aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLakshmi Ramasubramanian2020-11-12 12:39:59 -0800
committerMimi Zohar2020-11-20 13:52:43 -0500
commitdea87d0889dd663bd32e86824a0b35cd617ae1d0 (patch)
treee8b3a54380e0ad0a78e93c36cb0ebf5676b57f2f /security
parentb000d5cb954fe25ac1ea929ae6da321033ace927 (diff)
ima: select ima-buf template for buffer measurement
The default IMA template used for all policy rules is the value set for CONFIG_IMA_DEFAULT_TEMPLATE if the policy rule does not specify a template. The default IMA template for buffer measurements should be 'ima-buf' - so that the measured buffer is correctly included in the IMA measurement log entry. With the default template format, buffer measurements are added to the measurement list, but do not include the buffer data, making it difficult, if not impossible, to validate. Including 'ima-buf' template records in the measurement list by default, should not impact existing attestation servers without 'ima-buf' template support. Initialize a global 'ima-buf' template and select that template, by default, for buffer measurements. Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima.h1
-rw-r--r--security/integrity/ima/ima_main.c24
-rw-r--r--security/integrity/ima/ima_policy.c2
-rw-r--r--security/integrity/ima/ima_template.c26
4 files changed, 37 insertions, 16 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 6ebefec616e4..8e8b1e3cb847 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -156,6 +156,7 @@ int template_desc_init_fields(const char *template_fmt,
const struct ima_template_field ***fields,
int *num_fields);
struct ima_template_desc *ima_template_desc_current(void);
+struct ima_template_desc *ima_template_desc_buf(void);
struct ima_template_desc *lookup_template_desc(const char *name);
bool ima_template_has_modsig(const struct ima_template_desc *ima_template);
int ima_restore_measurement_entry(struct ima_template_entry *entry);
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index a962b23e0429..68956e884403 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -413,7 +413,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
*/
int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
{
- struct ima_template_desc *template;
+ struct ima_template_desc *template = NULL;
struct file *file = vma->vm_file;
char filename[NAME_MAX];
char *pathbuf = NULL;
@@ -802,7 +802,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
.filename = eventname,
.buf = buf,
.buf_len = size};
- struct ima_template_desc *template = NULL;
+ struct ima_template_desc *template;
struct {
struct ima_digest_data hdr;
char digest[IMA_MAX_DIGEST_SIZE];
@@ -814,6 +814,13 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
if (!ima_policy_flag)
return;
+ template = ima_template_desc_buf();
+ if (!template) {
+ ret = -EINVAL;
+ audit_cause = "ima_template_desc_buf";
+ goto out;
+ }
+
/*
* Both LSM hooks and auxilary based buffer measurements are
* based on policy. To avoid code duplication, differentiate
@@ -832,19 +839,6 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
if (!pcr)
pcr = CONFIG_IMA_MEASURE_PCR_IDX;
- if (!template) {
- template = lookup_template_desc("ima-buf");
- ret = template_desc_init_fields(template->fmt,
- &(template->fields),
- &(template->num_fields));
- if (ret < 0) {
- pr_err("template %s init failed, result: %d\n",
- (strlen(template->name) ?
- template->name : template->fmt), ret);
- return;
- }
- }
-
iint.ima_hash = &hash.hdr;
iint.ima_hash->algo = ima_hash_algo;
iint.ima_hash->length = hash_digest_size[ima_hash_algo];
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 9b5adeaa47fc..823a0c1379cb 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -628,7 +628,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
struct ima_rule_entry *entry;
int action = 0, actmask = flags | (flags << 1);
- if (template_desc)
+ if (template_desc && !*template_desc)
*template_desc = ima_template_desc_current();
rcu_read_lock();
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 1e89e2d3851f..e22e510ae92d 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -55,6 +55,7 @@ static const struct ima_template_field supported_fields[] = {
#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf|d-modisg|modsig")
static struct ima_template_desc *ima_template;
+static struct ima_template_desc *ima_buf_template;
/**
* ima_template_has_modsig - Check whether template has modsig-related fields.
@@ -252,6 +253,15 @@ struct ima_template_desc *ima_template_desc_current(void)
return ima_template;
}
+struct ima_template_desc *ima_template_desc_buf(void)
+{
+ if (!ima_buf_template) {
+ ima_init_template_list();
+ ima_buf_template = lookup_template_desc("ima-buf");
+ }
+ return ima_buf_template;
+}
+
int __init ima_init_template(void)
{
struct ima_template_desc *template = ima_template_desc_current();
@@ -260,6 +270,22 @@ int __init ima_init_template(void)
result = template_desc_init_fields(template->fmt,
&(template->fields),
&(template->num_fields));
+ if (result < 0) {
+ pr_err("template %s init failed, result: %d\n",
+ (strlen(template->name) ?
+ template->name : template->fmt), result);
+ return result;
+ }
+
+ template = ima_template_desc_buf();
+ if (!template) {
+ pr_err("Failed to get ima-buf template\n");
+ return -EINVAL;
+ }
+
+ result = template_desc_init_fields(template->fmt,
+ &(template->fields),
+ &(template->num_fields));
if (result < 0)
pr_err("template %s init failed, result: %d\n",
(strlen(template->name) ?