integrity: use kernel_read_file_from_path() to read x509 certs

The CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 options permit
loading x509 signed certificates onto the trusted keyrings without
verifying the x509 certificate file's signature.

This patch replaces the call to the integrity_read_file() specific
function with the common kernel_read_file_from_path() function.
To avoid verifying the file signature, this patch defines
READING_X509_CERTFICATE.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 339e73742e736cfcccdfedf323e6ab8bc651138b..456325084f1d35997d7974a0f91118a1c6d092d2 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2792,6 +2792,7 @@ extern int do_pipe_flags(int *, int);
        id(KEXEC_IMAGE, kexec-image)            \
        id(KEXEC_INITRAMFS, kexec-initramfs)    \
        id(POLICY, security-policy)             \
+       id(X509_CERTIFICATE, x509-certificate)  \
        id(MAX_ID, )
 
 #define __fid_enumify(ENUM, dummy) READING_ ## ENUM,

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 06554c448dce886d3bd7a01a745a78ab5fd734e8..6f9e4ce568cd87fd8b529a2e8c08c615c6f790a5 100644 (file)
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -112,21 +112,25 @@ int __init integrity_init_keyring(const unsigned int id)
 int __init integrity_load_x509(const unsigned int id, const char *path)
 {
        key_ref_t key;
-       char *data;
+       void *data;
+       loff_t size;
        int rc;
 
        if (!keyring[id])
                return -EINVAL;
 
-       rc = integrity_read_file(path, &data);
-       if (rc < 0)
+       rc = kernel_read_file_from_path(path, &data, &size, 0,
+                                       READING_X509_CERTIFICATE);
+       if (rc < 0) {
+               pr_err("Unable to open file: %s (%d)", path, rc);
                return rc;
+       }
 
        key = key_create_or_update(make_key_ref(keyring[id], 1),
                                   "asymmetric",
                                   NULL,
                                   data,
-                                  rc,
+                                  size,
                                   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
                                    KEY_USR_VIEW | KEY_USR_READ),
                                   KEY_ALLOC_NOT_IN_QUOTA);
@@ -139,6 +143,6 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
                          key_ref_to_ptr(key)->description, path);
                key_ref_put(key);
        }
-       kfree(data);
+       vfree(data);
        return 0;
 }

diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index 6fc888ca468e4f9cdd8938e535ebd4e2dbbe2044..c84e05866052a068e99b4f30236764e531c38896 100644 (file)
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -199,55 +199,6 @@ int integrity_kernel_read(struct file *file, loff_t offset,
        return ret;
 }
 
-/*
- * integrity_read_file - read entire file content into the buffer
- *
- * This is function opens a file, allocates the buffer of required
- * size, read entire file content to the buffer and closes the file
- *
- * It is used only by init code.
- *
- */
-int __init integrity_read_file(const char *path, char **data)
-{
-       struct file *file;
-       loff_t size;
-       char *buf;
-       int rc = -EINVAL;
-
-       if (!path || !*path)
-               return -EINVAL;
-
-       file = filp_open(path, O_RDONLY, 0);
-       if (IS_ERR(file)) {
-               rc = PTR_ERR(file);
-               pr_err("Unable to open file: %s (%d)", path, rc);
-               return rc;
-       }
-
-       size = i_size_read(file_inode(file));
-       if (size <= 0)
-               goto out;
-
-       buf = kmalloc(size, GFP_KERNEL);
-       if (!buf) {
-               rc = -ENOMEM;
-               goto out;
-       }
-
-       rc = integrity_kernel_read(file, 0, buf, size);
-       if (rc == size) {
-               *data = buf;
-       } else {
-               kfree(buf);
-               if (rc >= 0)
-                       rc = -EIO;
-       }
-out:
-       fput(file);
-       return rc;
-}
-
 /*
  * integrity_load_keys - load integrity keys hook
  *

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 12738c8f39c25e9fefc12d14fc3949471ac4e1db..d47f92e97f80016f11eeb2e17bcf5aebd091464e 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -405,6 +405,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
        if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
                return 0;
 
+       /* permit signed certs */
+       if (!file && read_id == READING_X509_CERTIFICATE)
+               return 0;
+
        if (!file || !buf || size == 0) { /* should never happen */
                if (ima_appraise & IMA_APPRAISE_ENFORCE)
                        return -EACCES;

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index a53e7e4ab06c74d4ca4c85836f1e0d2e809433a6..e1bf040fb110959bcc53a2be840ffd32a31d8c3d 100644 (file)
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -120,8 +120,6 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
 int integrity_kernel_read(struct file *file, loff_t offset,
                          void *addr, unsigned long count);
 
-int __init integrity_read_file(const char *path, char **data);
-
 #define INTEGRITY_KEYRING_EVM          0
 #define INTEGRITY_KEYRING_IMA          1
 #define INTEGRITY_KEYRING_MODULE       2