Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/integrity/evm/evm_main.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright (C) 2005-2010 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Author:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Kylene Hall <kjhall@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  * File: evm_main.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *	implements evm_inode_setxattr, evm_inode_post_setxattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  *	evm_inode_removexattr, and evm_verifyxattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/xattr.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/integrity.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/evm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/magic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <crypto/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #include <crypto/hash_info.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #include "evm.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) int evm_initialized;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) static const char * const integrity_status_msg[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 	"pass", "pass_immutable", "fail", "no_label", "no_xattrs", "unknown"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) int evm_hmac_attrs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) static struct xattr_list evm_config_default_xattrnames[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) #ifdef CONFIG_SECURITY_SELINUX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	{.name = XATTR_NAME_SELINUX},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #ifdef CONFIG_SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	{.name = XATTR_NAME_SMACK},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	{.name = XATTR_NAME_SMACKEXEC},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 	{.name = XATTR_NAME_SMACKTRANSMUTE},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	{.name = XATTR_NAME_SMACKMMAP},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) #ifdef CONFIG_SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	{.name = XATTR_NAME_APPARMOR},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) #ifdef CONFIG_IMA_APPRAISE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	{.name = XATTR_NAME_IMA},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	{.name = XATTR_NAME_CAPS},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) LIST_HEAD(evm_config_xattrnames);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) static int evm_fixmode __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) static int __init evm_set_fixmode(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	if (strncmp(str, "fix", 3) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		evm_fixmode = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		pr_err("invalid \"%s\" mode", str);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) __setup("evm=", evm_set_fixmode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) static void __init evm_init_config(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	int i, xattrs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	xattrs = ARRAY_SIZE(evm_config_default_xattrnames);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	pr_info("Initialising EVM extended attributes:\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	for (i = 0; i < xattrs; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		pr_info("%s\n", evm_config_default_xattrnames[i].name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		list_add_tail(&evm_config_default_xattrnames[i].list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 			      &evm_config_xattrnames);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) #ifdef CONFIG_EVM_ATTR_FSUUID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	evm_hmac_attrs |= EVM_ATTR_FSUUID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	pr_info("HMAC attrs: 0x%x\n", evm_hmac_attrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) static bool evm_key_loaded(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	return (bool)(evm_initialized & EVM_KEY_MASK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) static int evm_find_protected_xattrs(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	struct xattr_list *xattr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	int count = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	if (!(inode->i_opflags & IOP_XATTR))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 		error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 				       XATTR_NOSECURITY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 		if (error < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 			if (error == -ENODATA)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 				continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 			return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		count++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	return count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)  * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)  * Compute the HMAC on the dentry's protected set of extended attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)  * and compare it against the stored security.evm xattr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)  * For performance:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)  * - use the previoulsy retrieved xattr value and length to calculate the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125)  *   HMAC.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)  * - cache the verification result in the iint, when available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)  * Returns integrity status
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) static enum integrity_status evm_verify_hmac(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 					     const char *xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 					     char *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 					     size_t xattr_value_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 					     struct integrity_iint_cache *iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	struct evm_ima_xattr_data *xattr_data = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	struct signature_v2_hdr *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	enum integrity_status evm_status = INTEGRITY_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	struct evm_digest digest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	struct inode *inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	int rc, xattr_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	if (iint && (iint->evm_status == INTEGRITY_PASS ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		     iint->evm_status == INTEGRITY_PASS_IMMUTABLE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		return iint->evm_status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	/* if status is not PASS, try to check again - against -ENOMEM */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 	/* first need to know the sig type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 				GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	if (rc <= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		evm_status = INTEGRITY_FAIL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 		if (rc == -ENODATA) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 			rc = evm_find_protected_xattrs(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 			if (rc > 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 				evm_status = INTEGRITY_NOLABEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 			else if (rc == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 				evm_status = INTEGRITY_NOXATTRS; /* new file */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 		} else if (rc == -EOPNOTSUPP) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 			evm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	xattr_len = rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	/* check value type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	switch (xattr_data->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	case EVM_XATTR_HMAC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 		if (xattr_len != sizeof(struct evm_xattr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 			evm_status = INTEGRITY_FAIL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		digest.hdr.algo = HASH_ALGO_SHA1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 		rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 				   xattr_value_len, &digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 		rc = crypto_memneq(xattr_data->data, digest.digest,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 				   SHA1_DIGEST_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 			rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	case EVM_IMA_XATTR_DIGSIG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	case EVM_XATTR_PORTABLE_DIGSIG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		/* accept xattr with non-empty signature field */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 		if (xattr_len <= sizeof(struct signature_v2_hdr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 			evm_status = INTEGRITY_FAIL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 		hdr = (struct signature_v2_hdr *)xattr_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		digest.hdr.algo = hdr->hash_algo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 		rc = evm_calc_hash(dentry, xattr_name, xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 				   xattr_value_len, xattr_data->type, &digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 					(const char *)xattr_data, xattr_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 					digest.digest, digest.hdr.length);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 		if (!rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 			inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 			if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 				if (iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 					iint->flags |= EVM_IMMUTABLE_DIGSIG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 				evm_status = INTEGRITY_PASS_IMMUTABLE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 			} else if (!IS_RDONLY(inode) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 				   !(inode->i_sb->s_readonly_remount) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 				   !IS_IMMUTABLE(inode)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 				evm_update_evmxattr(dentry, xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 						    xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 						    xattr_value_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		evm_status = (rc == -ENODATA) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 				INTEGRITY_NOXATTRS : INTEGRITY_FAIL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	if (iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 		iint->evm_status = evm_status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	kfree(xattr_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	return evm_status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) static int evm_protected_xattr(const char *req_xattr_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	int namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	int found = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	struct xattr_list *xattr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	namelen = strlen(req_xattr_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 		if ((strlen(xattr->name) == namelen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 		    && (strncmp(req_xattr_name, xattr->name, namelen) == 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 			found = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 		if (strncmp(req_xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 			    xattr->name + XATTR_SECURITY_PREFIX_LEN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 			    strlen(req_xattr_name)) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 			found = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 	return found;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259)  * evm_verifyxattr - verify the integrity of the requested xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260)  * @dentry: object of the verify xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261)  * @xattr_name: requested xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)  * @xattr_value: requested xattr value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)  * @xattr_value_len: requested xattr value length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)  * Calculate the HMAC for the given dentry and verify it against the stored
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)  * security.evm xattr. For performance, use the xattr value and length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)  * previously retrieved to calculate the HMAC.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)  * Returns the xattr integrity status.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271)  * This function requires the caller to lock the inode's i_mutex before it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)  * is executed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) enum integrity_status evm_verifyxattr(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 				      const char *xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 				      void *xattr_value, size_t xattr_value_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 				      struct integrity_iint_cache *iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 	if (!evm_key_loaded() || !evm_protected_xattr(xattr_name))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 		return INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	if (!iint) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 		iint = integrity_iint_find(d_backing_inode(dentry));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 		if (!iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 			return INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	return evm_verify_hmac(dentry, xattr_name, xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 				 xattr_value_len, iint);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) EXPORT_SYMBOL_GPL(evm_verifyxattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293)  * evm_verify_current_integrity - verify the dentry's metadata integrity
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296)  * Verify and return the dentry's metadata integrity. The exceptions are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297)  * before EVM is initialized or in 'fix' mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) static enum integrity_status evm_verify_current_integrity(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 	struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 	if (!evm_key_loaded() || !S_ISREG(inode->i_mode) || evm_fixmode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 	return evm_verify_hmac(dentry, NULL, NULL, 0, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309)  * evm_protect_xattr - protect the EVM extended attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)  * Prevent security.evm from being modified or removed without the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312)  * necessary permissions or when the existing value is invalid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)  * The posix xattr acls are 'system' prefixed, which normally would not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315)  * affect security.evm.  An interesting side affect of writing posix xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)  * acls is their modifying of the i_mode, which is included in security.evm.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)  * For posix xattr acls only, permit security.evm, even if it currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318)  * doesn't exist, to be updated unless the EVM signature is immutable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 			     const void *xattr_value, size_t xattr_value_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 	enum integrity_status evm_status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 	if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 		if (!capable(CAP_SYS_ADMIN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 			return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 	} else if (!evm_protected_xattr(xattr_name)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 		if (!posix_xattr_acl(xattr_name))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 		evm_status = evm_verify_current_integrity(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 		if ((evm_status == INTEGRITY_PASS) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 		    (evm_status == INTEGRITY_NOXATTRS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 	evm_status = evm_verify_current_integrity(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 	if (evm_status == INTEGRITY_NOXATTRS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 		struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 		iint = integrity_iint_find(d_backing_inode(dentry));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 		if (iint && (iint->flags & IMA_NEW_FILE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 		/* exception for pseudo filesystems */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 		if (dentry->d_sb->s_magic == TMPFS_MAGIC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 		    || dentry->d_sb->s_magic == SYSFS_MAGIC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 		integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 				    dentry->d_inode, dentry->d_name.name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 				    "update_metadata",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 				    integrity_status_msg[evm_status],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 				    -EPERM, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 	if (evm_status != INTEGRITY_PASS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 		integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 				    dentry->d_name.name, "appraise_metadata",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 				    integrity_status_msg[evm_status],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 				    -EPERM, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	return evm_status == INTEGRITY_PASS ? 0 : -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367)  * evm_inode_setxattr - protect the EVM extended attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369)  * @xattr_name: pointer to the affected extended attribute name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)  * @xattr_value: pointer to the new extended attribute value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371)  * @xattr_value_len: pointer to the new extended attribute value length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373)  * Before allowing the 'security.evm' protected xattr to be updated,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374)  * verify the existing value is valid.  As only the kernel should have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)  * access to the EVM encrypted key needed to calculate the HMAC, prevent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376)  * userspace from writing HMAC value.  Writing 'security.evm' requires
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377)  * requires CAP_SYS_ADMIN privileges.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 		       const void *xattr_value, size_t xattr_value_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 	const struct evm_ima_xattr_data *xattr_data = xattr_value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 	/* Policy permits modification of the protected xattrs even though
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 	 * there's no HMAC key loaded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	if (evm_initialized & EVM_ALLOW_METADATA_WRITES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 	if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 		if (!xattr_value_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 		if (xattr_data->type != EVM_IMA_XATTR_DIGSIG &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 		    xattr_data->type != EVM_XATTR_PORTABLE_DIGSIG)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 			return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 	return evm_protect_xattr(dentry, xattr_name, xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 				 xattr_value_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402)  * evm_inode_removexattr - protect the EVM extended attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404)  * @xattr_name: pointer to the affected extended attribute name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)  * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)  * the current value is valid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 	/* Policy permits modification of the protected xattrs even though
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 	 * there's no HMAC key loaded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	if (evm_initialized & EVM_ALLOW_METADATA_WRITES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 	return evm_protect_xattr(dentry, xattr_name, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) static void evm_reset_status(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 	struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 	iint = integrity_iint_find(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 	if (iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 		iint->evm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)  * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432)  * @xattr_name: pointer to the affected extended attribute name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)  * @xattr_value: pointer to the new extended attribute value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434)  * @xattr_value_len: pointer to the new extended attribute value length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436)  * Update the HMAC stored in 'security.evm' to reflect the change.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438)  * No need to take the i_mutex lock here, as this function is called from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)  * __vfs_setxattr_noperm().  The caller of which has taken the inode's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440)  * i_mutex lock.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 			     const void *xattr_value, size_t xattr_value_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 	if (!evm_key_loaded() || (!evm_protected_xattr(xattr_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 				  && !posix_xattr_acl(xattr_name)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 	evm_reset_status(dentry->d_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) 	evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)  * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)  * @xattr_name: pointer to the affected extended attribute name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)  * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)  * No need to take the i_mutex lock here, as this function is called from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462)  * vfs_removexattr() which takes the i_mutex.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 	if (!evm_key_loaded() || !evm_protected_xattr(xattr_name))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 	evm_reset_status(dentry->d_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 	evm_update_evmxattr(dentry, xattr_name, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475)  * evm_inode_setattr - prevent updating an invalid EVM extended attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)  * Permit update of file attributes when files have a valid EVM signature,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479)  * except in the case of them having an immutable portable signature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 	unsigned int ia_valid = attr->ia_valid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 	enum integrity_status evm_status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) 	/* Policy permits modification of the protected attrs even though
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) 	 * there's no HMAC key loaded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	if (evm_initialized & EVM_ALLOW_METADATA_WRITES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 	if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) 	evm_status = evm_verify_current_integrity(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 	if ((evm_status == INTEGRITY_PASS) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 	    (evm_status == INTEGRITY_NOXATTRS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 	integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 			    dentry->d_name.name, "appraise_metadata",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 			    integrity_status_msg[evm_status], -EPERM, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505)  * evm_inode_post_setattr - update 'security.evm' after modifying metadata
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)  * @dentry: pointer to the affected dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507)  * @ia_valid: for the UID and GID status
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509)  * For now, update the HMAC stored in 'security.evm' to reflect UID/GID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510)  * changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512)  * This function is called from notify_change(), which expects the caller
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513)  * to lock the inode's i_mutex.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) 	if (!evm_key_loaded())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 	if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) 		evm_update_evmxattr(dentry, NULL, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525)  * evm_inode_init_security - initializes security.evm HMAC value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) int evm_inode_init_security(struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) 				 const struct xattr *lsm_xattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) 				 struct xattr *evm_xattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) 	struct evm_xattr *xattr_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) 	if (!(evm_initialized & EVM_INIT_HMAC) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) 	    !evm_protected_xattr(lsm_xattr->name))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) 	xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) 	if (!xattr_data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) 	xattr_data->data.type = EVM_XATTR_HMAC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) 	rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) 	if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) 	evm_xattr->value = xattr_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) 	evm_xattr->value_len = sizeof(*xattr_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) 	evm_xattr->name = XATTR_EVM_SUFFIX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) 	kfree(xattr_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) EXPORT_SYMBOL_GPL(evm_inode_init_security);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) #ifdef CONFIG_EVM_LOAD_X509
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) void __init evm_load_x509(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) 	rc = integrity_load_x509(INTEGRITY_KEYRING_EVM, CONFIG_EVM_X509_PATH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) 	if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) 		evm_initialized |= EVM_INIT_X509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) static int __init init_evm(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) 	int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) 	struct list_head *pos, *q;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) 	evm_init_config();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) 	error = integrity_init_keyring(INTEGRITY_KEYRING_EVM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) 	if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) 	error = evm_init_secfs();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) 	if (error < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) 		pr_info("Error registering secfs\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) 	if (error != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) 		if (!list_empty(&evm_config_xattrnames)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) 			list_for_each_safe(pos, q, &evm_config_xattrnames)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) 				list_del(pos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) 	return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) late_initcall(init_evm);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.