linux/security/integrity/ima/ima_policy.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Copyright (C) 2008 IBM Corporation
   4 * Author: Mimi Zohar <zohar@us.ibm.com>
   5 *
   6 * ima_policy.c
   7 *      - initialize default measure policy rules
   8 */
   9#include <linux/init.h>
  10#include <linux/list.h>
  11#include <linux/fs.h>
  12#include <linux/security.h>
  13#include <linux/magic.h>
  14#include <linux/parser.h>
  15#include <linux/slab.h>
  16#include <linux/rculist.h>
  17#include <linux/genhd.h>
  18#include <linux/seq_file.h>
  19#include <linux/ima.h>
  20
  21#include "ima.h"
  22
  23/* flags definitions */
  24#define IMA_FUNC        0x0001
  25#define IMA_MASK        0x0002
  26#define IMA_FSMAGIC     0x0004
  27#define IMA_UID         0x0008
  28#define IMA_FOWNER      0x0010
  29#define IMA_FSUUID      0x0020
  30#define IMA_INMASK      0x0040
  31#define IMA_EUID        0x0080
  32#define IMA_PCR         0x0100
  33#define IMA_FSNAME      0x0200
  34
  35#define UNKNOWN         0
  36#define MEASURE         0x0001  /* same as IMA_MEASURE */
  37#define DONT_MEASURE    0x0002
  38#define APPRAISE        0x0004  /* same as IMA_APPRAISE */
  39#define DONT_APPRAISE   0x0008
  40#define AUDIT           0x0040
  41#define HASH            0x0100
  42#define DONT_HASH       0x0200
  43
  44#define INVALID_PCR(a) (((a) < 0) || \
  45        (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8))
  46
  47int ima_policy_flag;
  48static int temp_ima_appraise;
  49static int build_ima_appraise __ro_after_init;
  50
  51#define MAX_LSM_RULES 6
  52enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
  53        LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
  54};
  55
  56enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };
  57
  58enum policy_rule_list { IMA_DEFAULT_POLICY = 1, IMA_CUSTOM_POLICY };
  59
  60struct ima_rule_entry {
  61        struct list_head list;
  62        int action;
  63        unsigned int flags;
  64        enum ima_hooks func;
  65        int mask;
  66        unsigned long fsmagic;
  67        uuid_t fsuuid;
  68        kuid_t uid;
  69        kuid_t fowner;
  70        bool (*uid_op)(kuid_t, kuid_t);    /* Handlers for operators       */
  71        bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */
  72        int pcr;
  73        struct {
  74                void *rule;     /* LSM file metadata specific */
  75                void *args_p;   /* audit value */
  76                int type;       /* audit type */
  77        } lsm[MAX_LSM_RULES];
  78        char *fsname;
  79};
  80
  81/*
  82 * Without LSM specific knowledge, the default policy can only be
  83 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
  84 */
  85
  86/*
  87 * The minimum rule set to allow for full TCB coverage.  Measures all files
  88 * opened or mmap for exec and everything read by root.  Dangerous because
  89 * normal users can easily run the machine out of memory simply building
  90 * and running executables.
  91 */
  92static struct ima_rule_entry dont_measure_rules[] __ro_after_init = {
  93        {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
  94        {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
  95        {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
  96        {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
  97        {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
  98        {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
  99        {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
 100        {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
 101        {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
 102        {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
 103         .flags = IMA_FSMAGIC},
 104        {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
 105         .flags = IMA_FSMAGIC},
 106        {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
 107        {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
 108};
 109
 110static struct ima_rule_entry original_measurement_rules[] __ro_after_init = {
 111        {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
 112         .flags = IMA_FUNC | IMA_MASK},
 113        {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
 114         .flags = IMA_FUNC | IMA_MASK},
 115        {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
 116         .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
 117         .flags = IMA_FUNC | IMA_MASK | IMA_UID},
 118        {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
 119        {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
 120};
 121
 122static struct ima_rule_entry default_measurement_rules[] __ro_after_init = {
 123        {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
 124         .flags = IMA_FUNC | IMA_MASK},
 125        {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
 126         .flags = IMA_FUNC | IMA_MASK},
 127        {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
 128         .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
 129         .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
 130        {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
 131         .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
 132         .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
 133        {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
 134        {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
 135        {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
 136};
 137
 138static struct ima_rule_entry default_appraise_rules[] __ro_after_init = {
 139        {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 140        {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
 141        {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
 142        {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
 143        {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
 144        {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 145        {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
 146        {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
 147        {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
 148        {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
 149        {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
 150        {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
 151        {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 152        {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 153#ifdef CONFIG_IMA_WRITE_POLICY
 154        {.action = APPRAISE, .func = POLICY_CHECK,
 155        .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 156#endif
 157#ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT
 158        {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
 159         .flags = IMA_FOWNER},
 160#else
 161        /* force signature */
 162        {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
 163         .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED},
 164#endif
 165};
 166
 167static struct ima_rule_entry build_appraise_rules[] __ro_after_init = {
 168#ifdef CONFIG_IMA_APPRAISE_REQUIRE_MODULE_SIGS
 169        {.action = APPRAISE, .func = MODULE_CHECK,
 170         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 171#endif
 172#ifdef CONFIG_IMA_APPRAISE_REQUIRE_FIRMWARE_SIGS
 173        {.action = APPRAISE, .func = FIRMWARE_CHECK,
 174         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 175#endif
 176#ifdef CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS
 177        {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
 178         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 179#endif
 180#ifdef CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS
 181        {.action = APPRAISE, .func = POLICY_CHECK,
 182         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 183#endif
 184};
 185
 186static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
 187        {.action = APPRAISE, .func = MODULE_CHECK,
 188         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 189        {.action = APPRAISE, .func = FIRMWARE_CHECK,
 190         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 191        {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
 192         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 193        {.action = APPRAISE, .func = POLICY_CHECK,
 194         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
 195};
 196
 197/* An array of architecture specific rules */
 198struct ima_rule_entry *arch_policy_entry __ro_after_init;
 199
 200static LIST_HEAD(ima_default_rules);
 201static LIST_HEAD(ima_policy_rules);
 202static LIST_HEAD(ima_temp_rules);
 203static struct list_head *ima_rules;
 204
 205static int ima_policy __initdata;
 206
 207static int __init default_measure_policy_setup(char *str)
 208{
 209        if (ima_policy)
 210                return 1;
 211
 212        ima_policy = ORIGINAL_TCB;
 213        return 1;
 214}
 215__setup("ima_tcb", default_measure_policy_setup);
 216
 217static bool ima_use_appraise_tcb __initdata;
 218static bool ima_use_secure_boot __initdata;
 219static bool ima_fail_unverifiable_sigs __ro_after_init;
 220static int __init policy_setup(char *str)
 221{
 222        char *p;
 223
 224        while ((p = strsep(&str, " |\n")) != NULL) {
 225                if (*p == ' ')
 226                        continue;
 227                if ((strcmp(p, "tcb") == 0) && !ima_policy)
 228                        ima_policy = DEFAULT_TCB;
 229                else if (strcmp(p, "appraise_tcb") == 0)
 230                        ima_use_appraise_tcb = true;
 231                else if (strcmp(p, "secure_boot") == 0)
 232                        ima_use_secure_boot = true;
 233                else if (strcmp(p, "fail_securely") == 0)
 234                        ima_fail_unverifiable_sigs = true;
 235        }
 236
 237        return 1;
 238}
 239__setup("ima_policy=", policy_setup);
 240
 241static int __init default_appraise_policy_setup(char *str)
 242{
 243        ima_use_appraise_tcb = true;
 244        return 1;
 245}
 246__setup("ima_appraise_tcb", default_appraise_policy_setup);
 247
 248/*
 249 * The LSM policy can be reloaded, leaving the IMA LSM based rules referring
 250 * to the old, stale LSM policy.  Update the IMA LSM based rules to reflect
 251 * the reloaded LSM policy.  We assume the rules still exist; and BUG_ON() if
 252 * they don't.
 253 */
 254static void ima_lsm_update_rules(void)
 255{
 256        struct ima_rule_entry *entry;
 257        int result;
 258        int i;
 259
 260        list_for_each_entry(entry, &ima_policy_rules, list) {
 261                for (i = 0; i < MAX_LSM_RULES; i++) {
 262                        if (!entry->lsm[i].rule)
 263                                continue;
 264                        result = security_filter_rule_init(entry->lsm[i].type,
 265                                                           Audit_equal,
 266                                                           entry->lsm[i].args_p,
 267                                                           &entry->lsm[i].rule);
 268                        BUG_ON(!entry->lsm[i].rule);
 269                }
 270        }
 271}
 272
 273/**
 274 * ima_match_rules - determine whether an inode matches the measure rule.
 275 * @rule: a pointer to a rule
 276 * @inode: a pointer to an inode
 277 * @cred: a pointer to a credentials structure for user validation
 278 * @secid: the secid of the task to be validated
 279 * @func: LIM hook identifier
 280 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
 281 *
 282 * Returns true on rule match, false on failure.
 283 */
 284static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
 285                            const struct cred *cred, u32 secid,
 286                            enum ima_hooks func, int mask)
 287{
 288        int i;
 289
 290        if ((rule->flags & IMA_FUNC) &&
 291            (rule->func != func && func != POST_SETATTR))
 292                return false;
 293        if ((rule->flags & IMA_MASK) &&
 294            (rule->mask != mask && func != POST_SETATTR))
 295                return false;
 296        if ((rule->flags & IMA_INMASK) &&
 297            (!(rule->mask & mask) && func != POST_SETATTR))
 298                return false;
 299        if ((rule->flags & IMA_FSMAGIC)
 300            && rule->fsmagic != inode->i_sb->s_magic)
 301                return false;
 302        if ((rule->flags & IMA_FSNAME)
 303            && strcmp(rule->fsname, inode->i_sb->s_type->name))
 304                return false;
 305        if ((rule->flags & IMA_FSUUID) &&
 306            !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid))
 307                return false;
 308        if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
 309                return false;
 310        if (rule->flags & IMA_EUID) {
 311                if (has_capability_noaudit(current, CAP_SETUID)) {
 312                        if (!rule->uid_op(cred->euid, rule->uid)
 313                            && !rule->uid_op(cred->suid, rule->uid)
 314                            && !rule->uid_op(cred->uid, rule->uid))
 315                                return false;
 316                } else if (!rule->uid_op(cred->euid, rule->uid))
 317                        return false;
 318        }
 319
 320        if ((rule->flags & IMA_FOWNER) &&
 321            !rule->fowner_op(inode->i_uid, rule->fowner))
 322                return false;
 323        for (i = 0; i < MAX_LSM_RULES; i++) {
 324                int rc = 0;
 325                u32 osid;
 326                int retried = 0;
 327
 328                if (!rule->lsm[i].rule)
 329                        continue;
 330retry:
 331                switch (i) {
 332                case LSM_OBJ_USER:
 333                case LSM_OBJ_ROLE:
 334                case LSM_OBJ_TYPE:
 335                        security_inode_getsecid(inode, &osid);
 336                        rc = security_filter_rule_match(osid,
 337                                                        rule->lsm[i].type,
 338                                                        Audit_equal,
 339                                                        rule->lsm[i].rule);
 340                        break;
 341                case LSM_SUBJ_USER:
 342                case LSM_SUBJ_ROLE:
 343                case LSM_SUBJ_TYPE:
 344                        rc = security_filter_rule_match(secid,
 345                                                        rule->lsm[i].type,
 346                                                        Audit_equal,
 347                                                        rule->lsm[i].rule);
 348                default:
 349                        break;
 350                }
 351                if ((rc < 0) && (!retried)) {
 352                        retried = 1;
 353                        ima_lsm_update_rules();
 354                        goto retry;
 355                }
 356                if (!rc)
 357                        return false;
 358        }
 359        return true;
 360}
 361
 362/*
 363 * In addition to knowing that we need to appraise the file in general,
 364 * we need to differentiate between calling hooks, for hook specific rules.
 365 */
 366static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
 367{
 368        if (!(rule->flags & IMA_FUNC))
 369                return IMA_FILE_APPRAISE;
 370
 371        switch (func) {
 372        case MMAP_CHECK:
 373                return IMA_MMAP_APPRAISE;
 374        case BPRM_CHECK:
 375                return IMA_BPRM_APPRAISE;
 376        case CREDS_CHECK:
 377                return IMA_CREDS_APPRAISE;
 378        case FILE_CHECK:
 379        case POST_SETATTR:
 380                return IMA_FILE_APPRAISE;
 381        case MODULE_CHECK ... MAX_CHECK - 1:
 382        default:
 383                return IMA_READ_APPRAISE;
 384        }
 385}
 386
 387/**
 388 * ima_match_policy - decision based on LSM and other conditions
 389 * @inode: pointer to an inode for which the policy decision is being made
 390 * @cred: pointer to a credentials structure for which the policy decision is
 391 *        being made
 392 * @secid: LSM secid of the task to be validated
 393 * @func: IMA hook identifier
 394 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
 395 * @pcr: set the pcr to extend
 396 *
 397 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
 398 * conditions.
 399 *
 400 * Since the IMA policy may be updated multiple times we need to lock the
 401 * list when walking it.  Reads are many orders of magnitude more numerous
 402 * than writes so ima_match_policy() is classical RCU candidate.
 403 */
 404int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
 405                     enum ima_hooks func, int mask, int flags, int *pcr)
 406{
 407        struct ima_rule_entry *entry;
 408        int action = 0, actmask = flags | (flags << 1);
 409
 410        rcu_read_lock();
 411        list_for_each_entry_rcu(entry, ima_rules, list) {
 412
 413                if (!(entry->action & actmask))
 414                        continue;
 415
 416                if (!ima_match_rules(entry, inode, cred, secid, func, mask))
 417                        continue;
 418
 419                action |= entry->flags & IMA_ACTION_FLAGS;
 420
 421                action |= entry->action & IMA_DO_MASK;
 422                if (entry->action & IMA_APPRAISE) {
 423                        action |= get_subaction(entry, func);
 424                        action &= ~IMA_HASH;
 425                        if (ima_fail_unverifiable_sigs)
 426                                action |= IMA_FAIL_UNVERIFIABLE_SIGS;
 427                }
 428
 429                if (entry->action & IMA_DO_MASK)
 430                        actmask &= ~(entry->action | entry->action << 1);
 431                else
 432                        actmask &= ~(entry->action | entry->action >> 1);
 433
 434                if ((pcr) && (entry->flags & IMA_PCR))
 435                        *pcr = entry->pcr;
 436
 437                if (!actmask)
 438                        break;
 439        }
 440        rcu_read_unlock();
 441
 442        return action;
 443}
 444
 445/*
 446 * Initialize the ima_policy_flag variable based on the currently
 447 * loaded policy.  Based on this flag, the decision to short circuit
 448 * out of a function or not call the function in the first place
 449 * can be made earlier.
 450 */
 451void ima_update_policy_flag(void)
 452{
 453        struct ima_rule_entry *entry;
 454
 455        list_for_each_entry(entry, ima_rules, list) {
 456                if (entry->action & IMA_DO_MASK)
 457                        ima_policy_flag |= entry->action;
 458        }
 459
 460        ima_appraise |= (build_ima_appraise | temp_ima_appraise);
 461        if (!ima_appraise)
 462                ima_policy_flag &= ~IMA_APPRAISE;
 463}
 464
 465static int ima_appraise_flag(enum ima_hooks func)
 466{
 467        if (func == MODULE_CHECK)
 468                return IMA_APPRAISE_MODULES;
 469        else if (func == FIRMWARE_CHECK)
 470                return IMA_APPRAISE_FIRMWARE;
 471        else if (func == POLICY_CHECK)
 472                return IMA_APPRAISE_POLICY;
 473        else if (func == KEXEC_KERNEL_CHECK)
 474                return IMA_APPRAISE_KEXEC;
 475        return 0;
 476}
 477
 478static void add_rules(struct ima_rule_entry *entries, int count,
 479                      enum policy_rule_list policy_rule)
 480{
 481        int i = 0;
 482
 483        for (i = 0; i < count; i++) {
 484                struct ima_rule_entry *entry;
 485
 486                if (policy_rule & IMA_DEFAULT_POLICY)
 487                        list_add_tail(&entries[i].list, &ima_default_rules);
 488
 489                if (policy_rule & IMA_CUSTOM_POLICY) {
 490                        entry = kmemdup(&entries[i], sizeof(*entry),
 491                                        GFP_KERNEL);
 492                        if (!entry)
 493                                continue;
 494
 495                        list_add_tail(&entry->list, &ima_policy_rules);
 496                }
 497                if (entries[i].action == APPRAISE) {
 498                        temp_ima_appraise |= ima_appraise_flag(entries[i].func);
 499                        if (entries[i].func == POLICY_CHECK)
 500                                temp_ima_appraise |= IMA_APPRAISE_POLICY;
 501                }
 502        }
 503}
 504
 505static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
 506
 507static int __init ima_init_arch_policy(void)
 508{
 509        const char * const *arch_rules;
 510        const char * const *rules;
 511        int arch_entries = 0;
 512        int i = 0;
 513
 514        arch_rules = arch_get_ima_policy();
 515        if (!arch_rules)
 516                return arch_entries;
 517
 518        /* Get number of rules */
 519        for (rules = arch_rules; *rules != NULL; rules++)
 520                arch_entries++;
 521
 522        arch_policy_entry = kcalloc(arch_entries + 1,
 523                                    sizeof(*arch_policy_entry), GFP_KERNEL);
 524        if (!arch_policy_entry)
 525                return 0;
 526
 527        /* Convert each policy string rules to struct ima_rule_entry format */
 528        for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
 529                char rule[255];
 530                int result;
 531
 532                result = strlcpy(rule, *rules, sizeof(rule));
 533
 534                INIT_LIST_HEAD(&arch_policy_entry[i].list);
 535                result = ima_parse_rule(rule, &arch_policy_entry[i]);
 536                if (result) {
 537                        pr_warn("Skipping unknown architecture policy rule: %s\n",
 538                                rule);
 539                        memset(&arch_policy_entry[i], 0,
 540                               sizeof(*arch_policy_entry));
 541                        continue;
 542                }
 543                i++;
 544        }
 545        return i;
 546}
 547
 548/**
 549 * ima_init_policy - initialize the default measure rules.
 550 *
 551 * ima_rules points to either the ima_default_rules or the
 552 * the new ima_policy_rules.
 553 */
 554void __init ima_init_policy(void)
 555{
 556        int build_appraise_entries, arch_entries;
 557
 558        /* if !ima_policy, we load NO default rules */
 559        if (ima_policy)
 560                add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules),
 561                          IMA_DEFAULT_POLICY);
 562
 563        switch (ima_policy) {
 564        case ORIGINAL_TCB:
 565                add_rules(original_measurement_rules,
 566                          ARRAY_SIZE(original_measurement_rules),
 567                          IMA_DEFAULT_POLICY);
 568                break;
 569        case DEFAULT_TCB:
 570                add_rules(default_measurement_rules,
 571                          ARRAY_SIZE(default_measurement_rules),
 572                          IMA_DEFAULT_POLICY);
 573        default:
 574                break;
 575        }
 576
 577        /*
 578         * Based on runtime secure boot flags, insert arch specific measurement
 579         * and appraise rules requiring file signatures for both the initial
 580         * and custom policies, prior to other appraise rules.
 581         * (Highest priority)
 582         */
 583        arch_entries = ima_init_arch_policy();
 584        if (!arch_entries)
 585                pr_info("No architecture policies found\n");
 586        else
 587                add_rules(arch_policy_entry, arch_entries,
 588                          IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
 589
 590        /*
 591         * Insert the builtin "secure_boot" policy rules requiring file
 592         * signatures, prior to other appraise rules.
 593         */
 594        if (ima_use_secure_boot)
 595                add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules),
 596                          IMA_DEFAULT_POLICY);
 597
 598        /*
 599         * Insert the build time appraise rules requiring file signatures
 600         * for both the initial and custom policies, prior to other appraise
 601         * rules. As the secure boot rules includes all of the build time
 602         * rules, include either one or the other set of rules, but not both.
 603         */
 604        build_appraise_entries = ARRAY_SIZE(build_appraise_rules);
 605        if (build_appraise_entries) {
 606                if (ima_use_secure_boot)
 607                        add_rules(build_appraise_rules, build_appraise_entries,
 608                                  IMA_CUSTOM_POLICY);
 609                else
 610                        add_rules(build_appraise_rules, build_appraise_entries,
 611                                  IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
 612        }
 613
 614        if (ima_use_appraise_tcb)
 615                add_rules(default_appraise_rules,
 616                          ARRAY_SIZE(default_appraise_rules),
 617                          IMA_DEFAULT_POLICY);
 618
 619        ima_rules = &ima_default_rules;
 620        ima_update_policy_flag();
 621}
 622
 623/* Make sure we have a valid policy, at least containing some rules. */
 624int ima_check_policy(void)
 625{
 626        if (list_empty(&ima_temp_rules))
 627                return -EINVAL;
 628        return 0;
 629}
 630
 631/**
 632 * ima_update_policy - update default_rules with new measure rules
 633 *
 634 * Called on file .release to update the default rules with a complete new
 635 * policy.  What we do here is to splice ima_policy_rules and ima_temp_rules so
 636 * they make a queue.  The policy may be updated multiple times and this is the
 637 * RCU updater.
 638 *
 639 * Policy rules are never deleted so ima_policy_flag gets zeroed only once when
 640 * we switch from the default policy to user defined.
 641 */
 642void ima_update_policy(void)
 643{
 644        struct list_head *policy = &ima_policy_rules;
 645
 646        list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu);
 647
 648        if (ima_rules != policy) {
 649                ima_policy_flag = 0;
 650                ima_rules = policy;
 651
 652                /*
 653                 * IMA architecture specific policy rules are specified
 654                 * as strings and converted to an array of ima_entry_rules
 655                 * on boot.  After loading a custom policy, free the
 656                 * architecture specific rules stored as an array.
 657                 */
 658                kfree(arch_policy_entry);
 659        }
 660        ima_update_policy_flag();
 661}
 662
 663/* Keep the enumeration in sync with the policy_tokens! */
 664enum {
 665        Opt_measure, Opt_dont_measure,
 666        Opt_appraise, Opt_dont_appraise,
 667        Opt_audit, Opt_hash, Opt_dont_hash,
 668        Opt_obj_user, Opt_obj_role, Opt_obj_type,
 669        Opt_subj_user, Opt_subj_role, Opt_subj_type,
 670        Opt_func, Opt_mask, Opt_fsmagic, Opt_fsname,
 671        Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq,
 672        Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt,
 673        Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt,
 674        Opt_appraise_type, Opt_permit_directio,
 675        Opt_pcr, Opt_err
 676};
 677
 678static const match_table_t policy_tokens = {
 679        {Opt_measure, "measure"},
 680        {Opt_dont_measure, "dont_measure"},
 681        {Opt_appraise, "appraise"},
 682        {Opt_dont_appraise, "dont_appraise"},
 683        {Opt_audit, "audit"},
 684        {Opt_hash, "hash"},
 685        {Opt_dont_hash, "dont_hash"},
 686        {Opt_obj_user, "obj_user=%s"},
 687        {Opt_obj_role, "obj_role=%s"},
 688        {Opt_obj_type, "obj_type=%s"},
 689        {Opt_subj_user, "subj_user=%s"},
 690        {Opt_subj_role, "subj_role=%s"},
 691        {Opt_subj_type, "subj_type=%s"},
 692        {Opt_func, "func=%s"},
 693        {Opt_mask, "mask=%s"},
 694        {Opt_fsmagic, "fsmagic=%s"},
 695        {Opt_fsname, "fsname=%s"},
 696        {Opt_fsuuid, "fsuuid=%s"},
 697        {Opt_uid_eq, "uid=%s"},
 698        {Opt_euid_eq, "euid=%s"},
 699        {Opt_fowner_eq, "fowner=%s"},
 700        {Opt_uid_gt, "uid>%s"},
 701        {Opt_euid_gt, "euid>%s"},
 702        {Opt_fowner_gt, "fowner>%s"},
 703        {Opt_uid_lt, "uid<%s"},
 704        {Opt_euid_lt, "euid<%s"},
 705        {Opt_fowner_lt, "fowner<%s"},
 706        {Opt_appraise_type, "appraise_type=%s"},
 707        {Opt_permit_directio, "permit_directio"},
 708        {Opt_pcr, "pcr=%s"},
 709        {Opt_err, NULL}
 710};
 711
 712static int ima_lsm_rule_init(struct ima_rule_entry *entry,
 713                             substring_t *args, int lsm_rule, int audit_type)
 714{
 715        int result;
 716
 717        if (entry->lsm[lsm_rule].rule)
 718                return -EINVAL;
 719
 720        entry->lsm[lsm_rule].args_p = match_strdup(args);
 721        if (!entry->lsm[lsm_rule].args_p)
 722                return -ENOMEM;
 723
 724        entry->lsm[lsm_rule].type = audit_type;
 725        result = security_filter_rule_init(entry->lsm[lsm_rule].type,
 726                                           Audit_equal,
 727                                           entry->lsm[lsm_rule].args_p,
 728                                           &entry->lsm[lsm_rule].rule);
 729        if (!entry->lsm[lsm_rule].rule) {
 730                kfree(entry->lsm[lsm_rule].args_p);
 731                return -EINVAL;
 732        }
 733
 734        return result;
 735}
 736
 737static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
 738                              bool (*rule_operator)(kuid_t, kuid_t))
 739{
 740        if (!ab)
 741                return;
 742
 743        if (rule_operator == &uid_gt)
 744                audit_log_format(ab, "%s>", key);
 745        else if (rule_operator == &uid_lt)
 746                audit_log_format(ab, "%s<", key);
 747        else
 748                audit_log_format(ab, "%s=", key);
 749        audit_log_format(ab, "%s ", value);
 750}
 751static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
 752{
 753        ima_log_string_op(ab, key, value, NULL);
 754}
 755
 756static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 757{
 758        struct audit_buffer *ab;
 759        char *from;
 760        char *p;
 761        bool uid_token;
 762        int result = 0;
 763
 764        ab = integrity_audit_log_start(audit_context(), GFP_KERNEL,
 765                                       AUDIT_INTEGRITY_POLICY_RULE);
 766
 767        entry->uid = INVALID_UID;
 768        entry->fowner = INVALID_UID;
 769        entry->uid_op = &uid_eq;
 770        entry->fowner_op = &uid_eq;
 771        entry->action = UNKNOWN;
 772        while ((p = strsep(&rule, " \t")) != NULL) {
 773                substring_t args[MAX_OPT_ARGS];
 774                int token;
 775                unsigned long lnum;
 776
 777                if (result < 0)
 778                        break;
 779                if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
 780                        continue;
 781                token = match_token(p, policy_tokens, args);
 782                switch (token) {
 783                case Opt_measure:
 784                        ima_log_string(ab, "action", "measure");
 785
 786                        if (entry->action != UNKNOWN)
 787                                result = -EINVAL;
 788
 789                        entry->action = MEASURE;
 790                        break;
 791                case Opt_dont_measure:
 792                        ima_log_string(ab, "action", "dont_measure");
 793
 794                        if (entry->action != UNKNOWN)
 795                                result = -EINVAL;
 796
 797                        entry->action = DONT_MEASURE;
 798                        break;
 799                case Opt_appraise:
 800                        ima_log_string(ab, "action", "appraise");
 801
 802                        if (entry->action != UNKNOWN)
 803                                result = -EINVAL;
 804
 805                        entry->action = APPRAISE;
 806                        break;
 807                case Opt_dont_appraise:
 808                        ima_log_string(ab, "action", "dont_appraise");
 809
 810                        if (entry->action != UNKNOWN)
 811                                result = -EINVAL;
 812
 813                        entry->action = DONT_APPRAISE;
 814                        break;
 815                case Opt_audit:
 816                        ima_log_string(ab, "action", "audit");
 817
 818                        if (entry->action != UNKNOWN)
 819                                result = -EINVAL;
 820
 821                        entry->action = AUDIT;
 822                        break;
 823                case Opt_hash:
 824                        ima_log_string(ab, "action", "hash");
 825
 826                        if (entry->action != UNKNOWN)
 827                                result = -EINVAL;
 828
 829                        entry->action = HASH;
 830                        break;
 831                case Opt_dont_hash:
 832                        ima_log_string(ab, "action", "dont_hash");
 833
 834                        if (entry->action != UNKNOWN)
 835                                result = -EINVAL;
 836
 837                        entry->action = DONT_HASH;
 838                        break;
 839                case Opt_func:
 840                        ima_log_string(ab, "func", args[0].from);
 841
 842                        if (entry->func)
 843                                result = -EINVAL;
 844
 845                        if (strcmp(args[0].from, "FILE_CHECK") == 0)
 846                                entry->func = FILE_CHECK;
 847                        /* PATH_CHECK is for backwards compat */
 848                        else if (strcmp(args[0].from, "PATH_CHECK") == 0)
 849                                entry->func = FILE_CHECK;
 850                        else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
 851                                entry->func = MODULE_CHECK;
 852                        else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0)
 853                                entry->func = FIRMWARE_CHECK;
 854                        else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
 855                                || (strcmp(args[0].from, "MMAP_CHECK") == 0))
 856                                entry->func = MMAP_CHECK;
 857                        else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
 858                                entry->func = BPRM_CHECK;
 859                        else if (strcmp(args[0].from, "CREDS_CHECK") == 0)
 860                                entry->func = CREDS_CHECK;
 861                        else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") ==
 862                                 0)
 863                                entry->func = KEXEC_KERNEL_CHECK;
 864                        else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK")
 865                                 == 0)
 866                                entry->func = KEXEC_INITRAMFS_CHECK;
 867                        else if (strcmp(args[0].from, "POLICY_CHECK") == 0)
 868                                entry->func = POLICY_CHECK;
 869                        else
 870                                result = -EINVAL;
 871                        if (!result)
 872                                entry->flags |= IMA_FUNC;
 873                        break;
 874                case Opt_mask:
 875                        ima_log_string(ab, "mask", args[0].from);
 876
 877                        if (entry->mask)
 878                                result = -EINVAL;
 879
 880                        from = args[0].from;
 881                        if (*from == '^')
 882                                from++;
 883
 884                        if ((strcmp(from, "MAY_EXEC")) == 0)
 885                                entry->mask = MAY_EXEC;
 886                        else if (strcmp(from, "MAY_WRITE") == 0)
 887                                entry->mask = MAY_WRITE;
 888                        else if (strcmp(from, "MAY_READ") == 0)
 889                                entry->mask = MAY_READ;
 890                        else if (strcmp(from, "MAY_APPEND") == 0)
 891                                entry->mask = MAY_APPEND;
 892                        else
 893                                result = -EINVAL;
 894                        if (!result)
 895                                entry->flags |= (*args[0].from == '^')
 896                                     ? IMA_INMASK : IMA_MASK;
 897                        break;
 898                case Opt_fsmagic:
 899                        ima_log_string(ab, "fsmagic", args[0].from);
 900
 901                        if (entry->fsmagic) {
 902                                result = -EINVAL;
 903                                break;
 904                        }
 905
 906                        result = kstrtoul(args[0].from, 16, &entry->fsmagic);
 907                        if (!result)
 908                                entry->flags |= IMA_FSMAGIC;
 909                        break;
 910                case Opt_fsname:
 911                        ima_log_string(ab, "fsname", args[0].from);
 912
 913                        entry->fsname = kstrdup(args[0].from, GFP_KERNEL);
 914                        if (!entry->fsname) {
 915                                result = -ENOMEM;
 916                                break;
 917                        }
 918                        result = 0;
 919                        entry->flags |= IMA_FSNAME;
 920                        break;
 921                case Opt_fsuuid:
 922                        ima_log_string(ab, "fsuuid", args[0].from);
 923
 924                        if (!uuid_is_null(&entry->fsuuid)) {
 925                                result = -EINVAL;
 926                                break;
 927                        }
 928
 929                        result = uuid_parse(args[0].from, &entry->fsuuid);
 930                        if (!result)
 931                                entry->flags |= IMA_FSUUID;
 932                        break;
 933                case Opt_uid_gt:
 934                case Opt_euid_gt:
 935                        entry->uid_op = &uid_gt;
 936                        /* fall through */
 937                case Opt_uid_lt:
 938                case Opt_euid_lt:
 939                        if ((token == Opt_uid_lt) || (token == Opt_euid_lt))
 940                                entry->uid_op = &uid_lt;
 941                        /* fall through */
 942                case Opt_uid_eq:
 943                case Opt_euid_eq:
 944                        uid_token = (token == Opt_uid_eq) ||
 945                                    (token == Opt_uid_gt) ||
 946                                    (token == Opt_uid_lt);
 947
 948                        ima_log_string_op(ab, uid_token ? "uid" : "euid",
 949                                          args[0].from, entry->uid_op);
 950
 951                        if (uid_valid(entry->uid)) {
 952                                result = -EINVAL;
 953                                break;
 954                        }
 955
 956                        result = kstrtoul(args[0].from, 10, &lnum);
 957                        if (!result) {
 958                                entry->uid = make_kuid(current_user_ns(),
 959                                                       (uid_t) lnum);
 960                                if (!uid_valid(entry->uid) ||
 961                                    (uid_t)lnum != lnum)
 962                                        result = -EINVAL;
 963                                else
 964                                        entry->flags |= uid_token
 965                                            ? IMA_UID : IMA_EUID;
 966                        }
 967                        break;
 968                case Opt_fowner_gt:
 969                        entry->fowner_op = &uid_gt;
 970                        /* fall through */
 971                case Opt_fowner_lt:
 972                        if (token == Opt_fowner_lt)
 973                                entry->fowner_op = &uid_lt;
 974                        /* fall through */
 975                case Opt_fowner_eq:
 976                        ima_log_string_op(ab, "fowner", args[0].from,
 977                                          entry->fowner_op);
 978
 979                        if (uid_valid(entry->fowner)) {
 980                                result = -EINVAL;
 981                                break;
 982                        }
 983
 984                        result = kstrtoul(args[0].from, 10, &lnum);
 985                        if (!result) {
 986                                entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum);
 987                                if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum))
 988                                        result = -EINVAL;
 989                                else
 990                                        entry->flags |= IMA_FOWNER;
 991                        }
 992                        break;
 993                case Opt_obj_user:
 994                        ima_log_string(ab, "obj_user", args[0].from);
 995                        result = ima_lsm_rule_init(entry, args,
 996                                                   LSM_OBJ_USER,
 997                                                   AUDIT_OBJ_USER);
 998                        break;
 999                case Opt_obj_role:
1000                        ima_log_string(ab, "obj_role", args[0].from);
1001                        result = ima_lsm_rule_init(entry, args,
1002                                                   LSM_OBJ_ROLE,
1003                                                   AUDIT_OBJ_ROLE);
1004                        break;
1005                case Opt_obj_type:
1006                        ima_log_string(ab, "obj_type", args[0].from);
1007                        result = ima_lsm_rule_init(entry, args,
1008                                                   LSM_OBJ_TYPE,
1009                                                   AUDIT_OBJ_TYPE);
1010                        break;
1011                case Opt_subj_user:
1012                        ima_log_string(ab, "subj_user", args[0].from);
1013                        result = ima_lsm_rule_init(entry, args,
1014                                                   LSM_SUBJ_USER,
1015                                                   AUDIT_SUBJ_USER);
1016                        break;
1017                case Opt_subj_role:
1018                        ima_log_string(ab, "subj_role", args[0].from);
1019                        result = ima_lsm_rule_init(entry, args,
1020                                                   LSM_SUBJ_ROLE,
1021                                                   AUDIT_SUBJ_ROLE);
1022                        break;
1023                case Opt_subj_type:
1024                        ima_log_string(ab, "subj_type", args[0].from);
1025                        result = ima_lsm_rule_init(entry, args,
1026                                                   LSM_SUBJ_TYPE,
1027                                                   AUDIT_SUBJ_TYPE);
1028                        break;
1029                case Opt_appraise_type:
1030                        if (entry->action != APPRAISE) {
1031                                result = -EINVAL;
1032                                break;
1033                        }
1034
1035                        ima_log_string(ab, "appraise_type", args[0].from);
1036                        if ((strcmp(args[0].from, "imasig")) == 0)
1037                                entry->flags |= IMA_DIGSIG_REQUIRED;
1038                        else
1039                                result = -EINVAL;
1040                        break;
1041                case Opt_permit_directio:
1042                        entry->flags |= IMA_PERMIT_DIRECTIO;
1043                        break;
1044                case Opt_pcr:
1045                        if (entry->action != MEASURE) {
1046                                result = -EINVAL;
1047                                break;
1048                        }
1049                        ima_log_string(ab, "pcr", args[0].from);
1050
1051                        result = kstrtoint(args[0].from, 10, &entry->pcr);
1052                        if (result || INVALID_PCR(entry->pcr))
1053                                result = -EINVAL;
1054                        else
1055                                entry->flags |= IMA_PCR;
1056
1057                        break;
1058                case Opt_err:
1059                        ima_log_string(ab, "UNKNOWN", p);
1060                        result = -EINVAL;
1061                        break;
1062                }
1063        }
1064        if (!result && (entry->action == UNKNOWN))
1065                result = -EINVAL;
1066        else if (entry->action == APPRAISE)
1067                temp_ima_appraise |= ima_appraise_flag(entry->func);
1068
1069        audit_log_format(ab, "res=%d", !result);
1070        audit_log_end(ab);
1071        return result;
1072}
1073
1074/**
1075 * ima_parse_add_rule - add a rule to ima_policy_rules
1076 * @rule - ima measurement policy rule
1077 *
1078 * Avoid locking by allowing just one writer at a time in ima_write_policy()
1079 * Returns the length of the rule parsed, an error code on failure
1080 */
1081ssize_t ima_parse_add_rule(char *rule)
1082{
1083        static const char op[] = "update_policy";
1084        char *p;
1085        struct ima_rule_entry *entry;
1086        ssize_t result, len;
1087        int audit_info = 0;
1088
1089        p = strsep(&rule, "\n");
1090        len = strlen(p) + 1;
1091        p += strspn(p, " \t");
1092
1093        if (*p == '#' || *p == '\0')
1094                return len;
1095
1096        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1097        if (!entry) {
1098                integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1099                                    NULL, op, "-ENOMEM", -ENOMEM, audit_info);
1100                return -ENOMEM;
1101        }
1102
1103        INIT_LIST_HEAD(&entry->list);
1104
1105        result = ima_parse_rule(p, entry);
1106        if (result) {
1107                kfree(entry);
1108                integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1109                                    NULL, op, "invalid-policy", result,
1110                                    audit_info);
1111                return result;
1112        }
1113
1114        list_add_tail(&entry->list, &ima_temp_rules);
1115
1116        return len;
1117}
1118
1119/**
1120 * ima_delete_rules() called to cleanup invalid in-flight policy.
1121 * We don't need locking as we operate on the temp list, which is
1122 * different from the active one.  There is also only one user of
1123 * ima_delete_rules() at a time.
1124 */
1125void ima_delete_rules(void)
1126{
1127        struct ima_rule_entry *entry, *tmp;
1128        int i;
1129
1130        temp_ima_appraise = 0;
1131        list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) {
1132                for (i = 0; i < MAX_LSM_RULES; i++)
1133                        kfree(entry->lsm[i].args_p);
1134
1135                list_del(&entry->list);
1136                kfree(entry);
1137        }
1138}
1139
1140#ifdef  CONFIG_IMA_READ_POLICY
1141enum {
1142        mask_exec = 0, mask_write, mask_read, mask_append
1143};
1144
1145static const char *const mask_tokens[] = {
1146        "^MAY_EXEC",
1147        "^MAY_WRITE",
1148        "^MAY_READ",
1149        "^MAY_APPEND"
1150};
1151
1152#define __ima_hook_stringify(str)       (#str),
1153
1154static const char *const func_tokens[] = {
1155        __ima_hooks(__ima_hook_stringify)
1156};
1157
1158void *ima_policy_start(struct seq_file *m, loff_t *pos)
1159{
1160        loff_t l = *pos;
1161        struct ima_rule_entry *entry;
1162
1163        rcu_read_lock();
1164        list_for_each_entry_rcu(entry, ima_rules, list) {
1165                if (!l--) {
1166                        rcu_read_unlock();
1167                        return entry;
1168                }
1169        }
1170        rcu_read_unlock();
1171        return NULL;
1172}
1173
1174void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos)
1175{
1176        struct ima_rule_entry *entry = v;
1177
1178        rcu_read_lock();
1179        entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list);
1180        rcu_read_unlock();
1181        (*pos)++;
1182
1183        return (&entry->list == ima_rules) ? NULL : entry;
1184}
1185
1186void ima_policy_stop(struct seq_file *m, void *v)
1187{
1188}
1189
1190#define pt(token)       policy_tokens[token].pattern
1191#define mt(token)       mask_tokens[token]
1192
1193/*
1194 * policy_func_show - display the ima_hooks policy rule
1195 */
1196static void policy_func_show(struct seq_file *m, enum ima_hooks func)
1197{
1198        if (func > 0 && func < MAX_CHECK)
1199                seq_printf(m, "func=%s ", func_tokens[func]);
1200        else
1201                seq_printf(m, "func=%d ", func);
1202}
1203
1204int ima_policy_show(struct seq_file *m, void *v)
1205{
1206        struct ima_rule_entry *entry = v;
1207        int i;
1208        char tbuf[64] = {0,};
1209        int offset = 0;
1210
1211        rcu_read_lock();
1212
1213        if (entry->action & MEASURE)
1214                seq_puts(m, pt(Opt_measure));
1215        if (entry->action & DONT_MEASURE)
1216                seq_puts(m, pt(Opt_dont_measure));
1217        if (entry->action & APPRAISE)
1218                seq_puts(m, pt(Opt_appraise));
1219        if (entry->action & DONT_APPRAISE)
1220                seq_puts(m, pt(Opt_dont_appraise));
1221        if (entry->action & AUDIT)
1222                seq_puts(m, pt(Opt_audit));
1223        if (entry->action & HASH)
1224                seq_puts(m, pt(Opt_hash));
1225        if (entry->action & DONT_HASH)
1226                seq_puts(m, pt(Opt_dont_hash));
1227
1228        seq_puts(m, " ");
1229
1230        if (entry->flags & IMA_FUNC)
1231                policy_func_show(m, entry->func);
1232
1233        if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) {
1234                if (entry->flags & IMA_MASK)
1235                        offset = 1;
1236                if (entry->mask & MAY_EXEC)
1237                        seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset);
1238                if (entry->mask & MAY_WRITE)
1239                        seq_printf(m, pt(Opt_mask), mt(mask_write) + offset);
1240                if (entry->mask & MAY_READ)
1241                        seq_printf(m, pt(Opt_mask), mt(mask_read) + offset);
1242                if (entry->mask & MAY_APPEND)
1243                        seq_printf(m, pt(Opt_mask), mt(mask_append) + offset);
1244                seq_puts(m, " ");
1245        }
1246
1247        if (entry->flags & IMA_FSMAGIC) {
1248                snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic);
1249                seq_printf(m, pt(Opt_fsmagic), tbuf);
1250                seq_puts(m, " ");
1251        }
1252
1253        if (entry->flags & IMA_FSNAME) {
1254                snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname);
1255                seq_printf(m, pt(Opt_fsname), tbuf);
1256                seq_puts(m, " ");
1257        }
1258
1259        if (entry->flags & IMA_PCR) {
1260                snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr);
1261                seq_printf(m, pt(Opt_pcr), tbuf);
1262                seq_puts(m, " ");
1263        }
1264
1265        if (entry->flags & IMA_FSUUID) {
1266                seq_printf(m, "fsuuid=%pU", &entry->fsuuid);
1267                seq_puts(m, " ");
1268        }
1269
1270        if (entry->flags & IMA_UID) {
1271                snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1272                if (entry->uid_op == &uid_gt)
1273                        seq_printf(m, pt(Opt_uid_gt), tbuf);
1274                else if (entry->uid_op == &uid_lt)
1275                        seq_printf(m, pt(Opt_uid_lt), tbuf);
1276                else
1277                        seq_printf(m, pt(Opt_uid_eq), tbuf);
1278                seq_puts(m, " ");
1279        }
1280
1281        if (entry->flags & IMA_EUID) {
1282                snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1283                if (entry->uid_op == &uid_gt)
1284                        seq_printf(m, pt(Opt_euid_gt), tbuf);
1285                else if (entry->uid_op == &uid_lt)
1286                        seq_printf(m, pt(Opt_euid_lt), tbuf);
1287                else
1288                        seq_printf(m, pt(Opt_euid_eq), tbuf);
1289                seq_puts(m, " ");
1290        }
1291
1292        if (entry->flags & IMA_FOWNER) {
1293                snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner));
1294                if (entry->fowner_op == &uid_gt)
1295                        seq_printf(m, pt(Opt_fowner_gt), tbuf);
1296                else if (entry->fowner_op == &uid_lt)
1297                        seq_printf(m, pt(Opt_fowner_lt), tbuf);
1298                else
1299                        seq_printf(m, pt(Opt_fowner_eq), tbuf);
1300                seq_puts(m, " ");
1301        }
1302
1303        for (i = 0; i < MAX_LSM_RULES; i++) {
1304                if (entry->lsm[i].rule) {
1305                        switch (i) {
1306                        case LSM_OBJ_USER:
1307                                seq_printf(m, pt(Opt_obj_user),
1308                                           (char *)entry->lsm[i].args_p);
1309                                break;
1310                        case LSM_OBJ_ROLE:
1311                                seq_printf(m, pt(Opt_obj_role),
1312                                           (char *)entry->lsm[i].args_p);
1313                                break;
1314                        case LSM_OBJ_TYPE:
1315                                seq_printf(m, pt(Opt_obj_type),
1316                                           (char *)entry->lsm[i].args_p);
1317                                break;
1318                        case LSM_SUBJ_USER:
1319                                seq_printf(m, pt(Opt_subj_user),
1320                                           (char *)entry->lsm[i].args_p);
1321                                break;
1322                        case LSM_SUBJ_ROLE:
1323                                seq_printf(m, pt(Opt_subj_role),
1324                                           (char *)entry->lsm[i].args_p);
1325                                break;
1326                        case LSM_SUBJ_TYPE:
1327                                seq_printf(m, pt(Opt_subj_type),
1328                                           (char *)entry->lsm[i].args_p);
1329                                break;
1330                        }
1331                }
1332        }
1333        if (entry->flags & IMA_DIGSIG_REQUIRED)
1334                seq_puts(m, "appraise_type=imasig ");
1335        if (entry->flags & IMA_PERMIT_DIRECTIO)
1336                seq_puts(m, "permit_directio ");
1337        rcu_read_unlock();
1338        seq_puts(m, "\n");
1339        return 0;
1340}
1341#endif  /* CONFIG_IMA_READ_POLICY */
1342