct inode *inode;
 185
 186         if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)
 187                 return -EPERM;
 188
 189         if (*ppos != 0)
 190                 return -EINVAL;
 191
 192         if (count > XATTR_NAME_MAX)
 193                 return -E2BIG;
 194
 195         ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_EVM_XATTR);
 196         if (!ab)
 197                 return -ENOMEM;
 198
 199         xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);
 200         if (!xattr) {
 201                 err = -ENOMEM;
 202                 goto out;
 203         }
 204
 205         xattr->name = memdup_user_nul(buf, count);
 206         if (IS_ERR(xattr->name)) {
 207                 err = PTR_ERR(xattr->name);
 208                 xattr->name = NULL;
 209                 goto out;
 210         }
 211
 212         /* Remove any trailing newline */
 213         len = strlen(xattr->name);
 214         if (len && xattr->name[len-1] == '\n')
 215                 xattr->name[len-1] = '\0';
 216
 217         if (strcmp(xattr->name, ".") == 0) {
 218                 evm_xattrs_locked = 1;
 219                 newattrs.ia_mode = S_IFREG | 0440;
 220                 newattrs.ia_valid = ATTR_MODE;
 221                 inode = evm_xattrs->d_inode;
 222                 inode_lock(inode);
 223                 err = simple_setattr(evm_xattrs, &newattrs);
 224                 inode_unlock(inode);
 225                 audit_log_format(ab, "locked");
 226                 if (!err)
 227                         err = count;
 228                 goto out;
 229         }
 230
 231         audit_log_format(ab, "xattr=");
 232         audit_log_untrustedstring(ab, xattr->name);
 233
 234         if (strncmp(xattr->name, XATTR_SECURITY_PREFIX,
 235                     XATTR_SECURITY_PREFIX_LEN) != 0) {
 236                 err = -EINVAL;
 237                 goto out;
 238         }
 239
 240         /* Guard against races in evm_read_xattrs */
 241         mutex_lock(&xattr_list_mutex);
 242         list_for_each_entry(tmp, &evm_config_xattrnames, list) {
 243                 if (strcmp(xattr->name, tmp->name) == 0) {
 244                         err = -EEXIST;
 245                         mutex_unlock(&xattr_list_mutex);
 246                         goto out;
 247                 }
 248         }
 249         list_add_tail_rcu(&xattr->list, &evm_config_xattrnames);
 250         mutex_unlock(&xattr_list_mutex);
 251
 252         audit_log_format(ab, " res=0");
 253         audit_log_end(ab);
 254         return count;
 255 out:
 256         audit_log_format(ab, " res=%d", err);
 257         audit_log_end(ab);
 258         if (xattr) {
 259                 kfree(xattr->name);
 260                 kfree(xattr);
 261         }
 262         return err;
 263 }
 264
 265 static const struct file_operations evm_xattr_ops = {
 266         .read           = evm_read_xattrs,
 267         .write          = evm_write_xattrs,
 268 };
 269
 270 static int evm_init_xattrs(void)
 271 {
 272         evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL,
 273                                             &evm_xattr_ops);
 274         if (!evm_xattrs || IS_ERR(evm_xattrs))
 275                 return -EFAULT;
 276
 277         return 0;
 278 }
 279 #else
 280 static int evm_init_xattrs(void)
 281 {
 282         return 0;
 283 }
 284 #endif
 285
 286 int __init evm_init_secfs(void)
 287 {
 288         int error = 0;
 289
 290         evm_dir = securityfs_create_dir("evm", integrity_dir);
 291         if (!evm_dir || IS_ERR(evm_dir))
 292                 return -EFAULT;
 293
 294         evm_init_tpm = securityfs_create_file("evm", 0660,
 295                                               evm_dir, NULL, &evm_key_ops);
 296         if (!evm_init_tpm || IS_ERR(evm_init_tpm)) {
 297                 error = -EFAULT;
 298                 goto out;
 299         }
 300
 301         evm_symlink = securityfs_create_symlink("evm", NULL,
 302                                                 "integrity/evm/evm", NULL);
 303         if (!evm_symlink || IS_ERR(evm_symlink)) {
 304                 error = -EFAULT;
 305                 goto out;
 306         }
 307
 308         if (evm_init_xattrs() != 0) {
 309                 error = -EFAULT;
 310                 goto out;
 311         }
 312
 313         return 0;
 314 out:
 315         securityfs_remove(evm_symlink);
 316         securityfs_remove(evm_init_tpm);
 317         securityfs_remove(evm_dir);
 318         return error;
 319 }