1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
16
17#include <linux/fcntl.h>
18#include <linux/slab.h>
19#include <linux/init.h>
20#include <linux/seq_file.h>
21#include <linux/rculist.h>
22#include <linux/rcupdate.h>
23#include <linux/parser.h>
24#include <linux/vmalloc.h>
25
26#include "ima.h"
27
28static DEFINE_MUTEX(ima_write_mutex);
29
30bool ima_canonical_fmt;
31static int __init default_canonical_fmt_setup(char *str)
32{
33#ifdef __BIG_ENDIAN
34 ima_canonical_fmt = true;
35#endif
36 return 1;
37}
38__setup("ima_canonical_fmt", default_canonical_fmt_setup);
39
40static int valid_policy = 1;
41
42static ssize_t ima_show_htable_value(char __user *buf, size_t count,
43 loff_t *ppos, atomic_long_t *val)
44{
45 char tmpbuf[32];
46 ssize_t len;
47
48 len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
49 return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
50}
51
52static ssize_t ima_show_htable_violations(struct file *filp,
53 char __user *buf,
54 size_t count, loff_t *ppos)
55{
56 return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
57}
58
59static const struct file_operations ima_htable_violations_ops = {
60 .read = ima_show_htable_violations,
61 .llseek = generic_file_llseek,
62};
63
64static ssize_t ima_show_measurements_count(struct file *filp,
65 char __user *buf,
66 size_t count, loff_t *ppos)
67{
68 return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
69
70}
71
72static const struct file_operations ima_measurements_count_ops = {
73 .read = ima_show_measurements_count,
74 .llseek = generic_file_llseek,
75};
76
77
78static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
79{
80 loff_t l = *pos;
81 struct ima_queue_entry *qe;
82
83
84 rcu_read_lock();
85 list_for_each_entry_rcu(qe, &ima_measurements, later) {
86 if (!l--) {
87 rcu_read_unlock();
88 return qe;
89 }
90 }
91 rcu_read_unlock();
92 return NULL;
93}
94
95static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
96{
97 struct ima_queue_entry *qe = v;
98
99
100
101
102 rcu_read_lock();
103 qe = list_entry_rcu(qe->later.next, struct ima_queue_entry, later);
104 rcu_read_unlock();
105 (*pos)++;
106
107 return (&qe->later == &ima_measurements) ? NULL : qe;
108}
109
110static void ima_measurements_stop(struct seq_file *m, void *v)
111{
112}
113
114void ima_putc(struct seq_file *m, void *data, int datalen)
115{
116 while (datalen--)
117 seq_putc(m, *(char *)data++);
118}
119
120
121
122
123
124
125
126
127
128int ima_measurements_show(struct seq_file *m, void *v)
129{
130
131 struct ima_queue_entry *qe = v;
132 struct ima_template_entry *e;
133 char *template_name;
134 u32 pcr, namelen, template_data_len;
135 bool is_ima_template = false;
136 int i;
137
138
139 e = qe->entry;
140 if (e == NULL)
141 return -1;
142
143 template_name = (e->template_desc->name[0] != '\0') ?
144 e->template_desc->name : e->template_desc->fmt;
145
146
147
148
149
150
151 pcr = !ima_canonical_fmt ? e->pcr : cpu_to_le32(e->pcr);
152 ima_putc(m, &pcr, sizeof(e->pcr));
153
154
155 ima_putc(m, e->digest, TPM_DIGEST_SIZE);
156
157
158 namelen = !ima_canonical_fmt ? strlen(template_name) :
159 cpu_to_le32(strlen(template_name));
160 ima_putc(m, &namelen, sizeof(namelen));
161
162
163 ima_putc(m, template_name, strlen(template_name));
164
165
166 if (strcmp(template_name, IMA_TEMPLATE_IMA_NAME) == 0)
167 is_ima_template = true;
168
169 if (!is_ima_template) {
170 template_data_len = !ima_canonical_fmt ? e->template_data_len :
171 cpu_to_le32(e->template_data_len);
172 ima_putc(m, &template_data_len, sizeof(e->template_data_len));
173 }
174
175
176 for (i = 0; i < e->template_desc->num_fields; i++) {
177 enum ima_show_type show = IMA_SHOW_BINARY;
178 const struct ima_template_field *field =
179 e->template_desc->fields[i];
180
181 if (is_ima_template && strcmp(field->field_id, "d") == 0)
182 show = IMA_SHOW_BINARY_NO_FIELD_LEN;
183 if (is_ima_template && strcmp(field->field_id, "n") == 0)
184 show = IMA_SHOW_BINARY_OLD_STRING_FMT;
185 field->field_show(m, show, &e->template_data[i]);
186 }
187 return 0;
188}
189
190static const struct seq_operations ima_measurments_seqops = {
191 .start = ima_measurements_start,
192 .next = ima_measurements_next,
193 .stop = ima_measurements_stop,
194 .show = ima_measurements_show
195};
196
197static int ima_measurements_open(struct inode *inode, struct file *file)
198{
199 return seq_open(file, &ima_measurments_seqops);
200}
201
202static const struct file_operations ima_measurements_ops = {
203 .open = ima_measurements_open,
204 .read = seq_read,
205 .llseek = seq_lseek,
206 .release = seq_release,
207};
208
209void ima_print_digest(struct seq_file *m, u8 *digest, u32 size)
210{
211 u32 i;
212
213 for (i = 0; i < size; i++)
214 seq_printf(m, "%02x", *(digest + i));
215}
216
217
218static int ima_ascii_measurements_show(struct seq_file *m, void *v)
219{
220
221 struct ima_queue_entry *qe = v;
222 struct ima_template_entry *e;
223 char *template_name;
224 int i;
225
226
227 e = qe->entry;
228 if (e == NULL)
229 return -1;
230
231 template_name = (e->template_desc->name[0] != '\0') ?
232 e->template_desc->name : e->template_desc->fmt;
233
234
235 seq_printf(m, "%2d ", e->pcr);
236
237
238 ima_print_digest(m, e->digest, TPM_DIGEST_SIZE);
239
240
241 seq_printf(m, " %s", template_name);
242
243
244 for (i = 0; i < e->template_desc->num_fields; i++) {
245 seq_puts(m, " ");
246 if (e->template_data[i].len == 0)
247 continue;
248
249 e->template_desc->fields[i]->field_show(m, IMA_SHOW_ASCII,
250 &e->template_data[i]);
251 }
252 seq_puts(m, "\n");
253 return 0;
254}
255
256static const struct seq_operations ima_ascii_measurements_seqops = {
257 .start = ima_measurements_start,
258 .next = ima_measurements_next,
259 .stop = ima_measurements_stop,
260 .show = ima_ascii_measurements_show
261};
262
263static int ima_ascii_measurements_open(struct inode *inode, struct file *file)
264{
265 return seq_open(file, &ima_ascii_measurements_seqops);
266}
267
268static const struct file_operations ima_ascii_measurements_ops = {
269 .open = ima_ascii_measurements_open,
270 .read = seq_read,
271 .llseek = seq_lseek,
272 .release = seq_release,
273};
274
275static ssize_t ima_read_policy(char *path)
276{
277 void *data;
278 char *datap;
279 loff_t size;
280 int rc, pathlen = strlen(path);
281
282 char *p;
283
284
285 datap = path;
286 strsep(&datap, "\n");
287
288 rc = kernel_read_file_from_path(path, &data, &size, 0, READING_POLICY);
289 if (rc < 0) {
290 pr_err("Unable to open file: %s (%d)", path, rc);
291 return rc;
292 }
293
294 datap = data;
295 while (size > 0 && (p = strsep(&datap, "\n"))) {
296 pr_debug("rule: %s\n", p);
297 rc = ima_parse_add_rule(p);
298 if (rc < 0)
299 break;
300 size -= rc;
301 }
302
303 vfree(data);
304 if (rc < 0)
305 return rc;
306 else if (size)
307 return -EINVAL;
308 else
309 return pathlen;
310}
311
312static ssize_t ima_write_policy(struct file *file, const char __user *buf,
313 size_t datalen, loff_t *ppos)
314{
315 char *data;
316 ssize_t result;
317
318 if (datalen >= PAGE_SIZE)
319 datalen = PAGE_SIZE - 1;
320
321
322 result = -EINVAL;
323 if (*ppos != 0)
324 goto out;
325
326 data = memdup_user_nul(buf, datalen);
327 if (IS_ERR(data)) {
328 result = PTR_ERR(data);
329 goto out;
330 }
331
332 result = mutex_lock_interruptible(&ima_write_mutex);
333 if (result < 0)
334 goto out_free;
335
336 if (data[0] == '/') {
337 result = ima_read_policy(data);
338 } else if (ima_appraise & IMA_APPRAISE_POLICY) {
339 pr_err("signed policy file (specified as an absolute pathname) required\n");
340 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
341 "policy_update", "signed policy required",
342 1, 0);
343 if (ima_appraise & IMA_APPRAISE_ENFORCE)
344 result = -EACCES;
345 } else {
346 result = ima_parse_add_rule(data);
347 }
348 mutex_unlock(&ima_write_mutex);
349out_free:
350 kfree(data);
351out:
352 if (result < 0)
353 valid_policy = 0;
354
355 return result;
356}
357
358static struct dentry *ima_dir;
359static struct dentry *ima_symlink;
360static struct dentry *binary_runtime_measurements;
361static struct dentry *ascii_runtime_measurements;
362static struct dentry *runtime_measurements_count;
363static struct dentry *violations;
364static struct dentry *ima_policy;
365
366enum ima_fs_flags {
367 IMA_FS_BUSY,
368};
369
370static unsigned long ima_fs_flags;
371
372#ifdef CONFIG_IMA_READ_POLICY
373static const struct seq_operations ima_policy_seqops = {
374 .start = ima_policy_start,
375 .next = ima_policy_next,
376 .stop = ima_policy_stop,
377 .show = ima_policy_show,
378};
379#endif
380
381
382
383
384static int ima_open_policy(struct inode *inode, struct file *filp)
385{
386 if (!(filp->f_flags & O_WRONLY)) {
387#ifndef CONFIG_IMA_READ_POLICY
388 return -EACCES;
389#else
390 if ((filp->f_flags & O_ACCMODE) != O_RDONLY)
391 return -EACCES;
392 if (!capable(CAP_SYS_ADMIN))
393 return -EPERM;
394 return seq_open(filp, &ima_policy_seqops);
395#endif
396 }
397 if (test_and_set_bit(IMA_FS_BUSY, &ima_fs_flags))
398 return -EBUSY;
399 return 0;
400}
401
402
403
404
405
406
407
408
409static int ima_release_policy(struct inode *inode, struct file *file)
410{
411 const char *cause = valid_policy ? "completed" : "failed";
412
413 if ((file->f_flags & O_ACCMODE) == O_RDONLY)
414 return seq_release(inode, file);
415
416 if (valid_policy && ima_check_policy() < 0) {
417 cause = "failed";
418 valid_policy = 0;
419 }
420
421 pr_info("policy update %s\n", cause);
422 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
423 "policy_update", cause, !valid_policy, 0);
424
425 if (!valid_policy) {
426 ima_delete_rules();
427 valid_policy = 1;
428 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
429 return 0;
430 }
431
432 ima_update_policy();
433#if !defined(CONFIG_IMA_WRITE_POLICY) && !defined(CONFIG_IMA_READ_POLICY)
434 securityfs_remove(ima_policy);
435 ima_policy = NULL;
436#elif defined(CONFIG_IMA_WRITE_POLICY)
437 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
438#elif defined(CONFIG_IMA_READ_POLICY)
439 inode->i_mode &= ~S_IWUSR;
440#endif
441 return 0;
442}
443
444static const struct file_operations ima_measure_policy_ops = {
445 .open = ima_open_policy,
446 .write = ima_write_policy,
447 .read = seq_read,
448 .release = ima_release_policy,
449 .llseek = generic_file_llseek,
450};
451
452int __init ima_fs_init(void)
453{
454 ima_dir = securityfs_create_dir("ima", integrity_dir);
455 if (IS_ERR(ima_dir))
456 return -1;
457
458 ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima",
459 NULL);
460 if (IS_ERR(ima_symlink))
461 goto out;
462
463 binary_runtime_measurements =
464 securityfs_create_file("binary_runtime_measurements",
465 S_IRUSR | S_IRGRP, ima_dir, NULL,
466 &ima_measurements_ops);
467 if (IS_ERR(binary_runtime_measurements))
468 goto out;
469
470 ascii_runtime_measurements =
471 securityfs_create_file("ascii_runtime_measurements",
472 S_IRUSR | S_IRGRP, ima_dir, NULL,
473 &ima_ascii_measurements_ops);
474 if (IS_ERR(ascii_runtime_measurements))
475 goto out;
476
477 runtime_measurements_count =
478 securityfs_create_file("runtime_measurements_count",
479 S_IRUSR | S_IRGRP, ima_dir, NULL,
480 &ima_measurements_count_ops);
481 if (IS_ERR(runtime_measurements_count))
482 goto out;
483
484 violations =
485 securityfs_create_file("violations", S_IRUSR | S_IRGRP,
486 ima_dir, NULL, &ima_htable_violations_ops);
487 if (IS_ERR(violations))
488 goto out;
489
490 ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS,
491 ima_dir, NULL,
492 &ima_measure_policy_ops);
493 if (IS_ERR(ima_policy))
494 goto out;
495
496 return 0;
497out:
498 securityfs_remove(violations);
499 securityfs_remove(runtime_measurements_count);
500 securityfs_remove(ascii_runtime_measurements);
501 securityfs_remove(binary_runtime_measurements);
502 securityfs_remove(ima_symlink);
503 securityfs_remove(ima_dir);
504 securityfs_remove(ima_policy);
505 return -1;
506}
507
