]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - security/integrity/ima/ima_api.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ima: pass the file descriptor to ima_add_violation()
[mirror_ubuntu-bionic-kernel.git] / security / integrity / ima / ima_api.c
1 /*
2 * Copyright (C) 2008 IBM Corporation
3 *
4 * Author: Mimi Zohar <zohar@us.ibm.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation, version 2 of the
9 * License.
10 *
11 * File: ima_api.c
12 * Implements must_appraise_or_measure, collect_measurement,
13 * appraise_measurement, store_measurement and store_template.
14 */
15 #include <linux/module.h>
16 #include <linux/slab.h>
17 #include <linux/file.h>
18 #include <linux/fs.h>
19 #include <linux/xattr.h>
20 #include <linux/evm.h>
21 #include <crypto/hash_info.h>
22 #include "ima.h"
23
24 static const char *IMA_TEMPLATE_NAME = "ima";
25
26 /*
27 * ima_store_template - store ima template measurements
28 *
29 * Calculate the hash of a template entry, add the template entry
30 * to an ordered list of measurement entries maintained inside the kernel,
31 * and also update the aggregate integrity value (maintained inside the
32 * configured TPM PCR) over the hashes of the current list of measurement
33 * entries.
34 *
35 * Applications retrieve the current kernel-held measurement list through
36 * the securityfs entries in /sys/kernel/security/ima. The signed aggregate
37 * TPM PCR (called quote) can be retrieved using a TPM user space library
38 * and is used to validate the measurement list.
39 *
40 * Returns 0 on success, error code otherwise
41 */
42 int ima_store_template(struct ima_template_entry *entry,
43 int violation, struct inode *inode)
44 {
45 const char *op = "add_template_measure";
46 const char *audit_cause = "hashing_error";
47 int result;
48 struct {
49 struct ima_digest_data hdr;
50 char digest[TPM_DIGEST_SIZE];
51 } hash;
52
53 memset(entry->digest, 0, sizeof(entry->digest));
54 entry->template_name = IMA_TEMPLATE_NAME;
55 entry->template_len = sizeof(entry->template);
56
57 if (!violation) {
58 /* this function uses default algo */
59 hash.hdr.algo = HASH_ALGO_SHA1;
60 result = ima_calc_buffer_hash(&entry->template,
61 entry->template_len, &hash.hdr);
62 if (result < 0) {
63 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
64 entry->template_name, op,
65 audit_cause, result, 0);
66 return result;
67 }
68 memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
69 }
70 result = ima_add_template_entry(entry, violation, op, inode);
71 return result;
72 }
73
74 /*
75 * ima_add_violation - add violation to measurement list.
76 *
77 * Violations are flagged in the measurement list with zero hash values.
78 * By extending the PCR with 0xFF's instead of with zeroes, the PCR
79 * value is invalidated.
80 */
81 void ima_add_violation(struct file *file, const unsigned char *filename,
82 const char *op, const char *cause)
83 {
84 struct ima_template_entry *entry;
85 struct inode *inode = file->f_dentry->d_inode;
86 int violation = 1;
87 int result;
88
89 /* can overflow, only indicator */
90 atomic_long_inc(&ima_htable.violations);
91
92 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
93 if (!entry) {
94 result = -ENOMEM;
95 goto err_out;
96 }
97 memset(&entry->template, 0, sizeof(entry->template));
98 strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
99 result = ima_store_template(entry, violation, inode);
100 if (result < 0)
101 kfree(entry);
102 err_out:
103 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
104 op, cause, result, 0);
105 }
106
107 /**
108 * ima_get_action - appraise & measure decision based on policy.
109 * @inode: pointer to inode to measure
110 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
111 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
112 *
113 * The policy is defined in terms of keypairs:
114 * subj=, obj=, type=, func=, mask=, fsmagic=
115 * subj,obj, and type: are LSM specific.
116 * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK
117 * mask: contains the permission mask
118 * fsmagic: hex value
119 *
120 * Returns IMA_MEASURE, IMA_APPRAISE mask.
121 *
122 */
123 int ima_get_action(struct inode *inode, int mask, int function)
124 {
125 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;
126
127 if (!ima_appraise)
128 flags &= ~IMA_APPRAISE;
129
130 return ima_match_policy(inode, function, mask, flags);
131 }
132
133 int ima_must_measure(struct inode *inode, int mask, int function)
134 {
135 return ima_match_policy(inode, function, mask, IMA_MEASURE);
136 }
137
138 /*
139 * ima_collect_measurement - collect file measurement
140 *
141 * Calculate the file hash, if it doesn't already exist,
142 * storing the measurement and i_version in the iint.
143 *
144 * Must be called with iint->mutex held.
145 *
146 * Return 0 on success, error code otherwise
147 */
148 int ima_collect_measurement(struct integrity_iint_cache *iint,
149 struct file *file,
150 struct evm_ima_xattr_data **xattr_value,
151 int *xattr_len)
152 {
153 struct inode *inode = file_inode(file);
154 const char *filename = file->f_dentry->d_name.name;
155 int result = 0;
156 struct {
157 struct ima_digest_data hdr;
158 char digest[IMA_MAX_DIGEST_SIZE];
159 } hash;
160
161 if (xattr_value)
162 *xattr_len = ima_read_xattr(file->f_dentry, xattr_value);
163
164 if (!(iint->flags & IMA_COLLECTED)) {
165 u64 i_version = file_inode(file)->i_version;
166
167 /* use default hash algorithm */
168 hash.hdr.algo = ima_hash_algo;
169
170 if (xattr_value)
171 ima_get_hash_algo(*xattr_value, *xattr_len, &hash.hdr);
172
173 result = ima_calc_file_hash(file, &hash.hdr);
174 if (!result) {
175 int length = sizeof(hash.hdr) + hash.hdr.length;
176 void *tmpbuf = krealloc(iint->ima_hash, length,
177 GFP_NOFS);
178 if (tmpbuf) {
179 iint->ima_hash = tmpbuf;
180 memcpy(iint->ima_hash, &hash, length);
181 iint->version = i_version;
182 iint->flags |= IMA_COLLECTED;
183 } else
184 result = -ENOMEM;
185 }
186 }
187 if (result)
188 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
189 filename, "collect_data", "failed",
190 result, 0);
191 return result;
192 }
193
194 /*
195 * ima_store_measurement - store file measurement
196 *
197 * Create an "ima" template and then store the template by calling
198 * ima_store_template.
199 *
200 * We only get here if the inode has not already been measured,
201 * but the measurement could already exist:
202 * - multiple copies of the same file on either the same or
203 * different filesystems.
204 * - the inode was previously flushed as well as the iint info,
205 * containing the hashing info.
206 *
207 * Must be called with iint->mutex held.
208 */
209 void ima_store_measurement(struct integrity_iint_cache *iint,
210 struct file *file, const unsigned char *filename)
211 {
212 const char *op = "add_template_measure";
213 const char *audit_cause = "ENOMEM";
214 int result = -ENOMEM;
215 struct inode *inode = file_inode(file);
216 struct ima_template_entry *entry;
217 int violation = 0;
218
219 if (iint->flags & IMA_MEASURED)
220 return;
221
222 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
223 if (!entry) {
224 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
225 op, audit_cause, result, 0);
226 return;
227 }
228 memset(&entry->template, 0, sizeof(entry->template));
229 if (iint->ima_hash->algo != ima_hash_algo) {
230 struct {
231 struct ima_digest_data hdr;
232 char digest[IMA_MAX_DIGEST_SIZE];
233 } hash;
234
235 hash.hdr.algo = ima_hash_algo;
236 result = ima_calc_file_hash(file, &hash.hdr);
237 if (result)
238 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
239 filename, "collect_data", "failed",
240 result, 0);
241 else
242 memcpy(entry->template.digest, hash.hdr.digest,
243 hash.hdr.length);
244 } else
245 memcpy(entry->template.digest, iint->ima_hash->digest,
246 iint->ima_hash->length);
247 strcpy(entry->template.file_name,
248 (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ?
249 file->f_dentry->d_name.name : filename);
250
251 result = ima_store_template(entry, violation, inode);
252 if (!result || result == -EEXIST)
253 iint->flags |= IMA_MEASURED;
254 if (result < 0)
255 kfree(entry);
256 }
257
258 void ima_audit_measurement(struct integrity_iint_cache *iint,
259 const unsigned char *filename)
260 {
261 struct audit_buffer *ab;
262 char hash[(iint->ima_hash->length * 2) + 1];
263 int i;
264
265 if (iint->flags & IMA_AUDITED)
266 return;
267
268 for (i = 0; i < iint->ima_hash->length; i++)
269 hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
270 hash[i * 2] = '\0';
271
272 ab = audit_log_start(current->audit_context, GFP_KERNEL,
273 AUDIT_INTEGRITY_RULE);
274 if (!ab)
275 return;
276
277 audit_log_format(ab, "file=");
278 audit_log_untrustedstring(ab, filename);
279 audit_log_format(ab, " hash=");
280 audit_log_untrustedstring(ab, hash);
281
282 audit_log_task_info(ab, current);
283 audit_log_end(ab);
284
285 iint->flags |= IMA_AUDITED;
286 }
287
288 const char *ima_d_path(struct path *path, char **pathbuf)
289 {
290 char *pathname = NULL;
291
292 /* We will allow 11 spaces for ' (deleted)' to be appended */
293 *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
294 if (*pathbuf) {
295 pathname = d_path(path, *pathbuf, PATH_MAX + 11);
296 if (IS_ERR(pathname)) {
297 kfree(*pathbuf);
298 *pathbuf = NULL;
299 pathname = NULL;
300 }
301 }
302 return pathname;
303 }
ubuntu-bionic-kernel mirror