Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
2fe5d6de MZ |
2 | /* |
3 | * Copyright (C) 2011 IBM Corporation | |
4 | * | |
5 | * Author: | |
6 | * Mimi Zohar <zohar@us.ibm.com> | |
2fe5d6de | 7 | */ |
b000d5cb | 8 | #include <linux/module.h> |
876979c9 | 9 | #include <linux/init.h> |
2fe5d6de MZ |
10 | #include <linux/file.h> |
11 | #include <linux/fs.h> | |
12 | #include <linux/xattr.h> | |
13 | #include <linux/magic.h> | |
14 | #include <linux/ima.h> | |
15 | #include <linux/evm.h> | |
273df864 | 16 | #include <keys/system_keyring.h> |
2fe5d6de MZ |
17 | |
18 | #include "ima.h" | |
19 | ||
e1f5e01f | 20 | #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM |
b000d5cb AB |
21 | static char *ima_appraise_cmdline_default __initdata; |
22 | core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0); | |
23 | ||
24 | void __init ima_appraise_parse_cmdline(void) | |
25 | { | |
26 | const char *str = ima_appraise_cmdline_default; | |
e4d7e2df BM |
27 | bool sb_state = arch_ima_get_secureboot(); |
28 | int appraisal_state = ima_appraise; | |
311aa6aa | 29 | |
b000d5cb AB |
30 | if (!str) |
31 | return; | |
32 | ||
2fe5d6de | 33 | if (strncmp(str, "off", 3) == 0) |
e4d7e2df | 34 | appraisal_state = 0; |
2faa6ef3 | 35 | else if (strncmp(str, "log", 3) == 0) |
e4d7e2df | 36 | appraisal_state = IMA_APPRAISE_LOG; |
2fe5d6de | 37 | else if (strncmp(str, "fix", 3) == 0) |
e4d7e2df | 38 | appraisal_state = IMA_APPRAISE_FIX; |
4afb28ab | 39 | else if (strncmp(str, "enforce", 7) == 0) |
e4d7e2df | 40 | appraisal_state = IMA_APPRAISE_ENFORCE; |
7fe2bb7e BM |
41 | else |
42 | pr_err("invalid \"%s\" appraise option", str); | |
e4d7e2df BM |
43 | |
44 | /* If appraisal state was changed, but secure boot is enabled, | |
45 | * keep its default */ | |
46 | if (sb_state) { | |
47 | if (!(appraisal_state & IMA_APPRAISE_ENFORCE)) | |
48 | pr_info("Secure boot enabled: ignoring ima_appraise=%s option", | |
49 | str); | |
50 | } else { | |
51 | ima_appraise = appraisal_state; | |
52 | } | |
2fe5d6de | 53 | } |
b000d5cb | 54 | #endif |
2fe5d6de | 55 | |
6f6723e2 MZ |
56 | /* |
57 | * is_ima_appraise_enabled - return appraise status | |
58 | * | |
59 | * Only return enabled, if not in ima_appraise="fix" or "log" modes. | |
60 | */ | |
61 | bool is_ima_appraise_enabled(void) | |
62 | { | |
e5729f86 | 63 | return ima_appraise & IMA_APPRAISE_ENFORCE; |
6f6723e2 MZ |
64 | } |
65 | ||
2fe5d6de MZ |
66 | /* |
67 | * ima_must_appraise - set appraise flag | |
68 | * | |
da1b0029 | 69 | * Return 1 to appraise or hash |
2fe5d6de | 70 | */ |
d26e1936 | 71 | int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) |
2fe5d6de | 72 | { |
d906c10d MG |
73 | u32 secid; |
74 | ||
07f6a794 MZ |
75 | if (!ima_appraise) |
76 | return 0; | |
77 | ||
d906c10d MG |
78 | security_task_getsecid(current, &secid); |
79 | return ima_match_policy(inode, current_cred(), secid, func, mask, | |
e9085e0a | 80 | IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); |
2fe5d6de MZ |
81 | } |
82 | ||
def3e8b9 | 83 | static int ima_fix_xattr(struct dentry *dentry, |
c7c8bb23 | 84 | struct integrity_iint_cache *iint) |
2fe5d6de | 85 | { |
3ea7a560 DK |
86 | int rc, offset; |
87 | u8 algo = iint->ima_hash->algo; | |
88 | ||
89 | if (algo <= HASH_ALGO_SHA1) { | |
90 | offset = 1; | |
91 | iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST; | |
92 | } else { | |
93 | offset = 0; | |
94 | iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG; | |
95 | iint->ima_hash->xattr.ng.algo = algo; | |
96 | } | |
c7c7a1a1 | 97 | rc = __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_IMA, |
3ea7a560 DK |
98 | &iint->ima_hash->xattr.data[offset], |
99 | (sizeof(iint->ima_hash->xattr) - offset) + | |
100 | iint->ima_hash->length, 0); | |
101 | return rc; | |
2fe5d6de MZ |
102 | } |
103 | ||
d79d72e0 MZ |
104 | /* Return specific func appraised cached result */ |
105 | enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, | |
4ad87a3d | 106 | enum ima_hooks func) |
d79d72e0 | 107 | { |
089bc8e9 | 108 | switch (func) { |
d79d72e0 MZ |
109 | case MMAP_CHECK: |
110 | return iint->ima_mmap_status; | |
111 | case BPRM_CHECK: | |
112 | return iint->ima_bprm_status; | |
d906c10d MG |
113 | case CREDS_CHECK: |
114 | return iint->ima_creds_status; | |
d79d72e0 | 115 | case FILE_CHECK: |
c6af8efe | 116 | case POST_SETATTR: |
d79d72e0 | 117 | return iint->ima_file_status; |
c6af8efe MZ |
118 | case MODULE_CHECK ... MAX_CHECK - 1: |
119 | default: | |
120 | return iint->ima_read_status; | |
d79d72e0 MZ |
121 | } |
122 | } | |
123 | ||
124 | static void ima_set_cache_status(struct integrity_iint_cache *iint, | |
4ad87a3d MZ |
125 | enum ima_hooks func, |
126 | enum integrity_status status) | |
d79d72e0 | 127 | { |
089bc8e9 | 128 | switch (func) { |
d79d72e0 MZ |
129 | case MMAP_CHECK: |
130 | iint->ima_mmap_status = status; | |
131 | break; | |
132 | case BPRM_CHECK: | |
133 | iint->ima_bprm_status = status; | |
134 | break; | |
d906c10d MG |
135 | case CREDS_CHECK: |
136 | iint->ima_creds_status = status; | |
09186e50 | 137 | break; |
d79d72e0 | 138 | case FILE_CHECK: |
c6af8efe | 139 | case POST_SETATTR: |
d79d72e0 | 140 | iint->ima_file_status = status; |
c6af8efe MZ |
141 | break; |
142 | case MODULE_CHECK ... MAX_CHECK - 1: | |
143 | default: | |
144 | iint->ima_read_status = status; | |
145 | break; | |
d79d72e0 MZ |
146 | } |
147 | } | |
148 | ||
4ad87a3d MZ |
149 | static void ima_cache_flags(struct integrity_iint_cache *iint, |
150 | enum ima_hooks func) | |
d79d72e0 | 151 | { |
089bc8e9 | 152 | switch (func) { |
d79d72e0 MZ |
153 | case MMAP_CHECK: |
154 | iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); | |
155 | break; | |
156 | case BPRM_CHECK: | |
157 | iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); | |
158 | break; | |
d906c10d MG |
159 | case CREDS_CHECK: |
160 | iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED); | |
161 | break; | |
d79d72e0 | 162 | case FILE_CHECK: |
c6af8efe | 163 | case POST_SETATTR: |
d79d72e0 | 164 | iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); |
c6af8efe MZ |
165 | break; |
166 | case MODULE_CHECK ... MAX_CHECK - 1: | |
167 | default: | |
168 | iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); | |
169 | break; | |
d79d72e0 MZ |
170 | } |
171 | } | |
172 | ||
1525b06d DK |
173 | enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, |
174 | int xattr_len) | |
d3634d0f DK |
175 | { |
176 | struct signature_v2_hdr *sig; | |
b4bfec7f | 177 | enum hash_algo ret; |
d3634d0f | 178 | |
3ea7a560 | 179 | if (!xattr_value || xattr_len < 2) |
1525b06d DK |
180 | /* return default hash algo */ |
181 | return ima_hash_algo; | |
d3634d0f | 182 | |
3ea7a560 DK |
183 | switch (xattr_value->type) { |
184 | case EVM_IMA_XATTR_DIGSIG: | |
185 | sig = (typeof(sig))xattr_value; | |
186 | if (sig->version != 2 || xattr_len <= sizeof(*sig)) | |
1525b06d DK |
187 | return ima_hash_algo; |
188 | return sig->hash_algo; | |
3ea7a560 DK |
189 | break; |
190 | case IMA_XATTR_DIGEST_NG: | |
650b29db TJB |
191 | /* first byte contains algorithm id */ |
192 | ret = xattr_value->data[0]; | |
b4bfec7f SF |
193 | if (ret < HASH_ALGO__LAST) |
194 | return ret; | |
3ea7a560 DK |
195 | break; |
196 | case IMA_XATTR_DIGEST: | |
197 | /* this is for backward compatibility */ | |
198 | if (xattr_len == 21) { | |
199 | unsigned int zero = 0; | |
650b29db | 200 | if (!memcmp(&xattr_value->data[16], &zero, 4)) |
1525b06d | 201 | return HASH_ALGO_MD5; |
3ea7a560 | 202 | else |
1525b06d | 203 | return HASH_ALGO_SHA1; |
3ea7a560 | 204 | } else if (xattr_len == 17) |
1525b06d | 205 | return HASH_ALGO_MD5; |
3ea7a560 DK |
206 | break; |
207 | } | |
1525b06d DK |
208 | |
209 | /* return default hash algo */ | |
210 | return ima_hash_algo; | |
d3634d0f DK |
211 | } |
212 | ||
213 | int ima_read_xattr(struct dentry *dentry, | |
214 | struct evm_ima_xattr_data **xattr_value) | |
215 | { | |
5d6c3191 | 216 | ssize_t ret; |
d3634d0f | 217 | |
c7c7a1a1 TA |
218 | ret = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_IMA, |
219 | (char **)xattr_value, 0, GFP_NOFS); | |
5d6c3191 AG |
220 | if (ret == -EOPNOTSUPP) |
221 | ret = 0; | |
222 | return ret; | |
d3634d0f DK |
223 | } |
224 | ||
a5fbeb61 TJB |
225 | /* |
226 | * xattr_verify - verify xattr digest or signature | |
227 | * | |
228 | * Verify whether the hash or signature matches the file contents. | |
229 | * | |
230 | * Return 0 on success, error code otherwise. | |
231 | */ | |
232 | static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, | |
233 | struct evm_ima_xattr_data *xattr_value, int xattr_len, | |
234 | enum integrity_status *status, const char **cause) | |
235 | { | |
236 | int rc = -EINVAL, hash_start = 0; | |
237 | ||
238 | switch (xattr_value->type) { | |
239 | case IMA_XATTR_DIGEST_NG: | |
240 | /* first byte contains algorithm id */ | |
241 | hash_start = 1; | |
df561f66 | 242 | fallthrough; |
a5fbeb61 TJB |
243 | case IMA_XATTR_DIGEST: |
244 | if (iint->flags & IMA_DIGSIG_REQUIRED) { | |
245 | *cause = "IMA-signature-required"; | |
246 | *status = INTEGRITY_FAIL; | |
247 | break; | |
248 | } | |
249 | clear_bit(IMA_DIGSIG, &iint->atomic_flags); | |
250 | if (xattr_len - sizeof(xattr_value->type) - hash_start >= | |
251 | iint->ima_hash->length) | |
252 | /* | |
253 | * xattr length may be longer. md5 hash in previous | |
254 | * version occupied 20 bytes in xattr, instead of 16 | |
255 | */ | |
256 | rc = memcmp(&xattr_value->data[hash_start], | |
257 | iint->ima_hash->digest, | |
258 | iint->ima_hash->length); | |
259 | else | |
260 | rc = -EINVAL; | |
261 | if (rc) { | |
262 | *cause = "invalid-hash"; | |
263 | *status = INTEGRITY_FAIL; | |
264 | break; | |
265 | } | |
266 | *status = INTEGRITY_PASS; | |
267 | break; | |
268 | case EVM_IMA_XATTR_DIGSIG: | |
269 | set_bit(IMA_DIGSIG, &iint->atomic_flags); | |
270 | rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, | |
271 | (const char *)xattr_value, | |
272 | xattr_len, | |
273 | iint->ima_hash->digest, | |
274 | iint->ima_hash->length); | |
275 | if (rc == -EOPNOTSUPP) { | |
276 | *status = INTEGRITY_UNKNOWN; | |
277 | break; | |
278 | } | |
279 | if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc && | |
280 | func == KEXEC_KERNEL_CHECK) | |
281 | rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM, | |
282 | (const char *)xattr_value, | |
283 | xattr_len, | |
284 | iint->ima_hash->digest, | |
285 | iint->ima_hash->length); | |
286 | if (rc) { | |
287 | *cause = "invalid-signature"; | |
288 | *status = INTEGRITY_FAIL; | |
289 | } else { | |
290 | *status = INTEGRITY_PASS; | |
291 | } | |
292 | break; | |
293 | default: | |
294 | *status = INTEGRITY_UNKNOWN; | |
295 | *cause = "unknown-ima-data"; | |
296 | break; | |
297 | } | |
298 | ||
299 | return rc; | |
300 | } | |
301 | ||
39b07096 TJB |
302 | /* |
303 | * modsig_verify - verify modsig signature | |
304 | * | |
305 | * Verify whether the signature matches the file contents. | |
306 | * | |
307 | * Return 0 on success, error code otherwise. | |
308 | */ | |
309 | static int modsig_verify(enum ima_hooks func, const struct modsig *modsig, | |
310 | enum integrity_status *status, const char **cause) | |
311 | { | |
312 | int rc; | |
313 | ||
314 | rc = integrity_modsig_verify(INTEGRITY_KEYRING_IMA, modsig); | |
315 | if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc && | |
316 | func == KEXEC_KERNEL_CHECK) | |
317 | rc = integrity_modsig_verify(INTEGRITY_KEYRING_PLATFORM, | |
318 | modsig); | |
319 | if (rc) { | |
320 | *cause = "invalid-signature"; | |
321 | *status = INTEGRITY_FAIL; | |
322 | } else { | |
323 | *status = INTEGRITY_PASS; | |
324 | } | |
325 | ||
326 | return rc; | |
327 | } | |
328 | ||
273df864 NJ |
329 | /* |
330 | * ima_check_blacklist - determine if the binary is blacklisted. | |
331 | * | |
332 | * Add the hash of the blacklisted binary to the measurement list, based | |
333 | * on policy. | |
334 | * | |
335 | * Returns -EPERM if the hash is blacklisted. | |
336 | */ | |
337 | int ima_check_blacklist(struct integrity_iint_cache *iint, | |
338 | const struct modsig *modsig, int pcr) | |
339 | { | |
340 | enum hash_algo hash_algo; | |
341 | const u8 *digest = NULL; | |
342 | u32 digestsize = 0; | |
343 | int rc = 0; | |
344 | ||
345 | if (!(iint->flags & IMA_CHECK_BLACKLIST)) | |
346 | return 0; | |
347 | ||
348 | if (iint->flags & IMA_MODSIG_ALLOWED && modsig) { | |
349 | ima_get_modsig_digest(modsig, &hash_algo, &digest, &digestsize); | |
350 | ||
351 | rc = is_binary_blacklisted(digest, digestsize); | |
352 | if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) | |
4834177e | 353 | process_buffer_measurement(NULL, digest, digestsize, |
273df864 | 354 | "blacklisted-hash", NONE, |
e9085e0a | 355 | pcr, NULL); |
273df864 NJ |
356 | } |
357 | ||
358 | return rc; | |
359 | } | |
360 | ||
2fe5d6de MZ |
361 | /* |
362 | * ima_appraise_measurement - appraise file measurement | |
363 | * | |
364 | * Call evm_verifyxattr() to verify the integrity of 'security.ima'. | |
365 | * Assuming success, compare the xattr hash with the collected measurement. | |
366 | * | |
367 | * Return 0 on success, error code otherwise | |
368 | */ | |
4ad87a3d MZ |
369 | int ima_appraise_measurement(enum ima_hooks func, |
370 | struct integrity_iint_cache *iint, | |
d3634d0f DK |
371 | struct file *file, const unsigned char *filename, |
372 | struct evm_ima_xattr_data *xattr_value, | |
39b07096 | 373 | int xattr_len, const struct modsig *modsig) |
2fe5d6de | 374 | { |
52a13284 | 375 | static const char op[] = "appraise_data"; |
f5e51fa3 | 376 | const char *cause = "unknown"; |
e71b9dff | 377 | struct dentry *dentry = file_dentry(file); |
c6f493d6 | 378 | struct inode *inode = d_backing_inode(dentry); |
2fe5d6de | 379 | enum integrity_status status = INTEGRITY_UNKNOWN; |
a5fbeb61 | 380 | int rc = xattr_len; |
39b07096 | 381 | bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; |
2fe5d6de | 382 | |
39b07096 TJB |
383 | /* If not appraising a modsig, we need an xattr. */ |
384 | if (!(inode->i_opflags & IOP_XATTR) && !try_modsig) | |
2fe5d6de MZ |
385 | return INTEGRITY_UNKNOWN; |
386 | ||
39b07096 TJB |
387 | /* If reading the xattr failed and there's no modsig, error out. */ |
388 | if (rc <= 0 && !try_modsig) { | |
2fe5d6de MZ |
389 | if (rc && rc != -ENODATA) |
390 | goto out; | |
391 | ||
915d9d25 TJB |
392 | cause = iint->flags & IMA_DIGSIG_REQUIRED ? |
393 | "IMA-signature-required" : "missing-hash"; | |
b151d6b0 | 394 | status = INTEGRITY_NOLABEL; |
6035a27b | 395 | if (file->f_mode & FMODE_CREATED) |
b151d6b0 | 396 | iint->flags |= IMA_NEW_FILE; |
1ac202e9 | 397 | if ((iint->flags & IMA_NEW_FILE) && |
b7e27bc1 MZ |
398 | (!(iint->flags & IMA_DIGSIG_REQUIRED) || |
399 | (inode->i_size == 0))) | |
b151d6b0 | 400 | status = INTEGRITY_PASS; |
2fe5d6de MZ |
401 | goto out; |
402 | } | |
403 | ||
8606404f | 404 | status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); |
f5e51fa3 TJB |
405 | switch (status) { |
406 | case INTEGRITY_PASS: | |
407 | case INTEGRITY_PASS_IMMUTABLE: | |
408 | case INTEGRITY_UNKNOWN: | |
409 | break; | |
410 | case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */ | |
39b07096 TJB |
411 | /* It's fine not to have xattrs when using a modsig. */ |
412 | if (try_modsig) | |
413 | break; | |
df561f66 | 414 | fallthrough; |
f5e51fa3 TJB |
415 | case INTEGRITY_NOLABEL: /* No security.evm xattr. */ |
416 | cause = "missing-HMAC"; | |
417 | goto out; | |
418 | case INTEGRITY_FAIL: /* Invalid HMAC/signature. */ | |
419 | cause = "invalid-HMAC"; | |
2fe5d6de | 420 | goto out; |
f5e51fa3 TJB |
421 | default: |
422 | WARN_ONCE(true, "Unexpected integrity status %d\n", status); | |
2fe5d6de | 423 | } |
f5e51fa3 | 424 | |
a5fbeb61 TJB |
425 | if (xattr_value) |
426 | rc = xattr_verify(func, iint, xattr_value, xattr_len, &status, | |
427 | &cause); | |
8606404f | 428 | |
39b07096 TJB |
429 | /* |
430 | * If we have a modsig and either no imasig or the imasig's key isn't | |
431 | * known, then try verifying the modsig. | |
432 | */ | |
433 | if (try_modsig && | |
434 | (!xattr_value || xattr_value->type == IMA_XATTR_DIGEST_NG || | |
435 | rc == -ENOKEY)) | |
436 | rc = modsig_verify(func, modsig, &status, &cause); | |
437 | ||
2fe5d6de | 438 | out: |
57b56ac6 MZ |
439 | /* |
440 | * File signatures on some filesystems can not be properly verified. | |
9e67028e MZ |
441 | * When such filesystems are mounted by an untrusted mounter or on a |
442 | * system not willing to accept such a risk, fail the file signature | |
443 | * verification. | |
57b56ac6 | 444 | */ |
9e67028e MZ |
445 | if ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) && |
446 | ((inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) || | |
447 | (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) { | |
57b56ac6 MZ |
448 | status = INTEGRITY_FAIL; |
449 | cause = "unverifiable-signature"; | |
450 | integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, | |
451 | op, cause, rc, 0); | |
452 | } else if (status != INTEGRITY_PASS) { | |
f5e51fa3 | 453 | /* Fix mode, but don't replace file signatures. */ |
39b07096 | 454 | if ((ima_appraise & IMA_APPRAISE_FIX) && !try_modsig && |
8606404f DK |
455 | (!xattr_value || |
456 | xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { | |
def3e8b9 DK |
457 | if (!ima_fix_xattr(dentry, iint)) |
458 | status = INTEGRITY_PASS; | |
f5e51fa3 TJB |
459 | } |
460 | ||
461 | /* Permit new files with file signatures, but without data. */ | |
462 | if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE && | |
463 | xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) { | |
05d1a717 | 464 | status = INTEGRITY_PASS; |
2fe5d6de | 465 | } |
f5e51fa3 | 466 | |
2fe5d6de MZ |
467 | integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, |
468 | op, cause, rc, 0); | |
8606404f | 469 | } else { |
d79d72e0 | 470 | ima_cache_flags(iint, func); |
2fe5d6de | 471 | } |
57b56ac6 | 472 | |
d79d72e0 | 473 | ima_set_cache_status(iint, func, status); |
2fe5d6de MZ |
474 | return status; |
475 | } | |
476 | ||
477 | /* | |
478 | * ima_update_xattr - update 'security.ima' hash value | |
479 | */ | |
480 | void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) | |
481 | { | |
e71b9dff | 482 | struct dentry *dentry = file_dentry(file); |
2fe5d6de MZ |
483 | int rc = 0; |
484 | ||
8606404f | 485 | /* do not collect and update hash for digital signatures */ |
0d73a552 | 486 | if (test_bit(IMA_DIGSIG, &iint->atomic_flags)) |
8606404f DK |
487 | return; |
488 | ||
da1b0029 MZ |
489 | if ((iint->ima_file_status != INTEGRITY_PASS) && |
490 | !(iint->flags & IMA_HASH)) | |
020aae3e RS |
491 | return; |
492 | ||
15588227 | 493 | rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL); |
2fe5d6de MZ |
494 | if (rc < 0) |
495 | return; | |
8606404f | 496 | |
0d73a552 | 497 | inode_lock(file_inode(file)); |
2fe5d6de | 498 | ima_fix_xattr(dentry, iint); |
0d73a552 | 499 | inode_unlock(file_inode(file)); |
2fe5d6de MZ |
500 | } |
501 | ||
502 | /** | |
503 | * ima_inode_post_setattr - reflect file metadata changes | |
504 | * @dentry: pointer to the affected dentry | |
505 | * | |
506 | * Changes to a dentry's metadata might result in needing to appraise. | |
507 | * | |
508 | * This function is called from notify_change(), which expects the caller | |
509 | * to lock the inode's i_mutex. | |
510 | */ | |
511 | void ima_inode_post_setattr(struct dentry *dentry) | |
512 | { | |
c6f493d6 | 513 | struct inode *inode = d_backing_inode(dentry); |
2fe5d6de | 514 | struct integrity_iint_cache *iint; |
da1b0029 | 515 | int action; |
2fe5d6de | 516 | |
a756024e | 517 | if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode) |
5d6c3191 | 518 | || !(inode->i_opflags & IOP_XATTR)) |
2fe5d6de MZ |
519 | return; |
520 | ||
da1b0029 MZ |
521 | action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); |
522 | if (!action) | |
c7c7a1a1 | 523 | __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA); |
2fe5d6de MZ |
524 | iint = integrity_iint_find(inode); |
525 | if (iint) { | |
0d73a552 | 526 | set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags); |
da1b0029 | 527 | if (!action) |
0d73a552 | 528 | clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); |
2fe5d6de | 529 | } |
2fe5d6de | 530 | } |
42c63330 MZ |
531 | |
532 | /* | |
533 | * ima_protect_xattr - protect 'security.ima' | |
534 | * | |
535 | * Ensure that not just anyone can modify or remove 'security.ima'. | |
536 | */ | |
537 | static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name, | |
538 | const void *xattr_value, size_t xattr_value_len) | |
539 | { | |
540 | if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) { | |
541 | if (!capable(CAP_SYS_ADMIN)) | |
542 | return -EPERM; | |
543 | return 1; | |
544 | } | |
545 | return 0; | |
546 | } | |
547 | ||
060bdebf | 548 | static void ima_reset_appraise_flags(struct inode *inode, int digsig) |
42c63330 MZ |
549 | { |
550 | struct integrity_iint_cache *iint; | |
551 | ||
a756024e | 552 | if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode)) |
42c63330 MZ |
553 | return; |
554 | ||
555 | iint = integrity_iint_find(inode); | |
556 | if (!iint) | |
557 | return; | |
a422638d | 558 | iint->measured_pcrs = 0; |
0d73a552 | 559 | set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags); |
060bdebf | 560 | if (digsig) |
0d73a552 DK |
561 | set_bit(IMA_DIGSIG, &iint->atomic_flags); |
562 | else | |
563 | clear_bit(IMA_DIGSIG, &iint->atomic_flags); | |
42c63330 MZ |
564 | } |
565 | ||
566 | int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, | |
567 | const void *xattr_value, size_t xattr_value_len) | |
568 | { | |
060bdebf | 569 | const struct evm_ima_xattr_data *xvalue = xattr_value; |
42c63330 MZ |
570 | int result; |
571 | ||
572 | result = ima_protect_xattr(dentry, xattr_name, xattr_value, | |
573 | xattr_value_len); | |
574 | if (result == 1) { | |
a48fda9d DK |
575 | if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) |
576 | return -EINVAL; | |
f5acb3dc | 577 | ima_reset_appraise_flags(d_backing_inode(dentry), |
e5729f86 | 578 | xvalue->type == EVM_IMA_XATTR_DIGSIG); |
42c63330 MZ |
579 | result = 0; |
580 | } | |
581 | return result; | |
582 | } | |
583 | ||
584 | int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) | |
585 | { | |
586 | int result; | |
587 | ||
588 | result = ima_protect_xattr(dentry, xattr_name, NULL, 0); | |
589 | if (result == 1) { | |
c6f493d6 | 590 | ima_reset_appraise_flags(d_backing_inode(dentry), 0); |
42c63330 MZ |
591 | result = 0; |
592 | } | |
593 | return result; | |
594 | } |