IMA: Add support for file reads without contents (34736dae) · Commits · 戴 / test

When the kernel_read_file LSM hook is called with contents=false, IMA can appraise the file directly, without requiring a filled buffer. When such a buffer is available, though, IMA can continue to use it instead of forcing a double read here. Signed-off-by:

Scott Branden <scott.branden@broadcom.com> Link: https://lore.kernel.org/lkml/20200706232309.12010-10-scott.branden@broadcom.com/ Signed-off-by:

Kees Cook <keescook@chromium.org> Reviewed-by:

Mimi Zohar <zohar@linux.ibm.com> Link: https://lore.kernel.org/r/20201002173828.2099543-13-keescook@chromium.org Signed-off-by:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>

security/integrity/ima/ima_main.c

+16 −6

Original line number	Diff line number	Diff line
		@@ -613,11 +613,8 @@ void ima_post_path_mknod(struct dentry *dentry)
		int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
		bool contents)
		{
		/* Reject all partial reads during appraisal. */
		if (!contents) {
		if (ima_appraise & IMA_APPRAISE_ENFORCE)
		return -EACCES;
		}
		enum ima_hooks func;
		u32 secid;

		/*
		* Do devices using pre-allocated memory run the risk of the
		@@ -626,7 +623,20 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
		* buffers? It may be desirable to include the buffer address
		* in this API and walk all the dma_map_single() mappings to check.
		*/

		/*
		* There will be a call made to ima_post_read_file() with
		* a filled buffer, so we don't need to perform an extra
		* read early here.
		*/
		if (contents)
		return 0;

		/* Read entire file for all partial reads. */
		func = read_idmap[read_id] ?: FILE_CHECK;
		security_task_getsecid(current, &secid);
		return process_measurement(file, current_cred(), secid, NULL,
		0, MAY_READ, func);
		}

		const int read_idmap[READING_MAX_ID] = {

Admin message