linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Prakhar Srivastava <prsriva02@gmail.com>
To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
	inux-security-module@vger.kernel.org
Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com,
	Prakhar Srivastava <prsriva02@gmail.com>,
	Prakhar Srivastava <prsriva@microsoft.com>
Subject: [PATCH v2 4/5 RFC] added a buffer_check LSM hook
Date: Tue, 23 Apr 2019 17:15:43 -0700	[thread overview]
Message-ID: <20190424001544.7188-4-prsriva02@gmail.com> (raw)
In-Reply-To: <20190424001544.7188-1-prsriva02@gmail.com>

From: Prakhar Srivastava <prsriva02@gmail.com>

Signed-off-by: Prakhar Srivastava <prsriva@microsoft.com>
---
Currently for soft reboot(kexec_file_load) the kernel file and
signature is measured by IMA. The cmdline args used to load the kernel
is not measured.
The boot aggregate that gets calculated will have no change since the
EFI loader has not been triggered.
Adding the kexec cmdline args measure and kernel version will add some
attestable criteria.

This patch adds a LSM hook for buffer_check
Suggested by Mimi Zohar

 include/linux/lsm_hooks.h | 3 +++
 include/linux/security.h  | 5 +++++
 security/security.c       | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 080f34e66017..854bf3cac716 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1568,6 +1568,8 @@ union security_list_options {
 	int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
 	int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
 
+	int (*buffer_check)(const void *buff, int size, const char *eventname);
+
 #ifdef CONFIG_SECURITY_NETWORK
 	int (*unix_stream_connect)(struct sock *sock, struct sock *other,
 					struct sock *newsk);
@@ -1813,6 +1815,7 @@ struct security_hook_heads {
 	struct list_head inode_notifysecctx;
 	struct list_head inode_setsecctx;
 	struct list_head inode_getsecctx;
+	struct list_head buffer_check;
 #ifdef CONFIG_SECURITY_NETWORK
 	struct list_head unix_stream_connect;
 	struct list_head unix_may_send;
diff --git a/include/linux/security.h b/include/linux/security.h
index af675b576645..cbba0e119234 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -377,6 +377,8 @@ void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+
+void security_buffer_measure(const void *buff, int size, char *eventname);
 #else /* CONFIG_SECURITY */
 struct security_mnt_opts {
 };
@@ -776,6 +778,9 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
 	*secid = 0;
 }
 
+static inline void security_buffer_measure(const void *buff, int size, char *eventname)
+{ }
+
 static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
 {
 	return 0;
diff --git a/security/security.c b/security/security.c
index 38316bb28b16..a0dfdb015412 100644
--- a/security/security.c
+++ b/security/security.c
@@ -320,6 +320,13 @@ int security_bprm_check(struct linux_binprm *bprm)
 	return ima_bprm_check(bprm);
 }
 
+void security_buffer_measure(const void *buff, int size, char *eventname)
+{
+	call_void_hook(buffer_check, buff, size, eventname);
+	return ima_buffer_check(buff, size, eventname);
+}
+
+
 void security_bprm_committing_creds(struct linux_binprm *bprm)
 {
 	call_void_hook(bprm_committing_creds, bprm);
-- 
2.17.1


  parent reply	other threads:[~2019-04-24  0:16 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-24  0:15 [PATCH v2 1/5 RFC] added ima hook for buffer, being enabled as a policy Prakhar Srivastava
2019-04-24  0:15 ` [PATCH v2 2/5 RFC] use event name instead of enum to make the call generic Prakhar Srivastava
2019-04-25 11:48   ` Nayna
2019-04-25 17:19     ` prsriva
2019-04-25 18:31       ` Linus Torvalds
2019-04-25 22:34         ` James Morris
2019-04-25 23:18           ` James Bottomley
2019-04-26  0:03             ` James Morris
2019-04-25 23:19           ` Linus Torvalds
2019-04-25 18:41       ` Nayna
2019-04-24  0:15 ` [PATCH v2 3/5 RFC] since cmdline args can be same for multiple kexec, log entry hash will collide. Prepend the kernel file name to the cmdline args to distinguish between cmdline args passed to subsequent kexec calls Prakhar Srivastava
2019-04-24  0:15 ` Prakhar Srivastava [this message]
2019-04-24  0:15 ` [PATCH v2 5/5 RFC] add the buffer to the event data in ima free entry data if store_template failed added check in templates for buffer Prakhar Srivastava

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190424001544.7188-4-prsriva02@gmail.com \
    --to=prsriva02@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=inux-security-module@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=prsriva@microsoft.com \
    --cc=vgoyal@redhat.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).