1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
4
 *
5
 * Authors:
6
 * Reiner Sailer <[email protected]>
7
 * Mimi Zohar <[email protected]>
8
 *
9
 * File: ima.h
10
 *	internal Integrity Measurement Architecture (IMA) definitions
11
 */
12

13
#ifndef __LINUX_IMA_H
14
#define __LINUX_IMA_H
15

16
#include <linux/types.h>
17
#include <linux/crypto.h>
18
#include <linux/fs.h>
19
#include <linux/security.h>
20
#include <linux/hash.h>
21
#include <linux/tpm.h>
22
#include <linux/audit.h>
23
#include <crypto/hash_info.h>
24

25
#include "../integrity.h"
26

27
enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
28
		     IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII };
29
enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, TPM_PCR10 = 10 };
30

31
/* digest size for IMA, fits SHA1 or MD5 */
32
#define IMA_DIGEST_SIZE		SHA1_DIGEST_SIZE
33
#define IMA_EVENT_NAME_LEN_MAX	255
34

35
#define IMA_HASH_BITS 10
36
#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
37

38
#define IMA_TEMPLATE_FIELD_ID_MAX_LEN	16
39
#define IMA_TEMPLATE_NUM_FIELDS_MAX	15
40

41
#define IMA_TEMPLATE_IMA_NAME "ima"
42
#define IMA_TEMPLATE_IMA_FMT "d|n"
43

44
#define NR_BANKS(chip) ((chip != NULL) ? chip->nr_allocated_banks : 0)
45

46
/* current content of the policy */
47
extern int ima_policy_flag;
48

49
/* bitset of digests algorithms allowed in the setxattr hook */
50
extern atomic_t ima_setxattr_allowed_hash_algorithms;
51

52
/* IMA hash algorithm description */
53
struct ima_algo_desc {
54
	struct crypto_shash *tfm;
55
	enum hash_algo algo;
56
};
57

58
/* set during initialization */
59
extern int ima_hash_algo __ro_after_init;
60
extern int ima_sha1_idx __ro_after_init;
61
extern int ima_hash_algo_idx __ro_after_init;
62
extern int ima_extra_slots __ro_after_init;
63
extern struct ima_algo_desc *ima_algo_array __ro_after_init;
64

65
extern int ima_appraise;
66
extern struct tpm_chip *ima_tpm_chip;
67
extern const char boot_aggregate_name[];
68

69
/* IMA event related data */
70
struct ima_event_data {
71
	struct ima_iint_cache *iint;
72
	struct file *file;
73
	const unsigned char *filename;
74
	struct evm_ima_xattr_data *xattr_value;
75
	int xattr_len;
76
	const struct modsig *modsig;
77
	const char *violation;
78
	const void *buf;
79
	int buf_len;
80
};
81

82
/* IMA template field data definition */
83
struct ima_field_data {
84
	u8 *data;
85
	u32 len;
86
};
87

88
/* IMA template field definition */
89
struct ima_template_field {
90
	const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
91
	int (*field_init)(struct ima_event_data *event_data,
92
			  struct ima_field_data *field_data);
93
	void (*field_show)(struct seq_file *m, enum ima_show_type show,
94
			   struct ima_field_data *field_data);
95
};
96

97
/* IMA template descriptor definition */
98
struct ima_template_desc {
99
	struct list_head list;
100
	char *name;
101
	char *fmt;
102
	int num_fields;
103
	const struct ima_template_field **fields;
104
};
105

106
struct ima_template_entry {
107
	int pcr;
108
	struct tpm_digest *digests;
109
	struct ima_template_desc *template_desc; /* template descriptor */
110
	u32 template_data_len;
111
	struct ima_field_data template_data[];	/* template related data */
112
};
113

114
struct ima_queue_entry {
115
	struct hlist_node hnext;	/* place in hash collision list */
116
	struct list_head later;		/* place in ima_measurements list */
117
	struct ima_template_entry *entry;
118
};
119
extern struct list_head ima_measurements;	/* list of all measurements */
120

121
/* Some details preceding the binary serialized measurement list */
122
struct ima_kexec_hdr {
123
	u16 version;
124
	u16 _reserved0;
125
	u32 _reserved1;
126
	u64 buffer_size;
127
	u64 count;
128
};
129

130
/* IMA iint action cache flags */
131
#define IMA_MEASURE		0x00000001
132
#define IMA_MEASURED		0x00000002
133
#define IMA_APPRAISE		0x00000004
134
#define IMA_APPRAISED		0x00000008
135
/*#define IMA_COLLECT		0x00000010  do not use this flag */
136
#define IMA_COLLECTED		0x00000020
137
#define IMA_AUDIT		0x00000040
138
#define IMA_AUDITED		0x00000080
139
#define IMA_HASH		0x00000100
140
#define IMA_HASHED		0x00000200
141

142
/* IMA iint policy rule cache flags */
143
#define IMA_NONACTION_FLAGS	0xff000000
144
#define IMA_DIGSIG_REQUIRED	0x01000000
145
#define IMA_PERMIT_DIRECTIO	0x02000000
146
#define IMA_NEW_FILE		0x04000000
147
#define IMA_FAIL_UNVERIFIABLE_SIGS	0x10000000
148
#define IMA_MODSIG_ALLOWED	0x20000000
149
#define IMA_CHECK_BLACKLIST	0x40000000
150
#define IMA_VERITY_REQUIRED	0x80000000
151

152
/* Exclude non-action flags which are not rule-specific. */
153
#define IMA_NONACTION_RULE_FLAGS	(IMA_NONACTION_FLAGS & ~IMA_NEW_FILE)
154

155
#define IMA_DO_MASK		(IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
156
				 IMA_HASH | IMA_APPRAISE_SUBMASK)
157
#define IMA_DONE_MASK		(IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \
158
				 IMA_HASHED | IMA_COLLECTED | \
159
				 IMA_APPRAISED_SUBMASK)
160

161
/* IMA iint subaction appraise cache flags */
162
#define IMA_FILE_APPRAISE	0x00001000
163
#define IMA_FILE_APPRAISED	0x00002000
164
#define IMA_MMAP_APPRAISE	0x00004000
165
#define IMA_MMAP_APPRAISED	0x00008000
166
#define IMA_BPRM_APPRAISE	0x00010000
167
#define IMA_BPRM_APPRAISED	0x00020000
168
#define IMA_READ_APPRAISE	0x00040000
169
#define IMA_READ_APPRAISED	0x00080000
170
#define IMA_CREDS_APPRAISE	0x00100000
171
#define IMA_CREDS_APPRAISED	0x00200000
172
#define IMA_APPRAISE_SUBMASK	(IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \
173
				 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \
174
				 IMA_CREDS_APPRAISE)
175
#define IMA_APPRAISED_SUBMASK	(IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \
176
				 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \
177
				 IMA_CREDS_APPRAISED)
178

179
/* IMA iint cache atomic_flags */
180
#define IMA_CHANGE_XATTR	0
181
#define IMA_UPDATE_XATTR	1
182
#define IMA_CHANGE_ATTR		2
183
#define IMA_DIGSIG		3
184
#define IMA_MAY_EMIT_TOMTOU	4
185
#define IMA_EMITTED_OPENWRITERS	5
186

187
/* IMA integrity metadata associated with an inode */
188
struct ima_iint_cache {
189
	struct mutex mutex;	/* protects: version, flags, digest */
190
	struct integrity_inode_attributes real_inode;
191
	unsigned long flags;
192
	unsigned long measured_pcrs;
193
	unsigned long atomic_flags;
194
	enum integrity_status ima_file_status:4;
195
	enum integrity_status ima_mmap_status:4;
196
	enum integrity_status ima_bprm_status:4;
197
	enum integrity_status ima_read_status:4;
198
	enum integrity_status ima_creds_status:4;
199
	struct ima_digest_data *ima_hash;
200
};
201

202
extern struct lsm_blob_sizes ima_blob_sizes;
203

204
static inline struct ima_iint_cache *
205
ima_inode_get_iint(const struct inode *inode)
206
{
207
	struct ima_iint_cache **iint_sec;
208

209
	if (unlikely(!inode->i_security))
210
		return NULL;
211

212
	iint_sec = inode->i_security + ima_blob_sizes.lbs_inode;
213
	return *iint_sec;
214
}
215

216
static inline void ima_inode_set_iint(const struct inode *inode,
217
				      struct ima_iint_cache *iint)
218
{
219
	struct ima_iint_cache **iint_sec;
220

221
	if (unlikely(!inode->i_security))
222
		return;
223

224
	iint_sec = inode->i_security + ima_blob_sizes.lbs_inode;
225
	*iint_sec = iint;
226
}
227

228
struct ima_iint_cache *ima_iint_find(struct inode *inode);
229
struct ima_iint_cache *ima_inode_get(struct inode *inode);
230
void ima_inode_free_rcu(void *inode_security);
231
void __init ima_iintcache_init(void);
232

233
extern const int read_idmap[];
234

235
#ifdef CONFIG_HAVE_IMA_KEXEC
236
void ima_load_kexec_buffer(void);
237
#else
238
static inline void ima_load_kexec_buffer(void) {}
239
#endif /* CONFIG_HAVE_IMA_KEXEC */
240

241
#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
242
void ima_post_key_create_or_update(struct key *keyring, struct key *key,
243
				   const void *payload, size_t plen,
244
				   unsigned long flags, bool create);
245
#endif
246

247
#ifdef CONFIG_IMA_KEXEC
248
void ima_measure_kexec_event(const char *event_name);
249
#else
250
static inline void ima_measure_kexec_event(const char *event_name) {}
251
#endif
252

253
/*
254
 * The default binary_runtime_measurements list format is defined as the
255
 * platform native format.  The canonical format is defined as little-endian.
256
 */
257
extern bool ima_canonical_fmt;
258

259
/* Internal IMA function definitions */
260
int ima_init(void);
261
int ima_fs_init(void);
262
int ima_add_template_entry(struct ima_template_entry *entry, int violation,
263
			   const char *op, struct inode *inode,
264
			   const unsigned char *filename);
265
int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
266
int ima_calc_buffer_hash(const void *buf, loff_t len,
267
			 struct ima_digest_data *hash);
268
int ima_calc_field_array_hash(struct ima_field_data *field_data,
269
			      struct ima_template_entry *entry);
270
int ima_calc_boot_aggregate(struct ima_digest_data *hash);
271
void ima_add_violation(struct file *file, const unsigned char *filename,
272
		       struct ima_iint_cache *iint, const char *op,
273
		       const char *cause);
274
int ima_init_crypto(void);
275
void ima_putc(struct seq_file *m, void *data, int datalen);
276
void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
277
int template_desc_init_fields(const char *template_fmt,
278
			      const struct ima_template_field ***fields,
279
			      int *num_fields);
280
struct ima_template_desc *ima_template_desc_current(void);
281
struct ima_template_desc *ima_template_desc_buf(void);
282
struct ima_template_desc *lookup_template_desc(const char *name);
283
bool ima_template_has_modsig(const struct ima_template_desc *ima_template);
284
int ima_restore_measurement_entry(struct ima_template_entry *entry);
285
int ima_restore_measurement_list(loff_t bufsize, void *buf);
286
int ima_measurements_show(struct seq_file *m, void *v);
287
unsigned long ima_get_binary_runtime_size(void);
288
int ima_init_template(void);
289
void ima_init_template_list(void);
290
int __init ima_init_digests(void);
291
void __init ima_init_reboot_notifier(void);
292
int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
293
			  void *lsm_data);
294

295
/*
296
 * used to protect h_table and sha_table
297
 */
298
extern spinlock_t ima_queue_lock;
299

300
struct ima_h_table {
301
	atomic_long_t len;	/* number of stored measurements in the list */
302
	atomic_long_t violations;
303
	struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
304
};
305
extern struct ima_h_table ima_htable;
306

307
static inline unsigned int ima_hash_key(u8 *digest)
308
{
309
	/* there is no point in taking a hash of part of a digest */
310
	return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE;
311
}
312

313
#define __ima_hooks(hook)				\
314
	hook(NONE, none)				\
315
	hook(FILE_CHECK, file)				\
316
	hook(MMAP_CHECK, mmap)				\
317
	hook(MMAP_CHECK_REQPROT, mmap_reqprot)		\
318
	hook(BPRM_CHECK, bprm)				\
319
	hook(CREDS_CHECK, creds)			\
320
	hook(POST_SETATTR, post_setattr)		\
321
	hook(MODULE_CHECK, module)			\
322
	hook(FIRMWARE_CHECK, firmware)			\
323
	hook(KEXEC_KERNEL_CHECK, kexec_kernel)		\
324
	hook(KEXEC_INITRAMFS_CHECK, kexec_initramfs)	\
325
	hook(POLICY_CHECK, policy)			\
326
	hook(KEXEC_CMDLINE, kexec_cmdline)		\
327
	hook(KEY_CHECK, key)				\
328
	hook(CRITICAL_DATA, critical_data)		\
329
	hook(SETXATTR_CHECK, setxattr_check)		\
330
	hook(MAX_CHECK, none)
331

332
#define __ima_hook_enumify(ENUM, str)	ENUM,
333
#define __ima_stringify(arg) (#arg)
334
#define __ima_hook_measuring_stringify(ENUM, str) \
335
		(__ima_stringify(measuring_ ##str)),
336

337
enum ima_hooks {
338
	__ima_hooks(__ima_hook_enumify)
339
};
340

341
static const char * const ima_hooks_measure_str[] = {
342
	__ima_hooks(__ima_hook_measuring_stringify)
343
};
344

345
static inline const char *func_measure_str(enum ima_hooks func)
346
{
347
	if (func >= MAX_CHECK)
348
		return ima_hooks_measure_str[NONE];
349

350
	return ima_hooks_measure_str[func];
351
}
352

353
extern const char *const func_tokens[];
354

355
struct modsig;
356

357
#ifdef CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS
358
/*
359
 * To track keys that need to be measured.
360
 */
361
struct ima_key_entry {
362
	struct list_head list;
363
	void *payload;
364
	size_t payload_len;
365
	char *keyring_name;
366
};
367
void ima_init_key_queue(void);
368
bool ima_should_queue_key(void);
369
bool ima_queue_key(struct key *keyring, const void *payload,
370
		   size_t payload_len);
371
void ima_process_queued_keys(void);
372
#else
373
static inline void ima_init_key_queue(void) {}
374
static inline bool ima_should_queue_key(void) { return false; }
375
static inline bool ima_queue_key(struct key *keyring,
376
				 const void *payload,
377
				 size_t payload_len) { return false; }
378
static inline void ima_process_queued_keys(void) {}
379
#endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */
380

381
/* LIM API function definitions */
382
int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
383
		   const struct cred *cred, struct lsm_prop *prop, int mask,
384
		   enum ima_hooks func, int *pcr,
385
		   struct ima_template_desc **template_desc,
386
		   const char *func_data, unsigned int *allowed_algos);
387
int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
388
int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file,
389
			    void *buf, loff_t size, enum hash_algo algo,
390
			    struct modsig *modsig);
391
void ima_store_measurement(struct ima_iint_cache *iint, struct file *file,
392
			   const unsigned char *filename,
393
			   struct evm_ima_xattr_data *xattr_value,
394
			   int xattr_len, const struct modsig *modsig, int pcr,
395
			   struct ima_template_desc *template_desc);
396
int process_buffer_measurement(struct mnt_idmap *idmap,
397
			       struct inode *inode, const void *buf, int size,
398
			       const char *eventname, enum ima_hooks func,
399
			       int pcr, const char *func_data,
400
			       bool buf_hash, u8 *digest, size_t digest_len);
401
void ima_audit_measurement(struct ima_iint_cache *iint,
402
			   const unsigned char *filename);
403
int ima_alloc_init_template(struct ima_event_data *event_data,
404
			    struct ima_template_entry **entry,
405
			    struct ima_template_desc *template_desc);
406
int ima_store_template(struct ima_template_entry *entry, int violation,
407
		       struct inode *inode,
408
		       const unsigned char *filename, int pcr);
409
void ima_free_template_entry(struct ima_template_entry *entry);
410
const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
411

412
/* IMA policy related functions */
413
int ima_match_policy(struct mnt_idmap *idmap, struct inode *inode,
414
		     const struct cred *cred, struct lsm_prop *prop,
415
		     enum ima_hooks func, int mask, int flags, int *pcr,
416
		     struct ima_template_desc **template_desc,
417
		     const char *func_data, unsigned int *allowed_algos);
418
void ima_init_policy(void);
419
void ima_update_policy(void);
420
void ima_update_policy_flags(void);
421
ssize_t ima_parse_add_rule(char *);
422
void ima_delete_rules(void);
423
int ima_check_policy(void);
424
void *ima_policy_start(struct seq_file *m, loff_t *pos);
425
void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);
426
void ima_policy_stop(struct seq_file *m, void *v);
427
int ima_policy_show(struct seq_file *m, void *v);
428

429
/* Appraise integrity measurements */
430
#define IMA_APPRAISE_ENFORCE	0x01
431
#define IMA_APPRAISE_FIX	0x02
432
#define IMA_APPRAISE_LOG	0x04
433
#define IMA_APPRAISE_MODULES	0x08
434
#define IMA_APPRAISE_FIRMWARE	0x10
435
#define IMA_APPRAISE_POLICY	0x20
436
#define IMA_APPRAISE_KEXEC	0x40
437

438
#ifdef CONFIG_IMA_APPRAISE
439
int ima_check_blacklist(struct ima_iint_cache *iint,
440
			const struct modsig *modsig, int pcr);
441
int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint,
442
			     struct file *file, const unsigned char *filename,
443
			     struct evm_ima_xattr_data *xattr_value,
444
			     int xattr_len, const struct modsig *modsig);
445
int ima_must_appraise(struct mnt_idmap *idmap, struct inode *inode,
446
		      int mask, enum ima_hooks func);
447
void ima_update_xattr(struct ima_iint_cache *iint, struct file *file);
448
enum integrity_status ima_get_cache_status(struct ima_iint_cache *iint,
449
					   enum ima_hooks func);
450
enum hash_algo ima_get_hash_algo(const struct evm_ima_xattr_data *xattr_value,
451
				 int xattr_len);
452
int ima_read_xattr(struct dentry *dentry,
453
		   struct evm_ima_xattr_data **xattr_value, int xattr_len);
454
void __init init_ima_appraise_lsm(const struct lsm_id *lsmid);
455

456
#else
457
static inline int ima_check_blacklist(struct ima_iint_cache *iint,
458
				      const struct modsig *modsig, int pcr)
459
{
460
	return 0;
461
}
462

463
static inline int ima_appraise_measurement(enum ima_hooks func,
464
					   struct ima_iint_cache *iint,
465
					   struct file *file,
466
					   const unsigned char *filename,
467
					   struct evm_ima_xattr_data *xattr_value,
468
					   int xattr_len,
469
					   const struct modsig *modsig)
470
{
471
	return INTEGRITY_UNKNOWN;
472
}
473

474
static inline int ima_must_appraise(struct mnt_idmap *idmap,
475
				    struct inode *inode, int mask,
476
				    enum ima_hooks func)
477
{
478
	return 0;
479
}
480

481
static inline void ima_update_xattr(struct ima_iint_cache *iint,
482
				    struct file *file)
483
{
484
}
485

486
static inline enum integrity_status
487
ima_get_cache_status(struct ima_iint_cache *iint, enum ima_hooks func)
488
{
489
	return INTEGRITY_UNKNOWN;
490
}
491

492
static inline enum hash_algo
493
ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
494
{
495
	return ima_hash_algo;
496
}
497

498
static inline int ima_read_xattr(struct dentry *dentry,
499
				 struct evm_ima_xattr_data **xattr_value,
500
				 int xattr_len)
501
{
502
	return 0;
503
}
504

505
static inline void __init init_ima_appraise_lsm(const struct lsm_id *lsmid)
506
{
507
}
508

509
#endif /* CONFIG_IMA_APPRAISE */
510

511
#ifdef CONFIG_IMA_APPRAISE_MODSIG
512
int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
513
		    struct modsig **modsig);
514
void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size);
515
int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo,
516
			  const u8 **digest, u32 *digest_size);
517
int ima_get_raw_modsig(const struct modsig *modsig, const void **data,
518
		       u32 *data_len);
519
void ima_free_modsig(struct modsig *modsig);
520
#else
521
static inline int ima_read_modsig(enum ima_hooks func, const void *buf,
522
				  loff_t buf_len, struct modsig **modsig)
523
{
524
	return -EOPNOTSUPP;
525
}
526

527
static inline void ima_collect_modsig(struct modsig *modsig, const void *buf,
528
				      loff_t size)
529
{
530
}
531

532
static inline int ima_get_modsig_digest(const struct modsig *modsig,
533
					enum hash_algo *algo, const u8 **digest,
534
					u32 *digest_size)
535
{
536
	return -EOPNOTSUPP;
537
}
538

539
static inline int ima_get_raw_modsig(const struct modsig *modsig,
540
				     const void **data, u32 *data_len)
541
{
542
	return -EOPNOTSUPP;
543
}
544

545
static inline void ima_free_modsig(struct modsig *modsig)
546
{
547
}
548
#endif /* CONFIG_IMA_APPRAISE_MODSIG */
549

550
/* LSM based policy rules require audit */
551
#ifdef CONFIG_IMA_LSM_RULES
552

553
#define ima_filter_rule_init security_audit_rule_init
554
#define ima_filter_rule_free security_audit_rule_free
555
#define ima_filter_rule_match security_audit_rule_match
556

557
#else
558

559
static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
560
				       void **lsmrule, gfp_t gfp)
561
{
562
	return -EINVAL;
563
}
564

565
static inline void ima_filter_rule_free(void *lsmrule)
566
{
567
}
568

569
static inline int ima_filter_rule_match(struct lsm_prop *prop, u32 field, u32 op,
570
					void *lsmrule)
571
{
572
	return -EINVAL;
573
}
574
#endif /* CONFIG_IMA_LSM_RULES */
575

576
#ifdef	CONFIG_IMA_READ_POLICY
577
#define	POLICY_FILE_FLAGS	(S_IWUSR | S_IRUSR)
578
#else
579
#define	POLICY_FILE_FLAGS	S_IWUSR
580
#endif /* CONFIG_IMA_READ_POLICY */
581

582
#endif /* __LINUX_IMA_H */
583

584