1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#include <linux/module.h>
20#include <linux/file.h>
21#include <linux/binfmts.h>
22#include <linux/mount.h>
23#include <linux/mman.h>
24#include <linux/slab.h>
25#include <linux/xattr.h>
26#include <linux/ima.h>
27#include <crypto/hash_info.h>
28
29#include "ima.h"
30
31int ima_initialized;
32
33#ifdef CONFIG_IMA_APPRAISE
34int ima_appraise = IMA_APPRAISE_ENFORCE;
35#else
36int ima_appraise;
37#endif
38
39int ima_hash_algo = HASH_ALGO_SHA1;
40static int hash_setup_done;
41
42static int __init hash_setup(char *str)
43{
44 struct ima_template_desc *template_desc = ima_template_desc_current();
45 int i;
46
47 if (hash_setup_done)
48 return 1;
49
50 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
51 if (strncmp(str, "sha1", 4) == 0)
52 ima_hash_algo = HASH_ALGO_SHA1;
53 else if (strncmp(str, "md5", 3) == 0)
54 ima_hash_algo = HASH_ALGO_MD5;
55 goto out;
56 }
57
58 for (i = 0; i < HASH_ALGO__LAST; i++) {
59 if (strcmp(str, hash_algo_name[i]) == 0) {
60 ima_hash_algo = i;
61 break;
62 }
63 }
64out:
65 hash_setup_done = 1;
66 return 1;
67}
68__setup("ima_hash=", hash_setup);
69
70
71
72
73
74
75
76
77
78
79
80static void ima_rdwr_violation_check(struct file *file,
81 struct integrity_iint_cache *iint,
82 int must_measure,
83 char **pathbuf,
84 const char **pathname)
85{
86 struct inode *inode = file_inode(file);
87 fmode_t mode = file->f_mode;
88 bool send_tomtou = false, send_writers = false;
89
90 if (mode & FMODE_WRITE) {
91 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
92 if (!iint)
93 iint = integrity_iint_find(inode);
94
95 if (iint && (iint->flags & IMA_MEASURE))
96 send_tomtou = true;
97 }
98 } else {
99 if ((atomic_read(&inode->i_writecount) > 0) && must_measure)
100 send_writers = true;
101 }
102
103 if (!send_tomtou && !send_writers)
104 return;
105
106 *pathname = ima_d_path(&file->f_path, pathbuf);
107
108 if (send_tomtou)
109 ima_add_violation(file, *pathname, iint,
110 "invalid_pcr", "ToMToU");
111 if (send_writers)
112 ima_add_violation(file, *pathname, iint,
113 "invalid_pcr", "open_writers");
114}
115
116static void ima_check_last_writer(struct integrity_iint_cache *iint,
117 struct inode *inode, struct file *file)
118{
119 fmode_t mode = file->f_mode;
120
121 if (!(mode & FMODE_WRITE))
122 return;
123
124 inode_lock(inode);
125 if (atomic_read(&inode->i_writecount) == 1) {
126 if ((iint->version != inode->i_version) ||
127 (iint->flags & IMA_NEW_FILE)) {
128 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
129 if (iint->flags & IMA_APPRAISE)
130 ima_update_xattr(iint, file);
131 }
132 }
133 inode_unlock(inode);
134}
135
136
137
138
139
140
141
142void ima_file_free(struct file *file)
143{
144 struct inode *inode = file_inode(file);
145 struct integrity_iint_cache *iint;
146
147 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
148 return;
149
150 iint = integrity_iint_find(inode);
151 if (!iint)
152 return;
153
154 ima_check_last_writer(iint, inode, file);
155}
156
157static int process_measurement(struct file *file, int mask, int function,
158 int opened)
159{
160 struct inode *inode = file_inode(file);
161 struct integrity_iint_cache *iint = NULL;
162 struct ima_template_desc *template_desc;
163 char *pathbuf = NULL;
164 const char *pathname = NULL;
165 int rc = -ENOMEM, action, must_appraise;
166 struct evm_ima_xattr_data *xattr_value = NULL, **xattr_ptr = NULL;
167 int xattr_len = 0;
168 bool violation_check;
169
170 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
171 return 0;
172
173
174
175
176
177 action = ima_get_action(inode, mask, function);
178 violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&
179 (ima_policy_flag & IMA_MEASURE));
180 if (!action && !violation_check)
181 return 0;
182
183 must_appraise = action & IMA_APPRAISE;
184
185
186 if (action & IMA_FILE_APPRAISE)
187 function = FILE_CHECK;
188
189 inode_lock(inode);
190
191 if (action) {
192 iint = integrity_inode_get(inode);
193 if (!iint)
194 goto out;
195 }
196
197 if (violation_check) {
198 ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
199 &pathbuf, &pathname);
200 if (!action) {
201 rc = 0;
202 goto out_free;
203 }
204 }
205
206
207
208
209
210 iint->flags |= action;
211 action &= IMA_DO_MASK;
212 action &= ~((iint->flags & IMA_DONE_MASK) >> 1);
213
214
215 if (!action) {
216 if (must_appraise)
217 rc = ima_get_cache_status(iint, function);
218 goto out_digsig;
219 }
220
221 template_desc = ima_template_desc_current();
222 if ((action & IMA_APPRAISE_SUBMASK) ||
223 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
224 xattr_ptr = &xattr_value;
225
226 rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len);
227 if (rc != 0) {
228 if (file->f_flags & O_DIRECT)
229 rc = (iint->flags & IMA_PERMIT_DIRECTIO) ? 0 : -EACCES;
230 goto out_digsig;
231 }
232
233 if (!pathname)
234 pathname = ima_d_path(&file->f_path, &pathbuf);
235
236 if (action & IMA_MEASURE)
237 ima_store_measurement(iint, file, pathname,
238 xattr_value, xattr_len);
239 if (action & IMA_APPRAISE_SUBMASK)
240 rc = ima_appraise_measurement(function, iint, file, pathname,
241 xattr_value, xattr_len, opened);
242 if (action & IMA_AUDIT)
243 ima_audit_measurement(iint, pathname);
244
245out_digsig:
246 if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG))
247 rc = -EACCES;
248 kfree(xattr_value);
249out_free:
250 if (pathbuf)
251 __putname(pathbuf);
252out:
253 inode_unlock(inode);
254 if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE))
255 return -EACCES;
256 return 0;
257}
258
259
260
261
262
263
264
265
266
267
268
269
270int ima_file_mmap(struct file *file, unsigned long prot)
271{
272 if (file && (prot & PROT_EXEC))
273 return process_measurement(file, MAY_EXEC, MMAP_CHECK, 0);
274 return 0;
275}
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290int ima_bprm_check(struct linux_binprm *bprm)
291{
292 return process_measurement(bprm->file, MAY_EXEC, BPRM_CHECK, 0);
293}
294
295
296
297
298
299
300
301
302
303
304
305int ima_file_check(struct file *file, int mask, int opened)
306{
307 return process_measurement(file,
308 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
309 FILE_CHECK, opened);
310}
311EXPORT_SYMBOL_GPL(ima_file_check);
312
313
314
315
316
317
318
319
320
321
322int ima_module_check(struct file *file)
323{
324 if (!file) {
325#ifndef CONFIG_MODULE_SIG_FORCE
326 if ((ima_appraise & IMA_APPRAISE_MODULES) &&
327 (ima_appraise & IMA_APPRAISE_ENFORCE))
328 return -EACCES;
329#endif
330 return 0;
331 }
332 return process_measurement(file, MAY_EXEC, MODULE_CHECK, 0);
333}
334
335int ima_fw_from_file(struct file *file, char *buf, size_t size)
336{
337 if (!file) {
338 if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
339 (ima_appraise & IMA_APPRAISE_ENFORCE))
340 return -EACCES;
341 return 0;
342 }
343 return process_measurement(file, MAY_EXEC, FIRMWARE_CHECK, 0);
344}
345
346static int __init init_ima(void)
347{
348 int error;
349
350 hash_setup(CONFIG_IMA_DEFAULT_HASH);
351 error = ima_init();
352 if (!error) {
353 ima_initialized = 1;
354 ima_update_policy_flag();
355 }
356 return error;
357}
358
359late_initcall(init_ima);
360
361MODULE_DESCRIPTION("Integrity Measurement Architecture");
362MODULE_LICENSE("GPL");
363