1 /* 2 * Copyright (C) 2008 IBM Corporation 3 * Author: Mimi Zohar <zohar@us.ibm.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, version 2 of the License. 8 * 9 * ima_policy.c 10 * - initialize default measure policy rules 11 * 12 */ 13 #include <linux/module.h> 14 #include <linux/list.h> 15 #include <linux/security.h> 16 #include <linux/magic.h> 17 #include <linux/parser.h> 18 #include <linux/slab.h> 19 #include <linux/genhd.h> 20 21 #include "ima.h" 22 23 /* flags definitions */ 24 #define IMA_FUNC 0x0001 25 #define IMA_MASK 0x0002 26 #define IMA_FSMAGIC 0x0004 27 #define IMA_UID 0x0008 28 #define IMA_FOWNER 0x0010 29 #define IMA_FSUUID 0x0020 30 31 #define UNKNOWN 0 32 #define MEASURE 0x0001 /* same as IMA_MEASURE */ 33 #define DONT_MEASURE 0x0002 34 #define APPRAISE 0x0004 /* same as IMA_APPRAISE */ 35 #define DONT_APPRAISE 0x0008 36 #define AUDIT 0x0040 37 38 int ima_policy_flag; 39 40 #define MAX_LSM_RULES 6 41 enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE, 42 LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE 43 }; 44 45 struct ima_rule_entry { 46 struct list_head list; 47 int action; 48 unsigned int flags; 49 enum ima_hooks func; 50 int mask; 51 unsigned long fsmagic; 52 u8 fsuuid[16]; 53 kuid_t uid; 54 kuid_t fowner; 55 struct { 56 void *rule; /* LSM file metadata specific */ 57 void *args_p; /* audit value */ 58 int type; /* audit type */ 59 } lsm[MAX_LSM_RULES]; 60 }; 61 62 /* 63 * Without LSM specific knowledge, the default policy can only be 64 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner 65 */ 66 67 /* 68 * The minimum rule set to allow for full TCB coverage. Measures all files 69 * opened or mmap for exec and everything read by root. Dangerous because 70 * normal users can easily run the machine out of memory simply building 71 * and running executables. 72 */ 73 static struct ima_rule_entry default_rules[] = { 74 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 75 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, 76 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC}, 77 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, 78 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 79 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, 80 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, 81 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 82 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 83 .flags = IMA_FUNC | IMA_MASK}, 84 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 85 .flags = IMA_FUNC | IMA_MASK}, 86 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, .uid = GLOBAL_ROOT_UID, 87 .flags = IMA_FUNC | IMA_MASK | IMA_UID}, 88 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 89 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 90 }; 91 92 static struct ima_rule_entry default_appraise_rules[] = { 93 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 94 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, 95 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC}, 96 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, 97 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC}, 98 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 99 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, 100 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, 101 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 102 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 103 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT 104 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .flags = IMA_FOWNER}, 105 #else 106 /* force signature */ 107 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, 108 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED}, 109 #endif 110 }; 111 112 static LIST_HEAD(ima_default_rules); 113 static LIST_HEAD(ima_policy_rules); 114 static struct list_head *ima_rules; 115 116 static DEFINE_MUTEX(ima_rules_mutex); 117 118 static bool ima_use_tcb __initdata; 119 static int __init default_measure_policy_setup(char *str) 120 { 121 ima_use_tcb = 1; 122 return 1; 123 } 124 __setup("ima_tcb", default_measure_policy_setup); 125 126 static bool ima_use_appraise_tcb __initdata; 127 static int __init default_appraise_policy_setup(char *str) 128 { 129 ima_use_appraise_tcb = 1; 130 return 1; 131 } 132 __setup("ima_appraise_tcb", default_appraise_policy_setup); 133 134 /* 135 * Although the IMA policy does not change, the LSM policy can be 136 * reloaded, leaving the IMA LSM based rules referring to the old, 137 * stale LSM policy. 138 * 139 * Update the IMA LSM based rules to reflect the reloaded LSM policy. 140 * We assume the rules still exist; and BUG_ON() if they don't. 141 */ 142 static void ima_lsm_update_rules(void) 143 { 144 struct ima_rule_entry *entry, *tmp; 145 int result; 146 int i; 147 148 mutex_lock(&ima_rules_mutex); 149 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { 150 for (i = 0; i < MAX_LSM_RULES; i++) { 151 if (!entry->lsm[i].rule) 152 continue; 153 result = security_filter_rule_init(entry->lsm[i].type, 154 Audit_equal, 155 entry->lsm[i].args_p, 156 &entry->lsm[i].rule); 157 BUG_ON(!entry->lsm[i].rule); 158 } 159 } 160 mutex_unlock(&ima_rules_mutex); 161 } 162 163 /** 164 * ima_match_rules - determine whether an inode matches the measure rule. 165 * @rule: a pointer to a rule 166 * @inode: a pointer to an inode 167 * @func: LIM hook identifier 168 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 169 * 170 * Returns true on rule match, false on failure. 171 */ 172 static bool ima_match_rules(struct ima_rule_entry *rule, 173 struct inode *inode, enum ima_hooks func, int mask) 174 { 175 struct task_struct *tsk = current; 176 const struct cred *cred = current_cred(); 177 int i; 178 179 if ((rule->flags & IMA_FUNC) && 180 (rule->func != func && func != POST_SETATTR)) 181 return false; 182 if ((rule->flags & IMA_MASK) && 183 (rule->mask != mask && func != POST_SETATTR)) 184 return false; 185 if ((rule->flags & IMA_FSMAGIC) 186 && rule->fsmagic != inode->i_sb->s_magic) 187 return false; 188 if ((rule->flags & IMA_FSUUID) && 189 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) 190 return false; 191 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) 192 return false; 193 if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid)) 194 return false; 195 for (i = 0; i < MAX_LSM_RULES; i++) { 196 int rc = 0; 197 u32 osid, sid; 198 int retried = 0; 199 200 if (!rule->lsm[i].rule) 201 continue; 202 retry: 203 switch (i) { 204 case LSM_OBJ_USER: 205 case LSM_OBJ_ROLE: 206 case LSM_OBJ_TYPE: 207 security_inode_getsecid(inode, &osid); 208 rc = security_filter_rule_match(osid, 209 rule->lsm[i].type, 210 Audit_equal, 211 rule->lsm[i].rule, 212 NULL); 213 break; 214 case LSM_SUBJ_USER: 215 case LSM_SUBJ_ROLE: 216 case LSM_SUBJ_TYPE: 217 security_task_getsecid(tsk, &sid); 218 rc = security_filter_rule_match(sid, 219 rule->lsm[i].type, 220 Audit_equal, 221 rule->lsm[i].rule, 222 NULL); 223 default: 224 break; 225 } 226 if ((rc < 0) && (!retried)) { 227 retried = 1; 228 ima_lsm_update_rules(); 229 goto retry; 230 } 231 if (!rc) 232 return false; 233 } 234 return true; 235 } 236 237 /* 238 * In addition to knowing that we need to appraise the file in general, 239 * we need to differentiate between calling hooks, for hook specific rules. 240 */ 241 static int get_subaction(struct ima_rule_entry *rule, int func) 242 { 243 if (!(rule->flags & IMA_FUNC)) 244 return IMA_FILE_APPRAISE; 245 246 switch (func) { 247 case MMAP_CHECK: 248 return IMA_MMAP_APPRAISE; 249 case BPRM_CHECK: 250 return IMA_BPRM_APPRAISE; 251 case MODULE_CHECK: 252 return IMA_MODULE_APPRAISE; 253 case FIRMWARE_CHECK: 254 return IMA_FIRMWARE_APPRAISE; 255 case FILE_CHECK: 256 default: 257 return IMA_FILE_APPRAISE; 258 } 259 } 260 261 /** 262 * ima_match_policy - decision based on LSM and other conditions 263 * @inode: pointer to an inode for which the policy decision is being made 264 * @func: IMA hook identifier 265 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 266 * 267 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) 268 * conditions. 269 * 270 * (There is no need for locking when walking the policy list, 271 * as elements in the list are never deleted, nor does the list 272 * change.) 273 */ 274 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 275 int flags) 276 { 277 struct ima_rule_entry *entry; 278 int action = 0, actmask = flags | (flags << 1); 279 280 list_for_each_entry(entry, ima_rules, list) { 281 282 if (!(entry->action & actmask)) 283 continue; 284 285 if (!ima_match_rules(entry, inode, func, mask)) 286 continue; 287 288 action |= entry->flags & IMA_ACTION_FLAGS; 289 290 action |= entry->action & IMA_DO_MASK; 291 if (entry->action & IMA_APPRAISE) 292 action |= get_subaction(entry, func); 293 294 if (entry->action & IMA_DO_MASK) 295 actmask &= ~(entry->action | entry->action << 1); 296 else 297 actmask &= ~(entry->action | entry->action >> 1); 298 299 if (!actmask) 300 break; 301 } 302 303 return action; 304 } 305 306 /* 307 * Initialize the ima_policy_flag variable based on the currently 308 * loaded policy. Based on this flag, the decision to short circuit 309 * out of a function or not call the function in the first place 310 * can be made earlier. 311 */ 312 void ima_update_policy_flag(void) 313 { 314 struct ima_rule_entry *entry; 315 316 ima_policy_flag = 0; 317 list_for_each_entry(entry, ima_rules, list) { 318 if (entry->action & IMA_DO_MASK) 319 ima_policy_flag |= entry->action; 320 } 321 322 if (!ima_appraise) 323 ima_policy_flag &= ~IMA_APPRAISE; 324 } 325 326 /** 327 * ima_init_policy - initialize the default measure rules. 328 * 329 * ima_rules points to either the ima_default_rules or the 330 * the new ima_policy_rules. 331 */ 332 void __init ima_init_policy(void) 333 { 334 int i, measure_entries, appraise_entries; 335 336 /* if !ima_use_tcb set entries = 0 so we load NO default rules */ 337 measure_entries = ima_use_tcb ? ARRAY_SIZE(default_rules) : 0; 338 appraise_entries = ima_use_appraise_tcb ? 339 ARRAY_SIZE(default_appraise_rules) : 0; 340 341 for (i = 0; i < measure_entries + appraise_entries; i++) { 342 if (i < measure_entries) 343 list_add_tail(&default_rules[i].list, 344 &ima_default_rules); 345 else { 346 int j = i - measure_entries; 347 348 list_add_tail(&default_appraise_rules[j].list, 349 &ima_default_rules); 350 } 351 } 352 353 ima_rules = &ima_default_rules; 354 } 355 356 /** 357 * ima_update_policy - update default_rules with new measure rules 358 * 359 * Called on file .release to update the default rules with a complete new 360 * policy. Once updated, the policy is locked, no additional rules can be 361 * added to the policy. 362 */ 363 void ima_update_policy(void) 364 { 365 ima_rules = &ima_policy_rules; 366 ima_update_policy_flag(); 367 } 368 369 enum { 370 Opt_err = -1, 371 Opt_measure = 1, Opt_dont_measure, 372 Opt_appraise, Opt_dont_appraise, 373 Opt_audit, 374 Opt_obj_user, Opt_obj_role, Opt_obj_type, 375 Opt_subj_user, Opt_subj_role, Opt_subj_type, 376 Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, 377 Opt_appraise_type, Opt_fsuuid, Opt_permit_directio 378 }; 379 380 static match_table_t policy_tokens = { 381 {Opt_measure, "measure"}, 382 {Opt_dont_measure, "dont_measure"}, 383 {Opt_appraise, "appraise"}, 384 {Opt_dont_appraise, "dont_appraise"}, 385 {Opt_audit, "audit"}, 386 {Opt_obj_user, "obj_user=%s"}, 387 {Opt_obj_role, "obj_role=%s"}, 388 {Opt_obj_type, "obj_type=%s"}, 389 {Opt_subj_user, "subj_user=%s"}, 390 {Opt_subj_role, "subj_role=%s"}, 391 {Opt_subj_type, "subj_type=%s"}, 392 {Opt_func, "func=%s"}, 393 {Opt_mask, "mask=%s"}, 394 {Opt_fsmagic, "fsmagic=%s"}, 395 {Opt_fsuuid, "fsuuid=%s"}, 396 {Opt_uid, "uid=%s"}, 397 {Opt_fowner, "fowner=%s"}, 398 {Opt_appraise_type, "appraise_type=%s"}, 399 {Opt_permit_directio, "permit_directio"}, 400 {Opt_err, NULL} 401 }; 402 403 static int ima_lsm_rule_init(struct ima_rule_entry *entry, 404 substring_t *args, int lsm_rule, int audit_type) 405 { 406 int result; 407 408 if (entry->lsm[lsm_rule].rule) 409 return -EINVAL; 410 411 entry->lsm[lsm_rule].args_p = match_strdup(args); 412 if (!entry->lsm[lsm_rule].args_p) 413 return -ENOMEM; 414 415 entry->lsm[lsm_rule].type = audit_type; 416 result = security_filter_rule_init(entry->lsm[lsm_rule].type, 417 Audit_equal, 418 entry->lsm[lsm_rule].args_p, 419 &entry->lsm[lsm_rule].rule); 420 if (!entry->lsm[lsm_rule].rule) { 421 kfree(entry->lsm[lsm_rule].args_p); 422 return -EINVAL; 423 } 424 425 return result; 426 } 427 428 static void ima_log_string(struct audit_buffer *ab, char *key, char *value) 429 { 430 audit_log_format(ab, "%s=", key); 431 audit_log_untrustedstring(ab, value); 432 audit_log_format(ab, " "); 433 } 434 435 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 436 { 437 struct audit_buffer *ab; 438 char *p; 439 int result = 0; 440 441 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); 442 443 entry->uid = INVALID_UID; 444 entry->fowner = INVALID_UID; 445 entry->action = UNKNOWN; 446 while ((p = strsep(&rule, " \t")) != NULL) { 447 substring_t args[MAX_OPT_ARGS]; 448 int token; 449 unsigned long lnum; 450 451 if (result < 0) 452 break; 453 if ((*p == '\0') || (*p == ' ') || (*p == '\t')) 454 continue; 455 token = match_token(p, policy_tokens, args); 456 switch (token) { 457 case Opt_measure: 458 ima_log_string(ab, "action", "measure"); 459 460 if (entry->action != UNKNOWN) 461 result = -EINVAL; 462 463 entry->action = MEASURE; 464 break; 465 case Opt_dont_measure: 466 ima_log_string(ab, "action", "dont_measure"); 467 468 if (entry->action != UNKNOWN) 469 result = -EINVAL; 470 471 entry->action = DONT_MEASURE; 472 break; 473 case Opt_appraise: 474 ima_log_string(ab, "action", "appraise"); 475 476 if (entry->action != UNKNOWN) 477 result = -EINVAL; 478 479 entry->action = APPRAISE; 480 break; 481 case Opt_dont_appraise: 482 ima_log_string(ab, "action", "dont_appraise"); 483 484 if (entry->action != UNKNOWN) 485 result = -EINVAL; 486 487 entry->action = DONT_APPRAISE; 488 break; 489 case Opt_audit: 490 ima_log_string(ab, "action", "audit"); 491 492 if (entry->action != UNKNOWN) 493 result = -EINVAL; 494 495 entry->action = AUDIT; 496 break; 497 case Opt_func: 498 ima_log_string(ab, "func", args[0].from); 499 500 if (entry->func) 501 result = -EINVAL; 502 503 if (strcmp(args[0].from, "FILE_CHECK") == 0) 504 entry->func = FILE_CHECK; 505 /* PATH_CHECK is for backwards compat */ 506 else if (strcmp(args[0].from, "PATH_CHECK") == 0) 507 entry->func = FILE_CHECK; 508 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) 509 entry->func = MODULE_CHECK; 510 else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0) 511 entry->func = FIRMWARE_CHECK; 512 else if ((strcmp(args[0].from, "FILE_MMAP") == 0) 513 || (strcmp(args[0].from, "MMAP_CHECK") == 0)) 514 entry->func = MMAP_CHECK; 515 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 516 entry->func = BPRM_CHECK; 517 else 518 result = -EINVAL; 519 if (!result) 520 entry->flags |= IMA_FUNC; 521 break; 522 case Opt_mask: 523 ima_log_string(ab, "mask", args[0].from); 524 525 if (entry->mask) 526 result = -EINVAL; 527 528 if ((strcmp(args[0].from, "MAY_EXEC")) == 0) 529 entry->mask = MAY_EXEC; 530 else if (strcmp(args[0].from, "MAY_WRITE") == 0) 531 entry->mask = MAY_WRITE; 532 else if (strcmp(args[0].from, "MAY_READ") == 0) 533 entry->mask = MAY_READ; 534 else if (strcmp(args[0].from, "MAY_APPEND") == 0) 535 entry->mask = MAY_APPEND; 536 else 537 result = -EINVAL; 538 if (!result) 539 entry->flags |= IMA_MASK; 540 break; 541 case Opt_fsmagic: 542 ima_log_string(ab, "fsmagic", args[0].from); 543 544 if (entry->fsmagic) { 545 result = -EINVAL; 546 break; 547 } 548 549 result = kstrtoul(args[0].from, 16, &entry->fsmagic); 550 if (!result) 551 entry->flags |= IMA_FSMAGIC; 552 break; 553 case Opt_fsuuid: 554 ima_log_string(ab, "fsuuid", args[0].from); 555 556 if (memchr_inv(entry->fsuuid, 0x00, 557 sizeof(entry->fsuuid))) { 558 result = -EINVAL; 559 break; 560 } 561 562 result = blk_part_pack_uuid(args[0].from, 563 entry->fsuuid); 564 if (!result) 565 entry->flags |= IMA_FSUUID; 566 break; 567 case Opt_uid: 568 ima_log_string(ab, "uid", args[0].from); 569 570 if (uid_valid(entry->uid)) { 571 result = -EINVAL; 572 break; 573 } 574 575 result = kstrtoul(args[0].from, 10, &lnum); 576 if (!result) { 577 entry->uid = make_kuid(current_user_ns(), (uid_t)lnum); 578 if (!uid_valid(entry->uid) || (((uid_t)lnum) != lnum)) 579 result = -EINVAL; 580 else 581 entry->flags |= IMA_UID; 582 } 583 break; 584 case Opt_fowner: 585 ima_log_string(ab, "fowner", args[0].from); 586 587 if (uid_valid(entry->fowner)) { 588 result = -EINVAL; 589 break; 590 } 591 592 result = kstrtoul(args[0].from, 10, &lnum); 593 if (!result) { 594 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); 595 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) 596 result = -EINVAL; 597 else 598 entry->flags |= IMA_FOWNER; 599 } 600 break; 601 case Opt_obj_user: 602 ima_log_string(ab, "obj_user", args[0].from); 603 result = ima_lsm_rule_init(entry, args, 604 LSM_OBJ_USER, 605 AUDIT_OBJ_USER); 606 break; 607 case Opt_obj_role: 608 ima_log_string(ab, "obj_role", args[0].from); 609 result = ima_lsm_rule_init(entry, args, 610 LSM_OBJ_ROLE, 611 AUDIT_OBJ_ROLE); 612 break; 613 case Opt_obj_type: 614 ima_log_string(ab, "obj_type", args[0].from); 615 result = ima_lsm_rule_init(entry, args, 616 LSM_OBJ_TYPE, 617 AUDIT_OBJ_TYPE); 618 break; 619 case Opt_subj_user: 620 ima_log_string(ab, "subj_user", args[0].from); 621 result = ima_lsm_rule_init(entry, args, 622 LSM_SUBJ_USER, 623 AUDIT_SUBJ_USER); 624 break; 625 case Opt_subj_role: 626 ima_log_string(ab, "subj_role", args[0].from); 627 result = ima_lsm_rule_init(entry, args, 628 LSM_SUBJ_ROLE, 629 AUDIT_SUBJ_ROLE); 630 break; 631 case Opt_subj_type: 632 ima_log_string(ab, "subj_type", args[0].from); 633 result = ima_lsm_rule_init(entry, args, 634 LSM_SUBJ_TYPE, 635 AUDIT_SUBJ_TYPE); 636 break; 637 case Opt_appraise_type: 638 if (entry->action != APPRAISE) { 639 result = -EINVAL; 640 break; 641 } 642 643 ima_log_string(ab, "appraise_type", args[0].from); 644 if ((strcmp(args[0].from, "imasig")) == 0) 645 entry->flags |= IMA_DIGSIG_REQUIRED; 646 else 647 result = -EINVAL; 648 break; 649 case Opt_permit_directio: 650 entry->flags |= IMA_PERMIT_DIRECTIO; 651 break; 652 case Opt_err: 653 ima_log_string(ab, "UNKNOWN", p); 654 result = -EINVAL; 655 break; 656 } 657 } 658 if (!result && (entry->action == UNKNOWN)) 659 result = -EINVAL; 660 else if (entry->func == MODULE_CHECK) 661 ima_appraise |= IMA_APPRAISE_MODULES; 662 else if (entry->func == FIRMWARE_CHECK) 663 ima_appraise |= IMA_APPRAISE_FIRMWARE; 664 audit_log_format(ab, "res=%d", !result); 665 audit_log_end(ab); 666 return result; 667 } 668 669 /** 670 * ima_parse_add_rule - add a rule to ima_policy_rules 671 * @rule - ima measurement policy rule 672 * 673 * Uses a mutex to protect the policy list from multiple concurrent writers. 674 * Returns the length of the rule parsed, an error code on failure 675 */ 676 ssize_t ima_parse_add_rule(char *rule) 677 { 678 static const char op[] = "update_policy"; 679 char *p; 680 struct ima_rule_entry *entry; 681 ssize_t result, len; 682 int audit_info = 0; 683 684 p = strsep(&rule, "\n"); 685 len = strlen(p) + 1; 686 p += strspn(p, " \t"); 687 688 if (*p == '#' || *p == '\0') 689 return len; 690 691 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 692 if (!entry) { 693 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 694 NULL, op, "-ENOMEM", -ENOMEM, audit_info); 695 return -ENOMEM; 696 } 697 698 INIT_LIST_HEAD(&entry->list); 699 700 result = ima_parse_rule(p, entry); 701 if (result) { 702 kfree(entry); 703 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 704 NULL, op, "invalid-policy", result, 705 audit_info); 706 return result; 707 } 708 709 mutex_lock(&ima_rules_mutex); 710 list_add_tail(&entry->list, &ima_policy_rules); 711 mutex_unlock(&ima_rules_mutex); 712 713 return len; 714 } 715 716 /* ima_delete_rules called to cleanup invalid policy */ 717 void ima_delete_rules(void) 718 { 719 struct ima_rule_entry *entry, *tmp; 720 int i; 721 722 mutex_lock(&ima_rules_mutex); 723 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { 724 for (i = 0; i < MAX_LSM_RULES; i++) 725 kfree(entry->lsm[i].args_p); 726 727 list_del(&entry->list); 728 kfree(entry); 729 } 730 mutex_unlock(&ima_rules_mutex); 731 } 732