]> git.ipfire.org Git - thirdparty/linux.git/blob - security/integrity/ima/ima_policy.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'stable/for-linus-5.2' of git://git.kernel.org/pub/scm/linux/kernel...
[thirdparty/linux.git] / security / integrity / ima / ima_policy.c
1 /*
2 * Copyright (C) 2008 IBM Corporation
3 * Author: Mimi Zohar <zohar@us.ibm.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 2 of the License.
8 *
9 * ima_policy.c
10 * - initialize default measure policy rules
11 *
12 */
13 #include <linux/init.h>
14 #include <linux/list.h>
15 #include <linux/fs.h>
16 #include <linux/security.h>
17 #include <linux/magic.h>
18 #include <linux/parser.h>
19 #include <linux/slab.h>
20 #include <linux/rculist.h>
21 #include <linux/genhd.h>
22 #include <linux/seq_file.h>
23 #include <linux/ima.h>
24
25 #include "ima.h"
26
27 /* flags definitions */
28 #define IMA_FUNC 0x0001
29 #define IMA_MASK 0x0002
30 #define IMA_FSMAGIC 0x0004
31 #define IMA_UID 0x0008
32 #define IMA_FOWNER 0x0010
33 #define IMA_FSUUID 0x0020
34 #define IMA_INMASK 0x0040
35 #define IMA_EUID 0x0080
36 #define IMA_PCR 0x0100
37 #define IMA_FSNAME 0x0200
38
39 #define UNKNOWN 0
40 #define MEASURE 0x0001 /* same as IMA_MEASURE */
41 #define DONT_MEASURE 0x0002
42 #define APPRAISE 0x0004 /* same as IMA_APPRAISE */
43 #define DONT_APPRAISE 0x0008
44 #define AUDIT 0x0040
45 #define HASH 0x0100
46 #define DONT_HASH 0x0200
47
48 #define INVALID_PCR(a) (((a) < 0) || \
49 (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8))
50
51 int ima_policy_flag;
52 static int temp_ima_appraise;
53 static int build_ima_appraise __ro_after_init;
54
55 #define MAX_LSM_RULES 6
56 enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
57 LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
58 };
59
60 enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };
61
62 enum policy_rule_list { IMA_DEFAULT_POLICY = 1, IMA_CUSTOM_POLICY };
63
64 struct ima_rule_entry {
65 struct list_head list;
66 int action;
67 unsigned int flags;
68 enum ima_hooks func;
69 int mask;
70 unsigned long fsmagic;
71 uuid_t fsuuid;
72 kuid_t uid;
73 kuid_t fowner;
74 bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */
75 bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */
76 int pcr;
77 struct {
78 void *rule; /* LSM file metadata specific */
79 void *args_p; /* audit value */
80 int type; /* audit type */
81 } lsm[MAX_LSM_RULES];
82 char *fsname;
83 };
84
85 /*
86 * Without LSM specific knowledge, the default policy can only be
87 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
88 */
89
90 /*
91 * The minimum rule set to allow for full TCB coverage. Measures all files
92 * opened or mmap for exec and everything read by root. Dangerous because
93 * normal users can easily run the machine out of memory simply building
94 * and running executables.
95 */
96 static struct ima_rule_entry dont_measure_rules[] __ro_after_init = {
97 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
98 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
99 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
100 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
101 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
102 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
103 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
104 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
105 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
106 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
107 .flags = IMA_FSMAGIC},
108 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
109 .flags = IMA_FSMAGIC},
110 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
111 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
112 };
113
114 static struct ima_rule_entry original_measurement_rules[] __ro_after_init = {
115 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
116 .flags = IMA_FUNC | IMA_MASK},
117 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
118 .flags = IMA_FUNC | IMA_MASK},
119 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
120 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
121 .flags = IMA_FUNC | IMA_MASK | IMA_UID},
122 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
123 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
124 };
125
126 static struct ima_rule_entry default_measurement_rules[] __ro_after_init = {
127 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
128 .flags = IMA_FUNC | IMA_MASK},
129 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
130 .flags = IMA_FUNC | IMA_MASK},
131 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
132 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
133 .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
134 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
135 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
136 .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
137 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
138 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
139 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
140 };
141
142 static struct ima_rule_entry default_appraise_rules[] __ro_after_init = {
143 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
144 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
145 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
146 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
147 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
148 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
149 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
150 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
151 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
152 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
153 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
154 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
155 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
156 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
157 #ifdef CONFIG_IMA_WRITE_POLICY
158 {.action = APPRAISE, .func = POLICY_CHECK,
159 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
160 #endif
161 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT
162 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
163 .flags = IMA_FOWNER},
164 #else
165 /* force signature */
166 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
167 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED},
168 #endif
169 };
170
171 static struct ima_rule_entry build_appraise_rules[] __ro_after_init = {
172 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_MODULE_SIGS
173 {.action = APPRAISE, .func = MODULE_CHECK,
174 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
175 #endif
176 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_FIRMWARE_SIGS
177 {.action = APPRAISE, .func = FIRMWARE_CHECK,
178 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
179 #endif
180 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS
181 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
182 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
183 #endif
184 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS
185 {.action = APPRAISE, .func = POLICY_CHECK,
186 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
187 #endif
188 };
189
190 static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
191 {.action = APPRAISE, .func = MODULE_CHECK,
192 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
193 {.action = APPRAISE, .func = FIRMWARE_CHECK,
194 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
195 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
196 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
197 {.action = APPRAISE, .func = POLICY_CHECK,
198 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
199 };
200
201 /* An array of architecture specific rules */
202 struct ima_rule_entry *arch_policy_entry __ro_after_init;
203
204 static LIST_HEAD(ima_default_rules);
205 static LIST_HEAD(ima_policy_rules);
206 static LIST_HEAD(ima_temp_rules);
207 static struct list_head *ima_rules;
208
209 static int ima_policy __initdata;
210
211 static int __init default_measure_policy_setup(char *str)
212 {
213 if (ima_policy)
214 return 1;
215
216 ima_policy = ORIGINAL_TCB;
217 return 1;
218 }
219 __setup("ima_tcb", default_measure_policy_setup);
220
221 static bool ima_use_appraise_tcb __initdata;
222 static bool ima_use_secure_boot __initdata;
223 static bool ima_fail_unverifiable_sigs __ro_after_init;
224 static int __init policy_setup(char *str)
225 {
226 char *p;
227
228 while ((p = strsep(&str, " |\n")) != NULL) {
229 if (*p == ' ')
230 continue;
231 if ((strcmp(p, "tcb") == 0) && !ima_policy)
232 ima_policy = DEFAULT_TCB;
233 else if (strcmp(p, "appraise_tcb") == 0)
234 ima_use_appraise_tcb = true;
235 else if (strcmp(p, "secure_boot") == 0)
236 ima_use_secure_boot = true;
237 else if (strcmp(p, "fail_securely") == 0)
238 ima_fail_unverifiable_sigs = true;
239 }
240
241 return 1;
242 }
243 __setup("ima_policy=", policy_setup);
244
245 static int __init default_appraise_policy_setup(char *str)
246 {
247 ima_use_appraise_tcb = true;
248 return 1;
249 }
250 __setup("ima_appraise_tcb", default_appraise_policy_setup);
251
252 /*
253 * The LSM policy can be reloaded, leaving the IMA LSM based rules referring
254 * to the old, stale LSM policy. Update the IMA LSM based rules to reflect
255 * the reloaded LSM policy. We assume the rules still exist; and BUG_ON() if
256 * they don't.
257 */
258 static void ima_lsm_update_rules(void)
259 {
260 struct ima_rule_entry *entry;
261 int result;
262 int i;
263
264 list_for_each_entry(entry, &ima_policy_rules, list) {
265 for (i = 0; i < MAX_LSM_RULES; i++) {
266 if (!entry->lsm[i].rule)
267 continue;
268 result = security_filter_rule_init(entry->lsm[i].type,
269 Audit_equal,
270 entry->lsm[i].args_p,
271 &entry->lsm[i].rule);
272 BUG_ON(!entry->lsm[i].rule);
273 }
274 }
275 }
276
277 /**
278 * ima_match_rules - determine whether an inode matches the measure rule.
279 * @rule: a pointer to a rule
280 * @inode: a pointer to an inode
281 * @cred: a pointer to a credentials structure for user validation
282 * @secid: the secid of the task to be validated
283 * @func: LIM hook identifier
284 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
285 *
286 * Returns true on rule match, false on failure.
287 */
288 static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
289 const struct cred *cred, u32 secid,
290 enum ima_hooks func, int mask)
291 {
292 int i;
293
294 if ((rule->flags & IMA_FUNC) &&
295 (rule->func != func && func != POST_SETATTR))
296 return false;
297 if ((rule->flags & IMA_MASK) &&
298 (rule->mask != mask && func != POST_SETATTR))
299 return false;
300 if ((rule->flags & IMA_INMASK) &&
301 (!(rule->mask & mask) && func != POST_SETATTR))
302 return false;
303 if ((rule->flags & IMA_FSMAGIC)
304 && rule->fsmagic != inode->i_sb->s_magic)
305 return false;
306 if ((rule->flags & IMA_FSNAME)
307 && strcmp(rule->fsname, inode->i_sb->s_type->name))
308 return false;
309 if ((rule->flags & IMA_FSUUID) &&
310 !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid))
311 return false;
312 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
313 return false;
314 if (rule->flags & IMA_EUID) {
315 if (has_capability_noaudit(current, CAP_SETUID)) {
316 if (!rule->uid_op(cred->euid, rule->uid)
317 && !rule->uid_op(cred->suid, rule->uid)
318 && !rule->uid_op(cred->uid, rule->uid))
319 return false;
320 } else if (!rule->uid_op(cred->euid, rule->uid))
321 return false;
322 }
323
324 if ((rule->flags & IMA_FOWNER) &&
325 !rule->fowner_op(inode->i_uid, rule->fowner))
326 return false;
327 for (i = 0; i < MAX_LSM_RULES; i++) {
328 int rc = 0;
329 u32 osid;
330 int retried = 0;
331
332 if (!rule->lsm[i].rule)
333 continue;
334 retry:
335 switch (i) {
336 case LSM_OBJ_USER:
337 case LSM_OBJ_ROLE:
338 case LSM_OBJ_TYPE:
339 security_inode_getsecid(inode, &osid);
340 rc = security_filter_rule_match(osid,
341 rule->lsm[i].type,
342 Audit_equal,
343 rule->lsm[i].rule);
344 break;
345 case LSM_SUBJ_USER:
346 case LSM_SUBJ_ROLE:
347 case LSM_SUBJ_TYPE:
348 rc = security_filter_rule_match(secid,
349 rule->lsm[i].type,
350 Audit_equal,
351 rule->lsm[i].rule);
352 default:
353 break;
354 }
355 if ((rc < 0) && (!retried)) {
356 retried = 1;
357 ima_lsm_update_rules();
358 goto retry;
359 }
360 if (!rc)
361 return false;
362 }
363 return true;
364 }
365
366 /*
367 * In addition to knowing that we need to appraise the file in general,
368 * we need to differentiate between calling hooks, for hook specific rules.
369 */
370 static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
371 {
372 if (!(rule->flags & IMA_FUNC))
373 return IMA_FILE_APPRAISE;
374
375 switch (func) {
376 case MMAP_CHECK:
377 return IMA_MMAP_APPRAISE;
378 case BPRM_CHECK:
379 return IMA_BPRM_APPRAISE;
380 case CREDS_CHECK:
381 return IMA_CREDS_APPRAISE;
382 case FILE_CHECK:
383 case POST_SETATTR:
384 return IMA_FILE_APPRAISE;
385 case MODULE_CHECK ... MAX_CHECK - 1:
386 default:
387 return IMA_READ_APPRAISE;
388 }
389 }
390
391 /**
392 * ima_match_policy - decision based on LSM and other conditions
393 * @inode: pointer to an inode for which the policy decision is being made
394 * @cred: pointer to a credentials structure for which the policy decision is
395 * being made
396 * @secid: LSM secid of the task to be validated
397 * @func: IMA hook identifier
398 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
399 * @pcr: set the pcr to extend
400 *
401 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
402 * conditions.
403 *
404 * Since the IMA policy may be updated multiple times we need to lock the
405 * list when walking it. Reads are many orders of magnitude more numerous
406 * than writes so ima_match_policy() is classical RCU candidate.
407 */
408 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
409 enum ima_hooks func, int mask, int flags, int *pcr)
410 {
411 struct ima_rule_entry *entry;
412 int action = 0, actmask = flags | (flags << 1);
413
414 rcu_read_lock();
415 list_for_each_entry_rcu(entry, ima_rules, list) {
416
417 if (!(entry->action & actmask))
418 continue;
419
420 if (!ima_match_rules(entry, inode, cred, secid, func, mask))
421 continue;
422
423 action |= entry->flags & IMA_ACTION_FLAGS;
424
425 action |= entry->action & IMA_DO_MASK;
426 if (entry->action & IMA_APPRAISE) {
427 action |= get_subaction(entry, func);
428 action &= ~IMA_HASH;
429 if (ima_fail_unverifiable_sigs)
430 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
431 }
432
433 if (entry->action & IMA_DO_MASK)
434 actmask &= ~(entry->action | entry->action << 1);
435 else
436 actmask &= ~(entry->action | entry->action >> 1);
437
438 if ((pcr) && (entry->flags & IMA_PCR))
439 *pcr = entry->pcr;
440
441 if (!actmask)
442 break;
443 }
444 rcu_read_unlock();
445
446 return action;
447 }
448
449 /*
450 * Initialize the ima_policy_flag variable based on the currently
451 * loaded policy. Based on this flag, the decision to short circuit
452 * out of a function or not call the function in the first place
453 * can be made earlier.
454 */
455 void ima_update_policy_flag(void)
456 {
457 struct ima_rule_entry *entry;
458
459 list_for_each_entry(entry, ima_rules, list) {
460 if (entry->action & IMA_DO_MASK)
461 ima_policy_flag |= entry->action;
462 }
463
464 ima_appraise |= (build_ima_appraise | temp_ima_appraise);
465 if (!ima_appraise)
466 ima_policy_flag &= ~IMA_APPRAISE;
467 }
468
469 static int ima_appraise_flag(enum ima_hooks func)
470 {
471 if (func == MODULE_CHECK)
472 return IMA_APPRAISE_MODULES;
473 else if (func == FIRMWARE_CHECK)
474 return IMA_APPRAISE_FIRMWARE;
475 else if (func == POLICY_CHECK)
476 return IMA_APPRAISE_POLICY;
477 else if (func == KEXEC_KERNEL_CHECK)
478 return IMA_APPRAISE_KEXEC;
479 return 0;
480 }
481
482 static void add_rules(struct ima_rule_entry *entries, int count,
483 enum policy_rule_list policy_rule)
484 {
485 int i = 0;
486
487 for (i = 0; i < count; i++) {
488 struct ima_rule_entry *entry;
489
490 if (policy_rule & IMA_DEFAULT_POLICY)
491 list_add_tail(&entries[i].list, &ima_default_rules);
492
493 if (policy_rule & IMA_CUSTOM_POLICY) {
494 entry = kmemdup(&entries[i], sizeof(*entry),
495 GFP_KERNEL);
496 if (!entry)
497 continue;
498
499 list_add_tail(&entry->list, &ima_policy_rules);
500 }
501 if (entries[i].action == APPRAISE)
502 temp_ima_appraise |= ima_appraise_flag(entries[i].func);
503 if (entries[i].func == POLICY_CHECK)
504 temp_ima_appraise |= IMA_APPRAISE_POLICY;
505 }
506 }
507
508 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
509
510 static int __init ima_init_arch_policy(void)
511 {
512 const char * const *arch_rules;
513 const char * const *rules;
514 int arch_entries = 0;
515 int i = 0;
516
517 arch_rules = arch_get_ima_policy();
518 if (!arch_rules)
519 return arch_entries;
520
521 /* Get number of rules */
522 for (rules = arch_rules; *rules != NULL; rules++)
523 arch_entries++;
524
525 arch_policy_entry = kcalloc(arch_entries + 1,
526 sizeof(*arch_policy_entry), GFP_KERNEL);
527 if (!arch_policy_entry)
528 return 0;
529
530 /* Convert each policy string rules to struct ima_rule_entry format */
531 for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
532 char rule[255];
533 int result;
534
535 result = strlcpy(rule, *rules, sizeof(rule));
536
537 INIT_LIST_HEAD(&arch_policy_entry[i].list);
538 result = ima_parse_rule(rule, &arch_policy_entry[i]);
539 if (result) {
540 pr_warn("Skipping unknown architecture policy rule: %s\n",
541 rule);
542 memset(&arch_policy_entry[i], 0,
543 sizeof(*arch_policy_entry));
544 continue;
545 }
546 i++;
547 }
548 return i;
549 }
550
551 /**
552 * ima_init_policy - initialize the default measure rules.
553 *
554 * ima_rules points to either the ima_default_rules or the
555 * the new ima_policy_rules.
556 */
557 void __init ima_init_policy(void)
558 {
559 int build_appraise_entries, arch_entries;
560
561 /* if !ima_policy, we load NO default rules */
562 if (ima_policy)
563 add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules),
564 IMA_DEFAULT_POLICY);
565
566 switch (ima_policy) {
567 case ORIGINAL_TCB:
568 add_rules(original_measurement_rules,
569 ARRAY_SIZE(original_measurement_rules),
570 IMA_DEFAULT_POLICY);
571 break;
572 case DEFAULT_TCB:
573 add_rules(default_measurement_rules,
574 ARRAY_SIZE(default_measurement_rules),
575 IMA_DEFAULT_POLICY);
576 default:
577 break;
578 }
579
580 /*
581 * Based on runtime secure boot flags, insert arch specific measurement
582 * and appraise rules requiring file signatures for both the initial
583 * and custom policies, prior to other appraise rules.
584 * (Highest priority)
585 */
586 arch_entries = ima_init_arch_policy();
587 if (!arch_entries)
588 pr_info("No architecture policies found\n");
589 else
590 add_rules(arch_policy_entry, arch_entries,
591 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
592
593 /*
594 * Insert the builtin "secure_boot" policy rules requiring file
595 * signatures, prior to other appraise rules.
596 */
597 if (ima_use_secure_boot)
598 add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules),
599 IMA_DEFAULT_POLICY);
600
601 /*
602 * Insert the build time appraise rules requiring file signatures
603 * for both the initial and custom policies, prior to other appraise
604 * rules. As the secure boot rules includes all of the build time
605 * rules, include either one or the other set of rules, but not both.
606 */
607 build_appraise_entries = ARRAY_SIZE(build_appraise_rules);
608 if (build_appraise_entries) {
609 if (ima_use_secure_boot)
610 add_rules(build_appraise_rules, build_appraise_entries,
611 IMA_CUSTOM_POLICY);
612 else
613 add_rules(build_appraise_rules, build_appraise_entries,
614 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
615 }
616
617 if (ima_use_appraise_tcb)
618 add_rules(default_appraise_rules,
619 ARRAY_SIZE(default_appraise_rules),
620 IMA_DEFAULT_POLICY);
621
622 ima_rules = &ima_default_rules;
623 ima_update_policy_flag();
624 }
625
626 /* Make sure we have a valid policy, at least containing some rules. */
627 int ima_check_policy(void)
628 {
629 if (list_empty(&ima_temp_rules))
630 return -EINVAL;
631 return 0;
632 }
633
634 /**
635 * ima_update_policy - update default_rules with new measure rules
636 *
637 * Called on file .release to update the default rules with a complete new
638 * policy. What we do here is to splice ima_policy_rules and ima_temp_rules so
639 * they make a queue. The policy may be updated multiple times and this is the
640 * RCU updater.
641 *
642 * Policy rules are never deleted so ima_policy_flag gets zeroed only once when
643 * we switch from the default policy to user defined.
644 */
645 void ima_update_policy(void)
646 {
647 struct list_head *policy = &ima_policy_rules;
648
649 list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu);
650
651 if (ima_rules != policy) {
652 ima_policy_flag = 0;
653 ima_rules = policy;
654
655 /*
656 * IMA architecture specific policy rules are specified
657 * as strings and converted to an array of ima_entry_rules
658 * on boot. After loading a custom policy, free the
659 * architecture specific rules stored as an array.
660 */
661 kfree(arch_policy_entry);
662 }
663 ima_update_policy_flag();
664 }
665
666 /* Keep the enumeration in sync with the policy_tokens! */
667 enum {
668 Opt_measure, Opt_dont_measure,
669 Opt_appraise, Opt_dont_appraise,
670 Opt_audit, Opt_hash, Opt_dont_hash,
671 Opt_obj_user, Opt_obj_role, Opt_obj_type,
672 Opt_subj_user, Opt_subj_role, Opt_subj_type,
673 Opt_func, Opt_mask, Opt_fsmagic, Opt_fsname,
674 Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq,
675 Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt,
676 Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt,
677 Opt_appraise_type, Opt_permit_directio,
678 Opt_pcr, Opt_err
679 };
680
681 static const match_table_t policy_tokens = {
682 {Opt_measure, "measure"},
683 {Opt_dont_measure, "dont_measure"},
684 {Opt_appraise, "appraise"},
685 {Opt_dont_appraise, "dont_appraise"},
686 {Opt_audit, "audit"},
687 {Opt_hash, "hash"},
688 {Opt_dont_hash, "dont_hash"},
689 {Opt_obj_user, "obj_user=%s"},
690 {Opt_obj_role, "obj_role=%s"},
691 {Opt_obj_type, "obj_type=%s"},
692 {Opt_subj_user, "subj_user=%s"},
693 {Opt_subj_role, "subj_role=%s"},
694 {Opt_subj_type, "subj_type=%s"},
695 {Opt_func, "func=%s"},
696 {Opt_mask, "mask=%s"},
697 {Opt_fsmagic, "fsmagic=%s"},
698 {Opt_fsname, "fsname=%s"},
699 {Opt_fsuuid, "fsuuid=%s"},
700 {Opt_uid_eq, "uid=%s"},
701 {Opt_euid_eq, "euid=%s"},
702 {Opt_fowner_eq, "fowner=%s"},
703 {Opt_uid_gt, "uid>%s"},
704 {Opt_euid_gt, "euid>%s"},
705 {Opt_fowner_gt, "fowner>%s"},
706 {Opt_uid_lt, "uid<%s"},
707 {Opt_euid_lt, "euid<%s"},
708 {Opt_fowner_lt, "fowner<%s"},
709 {Opt_appraise_type, "appraise_type=%s"},
710 {Opt_permit_directio, "permit_directio"},
711 {Opt_pcr, "pcr=%s"},
712 {Opt_err, NULL}
713 };
714
715 static int ima_lsm_rule_init(struct ima_rule_entry *entry,
716 substring_t *args, int lsm_rule, int audit_type)
717 {
718 int result;
719
720 if (entry->lsm[lsm_rule].rule)
721 return -EINVAL;
722
723 entry->lsm[lsm_rule].args_p = match_strdup(args);
724 if (!entry->lsm[lsm_rule].args_p)
725 return -ENOMEM;
726
727 entry->lsm[lsm_rule].type = audit_type;
728 result = security_filter_rule_init(entry->lsm[lsm_rule].type,
729 Audit_equal,
730 entry->lsm[lsm_rule].args_p,
731 &entry->lsm[lsm_rule].rule);
732 if (!entry->lsm[lsm_rule].rule) {
733 kfree(entry->lsm[lsm_rule].args_p);
734 return -EINVAL;
735 }
736
737 return result;
738 }
739
740 static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
741 bool (*rule_operator)(kuid_t, kuid_t))
742 {
743 if (!ab)
744 return;
745
746 if (rule_operator == &uid_gt)
747 audit_log_format(ab, "%s>", key);
748 else if (rule_operator == &uid_lt)
749 audit_log_format(ab, "%s<", key);
750 else
751 audit_log_format(ab, "%s=", key);
752 audit_log_format(ab, "%s ", value);
753 }
754 static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
755 {
756 ima_log_string_op(ab, key, value, NULL);
757 }
758
759 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
760 {
761 struct audit_buffer *ab;
762 char *from;
763 char *p;
764 bool uid_token;
765 int result = 0;
766
767 ab = integrity_audit_log_start(audit_context(), GFP_KERNEL,
768 AUDIT_INTEGRITY_POLICY_RULE);
769
770 entry->uid = INVALID_UID;
771 entry->fowner = INVALID_UID;
772 entry->uid_op = &uid_eq;
773 entry->fowner_op = &uid_eq;
774 entry->action = UNKNOWN;
775 while ((p = strsep(&rule, " \t")) != NULL) {
776 substring_t args[MAX_OPT_ARGS];
777 int token;
778 unsigned long lnum;
779
780 if (result < 0)
781 break;
782 if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
783 continue;
784 token = match_token(p, policy_tokens, args);
785 switch (token) {
786 case Opt_measure:
787 ima_log_string(ab, "action", "measure");
788
789 if (entry->action != UNKNOWN)
790 result = -EINVAL;
791
792 entry->action = MEASURE;
793 break;
794 case Opt_dont_measure:
795 ima_log_string(ab, "action", "dont_measure");
796
797 if (entry->action != UNKNOWN)
798 result = -EINVAL;
799
800 entry->action = DONT_MEASURE;
801 break;
802 case Opt_appraise:
803 ima_log_string(ab, "action", "appraise");
804
805 if (entry->action != UNKNOWN)
806 result = -EINVAL;
807
808 entry->action = APPRAISE;
809 break;
810 case Opt_dont_appraise:
811 ima_log_string(ab, "action", "dont_appraise");
812
813 if (entry->action != UNKNOWN)
814 result = -EINVAL;
815
816 entry->action = DONT_APPRAISE;
817 break;
818 case Opt_audit:
819 ima_log_string(ab, "action", "audit");
820
821 if (entry->action != UNKNOWN)
822 result = -EINVAL;
823
824 entry->action = AUDIT;
825 break;
826 case Opt_hash:
827 ima_log_string(ab, "action", "hash");
828
829 if (entry->action != UNKNOWN)
830 result = -EINVAL;
831
832 entry->action = HASH;
833 break;
834 case Opt_dont_hash:
835 ima_log_string(ab, "action", "dont_hash");
836
837 if (entry->action != UNKNOWN)
838 result = -EINVAL;
839
840 entry->action = DONT_HASH;
841 break;
842 case Opt_func:
843 ima_log_string(ab, "func", args[0].from);
844
845 if (entry->func)
846 result = -EINVAL;
847
848 if (strcmp(args[0].from, "FILE_CHECK") == 0)
849 entry->func = FILE_CHECK;
850 /* PATH_CHECK is for backwards compat */
851 else if (strcmp(args[0].from, "PATH_CHECK") == 0)
852 entry->func = FILE_CHECK;
853 else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
854 entry->func = MODULE_CHECK;
855 else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0)
856 entry->func = FIRMWARE_CHECK;
857 else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
858 || (strcmp(args[0].from, "MMAP_CHECK") == 0))
859 entry->func = MMAP_CHECK;
860 else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
861 entry->func = BPRM_CHECK;
862 else if (strcmp(args[0].from, "CREDS_CHECK") == 0)
863 entry->func = CREDS_CHECK;
864 else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") ==
865 0)
866 entry->func = KEXEC_KERNEL_CHECK;
867 else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK")
868 == 0)
869 entry->func = KEXEC_INITRAMFS_CHECK;
870 else if (strcmp(args[0].from, "POLICY_CHECK") == 0)
871 entry->func = POLICY_CHECK;
872 else
873 result = -EINVAL;
874 if (!result)
875 entry->flags |= IMA_FUNC;
876 break;
877 case Opt_mask:
878 ima_log_string(ab, "mask", args[0].from);
879
880 if (entry->mask)
881 result = -EINVAL;
882
883 from = args[0].from;
884 if (*from == '^')
885 from++;
886
887 if ((strcmp(from, "MAY_EXEC")) == 0)
888 entry->mask = MAY_EXEC;
889 else if (strcmp(from, "MAY_WRITE") == 0)
890 entry->mask = MAY_WRITE;
891 else if (strcmp(from, "MAY_READ") == 0)
892 entry->mask = MAY_READ;
893 else if (strcmp(from, "MAY_APPEND") == 0)
894 entry->mask = MAY_APPEND;
895 else
896 result = -EINVAL;
897 if (!result)
898 entry->flags |= (*args[0].from == '^')
899 ? IMA_INMASK : IMA_MASK;
900 break;
901 case Opt_fsmagic:
902 ima_log_string(ab, "fsmagic", args[0].from);
903
904 if (entry->fsmagic) {
905 result = -EINVAL;
906 break;
907 }
908
909 result = kstrtoul(args[0].from, 16, &entry->fsmagic);
910 if (!result)
911 entry->flags |= IMA_FSMAGIC;
912 break;
913 case Opt_fsname:
914 ima_log_string(ab, "fsname", args[0].from);
915
916 entry->fsname = kstrdup(args[0].from, GFP_KERNEL);
917 if (!entry->fsname) {
918 result = -ENOMEM;
919 break;
920 }
921 result = 0;
922 entry->flags |= IMA_FSNAME;
923 break;
924 case Opt_fsuuid:
925 ima_log_string(ab, "fsuuid", args[0].from);
926
927 if (!uuid_is_null(&entry->fsuuid)) {
928 result = -EINVAL;
929 break;
930 }
931
932 result = uuid_parse(args[0].from, &entry->fsuuid);
933 if (!result)
934 entry->flags |= IMA_FSUUID;
935 break;
936 case Opt_uid_gt:
937 case Opt_euid_gt:
938 entry->uid_op = &uid_gt;
939 /* fall through */
940 case Opt_uid_lt:
941 case Opt_euid_lt:
942 if ((token == Opt_uid_lt) || (token == Opt_euid_lt))
943 entry->uid_op = &uid_lt;
944 /* fall through */
945 case Opt_uid_eq:
946 case Opt_euid_eq:
947 uid_token = (token == Opt_uid_eq) ||
948 (token == Opt_uid_gt) ||
949 (token == Opt_uid_lt);
950
951 ima_log_string_op(ab, uid_token ? "uid" : "euid",
952 args[0].from, entry->uid_op);
953
954 if (uid_valid(entry->uid)) {
955 result = -EINVAL;
956 break;
957 }
958
959 result = kstrtoul(args[0].from, 10, &lnum);
960 if (!result) {
961 entry->uid = make_kuid(current_user_ns(),
962 (uid_t) lnum);
963 if (!uid_valid(entry->uid) ||
964 (uid_t)lnum != lnum)
965 result = -EINVAL;
966 else
967 entry->flags |= uid_token
968 ? IMA_UID : IMA_EUID;
969 }
970 break;
971 case Opt_fowner_gt:
972 entry->fowner_op = &uid_gt;
973 /* fall through */
974 case Opt_fowner_lt:
975 if (token == Opt_fowner_lt)
976 entry->fowner_op = &uid_lt;
977 /* fall through */
978 case Opt_fowner_eq:
979 ima_log_string_op(ab, "fowner", args[0].from,
980 entry->fowner_op);
981
982 if (uid_valid(entry->fowner)) {
983 result = -EINVAL;
984 break;
985 }
986
987 result = kstrtoul(args[0].from, 10, &lnum);
988 if (!result) {
989 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum);
990 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum))
991 result = -EINVAL;
992 else
993 entry->flags |= IMA_FOWNER;
994 }
995 break;
996 case Opt_obj_user:
997 ima_log_string(ab, "obj_user", args[0].from);
998 result = ima_lsm_rule_init(entry, args,
999 LSM_OBJ_USER,
1000 AUDIT_OBJ_USER);
1001 break;
1002 case Opt_obj_role:
1003 ima_log_string(ab, "obj_role", args[0].from);
1004 result = ima_lsm_rule_init(entry, args,
1005 LSM_OBJ_ROLE,
1006 AUDIT_OBJ_ROLE);
1007 break;
1008 case Opt_obj_type:
1009 ima_log_string(ab, "obj_type", args[0].from);
1010 result = ima_lsm_rule_init(entry, args,
1011 LSM_OBJ_TYPE,
1012 AUDIT_OBJ_TYPE);
1013 break;
1014 case Opt_subj_user:
1015 ima_log_string(ab, "subj_user", args[0].from);
1016 result = ima_lsm_rule_init(entry, args,
1017 LSM_SUBJ_USER,
1018 AUDIT_SUBJ_USER);
1019 break;
1020 case Opt_subj_role:
1021 ima_log_string(ab, "subj_role", args[0].from);
1022 result = ima_lsm_rule_init(entry, args,
1023 LSM_SUBJ_ROLE,
1024 AUDIT_SUBJ_ROLE);
1025 break;
1026 case Opt_subj_type:
1027 ima_log_string(ab, "subj_type", args[0].from);
1028 result = ima_lsm_rule_init(entry, args,
1029 LSM_SUBJ_TYPE,
1030 AUDIT_SUBJ_TYPE);
1031 break;
1032 case Opt_appraise_type:
1033 if (entry->action != APPRAISE) {
1034 result = -EINVAL;
1035 break;
1036 }
1037
1038 ima_log_string(ab, "appraise_type", args[0].from);
1039 if ((strcmp(args[0].from, "imasig")) == 0)
1040 entry->flags |= IMA_DIGSIG_REQUIRED;
1041 else
1042 result = -EINVAL;
1043 break;
1044 case Opt_permit_directio:
1045 entry->flags |= IMA_PERMIT_DIRECTIO;
1046 break;
1047 case Opt_pcr:
1048 if (entry->action != MEASURE) {
1049 result = -EINVAL;
1050 break;
1051 }
1052 ima_log_string(ab, "pcr", args[0].from);
1053
1054 result = kstrtoint(args[0].from, 10, &entry->pcr);
1055 if (result || INVALID_PCR(entry->pcr))
1056 result = -EINVAL;
1057 else
1058 entry->flags |= IMA_PCR;
1059
1060 break;
1061 case Opt_err:
1062 ima_log_string(ab, "UNKNOWN", p);
1063 result = -EINVAL;
1064 break;
1065 }
1066 }
1067 if (!result && (entry->action == UNKNOWN))
1068 result = -EINVAL;
1069 else if (entry->action == APPRAISE)
1070 temp_ima_appraise |= ima_appraise_flag(entry->func);
1071
1072 audit_log_format(ab, "res=%d", !result);
1073 audit_log_end(ab);
1074 return result;
1075 }
1076
1077 /**
1078 * ima_parse_add_rule - add a rule to ima_policy_rules
1079 * @rule - ima measurement policy rule
1080 *
1081 * Avoid locking by allowing just one writer at a time in ima_write_policy()
1082 * Returns the length of the rule parsed, an error code on failure
1083 */
1084 ssize_t ima_parse_add_rule(char *rule)
1085 {
1086 static const char op[] = "update_policy";
1087 char *p;
1088 struct ima_rule_entry *entry;
1089 ssize_t result, len;
1090 int audit_info = 0;
1091
1092 p = strsep(&rule, "\n");
1093 len = strlen(p) + 1;
1094 p += strspn(p, " \t");
1095
1096 if (*p == '#' || *p == '\0')
1097 return len;
1098
1099 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1100 if (!entry) {
1101 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1102 NULL, op, "-ENOMEM", -ENOMEM, audit_info);
1103 return -ENOMEM;
1104 }
1105
1106 INIT_LIST_HEAD(&entry->list);
1107
1108 result = ima_parse_rule(p, entry);
1109 if (result) {
1110 kfree(entry);
1111 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1112 NULL, op, "invalid-policy", result,
1113 audit_info);
1114 return result;
1115 }
1116
1117 list_add_tail(&entry->list, &ima_temp_rules);
1118
1119 return len;
1120 }
1121
1122 /**
1123 * ima_delete_rules() called to cleanup invalid in-flight policy.
1124 * We don't need locking as we operate on the temp list, which is
1125 * different from the active one. There is also only one user of
1126 * ima_delete_rules() at a time.
1127 */
1128 void ima_delete_rules(void)
1129 {
1130 struct ima_rule_entry *entry, *tmp;
1131 int i;
1132
1133 temp_ima_appraise = 0;
1134 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) {
1135 for (i = 0; i < MAX_LSM_RULES; i++)
1136 kfree(entry->lsm[i].args_p);
1137
1138 list_del(&entry->list);
1139 kfree(entry);
1140 }
1141 }
1142
1143 #ifdef CONFIG_IMA_READ_POLICY
1144 enum {
1145 mask_exec = 0, mask_write, mask_read, mask_append
1146 };
1147
1148 static const char *const mask_tokens[] = {
1149 "MAY_EXEC",
1150 "MAY_WRITE",
1151 "MAY_READ",
1152 "MAY_APPEND"
1153 };
1154
1155 #define __ima_hook_stringify(str) (#str),
1156
1157 static const char *const func_tokens[] = {
1158 __ima_hooks(__ima_hook_stringify)
1159 };
1160
1161 void *ima_policy_start(struct seq_file *m, loff_t *pos)
1162 {
1163 loff_t l = *pos;
1164 struct ima_rule_entry *entry;
1165
1166 rcu_read_lock();
1167 list_for_each_entry_rcu(entry, ima_rules, list) {
1168 if (!l--) {
1169 rcu_read_unlock();
1170 return entry;
1171 }
1172 }
1173 rcu_read_unlock();
1174 return NULL;
1175 }
1176
1177 void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos)
1178 {
1179 struct ima_rule_entry *entry = v;
1180
1181 rcu_read_lock();
1182 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list);
1183 rcu_read_unlock();
1184 (*pos)++;
1185
1186 return (&entry->list == ima_rules) ? NULL : entry;
1187 }
1188
1189 void ima_policy_stop(struct seq_file *m, void *v)
1190 {
1191 }
1192
1193 #define pt(token) policy_tokens[token].pattern
1194 #define mt(token) mask_tokens[token]
1195
1196 /*
1197 * policy_func_show - display the ima_hooks policy rule
1198 */
1199 static void policy_func_show(struct seq_file *m, enum ima_hooks func)
1200 {
1201 if (func > 0 && func < MAX_CHECK)
1202 seq_printf(m, "func=%s ", func_tokens[func]);
1203 else
1204 seq_printf(m, "func=%d ", func);
1205 }
1206
1207 int ima_policy_show(struct seq_file *m, void *v)
1208 {
1209 struct ima_rule_entry *entry = v;
1210 int i;
1211 char tbuf[64] = {0,};
1212
1213 rcu_read_lock();
1214
1215 if (entry->action & MEASURE)
1216 seq_puts(m, pt(Opt_measure));
1217 if (entry->action & DONT_MEASURE)
1218 seq_puts(m, pt(Opt_dont_measure));
1219 if (entry->action & APPRAISE)
1220 seq_puts(m, pt(Opt_appraise));
1221 if (entry->action & DONT_APPRAISE)
1222 seq_puts(m, pt(Opt_dont_appraise));
1223 if (entry->action & AUDIT)
1224 seq_puts(m, pt(Opt_audit));
1225 if (entry->action & HASH)
1226 seq_puts(m, pt(Opt_hash));
1227 if (entry->action & DONT_HASH)
1228 seq_puts(m, pt(Opt_dont_hash));
1229
1230 seq_puts(m, " ");
1231
1232 if (entry->flags & IMA_FUNC)
1233 policy_func_show(m, entry->func);
1234
1235 if (entry->flags & IMA_MASK) {
1236 if (entry->mask & MAY_EXEC)
1237 seq_printf(m, pt(Opt_mask), mt(mask_exec));
1238 if (entry->mask & MAY_WRITE)
1239 seq_printf(m, pt(Opt_mask), mt(mask_write));
1240 if (entry->mask & MAY_READ)
1241 seq_printf(m, pt(Opt_mask), mt(mask_read));
1242 if (entry->mask & MAY_APPEND)
1243 seq_printf(m, pt(Opt_mask), mt(mask_append));
1244 seq_puts(m, " ");
1245 }
1246
1247 if (entry->flags & IMA_FSMAGIC) {
1248 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic);
1249 seq_printf(m, pt(Opt_fsmagic), tbuf);
1250 seq_puts(m, " ");
1251 }
1252
1253 if (entry->flags & IMA_FSNAME) {
1254 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname);
1255 seq_printf(m, pt(Opt_fsname), tbuf);
1256 seq_puts(m, " ");
1257 }
1258
1259 if (entry->flags & IMA_PCR) {
1260 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr);
1261 seq_printf(m, pt(Opt_pcr), tbuf);
1262 seq_puts(m, " ");
1263 }
1264
1265 if (entry->flags & IMA_FSUUID) {
1266 seq_printf(m, "fsuuid=%pU", &entry->fsuuid);
1267 seq_puts(m, " ");
1268 }
1269
1270 if (entry->flags & IMA_UID) {
1271 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1272 if (entry->uid_op == &uid_gt)
1273 seq_printf(m, pt(Opt_uid_gt), tbuf);
1274 else if (entry->uid_op == &uid_lt)
1275 seq_printf(m, pt(Opt_uid_lt), tbuf);
1276 else
1277 seq_printf(m, pt(Opt_uid_eq), tbuf);
1278 seq_puts(m, " ");
1279 }
1280
1281 if (entry->flags & IMA_EUID) {
1282 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1283 if (entry->uid_op == &uid_gt)
1284 seq_printf(m, pt(Opt_euid_gt), tbuf);
1285 else if (entry->uid_op == &uid_lt)
1286 seq_printf(m, pt(Opt_euid_lt), tbuf);
1287 else
1288 seq_printf(m, pt(Opt_euid_eq), tbuf);
1289 seq_puts(m, " ");
1290 }
1291
1292 if (entry->flags & IMA_FOWNER) {
1293 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner));
1294 if (entry->fowner_op == &uid_gt)
1295 seq_printf(m, pt(Opt_fowner_gt), tbuf);
1296 else if (entry->fowner_op == &uid_lt)
1297 seq_printf(m, pt(Opt_fowner_lt), tbuf);
1298 else
1299 seq_printf(m, pt(Opt_fowner_eq), tbuf);
1300 seq_puts(m, " ");
1301 }
1302
1303 for (i = 0; i < MAX_LSM_RULES; i++) {
1304 if (entry->lsm[i].rule) {
1305 switch (i) {
1306 case LSM_OBJ_USER:
1307 seq_printf(m, pt(Opt_obj_user),
1308 (char *)entry->lsm[i].args_p);
1309 break;
1310 case LSM_OBJ_ROLE:
1311 seq_printf(m, pt(Opt_obj_role),
1312 (char *)entry->lsm[i].args_p);
1313 break;
1314 case LSM_OBJ_TYPE:
1315 seq_printf(m, pt(Opt_obj_type),
1316 (char *)entry->lsm[i].args_p);
1317 break;
1318 case LSM_SUBJ_USER:
1319 seq_printf(m, pt(Opt_subj_user),
1320 (char *)entry->lsm[i].args_p);
1321 break;
1322 case LSM_SUBJ_ROLE:
1323 seq_printf(m, pt(Opt_subj_role),
1324 (char *)entry->lsm[i].args_p);
1325 break;
1326 case LSM_SUBJ_TYPE:
1327 seq_printf(m, pt(Opt_subj_type),
1328 (char *)entry->lsm[i].args_p);
1329 break;
1330 }
1331 }
1332 }
1333 if (entry->flags & IMA_DIGSIG_REQUIRED)
1334 seq_puts(m, "appraise_type=imasig ");
1335 if (entry->flags & IMA_PERMIT_DIRECTIO)
1336 seq_puts(m, "permit_directio ");
1337 rcu_read_unlock();
1338 seq_puts(m, "\n");
1339 return 0;
1340 }
1341 #endif /* CONFIG_IMA_READ_POLICY */
A mirror of Linus' kernel repository