^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (C) 2008 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * File: integrity_iint.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * - implements the integrity hooks: integrity_inode_alloc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * integrity_inode_free
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * - cache integrity information associated with an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * using a rbtree tree.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/rbtree.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/lsm_hooks.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include "integrity.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) static struct rb_root integrity_iint_tree = RB_ROOT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) static DEFINE_RWLOCK(integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) static struct kmem_cache *iint_cache __read_mostly;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) struct dentry *integrity_dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * __integrity_iint_find - return the iint associated with an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct rb_node *n = integrity_iint_tree.rb_node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) while (n) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) iint = rb_entry(n, struct integrity_iint_cache, rb_node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) if (inode < iint->inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) n = n->rb_left;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) else if (inode > iint->inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) n = n->rb_right;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) if (!n)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) return iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) * integrity_iint_find - return the iint associated with an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) struct integrity_iint_cache *integrity_iint_find(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) if (!IS_IMA(inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) read_lock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) iint = __integrity_iint_find(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) read_unlock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) return iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) static void iint_free(struct integrity_iint_cache *iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) kfree(iint->ima_hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) iint->ima_hash = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) iint->version = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) iint->flags = 0UL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) iint->atomic_flags = 0UL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) iint->ima_file_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) iint->ima_mmap_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) iint->ima_bprm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) iint->ima_read_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) iint->ima_creds_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) iint->evm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) iint->measured_pcrs = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) kmem_cache_free(iint_cache, iint);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) * integrity_inode_get - find or allocate an iint associated with an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) * @inode: pointer to the inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) * @return: allocated iint
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) * Caller must lock i_mutex
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) struct rb_node **p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) struct rb_node *node, *parent = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) struct integrity_iint_cache *iint, *test_iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * The integrity's "iint_cache" is initialized at security_init(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) * unless it is not included in the ordered list of LSMs enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) * on the boot command line.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) if (!iint_cache)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) panic("%s: lsm=integrity required.\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) iint = integrity_iint_find(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) if (iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) return iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) iint = kmem_cache_alloc(iint_cache, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) if (!iint)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) write_lock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) p = &integrity_iint_tree.rb_node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) while (*p) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) parent = *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) test_iint = rb_entry(parent, struct integrity_iint_cache,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) rb_node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) if (inode < test_iint->inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) p = &(*p)->rb_left;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) p = &(*p)->rb_right;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) iint->inode = inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) node = &iint->rb_node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) inode->i_flags |= S_IMA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) rb_link_node(node, parent, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) rb_insert_color(node, &integrity_iint_tree);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) write_unlock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) return iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) * integrity_inode_free - called on security_inode_free
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) * @inode: pointer to the inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) * Free the integrity information(iint) associated with an inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) void integrity_inode_free(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) if (!IS_IMA(inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) write_lock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) iint = __integrity_iint_find(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) rb_erase(&iint->rb_node, &integrity_iint_tree);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) write_unlock(&integrity_iint_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) iint_free(iint);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) static void init_once(void *foo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) struct integrity_iint_cache *iint = foo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) memset(iint, 0, sizeof(*iint));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) iint->ima_file_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) iint->ima_mmap_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) iint->ima_bprm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) iint->ima_read_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) iint->ima_creds_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) iint->evm_status = INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) mutex_init(&iint->mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static int __init integrity_iintcache_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) iint_cache =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 0, SLAB_PANIC, init_once);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) DEFINE_LSM(integrity) = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) .name = "integrity",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) .init = integrity_iintcache_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) * integrity_kernel_read - read data from the file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) * This is a function for reading file content instead of kernel_read().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) * It does not perform locking checks to ensure it cannot be blocked.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) * It does not perform security checks because it is irrelevant for IMA.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) int integrity_kernel_read(struct file *file, loff_t offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) void *addr, unsigned long count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) return __kernel_read(file, addr, count, &offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) * integrity_load_keys - load integrity keys hook
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) * Hooks is called from init/main.c:kernel_init_freeable()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) * when rootfs is ready
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) void __init integrity_load_keys(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) ima_load_x509();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) evm_load_x509();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) static int __init integrity_fs_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) integrity_dir = securityfs_create_dir("integrity", NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) if (IS_ERR(integrity_dir)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) int ret = PTR_ERR(integrity_dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) if (ret != -ENODEV)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) pr_err("Unable to create integrity sysfs dir: %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) integrity_dir = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) late_initcall(integrity_fs_init)
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags