Commit 4cec9293 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity updates from Mimi Zohar:
 "The nicest change is the IMA policy rule checking. The other changes
  include allowing the kexec boot cmdline line measure policy rules to
  be defined in terms of the inode associated with the kexec kernel
  image, making the IMA_APPRAISE_BOOTPARAM, which governs the IMA
  appraise mode (log, fix, enforce), a runtime decision based on the
  secure boot mode of the system, and including errno in the audit log"

* tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  integrity: remove redundant initialization of variable ret
  ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
  ima: AppArmor satisfies the audit rule requirements
  ima: Rename internal filter rule functions
  ima: Support additional conditionals in the KEXEC_CMDLINE hook function
  ima: Use the common function to detect LSM conditionals in a rule
  ima: Move comprehensive rule validation checks out of the token parser
  ima: Use correct type for the args_p member of ima_rule_entry.lsm elements
  ima: Shallow copy the args_p member of ima_rule_entry.lsm elements
  ima: Fail rule parsing when appraise_flag=blacklist is unsupportable
  ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond
  ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond
  ima: Fail rule parsing when buffer hook functions have an invalid action
  ima: Free the entire rule if it fails to parse
  ima: Free the entire rule when deleting a list of rules
  ima: Have the LSM free its audit rule
  IMA: Add audit log for failure conditions
  integrity: Add errno field in audit message
parents e3243e2a 3db0d0c2

include/linux/ima.h

+2 −2
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 
			      enum kernel_read_file_id id);

extern void ima_post_path_mknod(struct dentry *dentry);

extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);

extern void ima_kexec_cmdline(const void *buf, int size);

extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);



#ifdef CONFIG_IMA_KEXEC

extern void ima_add_kexec_buffer(struct kimage *image);
@@ -103,7 +103,7 @@ static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 
	return -EOPNOTSUPP;

}



static inline void ima_kexec_cmdline(const void *buf, int size) {}

static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}

#endif /* CONFIG_IMA */



#ifndef CONFIG_IMA_KEXEC

kernel/kexec_file.c

+1 −1
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, 
			goto out;

		}



		ima_kexec_cmdline(image->cmdline_buf,

		ima_kexec_cmdline(kernel_fd, image->cmdline_buf,

				  image->cmdline_buf_len - 1);

	}

security/integrity/digsig_asymmetric.c

+1 −1
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, 
	struct public_key_signature pks;

	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;

	struct key *key;

	int ret = -ENOMEM;

	int ret;



	if (siglen <= sizeof(*hdr))

		return -EBADMSG;

security/integrity/ima/Kconfig

+2 −2
Original line number Diff line number Diff line
@@ -54,7 +54,7 @@ config IMA_MEASURE_PCR_IDX 


config IMA_LSM_RULES

	bool

	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)

	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)

	default y

	help

	  Disabling this option will disregard LSM based policy rules.
@@ -232,7 +232,7 @@ config IMA_APPRAISE_REQUIRE_POLICY_SIGS 


config IMA_APPRAISE_BOOTPARAM

	bool "ima_appraise boot parameter"

	depends on IMA_APPRAISE && !IMA_ARCH_POLICY

	depends on IMA_APPRAISE

	default y

	help

	  This option enables the different "ima_appraise=" modes

security/integrity/ima/ima.h

+44 −29
Original line number Diff line number Diff line
@@ -187,26 +187,42 @@ static inline unsigned int ima_hash_key(u8 *digest) 
}



#define __ima_hooks(hook)				\

	hook(NONE)			\

	hook(FILE_CHECK)		\

	hook(MMAP_CHECK)		\

	hook(BPRM_CHECK)		\

	hook(CREDS_CHECK)		\

	hook(POST_SETATTR)		\

	hook(MODULE_CHECK)		\

	hook(FIRMWARE_CHECK)		\

	hook(KEXEC_KERNEL_CHECK)	\

	hook(KEXEC_INITRAMFS_CHECK)	\

	hook(POLICY_CHECK)		\

	hook(KEXEC_CMDLINE)		\

	hook(KEY_CHECK)			\

	hook(MAX_CHECK)

#define __ima_hook_enumify(ENUM)	ENUM,

	hook(NONE, none)				\

	hook(FILE_CHECK, file)				\

	hook(MMAP_CHECK, mmap)				\

	hook(BPRM_CHECK, bprm)				\

	hook(CREDS_CHECK, creds)			\

	hook(POST_SETATTR, post_setattr)		\

	hook(MODULE_CHECK, module)			\

	hook(FIRMWARE_CHECK, firmware)			\

	hook(KEXEC_KERNEL_CHECK, kexec_kernel)		\

	hook(KEXEC_INITRAMFS_CHECK, kexec_initramfs)	\

	hook(POLICY_CHECK, policy)			\

	hook(KEXEC_CMDLINE, kexec_cmdline)		\

	hook(KEY_CHECK, key)				\

	hook(MAX_CHECK, none)



#define __ima_hook_enumify(ENUM, str)	ENUM,

#define __ima_stringify(arg) (#arg)

#define __ima_hook_measuring_stringify(ENUM, str) \

		(__ima_stringify(measuring_ ##str)),



enum ima_hooks {

	__ima_hooks(__ima_hook_enumify)

};



static const char * const ima_hooks_measure_str[] = {

	__ima_hooks(__ima_hook_measuring_stringify)

};



static inline const char *func_measure_str(enum ima_hooks func)

{

	if (func >= MAX_CHECK)

		return ima_hooks_measure_str[NONE];



	return ima_hooks_measure_str[func];

}



extern const char *const func_tokens[];



struct modsig;
@@ -249,7 +265,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 
			   struct evm_ima_xattr_data *xattr_value,

			   int xattr_len, const struct modsig *modsig, int pcr,

			   struct ima_template_desc *template_desc);

void process_buffer_measurement(const void *buf, int size,

void process_buffer_measurement(struct inode *inode, const void *buf, int size,

				const char *eventname, enum ima_hooks func,

				int pcr, const char *keyring);

void ima_audit_measurement(struct integrity_iint_cache *iint,
@@ -356,7 +372,6 @@ static inline int ima_read_xattr(struct dentry *dentry, 
#endif /* CONFIG_IMA_APPRAISE */



#ifdef CONFIG_IMA_APPRAISE_MODSIG

bool ima_hook_supports_modsig(enum ima_hooks func);

int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,

		    struct modsig **modsig);

void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size);
@@ -366,11 +381,6 @@ int ima_get_raw_modsig(const struct modsig *modsig, const void **data, 
		       u32 *data_len);

void ima_free_modsig(struct modsig *modsig);

#else

static inline bool ima_hook_supports_modsig(enum ima_hooks func)

{

	return false;

}



static inline int ima_read_modsig(enum ima_hooks func, const void *buf,

				  loff_t buf_len, struct modsig **modsig)

{
@@ -403,18 +413,23 @@ static inline void ima_free_modsig(struct modsig *modsig) 
/* LSM based policy rules require audit */

#ifdef CONFIG_IMA_LSM_RULES



#define security_filter_rule_init security_audit_rule_init

#define security_filter_rule_match security_audit_rule_match

#define ima_filter_rule_init security_audit_rule_init

#define ima_filter_rule_free security_audit_rule_free

#define ima_filter_rule_match security_audit_rule_match



#else



static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,

static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,

				       void **lsmrule)

{

	return -EINVAL;

}



static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,

static inline void ima_filter_rule_free(void *lsmrule)

{

}



static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,

					void *lsmrule)

{

	return -EINVAL;

CRA Git | Maintained and supported by SUSTech CRA and CCSE