Path: blob/master/security/integrity/ima/ima_api.c
10817 views
/*1* Copyright (C) 2008 IBM Corporation2*3* Author: Mimi Zohar <[email protected]>4*5* This program is free software; you can redistribute it and/or6* modify it under the terms of the GNU General Public License as7* published by the Free Software Foundation, version 2 of the8* License.9*10* File: ima_api.c11* Implements must_measure, collect_measurement, store_measurement,12* and store_template.13*/14#include <linux/module.h>15#include <linux/slab.h>1617#include "ima.h"18static const char *IMA_TEMPLATE_NAME = "ima";1920/*21* ima_store_template - store ima template measurements22*23* Calculate the hash of a template entry, add the template entry24* to an ordered list of measurement entries maintained inside the kernel,25* and also update the aggregate integrity value (maintained inside the26* configured TPM PCR) over the hashes of the current list of measurement27* entries.28*29* Applications retrieve the current kernel-held measurement list through30* the securityfs entries in /sys/kernel/security/ima. The signed aggregate31* TPM PCR (called quote) can be retrieved using a TPM user space library32* and is used to validate the measurement list.33*34* Returns 0 on success, error code otherwise35*/36int ima_store_template(struct ima_template_entry *entry,37int violation, struct inode *inode)38{39const char *op = "add_template_measure";40const char *audit_cause = "hashing_error";41int result;4243memset(entry->digest, 0, sizeof(entry->digest));44entry->template_name = IMA_TEMPLATE_NAME;45entry->template_len = sizeof(entry->template);4647if (!violation) {48result = ima_calc_template_hash(entry->template_len,49&entry->template,50entry->digest);51if (result < 0) {52integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,53entry->template_name, op,54audit_cause, result, 0);55return result;56}57}58result = ima_add_template_entry(entry, violation, op, inode);59return result;60}6162/*63* ima_add_violation - add violation to measurement list.64*65* Violations are flagged in the measurement list with zero hash values.66* By extending the PCR with 0xFF's instead of with zeroes, the PCR67* value is invalidated.68*/69void ima_add_violation(struct inode *inode, const unsigned char *filename,70const char *op, const char *cause)71{72struct ima_template_entry *entry;73int violation = 1;74int result;7576/* can overflow, only indicator */77atomic_long_inc(&ima_htable.violations);7879entry = kmalloc(sizeof(*entry), GFP_KERNEL);80if (!entry) {81result = -ENOMEM;82goto err_out;83}84memset(&entry->template, 0, sizeof(entry->template));85strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);86result = ima_store_template(entry, violation, inode);87if (result < 0)88kfree(entry);89err_out:90integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,91op, cause, result, 0);92}9394/**95* ima_must_measure - measure decision based on policy.96* @inode: pointer to inode to measure97* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)98* @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP)99*100* The policy is defined in terms of keypairs:101* subj=, obj=, type=, func=, mask=, fsmagic=102* subj,obj, and type: are LSM specific.103* func: FILE_CHECK | BPRM_CHECK | FILE_MMAP104* mask: contains the permission mask105* fsmagic: hex value106*107* Return 0 to measure. For matching a DONT_MEASURE policy, no policy,108* or other error, return an error code.109*/110int ima_must_measure(struct inode *inode, int mask, int function)111{112int must_measure;113114must_measure = ima_match_policy(inode, function, mask);115return must_measure ? 0 : -EACCES;116}117118/*119* ima_collect_measurement - collect file measurement120*121* Calculate the file hash, if it doesn't already exist,122* storing the measurement and i_version in the iint.123*124* Must be called with iint->mutex held.125*126* Return 0 on success, error code otherwise127*/128int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file)129{130int result = -EEXIST;131132if (!(iint->flags & IMA_MEASURED)) {133u64 i_version = file->f_dentry->d_inode->i_version;134135memset(iint->digest, 0, IMA_DIGEST_SIZE);136result = ima_calc_hash(file, iint->digest);137if (!result)138iint->version = i_version;139}140return result;141}142143/*144* ima_store_measurement - store file measurement145*146* Create an "ima" template and then store the template by calling147* ima_store_template.148*149* We only get here if the inode has not already been measured,150* but the measurement could already exist:151* - multiple copies of the same file on either the same or152* different filesystems.153* - the inode was previously flushed as well as the iint info,154* containing the hashing info.155*156* Must be called with iint->mutex held.157*/158void ima_store_measurement(struct ima_iint_cache *iint, struct file *file,159const unsigned char *filename)160{161const char *op = "add_template_measure";162const char *audit_cause = "ENOMEM";163int result = -ENOMEM;164struct inode *inode = file->f_dentry->d_inode;165struct ima_template_entry *entry;166int violation = 0;167168entry = kmalloc(sizeof(*entry), GFP_KERNEL);169if (!entry) {170integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,171op, audit_cause, result, 0);172return;173}174memset(&entry->template, 0, sizeof(entry->template));175memcpy(entry->template.digest, iint->digest, IMA_DIGEST_SIZE);176strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);177178result = ima_store_template(entry, violation, inode);179if (!result)180iint->flags |= IMA_MEASURED;181else182kfree(entry);183}184185186