Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/integrity/evm/evm_secfs.c
26424 views
1
// SPDX-License-Identifier: GPL-2.0-only

2
/*

3
 * Copyright (C) 2010 IBM Corporation

4
 *

5
 * Authors:

6
 * Mimi Zohar <[email protected]>

7
 *

8
 * File: evm_secfs.c

9
 *	- Used to signal when key is on keyring

10
 *	- Get the key and enable EVM

11
 */

12


13
#include <linux/audit.h>

14
#include <linux/uaccess.h>

15
#include <linux/init.h>

16
#include <linux/mutex.h>

17
#include "evm.h"

18


19
static struct dentry *evm_dir;

20
static struct dentry *evm_symlink;

21


22
#ifdef CONFIG_EVM_ADD_XATTRS

23
static struct dentry *evm_xattrs;

24
static DEFINE_MUTEX(xattr_list_mutex);

25
static int evm_xattrs_locked;

26
#endif

27


28
/**

29
 * evm_read_key - read() for <securityfs>/evm

30
 *

31
 * @filp: file pointer, not actually used

32
 * @buf: where to put the result

33
 * @count: maximum to send along

34
 * @ppos: where to start

35
 *

36
 * Returns number of bytes read or error code, as appropriate

37
 */

38
static ssize_t evm_read_key(struct file *filp, char __user *buf,

39
			    size_t count, loff_t *ppos)

40
{

41
	char temp[80];

42
	ssize_t rc;

43


44
	if (*ppos != 0)

45
		return 0;

46


47
	sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));

48
	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));

49


50
	return rc;

51
}

52


53
/**

54
 * evm_write_key - write() for <securityfs>/evm

55
 * @file: file pointer, not actually used

56
 * @buf: where to get the data from

57
 * @count: bytes sent

58
 * @ppos: where to start

59
 *

60
 * Used to signal that key is on the kernel key ring.

61
 * - get the integrity hmac key from the kernel key ring

62
 * - create list of hmac protected extended attributes

63
 * Returns number of bytes written or error code, as appropriate

64
 */

65
static ssize_t evm_write_key(struct file *file, const char __user *buf,

66
			     size_t count, loff_t *ppos)

67
{

68
	unsigned int i;

69
	int ret;

70


71
	if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))

72
		return -EPERM;

73


74
	ret = kstrtouint_from_user(buf, count, 0, &i);

75


76
	if (ret)

77
		return ret;

78


79
	/* Reject invalid values */

80
	if (!i || (i & ~EVM_INIT_MASK) != 0)

81
		return -EINVAL;

82


83
	/*

84
	 * Don't allow a request to enable metadata writes if

85
	 * an HMAC key is loaded.

86
	 */

87
	if ((i & EVM_ALLOW_METADATA_WRITES) &&

88
	    (evm_initialized & EVM_INIT_HMAC) != 0)

89
		return -EPERM;

90


91
	if (i & EVM_INIT_HMAC) {

92
		ret = evm_init_key();

93
		if (ret != 0)

94
			return ret;

95
		/* Forbid further writes after the symmetric key is loaded */

96
		i |= EVM_SETUP_COMPLETE;

97
	}

98


99
	evm_initialized |= i;

100


101
	/* Don't allow protected metadata modification if a symmetric key

102
	 * is loaded

103
	 */

104
	if (evm_initialized & EVM_INIT_HMAC)

105
		evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES);

106


107
	return count;

108
}

109


110
static const struct file_operations evm_key_ops = {

111
	.read		= evm_read_key,

112
	.write		= evm_write_key,

113
};

114


115
#ifdef CONFIG_EVM_ADD_XATTRS

116
/**

117
 * evm_read_xattrs - read() for <securityfs>/evm_xattrs

118
 *

119
 * @filp: file pointer, not actually used

120
 * @buf: where to put the result

121
 * @count: maximum to send along

122
 * @ppos: where to start

123
 *

124
 * Returns number of bytes read or error code, as appropriate

125
 */

126
static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,

127
			       size_t count, loff_t *ppos)

128
{

129
	char *temp;

130
	int offset = 0;

131
	ssize_t rc, size = 0;

132
	struct xattr_list *xattr;

133


134
	if (*ppos != 0)

135
		return 0;

136


137
	rc = mutex_lock_interruptible(&xattr_list_mutex);

138
	if (rc)

139
		return -ERESTARTSYS;

140


141
	list_for_each_entry(xattr, &evm_config_xattrnames, list) {

142
		if (!xattr->enabled)

143
			continue;

144


145
		size += strlen(xattr->name) + 1;

146
	}

147


148
	temp = kmalloc(size + 1, GFP_KERNEL);

149
	if (!temp) {

150
		mutex_unlock(&xattr_list_mutex);

151
		return -ENOMEM;

152
	}

153


154
	list_for_each_entry(xattr, &evm_config_xattrnames, list) {

155
		if (!xattr->enabled)

156
			continue;

157


158
		sprintf(temp + offset, "%s\n", xattr->name);

159
		offset += strlen(xattr->name) + 1;

160
	}

161


162
	mutex_unlock(&xattr_list_mutex);

163
	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));

164


165
	kfree(temp);

166


167
	return rc;

168
}

169


170
/**

171
 * evm_write_xattrs - write() for <securityfs>/evm_xattrs

172
 * @file: file pointer, not actually used

173
 * @buf: where to get the data from

174
 * @count: bytes sent

175
 * @ppos: where to start

176
 *

177
 * Returns number of bytes written or error code, as appropriate

178
 */

179
static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,

180
				size_t count, loff_t *ppos)

181
{

182
	int len, err;

183
	struct xattr_list *xattr, *tmp;

184
	struct audit_buffer *ab;

185
	struct iattr newattrs;

186
	struct inode *inode;

187


188
	if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)

189
		return -EPERM;

190


191
	if (*ppos != 0)

192
		return -EINVAL;

193


194
	if (count > XATTR_NAME_MAX)

195
		return -E2BIG;

196


197
	ab = audit_log_start(audit_context(), GFP_KERNEL,

198
			     AUDIT_INTEGRITY_EVM_XATTR);

199
	if (!ab && IS_ENABLED(CONFIG_AUDIT))

200
		return -ENOMEM;

201


202
	xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);

203
	if (!xattr) {

204
		err = -ENOMEM;

205
		goto out;

206
	}

207


208
	xattr->enabled = true;

209
	xattr->name = memdup_user_nul(buf, count);

210
	if (IS_ERR(xattr->name)) {

211
		err = PTR_ERR(xattr->name);

212
		xattr->name = NULL;

213
		goto out;

214
	}

215


216
	/* Remove any trailing newline */

217
	len = strlen(xattr->name);

218
	if (len && xattr->name[len-1] == '\n')

219
		xattr->name[len-1] = '\0';

220


221
	audit_log_format(ab, "xattr=");

222
	audit_log_untrustedstring(ab, xattr->name);

223


224
	if (strcmp(xattr->name, ".") == 0) {

225
		evm_xattrs_locked = 1;

226
		newattrs.ia_mode = S_IFREG | 0440;

227
		newattrs.ia_valid = ATTR_MODE;

228
		inode = evm_xattrs->d_inode;

229
		inode_lock(inode);

230
		err = simple_setattr(&nop_mnt_idmap, evm_xattrs, &newattrs);

231
		inode_unlock(inode);

232
		if (!err)

233
			err = count;

234
		goto out;

235
	}

236


237
	if (strncmp(xattr->name, XATTR_SECURITY_PREFIX,

238
		    XATTR_SECURITY_PREFIX_LEN) != 0) {

239
		err = -EINVAL;

240
		goto out;

241
	}

242


243
	/*

244
	 * xattr_list_mutex guards against races in evm_read_xattrs().

245
	 * Entries are only added to the evm_config_xattrnames list

246
	 * and never deleted. Therefore, the list is traversed

247
	 * using list_for_each_entry_lockless() without holding

248
	 * the mutex in evm_calc_hmac_or_hash(), evm_find_protected_xattrs()

249
	 * and evm_protected_xattr().

250
	 */

251
	mutex_lock(&xattr_list_mutex);

252
	list_for_each_entry(tmp, &evm_config_xattrnames, list) {

253
		if (strcmp(xattr->name, tmp->name) == 0) {

254
			err = -EEXIST;

255
			if (!tmp->enabled) {

256
				tmp->enabled = true;

257
				err = count;

258
			}

259
			mutex_unlock(&xattr_list_mutex);

260
			goto out;

261
		}

262
	}

263
	list_add_tail_rcu(&xattr->list, &evm_config_xattrnames);

264
	mutex_unlock(&xattr_list_mutex);

265


266
	audit_log_format(ab, " res=0");

267
	audit_log_end(ab);

268
	return count;

269
out:

270
	audit_log_format(ab, " res=%d", (err < 0) ? err : 0);

271
	audit_log_end(ab);

272
	if (xattr) {

273
		kfree(xattr->name);

274
		kfree(xattr);

275
	}

276
	return err;

277
}

278


279
static const struct file_operations evm_xattr_ops = {

280
	.read		= evm_read_xattrs,

281
	.write		= evm_write_xattrs,

282
};

283


284
static int evm_init_xattrs(void)

285
{

286
	evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL,

287
					    &evm_xattr_ops);

288
	if (IS_ERR(evm_xattrs))

289
		return -EFAULT;

290


291
	return 0;

292
}

293
#else

294
static int evm_init_xattrs(void)

295
{

296
	return 0;

297
}

298
#endif

299


300
int __init evm_init_secfs(void)

301
{

302
	int error = 0;

303
	struct dentry *dentry;

304


305
	evm_dir = securityfs_create_dir("evm", integrity_dir);

306
	if (IS_ERR(evm_dir))

307
		return -EFAULT;

308


309
	dentry = securityfs_create_file("evm", 0660,

310
				      evm_dir, NULL, &evm_key_ops);

311
	if (IS_ERR(dentry)) {

312
		error = -EFAULT;

313
		goto out;

314
	}

315


316
	evm_symlink = securityfs_create_symlink("evm", NULL,

317
						"integrity/evm/evm", NULL);

318
	if (IS_ERR(evm_symlink)) {

319
		error = -EFAULT;

320
		goto out;

321
	}

322


323
	if (evm_init_xattrs() != 0) {

324
		error = -EFAULT;

325
		goto out;

326
	}

327


328
	return 0;

329
out:

330
	securityfs_remove(evm_symlink);

331
	securityfs_remove(evm_dir);

332
	return error;

333
}

334


335