^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (C) 2008 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Author: Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * File: ima_api.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Implements must_appraise_or_measure, collect_measurement,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * appraise_measurement, store_measurement and store_template.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/xattr.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/evm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/iversion.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include "ima.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * ima_free_template_entry - free an existing template entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) void ima_free_template_entry(struct ima_template_entry *entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) for (i = 0; i < entry->template_desc->num_fields; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) kfree(entry->template_data[i].data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) kfree(entry->digests);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) kfree(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * ima_alloc_init_template - create and initialize a new template entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) int ima_alloc_init_template(struct ima_event_data *event_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) struct ima_template_entry **entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) struct ima_template_desc *desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) struct ima_template_desc *template_desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) struct tpm_digest *digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) int i, result = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) if (desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) template_desc = desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) template_desc = ima_template_desc_current();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) *entry = kzalloc(struct_size(*entry, template_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) template_desc->num_fields), GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) if (!*entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) sizeof(*digests), GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) if (!digests) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) kfree(*entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) *entry = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) (*entry)->digests = digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) (*entry)->template_desc = template_desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) for (i = 0; i < template_desc->num_fields; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) const struct ima_template_field *field =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) template_desc->fields[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) result = field->field_init(event_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) &((*entry)->template_data[i]));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) if (result != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) len = (*entry)->template_data[i].len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) (*entry)->template_data_len += sizeof(len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) (*entry)->template_data_len += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) ima_free_template_entry(*entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) *entry = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) * ima_store_template - store ima template measurements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) * Calculate the hash of a template entry, add the template entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) * to an ordered list of measurement entries maintained inside the kernel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) * and also update the aggregate integrity value (maintained inside the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) * configured TPM PCR) over the hashes of the current list of measurement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) * entries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) * Applications retrieve the current kernel-held measurement list through
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) * the securityfs entries in /sys/kernel/security/ima. The signed aggregate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) * TPM PCR (called quote) can be retrieved using a TPM user space library
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) * and is used to validate the measurement list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) * Returns 0 on success, error code otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) int ima_store_template(struct ima_template_entry *entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) int violation, struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) const unsigned char *filename, int pcr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) static const char op[] = "add_template_measure";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) static const char audit_cause[] = "hashing_error";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) char *template_name = entry->template_desc->name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) int result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) if (!violation) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) result = ima_calc_field_array_hash(&entry->template_data[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) if (result < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) template_name, op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) audit_cause, result, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) entry->pcr = pcr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) result = ima_add_template_entry(entry, violation, op, inode, filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) * ima_add_violation - add violation to measurement list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) * Violations are flagged in the measurement list with zero hash values.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) * By extending the PCR with 0xFF's instead of with zeroes, the PCR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * value is invalidated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) void ima_add_violation(struct file *file, const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) const char *op, const char *cause)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) struct ima_template_entry *entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) struct ima_event_data event_data = { .iint = iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) .file = file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) .filename = filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) .violation = cause };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) int violation = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) int result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) /* can overflow, only indicator */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) atomic_long_inc(&ima_htable.violations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) result = ima_alloc_init_template(&event_data, &entry, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) if (result < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) result = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) goto err_out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) result = ima_store_template(entry, violation, inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) filename, CONFIG_IMA_MEASURE_PCR_IDX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) if (result < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) ima_free_template_entry(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) err_out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) op, cause, result, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) * ima_get_action - appraise & measure decision based on policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) * @inode: pointer to the inode associated with the object being validated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) * @cred: pointer to credentials structure to validate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) * @secid: secid of the task being validated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) * MAY_APPEND)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) * @func: caller identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) * @pcr: pointer filled in if matched measure policy sets pcr=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) * @template_desc: pointer filled in if matched measure policy sets template=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) * @keyring: keyring name used to determine the action
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) * The policy is defined in terms of keypairs:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) * subj=, obj=, type=, func=, mask=, fsmagic=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) * subj,obj, and type: are LSM specific.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * | KEXEC_CMDLINE | KEY_CHECK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) * mask: contains the permission mask
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) * fsmagic: hex value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) * Returns IMA_MEASURE, IMA_APPRAISE mask.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) int mask, enum ima_hooks func, int *pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) struct ima_template_desc **template_desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) const char *keyring)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) flags &= ima_policy_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) return ima_match_policy(inode, cred, secid, func, mask, flags, pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) template_desc, keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) * ima_collect_measurement - collect file measurement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) * Calculate the file hash, if it doesn't already exist,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) * storing the measurement and i_version in the iint.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) * Must be called with iint->mutex held.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) * Return 0 on success, error code otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) int ima_collect_measurement(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) struct file *file, void *buf, loff_t size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) enum hash_algo algo, struct modsig *modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) const char *audit_cause = "failed";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) const char *filename = file->f_path.dentry->d_name.name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) int result = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) int length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) void *tmpbuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) u64 i_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) struct ima_digest_data hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) char digest[IMA_MAX_DIGEST_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) } hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) * Always collect the modsig, because IMA might have already collected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) * the file digest without collecting the modsig in a previous
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) * measurement rule.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) if (modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) ima_collect_modsig(modsig, buf, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) if (iint->flags & IMA_COLLECTED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) * Dectecting file change is based on i_version. On filesystems
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) * which do not support i_version, support is limited to an initial
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) * measurement/appraisal/audit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) i_version = inode_query_iversion(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) hash.hdr.algo = algo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) /* Initialize hash digest to 0's in case of failure */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) memset(&hash.digest, 0, sizeof(hash.digest));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) if (buf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) result = ima_calc_buffer_hash(buf, size, &hash.hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) result = ima_calc_file_hash(file, &hash.hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) if (result && result != -EBADF && result != -EINVAL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) length = sizeof(hash.hdr) + hash.hdr.length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) tmpbuf = krealloc(iint->ima_hash, length, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) if (!tmpbuf) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) result = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) iint->ima_hash = tmpbuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) memcpy(iint->ima_hash, &hash, length);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) iint->version = i_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) /* Possibly temporary failure due to type of read (eg. O_DIRECT) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (!result)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) iint->flags |= IMA_COLLECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) if (result) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) if (file->f_flags & O_DIRECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) audit_cause = "failed(directio)";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) filename, "collect_data", audit_cause,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) result, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) * ima_store_measurement - store file measurement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) * Create an "ima" template and then store the template by calling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) * ima_store_template.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) * We only get here if the inode has not already been measured,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) * but the measurement could already exist:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) * - multiple copies of the same file on either the same or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) * different filesystems.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) * - the inode was previously flushed as well as the iint info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) * containing the hashing info.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) * Must be called with iint->mutex held.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) void ima_store_measurement(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) struct file *file, const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) struct evm_ima_xattr_data *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) int xattr_len, const struct modsig *modsig, int pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) struct ima_template_desc *template_desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) static const char op[] = "add_template_measure";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) static const char audit_cause[] = "ENOMEM";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) int result = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) struct ima_template_entry *entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) struct ima_event_data event_data = { .iint = iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) .file = file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) .filename = filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) .xattr_value = xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) .xattr_len = xattr_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) .modsig = modsig };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) int violation = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) * We still need to store the measurement in the case of MODSIG because
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) * we only have its contents to put in the list at the time of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) * appraisal, but a file measurement from earlier might already exist in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) * the measurement list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) if (iint->measured_pcrs & (0x1 << pcr) && !modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) result = ima_alloc_init_template(&event_data, &entry, template_desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) if (result < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) op, audit_cause, result, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) result = ima_store_template(entry, violation, inode, filename, pcr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) if ((!result || result == -EEXIST) && !(file->f_flags & O_DIRECT)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) iint->flags |= IMA_MEASURED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) iint->measured_pcrs |= (0x1 << pcr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) if (result < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) ima_free_template_entry(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) void ima_audit_measurement(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) const unsigned char *filename)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) char *hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) const char *algo_name = hash_algo_name[iint->ima_hash->algo];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) if (iint->flags & IMA_AUDITED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) hash = kzalloc((iint->ima_hash->length * 2) + 1, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) if (!hash)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) for (i = 0; i < iint->ima_hash->length; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) hash[i * 2] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) ab = audit_log_start(audit_context(), GFP_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) AUDIT_INTEGRITY_RULE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) if (!ab)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) audit_log_format(ab, "file=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) audit_log_untrustedstring(ab, filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) audit_log_format(ab, " hash=\"%s:%s\"", algo_name, hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) audit_log_task_info(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) iint->flags |= IMA_AUDITED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) kfree(hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) * ima_d_path - return a pointer to the full pathname
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) * Attempt to return a pointer to the full pathname for use in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) * IMA measurement list, IMA audit records, and auditing logs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) * On failure, return a pointer to a copy of the filename, not dname.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) * Returning a pointer to dname, could result in using the pointer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) * after the memory has been freed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) char *pathname = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) *pathbuf = __getname();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) if (*pathbuf) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) if (IS_ERR(pathname)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) __putname(*pathbuf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) *pathbuf = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) pathname = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) if (!pathname) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) pathname = namebuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) return pathname;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags