1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy loading interface function definitions. 5 * 6 * Copyright 2013 Canonical Ltd. 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation, version 2 of the 11 * License. 12 * 13 * Fns to provide a checksum of policy that has been loaded this can be 14 * compared to userspace policy compiles to check loaded policy is what 15 * it should be. 16 */ 17 18 #include <crypto/hash.h> 19 20 #include "include/apparmor.h" 21 #include "include/crypto.h" 22 23 static unsigned int apparmor_hash_size; 24 25 static struct crypto_shash *apparmor_tfm; 26 27 unsigned int aa_hash_size(void) 28 { 29 return apparmor_hash_size; 30 } 31 32 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, 33 size_t len) 34 { 35 struct { 36 struct shash_desc shash; 37 char ctx[crypto_shash_descsize(apparmor_tfm)]; 38 } desc; 39 int error = -ENOMEM; 40 u32 le32_version = cpu_to_le32(version); 41 42 if (!aa_g_hash_policy) 43 return 0; 44 45 if (!apparmor_tfm) 46 return 0; 47 48 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); 49 if (!profile->hash) 50 goto fail; 51 52 desc.shash.tfm = apparmor_tfm; 53 desc.shash.flags = 0; 54 55 error = crypto_shash_init(&desc.shash); 56 if (error) 57 goto fail; 58 error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4); 59 if (error) 60 goto fail; 61 error = crypto_shash_update(&desc.shash, (u8 *) start, len); 62 if (error) 63 goto fail; 64 error = crypto_shash_final(&desc.shash, profile->hash); 65 if (error) 66 goto fail; 67 68 return 0; 69 70 fail: 71 kfree(profile->hash); 72 profile->hash = NULL; 73 74 return error; 75 } 76 77 static int __init init_profile_hash(void) 78 { 79 struct crypto_shash *tfm; 80 81 if (!apparmor_initialized) 82 return 0; 83 84 tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC); 85 if (IS_ERR(tfm)) { 86 int error = PTR_ERR(tfm); 87 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error); 88 return error; 89 } 90 apparmor_tfm = tfm; 91 apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm); 92 93 aa_info_message("AppArmor sha1 policy hashing enabled"); 94 95 return 0; 96 } 97 98 late_initcall(init_profile_hash); 99