Linux-Integrity Archive on lore.kernel.org
 help / Atom feed
* [PATCH] ima: fix wrong signed policy requirement when not appraising
@ 2019-05-14 22:08 Petr Vorel
  2019-05-14 22:37 ` Mimi Zohar
  0 siblings, 1 reply; 3+ messages in thread
From: Petr Vorel @ 2019-05-14 22:08 UTC (permalink / raw)
  To: linux-integrity; +Cc: Petr Vorel, Mimi Zohar, Nayna Jain

Kernel booted just with ima_policy=tcb (not with
ima_policy=appraise_tcb) shouldn't require signed policy.

Regression found with LTP test ima_policy.sh.

Fixes: c52657d93b05 ("ima: refactor ima_init_policy()")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi,

assuming behavior prior c52657d93b05 was correct.
BTW I admit that using global variable inside helper function is nasty.

Kind regards,
Petr

 security/integrity/ima/ima_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index e0cc323f948f..df0e6a1b063b 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -500,7 +500,7 @@ static void add_rules(struct ima_rule_entry *entries, int count,
 		}
 		if (entries[i].action == APPRAISE)
 			temp_ima_appraise |= ima_appraise_flag(entries[i].func);
-		if (entries[i].func == POLICY_CHECK)
+		if (ima_use_appraise_tcb && entries[i].func == POLICY_CHECK)
 			temp_ima_appraise |= IMA_APPRAISE_POLICY;
 	}
 }
-- 
2.16.4


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] ima: fix wrong signed policy requirement when not appraising
  2019-05-14 22:08 [PATCH] ima: fix wrong signed policy requirement when not appraising Petr Vorel
@ 2019-05-14 22:37 ` Mimi Zohar
  0 siblings, 0 replies; 3+ messages in thread
From: Mimi Zohar @ 2019-05-14 22:37 UTC (permalink / raw)
  To: Petr Vorel, linux-integrity; +Cc: Mimi Zohar, Nayna Jain

On Wed, 2019-05-15 at 00:08 +0200, Petr Vorel wrote:
> Kernel booted just with ima_policy=tcb (not with
> ima_policy=appraise_tcb) shouldn't require signed policy.
> 
> Regression found with LTP test ima_policy.sh.
> 
> Fixes: c52657d93b05 ("ima: refactor ima_init_policy()")
> 
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Hi,
> 
> assuming behavior prior c52657d93b05 was correct.
> BTW I admit that using global variable inside helper function is nasty.
> 
> Kind regards,
> Petr
> 
>  security/integrity/ima/ima_policy.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index e0cc323f948f..df0e6a1b063b 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -500,7 +500,7 @@ static void add_rules(struct ima_rule_entry *entries, int count,
>  		}
>  		if (entries[i].action == APPRAISE)
>  			temp_ima_appraise |= ima_appraise_flag(entries[i].func);
> -		if (entries[i].func == POLICY_CHECK)
> +		if (ima_use_appraise_tcb && entries[i].func == POLICY_CHECK)
>  			temp_ima_appraise |= IMA_APPRAISE_POLICY;

Instead of also testing "ima_use_appraise_tcb", try including the
POLICY_CHECK as part of the APPRAISE condition.

thanks!

Mimi

>  	}
>  }


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] ima: fix wrong signed policy requirement when not appraising
@ 2019-05-14 22:01 Petr Vorel
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Vorel @ 2019-05-14 22:01 UTC (permalink / raw)
  To: linux-integrity; +Cc: Petr Vorel, Mimi Zohar, Nayna Jain

Kernel booted just with ima_policy=tcb (not with
ima_policy=appraise_tcb) shouldn't require signed policy.

Regression found with LTP test ima_policy.sh.

Fixes: c52657d93b05 ("ima: refactor ima_init_policy()")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi,

assuming behavior prior c52657d93b05 was correct.
BTW I admit that using global variable inside helper function is nasty.

Kind regards,
Petr

 security/integrity/ima/ima_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index e0cc323f948f..df0e6a1b063b 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -500,7 +500,7 @@ static void add_rules(struct ima_rule_entry *entries, int count,
 		}
 		if (entries[i].action == APPRAISE)
 			temp_ima_appraise |= ima_appraise_flag(entries[i].func);
-		if (entries[i].func == POLICY_CHECK)
+		if (ima_use_appraise_tcb && entries[i].func == POLICY_CHECK)
 			temp_ima_appraise |= IMA_APPRAISE_POLICY;
 	}
 }
-- 
2.16.4


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-14 22:08 [PATCH] ima: fix wrong signed policy requirement when not appraising Petr Vorel
2019-05-14 22:37 ` Mimi Zohar
  -- strict thread matches above, loose matches on Subject: below --
2019-05-14 22:01 Petr Vorel

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox