]> git.ipfire.org Git - thirdparty/linux.git/blob - security/integrity/ima/ima_policy.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'nvme-5.2-rc-next' of git://git.infradead.org/nvme into for-linus
[thirdparty/linux.git] / security / integrity / ima / ima_policy.c
1 /*
2 * Copyright (C) 2008 IBM Corporation
3 * Author: Mimi Zohar <zohar@us.ibm.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 2 of the License.
8 *
9 * ima_policy.c
10 * - initialize default measure policy rules
11 *
12 */
13 #include <linux/init.h>
14 #include <linux/list.h>
15 #include <linux/fs.h>
16 #include <linux/security.h>
17 #include <linux/magic.h>
18 #include <linux/parser.h>
19 #include <linux/slab.h>
20 #include <linux/rculist.h>
21 #include <linux/genhd.h>
22 #include <linux/seq_file.h>
23 #include <linux/ima.h>
24
25 #include "ima.h"
26
27 /* flags definitions */
28 #define IMA_FUNC 0x0001
29 #define IMA_MASK 0x0002
30 #define IMA_FSMAGIC 0x0004
31 #define IMA_UID 0x0008
32 #define IMA_FOWNER 0x0010
33 #define IMA_FSUUID 0x0020
34 #define IMA_INMASK 0x0040
35 #define IMA_EUID 0x0080
36 #define IMA_PCR 0x0100
37 #define IMA_FSNAME 0x0200
38
39 #define UNKNOWN 0
40 #define MEASURE 0x0001 /* same as IMA_MEASURE */
41 #define DONT_MEASURE 0x0002
42 #define APPRAISE 0x0004 /* same as IMA_APPRAISE */
43 #define DONT_APPRAISE 0x0008
44 #define AUDIT 0x0040
45 #define HASH 0x0100
46 #define DONT_HASH 0x0200
47
48 #define INVALID_PCR(a) (((a) < 0) || \
49 (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8))
50
51 int ima_policy_flag;
52 static int temp_ima_appraise;
53 static int build_ima_appraise __ro_after_init;
54
55 #define MAX_LSM_RULES 6
56 enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
57 LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
58 };
59
60 enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };
61
62 enum policy_rule_list { IMA_DEFAULT_POLICY = 1, IMA_CUSTOM_POLICY };
63
64 struct ima_rule_entry {
65 struct list_head list;
66 int action;
67 unsigned int flags;
68 enum ima_hooks func;
69 int mask;
70 unsigned long fsmagic;
71 uuid_t fsuuid;
72 kuid_t uid;
73 kuid_t fowner;
74 bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */
75 bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */
76 int pcr;
77 struct {
78 void *rule; /* LSM file metadata specific */
79 void *args_p; /* audit value */
80 int type; /* audit type */
81 } lsm[MAX_LSM_RULES];
82 char *fsname;
83 };
84
85 /*
86 * Without LSM specific knowledge, the default policy can only be
87 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
88 */
89
90 /*
91 * The minimum rule set to allow for full TCB coverage. Measures all files
92 * opened or mmap for exec and everything read by root. Dangerous because
93 * normal users can easily run the machine out of memory simply building
94 * and running executables.
95 */
96 static struct ima_rule_entry dont_measure_rules[] __ro_after_init = {
97 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
98 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
99 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
100 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
101 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
102 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
103 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
104 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
105 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
106 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
107 .flags = IMA_FSMAGIC},
108 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
109 .flags = IMA_FSMAGIC},
110 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
111 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
112 };
113
114 static struct ima_rule_entry original_measurement_rules[] __ro_after_init = {
115 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
116 .flags = IMA_FUNC | IMA_MASK},
117 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
118 .flags = IMA_FUNC | IMA_MASK},
119 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
120 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
121 .flags = IMA_FUNC | IMA_MASK | IMA_UID},
122 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
123 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
124 };
125
126 static struct ima_rule_entry default_measurement_rules[] __ro_after_init = {
127 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
128 .flags = IMA_FUNC | IMA_MASK},
129 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
130 .flags = IMA_FUNC | IMA_MASK},
131 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
132 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
133 .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
134 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
135 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
136 .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
137 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
138 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
139 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
140 };
141
142 static struct ima_rule_entry default_appraise_rules[] __ro_after_init = {
143 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
144 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
145 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
146 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
147 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
148 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
149 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
150 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
151 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
152 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
153 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
154 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
155 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
156 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
157 #ifdef CONFIG_IMA_WRITE_POLICY
158 {.action = APPRAISE, .func = POLICY_CHECK,
159 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
160 #endif
161 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT
162 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
163 .flags = IMA_FOWNER},
164 #else
165 /* force signature */
166 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
167 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED},
168 #endif
169 };
170
171 static struct ima_rule_entry build_appraise_rules[] __ro_after_init = {
172 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_MODULE_SIGS
173 {.action = APPRAISE, .func = MODULE_CHECK,
174 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
175 #endif
176 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_FIRMWARE_SIGS
177 {.action = APPRAISE, .func = FIRMWARE_CHECK,
178 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
179 #endif
180 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS
181 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
182 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
183 #endif
184 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS
185 {.action = APPRAISE, .func = POLICY_CHECK,
186 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
187 #endif
188 };
189
190 static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
191 {.action = APPRAISE, .func = MODULE_CHECK,
192 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
193 {.action = APPRAISE, .func = FIRMWARE_CHECK,
194 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
195 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
196 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
197 {.action = APPRAISE, .func = POLICY_CHECK,
198 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
199 };
200
201 /* An array of architecture specific rules */
202 struct ima_rule_entry *arch_policy_entry __ro_after_init;
203
204 static LIST_HEAD(ima_default_rules);
205 static LIST_HEAD(ima_policy_rules);
206 static LIST_HEAD(ima_temp_rules);
207 static struct list_head *ima_rules;
208
209 static int ima_policy __initdata;
210
211 static int __init default_measure_policy_setup(char *str)
212 {
213 if (ima_policy)
214 return 1;
215
216 ima_policy = ORIGINAL_TCB;
217 return 1;
218 }
219 __setup("ima_tcb", default_measure_policy_setup);
220
221 static bool ima_use_appraise_tcb __initdata;
222 static bool ima_use_secure_boot __initdata;
223 static bool ima_fail_unverifiable_sigs __ro_after_init;
224 static int __init policy_setup(char *str)
225 {
226 char *p;
227
228 while ((p = strsep(&str, " |\n")) != NULL) {
229 if (*p == ' ')
230 continue;
231 if ((strcmp(p, "tcb") == 0) && !ima_policy)
232 ima_policy = DEFAULT_TCB;
233 else if (strcmp(p, "appraise_tcb") == 0)
234 ima_use_appraise_tcb = true;
235 else if (strcmp(p, "secure_boot") == 0)
236 ima_use_secure_boot = true;
237 else if (strcmp(p, "fail_securely") == 0)
238 ima_fail_unverifiable_sigs = true;
239 }
240
241 return 1;
242 }
243 __setup("ima_policy=", policy_setup);
244
245 static int __init default_appraise_policy_setup(char *str)
246 {
247 ima_use_appraise_tcb = true;
248 return 1;
249 }
250 __setup("ima_appraise_tcb", default_appraise_policy_setup);
251
252 /*
253 * The LSM policy can be reloaded, leaving the IMA LSM based rules referring
254 * to the old, stale LSM policy. Update the IMA LSM based rules to reflect
255 * the reloaded LSM policy. We assume the rules still exist; and BUG_ON() if
256 * they don't.
257 */
258 static void ima_lsm_update_rules(void)
259 {
260 struct ima_rule_entry *entry;
261 int result;
262 int i;
263
264 list_for_each_entry(entry, &ima_policy_rules, list) {
265 for (i = 0; i < MAX_LSM_RULES; i++) {
266 if (!entry->lsm[i].rule)
267 continue;
268 result = security_filter_rule_init(entry->lsm[i].type,
269 Audit_equal,
270 entry->lsm[i].args_p,
271 &entry->lsm[i].rule);
272 BUG_ON(!entry->lsm[i].rule);
273 }
274 }
275 }
276
277 /**
278 * ima_match_rules - determine whether an inode matches the measure rule.
279 * @rule: a pointer to a rule
280 * @inode: a pointer to an inode
281 * @cred: a pointer to a credentials structure for user validation
282 * @secid: the secid of the task to be validated
283 * @func: LIM hook identifier
284 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
285 *
286 * Returns true on rule match, false on failure.
287 */
288 static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
289 const struct cred *cred, u32 secid,
290 enum ima_hooks func, int mask)
291 {
292 int i;
293
294 if ((rule->flags & IMA_FUNC) &&
295 (rule->func != func && func != POST_SETATTR))
296 return false;
297 if ((rule->flags & IMA_MASK) &&
298 (rule->mask != mask && func != POST_SETATTR))
299 return false;
300 if ((rule->flags & IMA_INMASK) &&
301 (!(rule->mask & mask) && func != POST_SETATTR))
302 return false;
303 if ((rule->flags & IMA_FSMAGIC)
304 && rule->fsmagic != inode->i_sb->s_magic)
305 return false;
306 if ((rule->flags & IMA_FSNAME)
307 && strcmp(rule->fsname, inode->i_sb->s_type->name))
308 return false;
309 if ((rule->flags & IMA_FSUUID) &&
310 !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid))
311 return false;
312 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
313 return false;
314 if (rule->flags & IMA_EUID) {
315 if (has_capability_noaudit(current, CAP_SETUID)) {
316 if (!rule->uid_op(cred->euid, rule->uid)
317 && !rule->uid_op(cred->suid, rule->uid)
318 && !rule->uid_op(cred->uid, rule->uid))
319 return false;
320 } else if (!rule->uid_op(cred->euid, rule->uid))
321 return false;
322 }
323
324 if ((rule->flags & IMA_FOWNER) &&
325 !rule->fowner_op(inode->i_uid, rule->fowner))
326 return false;
327 for (i = 0; i < MAX_LSM_RULES; i++) {
328 int rc = 0;
329 u32 osid;
330 int retried = 0;
331
332 if (!rule->lsm[i].rule)
333 continue;
334 retry:
335 switch (i) {
336 case LSM_OBJ_USER:
337 case LSM_OBJ_ROLE:
338 case LSM_OBJ_TYPE:
339 security_inode_getsecid(inode, &osid);
340 rc = security_filter_rule_match(osid,
341 rule->lsm[i].type,
342 Audit_equal,
343 rule->lsm[i].rule);
344 break;
345 case LSM_SUBJ_USER:
346 case LSM_SUBJ_ROLE:
347 case LSM_SUBJ_TYPE:
348 rc = security_filter_rule_match(secid,
349 rule->lsm[i].type,
350 Audit_equal,
351 rule->lsm[i].rule);
352 default:
353 break;
354 }
355 if ((rc < 0) && (!retried)) {
356 retried = 1;
357 ima_lsm_update_rules();
358 goto retry;
359 }
360 if (!rc)
361 return false;
362 }
363 return true;
364 }
365
366 /*
367 * In addition to knowing that we need to appraise the file in general,
368 * we need to differentiate between calling hooks, for hook specific rules.
369 */
370 static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
371 {
372 if (!(rule->flags & IMA_FUNC))
373 return IMA_FILE_APPRAISE;
374
375 switch (func) {
376 case MMAP_CHECK:
377 return IMA_MMAP_APPRAISE;
378 case BPRM_CHECK:
379 return IMA_BPRM_APPRAISE;
380 case CREDS_CHECK:
381 return IMA_CREDS_APPRAISE;
382 case FILE_CHECK:
383 case POST_SETATTR:
384 return IMA_FILE_APPRAISE;
385 case MODULE_CHECK ... MAX_CHECK - 1:
386 default:
387 return IMA_READ_APPRAISE;
388 }
389 }
390
391 /**
392 * ima_match_policy - decision based on LSM and other conditions
393 * @inode: pointer to an inode for which the policy decision is being made
394 * @cred: pointer to a credentials structure for which the policy decision is
395 * being made
396 * @secid: LSM secid of the task to be validated
397 * @func: IMA hook identifier
398 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
399 * @pcr: set the pcr to extend
400 *
401 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
402 * conditions.
403 *
404 * Since the IMA policy may be updated multiple times we need to lock the
405 * list when walking it. Reads are many orders of magnitude more numerous
406 * than writes so ima_match_policy() is classical RCU candidate.
407 */
408 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
409 enum ima_hooks func, int mask, int flags, int *pcr)
410 {
411 struct ima_rule_entry *entry;
412 int action = 0, actmask = flags | (flags << 1);
413
414 rcu_read_lock();
415 list_for_each_entry_rcu(entry, ima_rules, list) {
416
417 if (!(entry->action & actmask))
418 continue;
419
420 if (!ima_match_rules(entry, inode, cred, secid, func, mask))
421 continue;
422
423 action |= entry->flags & IMA_ACTION_FLAGS;
424
425 action |= entry->action & IMA_DO_MASK;
426 if (entry->action & IMA_APPRAISE) {
427 action |= get_subaction(entry, func);
428 action &= ~IMA_HASH;
429 if (ima_fail_unverifiable_sigs)
430 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
431 }
432
433 if (entry->action & IMA_DO_MASK)
434 actmask &= ~(entry->action | entry->action << 1);
435 else
436 actmask &= ~(entry->action | entry->action >> 1);
437
438 if ((pcr) && (entry->flags & IMA_PCR))
439 *pcr = entry->pcr;
440
441 if (!actmask)
442 break;
443 }
444 rcu_read_unlock();
445
446 return action;
447 }
448
449 /*
450 * Initialize the ima_policy_flag variable based on the currently
451 * loaded policy. Based on this flag, the decision to short circuit
452 * out of a function or not call the function in the first place
453 * can be made earlier.
454 */
455 void ima_update_policy_flag(void)
456 {
457 struct ima_rule_entry *entry;
458
459 list_for_each_entry(entry, ima_rules, list) {
460 if (entry->action & IMA_DO_MASK)
461 ima_policy_flag |= entry->action;
462 }
463
464 ima_appraise |= (build_ima_appraise | temp_ima_appraise);
465 if (!ima_appraise)
466 ima_policy_flag &= ~IMA_APPRAISE;
467 }
468
469 static int ima_appraise_flag(enum ima_hooks func)
470 {
471 if (func == MODULE_CHECK)
472 return IMA_APPRAISE_MODULES;
473 else if (func == FIRMWARE_CHECK)
474 return IMA_APPRAISE_FIRMWARE;
475 else if (func == POLICY_CHECK)
476 return IMA_APPRAISE_POLICY;
477 else if (func == KEXEC_KERNEL_CHECK)
478 return IMA_APPRAISE_KEXEC;
479 return 0;
480 }
481
482 static void add_rules(struct ima_rule_entry *entries, int count,
483 enum policy_rule_list policy_rule)
484 {
485 int i = 0;
486
487 for (i = 0; i < count; i++) {
488 struct ima_rule_entry *entry;
489
490 if (policy_rule & IMA_DEFAULT_POLICY)
491 list_add_tail(&entries[i].list, &ima_default_rules);
492
493 if (policy_rule & IMA_CUSTOM_POLICY) {
494 entry = kmemdup(&entries[i], sizeof(*entry),
495 GFP_KERNEL);
496 if (!entry)
497 continue;
498
499 list_add_tail(&entry->list, &ima_policy_rules);
500 }
501 if (entries[i].action == APPRAISE) {
502 temp_ima_appraise |= ima_appraise_flag(entries[i].func);
503 if (entries[i].func == POLICY_CHECK)
504 temp_ima_appraise |= IMA_APPRAISE_POLICY;
505 }
506 }
507 }
508
509 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
510
511 static int __init ima_init_arch_policy(void)
512 {
513 const char * const *arch_rules;
514 const char * const *rules;
515 int arch_entries = 0;
516 int i = 0;
517
518 arch_rules = arch_get_ima_policy();
519 if (!arch_rules)
520 return arch_entries;
521
522 /* Get number of rules */
523 for (rules = arch_rules; *rules != NULL; rules++)
524 arch_entries++;
525
526 arch_policy_entry = kcalloc(arch_entries + 1,
527 sizeof(*arch_policy_entry), GFP_KERNEL);
528 if (!arch_policy_entry)
529 return 0;
530
531 /* Convert each policy string rules to struct ima_rule_entry format */
532 for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
533 char rule[255];
534 int result;
535
536 result = strlcpy(rule, *rules, sizeof(rule));
537
538 INIT_LIST_HEAD(&arch_policy_entry[i].list);
539 result = ima_parse_rule(rule, &arch_policy_entry[i]);
540 if (result) {
541 pr_warn("Skipping unknown architecture policy rule: %s\n",
542 rule);
543 memset(&arch_policy_entry[i], 0,
544 sizeof(*arch_policy_entry));
545 continue;
546 }
547 i++;
548 }
549 return i;
550 }
551
552 /**
553 * ima_init_policy - initialize the default measure rules.
554 *
555 * ima_rules points to either the ima_default_rules or the
556 * the new ima_policy_rules.
557 */
558 void __init ima_init_policy(void)
559 {
560 int build_appraise_entries, arch_entries;
561
562 /* if !ima_policy, we load NO default rules */
563 if (ima_policy)
564 add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules),
565 IMA_DEFAULT_POLICY);
566
567 switch (ima_policy) {
568 case ORIGINAL_TCB:
569 add_rules(original_measurement_rules,
570 ARRAY_SIZE(original_measurement_rules),
571 IMA_DEFAULT_POLICY);
572 break;
573 case DEFAULT_TCB:
574 add_rules(default_measurement_rules,
575 ARRAY_SIZE(default_measurement_rules),
576 IMA_DEFAULT_POLICY);
577 default:
578 break;
579 }
580
581 /*
582 * Based on runtime secure boot flags, insert arch specific measurement
583 * and appraise rules requiring file signatures for both the initial
584 * and custom policies, prior to other appraise rules.
585 * (Highest priority)
586 */
587 arch_entries = ima_init_arch_policy();
588 if (!arch_entries)
589 pr_info("No architecture policies found\n");
590 else
591 add_rules(arch_policy_entry, arch_entries,
592 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
593
594 /*
595 * Insert the builtin "secure_boot" policy rules requiring file
596 * signatures, prior to other appraise rules.
597 */
598 if (ima_use_secure_boot)
599 add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules),
600 IMA_DEFAULT_POLICY);
601
602 /*
603 * Insert the build time appraise rules requiring file signatures
604 * for both the initial and custom policies, prior to other appraise
605 * rules. As the secure boot rules includes all of the build time
606 * rules, include either one or the other set of rules, but not both.
607 */
608 build_appraise_entries = ARRAY_SIZE(build_appraise_rules);
609 if (build_appraise_entries) {
610 if (ima_use_secure_boot)
611 add_rules(build_appraise_rules, build_appraise_entries,
612 IMA_CUSTOM_POLICY);
613 else
614 add_rules(build_appraise_rules, build_appraise_entries,
615 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
616 }
617
618 if (ima_use_appraise_tcb)
619 add_rules(default_appraise_rules,
620 ARRAY_SIZE(default_appraise_rules),
621 IMA_DEFAULT_POLICY);
622
623 ima_rules = &ima_default_rules;
624 ima_update_policy_flag();
625 }
626
627 /* Make sure we have a valid policy, at least containing some rules. */
628 int ima_check_policy(void)
629 {
630 if (list_empty(&ima_temp_rules))
631 return -EINVAL;
632 return 0;
633 }
634
635 /**
636 * ima_update_policy - update default_rules with new measure rules
637 *
638 * Called on file .release to update the default rules with a complete new
639 * policy. What we do here is to splice ima_policy_rules and ima_temp_rules so
640 * they make a queue. The policy may be updated multiple times and this is the
641 * RCU updater.
642 *
643 * Policy rules are never deleted so ima_policy_flag gets zeroed only once when
644 * we switch from the default policy to user defined.
645 */
646 void ima_update_policy(void)
647 {
648 struct list_head *policy = &ima_policy_rules;
649
650 list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu);
651
652 if (ima_rules != policy) {
653 ima_policy_flag = 0;
654 ima_rules = policy;
655
656 /*
657 * IMA architecture specific policy rules are specified
658 * as strings and converted to an array of ima_entry_rules
659 * on boot. After loading a custom policy, free the
660 * architecture specific rules stored as an array.
661 */
662 kfree(arch_policy_entry);
663 }
664 ima_update_policy_flag();
665 }
666
667 /* Keep the enumeration in sync with the policy_tokens! */
668 enum {
669 Opt_measure, Opt_dont_measure,
670 Opt_appraise, Opt_dont_appraise,
671 Opt_audit, Opt_hash, Opt_dont_hash,
672 Opt_obj_user, Opt_obj_role, Opt_obj_type,
673 Opt_subj_user, Opt_subj_role, Opt_subj_type,
674 Opt_func, Opt_mask, Opt_fsmagic, Opt_fsname,
675 Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq,
676 Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt,
677 Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt,
678 Opt_appraise_type, Opt_permit_directio,
679 Opt_pcr, Opt_err
680 };
681
682 static const match_table_t policy_tokens = {
683 {Opt_measure, "measure"},
684 {Opt_dont_measure, "dont_measure"},
685 {Opt_appraise, "appraise"},
686 {Opt_dont_appraise, "dont_appraise"},
687 {Opt_audit, "audit"},
688 {Opt_hash, "hash"},
689 {Opt_dont_hash, "dont_hash"},
690 {Opt_obj_user, "obj_user=%s"},
691 {Opt_obj_role, "obj_role=%s"},
692 {Opt_obj_type, "obj_type=%s"},
693 {Opt_subj_user, "subj_user=%s"},
694 {Opt_subj_role, "subj_role=%s"},
695 {Opt_subj_type, "subj_type=%s"},
696 {Opt_func, "func=%s"},
697 {Opt_mask, "mask=%s"},
698 {Opt_fsmagic, "fsmagic=%s"},
699 {Opt_fsname, "fsname=%s"},
700 {Opt_fsuuid, "fsuuid=%s"},
701 {Opt_uid_eq, "uid=%s"},
702 {Opt_euid_eq, "euid=%s"},
703 {Opt_fowner_eq, "fowner=%s"},
704 {Opt_uid_gt, "uid>%s"},
705 {Opt_euid_gt, "euid>%s"},
706 {Opt_fowner_gt, "fowner>%s"},
707 {Opt_uid_lt, "uid<%s"},
708 {Opt_euid_lt, "euid<%s"},
709 {Opt_fowner_lt, "fowner<%s"},
710 {Opt_appraise_type, "appraise_type=%s"},
711 {Opt_permit_directio, "permit_directio"},
712 {Opt_pcr, "pcr=%s"},
713 {Opt_err, NULL}
714 };
715
716 static int ima_lsm_rule_init(struct ima_rule_entry *entry,
717 substring_t *args, int lsm_rule, int audit_type)
718 {
719 int result;
720
721 if (entry->lsm[lsm_rule].rule)
722 return -EINVAL;
723
724 entry->lsm[lsm_rule].args_p = match_strdup(args);
725 if (!entry->lsm[lsm_rule].args_p)
726 return -ENOMEM;
727
728 entry->lsm[lsm_rule].type = audit_type;
729 result = security_filter_rule_init(entry->lsm[lsm_rule].type,
730 Audit_equal,
731 entry->lsm[lsm_rule].args_p,
732 &entry->lsm[lsm_rule].rule);
733 if (!entry->lsm[lsm_rule].rule) {
734 kfree(entry->lsm[lsm_rule].args_p);
735 return -EINVAL;
736 }
737
738 return result;
739 }
740
741 static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
742 bool (*rule_operator)(kuid_t, kuid_t))
743 {
744 if (!ab)
745 return;
746
747 if (rule_operator == &uid_gt)
748 audit_log_format(ab, "%s>", key);
749 else if (rule_operator == &uid_lt)
750 audit_log_format(ab, "%s<", key);
751 else
752 audit_log_format(ab, "%s=", key);
753 audit_log_format(ab, "%s ", value);
754 }
755 static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
756 {
757 ima_log_string_op(ab, key, value, NULL);
758 }
759
760 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
761 {
762 struct audit_buffer *ab;
763 char *from;
764 char *p;
765 bool uid_token;
766 int result = 0;
767
768 ab = integrity_audit_log_start(audit_context(), GFP_KERNEL,
769 AUDIT_INTEGRITY_POLICY_RULE);
770
771 entry->uid = INVALID_UID;
772 entry->fowner = INVALID_UID;
773 entry->uid_op = &uid_eq;
774 entry->fowner_op = &uid_eq;
775 entry->action = UNKNOWN;
776 while ((p = strsep(&rule, " \t")) != NULL) {
777 substring_t args[MAX_OPT_ARGS];
778 int token;
779 unsigned long lnum;
780
781 if (result < 0)
782 break;
783 if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
784 continue;
785 token = match_token(p, policy_tokens, args);
786 switch (token) {
787 case Opt_measure:
788 ima_log_string(ab, "action", "measure");
789
790 if (entry->action != UNKNOWN)
791 result = -EINVAL;
792
793 entry->action = MEASURE;
794 break;
795 case Opt_dont_measure:
796 ima_log_string(ab, "action", "dont_measure");
797
798 if (entry->action != UNKNOWN)
799 result = -EINVAL;
800
801 entry->action = DONT_MEASURE;
802 break;
803 case Opt_appraise:
804 ima_log_string(ab, "action", "appraise");
805
806 if (entry->action != UNKNOWN)
807 result = -EINVAL;
808
809 entry->action = APPRAISE;
810 break;
811 case Opt_dont_appraise:
812 ima_log_string(ab, "action", "dont_appraise");
813
814 if (entry->action != UNKNOWN)
815 result = -EINVAL;
816
817 entry->action = DONT_APPRAISE;
818 break;
819 case Opt_audit:
820 ima_log_string(ab, "action", "audit");
821
822 if (entry->action != UNKNOWN)
823 result = -EINVAL;
824
825 entry->action = AUDIT;
826 break;
827 case Opt_hash:
828 ima_log_string(ab, "action", "hash");
829
830 if (entry->action != UNKNOWN)
831 result = -EINVAL;
832
833 entry->action = HASH;
834 break;
835 case Opt_dont_hash:
836 ima_log_string(ab, "action", "dont_hash");
837
838 if (entry->action != UNKNOWN)
839 result = -EINVAL;
840
841 entry->action = DONT_HASH;
842 break;
843 case Opt_func:
844 ima_log_string(ab, "func", args[0].from);
845
846 if (entry->func)
847 result = -EINVAL;
848
849 if (strcmp(args[0].from, "FILE_CHECK") == 0)
850 entry->func = FILE_CHECK;
851 /* PATH_CHECK is for backwards compat */
852 else if (strcmp(args[0].from, "PATH_CHECK") == 0)
853 entry->func = FILE_CHECK;
854 else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
855 entry->func = MODULE_CHECK;
856 else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0)
857 entry->func = FIRMWARE_CHECK;
858 else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
859 || (strcmp(args[0].from, "MMAP_CHECK") == 0))
860 entry->func = MMAP_CHECK;
861 else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
862 entry->func = BPRM_CHECK;
863 else if (strcmp(args[0].from, "CREDS_CHECK") == 0)
864 entry->func = CREDS_CHECK;
865 else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") ==
866 0)
867 entry->func = KEXEC_KERNEL_CHECK;
868 else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK")
869 == 0)
870 entry->func = KEXEC_INITRAMFS_CHECK;
871 else if (strcmp(args[0].from, "POLICY_CHECK") == 0)
872 entry->func = POLICY_CHECK;
873 else
874 result = -EINVAL;
875 if (!result)
876 entry->flags |= IMA_FUNC;
877 break;
878 case Opt_mask:
879 ima_log_string(ab, "mask", args[0].from);
880
881 if (entry->mask)
882 result = -EINVAL;
883
884 from = args[0].from;
885 if (*from == '^')
886 from++;
887
888 if ((strcmp(from, "MAY_EXEC")) == 0)
889 entry->mask = MAY_EXEC;
890 else if (strcmp(from, "MAY_WRITE") == 0)
891 entry->mask = MAY_WRITE;
892 else if (strcmp(from, "MAY_READ") == 0)
893 entry->mask = MAY_READ;
894 else if (strcmp(from, "MAY_APPEND") == 0)
895 entry->mask = MAY_APPEND;
896 else
897 result = -EINVAL;
898 if (!result)
899 entry->flags |= (*args[0].from == '^')
900 ? IMA_INMASK : IMA_MASK;
901 break;
902 case Opt_fsmagic:
903 ima_log_string(ab, "fsmagic", args[0].from);
904
905 if (entry->fsmagic) {
906 result = -EINVAL;
907 break;
908 }
909
910 result = kstrtoul(args[0].from, 16, &entry->fsmagic);
911 if (!result)
912 entry->flags |= IMA_FSMAGIC;
913 break;
914 case Opt_fsname:
915 ima_log_string(ab, "fsname", args[0].from);
916
917 entry->fsname = kstrdup(args[0].from, GFP_KERNEL);
918 if (!entry->fsname) {
919 result = -ENOMEM;
920 break;
921 }
922 result = 0;
923 entry->flags |= IMA_FSNAME;
924 break;
925 case Opt_fsuuid:
926 ima_log_string(ab, "fsuuid", args[0].from);
927
928 if (!uuid_is_null(&entry->fsuuid)) {
929 result = -EINVAL;
930 break;
931 }
932
933 result = uuid_parse(args[0].from, &entry->fsuuid);
934 if (!result)
935 entry->flags |= IMA_FSUUID;
936 break;
937 case Opt_uid_gt:
938 case Opt_euid_gt:
939 entry->uid_op = &uid_gt;
940 /* fall through */
941 case Opt_uid_lt:
942 case Opt_euid_lt:
943 if ((token == Opt_uid_lt) || (token == Opt_euid_lt))
944 entry->uid_op = &uid_lt;
945 /* fall through */
946 case Opt_uid_eq:
947 case Opt_euid_eq:
948 uid_token = (token == Opt_uid_eq) ||
949 (token == Opt_uid_gt) ||
950 (token == Opt_uid_lt);
951
952 ima_log_string_op(ab, uid_token ? "uid" : "euid",
953 args[0].from, entry->uid_op);
954
955 if (uid_valid(entry->uid)) {
956 result = -EINVAL;
957 break;
958 }
959
960 result = kstrtoul(args[0].from, 10, &lnum);
961 if (!result) {
962 entry->uid = make_kuid(current_user_ns(),
963 (uid_t) lnum);
964 if (!uid_valid(entry->uid) ||
965 (uid_t)lnum != lnum)
966 result = -EINVAL;
967 else
968 entry->flags |= uid_token
969 ? IMA_UID : IMA_EUID;
970 }
971 break;
972 case Opt_fowner_gt:
973 entry->fowner_op = &uid_gt;
974 /* fall through */
975 case Opt_fowner_lt:
976 if (token == Opt_fowner_lt)
977 entry->fowner_op = &uid_lt;
978 /* fall through */
979 case Opt_fowner_eq:
980 ima_log_string_op(ab, "fowner", args[0].from,
981 entry->fowner_op);
982
983 if (uid_valid(entry->fowner)) {
984 result = -EINVAL;
985 break;
986 }
987
988 result = kstrtoul(args[0].from, 10, &lnum);
989 if (!result) {
990 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum);
991 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum))
992 result = -EINVAL;
993 else
994 entry->flags |= IMA_FOWNER;
995 }
996 break;
997 case Opt_obj_user:
998 ima_log_string(ab, "obj_user", args[0].from);
999 result = ima_lsm_rule_init(entry, args,
1000 LSM_OBJ_USER,
1001 AUDIT_OBJ_USER);
1002 break;
1003 case Opt_obj_role:
1004 ima_log_string(ab, "obj_role", args[0].from);
1005 result = ima_lsm_rule_init(entry, args,
1006 LSM_OBJ_ROLE,
1007 AUDIT_OBJ_ROLE);
1008 break;
1009 case Opt_obj_type:
1010 ima_log_string(ab, "obj_type", args[0].from);
1011 result = ima_lsm_rule_init(entry, args,
1012 LSM_OBJ_TYPE,
1013 AUDIT_OBJ_TYPE);
1014 break;
1015 case Opt_subj_user:
1016 ima_log_string(ab, "subj_user", args[0].from);
1017 result = ima_lsm_rule_init(entry, args,
1018 LSM_SUBJ_USER,
1019 AUDIT_SUBJ_USER);
1020 break;
1021 case Opt_subj_role:
1022 ima_log_string(ab, "subj_role", args[0].from);
1023 result = ima_lsm_rule_init(entry, args,
1024 LSM_SUBJ_ROLE,
1025 AUDIT_SUBJ_ROLE);
1026 break;
1027 case Opt_subj_type:
1028 ima_log_string(ab, "subj_type", args[0].from);
1029 result = ima_lsm_rule_init(entry, args,
1030 LSM_SUBJ_TYPE,
1031 AUDIT_SUBJ_TYPE);
1032 break;
1033 case Opt_appraise_type:
1034 if (entry->action != APPRAISE) {
1035 result = -EINVAL;
1036 break;
1037 }
1038
1039 ima_log_string(ab, "appraise_type", args[0].from);
1040 if ((strcmp(args[0].from, "imasig")) == 0)
1041 entry->flags |= IMA_DIGSIG_REQUIRED;
1042 else
1043 result = -EINVAL;
1044 break;
1045 case Opt_permit_directio:
1046 entry->flags |= IMA_PERMIT_DIRECTIO;
1047 break;
1048 case Opt_pcr:
1049 if (entry->action != MEASURE) {
1050 result = -EINVAL;
1051 break;
1052 }
1053 ima_log_string(ab, "pcr", args[0].from);
1054
1055 result = kstrtoint(args[0].from, 10, &entry->pcr);
1056 if (result || INVALID_PCR(entry->pcr))
1057 result = -EINVAL;
1058 else
1059 entry->flags |= IMA_PCR;
1060
1061 break;
1062 case Opt_err:
1063 ima_log_string(ab, "UNKNOWN", p);
1064 result = -EINVAL;
1065 break;
1066 }
1067 }
1068 if (!result && (entry->action == UNKNOWN))
1069 result = -EINVAL;
1070 else if (entry->action == APPRAISE)
1071 temp_ima_appraise |= ima_appraise_flag(entry->func);
1072
1073 audit_log_format(ab, "res=%d", !result);
1074 audit_log_end(ab);
1075 return result;
1076 }
1077
1078 /**
1079 * ima_parse_add_rule - add a rule to ima_policy_rules
1080 * @rule - ima measurement policy rule
1081 *
1082 * Avoid locking by allowing just one writer at a time in ima_write_policy()
1083 * Returns the length of the rule parsed, an error code on failure
1084 */
1085 ssize_t ima_parse_add_rule(char *rule)
1086 {
1087 static const char op[] = "update_policy";
1088 char *p;
1089 struct ima_rule_entry *entry;
1090 ssize_t result, len;
1091 int audit_info = 0;
1092
1093 p = strsep(&rule, "\n");
1094 len = strlen(p) + 1;
1095 p += strspn(p, " \t");
1096
1097 if (*p == '#' || *p == '\0')
1098 return len;
1099
1100 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1101 if (!entry) {
1102 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1103 NULL, op, "-ENOMEM", -ENOMEM, audit_info);
1104 return -ENOMEM;
1105 }
1106
1107 INIT_LIST_HEAD(&entry->list);
1108
1109 result = ima_parse_rule(p, entry);
1110 if (result) {
1111 kfree(entry);
1112 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
1113 NULL, op, "invalid-policy", result,
1114 audit_info);
1115 return result;
1116 }
1117
1118 list_add_tail(&entry->list, &ima_temp_rules);
1119
1120 return len;
1121 }
1122
1123 /**
1124 * ima_delete_rules() called to cleanup invalid in-flight policy.
1125 * We don't need locking as we operate on the temp list, which is
1126 * different from the active one. There is also only one user of
1127 * ima_delete_rules() at a time.
1128 */
1129 void ima_delete_rules(void)
1130 {
1131 struct ima_rule_entry *entry, *tmp;
1132 int i;
1133
1134 temp_ima_appraise = 0;
1135 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) {
1136 for (i = 0; i < MAX_LSM_RULES; i++)
1137 kfree(entry->lsm[i].args_p);
1138
1139 list_del(&entry->list);
1140 kfree(entry);
1141 }
1142 }
1143
1144 #ifdef CONFIG_IMA_READ_POLICY
1145 enum {
1146 mask_exec = 0, mask_write, mask_read, mask_append
1147 };
1148
1149 static const char *const mask_tokens[] = {
1150 "^MAY_EXEC",
1151 "^MAY_WRITE",
1152 "^MAY_READ",
1153 "^MAY_APPEND"
1154 };
1155
1156 #define __ima_hook_stringify(str) (#str),
1157
1158 static const char *const func_tokens[] = {
1159 __ima_hooks(__ima_hook_stringify)
1160 };
1161
1162 void *ima_policy_start(struct seq_file *m, loff_t *pos)
1163 {
1164 loff_t l = *pos;
1165 struct ima_rule_entry *entry;
1166
1167 rcu_read_lock();
1168 list_for_each_entry_rcu(entry, ima_rules, list) {
1169 if (!l--) {
1170 rcu_read_unlock();
1171 return entry;
1172 }
1173 }
1174 rcu_read_unlock();
1175 return NULL;
1176 }
1177
1178 void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos)
1179 {
1180 struct ima_rule_entry *entry = v;
1181
1182 rcu_read_lock();
1183 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list);
1184 rcu_read_unlock();
1185 (*pos)++;
1186
1187 return (&entry->list == ima_rules) ? NULL : entry;
1188 }
1189
1190 void ima_policy_stop(struct seq_file *m, void *v)
1191 {
1192 }
1193
1194 #define pt(token) policy_tokens[token].pattern
1195 #define mt(token) mask_tokens[token]
1196
1197 /*
1198 * policy_func_show - display the ima_hooks policy rule
1199 */
1200 static void policy_func_show(struct seq_file *m, enum ima_hooks func)
1201 {
1202 if (func > 0 && func < MAX_CHECK)
1203 seq_printf(m, "func=%s ", func_tokens[func]);
1204 else
1205 seq_printf(m, "func=%d ", func);
1206 }
1207
1208 int ima_policy_show(struct seq_file *m, void *v)
1209 {
1210 struct ima_rule_entry *entry = v;
1211 int i;
1212 char tbuf[64] = {0,};
1213 int offset = 0;
1214
1215 rcu_read_lock();
1216
1217 if (entry->action & MEASURE)
1218 seq_puts(m, pt(Opt_measure));
1219 if (entry->action & DONT_MEASURE)
1220 seq_puts(m, pt(Opt_dont_measure));
1221 if (entry->action & APPRAISE)
1222 seq_puts(m, pt(Opt_appraise));
1223 if (entry->action & DONT_APPRAISE)
1224 seq_puts(m, pt(Opt_dont_appraise));
1225 if (entry->action & AUDIT)
1226 seq_puts(m, pt(Opt_audit));
1227 if (entry->action & HASH)
1228 seq_puts(m, pt(Opt_hash));
1229 if (entry->action & DONT_HASH)
1230 seq_puts(m, pt(Opt_dont_hash));
1231
1232 seq_puts(m, " ");
1233
1234 if (entry->flags & IMA_FUNC)
1235 policy_func_show(m, entry->func);
1236
1237 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) {
1238 if (entry->flags & IMA_MASK)
1239 offset = 1;
1240 if (entry->mask & MAY_EXEC)
1241 seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset);
1242 if (entry->mask & MAY_WRITE)
1243 seq_printf(m, pt(Opt_mask), mt(mask_write) + offset);
1244 if (entry->mask & MAY_READ)
1245 seq_printf(m, pt(Opt_mask), mt(mask_read) + offset);
1246 if (entry->mask & MAY_APPEND)
1247 seq_printf(m, pt(Opt_mask), mt(mask_append) + offset);
1248 seq_puts(m, " ");
1249 }
1250
1251 if (entry->flags & IMA_FSMAGIC) {
1252 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic);
1253 seq_printf(m, pt(Opt_fsmagic), tbuf);
1254 seq_puts(m, " ");
1255 }
1256
1257 if (entry->flags & IMA_FSNAME) {
1258 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname);
1259 seq_printf(m, pt(Opt_fsname), tbuf);
1260 seq_puts(m, " ");
1261 }
1262
1263 if (entry->flags & IMA_PCR) {
1264 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr);
1265 seq_printf(m, pt(Opt_pcr), tbuf);
1266 seq_puts(m, " ");
1267 }
1268
1269 if (entry->flags & IMA_FSUUID) {
1270 seq_printf(m, "fsuuid=%pU", &entry->fsuuid);
1271 seq_puts(m, " ");
1272 }
1273
1274 if (entry->flags & IMA_UID) {
1275 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1276 if (entry->uid_op == &uid_gt)
1277 seq_printf(m, pt(Opt_uid_gt), tbuf);
1278 else if (entry->uid_op == &uid_lt)
1279 seq_printf(m, pt(Opt_uid_lt), tbuf);
1280 else
1281 seq_printf(m, pt(Opt_uid_eq), tbuf);
1282 seq_puts(m, " ");
1283 }
1284
1285 if (entry->flags & IMA_EUID) {
1286 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1287 if (entry->uid_op == &uid_gt)
1288 seq_printf(m, pt(Opt_euid_gt), tbuf);
1289 else if (entry->uid_op == &uid_lt)
1290 seq_printf(m, pt(Opt_euid_lt), tbuf);
1291 else
1292 seq_printf(m, pt(Opt_euid_eq), tbuf);
1293 seq_puts(m, " ");
1294 }
1295
1296 if (entry->flags & IMA_FOWNER) {
1297 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner));
1298 if (entry->fowner_op == &uid_gt)
1299 seq_printf(m, pt(Opt_fowner_gt), tbuf);
1300 else if (entry->fowner_op == &uid_lt)
1301 seq_printf(m, pt(Opt_fowner_lt), tbuf);
1302 else
1303 seq_printf(m, pt(Opt_fowner_eq), tbuf);
1304 seq_puts(m, " ");
1305 }
1306
1307 for (i = 0; i < MAX_LSM_RULES; i++) {
1308 if (entry->lsm[i].rule) {
1309 switch (i) {
1310 case LSM_OBJ_USER:
1311 seq_printf(m, pt(Opt_obj_user),
1312 (char *)entry->lsm[i].args_p);
1313 break;
1314 case LSM_OBJ_ROLE:
1315 seq_printf(m, pt(Opt_obj_role),
1316 (char *)entry->lsm[i].args_p);
1317 break;
1318 case LSM_OBJ_TYPE:
1319 seq_printf(m, pt(Opt_obj_type),
1320 (char *)entry->lsm[i].args_p);
1321 break;
1322 case LSM_SUBJ_USER:
1323 seq_printf(m, pt(Opt_subj_user),
1324 (char *)entry->lsm[i].args_p);
1325 break;
1326 case LSM_SUBJ_ROLE:
1327 seq_printf(m, pt(Opt_subj_role),
1328 (char *)entry->lsm[i].args_p);
1329 break;
1330 case LSM_SUBJ_TYPE:
1331 seq_printf(m, pt(Opt_subj_type),
1332 (char *)entry->lsm[i].args_p);
1333 break;
1334 }
1335 }
1336 }
1337 if (entry->flags & IMA_DIGSIG_REQUIRED)
1338 seq_puts(m, "appraise_type=imasig ");
1339 if (entry->flags & IMA_PERMIT_DIRECTIO)
1340 seq_puts(m, "permit_directio ");
1341 rcu_read_unlock();
1342 seq_puts(m, "\n");
1343 return 0;
1344 }
1345 #endif /* CONFIG_IMA_READ_POLICY */
A mirror of Linus' kernel repository