1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#include <linux/fcntl.h>
16#include <linux/kernel_read_file.h>
17#include <linux/slab.h>
18#include <linux/init.h>
19#include <linux/seq_file.h>
20#include <linux/rculist.h>
21#include <linux/rcupdate.h>
22#include <linux/parser.h>
23#include <linux/vmalloc.h>
24
25#include "ima.h"
26
27static DEFINE_MUTEX(ima_write_mutex);
28
29bool ima_canonical_fmt;
30static int __init default_canonical_fmt_setup(char *str)
31{
32#ifdef __BIG_ENDIAN
33 ima_canonical_fmt = true;
34#endif
35 return 1;
36}
37__setup("ima_canonical_fmt", default_canonical_fmt_setup);
38
39static int valid_policy = 1;
40
41static ssize_t ima_show_htable_value(char __user *buf, size_t count,
42 loff_t *ppos, atomic_long_t *val)
43{
44 char tmpbuf[32];
45 ssize_t len;
46
47 len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
48 return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
49}
50
51static ssize_t ima_show_htable_violations(struct file *filp,
52 char __user *buf,
53 size_t count, loff_t *ppos)
54{
55 return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
56}
57
58static const struct file_operations ima_htable_violations_ops = {
59 .read = ima_show_htable_violations,
60 .llseek = generic_file_llseek,
61};
62
63static ssize_t ima_show_measurements_count(struct file *filp,
64 char __user *buf,
65 size_t count, loff_t *ppos)
66{
67 return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
68
69}
70
71static const struct file_operations ima_measurements_count_ops = {
72 .read = ima_show_measurements_count,
73 .llseek = generic_file_llseek,
74};
75
76
77static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
78{
79 loff_t l = *pos;
80 struct ima_queue_entry *qe;
81
82
83 rcu_read_lock();
84 list_for_each_entry_rcu(qe, &ima_measurements, later) {
85 if (!l--) {
86 rcu_read_unlock();
87 return qe;
88 }
89 }
90 rcu_read_unlock();
91 return NULL;
92}
93
94static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
95{
96 struct ima_queue_entry *qe = v;
97
98
99
100
101 rcu_read_lock();
102 qe = list_entry_rcu(qe->later.next, struct ima_queue_entry, later);
103 rcu_read_unlock();
104 (*pos)++;
105
106 return (&qe->later == &ima_measurements) ? NULL : qe;
107}
108
109static void ima_measurements_stop(struct seq_file *m, void *v)
110{
111}
112
113void ima_putc(struct seq_file *m, void *data, int datalen)
114{
115 while (datalen--)
116 seq_putc(m, *(char *)data++);
117}
118
119
120
121
122
123
124
125
126
127int ima_measurements_show(struct seq_file *m, void *v)
128{
129
130 struct ima_queue_entry *qe = v;
131 struct ima_template_entry *e;
132 char *template_name;
133 u32 pcr, namelen, template_data_len;
134 bool is_ima_template = false;
135 int i;
136
137
138 e = qe->entry;
139 if (e == NULL)
140 return -1;
141
142 template_name = (e->template_desc->name[0] != '\0') ?
143 e->template_desc->name : e->template_desc->fmt;
144
145
146
147
148
149
150 pcr = !ima_canonical_fmt ? e->pcr : (__force u32)cpu_to_le32(e->pcr);
151 ima_putc(m, &pcr, sizeof(e->pcr));
152
153
154 ima_putc(m, e->digests[ima_sha1_idx].digest, TPM_DIGEST_SIZE);
155
156
157 namelen = !ima_canonical_fmt ? strlen(template_name) :
158 (__force u32)cpu_to_le32(strlen(template_name));
159 ima_putc(m, &namelen, sizeof(namelen));
160
161
162 ima_putc(m, template_name, strlen(template_name));
163
164
165 if (strcmp(template_name, IMA_TEMPLATE_IMA_NAME) == 0)
166 is_ima_template = true;
167
168 if (!is_ima_template) {
169 template_data_len = !ima_canonical_fmt ? e->template_data_len :
170 (__force u32)cpu_to_le32(e->template_data_len);
171 ima_putc(m, &template_data_len, sizeof(e->template_data_len));
172 }
173
174
175 for (i = 0; i < e->template_desc->num_fields; i++) {
176 enum ima_show_type show = IMA_SHOW_BINARY;
177 const struct ima_template_field *field =
178 e->template_desc->fields[i];
179
180 if (is_ima_template && strcmp(field->field_id, "d") == 0)
181 show = IMA_SHOW_BINARY_NO_FIELD_LEN;
182 if (is_ima_template && strcmp(field->field_id, "n") == 0)
183 show = IMA_SHOW_BINARY_OLD_STRING_FMT;
184 field->field_show(m, show, &e->template_data[i]);
185 }
186 return 0;
187}
188
189static const struct seq_operations ima_measurments_seqops = {
190 .start = ima_measurements_start,
191 .next = ima_measurements_next,
192 .stop = ima_measurements_stop,
193 .show = ima_measurements_show
194};
195
196static int ima_measurements_open(struct inode *inode, struct file *file)
197{
198 return seq_open(file, &ima_measurments_seqops);
199}
200
201static const struct file_operations ima_measurements_ops = {
202 .open = ima_measurements_open,
203 .read = seq_read,
204 .llseek = seq_lseek,
205 .release = seq_release,
206};
207
208void ima_print_digest(struct seq_file *m, u8 *digest, u32 size)
209{
210 u32 i;
211
212 for (i = 0; i < size; i++)
213 seq_printf(m, "%02x", *(digest + i));
214}
215
216
217static int ima_ascii_measurements_show(struct seq_file *m, void *v)
218{
219
220 struct ima_queue_entry *qe = v;
221 struct ima_template_entry *e;
222 char *template_name;
223 int i;
224
225
226 e = qe->entry;
227 if (e == NULL)
228 return -1;
229
230 template_name = (e->template_desc->name[0] != '\0') ?
231 e->template_desc->name : e->template_desc->fmt;
232
233
234 seq_printf(m, "%2d ", e->pcr);
235
236
237 ima_print_digest(m, e->digests[ima_sha1_idx].digest, TPM_DIGEST_SIZE);
238
239
240 seq_printf(m, " %s", template_name);
241
242
243 for (i = 0; i < e->template_desc->num_fields; i++) {
244 seq_puts(m, " ");
245 if (e->template_data[i].len == 0)
246 continue;
247
248 e->template_desc->fields[i]->field_show(m, IMA_SHOW_ASCII,
249 &e->template_data[i]);
250 }
251 seq_puts(m, "\n");
252 return 0;
253}
254
255static const struct seq_operations ima_ascii_measurements_seqops = {
256 .start = ima_measurements_start,
257 .next = ima_measurements_next,
258 .stop = ima_measurements_stop,
259 .show = ima_ascii_measurements_show
260};
261
262static int ima_ascii_measurements_open(struct inode *inode, struct file *file)
263{
264 return seq_open(file, &ima_ascii_measurements_seqops);
265}
266
267static const struct file_operations ima_ascii_measurements_ops = {
268 .open = ima_ascii_measurements_open,
269 .read = seq_read,
270 .llseek = seq_lseek,
271 .release = seq_release,
272};
273
274static ssize_t ima_read_policy(char *path)
275{
276 void *data = NULL;
277 char *datap;
278 size_t size;
279 int rc, pathlen = strlen(path);
280
281 char *p;
282
283
284 datap = path;
285 strsep(&datap, "\n");
286
287 rc = kernel_read_file_from_path(path, 0, &data, INT_MAX, NULL,
288 READING_POLICY);
289 if (rc < 0) {
290 pr_err("Unable to open file: %s (%d)", path, rc);
291 return rc;
292 }
293 size = rc;
294 rc = 0;
295
296 datap = data;
297 while (size > 0 && (p = strsep(&datap, "\n"))) {
298 pr_debug("rule: %s\n", p);
299 rc = ima_parse_add_rule(p);
300 if (rc < 0)
301 break;
302 size -= rc;
303 }
304
305 vfree(data);
306 if (rc < 0)
307 return rc;
308 else if (size)
309 return -EINVAL;
310 else
311 return pathlen;
312}
313
314static ssize_t ima_write_policy(struct file *file, const char __user *buf,
315 size_t datalen, loff_t *ppos)
316{
317 char *data;
318 ssize_t result;
319
320 if (datalen >= PAGE_SIZE)
321 datalen = PAGE_SIZE - 1;
322
323
324 result = -EINVAL;
325 if (*ppos != 0)
326 goto out;
327
328 data = memdup_user_nul(buf, datalen);
329 if (IS_ERR(data)) {
330 result = PTR_ERR(data);
331 goto out;
332 }
333
334 result = mutex_lock_interruptible(&ima_write_mutex);
335 if (result < 0)
336 goto out_free;
337
338 if (data[0] == '/') {
339 result = ima_read_policy(data);
340 } else if (ima_appraise & IMA_APPRAISE_POLICY) {
341 pr_err("signed policy file (specified as an absolute pathname) required\n");
342 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
343 "policy_update", "signed policy required",
344 1, 0);
345 result = -EACCES;
346 } else {
347 result = ima_parse_add_rule(data);
348 }
349 mutex_unlock(&ima_write_mutex);
350out_free:
351 kfree(data);
352out:
353 if (result < 0)
354 valid_policy = 0;
355
356 return result;
357}
358
359static struct dentry *ima_dir;
360static struct dentry *ima_symlink;
361static struct dentry *binary_runtime_measurements;
362static struct dentry *ascii_runtime_measurements;
363static struct dentry *runtime_measurements_count;
364static struct dentry *violations;
365static struct dentry *ima_policy;
366
367enum ima_fs_flags {
368 IMA_FS_BUSY,
369};
370
371static unsigned long ima_fs_flags;
372
373#ifdef CONFIG_IMA_READ_POLICY
374static const struct seq_operations ima_policy_seqops = {
375 .start = ima_policy_start,
376 .next = ima_policy_next,
377 .stop = ima_policy_stop,
378 .show = ima_policy_show,
379};
380#endif
381
382
383
384
385static int ima_open_policy(struct inode *inode, struct file *filp)
386{
387 if (!(filp->f_flags & O_WRONLY)) {
388#ifndef CONFIG_IMA_READ_POLICY
389 return -EACCES;
390#else
391 if ((filp->f_flags & O_ACCMODE) != O_RDONLY)
392 return -EACCES;
393 if (!capable(CAP_SYS_ADMIN))
394 return -EPERM;
395 return seq_open(filp, &ima_policy_seqops);
396#endif
397 }
398 if (test_and_set_bit(IMA_FS_BUSY, &ima_fs_flags))
399 return -EBUSY;
400 return 0;
401}
402
403
404
405
406
407
408
409
410static int ima_release_policy(struct inode *inode, struct file *file)
411{
412 const char *cause = valid_policy ? "completed" : "failed";
413
414 if ((file->f_flags & O_ACCMODE) == O_RDONLY)
415 return seq_release(inode, file);
416
417 if (valid_policy && ima_check_policy() < 0) {
418 cause = "failed";
419 valid_policy = 0;
420 }
421
422 pr_info("policy update %s\n", cause);
423 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
424 "policy_update", cause, !valid_policy, 0);
425
426 if (!valid_policy) {
427 ima_delete_rules();
428 valid_policy = 1;
429 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
430 return 0;
431 }
432
433 ima_update_policy();
434#if !defined(CONFIG_IMA_WRITE_POLICY) && !defined(CONFIG_IMA_READ_POLICY)
435 securityfs_remove(ima_policy);
436 ima_policy = NULL;
437#elif defined(CONFIG_IMA_WRITE_POLICY)
438 clear_bit(IMA_FS_BUSY, &ima_fs_flags);
439#elif defined(CONFIG_IMA_READ_POLICY)
440 inode->i_mode &= ~S_IWUSR;
441#endif
442 return 0;
443}
444
445static const struct file_operations ima_measure_policy_ops = {
446 .open = ima_open_policy,
447 .write = ima_write_policy,
448 .read = seq_read,
449 .release = ima_release_policy,
450 .llseek = generic_file_llseek,
451};
452
453int __init ima_fs_init(void)
454{
455 ima_dir = securityfs_create_dir("ima", integrity_dir);
456 if (IS_ERR(ima_dir))
457 return -1;
458
459 ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima",
460 NULL);
461 if (IS_ERR(ima_symlink))
462 goto out;
463
464 binary_runtime_measurements =
465 securityfs_create_file("binary_runtime_measurements",
466 S_IRUSR | S_IRGRP, ima_dir, NULL,
467 &ima_measurements_ops);
468 if (IS_ERR(binary_runtime_measurements))
469 goto out;
470
471 ascii_runtime_measurements =
472 securityfs_create_file("ascii_runtime_measurements",
473 S_IRUSR | S_IRGRP, ima_dir, NULL,
474 &ima_ascii_measurements_ops);
475 if (IS_ERR(ascii_runtime_measurements))
476 goto out;
477
478 runtime_measurements_count =
479 securityfs_create_file("runtime_measurements_count",
480 S_IRUSR | S_IRGRP, ima_dir, NULL,
481 &ima_measurements_count_ops);
482 if (IS_ERR(runtime_measurements_count))
483 goto out;
484
485 violations =
486 securityfs_create_file("violations", S_IRUSR | S_IRGRP,
487 ima_dir, NULL, &ima_htable_violations_ops);
488 if (IS_ERR(violations))
489 goto out;
490
491 ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS,
492 ima_dir, NULL,
493 &ima_measure_policy_ops);
494 if (IS_ERR(ima_policy))
495 goto out;
496
497 return 0;
498out:
499 securityfs_remove(violations);
500 securityfs_remove(runtime_measurements_count);
501 securityfs_remove(ascii_runtime_measurements);
502 securityfs_remove(binary_runtime_measurements);
503 securityfs_remove(ima_symlink);
504 securityfs_remove(ima_dir);
505 securityfs_remove(ima_policy);
506 return -1;
507}
508
