Re: [PATCH 2/3] IMA:Define a new template field buf

From: Mimi Zohar <zohar@linux.ibm.com>
To: Prakhar Srivastava <prsriva02@gmail.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: roberto.sassu@huawei.com
Subject: Re: [PATCH 2/3] IMA:Define a new template field buf
Date: Wed, 19 Jun 2019 09:54:26 -0400	[thread overview]
Message-ID: <1560952466.3975.40.camel@linux.ibm.com> (raw)
In-Reply-To: <20190617183507.14160-3-prsriva02@gmail.com>

On Mon, 2019-06-17 at 11:35 -0700, Prakhar Srivastava wrote:
> A buffer(kexec boot command line arguments) measured into IMA
> measuremnt list cannot be appraised, without already being
> aware of the buffer contents. Since hashes are non-reversible,
> raw buffer is needed for validation or regenerating hash for
> appraisal/attestation.
> 
> Add support to store/read the buffer contents in HEX.
> The kexec cmdline hash is stored in the "d-ng" field of the
> template data,it can be verified using
> sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements |
>   grep  kexec-cmdline | cut -d' ' -f 6 | xxd -r -p | sha256sum
> 
> - Add two new fields to ima_event_data to hold the buf and
> buf_len [Suggested by Roberto]
> - Add a new temaplte field 'buf' to be used to store/read
> the buffer data.[Suggested by Mimi]
> - Updated process_buffer_meaurement to add the buffer to
> ima_event_data. process_buffer_measurement added in
> "Define a new IMA hook to measure the boot command line
>  arguments"
> - Add a new template policy name ima-buf to represent
> 'd-ng|n-ng|buf'
> 
> Signed-off-by: Prakhar Srivastava <prsriva02@gmail.com>
> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
> Reviewed-by: James Morris <jamorris@linux.microsoft.com>

Thanks, looking much better.

>  
>  /* IMA template field data definition */
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index ea7d8cbf712f..83ca99d65e4b 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -140,7 +140,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
>  	struct ima_template_entry *entry;
>  	struct inode *inode = file_inode(file);
>  	struct ima_event_data event_data = {iint, file, filename, NULL, 0,
> -					    cause};
> +					    cause, NULL, 0};
>  	int violation = 1;
>  	int result;
>  
> @@ -296,7 +296,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
>  	struct inode *inode = file_inode(file);
>  	struct ima_template_entry *entry;
>  	struct ima_event_data event_data = {iint, file, filename, xattr_value,
> -					    xattr_len, NULL};
> +					    xattr_len, NULL, NULL, 0};
>  	int violation = 0;
>  
>  	if (iint->measured_pcrs & (0x1 << pcr))
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 993d0f1915ff..c8591406c0e2 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void)
>  	struct ima_template_entry *entry;
>  	struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
>  	struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
> -					    NULL, 0, NULL};
> +					    NULL, 0, NULL, NULL, 0};
>  	int result = -ENOMEM;
>  	int violation = 0;
>  	struct {
> 

These changes shouldn't be necessary.  Please rebase these patches on
top of the latest next-queued-testing branch (git remote update).  "IMA: support for per
policy rule template formats" is still changing. 

Minor nit.  When re-posting the patches please update the patch titles
so that there is a space between the subsystem name and the patch
title (eg. "ima: define ...").

Mimi