Lines Matching +full:kernel +full:- +full:policy
1 // SPDX-License-Identifier: GPL-2.0-only
54 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { in hash_setup()
94 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check()
95 rc = -ETXTBSY; in mmap_violation_check()
98 if (!*pathbuf) /* ima_rdwr_violation possibly pre-fetched */ in mmap_violation_check()
99 *pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check()
111 * - Opening a file for write when already open for read,
113 * - Opening a file for read when already open for write,
125 fmode_t mode = file->f_mode; in ima_rdwr_violation_check()
129 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { in ima_rdwr_violation_check()
135 &iint->atomic_flags)) in ima_rdwr_violation_check()
140 set_bit(IMA_MAY_EMIT_TOMTOU, &iint->atomic_flags); in ima_rdwr_violation_check()
145 &iint->atomic_flags)) in ima_rdwr_violation_check()
153 *pathname = ima_d_path(&file->f_path, pathbuf, filename); in ima_rdwr_violation_check()
166 fmode_t mode = file->f_mode; in ima_check_last_writer()
172 mutex_lock(&iint->mutex); in ima_check_last_writer()
173 if (atomic_read(&inode->i_writecount) == 1) { in ima_check_last_writer()
176 clear_bit(IMA_EMITTED_OPENWRITERS, &iint->atomic_flags); in ima_check_last_writer()
179 &iint->atomic_flags); in ima_check_last_writer()
180 if ((iint->flags & IMA_NEW_FILE) || in ima_check_last_writer()
181 vfs_getattr_nosec(&file->f_path, &stat, in ima_check_last_writer()
185 stat.change_cookie != iint->real_inode.version) { in ima_check_last_writer()
186 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); in ima_check_last_writer()
187 iint->measured_pcrs = 0; in ima_check_last_writer()
192 mutex_unlock(&iint->mutex); in ima_check_last_writer()
196 * ima_file_free - called on __fput()
206 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_file_free()
236 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in process_measurement()
240 * bitmask based on the appraise/audit/measurement policy. in process_measurement()
263 rc = -ENOMEM; in process_measurement()
277 mutex_lock(&iint->mutex); in process_measurement()
279 if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags)) in process_measurement()
281 * Reset appraisal flags (action and non-action rule-specific) in process_measurement()
284 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | in process_measurement()
289 * Re-evaulate the file if either the xattr has changed or the in process_measurement()
290 * kernel has no way of detecting file change on the filesystem. in process_measurement()
293 if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) || in process_measurement()
294 ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) && in process_measurement()
295 !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) && in process_measurement()
297 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
298 iint->measured_pcrs = 0; in process_measurement()
302 * On stacked filesystems, detect and re-evaluate file data and in process_measurement()
307 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { in process_measurement()
309 integrity_inode_attrs_changed(&iint->real_inode, in process_measurement()
311 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
312 iint->measured_pcrs = 0; in process_measurement()
321 iint->flags &= ~(IMA_APPRAISED | in process_measurement()
329 iint->flags |= action; in process_measurement()
331 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); in process_measurement()
334 if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr))) in process_measurement()
339 !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) { in process_measurement()
343 (xattr_value->type == EVM_IMA_XATTR_DIGSIG)) in process_measurement()
344 set_bit(IMA_DIGSIG, &iint->atomic_flags); in process_measurement()
345 iint->flags |= IMA_HASHED; in process_measurement()
347 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in process_measurement()
362 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) { in process_measurement()
368 * Read the appended modsig if allowed by the policy, and allow in process_measurement()
372 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement()
376 iint->flags & IMA_MEASURED) in process_measurement()
384 if (rc != 0 && rc != -EBADF && rc != -EINVAL) in process_measurement()
387 if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */ in process_measurement()
388 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in process_measurement()
396 if (rc != -EPERM) { in process_measurement()
410 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) in process_measurement()
416 rc = -EACCES; in process_measurement()
420 "denied-hash-algorithm", rc, 0); in process_measurement()
423 if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) && in process_measurement()
424 !(iint->flags & IMA_NEW_FILE)) in process_measurement()
425 rc = -EACCES; in process_measurement()
426 mutex_unlock(&iint->mutex); in process_measurement()
434 return -EACCES; in process_measurement()
435 if (file->f_mode & FMODE_WRITE) in process_measurement()
436 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in process_measurement()
442 * ima_file_mmap - based on policy, collect/store measurement.
445 * @prot: protection that will be applied by the kernel
449 * policy decision.
452 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
480 * ima_file_mprotect - based on policy, limit mprotect change
483 * @prot: protection that will be applied by the kernel
486 * IMA's mmap appraisal policy rules. Due to locking issues (mmap semaphore
489 * PROT_EXECUTE change, if an mmap appraise policy rule exists.
491 * On mprotect change success, return 0. On failure, return -EACESS.
508 if (!(ima_policy_flag & IMA_APPRAISE) || !vma->vm_file || in ima_file_mprotect()
509 !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) in ima_file_mprotect()
513 inode = file_inode(vma->vm_file); in ima_file_mprotect()
514 action = ima_get_action(file_mnt_idmap(vma->vm_file), inode, in ima_file_mprotect()
517 action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode, in ima_file_mprotect()
522 /* Is the mmap'ed file in policy? */ in ima_file_mprotect()
527 result = -EPERM; in ima_file_mprotect()
529 file = vma->vm_file; in ima_file_mprotect()
530 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in ima_file_mprotect()
532 "collect_data", "failed-mprotect", result, 0); in ima_file_mprotect()
540 * ima_bprm_check - based on policy, collect/store measurement.
550 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
558 ret = process_measurement(bprm->file, current_cred(), in ima_bprm_check()
563 security_cred_getlsmprop(bprm->cred, &prop); in ima_bprm_check()
564 return process_measurement(bprm->file, bprm->cred, &prop, NULL, 0, in ima_bprm_check()
569 * ima_bprm_creds_for_exec - collect/store/appraise measurement.
572 * Based on the IMA policy and the execveat(2) AT_EXECVE_CHECK flag, measure
574 * Unlike any of the other LSM hooks where the kernel enforces file integrity,
579 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
590 if (!bprm->is_check) in ima_bprm_creds_for_exec()
597 * ima_file_check - based on policy, collect/store measurement.
601 * Measure files based on the ima_must_measure() policy decision.
604 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
625 mutex_lock(&iint->mutex); in __ima_inode_hash()
628 if ((!iint || !(iint->flags & IMA_COLLECTED)) && file) { in __ima_inode_hash()
630 mutex_unlock(&iint->mutex); in __ima_inode_hash()
639 if (rc != -ENOMEM) in __ima_inode_hash()
642 return -EOPNOTSUPP; in __ima_inode_hash()
646 mutex_lock(&iint->mutex); in __ima_inode_hash()
650 return -EOPNOTSUPP; in __ima_inode_hash()
656 if (!iint->ima_hash || !(iint->flags & IMA_COLLECTED)) { in __ima_inode_hash()
657 mutex_unlock(&iint->mutex); in __ima_inode_hash()
658 return -EOPNOTSUPP; in __ima_inode_hash()
664 copied_size = min_t(size_t, iint->ima_hash->length, buf_size); in __ima_inode_hash()
665 memcpy(buf, iint->ima_hash->digest, copied_size); in __ima_inode_hash()
667 hash_algo = iint->ima_hash->algo; in __ima_inode_hash()
668 mutex_unlock(&iint->mutex); in __ima_inode_hash()
671 kfree(iint->ima_hash); in __ima_inode_hash()
677 * ima_file_hash - return a measurement of the file
690 * If the measurement cannot be performed, return -EOPNOTSUPP.
691 * If the parameters are incorrect, return -EINVAL.
696 return -EINVAL; in ima_file_hash()
703 * ima_inode_hash - return the stored measurement if the inode has been hashed
717 * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
718 * If the parameters are incorrect, return -EINVAL.
723 return -EINVAL; in ima_inode_hash()
730 * ima_post_create_tmpfile - mark newly created tmpfile as new
736 * tmpfiles are in policy.
745 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_post_create_tmpfile()
759 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in ima_post_create_tmpfile()
760 iint->ima_file_status = INTEGRITY_PASS; in ima_post_create_tmpfile()
764 * ima_post_path_mknod - mark as a new inode
774 struct inode *inode = dentry->d_inode; in ima_post_path_mknod()
777 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_post_path_mknod()
790 /* needed for re-opening empty files */ in ima_post_path_mknod()
791 iint->flags |= IMA_NEW_FILE; in ima_post_path_mknod()
795 * ima_read_file - pre-measure/appraise hook decision based on policy
800 * Permit reading a file based on policy. The policy rules are written
801 * in terms of the policy identifier. Appraising the integrity of
804 * For permission return 0, otherwise return -EACCES.
813 * Do devices using pre-allocated memory run the risk of the in ima_read_file()
844 * ima_post_read_file - in memory collect/appraise/audit measurement
850 * Measure/appraise/audit in memory file based on policy. Policy rules
851 * are written in terms of a policy identifier.
854 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
868 return -EACCES; in ima_post_read_file()
879 * ima_load_data - appraise decision based on policy
880 * @id: kernel load data caller identifier
885 * data provided by userspace. Enforce policy rules requiring a file
886 * signature (eg. kexec'ed kernel image).
888 * For permission return 0, otherwise return -EACCES.
901 …pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load… in ima_load_data()
902 return -EACCES; in ima_load_data()
906 …pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load… in ima_load_data()
907 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
913 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
921 …pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter mi… in ima_load_data()
922 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
932 * ima_post_load_data - appraise decision based on policy
935 * @load_id: kernel load data caller identifier
936 * @description: @load_id-specific description of contents
938 * Measure/appraise/audit in memory buffer based on policy. Policy rules
939 * are written in terms of a policy identifier.
942 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
952 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_post_load_data()
968 * process_buffer_measurement - Measure the buffer or the buffer data hash
981 * Based on policy, either the buffer data or buffer data hash is measured
1012 return -EINVAL; in process_buffer_measurement()
1015 return -ENOENT; in process_buffer_measurement()
1019 ret = -EINVAL; in process_buffer_measurement()
1026 * based on policy. To avoid code duplication, differentiate in process_buffer_measurement()
1028 * retrieving the policy rule information only for the LSM hook in process_buffer_measurement()
1037 return -ENOENT; in process_buffer_measurement()
1044 iint.ima_hash->algo = ima_hash_algo; in process_buffer_measurement()
1045 iint.ima_hash->length = hash_digest_size[ima_hash_algo]; in process_buffer_measurement()
1054 memcpy(digest_hash, hash_hdr->digest, digest_hash_len); in process_buffer_measurement()
1068 memcpy(digest, iint.ima_hash->digest, digest_hash_len); in process_buffer_measurement()
1095 * ima_kexec_cmdline - measure kexec cmdline boot args
1096 * @kernel_fd: file descriptor of the kexec kernel being loaded
1112 buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0, in ima_kexec_cmdline()
1117 * ima_measure_critical_data - measure kernel integrity critical data
1126 * Measure data critical to the integrity of the kernel into the IMA log
1128 * structures, policies, and states stored in kernel memory that can
1141 return -ENOPARAM; in ima_measure_critical_data()
1153 * ima_kernel_module_request - Prevent crypto-pkcs1(rsa,*) requests
1154 * @kmod_name: kernel module name
1157 * binary requires executing modprobe itself. Since the modprobe iint->mutex
1165 * in order to load a kernel module with same name.
1167 * Since we don't have any real "crypto-pkcs1(rsa,*)" kernel modules,
1171 * Return: Zero if it is safe to load the kernel module, -EINVAL otherwise.
1175 if (strncmp(kmod_name, "crypto-pkcs1(rsa,", 17) == 0) in ima_kernel_module_request()
1176 return -EINVAL; in ima_kernel_module_request()