Re: [PATCH v3 05/12] ima: add appraise action keywords and default rules

From: Kasatkin, Dmitry
Date: Thu Mar 22 2012 - 10:27:18 EST

Next message: Andrea Arcangeli: "Re: [RFC] AutoNUMA alpha6"
Previous message: Ravi Kumar V: "[PATCH v5 2/2] DMAEngine: Add DMAEngine driver based on old MSM ADM DMA APIs"
In reply to: Mimi Zohar: "[PATCH v3 05/12] ima: add appraise action keywords and default rules"
Next in thread: Mimi Zohar: "[PATCH v3 11/12] ima: add support for different security.ima data types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 21, 2012 at 8:54 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> Unlike the IMA measurement policy, the appraise policy can not be dependent
> on runtime process information, such as the task uid, as the 'security.ima'
> xattr is written on file close and must be updated each time the file changes,
> regardless of the current task uid.
>
> This patch extends the policy language with 'fowner', defines an appraise
> policy, which appraises all files owned by root, and defines 'ima_appraise_tcb',
> a new boot command line option, to enable the appraise policy.
>
> Changelog v3:
> - separate the measure from the appraise rules in order to support measuring
> Âwithout appraising and appraising without measuring.
> - change appraisal default for filesystems without xattr support to fail
> - update default appraise policy for cgroups
>
> Changelog v1:
> - don't appraise RAMFS (Dmitry Kasatkin)
> - merged rest of "ima: ima_must_appraise_or_measure API change" commit
> Â(Dmtiry Kasatkin)
>
> Âima_must_appraise_or_measure() called ima_match_policy twice, which
> Âsearched the policy for a matching rule. ÂOnce for a matching measurement
> Ârule and subsequently for an appraisal rule. Searching the policy twice
> Âis unnecessary overhead, which could be noticeable with a large policy.
>
> ÂThe new version of ima_must_appraise_or_measure() does everything in a
> Âsingle iteration using a new version of ima_match_policy(). ÂIt returns
> ÂIMA_MEASURE, IMA_APPRAISE mask.
>
> ÂWith the use of action mask only one efficient matching function
> Âis enough. ÂRemoved other specific versions of matching functions.
>
> Changelog:
> - change 'owner' to 'fowner' to conform to the new LSM conditions posted by
> ÂRoberto Sassu.
> - fix calls to ima_log_string()
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>

> ---
> ÂDocumentation/ABI/testing/ima_policy Â| Â 25 +++++-
> ÂDocumentation/kernel-parameters.txt Â | Â Â4 +
> Âsecurity/integrity/ima/ima_appraise.c | Â Â5 +-
> Âsecurity/integrity/ima/ima_policy.c Â | Â149 ++++++++++++++++++++++++---------
> Â4 files changed, 139 insertions(+), 44 deletions(-)
>
> diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
> index 6cd6dae..dcff822 100644
> --- a/Documentation/ABI/testing/ima_policy
> +++ b/Documentation/ABI/testing/ima_policy
> @@ -12,11 +12,14 @@ Description:
> Â Â Â Â Â Â Â Âthen closing the file. ÂThe new policy takes effect after
> Â Â Â Â Â Â Â Âthe file ima/policy is closed.
>
> + Â Â Â Â Â Â Â IMA appraisal, if configured, uses these file measurements
> + Â Â Â Â Â Â Â for local measurement appraisal.
> +
> Â Â Â Â Â Â Â Ârule format: action [condition ...]
>
> - Â Â Â Â Â Â Â action: measure | dont_measure
> + Â Â Â Â Â Â Â action: measure | dont_measure | appraise | dont_appraise
> Â Â Â Â Â Â Â Âcondition:= base | lsm
> - Â Â Â Â Â Â Â Â Â Â Â base: Â [[func=] [mask=] [fsmagic=] [uid=]]
> + Â Â Â Â Â Â Â Â Â Â Â base: Â [[func=] [mask=] [fsmagic=] [uid=] [fowner]]
> Â Â Â Â Â Â Â Â Â Â Â Âlsm: Â Â[[subj_user=] [subj_role=] [subj_type=]
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [obj_user=] [obj_role=] [obj_type=]]
>
> @@ -24,36 +27,50 @@ Description:
> Â Â Â Â Â Â Â Â Â Â Â Âmask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
> Â Â Â Â Â Â Â Â Â Â Â Âfsmagic:= hex value
> Â Â Â Â Â Â Â Â Â Â Â Âuid:= decimal value
> + Â Â Â Â Â Â Â Â Â Â Â fowner:=decimal value
> Â Â Â Â Â Â Â Âlsm: Â Âare LSM specific
>
> Â Â Â Â Â Â Â Âdefault policy:
> Â Â Â Â Â Â Â Â Â Â Â Â# PROC_SUPER_MAGIC
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure fsmagic=0x9fa0
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x9fa0
> Â Â Â Â Â Â Â Â Â Â Â Â# SYSFS_MAGIC
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure fsmagic=0x62656572
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x62656572
> Â Â Â Â Â Â Â Â Â Â Â Â# DEBUGFS_MAGIC
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure fsmagic=0x64626720
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x64626720
> Â Â Â Â Â Â Â Â Â Â Â Â# TMPFS_MAGIC
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure fsmagic=0x01021994
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x01021994
> + Â Â Â Â Â Â Â Â Â Â Â # RAMFS_MAGIC
> + Â Â Â Â Â Â Â Â Â Â Â dont_measure fsmagic=0x858458f6
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x858458f6
> Â Â Â Â Â Â Â Â Â Â Â Â# SECURITYFS_MAGIC
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure fsmagic=0x73636673
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0x73636673
>
> Â Â Â Â Â Â Â Â Â Â Â Âmeasure func=BPRM_CHECK
> Â Â Â Â Â Â Â Â Â Â Â Âmeasure func=FILE_MMAP mask=MAY_EXEC
> Â Â Â Â Â Â Â Â Â Â Â Âmeasure func=FILE_CHECK mask=MAY_READ uid=0
> + Â Â Â Â Â Â Â Â Â Â Â appraise fowner=0
>
> Â Â Â Â Â Â Â ÂThe default policy measures all executables in bprm_check,
> Â Â Â Â Â Â Â Âall files mmapped executable in file_mmap, and all files
> - Â Â Â Â Â Â Â open for read by root in do_filp_open.
> + Â Â Â Â Â Â Â open for read by root in do_filp_open. ÂThe default appraisal
> + Â Â Â Â Â Â Â policy appraises all files owned by root.
>
> Â Â Â Â Â Â Â ÂExamples of LSM specific definitions:
>
> Â Â Â Â Â Â Â ÂSELinux:
> Â Â Â Â Â Â Â Â Â Â Â Â# SELINUX_MAGIC
> - Â Â Â Â Â Â Â Â Â Â Â dont_measure fsmagic=0xF97CFF8C
> + Â Â Â Â Â Â Â Â Â Â Â dont_measure fsmagic=0xf97cff8c
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise fsmagic=0xf97cff8c
>
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure obj_type=var_log_t
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise obj_type=var_log_t
> Â Â Â Â Â Â Â Â Â Â Â Âdont_measure obj_type=auditd_log_t
> + Â Â Â Â Â Â Â Â Â Â Â dont_appraise obj_type=auditd_log_t
> Â Â Â Â Â Â Â Â Â Â Â Âmeasure subj_user=system_u func=FILE_CHECK mask=MAY_READ
> Â Â Â Â Â Â Â Â Â Â Â Âmeasure subj_role=system_r func=FILE_CHECK mask=MAY_READ
>
> diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
> index a86765d..6c00491 100644
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -1008,6 +1008,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
> Â Â Â Â Â Â Â Â Â Â Â ÂFormat: { "off" | "enforce" | "fix" }
> Â Â Â Â Â Â Â Â Â Â Â Âdefault: "enforce"
>
> + Â Â Â ima_appraise_tcb [IMA]
> + Â Â Â Â Â Â Â Â Â Â Â The builtin appraise policy appraises all files
> + Â Â Â Â Â Â Â Â Â Â Â owned by uid=0.
> +
> Â Â Â Âima_audit= Â Â Â[IMA]
> Â Â Â Â Â Â Â Â Â Â Â ÂFormat: { "0" | "1" }
> Â Â Â Â Â Â Â Â Â Â Â Â0 -- integrity auditing messages. (Default)
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 4865f61..681cb6e 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -36,7 +36,10 @@ __setup("ima_appraise=", default_appraise_setup);
> Â*/
> Âint ima_must_appraise(struct inode *inode, enum ima_hooks func, int mask)
> Â{
> - Â Â Â return 0;
> + Â Â Â if (!ima_appraise)
> + Â Â Â Â Â Â Â return 0;
> +
> + Â Â Â return ima_match_policy(inode, func, mask, IMA_APPRAISE);
> Â}
>
> Âstatic void ima_fix_xattr(struct dentry *dentry,
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 8ee301c..238aa2b 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -24,6 +24,7 @@
> Â#define IMA_MASK Â Â Â 0x0002
> Â#define IMA_FSMAGIC Â Â0x0004
> Â#define IMA_UID Â Â Â Â Â Â Â Â0x0008
> +#define IMA_FOWNER Â Â 0x0010
>
> Â#define UNKNOWN Â Â Â Â Â Â Â Â Â Â Â Â0
> Â#define MEASURE Â Â Â Â Â Â Â Â Â Â Â Â1 Â Â Â /* same as IMA_MEASURE */
> @@ -38,7 +39,7 @@ enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
> Â Â Â ÂLSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
> Â};
>
> -struct ima_measure_rule_entry {
> +struct ima_rule_entry {
> Â Â Â Âstruct list_head list;
> Â Â Â Âint action;
> Â Â Â Âunsigned int flags;
> @@ -46,6 +47,7 @@ struct ima_measure_rule_entry {
> Â Â Â Âint mask;
> Â Â Â Âunsigned long fsmagic;
> Â Â Â Âuid_t uid;
> + Â Â Â uid_t fowner;
> Â Â Â Âstruct {
> Â Â Â Â Â Â Â Âvoid *rule; Â Â /* LSM file metadata specific */
> Â Â Â Â Â Â Â Âint type; Â Â Â /* audit type */
> @@ -54,7 +56,7 @@ struct ima_measure_rule_entry {
>
> Â/*
> Â* Without LSM specific knowledge, the default policy can only be
> - * written in terms of .action, .func, .mask, .fsmagic, and .uid
> + * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
> Â*/
>
> Â/*
> @@ -63,7 +65,7 @@ struct ima_measure_rule_entry {
> Â* normal users can easily run the machine out of memory simply building
> Â* and running executables.
> Â*/
> -static struct ima_measure_rule_entry default_rules[] = {
> +static struct ima_rule_entry default_rules[] = {
> Â Â Â Â{.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC},
> Â Â Â Â{.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
> Â Â Â Â{.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
> @@ -79,19 +81,39 @@ static struct ima_measure_rule_entry default_rules[] = {
> Â Â Â Â .flags = IMA_FUNC | IMA_MASK | IMA_UID},
> Â};
>
> -static LIST_HEAD(measure_default_rules);
> -static LIST_HEAD(measure_policy_rules);
> -static struct list_head *ima_measure;
> +static struct ima_rule_entry default_appraise_rules[] = {
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = DONT_APPRAISE,.fsmagic = CGROUP_SUPER_MAGIC,.flags = IMA_FSMAGIC},
> + Â Â Â {.action = APPRAISE,.fowner = 0,.flags = IMA_FOWNER},
> +};
> +
> +static LIST_HEAD(ima_default_rules);
> +static LIST_HEAD(ima_policy_rules);
> +static struct list_head *ima_rules;
>
> -static DEFINE_MUTEX(ima_measure_mutex);
> +static DEFINE_MUTEX(ima_rules_mutex);
>
> Âstatic bool ima_use_tcb __initdata;
> -static int __init default_policy_setup(char *str)
> +static int __init default_measure_policy_setup(char *str)
> Â{
> Â Â Â Âima_use_tcb = 1;
> Â Â Â Âreturn 1;
> Â}
> -__setup("ima_tcb", default_policy_setup);
> +__setup("ima_tcb", default_measure_policy_setup);
> +
> +static bool ima_use_appraise_tcb __initdata;
> +static int __init default_appraise_policy_setup(char *str)
> +{
> + Â Â Â ima_use_appraise_tcb = 1;
> + Â Â Â return 1;
> +}
> +__setup("ima_appraise_tcb", default_appraise_policy_setup);
>
> Â/**
> Â* ima_match_rules - determine whether an inode matches the measure rule.
> @@ -102,7 +124,7 @@ __setup("ima_tcb", default_policy_setup);
> Â*
> Â* Returns true on rule match, false on failure.
> Â*/
> -static bool ima_match_rules(struct ima_measure_rule_entry *rule,
> +static bool ima_match_rules(struct ima_rule_entry *rule,
> Â Â Â Â Â Â Â Â Â Â Â Â Â Âstruct inode *inode, enum ima_hooks func, int mask)
> Â{
> Â Â Â Âstruct task_struct *tsk = current;
> @@ -118,6 +140,8 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
> Â Â Â Â Â Â Â Âreturn false;
> Â Â Â Âif ((rule->flags & IMA_UID) && rule->uid != cred->uid)
> Â Â Â Â Â Â Â Âreturn false;
> + Â Â Â if ((rule->flags & IMA_FOWNER) && rule->fowner != inode->i_uid)
> + Â Â Â Â Â Â Â return false;
> Â Â Â Âfor (i = 0; i < MAX_LSM_RULES; i++) {
> Â Â Â Â Â Â Â Âint rc = 0;
> Â Â Â Â Â Â Â Âu32 osid, sid;
> @@ -170,10 +194,10 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
> Âint ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
> Â Â Â Â Â Â Â Â Â Â int flags)
> Â{
> - Â Â Â struct ima_measure_rule_entry *entry;
> + Â Â Â struct ima_rule_entry *entry;
> Â Â Â Âint action = 0, actmask = flags | (flags << 1);
>
> - Â Â Â list_for_each_entry(entry, ima_measure, list) {
> + Â Â Â list_for_each_entry(entry, ima_rules, list) {
>
> Â Â Â Â Â Â Â Âif (!(entry->action & actmask))
> Â Â Â Â Â Â Â Â Â Â Â Âcontinue;
> @@ -194,22 +218,31 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
> Â/**
> Â* ima_init_policy - initialize the default measure rules.
> Â*
> - * ima_measure points to either the measure_default_rules or the
> - * the new measure_policy_rules.
> + * ima_rules points to either the ima_default_rules or the
> + * the new ima_policy_rules.
> Â*/
> Âvoid __init ima_init_policy(void)
> Â{
> - Â Â Â int i, entries;
> + Â Â Â int i, measure_entries, appraise_entries;
>
> Â Â Â Â/* if !ima_use_tcb set entries = 0 so we load NO default rules */
> - Â Â Â if (ima_use_tcb)
> - Â Â Â Â Â Â Â entries = ARRAY_SIZE(default_rules);
> - Â Â Â else
> - Â Â Â Â Â Â Â entries = 0;
> -
> - Â Â Â for (i = 0; i < entries; i++)
> - Â Â Â Â Â Â Â list_add_tail(&default_rules[i].list, &measure_default_rules);
> - Â Â Â ima_measure = &measure_default_rules;
> + Â Â Â measure_entries = ima_use_tcb ? ARRAY_SIZE(default_rules) : 0;
> + Â Â Â appraise_entries = ima_use_appraise_tcb ?
> + Â Â Â Â Â Â Â Â Â Â Â ÂARRAY_SIZE(default_appraise_rules) : 0;
> +
> + Â Â Â for (i = 0; i < measure_entries + appraise_entries; i++) {
> + Â Â Â Â Â Â Â if (i < measure_entries)
> + Â Â Â Â Â Â Â Â Â Â Â list_add_tail(&default_rules[i].list,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â &ima_default_rules);
> + Â Â Â Â Â Â Â else {
> + Â Â Â Â Â Â Â Â Â Â Â int j = i - measure_entries;
> +
> + Â Â Â Â Â Â Â Â Â Â Â list_add_tail(&default_appraise_rules[j].list,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â &ima_default_rules);
> + Â Â Â Â Â Â Â }
> + Â Â Â }
> +
> + Â Â Â ima_rules = &ima_default_rules;
> Â}
>
> Â/**
> @@ -226,8 +259,8 @@ void ima_update_policy(void)
> Â Â Â Âint result = 1;
> Â Â Â Âint audit_info = 0;
>
> - Â Â Â if (ima_measure == &measure_default_rules) {
> - Â Â Â Â Â Â Â ima_measure = &measure_policy_rules;
> + Â Â Â if (ima_rules == &ima_default_rules) {
> + Â Â Â Â Â Â Â ima_rules = &ima_policy_rules;
> Â Â Â Â Â Â Â Âcause = "complete";
> Â Â Â Â Â Â Â Âresult = 0;
> Â Â Â Â}
> @@ -238,14 +271,17 @@ void ima_update_policy(void)
> Âenum {
> Â Â Â ÂOpt_err = -1,
> Â Â Â ÂOpt_measure = 1, Opt_dont_measure,
> + Â Â Â Opt_appraise, Opt_dont_appraise,
> Â Â Â ÂOpt_obj_user, Opt_obj_role, Opt_obj_type,
> Â Â Â ÂOpt_subj_user, Opt_subj_role, Opt_subj_type,
> - Â Â Â Opt_func, Opt_mask, Opt_fsmagic, Opt_uid
> + Â Â Â Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner
> Â};
>
> Âstatic match_table_t policy_tokens = {
> Â Â Â Â{Opt_measure, "measure"},
> Â Â Â Â{Opt_dont_measure, "dont_measure"},
> + Â Â Â {Opt_appraise, "appraise"},
> + Â Â Â {Opt_dont_appraise, "dont_appraise"},
> Â Â Â Â{Opt_obj_user, "obj_user=%s"},
> Â Â Â Â{Opt_obj_role, "obj_role=%s"},
> Â Â Â Â{Opt_obj_type, "obj_type=%s"},
> @@ -256,10 +292,11 @@ static match_table_t policy_tokens = {
> Â Â Â Â{Opt_mask, "mask=%s"},
> Â Â Â Â{Opt_fsmagic, "fsmagic=%s"},
> Â Â Â Â{Opt_uid, "uid=%s"},
> + Â Â Â {Opt_fowner, "fowner=%s"},
> Â Â Â Â{Opt_err, NULL}
> Â};
>
> -static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry,
> +static int ima_lsm_rule_init(struct ima_rule_entry *entry,
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â char *args, int lsm_rule, int audit_type)
> Â{
> Â Â Â Âint result;
> @@ -283,7 +320,7 @@ static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
> Â Â Â Âaudit_log_format(ab, " ");
> Â}
>
> -static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
> +static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> Â{
> Â Â Â Âstruct audit_buffer *ab;
> Â Â Â Âchar *p;
> @@ -292,6 +329,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
> Â Â Â Âab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
>
> Â Â Â Âentry->uid = -1;
> + Â Â Â entry->fowner = -1;
> Â Â Â Âentry->action = UNKNOWN;
> Â Â Â Âwhile ((p = strsep(&rule, " \t")) != NULL) {
> Â Â Â Â Â Â Â Âsubstring_t args[MAX_OPT_ARGS];
> @@ -320,11 +358,27 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
>
> Â Â Â Â Â Â Â Â Â Â Â Âentry->action = DONT_MEASURE;
> Â Â Â Â Â Â Â Â Â Â Â Âbreak;
> + Â Â Â Â Â Â Â case Opt_appraise:
> + Â Â Â Â Â Â Â Â Â Â Â ima_log_string(ab, "action", "appraise");
> +
> + Â Â Â Â Â Â Â Â Â Â Â if (entry->action != UNKNOWN)
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result = -EINVAL;
> +
> + Â Â Â Â Â Â Â Â Â Â Â entry->action = APPRAISE;
> + Â Â Â Â Â Â Â Â Â Â Â break;
> + Â Â Â Â Â Â Â case Opt_dont_appraise:
> + Â Â Â Â Â Â Â Â Â Â Â ima_log_string(ab, "action", "dont_appraise");
> +
> + Â Â Â Â Â Â Â Â Â Â Â if (entry->action != UNKNOWN)
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result = -EINVAL;
> +
> + Â Â Â Â Â Â Â Â Â Â Â entry->action = DONT_APPRAISE;
> + Â Â Â Â Â Â Â Â Â Â Â break;
> Â Â Â Â Â Â Â Âcase Opt_func:
> Â Â Â Â Â Â Â Â Â Â Â Âima_log_string(ab, "func", args[0].from);
>
> Â Â Â Â Â Â Â Â Â Â Â Âif (entry->func)
> - Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result Â= -EINVAL;
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result = -EINVAL;
>
> Â Â Â Â Â Â Â Â Â Â Â Âif (strcmp(args[0].from, "FILE_CHECK") == 0)
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Âentry->func = FILE_CHECK;
> @@ -389,6 +443,23 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Âentry->flags |= IMA_UID;
> Â Â Â Â Â Â Â Â Â Â Â Â}
> Â Â Â Â Â Â Â Â Â Â Â Âbreak;
> + Â Â Â Â Â Â Â case Opt_fowner:
> + Â Â Â Â Â Â Â Â Â Â Â ima_log_string(ab, "fowner", args[0].from);
> +
> + Â Â Â Â Â Â Â Â Â Â Â if (entry->fowner != -1) {
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result = -EINVAL;
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â break;
> + Â Â Â Â Â Â Â Â Â Â Â }
> +
> + Â Â Â Â Â Â Â Â Â Â Â result = strict_strtoul(args[0].from, 10, &lnum);
> + Â Â Â Â Â Â Â Â Â Â Â if (!result) {
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â entry->fowner = (uid_t) lnum;
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if (entry->fowner != lnum)
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â result = -EINVAL;
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â else
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â entry->flags |= IMA_FOWNER;
> + Â Â Â Â Â Â Â Â Â Â Â }
> + Â Â Â Â Â Â Â Â Â Â Â break;
> Â Â Â Â Â Â Â Âcase Opt_obj_user:
> Â Â Â Â Â Â Â Â Â Â Â Âima_log_string(ab, "obj_user", args[0].from);
> Â Â Â Â Â Â Â Â Â Â Â Âresult = ima_lsm_rule_init(entry, args[0].from,
> @@ -440,7 +511,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
> Â}
>
> Â/**
> - * ima_parse_add_rule - add a rule to measure_policy_rules
> + * ima_parse_add_rule - add a rule to ima_policy_rules
> Â* @rule - ima measurement policy rule
> Â*
> Â* Uses a mutex to protect the policy list from multiple concurrent writers.
> @@ -450,12 +521,12 @@ ssize_t ima_parse_add_rule(char *rule)
> Â{
> Â Â Â Âconst char *op = "update_policy";
> Â Â Â Âchar *p;
> - Â Â Â struct ima_measure_rule_entry *entry;
> + Â Â Â struct ima_rule_entry *entry;
> Â Â Â Âssize_t result, len;
> Â Â Â Âint audit_info = 0;
>
> Â Â Â Â/* Prevent installed policy from changing */
> - Â Â Â if (ima_measure != &measure_default_rules) {
> + Â Â Â if (ima_rules != &ima_default_rules) {
> Â Â Â Â Â Â Â Âintegrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â ÂNULL, op, "already exists",
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â-EACCES, audit_info);
> @@ -488,9 +559,9 @@ ssize_t ima_parse_add_rule(char *rule)
> Â Â Â Â Â Â Â Âreturn result;
> Â Â Â Â}
>
> - Â Â Â mutex_lock(&ima_measure_mutex);
> - Â Â Â list_add_tail(&entry->list, &measure_policy_rules);
> - Â Â Â mutex_unlock(&ima_measure_mutex);
> + Â Â Â mutex_lock(&ima_rules_mutex);
> + Â Â Â list_add_tail(&entry->list, &ima_policy_rules);
> + Â Â Â mutex_unlock(&ima_rules_mutex);
>
> Â Â Â Âreturn len;
> Â}
> @@ -498,12 +569,12 @@ ssize_t ima_parse_add_rule(char *rule)
> Â/* ima_delete_rules called to cleanup invalid policy */
> Âvoid ima_delete_rules(void)
> Â{
> - Â Â Â struct ima_measure_rule_entry *entry, *tmp;
> + Â Â Â struct ima_rule_entry *entry, *tmp;
>
> - Â Â Â mutex_lock(&ima_measure_mutex);
> - Â Â Â list_for_each_entry_safe(entry, tmp, &measure_policy_rules, list) {
> + Â Â Â mutex_lock(&ima_rules_mutex);
> + Â Â Â list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) {
> Â Â Â Â Â Â Â Âlist_del(&entry->list);
> Â Â Â Â Â Â Â Âkfree(entry);
> Â Â Â Â}
> - Â Â Â mutex_unlock(&ima_measure_mutex);
> + Â Â Â mutex_unlock(&ima_rules_mutex);
> Â}
> --
> 1.7.6.5
>
¢éì®&Þ~º&¶¬–+-±éÝ¥Šw®žË±Êâmébžìdz¹Þ)í…æèw*jg¬±¨¶‰šŽŠÝj/êäz¹ÞŠà2ŠÞ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v‰¨Šwè†Ù>Wš±êÞiÛaxPjØm¶ŸÿÃ-»+ƒùdš_

Next message: Andrea Arcangeli: "Re: [RFC] AutoNUMA alpha6"
Previous message: Ravi Kumar V: "[PATCH v5 2/2] DMAEngine: Add DMAEngine driver based on old MSM ADM DMA APIs"
In reply to: Mimi Zohar: "[PATCH v3 05/12] ima: add appraise action keywords and default rules"
Next in thread: Mimi Zohar: "[PATCH v3 11/12] ima: add support for different security.ima data types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]