From: Nayna Jain <nayna@linux.ibm.com> To: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Michael Ellerman <mpe@ellerman.id.au>, Benjamin Herrenschmidt <benh@kernel.crashing.org>, Paul Mackerras <paulus@samba.org>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Jeremy Kerr <jk@ozlabs.org>, Matthew Garret <matthew.garret@nebula.com>, Mimi Zohar <zohar@linux.ibm.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Claudio Carvalho <cclaudio@linux.ibm.com>, George Wilson <gcwilson@linux.ibm.com>, Elaine Palmer <erpalmer@us.ibm.com>, Eric Ricther <erichte@linux.ibm.com>, "Oliver O'Halloran" <oohall@gmail.com>, Nayna Jain <nayna@linux.ibm.com>, Prakhar Srivastava <prsriva02@gmail.com>, Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Subject: [PATCH v9 5/8] ima: make process_buffer_measurement() generic Date: Wed, 23 Oct 2019 22:47:14 -0500 [thread overview] Message-ID: <20191024034717.70552-6-nayna@linux.ibm.com> (raw) In-Reply-To: <20191024034717.70552-1-nayna@linux.ibm.com> process_buffer_measurement() is limited to measuring the kexec boot command line. This patch makes process_buffer_measurement() more generic, allowing it to measure other types of buffer data (e.g. blacklisted binary hashes or key hashes). process_buffer_measurement() may be called directly from an IMA hook or as an auxiliary measurement record. In both cases the buffer measurement is based on policy. This patch modifies the function to conditionally retrieve the policy defined PCR and template for the IMA hook case. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> --- security/integrity/ima/ima.h | 3 ++ security/integrity/ima/ima_main.c | 51 ++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3689081aaf38..a65772ffa427 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -217,6 +217,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, int pcr, struct ima_template_desc *template_desc); +void process_buffer_measurement(const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 60027c643ecd..fe0b704ffdeb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -626,14 +626,14 @@ int ima_load_data(enum kernel_load_data_id id) * @buf: pointer to the buffer that needs to be added to the log. * @size: size of buffer(in bytes). * @eventname: event name to be used for the buffer entry. - * @cred: a pointer to a credentials structure for user validation. - * @secid: the secid of the task to be validated. + * @func: IMA hook + * @pcr: pcr to extend the measurement * * Based on policy, the buffer is measured into the ima log. */ -static void process_buffer_measurement(const void *buf, int size, - const char *eventname, - const struct cred *cred, u32 secid) +void process_buffer_measurement(const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr) { int ret = 0; struct ima_template_entry *entry = NULL; @@ -642,19 +642,38 @@ static void process_buffer_measurement(const void *buf, int size, .filename = eventname, .buf = buf, .buf_len = size}; - struct ima_template_desc *template_desc = NULL; + struct ima_template_desc *template = NULL; struct { struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; } hash = {}; int violation = 0; - int pcr = CONFIG_IMA_MEASURE_PCR_IDX; int action = 0; + u32 secid; - action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr, - &template_desc); - if (!(action & IMA_MEASURE)) - return; + if (func) { + security_task_getsecid(current, &secid); + action = ima_get_action(NULL, current_cred(), secid, 0, func, + &pcr, &template); + if (!(action & IMA_MEASURE)) + return; + } + + if (!pcr) + pcr = CONFIG_IMA_MEASURE_PCR_IDX; + + if (!template) { + template = lookup_template_desc("ima-buf"); + ret = template_desc_init_fields(template->fmt, + &(template->fields), + &(template->num_fields)); + if (ret < 0) { + pr_err("template %s init failed, result: %d\n", + (strlen(template->name) ? + template->name : template->fmt), ret); + return; + } + } iint.ima_hash = &hash.hdr; iint.ima_hash->algo = ima_hash_algo; @@ -664,7 +683,7 @@ static void process_buffer_measurement(const void *buf, int size, if (ret < 0) goto out; - ret = ima_alloc_init_template(&event_data, &entry, template_desc); + ret = ima_alloc_init_template(&event_data, &entry, template); if (ret < 0) goto out; @@ -686,13 +705,9 @@ static void process_buffer_measurement(const void *buf, int size, */ void ima_kexec_cmdline(const void *buf, int size) { - u32 secid; - - if (buf && size != 0) { - security_task_getsecid(current, &secid); + if (buf && size != 0) process_buffer_measurement(buf, size, "kexec-cmdline", - current_cred(), secid); - } + KEXEC_CMDLINE, 0); } static int __init init_ima(void) -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Nayna Jain <nayna@linux.ibm.com> To: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Cc: Prakhar Srivastava <prsriva02@gmail.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Eric Ricther <erichte@linux.ibm.com>, Nayna Jain <nayna@linux.ibm.com>, linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>, Claudio Carvalho <cclaudio@linux.ibm.com>, Matthew Garret <matthew.garret@nebula.com>, Lakshmi Ramasubramanian <nramas@linux.microsoft.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Paul Mackerras <paulus@samba.org>, Jeremy Kerr <jk@ozlabs.org>, Elaine Palmer <erpalmer@us.ibm.com>, Oliver O'Halloran <oohall@gmail.com>, George Wilson <gcwilson@linux.ibm.com> Subject: [PATCH v9 5/8] ima: make process_buffer_measurement() generic Date: Wed, 23 Oct 2019 22:47:14 -0500 [thread overview] Message-ID: <20191024034717.70552-6-nayna@linux.ibm.com> (raw) In-Reply-To: <20191024034717.70552-1-nayna@linux.ibm.com> process_buffer_measurement() is limited to measuring the kexec boot command line. This patch makes process_buffer_measurement() more generic, allowing it to measure other types of buffer data (e.g. blacklisted binary hashes or key hashes). process_buffer_measurement() may be called directly from an IMA hook or as an auxiliary measurement record. In both cases the buffer measurement is based on policy. This patch modifies the function to conditionally retrieve the policy defined PCR and template for the IMA hook case. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> --- security/integrity/ima/ima.h | 3 ++ security/integrity/ima/ima_main.c | 51 ++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3689081aaf38..a65772ffa427 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -217,6 +217,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, int pcr, struct ima_template_desc *template_desc); +void process_buffer_measurement(const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 60027c643ecd..fe0b704ffdeb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -626,14 +626,14 @@ int ima_load_data(enum kernel_load_data_id id) * @buf: pointer to the buffer that needs to be added to the log. * @size: size of buffer(in bytes). * @eventname: event name to be used for the buffer entry. - * @cred: a pointer to a credentials structure for user validation. - * @secid: the secid of the task to be validated. + * @func: IMA hook + * @pcr: pcr to extend the measurement * * Based on policy, the buffer is measured into the ima log. */ -static void process_buffer_measurement(const void *buf, int size, - const char *eventname, - const struct cred *cred, u32 secid) +void process_buffer_measurement(const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr) { int ret = 0; struct ima_template_entry *entry = NULL; @@ -642,19 +642,38 @@ static void process_buffer_measurement(const void *buf, int size, .filename = eventname, .buf = buf, .buf_len = size}; - struct ima_template_desc *template_desc = NULL; + struct ima_template_desc *template = NULL; struct { struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; } hash = {}; int violation = 0; - int pcr = CONFIG_IMA_MEASURE_PCR_IDX; int action = 0; + u32 secid; - action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr, - &template_desc); - if (!(action & IMA_MEASURE)) - return; + if (func) { + security_task_getsecid(current, &secid); + action = ima_get_action(NULL, current_cred(), secid, 0, func, + &pcr, &template); + if (!(action & IMA_MEASURE)) + return; + } + + if (!pcr) + pcr = CONFIG_IMA_MEASURE_PCR_IDX; + + if (!template) { + template = lookup_template_desc("ima-buf"); + ret = template_desc_init_fields(template->fmt, + &(template->fields), + &(template->num_fields)); + if (ret < 0) { + pr_err("template %s init failed, result: %d\n", + (strlen(template->name) ? + template->name : template->fmt), ret); + return; + } + } iint.ima_hash = &hash.hdr; iint.ima_hash->algo = ima_hash_algo; @@ -664,7 +683,7 @@ static void process_buffer_measurement(const void *buf, int size, if (ret < 0) goto out; - ret = ima_alloc_init_template(&event_data, &entry, template_desc); + ret = ima_alloc_init_template(&event_data, &entry, template); if (ret < 0) goto out; @@ -686,13 +705,9 @@ static void process_buffer_measurement(const void *buf, int size, */ void ima_kexec_cmdline(const void *buf, int size) { - u32 secid; - - if (buf && size != 0) { - security_task_getsecid(current, &secid); + if (buf && size != 0) process_buffer_measurement(buf, size, "kexec-cmdline", - current_cred(), secid); - } + KEXEC_CMDLINE, 0); } static int __init init_ima(void) -- 2.20.1
next prev parent reply other threads:[~2019-10-24 3:48 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-24 3:47 [PATCH v9 0/8] powerpc: Enabling IMA arch specific secure boot policies Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 3:47 ` [PATCH v9 1/8] powerpc: detect the secure boot mode of the system Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 17:26 ` Lakshmi Ramasubramanian 2019-10-24 17:26 ` Lakshmi Ramasubramanian 2019-10-25 16:49 ` Nayna Jain 2019-10-25 16:49 ` Nayna Jain 2019-10-24 3:47 ` [PATCH v9 2/8] powerpc/ima: add support to initialize ima policy rules Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 17:35 ` Lakshmi Ramasubramanian 2019-10-24 17:35 ` Lakshmi Ramasubramanian 2019-10-25 17:02 ` Nayna Jain 2019-10-25 17:02 ` Nayna Jain 2019-10-25 18:03 ` Lakshmi Ramasubramanian 2019-10-25 18:03 ` Lakshmi Ramasubramanian 2019-10-28 23:42 ` Michael Ellerman 2019-10-28 23:42 ` Michael Ellerman 2019-10-26 23:52 ` Mimi Zohar 2019-10-26 23:52 ` Mimi Zohar 2019-10-28 11:54 ` Mimi Zohar 2019-10-28 11:54 ` Mimi Zohar 2019-10-24 3:47 ` [PATCH v9 3/8] powerpc: detect the trusted boot state of the system Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 17:38 ` Lakshmi Ramasubramanian 2019-10-24 17:38 ` Lakshmi Ramasubramanian 2019-10-25 16:50 ` Nayna Jain 2019-10-25 16:50 ` Nayna Jain 2019-10-24 3:47 ` [PATCH v9 4/8] powerpc/ima: define trusted boot policy Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 17:40 ` Lakshmi Ramasubramanian 2019-10-24 17:40 ` Lakshmi Ramasubramanian 2019-10-24 3:47 ` Nayna Jain [this message] 2019-10-24 3:47 ` [PATCH v9 5/8] ima: make process_buffer_measurement() generic Nayna Jain 2019-10-24 15:20 ` Lakshmi Ramasubramanian 2019-10-24 15:20 ` Lakshmi Ramasubramanian 2019-10-25 17:24 ` Nayna Jain 2019-10-25 17:24 ` Nayna Jain 2019-10-25 17:32 ` Lakshmi Ramasubramanian 2019-10-25 17:32 ` Lakshmi Ramasubramanian 2019-10-27 0:13 ` Mimi Zohar 2019-10-27 0:13 ` Mimi Zohar 2019-10-30 15:22 ` Lakshmi Ramasubramanian 2019-10-30 15:22 ` Lakshmi Ramasubramanian 2019-10-30 16:35 ` Mimi Zohar 2019-10-30 16:35 ` Mimi Zohar 2019-10-24 3:47 ` [PATCH v9 6/8] certs: add wrapper function to check blacklisted binary hash Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 3:47 ` [PATCH v9 7/8] ima: check against blacklisted hashes for files with modsig Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-24 17:48 ` Lakshmi Ramasubramanian 2019-10-24 17:48 ` Lakshmi Ramasubramanian 2019-10-25 17:36 ` Nayna Jain 2019-10-25 17:36 ` Nayna Jain 2019-10-24 3:47 ` [PATCH v9 8/8] powerpc/ima: update ima arch policy to check for blacklist Nayna Jain 2019-10-24 3:47 ` Nayna Jain 2019-10-28 12:10 ` [PATCH v9 0/8] powerpc: Enabling IMA arch specific secure boot policies Mimi Zohar 2019-10-28 12:10 ` Mimi Zohar
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191024034717.70552-6-nayna@linux.ibm.com \ --to=nayna@linux.ibm.com \ --cc=ard.biesheuvel@linaro.org \ --cc=benh@kernel.crashing.org \ --cc=cclaudio@linux.ibm.com \ --cc=erichte@linux.ibm.com \ --cc=erpalmer@us.ibm.com \ --cc=gcwilson@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=jk@ozlabs.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@ozlabs.org \ --cc=matthew.garret@nebula.com \ --cc=mpe@ellerman.id.au \ --cc=nramas@linux.microsoft.com \ --cc=oohall@gmail.com \ --cc=paulus@samba.org \ --cc=prsriva02@gmail.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.