search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
clk: samsung: Add bus clock for GPU/G3D on Exynos4412
[linux/fpc-iii.git] / security / integrity / ima / ima_appraise.c
blob5fb7127bbe68e154abee6039036482b14c1ea77a
1 /*
2 * Copyright (C) 2011 IBM Corporation
3 *
4 * Author:
5 * Mimi Zohar <zohar@us.ibm.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
10 */
11 #include <linux/init.h>
12 #include <linux/file.h>
13 #include <linux/fs.h>
14 #include <linux/xattr.h>
15 #include <linux/magic.h>
16 #include <linux/ima.h>
17 #include <linux/evm.h>
18
19 #include "ima.h"
20
21 static int __init default_appraise_setup(char *str)
22 {
23 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
24 if (strncmp(str, "off", 3) == 0)
25 ima_appraise = 0;
26 else if (strncmp(str, "log", 3) == 0)
27 ima_appraise = IMA_APPRAISE_LOG;
28 else if (strncmp(str, "fix", 3) == 0)
29 ima_appraise = IMA_APPRAISE_FIX;
30 #endif
31 return 1;
32 }
33
34 __setup("ima_appraise=", default_appraise_setup);
35
36 /*
37 * is_ima_appraise_enabled - return appraise status
38 *
39 * Only return enabled, if not in ima_appraise="fix" or "log" modes.
40 */
41 bool is_ima_appraise_enabled(void)
42 {
43 return ima_appraise & IMA_APPRAISE_ENFORCE;
44 }
45
46 /*
47 * ima_must_appraise - set appraise flag
48 *
49 * Return 1 to appraise or hash
50 */
51 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
52 {
53 u32 secid;
54
55 if (!ima_appraise)
56 return 0;
57
58 security_task_getsecid(current, &secid);
59 return ima_match_policy(inode, current_cred(), secid, func, mask,
60 IMA_APPRAISE | IMA_HASH, NULL);
61 }
62
63 static int ima_fix_xattr(struct dentry *dentry,
64 struct integrity_iint_cache *iint)
65 {
66 int rc, offset;
67 u8 algo = iint->ima_hash->algo;
68
69 if (algo <= HASH_ALGO_SHA1) {
70 offset = 1;
71 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
72 } else {
73 offset = 0;
74 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
75 iint->ima_hash->xattr.ng.algo = algo;
76 }
77 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
78 &iint->ima_hash->xattr.data[offset],
79 (sizeof(iint->ima_hash->xattr) - offset) +
80 iint->ima_hash->length, 0);
81 return rc;
82 }
83
84 /* Return specific func appraised cached result */
85 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
86 enum ima_hooks func)
87 {
88 switch (func) {
89 case MMAP_CHECK:
90 return iint->ima_mmap_status;
91 case BPRM_CHECK:
92 return iint->ima_bprm_status;
93 case CREDS_CHECK:
94 return iint->ima_creds_status;
95 case FILE_CHECK:
96 case POST_SETATTR:
97 return iint->ima_file_status;
98 case MODULE_CHECK ... MAX_CHECK - 1:
99 default:
100 return iint->ima_read_status;
101 }
102 }
103
104 static void ima_set_cache_status(struct integrity_iint_cache *iint,
105 enum ima_hooks func,
106 enum integrity_status status)
107 {
108 switch (func) {
109 case MMAP_CHECK:
110 iint->ima_mmap_status = status;
111 break;
112 case BPRM_CHECK:
113 iint->ima_bprm_status = status;
114 break;
115 case CREDS_CHECK:
116 iint->ima_creds_status = status;
117 break;
118 case FILE_CHECK:
119 case POST_SETATTR:
120 iint->ima_file_status = status;
121 break;
122 case MODULE_CHECK ... MAX_CHECK - 1:
123 default:
124 iint->ima_read_status = status;
125 break;
126 }
127 }
128
129 static void ima_cache_flags(struct integrity_iint_cache *iint,
130 enum ima_hooks func)
131 {
132 switch (func) {
133 case MMAP_CHECK:
134 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
135 break;
136 case BPRM_CHECK:
137 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
138 break;
139 case CREDS_CHECK:
140 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);
141 break;
142 case FILE_CHECK:
143 case POST_SETATTR:
144 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
145 break;
146 case MODULE_CHECK ... MAX_CHECK - 1:
147 default:
148 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);
149 break;
150 }
151 }
152
153 enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
154 int xattr_len)
155 {
156 struct signature_v2_hdr *sig;
157 enum hash_algo ret;
158
159 if (!xattr_value || xattr_len < 2)
160 /* return default hash algo */
161 return ima_hash_algo;
162
163 switch (xattr_value->type) {
164 case EVM_IMA_XATTR_DIGSIG:
165 sig = (typeof(sig))xattr_value;
166 if (sig->version != 2 || xattr_len <= sizeof(*sig))
167 return ima_hash_algo;
168 return sig->hash_algo;
169 break;
170 case IMA_XATTR_DIGEST_NG:
171 ret = xattr_value->digest[0];
172 if (ret < HASH_ALGO__LAST)
173 return ret;
174 break;
175 case IMA_XATTR_DIGEST:
176 /* this is for backward compatibility */
177 if (xattr_len == 21) {
178 unsigned int zero = 0;
179 if (!memcmp(&xattr_value->digest[16], &zero, 4))
180 return HASH_ALGO_MD5;
181 else
182 return HASH_ALGO_SHA1;
183 } else if (xattr_len == 17)
184 return HASH_ALGO_MD5;
185 break;
186 }
187
188 /* return default hash algo */
189 return ima_hash_algo;
190 }
191
192 int ima_read_xattr(struct dentry *dentry,
193 struct evm_ima_xattr_data **xattr_value)
194 {
195 ssize_t ret;
196
197 ret = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value,
198 0, GFP_NOFS);
199 if (ret == -EOPNOTSUPP)
200 ret = 0;
201 return ret;
202 }
203
204 /*
205 * ima_appraise_measurement - appraise file measurement
206 *
207 * Call evm_verifyxattr() to verify the integrity of 'security.ima'.
208 * Assuming success, compare the xattr hash with the collected measurement.
209 *
210 * Return 0 on success, error code otherwise
211 */
212 int ima_appraise_measurement(enum ima_hooks func,
213 struct integrity_iint_cache *iint,
214 struct file *file, const unsigned char *filename,
215 struct evm_ima_xattr_data *xattr_value,
216 int xattr_len)
217 {
218 static const char op[] = "appraise_data";
219 const char *cause = "unknown";
220 struct dentry *dentry = file_dentry(file);
221 struct inode *inode = d_backing_inode(dentry);
222 enum integrity_status status = INTEGRITY_UNKNOWN;
223 int rc = xattr_len, hash_start = 0;
224
225 if (!(inode->i_opflags & IOP_XATTR))
226 return INTEGRITY_UNKNOWN;
227
228 if (rc <= 0) {
229 if (rc && rc != -ENODATA)
230 goto out;
231
232 cause = iint->flags & IMA_DIGSIG_REQUIRED ?
233 "IMA-signature-required" : "missing-hash";
234 status = INTEGRITY_NOLABEL;
235 if (file->f_mode & FMODE_CREATED)
236 iint->flags |= IMA_NEW_FILE;
237 if ((iint->flags & IMA_NEW_FILE) &&
238 (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
239 (inode->i_size == 0)))
240 status = INTEGRITY_PASS;
241 goto out;
242 }
243
244 status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
245 switch (status) {
246 case INTEGRITY_PASS:
247 case INTEGRITY_PASS_IMMUTABLE:
248 case INTEGRITY_UNKNOWN:
249 break;
250 case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */
251 case INTEGRITY_NOLABEL: /* No security.evm xattr. */
252 cause = "missing-HMAC";
253 goto out;
254 case INTEGRITY_FAIL: /* Invalid HMAC/signature. */
255 cause = "invalid-HMAC";
256 goto out;
257 default:
258 WARN_ONCE(true, "Unexpected integrity status %d\n", status);
259 }
260
261 switch (xattr_value->type) {
262 case IMA_XATTR_DIGEST_NG:
263 /* first byte contains algorithm id */
264 hash_start = 1;
265 /* fall through */
266 case IMA_XATTR_DIGEST:
267 if (iint->flags & IMA_DIGSIG_REQUIRED) {
268 cause = "IMA-signature-required";
269 status = INTEGRITY_FAIL;
270 break;
271 }
272 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
273 if (xattr_len - sizeof(xattr_value->type) - hash_start >=
274 iint->ima_hash->length)
275 /* xattr length may be longer. md5 hash in previous
276 version occupied 20 bytes in xattr, instead of 16
277 */
278 rc = memcmp(&xattr_value->digest[hash_start],
279 iint->ima_hash->digest,
280 iint->ima_hash->length);
281 else
282 rc = -EINVAL;
283 if (rc) {
284 cause = "invalid-hash";
285 status = INTEGRITY_FAIL;
286 break;
287 }
288 status = INTEGRITY_PASS;
289 break;
290 case EVM_IMA_XATTR_DIGSIG:
291 set_bit(IMA_DIGSIG, &iint->atomic_flags);
292 rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
293 (const char *)xattr_value,
294 xattr_len,
295 iint->ima_hash->digest,
296 iint->ima_hash->length);
297 if (rc == -EOPNOTSUPP) {
298 status = INTEGRITY_UNKNOWN;
299 break;
300 }
301 if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc &&
302 func == KEXEC_KERNEL_CHECK)
303 rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM,
304 (const char *)xattr_value,
305 xattr_len,
306 iint->ima_hash->digest,
307 iint->ima_hash->length);
308 if (rc) {
309 cause = "invalid-signature";
310 status = INTEGRITY_FAIL;
311 } else {
312 status = INTEGRITY_PASS;
313 }
314 break;
315 default:
316 status = INTEGRITY_UNKNOWN;
317 cause = "unknown-ima-data";
318 break;
319 }
320
321 out:
322 /*
323 * File signatures on some filesystems can not be properly verified.
324 * When such filesystems are mounted by an untrusted mounter or on a
325 * system not willing to accept such a risk, fail the file signature
326 * verification.
327 */
328 if ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&
329 ((inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) ||
330 (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {
331 status = INTEGRITY_FAIL;
332 cause = "unverifiable-signature";
333 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
334 op, cause, rc, 0);
335 } else if (status != INTEGRITY_PASS) {
336 /* Fix mode, but don't replace file signatures. */
337 if ((ima_appraise & IMA_APPRAISE_FIX) &&
338 (!xattr_value ||
339 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) {
340 if (!ima_fix_xattr(dentry, iint))
341 status = INTEGRITY_PASS;
342 }
343
344 /* Permit new files with file signatures, but without data. */
345 if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&
346 xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) {
347 status = INTEGRITY_PASS;
348 }
349
350 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
351 op, cause, rc, 0);
352 } else {
353 ima_cache_flags(iint, func);
354 }
355
356 ima_set_cache_status(iint, func, status);
357 return status;
358 }
359
360 /*
361 * ima_update_xattr - update 'security.ima' hash value
362 */
363 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
364 {
365 struct dentry *dentry = file_dentry(file);
366 int rc = 0;
367
368 /* do not collect and update hash for digital signatures */
369 if (test_bit(IMA_DIGSIG, &iint->atomic_flags))
370 return;
371
372 if ((iint->ima_file_status != INTEGRITY_PASS) &&
373 !(iint->flags & IMA_HASH))
374 return;
375
376 rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo);
377 if (rc < 0)
378 return;
379
380 inode_lock(file_inode(file));
381 ima_fix_xattr(dentry, iint);
382 inode_unlock(file_inode(file));
383 }
384
385 /**
386 * ima_inode_post_setattr - reflect file metadata changes
387 * @dentry: pointer to the affected dentry
388 *
389 * Changes to a dentry's metadata might result in needing to appraise.
390 *
391 * This function is called from notify_change(), which expects the caller
392 * to lock the inode's i_mutex.
393 */
394 void ima_inode_post_setattr(struct dentry *dentry)
395 {
396 struct inode *inode = d_backing_inode(dentry);
397 struct integrity_iint_cache *iint;
398 int action;
399
400 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode)
401 || !(inode->i_opflags & IOP_XATTR))
402 return;
403
404 action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR);
405 if (!action)
406 __vfs_removexattr(dentry, XATTR_NAME_IMA);
407 iint = integrity_iint_find(inode);
408 if (iint) {
409 set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
410 if (!action)
411 clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
412 }
413 }
414
415 /*
416 * ima_protect_xattr - protect 'security.ima'
417 *
418 * Ensure that not just anyone can modify or remove 'security.ima'.
419 */
420 static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name,
421 const void *xattr_value, size_t xattr_value_len)
422 {
423 if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) {
424 if (!capable(CAP_SYS_ADMIN))
425 return -EPERM;
426 return 1;
427 }
428 return 0;
429 }
430
431 static void ima_reset_appraise_flags(struct inode *inode, int digsig)
432 {
433 struct integrity_iint_cache *iint;
434
435 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode))
436 return;
437
438 iint = integrity_iint_find(inode);
439 if (!iint)
440 return;
441 iint->measured_pcrs = 0;
442 set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);
443 if (digsig)
444 set_bit(IMA_DIGSIG, &iint->atomic_flags);
445 else
446 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
447 }
448
449 int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
450 const void *xattr_value, size_t xattr_value_len)
451 {
452 const struct evm_ima_xattr_data *xvalue = xattr_value;
453 int result;
454
455 result = ima_protect_xattr(dentry, xattr_name, xattr_value,
456 xattr_value_len);
457 if (result == 1) {
458 if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
459 return -EINVAL;
460 ima_reset_appraise_flags(d_backing_inode(dentry),
461 xvalue->type == EVM_IMA_XATTR_DIGSIG);
462 result = 0;
463 }
464 return result;
465 }
466
467 int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
468 {
469 int result;
470
471 result = ima_protect_xattr(dentry, xattr_name, NULL, 0);
472 if (result == 1) {
473 ima_reset_appraise_flags(d_backing_inode(dentry), 0);
474 result = 0;
475 }
476 return result;
477 }
Linux with added FPC-III support