pm24.git/security/integrity/ima, branch v5.7

ima: Fix return value of ima_write_policy()

2020-05-08T01:36:31Z

This patch fixes the return value of ima_write_policy() when a new policy is directly passed to IMA and the current policy requires appraisal of the file containing the policy. Currently, if appraisal is not in ENFORCE mode, ima_write_policy() returns 0 and leads user space applications to an endless loop. Fix this issue by denying the operation regardless of the appraisal mode. Cc: stable@vger.kernel.org # 4.10.x Fixes: 19f8a84713edc ("ima: measure and appraise the IMA policy itself") Signed-off-by: Roberto Sassu Reviewed-by: Krzysztof Struczynski Signed-off-by: Mimi Zohar

ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()

2020-05-08T01:30:58Z

Commit a408e4a86b36 ("ima: open a new file instance if no read permissions") tries to create a new file descriptor to calculate a file digest if the file has not been opened with O_RDONLY flag. However, if a new file descriptor cannot be obtained, it sets the FMODE_READ flag to file->f_flags instead of file->f_mode. This patch fixes this issue by replacing f_flags with f_mode as it was before that commit. Cc: stable@vger.kernel.org # 4.20.x Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions") Signed-off-by: Roberto Sassu Reviewed-by: Goldwyn Rodrigues Signed-off-by: Mimi Zohar

ima: add a new CONFIG for loading arch-specific policies

2020-03-12T11:43:57Z

Every time a new architecture defines the IMA architecture specific functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA include file needs to be updated. To avoid this "noise", this patch defines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowing the different architectures to select it. Suggested-by: Linus Torvalds Signed-off-by: Nayna Jain Acked-by: Ard Biesheuvel Acked-by: Philipp Rudo (s390) Acked-by: Michael Ellerman (powerpc) Signed-off-by: Mimi Zohar

integrity: Remove duplicate pr_fmt definitions

2020-02-28T19:32:58Z

The #define for formatting log messages, pr_fmt, is duplicated in the files under security/integrity. This change moves the definition to security/integrity/integrity.h and removes the duplicate definitions in the other files under security/integrity. With this change, the messages in the following files will be prefixed with 'integrity'. security/integrity/platform_certs/platform_keyring.c security/integrity/platform_certs/load_powerpc.c security/integrity/platform_certs/load_uefi.c security/integrity/iint.c e.g. "integrity: Error adding keys to platform keyring %s\n" And the messages in the following file will be prefixed with 'ima'. security/integrity/ima/ima_mok.c e.g. "ima: Allocating IMA blacklist keyring.\n" For the rest of the files under security/integrity, there will be no change in the message format. Suggested-by: Shuah Khan Suggested-by: Joe Perches Signed-off-by: Tushar Sugandhi Reviewed-by: Lakshmi Ramasubramanian Signed-off-by: Mimi Zohar

IMA: Add log statements for failure conditions

2020-02-28T19:32:58Z

process_buffer_measurement() does not have log messages for failure conditions. This change adds a log statement in the above function. Suggested-by: Joe Perches Signed-off-by: Tushar Sugandhi Reviewed-by: Mimi Zohar Reviewed-by: Lakshmi Ramasubramanian Signed-off-by: Mimi Zohar

IMA: Update KBUILD_MODNAME for IMA files to ima

2020-02-28T19:32:58Z

The kbuild Makefile specifies object files for vmlinux in the $(obj-y) lists. These lists depend on the kernel configuration[1]. The kbuild Makefile for IMA combines the object files for IMA into a single object file namely ima.o. All the object files for IMA should be combined into ima.o. But certain object files are being added to their own $(obj-y). This results in the log messages from those modules getting prefixed with their respective base file name, instead of "ima". This is inconsistent with the log messages from the IMA modules that are combined into ima.o. This change fixes the above issue. [1] Documentation\kbuild\makefiles.rst Signed-off-by: Tushar Sugandhi Reviewed-by: Mimi Zohar Reviewed-by: Lakshmi Ramasubramanian Signed-off-by: Mimi Zohar

ima: add sm3 algorithm to hash algorithm configuration list

2020-02-18T12:35:49Z

sm3 has been supported by the ima hash algorithm, but it is not yet in the Kconfig configuration list. After adding, both ima and tpm2 can support sm3 well. Signed-off-by: Tianjia Zhang Signed-off-by: Mimi Zohar

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

2020-01-29T02:52:09Z

Pull IMA updates from Mimi Zohar: "Two new features - measuring certificates and querying IMA for a file hash - and three bug fixes: - Measuring certificates is like the rest of IMA, based on policy, but requires loading a custom policy. Certificates loaded onto a keyring, for example during early boot, before a custom policy has been loaded, are queued and only processed after loading the custom policy. - IMA calculates and caches files hashes. Other kernel subsystems, and possibly kernel modules, are interested in accessing these cached file hashes. The bug fixes prevent classifying a file short read (e.g. shutdown) as an invalid file signature, add a missing blank when displaying the securityfs policy rules containing LSM labels, and, lastly, fix the handling of the IMA policy information for unknown LSM labels" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: IMA: Defined delayed workqueue to free the queued keys IMA: Call workqueue functions to measure queued keys IMA: Define workqueue for early boot key measurements IMA: pre-allocate buffer to hold keyrings string ima: ima/lsm policy rule loading logic bug fixes ima: add the ability to query the cached hash of a given file ima: Add a space after printing LSM rules for readability IMA: fix measuring asymmetric keys Kconfig IMA: Read keyrings= option from the IMA policy IMA: Add support to limit measuring keys KEYS: Call the IMA hook to measure keys IMA: Define an IMA hook to measure keys IMA: Add KEY_CHECK func to measure keys IMA: Check IMA policy flag ima: avoid appraise error for hash calc interrupt

IMA: Defined delayed workqueue to free the queued keys

2020-01-23T12:37:31Z

Keys queued for measurement should be freed if a custom IMA policy was not loaded. Otherwise, the keys will remain queued forever consuming kernel memory. This patch defines a delayed workqueue to handle the above scenario. The workqueue handler is setup to execute 5 minutes after IMA initialization is completed. If a custom IMA policy is loaded before the workqueue handler is scheduled to execute, the workqueue task is cancelled and any queued keys are processed for measurement. But if a custom policy was not loaded then the queued keys are just freed when the delayed workqueue handler is run. Signed-off-by: Lakshmi Ramasubramanian Reported-by: kernel test robot # sleeping function called from invalid context Reported-by: kbuild test robot # redefinition of ima_init_key_queue() function. Signed-off-by: Mimi Zohar

IMA: Call workqueue functions to measure queued keys

2020-01-23T12:35:25Z

Measuring keys requires a custom IMA policy to be loaded. Keys should be queued for measurement if a custom IMA policy is not yet loaded. Keys queued for measurement, if any, should be processed when a custom policy is loaded. This patch updates the IMA hook function ima_post_key_create_or_update() to queue the key if a custom IMA policy has not yet been loaded. And, ima_update_policy() function, which is called when a custom IMA policy is loaded, is updated to process queued keys. Signed-off-by: Lakshmi Ramasubramanian Signed-off-by: Mimi Zohar