Lines Matching +full:critical +full:- +full:action
1 // SPDX-License-Identifier: GPL-2.0-only
74 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
114 mapping_writably_mapped(file->f_mapping)) {
115 rc = -ETXTBSY;
118 if (!*pathbuf) /* ima_rdwr_violation possibly pre-fetched */
119 *pathname = ima_d_path(&file->f_path, pathbuf,
131 * - Opening a file for write when already open for read,
133 * - Opening a file for read when already open for write,
145 fmode_t mode = file->f_mode;
149 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
155 &iint->atomic_flags))
160 set_bit(IMA_MAY_EMIT_TOMTOU, &iint->atomic_flags);
165 &iint->atomic_flags))
173 *pathname = ima_d_path(&file->f_path, pathbuf, filename);
186 fmode_t mode = file->f_mode;
192 mutex_lock(&iint->mutex);
193 if (atomic_read(&inode->i_writecount) == 1) {
196 clear_bit(IMA_EMITTED_OPENWRITERS, &iint->atomic_flags);
199 &iint->atomic_flags);
200 if ((iint->flags & IMA_NEW_FILE) ||
201 vfs_getattr_nosec(&file->f_path, &stat,
205 stat.change_cookie != iint->real_inode.version) {
206 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
207 iint->measured_pcrs = 0;
212 mutex_unlock(&iint->mutex);
216 * ima_file_free - called on __fput()
226 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
247 int rc = 0, action, must_appraise = 0;
256 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
259 /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action
263 action = ima_get_action(file_mnt_idmap(file), inode, cred, prop,
269 ((action & IMA_MEASURE) ||
270 (file->f_mode & FMODE_WRITE)));
271 if (!action && !violation_check)
274 must_appraise = action & IMA_APPRAISE;
277 if (action & IMA_FILE_APPRAISE)
282 if (action) {
285 rc = -ENOMEM;
289 ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
296 if (!action)
299 mutex_lock(&iint->mutex);
301 if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
303 * Reset appraisal flags (action and non-action rule-specific)
306 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
311 * Re-evaulate the file if either the xattr has changed or the
315 if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) ||
316 ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&
317 !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) &&
318 !(action & IMA_FAIL_UNVERIFIABLE_SIGS))) {
319 iint->flags &= ~IMA_DONE_MASK;
320 iint->measured_pcrs = 0;
324 * On stacked filesystems, detect and re-evaluate file data and
329 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) {
331 integrity_inode_attrs_changed(&iint->real_inode,
333 iint->flags &= ~IMA_DONE_MASK;
334 iint->measured_pcrs = 0;
343 iint->flags &= ~(IMA_APPRAISED |
351 iint->flags |= action;
352 action &= IMA_DO_MASK;
353 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1);
355 /* If target pcr is already measured, unset IMA_MEASURE action */
356 if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr)))
357 action ^= IMA_MEASURE;
360 if ((action & IMA_HASH) &&
361 !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) {
365 (xattr_value->type == EVM_IMA_XATTR_DIGSIG))
366 set_bit(IMA_DIGSIG, &iint->atomic_flags);
367 iint->flags |= IMA_HASHED;
368 action ^= IMA_HASH;
369 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
373 if (!action) {
383 if ((action & IMA_APPRAISE_SUBMASK) ||
384 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) {
394 if (iint->flags & IMA_MODSIG_ALLOWED) {
398 iint->flags & IMA_MEASURED)
399 action |= IMA_MEASURE;
406 if (rc != 0 && rc != -EBADF && rc != -EINVAL)
409 if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */
410 pathname = ima_d_path(&file->f_path, &pathbuf, filename);
412 if (action & IMA_MEASURE)
416 if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) {
418 if (rc != -EPERM) {
429 if (action & IMA_AUDIT)
432 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
438 rc = -EACCES;
442 "denied-hash-algorithm", rc, 0);
445 if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) &&
446 !(iint->flags & IMA_NEW_FILE))
447 rc = -EACCES;
448 mutex_unlock(&iint->mutex);
456 return -EACCES;
457 if (file->f_mode & FMODE_WRITE)
458 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
464 * ima_file_mmap - based on policy, collect/store measurement.
474 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
502 * ima_file_mprotect - based on policy, limit mprotect change
513 * On mprotect change success, return 0. On failure, return -EACESS.
526 int action;
530 if (!(ima_policy_flag & IMA_APPRAISE) || !vma->vm_file ||
531 !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
535 inode = file_inode(vma->vm_file);
536 action = ima_get_action(file_mnt_idmap(vma->vm_file), inode,
539 action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode,
545 if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
548 if (action & IMA_APPRAISE_SUBMASK)
549 result = -EPERM;
551 file = vma->vm_file;
552 pathname = ima_d_path(&file->f_path, &pathbuf, filename);
554 "collect_data", "failed-mprotect", result, 0);
562 * ima_bprm_check - based on policy, collect/store measurement.
572 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
580 ret = process_measurement(bprm->file, current_cred(),
585 security_cred_getlsmprop(bprm->cred, &prop);
586 return process_measurement(bprm->file, bprm->cred, &prop, NULL, 0,
591 * ima_bprm_creds_for_exec - collect/store/appraise measurement.
601 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
612 if (!bprm->is_check)
619 * ima_file_check - based on policy, collect/store measurement.
626 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
647 mutex_lock(&iint->mutex);
650 if ((!iint || !(iint->flags & IMA_COLLECTED)) && file) {
652 mutex_unlock(&iint->mutex);
661 if (rc != -ENOMEM)
664 return -EOPNOTSUPP;
668 mutex_lock(&iint->mutex);
672 return -EOPNOTSUPP;
678 if (!iint->ima_hash || !(iint->flags & IMA_COLLECTED)) {
679 mutex_unlock(&iint->mutex);
680 return -EOPNOTSUPP;
686 copied_size = min_t(size_t, iint->ima_hash->length, buf_size);
687 memcpy(buf, iint->ima_hash->digest, copied_size);
689 hash_algo = iint->ima_hash->algo;
690 mutex_unlock(&iint->mutex);
693 kfree(iint->ima_hash);
699 * ima_file_hash - return a measurement of the file
712 * If the measurement cannot be performed, return -EOPNOTSUPP.
713 * If the parameters are incorrect, return -EINVAL.
718 return -EINVAL;
725 * ima_inode_hash - return the stored measurement if the inode has been hashed
739 * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
740 * If the parameters are incorrect, return -EINVAL.
745 return -EINVAL;
752 * ima_post_create_tmpfile - mark newly created tmpfile as new
767 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
781 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
782 iint->ima_file_status = INTEGRITY_PASS;
786 * ima_post_path_mknod - mark as a new inode
796 struct inode *inode = dentry->d_inode;
799 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
812 /* needed for re-opening empty files */
813 iint->flags |= IMA_NEW_FILE;
817 * ima_read_file - pre-measure/appraise hook decision based on policy
826 * For permission return 0, otherwise return -EACCES.
835 * Do devices using pre-allocated memory run the risk of the
866 * ima_post_read_file - in memory collect/appraise/audit measurement
876 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
890 return -EACCES;
901 * ima_load_data - appraise decision based on policy
910 * For permission return 0, otherwise return -EACCES.
924 return -EACCES;
929 return -EACCES; /* INTEGRITY_UNKNOWN */
935 return -EACCES; /* INTEGRITY_UNKNOWN */
944 return -EACCES; /* INTEGRITY_UNKNOWN */
954 * ima_post_load_data - appraise decision based on policy
958 * @description: @load_id-specific description of contents
964 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
974 return -EACCES; /* INTEGRITY_UNKNOWN */
990 * process_buffer_measurement - Measure the buffer or the buffer data hash
1030 int action = 0;
1034 return -EINVAL;
1037 return -ENOENT;
1041 ret = -EINVAL;
1055 action = ima_get_action(idmap, inode, current_cred(),
1058 if (!(action & IMA_MEASURE) && !digest)
1059 return -ENOENT;
1066 iint.ima_hash->algo = ima_hash_algo;
1067 iint.ima_hash->length = hash_digest_size[ima_hash_algo];
1076 memcpy(digest_hash, hash_hdr->digest, digest_hash_len);
1090 memcpy(digest, iint.ima_hash->digest, digest_hash_len);
1092 if (!ima_policy_flag || (func && !(action & IMA_MEASURE)))
1117 * ima_kexec_cmdline - measure kexec cmdline boot args
1134 buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0,
1139 * ima_measure_critical_data - measure kernel integrity critical data
1140 * @event_label: unique event label for grouping and limiting critical data
1148 * Measure data critical to the integrity of the kernel into the IMA log
1149 * and extend the pcr. Examples of critical data could be various data
1163 return -ENOPARAM;
1175 * ima_kernel_module_request - Prevent crypto-pkcs1(rsa,*) requests
1179 * binary requires executing modprobe itself. Since the modprobe iint->mutex
1181 * occurs as soon as modprobe is executed within the critical region, since
1189 * Since we don't have any real "crypto-pkcs1(rsa,*)" kernel modules,
1193 * Return: Zero if it is safe to load the kernel module, -EINVAL otherwise.
1197 if (strncmp(kmod_name, "crypto-pkcs1(rsa,", 17) == 0)
1198 return -EINVAL;