aboutsummaryrefslogtreecommitdiff
path: root/security/integrity/ima
diff options
context:
space:
mode:
authorMimi Zohar2015-11-19 12:39:22 -0500
committerMimi Zohar2016-02-21 09:03:44 -0500
commite40ba6d56b41754b37b995dbc8035b2b3a6afd8a (patch)
tree0bbc573dde5374e434d6acd883b330f92645bfe2 /security/integrity/ima
parent09596b94f7d28595602482e69ed954deab707437 (diff)
firmware: replace call to fw_read_file_contents() with kernel version
Replace the fw_read_file_contents with kernel_file_read_from_path(). Although none of the upstreamed LSMs define a kernel_fw_from_file hook, IMA is called by the security function to prevent unsigned firmware from being loaded and to measure/appraise signed firmware, based on policy. Instead of reading the firmware twice, once for measuring/appraising the firmware and again for reading the firmware contents into memory, the kernel_post_read_file() security hook calculates the file hash based on the in memory file buffer. The firmware is read once. This patch removes the LSM kernel_fw_from_file() hook and security call. Changelog v4+: - revert dropped buf->size assignment - reported by Sergey Senozhatsky v3: - remove kernel_fw_from_file hook - use kernel_file_read_from_path() - requested by Luis v2: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Luis R. Rodriguez <mcgrof@kernel.org>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima_main.c21
1 files changed, 10 insertions, 11 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 757765354158..e9651be17b72 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -337,17 +337,6 @@ int ima_module_check(struct file *file)
return process_measurement(file, NULL, 0, MAY_EXEC, MODULE_CHECK, 0);
}
-int ima_fw_from_file(struct file *file, char *buf, size_t size)
-{
- if (!file) {
- if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
- (ima_appraise & IMA_APPRAISE_ENFORCE))
- return -EACCES; /* INTEGRITY_UNKNOWN */
- return 0;
- }
- return process_measurement(file, NULL, 0, MAY_EXEC, FIRMWARE_CHECK, 0);
-}
-
/**
* ima_post_read_file - in memory collect/appraise/audit measurement
* @file: pointer to the file to be measured/appraised/audit
@@ -366,12 +355,22 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
{
enum ima_hooks func = FILE_CHECK;
+ if (!file && read_id == READING_FIRMWARE) {
+ if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
+ (ima_appraise & IMA_APPRAISE_ENFORCE))
+ return -EACCES; /* INTEGRITY_UNKNOWN */
+ return 0;
+ }
+
if (!file || !buf || size == 0) { /* should never happen */
if (ima_appraise & IMA_APPRAISE_ENFORCE)
return -EACCES;
return 0;
}
+ if (read_id == READING_FIRMWARE)
+ func = FIRMWARE_CHECK;
+
return process_measurement(file, buf, size, MAY_READ, func, 0);
}