search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mm/slub.c: fix corrupted freechain in deactivate_slab()
[linux/fpc-iii.git] / security / integrity / ima / ima_appraise.c
blobaf55c31754a40a02475f378c6e59c881d8ac20d8
1 /*
2 * Copyright (C) 2011 IBM Corporation
3 *
4 * Author:
5 * Mimi Zohar <zohar@us.ibm.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
10 */
11 #include <linux/module.h>
12 #include <linux/file.h>
13 #include <linux/fs.h>
14 #include <linux/xattr.h>
15 #include <linux/magic.h>
16 #include <linux/ima.h>
17 #include <linux/evm.h>
18
19 #include "ima.h"
20
21 static int __init default_appraise_setup(char *str)
22 {
23 if (strncmp(str, "off", 3) == 0)
24 ima_appraise = 0;
25 else if (strncmp(str, "log", 3) == 0)
26 ima_appraise = IMA_APPRAISE_LOG;
27 else if (strncmp(str, "fix", 3) == 0)
28 ima_appraise = IMA_APPRAISE_FIX;
29 return 1;
30 }
31
32 __setup("ima_appraise=", default_appraise_setup);
33
34 /*
35 * ima_must_appraise - set appraise flag
36 *
37 * Return 1 to appraise
38 */
39 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
40 {
41 if (!ima_appraise)
42 return 0;
43
44 return ima_match_policy(inode, func, mask, IMA_APPRAISE, NULL);
45 }
46
47 static int ima_fix_xattr(struct dentry *dentry,
48 struct integrity_iint_cache *iint)
49 {
50 int rc, offset;
51 u8 algo = iint->ima_hash->algo;
52
53 if (algo <= HASH_ALGO_SHA1) {
54 offset = 1;
55 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
56 } else {
57 offset = 0;
58 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
59 iint->ima_hash->xattr.ng.algo = algo;
60 }
61 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
62 &iint->ima_hash->xattr.data[offset],
63 (sizeof(iint->ima_hash->xattr) - offset) +
64 iint->ima_hash->length, 0);
65 return rc;
66 }
67
68 /* Return specific func appraised cached result */
69 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
70 enum ima_hooks func)
71 {
72 switch (func) {
73 case MMAP_CHECK:
74 return iint->ima_mmap_status;
75 case BPRM_CHECK:
76 return iint->ima_bprm_status;
77 case FILE_CHECK:
78 case POST_SETATTR:
79 return iint->ima_file_status;
80 case MODULE_CHECK ... MAX_CHECK - 1:
81 default:
82 return iint->ima_read_status;
83 }
84 }
85
86 static void ima_set_cache_status(struct integrity_iint_cache *iint,
87 enum ima_hooks func,
88 enum integrity_status status)
89 {
90 switch (func) {
91 case MMAP_CHECK:
92 iint->ima_mmap_status = status;
93 break;
94 case BPRM_CHECK:
95 iint->ima_bprm_status = status;
96 break;
97 case FILE_CHECK:
98 case POST_SETATTR:
99 iint->ima_file_status = status;
100 break;
101 case MODULE_CHECK ... MAX_CHECK - 1:
102 default:
103 iint->ima_read_status = status;
104 break;
105 }
106 }
107
108 static void ima_cache_flags(struct integrity_iint_cache *iint,
109 enum ima_hooks func)
110 {
111 switch (func) {
112 case MMAP_CHECK:
113 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
114 break;
115 case BPRM_CHECK:
116 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
117 break;
118 case FILE_CHECK:
119 case POST_SETATTR:
120 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
121 break;
122 case MODULE_CHECK ... MAX_CHECK - 1:
123 default:
124 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);
125 break;
126 }
127 }
128
129 enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
130 int xattr_len)
131 {
132 struct signature_v2_hdr *sig;
133
134 if (!xattr_value || xattr_len < 2)
135 /* return default hash algo */
136 return ima_hash_algo;
137
138 switch (xattr_value->type) {
139 case EVM_IMA_XATTR_DIGSIG:
140 sig = (typeof(sig))xattr_value;
141 if (sig->version != 2 || xattr_len <= sizeof(*sig))
142 return ima_hash_algo;
143 return sig->hash_algo;
144 break;
145 case IMA_XATTR_DIGEST_NG:
146 return xattr_value->digest[0];
147 break;
148 case IMA_XATTR_DIGEST:
149 /* this is for backward compatibility */
150 if (xattr_len == 21) {
151 unsigned int zero = 0;
152 if (!memcmp(&xattr_value->digest[16], &zero, 4))
153 return HASH_ALGO_MD5;
154 else
155 return HASH_ALGO_SHA1;
156 } else if (xattr_len == 17)
157 return HASH_ALGO_MD5;
158 break;
159 }
160
161 /* return default hash algo */
162 return ima_hash_algo;
163 }
164
165 int ima_read_xattr(struct dentry *dentry,
166 struct evm_ima_xattr_data **xattr_value)
167 {
168 ssize_t ret;
169
170 ret = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value,
171 0, GFP_NOFS);
172 if (ret == -EOPNOTSUPP)
173 ret = 0;
174 return ret;
175 }
176
177 /*
178 * ima_appraise_measurement - appraise file measurement
179 *
180 * Call evm_verifyxattr() to verify the integrity of 'security.ima'.
181 * Assuming success, compare the xattr hash with the collected measurement.
182 *
183 * Return 0 on success, error code otherwise
184 */
185 int ima_appraise_measurement(enum ima_hooks func,
186 struct integrity_iint_cache *iint,
187 struct file *file, const unsigned char *filename,
188 struct evm_ima_xattr_data *xattr_value,
189 int xattr_len, int opened)
190 {
191 static const char op[] = "appraise_data";
192 char *cause = "unknown";
193 struct dentry *dentry = file_dentry(file);
194 struct inode *inode = d_backing_inode(dentry);
195 enum integrity_status status = INTEGRITY_UNKNOWN;
196 int rc = xattr_len, hash_start = 0;
197
198 if (!(inode->i_opflags & IOP_XATTR))
199 return INTEGRITY_UNKNOWN;
200
201 if (rc <= 0) {
202 if (rc && rc != -ENODATA)
203 goto out;
204
205 cause = "missing-hash";
206 status = INTEGRITY_NOLABEL;
207 if (opened & FILE_CREATED)
208 iint->flags |= IMA_NEW_FILE;
209 if ((iint->flags & IMA_NEW_FILE) &&
210 (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
211 (inode->i_size == 0)))
212 status = INTEGRITY_PASS;
213 goto out;
214 }
215
216 status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
217 if ((status != INTEGRITY_PASS) &&
218 (status != INTEGRITY_PASS_IMMUTABLE) &&
219 (status != INTEGRITY_UNKNOWN)) {
220 if ((status == INTEGRITY_NOLABEL)
221 || (status == INTEGRITY_NOXATTRS))
222 cause = "missing-HMAC";
223 else if (status == INTEGRITY_FAIL)
224 cause = "invalid-HMAC";
225 goto out;
226 }
227 switch (xattr_value->type) {
228 case IMA_XATTR_DIGEST_NG:
229 /* first byte contains algorithm id */
230 hash_start = 1;
231 case IMA_XATTR_DIGEST:
232 if (iint->flags & IMA_DIGSIG_REQUIRED) {
233 cause = "IMA-signature-required";
234 status = INTEGRITY_FAIL;
235 break;
236 }
237 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
238 if (xattr_len - sizeof(xattr_value->type) - hash_start >=
239 iint->ima_hash->length)
240 /* xattr length may be longer. md5 hash in previous
241 version occupied 20 bytes in xattr, instead of 16
242 */
243 rc = memcmp(&xattr_value->digest[hash_start],
244 iint->ima_hash->digest,
245 iint->ima_hash->length);
246 else
247 rc = -EINVAL;
248 if (rc) {
249 cause = "invalid-hash";
250 status = INTEGRITY_FAIL;
251 break;
252 }
253 status = INTEGRITY_PASS;
254 break;
255 case EVM_IMA_XATTR_DIGSIG:
256 set_bit(IMA_DIGSIG, &iint->atomic_flags);
257 rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
258 (const char *)xattr_value, rc,
259 iint->ima_hash->digest,
260 iint->ima_hash->length);
261 if (rc == -EOPNOTSUPP) {
262 status = INTEGRITY_UNKNOWN;
263 } else if (rc) {
264 cause = "invalid-signature";
265 status = INTEGRITY_FAIL;
266 } else {
267 status = INTEGRITY_PASS;
268 }
269 break;
270 default:
271 status = INTEGRITY_UNKNOWN;
272 cause = "unknown-ima-data";
273 break;
274 }
275
276 out:
277 if (status != INTEGRITY_PASS) {
278 if ((ima_appraise & IMA_APPRAISE_FIX) &&
279 (!xattr_value ||
280 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) {
281 if (!ima_fix_xattr(dentry, iint))
282 status = INTEGRITY_PASS;
283 } else if ((inode->i_size == 0) &&
284 (iint->flags & IMA_NEW_FILE) &&
285 (xattr_value &&
286 xattr_value->type == EVM_IMA_XATTR_DIGSIG)) {
287 status = INTEGRITY_PASS;
288 }
289 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
290 op, cause, rc, 0);
291 } else {
292 ima_cache_flags(iint, func);
293 }
294 ima_set_cache_status(iint, func, status);
295 return status;
296 }
297
298 /*
299 * ima_update_xattr - update 'security.ima' hash value
300 */
301 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
302 {
303 struct dentry *dentry = file_dentry(file);
304 int rc = 0;
305
306 /* do not collect and update hash for digital signatures */
307 if (test_bit(IMA_DIGSIG, &iint->atomic_flags))
308 return;
309
310 if (iint->ima_file_status != INTEGRITY_PASS)
311 return;
312
313 rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo);
314 if (rc < 0)
315 return;
316
317 inode_lock(file_inode(file));
318 ima_fix_xattr(dentry, iint);
319 inode_unlock(file_inode(file));
320 }
321
322 /**
323 * ima_inode_post_setattr - reflect file metadata changes
324 * @dentry: pointer to the affected dentry
325 *
326 * Changes to a dentry's metadata might result in needing to appraise.
327 *
328 * This function is called from notify_change(), which expects the caller
329 * to lock the inode's i_mutex.
330 */
331 void ima_inode_post_setattr(struct dentry *dentry)
332 {
333 struct inode *inode = d_backing_inode(dentry);
334 struct integrity_iint_cache *iint;
335 int must_appraise;
336
337 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode)
338 || !(inode->i_opflags & IOP_XATTR))
339 return;
340
341 must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR);
342 if (!must_appraise)
343 __vfs_removexattr(dentry, XATTR_NAME_IMA);
344 iint = integrity_iint_find(inode);
345 if (iint) {
346 set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
347 if (!must_appraise)
348 clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
349 }
350 }
351
352 /*
353 * ima_protect_xattr - protect 'security.ima'
354 *
355 * Ensure that not just anyone can modify or remove 'security.ima'.
356 */
357 static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name,
358 const void *xattr_value, size_t xattr_value_len)
359 {
360 if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) {
361 if (!capable(CAP_SYS_ADMIN))
362 return -EPERM;
363 return 1;
364 }
365 return 0;
366 }
367
368 static void ima_reset_appraise_flags(struct inode *inode, int digsig)
369 {
370 struct integrity_iint_cache *iint;
371
372 if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode))
373 return;
374
375 iint = integrity_iint_find(inode);
376 if (!iint)
377 return;
378 iint->measured_pcrs = 0;
379 set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);
380 if (digsig)
381 set_bit(IMA_DIGSIG, &iint->atomic_flags);
382 else
383 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
384 }
385
386 int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
387 const void *xattr_value, size_t xattr_value_len)
388 {
389 const struct evm_ima_xattr_data *xvalue = xattr_value;
390 int result;
391
392 result = ima_protect_xattr(dentry, xattr_name, xattr_value,
393 xattr_value_len);
394 if (result == 1) {
395 if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
396 return -EINVAL;
397 ima_reset_appraise_flags(d_backing_inode(dentry),
398 (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
399 result = 0;
400 }
401 return result;
402 }
403
404 int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
405 {
406 int result;
407
408 result = ima_protect_xattr(dentry, xattr_name, NULL, 0);
409 if (result == 1) {
410 ima_reset_appraise_flags(d_backing_inode(dentry), 0);
411 result = 0;
412 }
413 return result;
414 }
Linux with added FPC-III support