Commit 67e2c388 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull security layer updates from James Morris:
 "In terms of changes, there's general maintenance to the Smack,
  SELinux, and integrity code.

  The IMA code adds a new kconfig option, IMA_APPRAISE_SIGNED_INIT,
  which allows IMA appraisal to require signatures.  Support for reading
  keys from rootfs before init is call is also added"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
  selinux: Remove security_ops extern
  security: smack: fix out-of-bounds access in smk_parse_smack()
  VFS: refactor vfs_read()
  ima: require signature based appraisal
  integrity: provide a hook to load keys when rootfs is ready
  ima: load x509 certificate from the kernel
  integrity: provide a function to load x509 certificate from the kernel
  integrity: define a new function integrity_read_file()
  Security: smack: replace kzalloc with kmem_cache for inode_smack
  Smack: Lock mode for the floor and hat labels
  ima: added support for new kernel cmdline parameter ima_template_fmt
  ima: allocate field pointers array on demand in template_desc_init_fields()
  ima: don't allocate a copy of template_fmt in template_desc_init_fields()
  ima: display template format in meas. list if template name length is zero
  ima: added error messages to template-related functions
  ima: use atomic bit operations to protect policy update interface
  ima: ignore empty and with whitespaces policy lines
  ima: no need to allocate entry for comment
  ima: report policy load status
  ima: use path names cache
  ...
parents 6ae840e7 b2d1965d

Documentation/kernel-parameters.txt

+4 −0
Original line number Diff line number Diff line
@@ -1376,6 +1376,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
			Formats: { "ima" | "ima-ng" }

			Default: "ima-ng"



	ima_template_fmt=

	                [IMA] Define a custom template format.

			Format: { "field1|...|fieldN" }



	ima.ahash_minsize= [IMA] Minimum file size for asynchronous hash usage

			Format: <min_file_size>

			Set the minimal file size for using asynchronous hash.

Documentation/security/IMA-templates.txt

+14 −15
Original line number Diff line number Diff line
@@ -27,25 +27,22 @@ Managing templates with these structures is very simple. To support 
a new data type, developers define the field identifier and implement

two functions, init() and show(), respectively to generate and display

measurement entries. Defining a new template descriptor requires

specifying the template format, a string of field identifiers separated

by the '|' character. While in the current implementation it is possible

to define new template descriptors only by adding their definition in the

template specific code (ima_template.c), in a future version it will be

possible to register a new template on a running kernel by supplying to IMA

the desired format string. In this version, IMA initializes at boot time

all defined template descriptors by translating the format into an array

of template fields structures taken from the set of the supported ones.

specifying the template format (a string of field identifiers separated

by the '|' character) through the 'ima_template_fmt' kernel command line

parameter. At boot time, IMA initializes the chosen template descriptor

by translating the format into an array of template fields structures taken

from the set of the supported ones.



After the initialization step, IMA will call ima_alloc_init_template()

(new function defined within the patches for the new template management

mechanism) to generate a new measurement entry by using the template

descriptor chosen through the kernel configuration or through the newly

introduced 'ima_template=' kernel command line parameter. It is during this

phase that the advantages of the new architecture are clearly shown:

the latter function will not contain specific code to handle a given template

but, instead, it simply calls the init() method of the template fields

associated to the chosen template descriptor and store the result (pointer

to allocated data and data length) in the measurement entry structure.

introduced 'ima_template' and 'ima_template_fmt' kernel command line parameters.

It is during this phase that the advantages of the new architecture are

clearly shown: the latter function will not contain specific code to handle

a given template but, instead, it simply calls the init() method of the template

fields associated to the chosen template descriptor and store the result

(pointer to allocated data and data length) in the measurement entry structure.



The same mechanism is employed to display measurements entries.

The functions ima[_ascii]_measurements_show() retrieve, for each entry,
@@ -86,4 +83,6 @@ currently the following methods are supported: 
 - select a template descriptor among those supported in the kernel

   configuration ('ima-ng' is the default choice);

 - specify a template descriptor name from the kernel command line through

   the 'ima_template=' parameter.
 
   the 'ima_template=' parameter;

 - register a new template descriptor with custom format through the kernel

   command line parameter 'ima_template_fmt='.

fs/read_write.c

+18 −6
Original line number Diff line number Diff line
@@ -412,6 +412,23 @@ ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *p 


EXPORT_SYMBOL(new_sync_read);



ssize_t __vfs_read(struct file *file, char __user *buf, size_t count,

		   loff_t *pos)

{

	ssize_t ret;



	if (file->f_op->read)

		ret = file->f_op->read(file, buf, count, pos);

	else if (file->f_op->aio_read)

		ret = do_sync_read(file, buf, count, pos);

	else if (file->f_op->read_iter)

		ret = new_sync_read(file, buf, count, pos);

	else

		ret = -EINVAL;



	return ret;

}



ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)

{

	ssize_t ret;
@@ -426,12 +443,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) 
	ret = rw_verify_area(READ, file, pos, count);

	if (ret >= 0) {

		count = ret;

		if (file->f_op->read)

			ret = file->f_op->read(file, buf, count, pos);

		else if (file->f_op->aio_read)

			ret = do_sync_read(file, buf, count, pos);

		else

			ret = new_sync_read(file, buf, count, pos);

		ret = __vfs_read(file, buf, count, pos);

		if (ret > 0) {

			fsnotify_access(file);

			add_rchar(current, ret);

include/linux/fs.h

+1 −0
Original line number Diff line number Diff line
@@ -1582,6 +1582,7 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, 
			      struct iovec *fast_pointer,

			      struct iovec **ret_pointer);



extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *);

extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);

extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);

extern ssize_t vfs_readv(struct file *, const struct iovec __user *,

include/linux/integrity.h

+6 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ enum integrity_status { 
#ifdef CONFIG_INTEGRITY

extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode);

extern void integrity_inode_free(struct inode *inode);

extern void __init integrity_load_keys(void);



#else

static inline struct integrity_iint_cache *
@@ -36,5 +37,10 @@ static inline void integrity_inode_free(struct inode *inode) 
{

	return;

}



static inline void integrity_load_keys(void)

{

}

#endif /* CONFIG_INTEGRITY */



#endif /* _LINUX_INTEGRITY_H */

CRA Git | Maintained and supported by SUSTech CRA and CCSE