diff options
| author | Eric Paris <eparis@redhat.com> | 2010-04-20 10:21:01 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-04-20 19:58:14 -0400 |
| commit | 7b62e162129c3b28d51016774e0c7c57c710c452 (patch) | |
| tree | c6d18b649b70bb684b2a648a4a00956f2d1e62e2 /security | |
| parent | 6ccd045630054c99ba1bb35673db12cfcf1eea58 (diff) | |
IMA: do not allow the same rule to specify the same thing twice
IMA will accept rules which specify things twice and will only pay
attention to the last one. We should reject such rules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 49998f90e441..c771a2036691 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -245,6 +245,9 @@ static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry, | |||
| 245 | { | 245 | { |
| 246 | int result; | 246 | int result; |
| 247 | 247 | ||
| 248 | if (entry->lsm[lsm_rule].rule) | ||
| 249 | return -EINVAL; | ||
| 250 | |||
| 248 | entry->lsm[lsm_rule].type = audit_type; | 251 | entry->lsm[lsm_rule].type = audit_type; |
| 249 | result = security_filter_rule_init(entry->lsm[lsm_rule].type, | 252 | result = security_filter_rule_init(entry->lsm[lsm_rule].type, |
| 250 | Audit_equal, args, | 253 | Audit_equal, args, |
| @@ -260,6 +263,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 260 | 263 | ||
| 261 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); | 264 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); |
| 262 | 265 | ||
| 266 | entry->uid = -1; | ||
| 263 | entry->action = -1; | 267 | entry->action = -1; |
| 264 | while ((p = strsep(&rule, " ")) != NULL) { | 268 | while ((p = strsep(&rule, " ")) != NULL) { |
| 265 | substring_t args[MAX_OPT_ARGS]; | 269 | substring_t args[MAX_OPT_ARGS]; |
| @@ -274,14 +278,26 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 274 | switch (token) { | 278 | switch (token) { |
| 275 | case Opt_measure: | 279 | case Opt_measure: |
| 276 | audit_log_format(ab, "%s ", "measure"); | 280 | audit_log_format(ab, "%s ", "measure"); |
| 281 | |||
| 282 | if (entry->action != UNKNOWN) | ||
| 283 | result = -EINVAL; | ||
| 284 | |||
| 277 | entry->action = MEASURE; | 285 | entry->action = MEASURE; |
| 278 | break; | 286 | break; |
| 279 | case Opt_dont_measure: | 287 | case Opt_dont_measure: |
| 280 | audit_log_format(ab, "%s ", "dont_measure"); | 288 | audit_log_format(ab, "%s ", "dont_measure"); |
| 289 | |||
| 290 | if (entry->action != UNKNOWN) | ||
| 291 | result = -EINVAL; | ||
| 292 | |||
| 281 | entry->action = DONT_MEASURE; | 293 | entry->action = DONT_MEASURE; |
| 282 | break; | 294 | break; |
| 283 | case Opt_func: | 295 | case Opt_func: |
| 284 | audit_log_format(ab, "func=%s ", args[0].from); | 296 | audit_log_format(ab, "func=%s ", args[0].from); |
| 297 | |||
| 298 | if (entry->func) | ||
| 299 | result = -EINVAL; | ||
| 300 | |||
| 285 | if (strcmp(args[0].from, "FILE_CHECK") == 0) | 301 | if (strcmp(args[0].from, "FILE_CHECK") == 0) |
| 286 | entry->func = FILE_CHECK; | 302 | entry->func = FILE_CHECK; |
| 287 | /* PATH_CHECK is for backwards compat */ | 303 | /* PATH_CHECK is for backwards compat */ |
| @@ -298,6 +314,10 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 298 | break; | 314 | break; |
| 299 | case Opt_mask: | 315 | case Opt_mask: |
| 300 | audit_log_format(ab, "mask=%s ", args[0].from); | 316 | audit_log_format(ab, "mask=%s ", args[0].from); |
| 317 | |||
| 318 | if (entry->mask) | ||
| 319 | result = -EINVAL; | ||
| 320 | |||
| 301 | if ((strcmp(args[0].from, "MAY_EXEC")) == 0) | 321 | if ((strcmp(args[0].from, "MAY_EXEC")) == 0) |
| 302 | entry->mask = MAY_EXEC; | 322 | entry->mask = MAY_EXEC; |
| 303 | else if (strcmp(args[0].from, "MAY_WRITE") == 0) | 323 | else if (strcmp(args[0].from, "MAY_WRITE") == 0) |
| @@ -313,6 +333,12 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 313 | break; | 333 | break; |
| 314 | case Opt_fsmagic: | 334 | case Opt_fsmagic: |
| 315 | audit_log_format(ab, "fsmagic=%s ", args[0].from); | 335 | audit_log_format(ab, "fsmagic=%s ", args[0].from); |
| 336 | |||
| 337 | if (entry->fsmagic) { | ||
| 338 | result = -EINVAL; | ||
| 339 | break; | ||
| 340 | } | ||
| 341 | |||
| 316 | result = strict_strtoul(args[0].from, 16, | 342 | result = strict_strtoul(args[0].from, 16, |
| 317 | &entry->fsmagic); | 343 | &entry->fsmagic); |
| 318 | if (!result) | 344 | if (!result) |
| @@ -320,6 +346,12 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 320 | break; | 346 | break; |
| 321 | case Opt_uid: | 347 | case Opt_uid: |
| 322 | audit_log_format(ab, "uid=%s ", args[0].from); | 348 | audit_log_format(ab, "uid=%s ", args[0].from); |
| 349 | |||
| 350 | if (entry->uid != -1) { | ||
| 351 | result = -EINVAL; | ||
| 352 | break; | ||
| 353 | } | ||
| 354 | |||
| 323 | result = strict_strtoul(args[0].from, 10, &lnum); | 355 | result = strict_strtoul(args[0].from, 10, &lnum); |
| 324 | if (!result) { | 356 | if (!result) { |
| 325 | entry->uid = (uid_t) lnum; | 357 | entry->uid = (uid_t) lnum; |
| @@ -370,7 +402,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 370 | break; | 402 | break; |
| 371 | } | 403 | } |
| 372 | } | 404 | } |
| 373 | if (entry->action == UNKNOWN) | 405 | if (!result && (entry->action == UNKNOWN)) |
| 374 | result = -EINVAL; | 406 | result = -EINVAL; |
| 375 | 407 | ||
| 376 | audit_log_format(ab, "res=%d", !!result); | 408 | audit_log_format(ab, "res=%d", !!result); |