|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Mon, 2012-06-25 at 12:18 +0300, Dmitry Kasatkin wrote:
> This patch adds support for forcing security.ima to be a certain
> type, such as hash (default) or digital signature.
> Policy rule may have 'type=digsig' for appraise rules.
>
> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>
The patch looks good other than using the keyword 'type'. It's too
generic for my taste. I'd prefer something like 'xattr_type' or,
perhaps, 'appraise_type'.
thanks,
Mimi
> ---
> security/integrity/ima/ima_appraise.c | 5 +++++
> security/integrity/ima/ima_dir.c | 2 ++
> security/integrity/ima/ima_main.c | 1 +
> security/integrity/ima/ima_policy.c | 14 +++++++++++++-
> security/integrity/integrity.h | 1 +
> 5 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index ad77d5d..b767a03 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -102,6 +102,11 @@ int ima_appraise_measurement(struct integrity_iint_cache *iint,
>
> switch (xattr_value->type) {
> case IMA_XATTR_DIGEST:
> + if (iint->flags & IMA_DIGSIG) {
> + cause = "must-be-digsig";
> + status = INTEGRITY_FAIL;
> + break;
> + }
> rc = memcmp(xattr_value->digest, iint->ima_xattr.digest,
> IMA_DIGEST_SIZE);
> if (rc) {
> diff --git a/security/integrity/ima/ima_dir.c b/security/integrity/ima/ima_dir.c
> index 67855de..48f77de 100644
> --- a/security/integrity/ima/ima_dir.c
> +++ b/security/integrity/ima/ima_dir.c
> @@ -159,6 +159,7 @@ static int get_iint_locked(struct inode *inode, enum ima_hooks func, int mask,
>
> /* Determine if already appraised/measured based on bitmask
> * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */
> + action &= IMA_ACTION_MASK;
> action &= ~((iint->flags & IMA_APPRAISED) >> 1);
>
> /* Nothing to do, just return existing appraised status */
> @@ -289,6 +290,7 @@ static void ima_dir_update_xattr(struct integrity_iint_cache *iint,
> goto out;
>
> /* set new inode as measured or/and appraised */
> + action &= IMA_ACTION_MASK;
> iint->flags |= action | (action << 1);
> iint->ima_status = INTEGRITY_PASS;
> }
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 1ed5b64..11fa8ff 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -171,6 +171,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
> /* Determine if already appraised/measured based on bitmask
> * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */
> iint->flags |= action;
> + action &= IMA_ACTION_MASK;
> action &= ~((iint->flags & (IMA_MEASURED | IMA_APPRAISED)) >> 1);
>
> /* Nothing to do, just return existing appraised status */
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 1a0d57f..abe956f 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -25,6 +25,7 @@
> #define IMA_FSMAGIC 0x0004
> #define IMA_UID 0x0008
> #define IMA_FOWNER 0x0010
> +#define IMA_TYPE_DIGSIG 0x0020
>
> #define UNKNOWN 0
> #define MEASURE 1 /* same as IMA_MEASURE */
> @@ -209,6 +210,8 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
> if (!ima_match_rules(entry, inode, func, mask))
> continue;
>
> + if (entry->flags & IMA_TYPE_DIGSIG)
> + action |= IMA_DIGSIG;
> action |= (entry->action & (IMA_APPRAISE | IMA_MEASURE));
> actmask &= (entry->action & APPRAISE_MASK) ?
> ~APPRAISE_MASK : ~MEASURE_MASK;
> @@ -278,7 +281,8 @@ enum {
> Opt_appraise, Opt_dont_appraise,
> Opt_obj_user, Opt_obj_role, Opt_obj_type,
> Opt_subj_user, Opt_subj_role, Opt_subj_type,
> - Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner
> + Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner,
> + Opt_type
> };
>
> static match_table_t policy_tokens = {
> @@ -297,6 +301,7 @@ static match_table_t policy_tokens = {
> {Opt_fsmagic, "fsmagic=%s"},
> {Opt_uid, "uid=%s"},
> {Opt_fowner, "fowner=%s"},
> + {Opt_type, "type=%s"},
> {Opt_err, NULL}
> };
>
> @@ -504,6 +509,13 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> LSM_SUBJ_TYPE,
> AUDIT_SUBJ_TYPE);
> break;
> + case Opt_type:
> + ima_log_string(ab, "type", args[0].from);
> + if ((strcmp(args[0].from, "digsig")) == 0)
> + entry->flags |= IMA_TYPE_DIGSIG;
> + else
> + result = -EINVAL;
> + break;
> case Opt_err:
> ima_log_string(ab, "UNKNOWN", p);
> result = -EINVAL;
> diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
> index 4eec1b1..e21362a 100644
> --- a/security/integrity/integrity.h
> +++ b/security/integrity/integrity.h
> @@ -16,6 +16,7 @@
> #include <crypto/sha.h>
>
> /* iint cache flags */
> +#define IMA_ACTION_MASK 0x0f
> #define IMA_MEASURE 0x01
> #define IMA_MEASURED 0x02
> #define IMA_APPRAISE 0x04
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
