ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall

The new kernel module syscall appraises kernel modules based on policy. If the IMA policy requires kernel module checking, fallback to module signature enforcing for the existing syscall. Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's integrity is unknown, return -EACCES. Changelog v1: - Fix ima_module_check() return result (Tetsuo Handa) Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-12-21 08:34:21 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-12-24 09:35:48 -0500
commit: a7f2a366f62319dfebf8d4dfe8b211f631c78457 (patch)
tree: 67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2 /security
parent: a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565 (diff)
3 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3b2adb794f15..079a85dc37b2 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -139,6 +139,7 @@ void ima_delete_rules(void);
 /* Appraise integrity measurements */
 #define IMA_APPRAISE_ENFORCE    0x01
 #define IMA_APPRAISE_FIX        0x02
+#define IMA_APPRAISE_MODULES    0x04
 #ifdef CONFIG_IMA_APPRAISE
 int ima_appraise_measurement(struct integrity_iint_cache *iint,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 45de18e9a6f2..dba965de90d3 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check);
 */
 int ima_module_check(struct file *file)
 {
-        int rc;
+        int rc = 0;
-        if (!file)
+        if (!file) {
-                rc = INTEGRITY_UNKNOWN;
+                if (ima_appraise & IMA_APPRAISE_MODULES) {
-        else
+#ifndef CONFIG_MODULE_SIG_FORCE
+                        rc = -EACCES;   /* INTEGRITY_UNKNOWN */
+#endif
+                }
+        } else
                rc = process_measurement(file, file->f_dentry->d_name.name,
                                         MAY_EXEC, MODULE_CHECK);
        return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index af7d182d5a46..479fca940bb5 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
        }
        if (!result && (entry->action == UNKNOWN))
                result = -EINVAL;
+        else if (entry->func == MODULE_CHECK)
+                ima_appraise |= IMA_APPRAISE_MODULES;
        audit_log_format(ab, "res=%d", !result);
        audit_log_end(ab);
        return result;
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2012-12-21 08:34:21 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2012-12-24 09:35:48 -0500
commit	a7f2a366f62319dfebf8d4dfe8b211f631c78457 (patch)
tree	67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2 /security
parent	a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565 (diff)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3b2adb794f15..079a85dc37b2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h
@@ -139,6 +139,7 @@ void ima_delete_rules(void);
139	/* Appraise integrity measurements */	139	/* Appraise integrity measurements */
140	#define IMA_APPRAISE_ENFORCE 0x01	140	#define IMA_APPRAISE_ENFORCE 0x01
141	#define IMA_APPRAISE_FIX 0x02	141	#define IMA_APPRAISE_FIX 0x02
		142	#define IMA_APPRAISE_MODULES 0x04
142		143
143	#ifdef CONFIG_IMA_APPRAISE	144	#ifdef CONFIG_IMA_APPRAISE
144	int ima_appraise_measurement(struct integrity_iint_cache *iint,	145	int ima_appraise_measurement(struct integrity_iint_cache *iint,


diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 45de18e9a6f2..dba965de90d3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c
@@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check);
291	*/	291	*/
292	int ima_module_check(struct file *file)	292	int ima_module_check(struct file *file)
293	{	293	{
294	int rc;	294	int rc = 0;
295		295
296	if (!file)	296	if (!file) {
297	rc = INTEGRITY_UNKNOWN;	297	if (ima_appraise & IMA_APPRAISE_MODULES) {
298	else	298	#ifndef CONFIG_MODULE_SIG_FORCE
		299	rc = -EACCES; /* INTEGRITY_UNKNOWN */
		300	#endif
		301	}
		302	} else
299	rc = process_measurement(file, file->f_dentry->d_name.name,	303	rc = process_measurement(file, file->f_dentry->d_name.name,
300	MAY_EXEC, MODULE_CHECK);	304	MAY_EXEC, MODULE_CHECK);
301	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;	305	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;


diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af7d182d5a46..479fca940bb5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c
@@ -523,7 +523,8 @@ static int ima_parse_rule(char rule, struct ima_rule_entry entry)
523	}	523	}
524	if (!result && (entry->action == UNKNOWN))	524	if (!result && (entry->action == UNKNOWN))
525	result = -EINVAL;	525	result = -EINVAL;
526		526	else if (entry->func == MODULE_CHECK)
		527	ima_appraise \|= IMA_APPRAISE_MODULES;
527	audit_log_format(ab, "res=%d", !result);	528	audit_log_format(ab, "res=%d", !result);
528	audit_log_end(ab);	529	audit_log_end(ab);
529	return result;	530	return result;