Commit | Line | Data |
---|---|---|
3323eec9 MZ |
1 | /* |
2 | * Copyright (C) 2005,2006,2007,2008 IBM Corporation | |
3 | * | |
4 | * Authors: | |
5 | * Reiner Sailer <sailer@watson.ibm.com> | |
6 | * Serge Hallyn <serue@us.ibm.com> | |
7 | * Kylene Hall <kylene@us.ibm.com> | |
8 | * Mimi Zohar <zohar@us.ibm.com> | |
9 | * | |
10 | * This program is free software; you can redistribute it and/or | |
11 | * modify it under the terms of the GNU General Public License as | |
12 | * published by the Free Software Foundation, version 2 of the | |
13 | * License. | |
14 | * | |
15 | * File: ima_main.c | |
e0d5bd2a | 16 | * implements the IMA hooks: ima_bprm_check, ima_file_mmap, |
9bbb6cad | 17 | * and ima_file_check. |
3323eec9 | 18 | */ |
ab60368a PV |
19 | |
20 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
21 | ||
3323eec9 MZ |
22 | #include <linux/module.h> |
23 | #include <linux/file.h> | |
24 | #include <linux/binfmts.h> | |
25 | #include <linux/mount.h> | |
26 | #include <linux/mman.h> | |
5a0e3ad6 | 27 | #include <linux/slab.h> |
2fe5d6de | 28 | #include <linux/xattr.h> |
d5813a57 | 29 | #include <linux/ima.h> |
3b370b21 | 30 | #include <linux/iversion.h> |
d77ccdc6 | 31 | #include <linux/fs.h> |
3323eec9 MZ |
32 | |
33 | #include "ima.h" | |
34 | ||
35 | int ima_initialized; | |
36 | ||
2fe5d6de MZ |
37 | #ifdef CONFIG_IMA_APPRAISE |
38 | int ima_appraise = IMA_APPRAISE_ENFORCE; | |
39 | #else | |
40 | int ima_appraise; | |
41 | #endif | |
42 | ||
c7c8bb23 | 43 | int ima_hash_algo = HASH_ALGO_SHA1; |
e7a2ad7e | 44 | static int hash_setup_done; |
c7c8bb23 | 45 | |
3323eec9 MZ |
46 | static int __init hash_setup(char *str) |
47 | { | |
e7a2ad7e MZ |
48 | struct ima_template_desc *template_desc = ima_template_desc_current(); |
49 | int i; | |
50 | ||
51 | if (hash_setup_done) | |
52 | return 1; | |
53 | ||
54 | if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { | |
55 | if (strncmp(str, "sha1", 4) == 0) | |
56 | ima_hash_algo = HASH_ALGO_SHA1; | |
57 | else if (strncmp(str, "md5", 3) == 0) | |
58 | ima_hash_algo = HASH_ALGO_MD5; | |
ebe7c0a7 BW |
59 | else |
60 | return 1; | |
e7a2ad7e MZ |
61 | goto out; |
62 | } | |
63 | ||
64 | for (i = 0; i < HASH_ALGO__LAST; i++) { | |
65 | if (strcmp(str, hash_algo_name[i]) == 0) { | |
66 | ima_hash_algo = i; | |
67 | break; | |
68 | } | |
69 | } | |
ebe7c0a7 BW |
70 | if (i == HASH_ALGO__LAST) |
71 | return 1; | |
e7a2ad7e MZ |
72 | out: |
73 | hash_setup_done = 1; | |
3323eec9 MZ |
74 | return 1; |
75 | } | |
76 | __setup("ima_hash=", hash_setup); | |
77 | ||
8eb988c7 | 78 | /* |
890275b5 | 79 | * ima_rdwr_violation_check |
8eb988c7 | 80 | * |
890275b5 | 81 | * Only invalidate the PCR for measured files: |
2bb930ab | 82 | * - Opening a file for write when already open for read, |
8eb988c7 MZ |
83 | * results in a time of measure, time of use (ToMToU) error. |
84 | * - Opening a file for read when already open for write, | |
2bb930ab | 85 | * could result in a file measurement error. |
8eb988c7 MZ |
86 | * |
87 | */ | |
f7a859ff RS |
88 | static void ima_rdwr_violation_check(struct file *file, |
89 | struct integrity_iint_cache *iint, | |
1b68bdf9 | 90 | int must_measure, |
f7a859ff | 91 | char **pathbuf, |
4e8581ee RS |
92 | const char **pathname, |
93 | char *filename) | |
8eb988c7 | 94 | { |
c77cecee | 95 | struct inode *inode = file_inode(file); |
8eb988c7 | 96 | fmode_t mode = file->f_mode; |
ad16ad00 | 97 | bool send_tomtou = false, send_writers = false; |
a178d202 | 98 | |
8eb988c7 | 99 | if (mode & FMODE_WRITE) { |
14503eb9 | 100 | if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { |
f7a859ff RS |
101 | if (!iint) |
102 | iint = integrity_iint_find(inode); | |
14503eb9 | 103 | /* IMA_MEASURE is set from reader side */ |
0d73a552 DK |
104 | if (iint && test_bit(IMA_MUST_MEASURE, |
105 | &iint->atomic_flags)) | |
14503eb9 DK |
106 | send_tomtou = true; |
107 | } | |
b882fae2 | 108 | } else { |
0d73a552 DK |
109 | if (must_measure) |
110 | set_bit(IMA_MUST_MEASURE, &iint->atomic_flags); | |
1b68bdf9 | 111 | if ((atomic_read(&inode->i_writecount) > 0) && must_measure) |
b882fae2 | 112 | send_writers = true; |
8eb988c7 | 113 | } |
ad16ad00 | 114 | |
08e1b76a MZ |
115 | if (!send_tomtou && !send_writers) |
116 | return; | |
117 | ||
bc15ed66 | 118 | *pathname = ima_d_path(&file->f_path, pathbuf, filename); |
ea1046d4 | 119 | |
ad16ad00 | 120 | if (send_tomtou) |
8d94eb9b RS |
121 | ima_add_violation(file, *pathname, iint, |
122 | "invalid_pcr", "ToMToU"); | |
ad16ad00 | 123 | if (send_writers) |
8d94eb9b | 124 | ima_add_violation(file, *pathname, iint, |
08e1b76a | 125 | "invalid_pcr", "open_writers"); |
8eb988c7 MZ |
126 | } |
127 | ||
f381c272 | 128 | static void ima_check_last_writer(struct integrity_iint_cache *iint, |
2fe5d6de | 129 | struct inode *inode, struct file *file) |
bc7d2a3e | 130 | { |
4b2a2c67 | 131 | fmode_t mode = file->f_mode; |
0d73a552 | 132 | bool update; |
bc7d2a3e | 133 | |
2fe5d6de MZ |
134 | if (!(mode & FMODE_WRITE)) |
135 | return; | |
136 | ||
0d73a552 | 137 | mutex_lock(&iint->mutex); |
b151d6b0 | 138 | if (atomic_read(&inode->i_writecount) == 1) { |
0d73a552 DK |
139 | update = test_and_clear_bit(IMA_UPDATE_XATTR, |
140 | &iint->atomic_flags); | |
ac0bf025 | 141 | if (!IS_I_VERSION(inode) || |
c472c07b | 142 | !inode_eq_iversion(inode, iint->version) || |
b151d6b0 DK |
143 | (iint->flags & IMA_NEW_FILE)) { |
144 | iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); | |
a422638d | 145 | iint->measured_pcrs = 0; |
0d73a552 | 146 | if (update) |
b151d6b0 DK |
147 | ima_update_xattr(iint, file); |
148 | } | |
2fe5d6de | 149 | } |
0d73a552 | 150 | mutex_unlock(&iint->mutex); |
bc7d2a3e EP |
151 | } |
152 | ||
3323eec9 MZ |
153 | /** |
154 | * ima_file_free - called on __fput() | |
155 | * @file: pointer to file structure being freed | |
156 | * | |
890275b5 | 157 | * Flag files that changed, based on i_version |
3323eec9 MZ |
158 | */ |
159 | void ima_file_free(struct file *file) | |
160 | { | |
496ad9aa | 161 | struct inode *inode = file_inode(file); |
f381c272 | 162 | struct integrity_iint_cache *iint; |
3323eec9 | 163 | |
0f34a006 | 164 | if (!ima_policy_flag || !S_ISREG(inode->i_mode)) |
3323eec9 | 165 | return; |
196f5181 | 166 | |
f381c272 | 167 | iint = integrity_iint_find(inode); |
854fdd55 MZ |
168 | if (!iint) |
169 | return; | |
3323eec9 | 170 | |
854fdd55 | 171 | ima_check_last_writer(iint, inode, file); |
3323eec9 MZ |
172 | } |
173 | ||
d906c10d MG |
174 | static int process_measurement(struct file *file, const struct cred *cred, |
175 | u32 secid, char *buf, loff_t size, int mask, | |
176 | enum ima_hooks func, int opened) | |
3323eec9 | 177 | { |
496ad9aa | 178 | struct inode *inode = file_inode(file); |
f7a859ff | 179 | struct integrity_iint_cache *iint = NULL; |
209b43ca | 180 | struct ima_template_desc *template_desc; |
ea1046d4 | 181 | char *pathbuf = NULL; |
bc15ed66 | 182 | char filename[NAME_MAX]; |
ea1046d4 | 183 | const char *pathname = NULL; |
0d73a552 | 184 | int rc = 0, action, must_appraise = 0; |
725de7fa | 185 | int pcr = CONFIG_IMA_MEASURE_PCR_IDX; |
1525b06d | 186 | struct evm_ima_xattr_data *xattr_value = NULL; |
d3634d0f | 187 | int xattr_len = 0; |
f7a859ff | 188 | bool violation_check; |
1525b06d | 189 | enum hash_algo hash_algo; |
3323eec9 | 190 | |
a756024e | 191 | if (!ima_policy_flag || !S_ISREG(inode->i_mode)) |
3323eec9 | 192 | return 0; |
bc7d2a3e | 193 | |
d79d72e0 MZ |
194 | /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action |
195 | * bitmask based on the appraise/audit/measurement policy. | |
196 | * Included is the appraise submask. | |
197 | */ | |
d906c10d | 198 | action = ima_get_action(inode, cred, secid, mask, func, &pcr); |
4ad87a3d | 199 | violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && |
f7a859ff RS |
200 | (ima_policy_flag & IMA_MEASURE)); |
201 | if (!action && !violation_check) | |
2fe5d6de MZ |
202 | return 0; |
203 | ||
2fe5d6de | 204 | must_appraise = action & IMA_APPRAISE; |
bc7d2a3e | 205 | |
5a73fcfa | 206 | /* Is the appraise rule hook specific? */ |
3a8a2ead | 207 | if (action & IMA_FILE_APPRAISE) |
4ad87a3d | 208 | func = FILE_CHECK; |
5a73fcfa | 209 | |
5955102c | 210 | inode_lock(inode); |
2fe5d6de | 211 | |
f7a859ff RS |
212 | if (action) { |
213 | iint = integrity_inode_get(inode); | |
214 | if (!iint) | |
0d73a552 | 215 | rc = -ENOMEM; |
f7a859ff RS |
216 | } |
217 | ||
0d73a552 | 218 | if (!rc && violation_check) |
1b68bdf9 | 219 | ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, |
4e8581ee | 220 | &pathbuf, &pathname, filename); |
0d73a552 DK |
221 | |
222 | inode_unlock(inode); | |
223 | ||
224 | if (rc) | |
225 | goto out; | |
226 | if (!action) | |
227 | goto out; | |
228 | ||
229 | mutex_lock(&iint->mutex); | |
230 | ||
231 | if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags)) | |
232 | /* reset appraisal flags if ima_inode_post_setattr was called */ | |
233 | iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | | |
234 | IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | | |
235 | IMA_ACTION_FLAGS); | |
236 | ||
d77ccdc6 MZ |
237 | /* |
238 | * Re-evaulate the file if either the xattr has changed or the | |
239 | * kernel has no way of detecting file change on the filesystem. | |
240 | * (Limited to privileged mounted filesystems.) | |
241 | */ | |
242 | if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) || | |
243 | ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) && | |
9e67028e MZ |
244 | !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) && |
245 | !(action & IMA_FAIL_UNVERIFIABLE_SIGS))) { | |
0d73a552 | 246 | iint->flags &= ~IMA_DONE_MASK; |
d77ccdc6 MZ |
247 | iint->measured_pcrs = 0; |
248 | } | |
bf2276d1 | 249 | |
2fe5d6de | 250 | /* Determine if already appraised/measured based on bitmask |
d79d72e0 MZ |
251 | * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED, |
252 | * IMA_AUDIT, IMA_AUDITED) | |
253 | */ | |
2fe5d6de | 254 | iint->flags |= action; |
0e5a247c | 255 | action &= IMA_DO_MASK; |
a422638d ER |
256 | action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); |
257 | ||
258 | /* If target pcr is already measured, unset IMA_MEASURE action */ | |
259 | if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr))) | |
260 | action ^= IMA_MEASURE; | |
2fe5d6de | 261 | |
da1b0029 MZ |
262 | /* HASH sets the digital signature and update flags, nothing else */ |
263 | if ((action & IMA_HASH) && | |
264 | !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) { | |
265 | xattr_len = ima_read_xattr(file_dentry(file), &xattr_value); | |
266 | if ((xattr_value && xattr_len > 2) && | |
267 | (xattr_value->type == EVM_IMA_XATTR_DIGSIG)) | |
268 | set_bit(IMA_DIGSIG, &iint->atomic_flags); | |
269 | iint->flags |= IMA_HASHED; | |
270 | action ^= IMA_HASH; | |
271 | set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); | |
272 | } | |
273 | ||
2fe5d6de MZ |
274 | /* Nothing to do, just return existing appraised status */ |
275 | if (!action) { | |
d79d72e0 | 276 | if (must_appraise) |
4ad87a3d | 277 | rc = ima_get_cache_status(iint, func); |
0d73a552 | 278 | goto out_locked; |
2fe5d6de | 279 | } |
3323eec9 | 280 | |
209b43ca | 281 | template_desc = ima_template_desc_current(); |
f68c05f4 DK |
282 | if ((action & IMA_APPRAISE_SUBMASK) || |
283 | strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) | |
1525b06d | 284 | /* read 'security.ima' */ |
e71b9dff | 285 | xattr_len = ima_read_xattr(file_dentry(file), &xattr_value); |
d3634d0f | 286 | |
1525b06d DK |
287 | hash_algo = ima_get_hash_algo(xattr_value, xattr_len); |
288 | ||
cf222217 | 289 | rc = ima_collect_measurement(iint, file, buf, size, hash_algo); |
f3cc6b25 | 290 | if (rc != 0 && rc != -EBADF && rc != -EINVAL) |
0d73a552 | 291 | goto out_locked; |
08e1b76a | 292 | |
bc15ed66 MZ |
293 | if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */ |
294 | pathname = ima_d_path(&file->f_path, &pathbuf, filename); | |
08e1b76a | 295 | |
2fe5d6de | 296 | if (action & IMA_MEASURE) |
bcbc9b0c | 297 | ima_store_measurement(iint, file, pathname, |
14b1da85 | 298 | xattr_value, xattr_len, pcr); |
0d73a552 DK |
299 | if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) { |
300 | inode_lock(inode); | |
4ad87a3d | 301 | rc = ima_appraise_measurement(func, iint, file, pathname, |
3034a146 | 302 | xattr_value, xattr_len, opened); |
0d73a552 DK |
303 | inode_unlock(inode); |
304 | } | |
e7c568e0 | 305 | if (action & IMA_AUDIT) |
ea1046d4 | 306 | ima_audit_measurement(iint, pathname); |
f7a859ff | 307 | |
f3cc6b25 MZ |
308 | if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) |
309 | rc = 0; | |
0d73a552 DK |
310 | out_locked: |
311 | if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) && | |
05d1a717 | 312 | !(iint->flags & IMA_NEW_FILE)) |
a175b8bb | 313 | rc = -EACCES; |
0d73a552 | 314 | mutex_unlock(&iint->mutex); |
f7a859ff | 315 | kfree(xattr_value); |
0d73a552 | 316 | out: |
456f5fd3 DK |
317 | if (pathbuf) |
318 | __putname(pathbuf); | |
0d73a552 DK |
319 | if (must_appraise) { |
320 | if (rc && (ima_appraise & IMA_APPRAISE_ENFORCE)) | |
321 | return -EACCES; | |
322 | if (file->f_mode & FMODE_WRITE) | |
323 | set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); | |
324 | } | |
750943a3 | 325 | return 0; |
3323eec9 MZ |
326 | } |
327 | ||
328 | /** | |
329 | * ima_file_mmap - based on policy, collect/store measurement. | |
330 | * @file: pointer to the file to be measured (May be NULL) | |
331 | * @prot: contains the protection that will be applied by the kernel. | |
332 | * | |
333 | * Measure files being mmapped executable based on the ima_must_measure() | |
334 | * policy decision. | |
335 | * | |
750943a3 DK |
336 | * On success return 0. On integrity appraisal error, assuming the file |
337 | * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
3323eec9 MZ |
338 | */ |
339 | int ima_file_mmap(struct file *file, unsigned long prot) | |
340 | { | |
d906c10d MG |
341 | u32 secid; |
342 | ||
343 | if (file && (prot & PROT_EXEC)) { | |
344 | security_task_getsecid(current, &secid); | |
345 | return process_measurement(file, current_cred(), secid, NULL, | |
346 | 0, MAY_EXEC, MMAP_CHECK, 0); | |
347 | } | |
348 | ||
750943a3 | 349 | return 0; |
3323eec9 MZ |
350 | } |
351 | ||
352 | /** | |
353 | * ima_bprm_check - based on policy, collect/store measurement. | |
354 | * @bprm: contains the linux_binprm structure | |
355 | * | |
356 | * The OS protects against an executable file, already open for write, | |
357 | * from being executed in deny_write_access() and an executable file, | |
358 | * already open for execute, from being modified in get_write_access(). | |
359 | * So we can be certain that what we verify and measure here is actually | |
360 | * what is being executed. | |
361 | * | |
750943a3 DK |
362 | * On success return 0. On integrity appraisal error, assuming the file |
363 | * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
3323eec9 MZ |
364 | */ |
365 | int ima_bprm_check(struct linux_binprm *bprm) | |
366 | { | |
d906c10d MG |
367 | int ret; |
368 | u32 secid; | |
369 | ||
370 | security_task_getsecid(current, &secid); | |
371 | ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, | |
372 | MAY_EXEC, BPRM_CHECK, 0); | |
373 | if (ret) | |
374 | return ret; | |
375 | ||
376 | security_cred_getsecid(bprm->cred, &secid); | |
377 | return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, | |
378 | MAY_EXEC, CREDS_CHECK, 0); | |
3323eec9 MZ |
379 | } |
380 | ||
8eb988c7 MZ |
381 | /** |
382 | * ima_path_check - based on policy, collect/store measurement. | |
383 | * @file: pointer to the file to be measured | |
20f482ab | 384 | * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND |
8eb988c7 MZ |
385 | * |
386 | * Measure files based on the ima_must_measure() policy decision. | |
387 | * | |
750943a3 DK |
388 | * On success return 0. On integrity appraisal error, assuming the file |
389 | * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
8eb988c7 | 390 | */ |
3034a146 | 391 | int ima_file_check(struct file *file, int mask, int opened) |
8eb988c7 | 392 | { |
d906c10d MG |
393 | u32 secid; |
394 | ||
395 | security_task_getsecid(current, &secid); | |
396 | return process_measurement(file, current_cred(), secid, NULL, 0, | |
20f482ab LZ |
397 | mask & (MAY_READ | MAY_WRITE | MAY_EXEC | |
398 | MAY_APPEND), FILE_CHECK, opened); | |
8eb988c7 | 399 | } |
9bbb6cad | 400 | EXPORT_SYMBOL_GPL(ima_file_check); |
8eb988c7 | 401 | |
05d1a717 MZ |
402 | /** |
403 | * ima_post_path_mknod - mark as a new inode | |
404 | * @dentry: newly created dentry | |
405 | * | |
406 | * Mark files created via the mknodat syscall as new, so that the | |
407 | * file data can be written later. | |
408 | */ | |
409 | void ima_post_path_mknod(struct dentry *dentry) | |
410 | { | |
411 | struct integrity_iint_cache *iint; | |
412 | struct inode *inode = dentry->d_inode; | |
413 | int must_appraise; | |
414 | ||
415 | must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); | |
416 | if (!must_appraise) | |
417 | return; | |
418 | ||
419 | iint = integrity_inode_get(inode); | |
420 | if (iint) | |
421 | iint->flags |= IMA_NEW_FILE; | |
422 | } | |
423 | ||
39eeb4fb MZ |
424 | /** |
425 | * ima_read_file - pre-measure/appraise hook decision based on policy | |
426 | * @file: pointer to the file to be measured/appraised/audit | |
427 | * @read_id: caller identifier | |
428 | * | |
429 | * Permit reading a file based on policy. The policy rules are written | |
430 | * in terms of the policy identifier. Appraising the integrity of | |
431 | * a file requires a file descriptor. | |
432 | * | |
433 | * For permission return 0, otherwise return -EACCES. | |
434 | */ | |
435 | int ima_read_file(struct file *file, enum kernel_read_file_id read_id) | |
436 | { | |
7c9bc098 BM |
437 | bool sig_enforce = is_module_sig_enforced(); |
438 | ||
a1db7420 | 439 | if (!file && read_id == READING_MODULE) { |
7c9bc098 | 440 | if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && |
9c655be0 BM |
441 | (ima_appraise & IMA_APPRAISE_ENFORCE)) { |
442 | pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n"); | |
a1db7420 | 443 | return -EACCES; /* INTEGRITY_UNKNOWN */ |
9c655be0 | 444 | } |
a1db7420 MZ |
445 | return 0; /* We rely on module signature checking */ |
446 | } | |
39eeb4fb MZ |
447 | return 0; |
448 | } | |
449 | ||
d9ddf077 MZ |
450 | static int read_idmap[READING_MAX_ID] = { |
451 | [READING_FIRMWARE] = FIRMWARE_CHECK, | |
452 | [READING_MODULE] = MODULE_CHECK, | |
453 | [READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK, | |
454 | [READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK, | |
19f8a847 | 455 | [READING_POLICY] = POLICY_CHECK |
d9ddf077 MZ |
456 | }; |
457 | ||
cf222217 MZ |
458 | /** |
459 | * ima_post_read_file - in memory collect/appraise/audit measurement | |
460 | * @file: pointer to the file to be measured/appraised/audit | |
461 | * @buf: pointer to in memory file contents | |
462 | * @size: size of in memory file contents | |
463 | * @read_id: caller identifier | |
464 | * | |
465 | * Measure/appraise/audit in memory file based on policy. Policy rules | |
466 | * are written in terms of a policy identifier. | |
467 | * | |
468 | * On success return 0. On integrity appraisal error, assuming the file | |
469 | * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
470 | */ | |
471 | int ima_post_read_file(struct file *file, void *buf, loff_t size, | |
472 | enum kernel_read_file_id read_id) | |
473 | { | |
d9ddf077 | 474 | enum ima_hooks func; |
d906c10d | 475 | u32 secid; |
cf222217 | 476 | |
e40ba6d5 MZ |
477 | if (!file && read_id == READING_FIRMWARE) { |
478 | if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && | |
479 | (ima_appraise & IMA_APPRAISE_ENFORCE)) | |
480 | return -EACCES; /* INTEGRITY_UNKNOWN */ | |
481 | return 0; | |
482 | } | |
483 | ||
a1db7420 MZ |
484 | if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */ |
485 | return 0; | |
486 | ||
a7d3d039 CH |
487 | /* permit signed certs */ |
488 | if (!file && read_id == READING_X509_CERTIFICATE) | |
489 | return 0; | |
490 | ||
cf222217 MZ |
491 | if (!file || !buf || size == 0) { /* should never happen */ |
492 | if (ima_appraise & IMA_APPRAISE_ENFORCE) | |
493 | return -EACCES; | |
494 | return 0; | |
495 | } | |
496 | ||
d9ddf077 | 497 | func = read_idmap[read_id] ?: FILE_CHECK; |
d906c10d MG |
498 | security_task_getsecid(current, &secid); |
499 | return process_measurement(file, current_cred(), secid, buf, size, | |
500 | MAY_READ, func, 0); | |
5a9196d7 MZ |
501 | } |
502 | ||
3323eec9 MZ |
503 | static int __init init_ima(void) |
504 | { | |
505 | int error; | |
506 | ||
3f23d624 | 507 | ima_init_template_list(); |
e7a2ad7e | 508 | hash_setup(CONFIG_IMA_DEFAULT_HASH); |
3323eec9 | 509 | error = ima_init(); |
ab60368a PV |
510 | |
511 | if (error && strcmp(hash_algo_name[ima_hash_algo], | |
512 | CONFIG_IMA_DEFAULT_HASH) != 0) { | |
513 | pr_info("Allocating %s failed, going to use default hash algorithm %s\n", | |
514 | hash_algo_name[ima_hash_algo], CONFIG_IMA_DEFAULT_HASH); | |
515 | hash_setup_done = 0; | |
516 | hash_setup(CONFIG_IMA_DEFAULT_HASH); | |
517 | error = ima_init(); | |
518 | } | |
519 | ||
a756024e | 520 | if (!error) { |
31b70f66 | 521 | ima_initialized = 1; |
a756024e RS |
522 | ima_update_policy_flag(); |
523 | } | |
3323eec9 MZ |
524 | return error; |
525 | } | |
526 | ||
527 | late_initcall(init_ima); /* Start IMA after the TPM is available */ | |
528 | ||
529 | MODULE_DESCRIPTION("Integrity Measurement Architecture"); | |
530 | MODULE_LICENSE("GPL"); |