1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/fcntl.h>
19#include <linux/slab.h>
20#include <linux/module.h>
21#include <linux/seq_file.h>
22#include <linux/rculist.h>
23#include <linux/rcupdate.h>
24#include <linux/parser.h>
25#include <linux/vmalloc.h>
26
27#include "ima.h"
28
29static DEFINE_MUTEX(ima_write_mutex);
30
31bool ima_canonical_fmt;
32static int __init default_canonical_fmt_setup(char *str)
33{
34#ifdef __BIG_ENDIAN
35 ima_canonical_fmt = true;
36#endif
37 return 1;
38}
39__setup("ima_canonical_fmt", default_canonical_fmt_setup);
40
41static int valid_policy = 1;
42#define TMPBUFLEN 12
43static ssize_t ima_show_htable_value(char __user *buf, size_t count,
44 loff_t *ppos, atomic_long_t *val)
45{
46 char tmpbuf[TMPBUFLEN];
47 ssize_t len;
48
49 len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
50 return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
51}
52
53static ssize_t ima_show_htable_violations(struct file *filp,
54 char __user *buf,
55 size_t count, loff_t *ppos)
56{
57 return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
58}
59
60static const struct file_operations ima_htable_violations_ops = {
61 .read = ima_show_htable_violations,
62 .llseek = generic_file_llseek,
63};
64
65static ssize_t ima_show_measurements_count(struct file *filp,
66 char __user *buf,
67 size_t count, loff_t *ppos)
68{
69 return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
70
71}
72
73static const struct file_operations ima_measurements_count_ops = {
74 .read = ima_show_measurements_count,
75 .llseek = generic_file_llseek,
76};
77
78
79static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
80{
81 loff_t l = *pos;
82 struct ima_queue_entry *qe;
83
84
85 rcu_read_lock();
86 list_for_each_entry_rcu(qe, &ima_measurements, later) {
87 if (!l--) {
88 rcu_read_unlock();
89 return qe;
90 }
91 }
92 rcu_read_unlock();
93 return NULL;
94}
95
96static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
97{
98 struct ima_queue_entry *qe = v;
99
100
101
102
103 rcu_read_lock();
104 qe = list_entry_rcu(qe->later.next, struct ima_queue_entry, later);
105 rcu_read_unlock();
106 (*pos)++;
107
108 return (&qe->later == &ima_measurements) ? NULL : qe;
109}
110
111static void ima_measurements_stop(struct seq_file *m, void *v)
112{
113}
114
115void ima_putc(struct seq_file *m, void *data, int datalen)
116{
117 while (datalen--)
118 seq_putc(m, *(char *)data++);
119}
120
121
122
123
124
125
126
127
128
129int ima_measurements_show(struct seq_file *m, void *v)
130{
131
132 struct ima_queue_entry *qe = v;
133 struct ima_template_entry *e;
134 char *template_name;
135 u32 pcr, namelen, template_data_len;
136 bool is_ima_template = false;
137 int i;
138
139
140 e = qe->entry;
141 if (e == NULL)
142 return -1;
143
144 template_name = (e->template_desc->name[0] != '\0') ?
145 e->template_desc->name : e->template_desc->fmt;
146
147
148
149
150
151
152 pcr = !ima_canonical_fmt ? e->pcr : cpu_to_le32(e->pcr);
153 ima_putc(m, &pcr, sizeof(e->pcr));
154
155
156 ima_putc(m, e->digest, TPM_DIGEST_SIZE);
157
158
159 namelen = !ima_canonical_fmt ? strlen(template_name) :
160 cpu_to_le32(strlen(template_name));
161 ima_putc(m, &namelen, sizeof(namelen));
162
163
164 ima_putc(m, template_name, strlen(template_name));
165
166
167 if (strcmp(template_name, IMA_TEMPLATE_IMA_NAME) == 0)
168 is_ima_template = true;
169
170 if (!is_ima_template) {
171 template_data_len = !ima_canonical_fmt ? e->template_data_len :
172 cpu_to_le32(e->template_data_len);
173 ima_putc(m, &template_data_len, sizeof(e->template_data_len));
174 }
175
176
177 for (i = 0; i < e->template_desc->num_fields; i++) {
178 enum ima_show_type show = IMA_SHOW_BINARY;
179 struct ima_template_field *field = e->template_desc->fields[i];
180
181 if (is_ima_template && strcmp(field->field_id, "d") == 0)
182 show = IMA_SHOW_BINARY_NO_FIELD_LEN;
183 if (is_ima_template && strcmp(field->field_id, "n") == 0)
184 show = IMA_SHOW_BINARY_OLD_STRING_FMT;
185 field->field_show(m, show, &e->template_data[i]);
186 }
187 return 0;
188}
189
190static const struct seq_operations ima_measurments_seqops = {
191 .start = ima_measurements_start,
192 .next = ima_measurements_next,
193 .stop = ima_measurements_stop,
194 .show = ima_measurements_show
195};
196
197static int ima_measurements_open(struct inode *inode, struct file *file)
198{
199 return seq_open(file, &ima_measurments_seqops);
200}
201
202static const struct file_operations ima_measurements_ops = {
203 .open = ima_measurements_open,
204 .read = seq_read,
205 .llseek = seq_lseek,
206 .release = seq_release,
207};
208
209void ima_print_digest(struct seq_file *m, u8 *digest, u32 size)
210{
211 u32 i;
212
213 for (i = 0; i < size; i++)
214 seq_printf(m, "%02x", *(digest + i));
215}
216
217
218static int ima_ascii_measurements_show(struct seq_file *m, void *v)
219{
220
221 struct ima_queue_entry *qe = v;
222 struct ima_template_entry *e;
223 char *template_name;
224 int i;
225
226
227 e = qe->entry;
228 if (e == NULL)
229 return -1;
230
231 template_name = (e->template_desc->name[0] != '\0') ?
232 e->template_desc->name : e->template_desc->fmt;
233
234
235 seq_printf(m, "%2d ", e->pcr);
236
237
238 ima_print_digest(m, e->digest, TPM_DIGEST_SIZE);
239
240
241 seq_printf(m, " %s", template_name);
242
243
244 for (i = 0; i < e->template_desc->num_fields; i++) {
245 seq_puts(m, " ");
246 if (e->template_data[i].len == 0)
247 continue;
248
249 e->template_desc->fields[i]->field_show(m, IMA_SHOW_ASCII,
250 &e->template_data[i]);
251 }
252 seq_puts(m, "\n");
253 return 0;
254}
255
256static const struct seq_operations ima_ascii_measurements_seqops = {
257 .start = ima_measurements_start,
258 .next = ima_measurements_next,
259 .stop = ima_measurements_stop,
260 .show = ima_ascii_measurements_show
261};
262
263static int ima_ascii_measurements_open(struct inode *inode, struct file *file)
264{
265 return seq_open(file, &ima_ascii_measurements_seqops);
266}
267
268static const struct file_operations ima_ascii_measurements_ops = {
269 .open = ima_ascii_measurements_open,
270 .read = seq_read,
271 .llseek = seq_lseek,
272 .release = seq_release,
273};
274
275static ssize_t ima_read_policy(char *path)
276{
277 void *data;
278 char *datap;
279 loff_t size;
280 int rc, pathlen = strlen(path);
281
282 char *p;
283
284
285 datap = path;
286 strsep(&datap, "\n");
287
288 rc = kernel_read_file_from_path(path, &data, &size, 0, READING_POLICY);
289 if (rc < 0) {
290 pr_err("Unable to open file: %s (%d)", path, rc);
291 return rc;
292 }
293
294 datap = data;
295 while (size > 0 && (p = strsep(&datap, "\n"))) {
296 pr_debug("rule: %s\n", p);
297 rc = ima_parse_add_rule(p);
298 if (rc < 0)
299 break;
300 size -= rc;
301 }
302
303 vfree(data);
304 if (rc < 0)
305 return rc;
306 else if (size)
307 return -EINVAL;
308 else
309 return pathlen;
310}
311
312static ssize_t ima_write_policy(struct file *file, const char __user *buf,
313 size_t datalen, loff_t *ppos)
314{
315 char *data;
316 ssize_t result;
317
318 if (datalen >= PAGE_SIZE)
319 datalen = PAGE_SIZE - 1;
320
321
322 result = -EINVAL;
323 if (*ppos != 0)
324 goto out;
325
326 data = memdup_user_nul(buf, datalen);
327 if (IS_ERR(data)) {
328 result = PTR_ERR(data);
329 goto out;
330 }
331
332 result = mutex_lock_interruptible(&ima_write_mutex);
333 if (result < 0)
334 goto out_free;
335
336 if (data[0] == '/') {
337 result = ima_read_policy(data);
338 } else if (ima_appraise & IMA_APPRAISE_POLICY) {
339 pr_err("IMA: signed policy file (specified as an absolute pathname) required\n");
340 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
341 "policy_update", "signed policy required",
342 1, 0);
343 if (ima_appraise & IMA_APPRAISE_ENFORCE)
344 result = -EACCES;
345 } else {
346 result = ima_parse_add_rule(data);
347 }
348 mutex_unlock(&ima_write_mutex);
349out_free:
350 kfree(data);
351out:
352 if (result < 0)
353 valid_policy = 0;
354
355 return result;
356}
357
358static struct dentry *ima_dir;
359static struct dentry *binary_runtime_measurements;
360static struct dentry *ascii_runtime_measurements;
361static struct dentry *runtime_measurements_count;
362static struct dentry *violations;
363static struct dentry *ima_policy;
364
365enum ima_fs_flags {
366 IMA_FS_BUSY,
367};
368
369static unsigned long ima_fs_flags;
370
371#ifdef CONFIG_IMA_READ_POLICY
372static const struct seq_operations ima_policy_seqops = {
373 .start = ima_policy_start,
374 .next = ima_policy_next,
375 .stop = ima_policy_stop,
376 .show = ima_policy_show,
377};
378#endif
379
380
381
382
383static int ima_open_policy(struct inode *inode, struct file *filp)
384{
385 if (!(filp->f_flags & O_WRONLY)) {
386#ifndef CONFIG_IMA_READ_POLICY
387 return -EACCES;
388#else
389 if ((filp->f_flags & O_ACCMODE) != O_RDONLY)
390 return -EACCES;
391 if (!capable(CAP_SYS_ADMIN))
392 return -EPERM;
393 return seq_open(filp, &ima_policy_seqops);
394#endif
395 }
396 if (test_and_set_bit(IMA_FS_BUSY, &ima_fs_flags))
397 return -EBUSY;
398 return 0;
399}
400
401
402
403
404
405
406
407
408static int ima_release_policy(struct inode *inode, struct file *file)
409{
410 const char *cause = valid_policy ? "completed" : "failed";
411
412 if ((file->f_flags & O_ACCMODE) == O_RDONLY)
413 return seq_release(inode, file);
414
415 if (valid_policy && ima_check_policy() < 0) {
416 cause = "failed";
417 valid_policy = 0;
418 }
419
420 pr_info("IMA: policy update %s\n", cause);
421 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
422 "policy_update", cause, !valid_policy, 0);
423
424 if (!valid_policy) {
425 ima_delete_rules();
426 valid_policy = 1;
427 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
428 return 0;
429 }
430
431 ima_update_policy();
432#if !defined(CONFIG_IMA_WRITE_POLICY) && !defined(CONFIG_IMA_READ_POLICY)
433 securityfs_remove(ima_policy);
434 ima_policy = NULL;
435#elif defined(CONFIG_IMA_WRITE_POLICY)
436 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
437#endif
438 return 0;
439}
440
441static const struct file_operations ima_measure_policy_ops = {
442 .open = ima_open_policy,
443 .write = ima_write_policy,
444 .read = seq_read,
445 .release = ima_release_policy,
446 .llseek = generic_file_llseek,
447};
448
449int __init ima_fs_init(void)
450{
451 ima_dir = securityfs_create_dir("ima", NULL);
452 if (IS_ERR(ima_dir))
453 return -1;
454
455 binary_runtime_measurements =
456 securityfs_create_file("binary_runtime_measurements",
457 S_IRUSR | S_IRGRP, ima_dir, NULL,
458 &ima_measurements_ops);
459 if (IS_ERR(binary_runtime_measurements))
460 goto out;
461
462 ascii_runtime_measurements =
463 securityfs_create_file("ascii_runtime_measurements",
464 S_IRUSR | S_IRGRP, ima_dir, NULL,
465 &ima_ascii_measurements_ops);
466 if (IS_ERR(ascii_runtime_measurements))
467 goto out;
468
469 runtime_measurements_count =
470 securityfs_create_file("runtime_measurements_count",
471 S_IRUSR | S_IRGRP, ima_dir, NULL,
472 &ima_measurements_count_ops);
473 if (IS_ERR(runtime_measurements_count))
474 goto out;
475
476 violations =
477 securityfs_create_file("violations", S_IRUSR | S_IRGRP,
478 ima_dir, NULL, &ima_htable_violations_ops);
479 if (IS_ERR(violations))
480 goto out;
481
482 ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS,
483 ima_dir, NULL,
484 &ima_measure_policy_ops);
485 if (IS_ERR(ima_policy))
486 goto out;
487
488 return 0;
489out:
490 securityfs_remove(violations);
491 securityfs_remove(runtime_measurements_count);
492 securityfs_remove(ascii_runtime_measurements);
493 securityfs_remove(binary_runtime_measurements);
494 securityfs_remove(ima_dir);
495 securityfs_remove(ima_policy);
496 return -1;
497}
498
