aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/domain.c4
-rw-r--r--security/apparmor/file.c4
-rw-r--r--security/apparmor/lsm.c6
-rw-r--r--security/capability.c24
-rw-r--r--security/commoncap.c2
-rw-r--r--security/device_cgroup.c19
-rw-r--r--security/integrity/Kconfig12
-rw-r--r--security/integrity/Makefile1
-rw-r--r--security/integrity/digsig.c11
-rw-r--r--security/integrity/digsig_asymmetric.c115
-rw-r--r--security/integrity/evm/Kconfig13
-rw-r--r--security/integrity/evm/evm.h2
-rw-r--r--security/integrity/evm/evm_crypto.c7
-rw-r--r--security/integrity/evm/evm_main.c10
-rw-r--r--security/integrity/evm/evm_secfs.c6
-rw-r--r--security/integrity/iint.c10
-rw-r--r--security/integrity/ima/ima.h22
-rw-r--r--security/integrity/ima/ima_api.c33
-rw-r--r--security/integrity/ima/ima_appraise.c92
-rw-r--r--security/integrity/ima/ima_crypto.c83
-rw-r--r--security/integrity/ima/ima_init.c3
-rw-r--r--security/integrity/ima/ima_main.c145
-rw-r--r--security/integrity/ima/ima_policy.c142
-rw-r--r--security/integrity/ima/ima_queue.c3
-rw-r--r--security/integrity/integrity.h62
-rw-r--r--security/keys/compat.c4
-rw-r--r--security/keys/process_keys.c6
-rw-r--r--security/security.c28
-rw-r--r--security/selinux/avc.c19
-rw-r--r--security/selinux/hooks.c69
-rw-r--r--security/selinux/include/classmap.h2
-rw-r--r--security/selinux/include/objsec.h4
-rw-r--r--security/selinux/selinuxfs.c20
-rw-r--r--security/smack/smack_lsm.c14
-rw-r--r--security/tomoyo/securityfs_if.c2
35 files changed, 707 insertions, 292 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 60f0c76a27d3..859abdaac1ea 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -349,8 +349,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
349 unsigned int state; 349 unsigned int state;
350 struct file_perms perms = {}; 350 struct file_perms perms = {};
351 struct path_cond cond = { 351 struct path_cond cond = {
352 bprm->file->f_path.dentry->d_inode->i_uid, 352 file_inode(bprm->file)->i_uid,
353 bprm->file->f_path.dentry->d_inode->i_mode 353 file_inode(bprm->file)->i_mode
354 }; 354 };
355 const char *name = NULL, *target = NULL, *info = NULL; 355 const char *name = NULL, *target = NULL, *info = NULL;
356 int error = cap_bprm_set_creds(bprm); 356 int error = cap_bprm_set_creds(bprm);
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index cd21ec5b90af..fdaa50cb1876 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -449,8 +449,8 @@ int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
449 u32 request) 449 u32 request)
450{ 450{
451 struct path_cond cond = { 451 struct path_cond cond = {
452 .uid = file->f_path.dentry->d_inode->i_uid, 452 .uid = file_inode(file)->i_uid,
453 .mode = file->f_path.dentry->d_inode->i_mode 453 .mode = file_inode(file)->i_mode
454 }; 454 };
455 455
456 return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED, 456 return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED,
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8c2a7f6b35e2..b21830eced41 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
379 struct aa_profile *profile; 379 struct aa_profile *profile;
380 int error = 0; 380 int error = 0;
381 381
382 if (!mediated_filesystem(file->f_path.dentry->d_inode)) 382 if (!mediated_filesystem(file_inode(file)))
383 return 0; 383 return 0;
384 384
385 /* If in exec, permission is handled by bprm hooks. 385 /* If in exec, permission is handled by bprm hooks.
@@ -394,7 +394,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
394 394
395 profile = aa_cred_profile(cred); 395 profile = aa_cred_profile(cred);
396 if (!unconfined(profile)) { 396 if (!unconfined(profile)) {
397 struct inode *inode = file->f_path.dentry->d_inode; 397 struct inode *inode = file_inode(file);
398 struct path_cond cond = { inode->i_uid, inode->i_mode }; 398 struct path_cond cond = { inode->i_uid, inode->i_mode };
399 399
400 error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0, 400 error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0,
@@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
432 BUG_ON(!fprofile); 432 BUG_ON(!fprofile);
433 433
434 if (!file->f_path.mnt || 434 if (!file->f_path.mnt ||
435 !mediated_filesystem(file->f_path.dentry->d_inode)) 435 !mediated_filesystem(file_inode(file)))
436 return 0; 436 return 0;
437 437
438 profile = __aa_current_profile(); 438 profile = __aa_current_profile();
diff --git a/security/capability.c b/security/capability.c
index 0fe5a026aef8..579775088967 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -709,16 +709,31 @@ static void cap_req_classify_flow(const struct request_sock *req,
709{ 709{
710} 710}
711 711
712static int cap_tun_dev_alloc_security(void **security)
713{
714 return 0;
715}
716
717static void cap_tun_dev_free_security(void *security)
718{
719}
720
712static int cap_tun_dev_create(void) 721static int cap_tun_dev_create(void)
713{ 722{
714 return 0; 723 return 0;
715} 724}
716 725
717static void cap_tun_dev_post_create(struct sock *sk) 726static int cap_tun_dev_attach_queue(void *security)
727{
728 return 0;
729}
730
731static int cap_tun_dev_attach(struct sock *sk, void *security)
718{ 732{
733 return 0;
719} 734}
720 735
721static int cap_tun_dev_attach(struct sock *sk) 736static int cap_tun_dev_open(void *security)
722{ 737{
723 return 0; 738 return 0;
724} 739}
@@ -1050,8 +1065,11 @@ void __init security_fixup_ops(struct security_operations *ops)
1050 set_to_cap_if_null(ops, secmark_refcount_inc); 1065 set_to_cap_if_null(ops, secmark_refcount_inc);
1051 set_to_cap_if_null(ops, secmark_refcount_dec); 1066 set_to_cap_if_null(ops, secmark_refcount_dec);
1052 set_to_cap_if_null(ops, req_classify_flow); 1067 set_to_cap_if_null(ops, req_classify_flow);
1068 set_to_cap_if_null(ops, tun_dev_alloc_security);
1069 set_to_cap_if_null(ops, tun_dev_free_security);
1053 set_to_cap_if_null(ops, tun_dev_create); 1070 set_to_cap_if_null(ops, tun_dev_create);
1054 set_to_cap_if_null(ops, tun_dev_post_create); 1071 set_to_cap_if_null(ops, tun_dev_open);
1072 set_to_cap_if_null(ops, tun_dev_attach_queue);
1055 set_to_cap_if_null(ops, tun_dev_attach); 1073 set_to_cap_if_null(ops, tun_dev_attach);
1056#endif /* CONFIG_SECURITY_NETWORK */ 1074#endif /* CONFIG_SECURITY_NETWORK */
1057#ifdef CONFIG_SECURITY_NETWORK_XFRM 1075#ifdef CONFIG_SECURITY_NETWORK_XFRM
diff --git a/security/commoncap.c b/security/commoncap.c
index 7ee08c756d6b..c44b6fe6648e 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -440,7 +440,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
440 if (!file_caps_enabled) 440 if (!file_caps_enabled)
441 return 0; 441 return 0;
442 442
443 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) 443 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
444 return 0; 444 return 0;
445 445
446 dentry = dget(bprm->file->f_dentry); 446 dentry = dget(bprm->file->f_dentry);
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 19ecc8de9e6b..1c69e38e3a2c 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -159,6 +159,16 @@ static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
159 } 159 }
160} 160}
161 161
162static void __dev_exception_clean(struct dev_cgroup *dev_cgroup)
163{
164 struct dev_exception_item *ex, *tmp;
165
166 list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
167 list_del_rcu(&ex->list);
168 kfree_rcu(ex, rcu);
169 }
170}
171
162/** 172/**
163 * dev_exception_clean - frees all entries of the exception list 173 * dev_exception_clean - frees all entries of the exception list
164 * @dev_cgroup: dev_cgroup with the exception list to be cleaned 174 * @dev_cgroup: dev_cgroup with the exception list to be cleaned
@@ -167,14 +177,9 @@ static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
167 */ 177 */
168static void dev_exception_clean(struct dev_cgroup *dev_cgroup) 178static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
169{ 179{
170 struct dev_exception_item *ex, *tmp;
171
172 lockdep_assert_held(&devcgroup_mutex); 180 lockdep_assert_held(&devcgroup_mutex);
173 181
174 list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) { 182 __dev_exception_clean(dev_cgroup);
175 list_del_rcu(&ex->list);
176 kfree_rcu(ex, rcu);
177 }
178} 183}
179 184
180/* 185/*
@@ -215,7 +220,7 @@ static void devcgroup_css_free(struct cgroup *cgroup)
215 struct dev_cgroup *dev_cgroup; 220 struct dev_cgroup *dev_cgroup;
216 221
217 dev_cgroup = cgroup_to_devcgroup(cgroup); 222 dev_cgroup = cgroup_to_devcgroup(cgroup);
218 dev_exception_clean(dev_cgroup); 223 __dev_exception_clean(dev_cgroup);
219 kfree(dev_cgroup); 224 kfree(dev_cgroup);
220} 225}
221 226
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 5bd1cc1b4a54..4bb3a775a996 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -17,5 +17,17 @@ config INTEGRITY_SIGNATURE
17 This is useful for evm and module keyrings, when keys are 17 This is useful for evm and module keyrings, when keys are
18 usually only added from initramfs. 18 usually only added from initramfs.
19 19
20config INTEGRITY_ASYMMETRIC_KEYS
21 boolean "Enable asymmetric keys support"
22 depends on INTEGRITY_SIGNATURE
23 default n
24 select ASYMMETRIC_KEY_TYPE
25 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
26 select PUBLIC_KEY_ALGO_RSA
27 select X509_CERTIFICATE_PARSER
28 help
29 This option enables digital signature verification using
30 asymmetric keys.
31
20source security/integrity/ima/Kconfig 32source security/integrity/ima/Kconfig
21source security/integrity/evm/Kconfig 33source security/integrity/evm/Kconfig
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index d43799cc14f6..ebb6409b3fcb 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -4,6 +4,7 @@
4 4
5obj-$(CONFIG_INTEGRITY) += integrity.o 5obj-$(CONFIG_INTEGRITY) += integrity.o
6obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o 6obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
7obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
7 8
8integrity-y := iint.o 9integrity-y := iint.o
9 10
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 2dc167d7cde9..0b759e17a131 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -44,5 +44,14 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
44 } 44 }
45 } 45 }
46 46
47 return digsig_verify(keyring[id], sig, siglen, digest, digestlen); 47 switch (sig[0]) {
48 case 1:
49 return digsig_verify(keyring[id], sig, siglen,
50 digest, digestlen);
51 case 2:
52 return asymmetric_verify(keyring[id], sig, siglen,
53 digest, digestlen);
54 }
55
56 return -EOPNOTSUPP;
48} 57}
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
new file mode 100644
index 000000000000..b4754667659d
--- /dev/null
+++ b/security/integrity/digsig_asymmetric.c
@@ -0,0 +1,115 @@
1/*
2 * Copyright (C) 2013 Intel Corporation
3 *
4 * Author:
5 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
10 *
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/err.h>
16#include <linux/key-type.h>
17#include <crypto/public_key.h>
18#include <keys/asymmetric-type.h>
19
20#include "integrity.h"
21
22/*
23 * signature format v2 - for using with asymmetric keys
24 */
25struct signature_v2_hdr {
26 uint8_t version; /* signature format version */
27 uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
28 uint32_t keyid; /* IMA key identifier - not X509/PGP specific*/
29 uint16_t sig_size; /* signature size */
30 uint8_t sig[0]; /* signature payload */
31} __packed;
32
33/*
34 * Request an asymmetric key.
35 */
36static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
37{
38 struct key *key;
39 char name[12];
40
41 sprintf(name, "id:%x", keyid);
42
43 pr_debug("key search: \"%s\"\n", name);
44
45 if (keyring) {
46 /* search in specific keyring */
47 key_ref_t kref;
48 kref = keyring_search(make_key_ref(keyring, 1),
49 &key_type_asymmetric, name);
50 if (IS_ERR(kref))
51 key = ERR_CAST(kref);
52 else
53 key = key_ref_to_ptr(kref);
54 } else {
55 key = request_key(&key_type_asymmetric, name, NULL);
56 }
57
58 if (IS_ERR(key)) {
59 pr_warn("Request for unknown key '%s' err %ld\n",
60 name, PTR_ERR(key));
61 switch (PTR_ERR(key)) {
62 /* Hide some search errors */
63 case -EACCES:
64 case -ENOTDIR:
65 case -EAGAIN:
66 return ERR_PTR(-ENOKEY);
67 default:
68 return key;
69 }
70 }
71
72 pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
73
74 return key;
75}
76
77int asymmetric_verify(struct key *keyring, const char *sig,
78 int siglen, const char *data, int datalen)
79{
80 struct public_key_signature pks;
81 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
82 struct key *key;
83 int ret = -ENOMEM;
84
85 if (siglen <= sizeof(*hdr))
86 return -EBADMSG;
87
88 siglen -= sizeof(*hdr);
89
90 if (siglen != __be16_to_cpu(hdr->sig_size))
91 return -EBADMSG;
92
93 if (hdr->hash_algo >= PKEY_HASH__LAST)
94 return -ENOPKG;
95
96 key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid));
97 if (IS_ERR(key))
98 return PTR_ERR(key);
99
100 memset(&pks, 0, sizeof(pks));
101
102 pks.pkey_hash_algo = hdr->hash_algo;
103 pks.digest = (u8 *)data;
104 pks.digest_size = datalen;
105 pks.nr_mpi = 1;
106 pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
107
108 if (pks.rsa.s)
109 ret = verify_signature(key, &pks);
110
111 mpi_free(pks.rsa.s);
112 key_put(key);
113 pr_debug("%s() = %d\n", __func__, ret);
114 return ret;
115}
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index afbb59dd262d..fea9749c3756 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -11,3 +11,16 @@ config EVM
11 integrity attacks. 11 integrity attacks.
12 12
13 If you are unsure how to answer this question, answer N. 13 If you are unsure how to answer this question, answer N.
14
15config EVM_HMAC_VERSION
16 int "EVM HMAC version"
17 depends on EVM
18 default 2
19 help
20 This options adds EVM HMAC version support.
21 1 - original version
22 2 - add per filesystem unique identifier (UUID) (default)
23
24 WARNING: changing the HMAC calculation method or adding
25 additional info to the calculation, requires existing EVM
26 labeled file systems to be relabeled.
diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
index c885247ebcf7..30bd1ec0232e 100644
--- a/security/integrity/evm/evm.h
+++ b/security/integrity/evm/evm.h
@@ -24,6 +24,7 @@
24extern int evm_initialized; 24extern int evm_initialized;
25extern char *evm_hmac; 25extern char *evm_hmac;
26extern char *evm_hash; 26extern char *evm_hash;
27extern int evm_hmac_version;
27 28
28extern struct crypto_shash *hmac_tfm; 29extern struct crypto_shash *hmac_tfm;
29extern struct crypto_shash *hash_tfm; 30extern struct crypto_shash *hash_tfm;
@@ -45,6 +46,5 @@ extern int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
45extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr, 46extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr,
46 char *hmac_val); 47 char *hmac_val);
47extern int evm_init_secfs(void); 48extern int evm_init_secfs(void);
48extern void evm_cleanup_secfs(void);
49 49
50#endif 50#endif
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index dfb26918699c..3bab89eb21d6 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -110,6 +110,9 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
110 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); 110 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
111 hmac_misc.mode = inode->i_mode; 111 hmac_misc.mode = inode->i_mode;
112 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc); 112 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc);
113 if (evm_hmac_version > 1)
114 crypto_shash_update(desc, inode->i_sb->s_uuid,
115 sizeof(inode->i_sb->s_uuid));
113 crypto_shash_final(desc, digest); 116 crypto_shash_final(desc, digest);
114} 117}
115 118
@@ -205,9 +208,9 @@ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
205 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, 208 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
206 &xattr_data, 209 &xattr_data,
207 sizeof(xattr_data), 0); 210 sizeof(xattr_data), 0);
208 } 211 } else if (rc == -ENODATA && inode->i_op->removexattr) {
209 else if (rc == -ENODATA)
210 rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM); 212 rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM);
213 }
211 return rc; 214 return rc;
212} 215}
213 216
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index eb5484504f50..cdbde1762189 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -26,6 +26,7 @@ int evm_initialized;
26 26
27char *evm_hmac = "hmac(sha1)"; 27char *evm_hmac = "hmac(sha1)";
28char *evm_hash = "sha1"; 28char *evm_hash = "sha1";
29int evm_hmac_version = CONFIG_EVM_HMAC_VERSION;
29 30
30char *evm_config_xattrnames[] = { 31char *evm_config_xattrnames[] = {
31#ifdef CONFIG_SECURITY_SELINUX 32#ifdef CONFIG_SECURITY_SELINUX
@@ -427,15 +428,6 @@ err:
427 return error; 428 return error;
428} 429}
429 430
430static void __exit cleanup_evm(void)
431{
432 evm_cleanup_secfs();
433 if (hmac_tfm)
434 crypto_free_shash(hmac_tfm);
435 if (hash_tfm)
436 crypto_free_shash(hash_tfm);
437}
438
439/* 431/*
440 * evm_display_config - list the EVM protected security extended attributes 432 * evm_display_config - list the EVM protected security extended attributes
441 */ 433 */
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index ac7629950578..30f670ad6ac3 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -100,9 +100,3 @@ int __init evm_init_secfs(void)
100 error = -EFAULT; 100 error = -EFAULT;
101 return error; 101 return error;
102} 102}
103
104void __exit evm_cleanup_secfs(void)
105{
106 if (evm_init_tpm)
107 securityfs_remove(evm_init_tpm);
108}
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index d82a5a13d855..74522dbd10a6 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -72,7 +72,10 @@ static void iint_free(struct integrity_iint_cache *iint)
72{ 72{
73 iint->version = 0; 73 iint->version = 0;
74 iint->flags = 0UL; 74 iint->flags = 0UL;
75 iint->ima_status = INTEGRITY_UNKNOWN; 75 iint->ima_file_status = INTEGRITY_UNKNOWN;
76 iint->ima_mmap_status = INTEGRITY_UNKNOWN;
77 iint->ima_bprm_status = INTEGRITY_UNKNOWN;
78 iint->ima_module_status = INTEGRITY_UNKNOWN;
76 iint->evm_status = INTEGRITY_UNKNOWN; 79 iint->evm_status = INTEGRITY_UNKNOWN;
77 kmem_cache_free(iint_cache, iint); 80 kmem_cache_free(iint_cache, iint);
78} 81}
@@ -149,7 +152,10 @@ static void init_once(void *foo)
149 memset(iint, 0, sizeof *iint); 152 memset(iint, 0, sizeof *iint);
150 iint->version = 0; 153 iint->version = 0;
151 iint->flags = 0UL; 154 iint->flags = 0UL;
152 iint->ima_status = INTEGRITY_UNKNOWN; 155 iint->ima_file_status = INTEGRITY_UNKNOWN;
156 iint->ima_mmap_status = INTEGRITY_UNKNOWN;
157 iint->ima_bprm_status = INTEGRITY_UNKNOWN;
158 iint->ima_module_status = INTEGRITY_UNKNOWN;
153 iint->evm_status = INTEGRITY_UNKNOWN; 159 iint->evm_status = INTEGRITY_UNKNOWN;
154} 160}
155 161
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3b2adb794f15..a41c9c18e5e0 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -84,11 +84,12 @@ void ima_fs_cleanup(void);
84int ima_inode_alloc(struct inode *inode); 84int ima_inode_alloc(struct inode *inode);
85int ima_add_template_entry(struct ima_template_entry *entry, int violation, 85int ima_add_template_entry(struct ima_template_entry *entry, int violation,
86 const char *op, struct inode *inode); 86 const char *op, struct inode *inode);
87int ima_calc_hash(struct file *file, char *digest); 87int ima_calc_file_hash(struct file *file, char *digest);
88int ima_calc_template_hash(int template_len, void *template, char *digest); 88int ima_calc_buffer_hash(const void *data, int len, char *digest);
89int ima_calc_boot_aggregate(char *digest); 89int ima_calc_boot_aggregate(char *digest);
90void ima_add_violation(struct inode *inode, const unsigned char *filename, 90void ima_add_violation(struct inode *inode, const unsigned char *filename,
91 const char *op, const char *cause); 91 const char *op, const char *cause);
92int ima_init_crypto(void);
92 93
93/* 94/*
94 * used to protect h_table and sha_table 95 * used to protect h_table and sha_table
@@ -119,6 +120,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
119int ima_store_template(struct ima_template_entry *entry, int violation, 120int ima_store_template(struct ima_template_entry *entry, int violation,
120 struct inode *inode); 121 struct inode *inode);
121void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show); 122void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show);
123const char *ima_d_path(struct path *path, char **pathbuf);
122 124
123/* rbtree tree calls to lookup, insert, delete 125/* rbtree tree calls to lookup, insert, delete
124 * integrity data associated with an inode. 126 * integrity data associated with an inode.
@@ -127,7 +129,7 @@ struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
127struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 129struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
128 130
129/* IMA policy related functions */ 131/* IMA policy related functions */
130enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; 132enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };
131 133
132int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 134int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
133 int flags); 135 int flags);
@@ -139,15 +141,19 @@ void ima_delete_rules(void);
139/* Appraise integrity measurements */ 141/* Appraise integrity measurements */
140#define IMA_APPRAISE_ENFORCE 0x01 142#define IMA_APPRAISE_ENFORCE 0x01
141#define IMA_APPRAISE_FIX 0x02 143#define IMA_APPRAISE_FIX 0x02
144#define IMA_APPRAISE_MODULES 0x04
142 145
143#ifdef CONFIG_IMA_APPRAISE 146#ifdef CONFIG_IMA_APPRAISE
144int ima_appraise_measurement(struct integrity_iint_cache *iint, 147int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
145 struct file *file, const unsigned char *filename); 148 struct file *file, const unsigned char *filename);
146int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 149int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
147void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 150void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
151enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
152 int func);
148 153
149#else 154#else
150static inline int ima_appraise_measurement(struct integrity_iint_cache *iint, 155static inline int ima_appraise_measurement(int func,
156 struct integrity_iint_cache *iint,
151 struct file *file, 157 struct file *file,
152 const unsigned char *filename) 158 const unsigned char *filename)
153{ 159{
@@ -164,6 +170,12 @@ static inline void ima_update_xattr(struct integrity_iint_cache *iint,
164 struct file *file) 170 struct file *file)
165{ 171{
166} 172}
173
174static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
175 *iint, int func)
176{
177 return INTEGRITY_UNKNOWN;
178}
167#endif 179#endif
168 180
169/* LSM based policy rules require audit */ 181/* LSM based policy rules require audit */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0cea3db21657..1c03e8f1e0e1 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -50,8 +50,8 @@ int ima_store_template(struct ima_template_entry *entry,
50 entry->template_len = sizeof(entry->template); 50 entry->template_len = sizeof(entry->template);
51 51
52 if (!violation) { 52 if (!violation) {
53 result = ima_calc_template_hash(entry->template_len, 53 result = ima_calc_buffer_hash(&entry->template,
54 &entry->template, 54 entry->template_len,
55 entry->digest); 55 entry->digest);
56 if (result < 0) { 56 if (result < 0) {
57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
@@ -100,12 +100,12 @@ err_out:
100 * ima_get_action - appraise & measure decision based on policy. 100 * ima_get_action - appraise & measure decision based on policy.
101 * @inode: pointer to inode to measure 101 * @inode: pointer to inode to measure
102 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) 102 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
103 * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) 103 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
104 * 104 *
105 * The policy is defined in terms of keypairs: 105 * The policy is defined in terms of keypairs:
106 * subj=, obj=, type=, func=, mask=, fsmagic= 106 * subj=, obj=, type=, func=, mask=, fsmagic=
107 * subj,obj, and type: are LSM specific. 107 * subj,obj, and type: are LSM specific.
108 * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK 108 * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK
109 * mask: contains the permission mask 109 * mask: contains the permission mask
110 * fsmagic: hex value 110 * fsmagic: hex value
111 * 111 *
@@ -140,15 +140,15 @@ int ima_must_measure(struct inode *inode, int mask, int function)
140int ima_collect_measurement(struct integrity_iint_cache *iint, 140int ima_collect_measurement(struct integrity_iint_cache *iint,
141 struct file *file) 141 struct file *file)
142{ 142{
143 struct inode *inode = file->f_dentry->d_inode; 143 struct inode *inode = file_inode(file);
144 const char *filename = file->f_dentry->d_name.name; 144 const char *filename = file->f_dentry->d_name.name;
145 int result = 0; 145 int result = 0;
146 146
147 if (!(iint->flags & IMA_COLLECTED)) { 147 if (!(iint->flags & IMA_COLLECTED)) {
148 u64 i_version = file->f_dentry->d_inode->i_version; 148 u64 i_version = file_inode(file)->i_version;
149 149
150 iint->ima_xattr.type = IMA_XATTR_DIGEST; 150 iint->ima_xattr.type = IMA_XATTR_DIGEST;
151 result = ima_calc_hash(file, iint->ima_xattr.digest); 151 result = ima_calc_file_hash(file, iint->ima_xattr.digest);
152 if (!result) { 152 if (!result) {
153 iint->version = i_version; 153 iint->version = i_version;
154 iint->flags |= IMA_COLLECTED; 154 iint->flags |= IMA_COLLECTED;
@@ -182,7 +182,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
182 const char *op = "add_template_measure"; 182 const char *op = "add_template_measure";
183 const char *audit_cause = "ENOMEM"; 183 const char *audit_cause = "ENOMEM";
184 int result = -ENOMEM; 184 int result = -ENOMEM;
185 struct inode *inode = file->f_dentry->d_inode; 185 struct inode *inode = file_inode(file);
186 struct ima_template_entry *entry; 186 struct ima_template_entry *entry;
187 int violation = 0; 187 int violation = 0;
188 188
@@ -237,3 +237,20 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
237 237
238 iint->flags |= IMA_AUDITED; 238 iint->flags |= IMA_AUDITED;
239} 239}
240
241const char *ima_d_path(struct path *path, char **pathbuf)
242{
243 char *pathname = NULL;
244
245 /* We will allow 11 spaces for ' (deleted)' to be appended */
246 *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
247 if (*pathbuf) {
248 pathname = d_path(path, *pathbuf, PATH_MAX + 11);
249 if (IS_ERR(pathname)) {
250 kfree(*pathbuf);
251 *pathbuf = NULL;
252 pathname = NULL;
253 }
254 }
255 return pathname;
256}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index bdc8ba1d1d27..2d4becab8918 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -42,12 +42,69 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
42 return ima_match_policy(inode, func, mask, IMA_APPRAISE); 42 return ima_match_policy(inode, func, mask, IMA_APPRAISE);
43} 43}
44 44
45static void ima_fix_xattr(struct dentry *dentry, 45static int ima_fix_xattr(struct dentry *dentry,
46 struct integrity_iint_cache *iint) 46 struct integrity_iint_cache *iint)
47{ 47{
48 iint->ima_xattr.type = IMA_XATTR_DIGEST; 48 iint->ima_xattr.type = IMA_XATTR_DIGEST;
49 __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA, (u8 *)&iint->ima_xattr, 49 return __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
50 sizeof iint->ima_xattr, 0); 50 (u8 *)&iint->ima_xattr,
51 sizeof(iint->ima_xattr), 0);
52}
53
54/* Return specific func appraised cached result */
55enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
56 int func)
57{
58 switch(func) {
59 case MMAP_CHECK:
60 return iint->ima_mmap_status;
61 case BPRM_CHECK:
62 return iint->ima_bprm_status;
63 case MODULE_CHECK:
64 return iint->ima_module_status;
65 case FILE_CHECK:
66 default:
67 return iint->ima_file_status;
68 }
69}
70
71static void ima_set_cache_status(struct integrity_iint_cache *iint,
72 int func, enum integrity_status status)
73{
74 switch(func) {
75 case MMAP_CHECK:
76 iint->ima_mmap_status = status;
77 break;
78 case BPRM_CHECK:
79 iint->ima_bprm_status = status;
80 break;
81 case MODULE_CHECK:
82 iint->ima_module_status = status;
83 break;
84 case FILE_CHECK:
85 default:
86 iint->ima_file_status = status;
87 break;
88 }
89}
90
91static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
92{
93 switch(func) {
94 case MMAP_CHECK:
95 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
96 break;
97 case BPRM_CHECK:
98 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
99 break;
100 case MODULE_CHECK:
101 iint->flags |= (IMA_MODULE_APPRAISED | IMA_APPRAISED);
102 break;
103 case FILE_CHECK:
104 default:
105 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
106 break;
107 }
51} 108}
52 109
53/* 110/*
@@ -58,7 +115,7 @@ static void ima_fix_xattr(struct dentry *dentry,
58 * 115 *
59 * Return 0 on success, error code otherwise 116 * Return 0 on success, error code otherwise
60 */ 117 */
61int ima_appraise_measurement(struct integrity_iint_cache *iint, 118int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
62 struct file *file, const unsigned char *filename) 119 struct file *file, const unsigned char *filename)
63{ 120{
64 struct dentry *dentry = file->f_dentry; 121 struct dentry *dentry = file->f_dentry;
@@ -74,9 +131,6 @@ int ima_appraise_measurement(struct integrity_iint_cache *iint,
74 if (!inode->i_op->getxattr) 131 if (!inode->i_op->getxattr)
75 return INTEGRITY_UNKNOWN; 132 return INTEGRITY_UNKNOWN;
76 133
77 if (iint->flags & IMA_APPRAISED)
78 return iint->ima_status;
79
80 rc = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)&xattr_value, 134 rc = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)&xattr_value,
81 0, GFP_NOFS); 135 0, GFP_NOFS);
82 if (rc <= 0) { 136 if (rc <= 0) {
@@ -98,19 +152,18 @@ int ima_appraise_measurement(struct integrity_iint_cache *iint,
98 cause = "invalid-HMAC"; 152 cause = "invalid-HMAC";
99 goto out; 153 goto out;
100 } 154 }
101
102 switch (xattr_value->type) { 155 switch (xattr_value->type) {
103 case IMA_XATTR_DIGEST: 156 case IMA_XATTR_DIGEST:
157 if (iint->flags & IMA_DIGSIG_REQUIRED) {
158 cause = "IMA signature required";
159 status = INTEGRITY_FAIL;
160 break;
161 }
104 rc = memcmp(xattr_value->digest, iint->ima_xattr.digest, 162 rc = memcmp(xattr_value->digest, iint->ima_xattr.digest,
105 IMA_DIGEST_SIZE); 163 IMA_DIGEST_SIZE);
106 if (rc) { 164 if (rc) {
107 cause = "invalid-hash"; 165 cause = "invalid-hash";
108 status = INTEGRITY_FAIL; 166 status = INTEGRITY_FAIL;
109 print_hex_dump_bytes("security.ima: ", DUMP_PREFIX_NONE,
110 xattr_value, sizeof(*xattr_value));
111 print_hex_dump_bytes("collected: ", DUMP_PREFIX_NONE,
112 (u8 *)&iint->ima_xattr,
113 sizeof iint->ima_xattr);
114 break; 167 break;
115 } 168 }
116 status = INTEGRITY_PASS; 169 status = INTEGRITY_PASS;
@@ -141,15 +194,15 @@ out:
141 if ((ima_appraise & IMA_APPRAISE_FIX) && 194 if ((ima_appraise & IMA_APPRAISE_FIX) &&
142 (!xattr_value || 195 (!xattr_value ||
143 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { 196 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) {
144 ima_fix_xattr(dentry, iint); 197 if (!ima_fix_xattr(dentry, iint))
145 status = INTEGRITY_PASS; 198 status = INTEGRITY_PASS;
146 } 199 }
147 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, 200 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
148 op, cause, rc, 0); 201 op, cause, rc, 0);
149 } else { 202 } else {
150 iint->flags |= IMA_APPRAISED; 203 ima_cache_flags(iint, func);
151 } 204 }
152 iint->ima_status = status; 205 ima_set_cache_status(iint, func, status);
153 kfree(xattr_value); 206 kfree(xattr_value);
154 return status; 207 return status;
155} 208}
@@ -195,10 +248,11 @@ void ima_inode_post_setattr(struct dentry *dentry)
195 must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); 248 must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR);
196 iint = integrity_iint_find(inode); 249 iint = integrity_iint_find(inode);
197 if (iint) { 250 if (iint) {
251 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
252 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
253 IMA_ACTION_FLAGS);
198 if (must_appraise) 254 if (must_appraise)
199 iint->flags |= IMA_APPRAISE; 255 iint->flags |= IMA_APPRAISE;
200 else
201 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED);
202 } 256 }
203 if (!must_appraise) 257 if (!must_appraise)
204 rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); 258 rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA);
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index b21ee5b5495a..a02e0791cf15 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -19,38 +19,41 @@
19#include <linux/scatterlist.h> 19#include <linux/scatterlist.h>
20#include <linux/err.h> 20#include <linux/err.h>
21#include <linux/slab.h> 21#include <linux/slab.h>
22#include <crypto/hash.h>
22#include "ima.h" 23#include "ima.h"
23 24
24static int init_desc(struct hash_desc *desc) 25static struct crypto_shash *ima_shash_tfm;
26
27int ima_init_crypto(void)
25{ 28{
26 int rc; 29 long rc;
27 30
28 desc->tfm = crypto_alloc_hash(ima_hash, 0, CRYPTO_ALG_ASYNC); 31 ima_shash_tfm = crypto_alloc_shash(ima_hash, 0, 0);
29 if (IS_ERR(desc->tfm)) { 32 if (IS_ERR(ima_shash_tfm)) {
30 pr_info("IMA: failed to load %s transform: %ld\n", 33 rc = PTR_ERR(ima_shash_tfm);
31 ima_hash, PTR_ERR(desc->tfm)); 34 pr_err("Can not allocate %s (reason: %ld)\n", ima_hash, rc);
32 rc = PTR_ERR(desc->tfm);
33 return rc; 35 return rc;
34 } 36 }
35 desc->flags = 0; 37 return 0;
36 rc = crypto_hash_init(desc);
37 if (rc)
38 crypto_free_hash(desc->tfm);
39 return rc;
40} 38}
41 39
42/* 40/*
43 * Calculate the MD5/SHA1 file digest 41 * Calculate the MD5/SHA1 file digest
44 */ 42 */
45int ima_calc_hash(struct file *file, char *digest) 43int ima_calc_file_hash(struct file *file, char *digest)
46{ 44{
47 struct hash_desc desc;
48 struct scatterlist sg[1];
49 loff_t i_size, offset = 0; 45 loff_t i_size, offset = 0;
50 char *rbuf; 46 char *rbuf;
51 int rc, read = 0; 47 int rc, read = 0;
48 struct {
49 struct shash_desc shash;
50 char ctx[crypto_shash_descsize(ima_shash_tfm)];
51 } desc;
52 52
53 rc = init_desc(&desc); 53 desc.shash.tfm = ima_shash_tfm;
54 desc.shash.flags = 0;
55
56 rc = crypto_shash_init(&desc.shash);
54 if (rc != 0) 57 if (rc != 0)
55 return rc; 58 return rc;
56 59
@@ -63,7 +66,7 @@ int ima_calc_hash(struct file *file, char *digest)
63 file->f_mode |= FMODE_READ; 66 file->f_mode |= FMODE_READ;
64 read = 1; 67 read = 1;
65 } 68 }
66 i_size = i_size_read(file->f_dentry->d_inode); 69 i_size = i_size_read(file_inode(file));
67 while (offset < i_size) { 70 while (offset < i_size) {
68 int rbuf_len; 71 int rbuf_len;
69 72
@@ -75,41 +78,34 @@ int ima_calc_hash(struct file *file, char *digest)
75 if (rbuf_len == 0) 78 if (rbuf_len == 0)
76 break; 79 break;
77 offset += rbuf_len; 80 offset += rbuf_len;
78 sg_init_one(sg, rbuf, rbuf_len);
79 81
80 rc = crypto_hash_update(&desc, sg, rbuf_len); 82 rc = crypto_shash_update(&desc.shash, rbuf, rbuf_len);
81 if (rc) 83 if (rc)
82 break; 84 break;
83 } 85 }
84 kfree(rbuf); 86 kfree(rbuf);
85 if (!rc) 87 if (!rc)
86 rc = crypto_hash_final(&desc, digest); 88 rc = crypto_shash_final(&desc.shash, digest);
87 if (read) 89 if (read)
88 file->f_mode &= ~FMODE_READ; 90 file->f_mode &= ~FMODE_READ;
89out: 91out:
90 crypto_free_hash(desc.tfm);
91 return rc; 92 return rc;
92} 93}
93 94
94/* 95/*
95 * Calculate the hash of a given template 96 * Calculate the hash of a given buffer
96 */ 97 */
97int ima_calc_template_hash(int template_len, void *template, char *digest) 98int ima_calc_buffer_hash(const void *data, int len, char *digest)
98{ 99{
99 struct hash_desc desc; 100 struct {
100 struct scatterlist sg[1]; 101 struct shash_desc shash;
101 int rc; 102 char ctx[crypto_shash_descsize(ima_shash_tfm)];
103 } desc;
102 104
103 rc = init_desc(&desc); 105 desc.shash.tfm = ima_shash_tfm;
104 if (rc != 0) 106 desc.shash.flags = 0;
105 return rc;
106 107
107 sg_init_one(sg, template, template_len); 108 return crypto_shash_digest(&desc.shash, data, len, digest);
108 rc = crypto_hash_update(&desc, sg, template_len);
109 if (!rc)
110 rc = crypto_hash_final(&desc, digest);
111 crypto_free_hash(desc.tfm);
112 return rc;
113} 109}
114 110
115static void __init ima_pcrread(int idx, u8 *pcr) 111static void __init ima_pcrread(int idx, u8 *pcr)
@@ -126,12 +122,17 @@ static void __init ima_pcrread(int idx, u8 *pcr)
126 */ 122 */
127int __init ima_calc_boot_aggregate(char *digest) 123int __init ima_calc_boot_aggregate(char *digest)
128{ 124{
129 struct hash_desc desc;
130 struct scatterlist sg;
131 u8 pcr_i[IMA_DIGEST_SIZE]; 125 u8 pcr_i[IMA_DIGEST_SIZE];
132 int rc, i; 126 int rc, i;
127 struct {
128 struct shash_desc shash;
129 char ctx[crypto_shash_descsize(ima_shash_tfm)];
130 } desc;
131
132 desc.shash.tfm = ima_shash_tfm;
133 desc.shash.flags = 0;
133 134
134 rc = init_desc(&desc); 135 rc = crypto_shash_init(&desc.shash);
135 if (rc != 0) 136 if (rc != 0)
136 return rc; 137 return rc;
137 138
@@ -139,11 +140,9 @@ int __init ima_calc_boot_aggregate(char *digest)
139 for (i = TPM_PCR0; i < TPM_PCR8; i++) { 140 for (i = TPM_PCR0; i < TPM_PCR8; i++) {
140 ima_pcrread(i, pcr_i); 141 ima_pcrread(i, pcr_i);
141 /* now accumulate with current aggregate */ 142 /* now accumulate with current aggregate */
142 sg_init_one(&sg, pcr_i, IMA_DIGEST_SIZE); 143 rc = crypto_shash_update(&desc.shash, pcr_i, IMA_DIGEST_SIZE);
143 rc = crypto_hash_update(&desc, &sg, IMA_DIGEST_SIZE);
144 } 144 }
145 if (!rc) 145 if (!rc)
146 crypto_hash_final(&desc, digest); 146 crypto_shash_final(&desc.shash, digest);
147 crypto_free_hash(desc.tfm);
148 return rc; 147 return rc;
149} 148}
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index b5dfd534f13d..162ea723db3d 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -85,6 +85,9 @@ int __init ima_init(void)
85 if (!ima_used_chip) 85 if (!ima_used_chip)
86 pr_info("IMA: No TPM chip found, activating TPM-bypass!\n"); 86 pr_info("IMA: No TPM chip found, activating TPM-bypass!\n");
87 87
88 rc = ima_init_crypto();
89 if (rc)
90 return rc;
88 ima_add_boot_aggregate(); /* boot aggregate must be first entry */ 91 ima_add_boot_aggregate(); /* boot aggregate must be first entry */
89 ima_init_policy(); 92 ima_init_policy();
90 93
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 45de18e9a6f2..3b3b7e6bf8da 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -61,7 +61,8 @@ static void ima_rdwr_violation_check(struct file *file)
61 fmode_t mode = file->f_mode; 61 fmode_t mode = file->f_mode;
62 int must_measure; 62 int must_measure;
63 bool send_tomtou = false, send_writers = false; 63 bool send_tomtou = false, send_writers = false;
64 unsigned char *pathname = NULL, *pathbuf = NULL; 64 char *pathbuf = NULL;
65 const char *pathname;
65 66
66 if (!S_ISREG(inode->i_mode) || !ima_initialized) 67 if (!S_ISREG(inode->i_mode) || !ima_initialized)
67 return; 68 return;
@@ -86,22 +87,15 @@ out:
86 if (!send_tomtou && !send_writers) 87 if (!send_tomtou && !send_writers)
87 return; 88 return;
88 89
89 /* We will allow 11 spaces for ' (deleted)' to be appended */ 90 pathname = ima_d_path(&file->f_path, &pathbuf);
90 pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); 91 if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
91 if (pathbuf) { 92 pathname = dentry->d_name.name;
92 pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11); 93
93 if (IS_ERR(pathname))
94 pathname = NULL;
95 else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
96 pathname = NULL;
97 }
98 if (send_tomtou) 94 if (send_tomtou)
99 ima_add_violation(inode, 95 ima_add_violation(inode, pathname,
100 !pathname ? dentry->d_name.name : pathname,
101 "invalid_pcr", "ToMToU"); 96 "invalid_pcr", "ToMToU");
102 if (send_writers) 97 if (send_writers)
103 ima_add_violation(inode, 98 ima_add_violation(inode, pathname,
104 !pathname ? dentry->d_name.name : pathname,
105 "invalid_pcr", "open_writers"); 99 "invalid_pcr", "open_writers");
106 kfree(pathbuf); 100 kfree(pathbuf);
107} 101}
@@ -132,7 +126,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
132 */ 126 */
133void ima_file_free(struct file *file) 127void ima_file_free(struct file *file)
134{ 128{
135 struct inode *inode = file->f_dentry->d_inode; 129 struct inode *inode = file_inode(file);
136 struct integrity_iint_cache *iint; 130 struct integrity_iint_cache *iint;
137 131
138 if (!iint_initialized || !S_ISREG(inode->i_mode)) 132 if (!iint_initialized || !S_ISREG(inode->i_mode))
@@ -145,25 +139,31 @@ void ima_file_free(struct file *file)
145 ima_check_last_writer(iint, inode, file); 139 ima_check_last_writer(iint, inode, file);
146} 140}
147 141
148static int process_measurement(struct file *file, const unsigned char *filename, 142static int process_measurement(struct file *file, const char *filename,
149 int mask, int function) 143 int mask, int function)
150{ 144{
151 struct inode *inode = file->f_dentry->d_inode; 145 struct inode *inode = file_inode(file);
152 struct integrity_iint_cache *iint; 146 struct integrity_iint_cache *iint;
153 unsigned char *pathname = NULL, *pathbuf = NULL; 147 char *pathbuf = NULL;
154 int rc = -ENOMEM, action, must_appraise; 148 const char *pathname = NULL;
149 int rc = -ENOMEM, action, must_appraise, _func;
155 150
156 if (!ima_initialized || !S_ISREG(inode->i_mode)) 151 if (!ima_initialized || !S_ISREG(inode->i_mode))
157 return 0; 152 return 0;
158 153
159 /* Determine if in appraise/audit/measurement policy, 154 /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action
160 * returns IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT bitmask. */ 155 * bitmask based on the appraise/audit/measurement policy.
156 * Included is the appraise submask.
157 */
161 action = ima_get_action(inode, mask, function); 158 action = ima_get_action(inode, mask, function);
162 if (!action) 159 if (!action)
163 return 0; 160 return 0;
164 161
165 must_appraise = action & IMA_APPRAISE; 162 must_appraise = action & IMA_APPRAISE;
166 163
164 /* Is the appraise rule hook specific? */
165 _func = (action & IMA_FILE_APPRAISE) ? FILE_CHECK : function;
166
167 mutex_lock(&inode->i_mutex); 167 mutex_lock(&inode->i_mutex);
168 168
169 iint = integrity_inode_get(inode); 169 iint = integrity_inode_get(inode);
@@ -171,44 +171,45 @@ static int process_measurement(struct file *file, const unsigned char *filename,
171 goto out; 171 goto out;
172 172
173 /* Determine if already appraised/measured based on bitmask 173 /* Determine if already appraised/measured based on bitmask
174 * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED, 174 * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED,
175 * IMA_AUDIT, IMA_AUDITED) */ 175 * IMA_AUDIT, IMA_AUDITED)
176 */
176 iint->flags |= action; 177 iint->flags |= action;
178 action &= IMA_DO_MASK;
177 action &= ~((iint->flags & IMA_DONE_MASK) >> 1); 179 action &= ~((iint->flags & IMA_DONE_MASK) >> 1);
178 180
179 /* Nothing to do, just return existing appraised status */ 181 /* Nothing to do, just return existing appraised status */
180 if (!action) { 182 if (!action) {
181 if (iint->flags & IMA_APPRAISED) 183 if (must_appraise)
182 rc = iint->ima_status; 184 rc = ima_get_cache_status(iint, _func);
183 goto out; 185 goto out_digsig;
184 } 186 }
185 187
186 rc = ima_collect_measurement(iint, file); 188 rc = ima_collect_measurement(iint, file);
187 if (rc != 0) 189 if (rc != 0)
188 goto out; 190 goto out_digsig;
191
192 if (function != BPRM_CHECK)
193 pathname = ima_d_path(&file->f_path, &pathbuf);
194
195 if (!pathname)
196 pathname = filename;
189 197
190 if (function != BPRM_CHECK) {
191 /* We will allow 11 spaces for ' (deleted)' to be appended */
192 pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
193 if (pathbuf) {
194 pathname =
195 d_path(&file->f_path, pathbuf, PATH_MAX + 11);
196 if (IS_ERR(pathname))
197 pathname = NULL;
198 }
199 }
200 if (action & IMA_MEASURE) 198 if (action & IMA_MEASURE)
201 ima_store_measurement(iint, file, 199 ima_store_measurement(iint, file, pathname);
202 !pathname ? filename : pathname); 200 if (action & IMA_APPRAISE_SUBMASK)
203 if (action & IMA_APPRAISE) 201 rc = ima_appraise_measurement(_func, iint, file, pathname);
204 rc = ima_appraise_measurement(iint, file,
205 !pathname ? filename : pathname);
206 if (action & IMA_AUDIT) 202 if (action & IMA_AUDIT)
207 ima_audit_measurement(iint, !pathname ? filename : pathname); 203 ima_audit_measurement(iint, pathname);
208 kfree(pathbuf); 204 kfree(pathbuf);
205out_digsig:
206 if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG))
207 rc = -EACCES;
209out: 208out:
210 mutex_unlock(&inode->i_mutex); 209 mutex_unlock(&inode->i_mutex);
211 return (rc && must_appraise) ? -EACCES : 0; 210 if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE))
211 return -EACCES;
212 return 0;
212} 213}
213 214
214/** 215/**
@@ -219,19 +220,15 @@ out:
219 * Measure files being mmapped executable based on the ima_must_measure() 220 * Measure files being mmapped executable based on the ima_must_measure()
220 * policy decision. 221 * policy decision.
221 * 222 *
222 * Return 0 on success, an error code on failure. 223 * On success return 0. On integrity appraisal error, assuming the file
223 * (Based on the results of appraise_measurement().) 224 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
224 */ 225 */
225int ima_file_mmap(struct file *file, unsigned long prot) 226int ima_file_mmap(struct file *file, unsigned long prot)
226{ 227{
227 int rc = 0; 228 if (file && (prot & PROT_EXEC))
228 229 return process_measurement(file, file->f_dentry->d_name.name,
229 if (!file) 230 MAY_EXEC, MMAP_CHECK);
230 return 0; 231 return 0;
231 if (prot & PROT_EXEC)
232 rc = process_measurement(file, file->f_dentry->d_name.name,
233 MAY_EXEC, FILE_MMAP);
234 return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
235} 232}
236 233
237/** 234/**
@@ -244,18 +241,15 @@ int ima_file_mmap(struct file *file, unsigned long prot)
244 * So we can be certain that what we verify and measure here is actually 241 * So we can be certain that what we verify and measure here is actually
245 * what is being executed. 242 * what is being executed.
246 * 243 *
247 * Return 0 on success, an error code on failure. 244 * On success return 0. On integrity appraisal error, assuming the file
248 * (Based on the results of appraise_measurement().) 245 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
249 */ 246 */
250int ima_bprm_check(struct linux_binprm *bprm) 247int ima_bprm_check(struct linux_binprm *bprm)
251{ 248{
252 int rc; 249 return process_measurement(bprm->file,
253
254 rc = process_measurement(bprm->file,
255 (strcmp(bprm->filename, bprm->interp) == 0) ? 250 (strcmp(bprm->filename, bprm->interp) == 0) ?
256 bprm->filename : bprm->interp, 251 bprm->filename : bprm->interp,
257 MAY_EXEC, BPRM_CHECK); 252 MAY_EXEC, BPRM_CHECK);
258 return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
259} 253}
260 254
261/** 255/**
@@ -265,18 +259,15 @@ int ima_bprm_check(struct linux_binprm *bprm)
265 * 259 *
266 * Measure files based on the ima_must_measure() policy decision. 260 * Measure files based on the ima_must_measure() policy decision.
267 * 261 *
268 * Always return 0 and audit dentry_open failures. 262 * On success return 0. On integrity appraisal error, assuming the file
269 * (Return code will be based upon measurement appraisal.) 263 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
270 */ 264 */
271int ima_file_check(struct file *file, int mask) 265int ima_file_check(struct file *file, int mask)
272{ 266{
273 int rc;
274
275 ima_rdwr_violation_check(file); 267 ima_rdwr_violation_check(file);
276 rc = process_measurement(file, file->f_dentry->d_name.name, 268 return process_measurement(file, file->f_dentry->d_name.name,
277 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 269 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
278 FILE_CHECK); 270 FILE_CHECK);
279 return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
280} 271}
281EXPORT_SYMBOL_GPL(ima_file_check); 272EXPORT_SYMBOL_GPL(ima_file_check);
282 273
@@ -286,19 +277,21 @@ EXPORT_SYMBOL_GPL(ima_file_check);
286 * 277 *
287 * Measure/appraise kernel modules based on policy. 278 * Measure/appraise kernel modules based on policy.
288 * 279 *
289 * Always return 0 and audit dentry_open failures. 280 * On success return 0. On integrity appraisal error, assuming the file
290 * Return code is based upon measurement appraisal. 281 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
291 */ 282 */
292int ima_module_check(struct file *file) 283int ima_module_check(struct file *file)
293{ 284{
294 int rc; 285 if (!file) {
295 286#ifndef CONFIG_MODULE_SIG_FORCE
296 if (!file) 287 if ((ima_appraise & IMA_APPRAISE_MODULES) &&
297 rc = INTEGRITY_UNKNOWN; 288 (ima_appraise & IMA_APPRAISE_ENFORCE))
298 else 289 return -EACCES; /* INTEGRITY_UNKNOWN */
299 rc = process_measurement(file, file->f_dentry->d_name.name, 290#endif
300 MAY_EXEC, MODULE_CHECK); 291 return 0; /* We rely on module signature checking */
301 return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; 292 }
293 return process_measurement(file, file->f_dentry->d_name.name,
294 MAY_EXEC, MODULE_CHECK);
302} 295}
303 296
304static int __init init_ima(void) 297static int __init init_ima(void)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index af7d182d5a46..399433ad614e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -16,6 +16,7 @@
16#include <linux/magic.h> 16#include <linux/magic.h>
17#include <linux/parser.h> 17#include <linux/parser.h>
18#include <linux/slab.h> 18#include <linux/slab.h>
19#include <linux/genhd.h>
19 20
20#include "ima.h" 21#include "ima.h"
21 22
@@ -25,6 +26,7 @@
25#define IMA_FSMAGIC 0x0004 26#define IMA_FSMAGIC 0x0004
26#define IMA_UID 0x0008 27#define IMA_UID 0x0008
27#define IMA_FOWNER 0x0010 28#define IMA_FOWNER 0x0010
29#define IMA_FSUUID 0x0020
28 30
29#define UNKNOWN 0 31#define UNKNOWN 0
30#define MEASURE 0x0001 /* same as IMA_MEASURE */ 32#define MEASURE 0x0001 /* same as IMA_MEASURE */
@@ -45,10 +47,12 @@ struct ima_rule_entry {
45 enum ima_hooks func; 47 enum ima_hooks func;
46 int mask; 48 int mask;
47 unsigned long fsmagic; 49 unsigned long fsmagic;
50 u8 fsuuid[16];
48 kuid_t uid; 51 kuid_t uid;
49 kuid_t fowner; 52 kuid_t fowner;
50 struct { 53 struct {
51 void *rule; /* LSM file metadata specific */ 54 void *rule; /* LSM file metadata specific */
55 void *args_p; /* audit value */
52 int type; /* audit type */ 56 int type; /* audit type */
53 } lsm[MAX_LSM_RULES]; 57 } lsm[MAX_LSM_RULES];
54}; 58};
@@ -74,7 +78,7 @@ static struct ima_rule_entry default_rules[] = {
74 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 78 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
75 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 79 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
76 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, 80 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
77 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, 81 {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC,
78 .flags = IMA_FUNC | IMA_MASK}, 82 .flags = IMA_FUNC | IMA_MASK},
79 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, 83 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
80 .flags = IMA_FUNC | IMA_MASK}, 84 .flags = IMA_FUNC | IMA_MASK},
@@ -119,6 +123,35 @@ static int __init default_appraise_policy_setup(char *str)
119} 123}
120__setup("ima_appraise_tcb", default_appraise_policy_setup); 124__setup("ima_appraise_tcb", default_appraise_policy_setup);
121 125
126/*
127 * Although the IMA policy does not change, the LSM policy can be
128 * reloaded, leaving the IMA LSM based rules referring to the old,
129 * stale LSM policy.
130 *
131 * Update the IMA LSM based rules to reflect the reloaded LSM policy.
132 * We assume the rules still exist; and BUG_ON() if they don't.
133 */
134static void ima_lsm_update_rules(void)
135{
136 struct ima_rule_entry *entry, *tmp;
137 int result;
138 int i;
139
140 mutex_lock(&ima_rules_mutex);
141 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) {
142 for (i = 0; i < MAX_LSM_RULES; i++) {
143 if (!entry->lsm[i].rule)
144 continue;
145 result = security_filter_rule_init(entry->lsm[i].type,
146 Audit_equal,
147 entry->lsm[i].args_p,
148 &entry->lsm[i].rule);
149 BUG_ON(!entry->lsm[i].rule);
150 }
151 }
152 mutex_unlock(&ima_rules_mutex);
153}
154
122/** 155/**
123 * ima_match_rules - determine whether an inode matches the measure rule. 156 * ima_match_rules - determine whether an inode matches the measure rule.
124 * @rule: a pointer to a rule 157 * @rule: a pointer to a rule
@@ -142,6 +175,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
142 if ((rule->flags & IMA_FSMAGIC) 175 if ((rule->flags & IMA_FSMAGIC)
143 && rule->fsmagic != inode->i_sb->s_magic) 176 && rule->fsmagic != inode->i_sb->s_magic)
144 return false; 177 return false;
178 if ((rule->flags & IMA_FSUUID) &&
179 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
180 return false;
145 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) 181 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
146 return false; 182 return false;
147 if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid)) 183 if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid))
@@ -149,10 +185,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
149 for (i = 0; i < MAX_LSM_RULES; i++) { 185 for (i = 0; i < MAX_LSM_RULES; i++) {
150 int rc = 0; 186 int rc = 0;
151 u32 osid, sid; 187 u32 osid, sid;
188 int retried = 0;
152 189
153 if (!rule->lsm[i].rule) 190 if (!rule->lsm[i].rule)
154 continue; 191 continue;
155 192retry:
156 switch (i) { 193 switch (i) {
157 case LSM_OBJ_USER: 194 case LSM_OBJ_USER:
158 case LSM_OBJ_ROLE: 195 case LSM_OBJ_ROLE:
@@ -176,12 +213,39 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
176 default: 213 default:
177 break; 214 break;
178 } 215 }
216 if ((rc < 0) && (!retried)) {
217 retried = 1;
218 ima_lsm_update_rules();
219 goto retry;
220 }
179 if (!rc) 221 if (!rc)
180 return false; 222 return false;
181 } 223 }
182 return true; 224 return true;
183} 225}
184 226
227/*
228 * In addition to knowing that we need to appraise the file in general,
229 * we need to differentiate between calling hooks, for hook specific rules.
230 */
231static int get_subaction(struct ima_rule_entry *rule, int func)
232{
233 if (!(rule->flags & IMA_FUNC))
234 return IMA_FILE_APPRAISE;
235
236 switch(func) {
237 case MMAP_CHECK:
238 return IMA_MMAP_APPRAISE;
239 case BPRM_CHECK:
240 return IMA_BPRM_APPRAISE;
241 case MODULE_CHECK:
242 return IMA_MODULE_APPRAISE;
243 case FILE_CHECK:
244 default:
245 return IMA_FILE_APPRAISE;
246 }
247}
248
185/** 249/**
186 * ima_match_policy - decision based on LSM and other conditions 250 * ima_match_policy - decision based on LSM and other conditions
187 * @inode: pointer to an inode for which the policy decision is being made 251 * @inode: pointer to an inode for which the policy decision is being made
@@ -209,7 +273,12 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
209 if (!ima_match_rules(entry, inode, func, mask)) 273 if (!ima_match_rules(entry, inode, func, mask))
210 continue; 274 continue;
211 275
276 action |= entry->flags & IMA_ACTION_FLAGS;
277
212 action |= entry->action & IMA_DO_MASK; 278 action |= entry->action & IMA_DO_MASK;
279 if (entry->action & IMA_APPRAISE)
280 action |= get_subaction(entry, func);
281
213 if (entry->action & IMA_DO_MASK) 282 if (entry->action & IMA_DO_MASK)
214 actmask &= ~(entry->action | entry->action << 1); 283 actmask &= ~(entry->action | entry->action << 1);
215 else 284 else
@@ -282,7 +351,8 @@ enum {
282 Opt_audit, 351 Opt_audit,
283 Opt_obj_user, Opt_obj_role, Opt_obj_type, 352 Opt_obj_user, Opt_obj_role, Opt_obj_type,
284 Opt_subj_user, Opt_subj_role, Opt_subj_type, 353 Opt_subj_user, Opt_subj_role, Opt_subj_type,
285 Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner 354 Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner,
355 Opt_appraise_type, Opt_fsuuid
286}; 356};
287 357
288static match_table_t policy_tokens = { 358static match_table_t policy_tokens = {
@@ -300,25 +370,35 @@ static match_table_t policy_tokens = {
300 {Opt_func, "func=%s"}, 370 {Opt_func, "func=%s"},
301 {Opt_mask, "mask=%s"}, 371 {Opt_mask, "mask=%s"},
302 {Opt_fsmagic, "fsmagic=%s"}, 372 {Opt_fsmagic, "fsmagic=%s"},
373 {Opt_fsuuid, "fsuuid=%s"},
303 {Opt_uid, "uid=%s"}, 374 {Opt_uid, "uid=%s"},
304 {Opt_fowner, "fowner=%s"}, 375 {Opt_fowner, "fowner=%s"},
376 {Opt_appraise_type, "appraise_type=%s"},
305 {Opt_err, NULL} 377 {Opt_err, NULL}
306}; 378};
307 379
308static int ima_lsm_rule_init(struct ima_rule_entry *entry, 380static int ima_lsm_rule_init(struct ima_rule_entry *entry,
309 char *args, int lsm_rule, int audit_type) 381 substring_t *args, int lsm_rule, int audit_type)
310{ 382{
311 int result; 383 int result;
312 384
313 if (entry->lsm[lsm_rule].rule) 385 if (entry->lsm[lsm_rule].rule)
314 return -EINVAL; 386 return -EINVAL;
315 387
388 entry->lsm[lsm_rule].args_p = match_strdup(args);
389 if (!entry->lsm[lsm_rule].args_p)
390 return -ENOMEM;
391
316 entry->lsm[lsm_rule].type = audit_type; 392 entry->lsm[lsm_rule].type = audit_type;
317 result = security_filter_rule_init(entry->lsm[lsm_rule].type, 393 result = security_filter_rule_init(entry->lsm[lsm_rule].type,
318 Audit_equal, args, 394 Audit_equal,
395 entry->lsm[lsm_rule].args_p,
319 &entry->lsm[lsm_rule].rule); 396 &entry->lsm[lsm_rule].rule);
320 if (!entry->lsm[lsm_rule].rule) 397 if (!entry->lsm[lsm_rule].rule) {
398 kfree(entry->lsm[lsm_rule].args_p);
321 return -EINVAL; 399 return -EINVAL;
400 }
401
322 return result; 402 return result;
323} 403}
324 404
@@ -404,8 +484,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
404 entry->func = FILE_CHECK; 484 entry->func = FILE_CHECK;
405 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) 485 else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
406 entry->func = MODULE_CHECK; 486 entry->func = MODULE_CHECK;
407 else if (strcmp(args[0].from, "FILE_MMAP") == 0) 487 else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
408 entry->func = FILE_MMAP; 488 || (strcmp(args[0].from, "MMAP_CHECK") == 0))
489 entry->func = MMAP_CHECK;
409 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 490 else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
410 entry->func = BPRM_CHECK; 491 entry->func = BPRM_CHECK;
411 else 492 else
@@ -445,6 +526,20 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
445 if (!result) 526 if (!result)
446 entry->flags |= IMA_FSMAGIC; 527 entry->flags |= IMA_FSMAGIC;
447 break; 528 break;
529 case Opt_fsuuid:
530 ima_log_string(ab, "fsuuid", args[0].from);
531
532 if (memchr_inv(entry->fsuuid, 0x00,
533 sizeof(entry->fsuuid))) {
534 result = -EINVAL;
535 break;
536 }
537
538 result = blk_part_pack_uuid(args[0].from,
539 entry->fsuuid);
540 if (!result)
541 entry->flags |= IMA_FSUUID;
542 break;
448 case Opt_uid: 543 case Opt_uid:
449 ima_log_string(ab, "uid", args[0].from); 544 ima_log_string(ab, "uid", args[0].from);
450 545
@@ -481,40 +576,52 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
481 break; 576 break;
482 case Opt_obj_user: 577 case Opt_obj_user:
483 ima_log_string(ab, "obj_user", args[0].from); 578 ima_log_string(ab, "obj_user", args[0].from);
484 result = ima_lsm_rule_init(entry, args[0].from, 579 result = ima_lsm_rule_init(entry, args,
485 LSM_OBJ_USER, 580 LSM_OBJ_USER,
486 AUDIT_OBJ_USER); 581 AUDIT_OBJ_USER);
487 break; 582 break;
488 case Opt_obj_role: 583 case Opt_obj_role:
489 ima_log_string(ab, "obj_role", args[0].from); 584 ima_log_string(ab, "obj_role", args[0].from);
490 result = ima_lsm_rule_init(entry, args[0].from, 585 result = ima_lsm_rule_init(entry, args,
491 LSM_OBJ_ROLE, 586 LSM_OBJ_ROLE,
492 AUDIT_OBJ_ROLE); 587 AUDIT_OBJ_ROLE);
493 break; 588 break;
494 case Opt_obj_type: 589 case Opt_obj_type:
495 ima_log_string(ab, "obj_type", args[0].from); 590 ima_log_string(ab, "obj_type", args[0].from);
496 result = ima_lsm_rule_init(entry, args[0].from, 591 result = ima_lsm_rule_init(entry, args,
497 LSM_OBJ_TYPE, 592 LSM_OBJ_TYPE,
498 AUDIT_OBJ_TYPE); 593 AUDIT_OBJ_TYPE);
499 break; 594 break;
500 case Opt_subj_user: 595 case Opt_subj_user:
501 ima_log_string(ab, "subj_user", args[0].from); 596 ima_log_string(ab, "subj_user", args[0].from);
502 result = ima_lsm_rule_init(entry, args[0].from, 597 result = ima_lsm_rule_init(entry, args,
503 LSM_SUBJ_USER, 598 LSM_SUBJ_USER,
504 AUDIT_SUBJ_USER); 599 AUDIT_SUBJ_USER);
505 break; 600 break;
506 case Opt_subj_role: 601 case Opt_subj_role:
507 ima_log_string(ab, "subj_role", args[0].from); 602 ima_log_string(ab, "subj_role", args[0].from);
508 result = ima_lsm_rule_init(entry, args[0].from, 603 result = ima_lsm_rule_init(entry, args,
509 LSM_SUBJ_ROLE, 604 LSM_SUBJ_ROLE,
510 AUDIT_SUBJ_ROLE); 605 AUDIT_SUBJ_ROLE);
511 break; 606 break;
512 case Opt_subj_type: 607 case Opt_subj_type:
513 ima_log_string(ab, "subj_type", args[0].from); 608 ima_log_string(ab, "subj_type", args[0].from);
514 result = ima_lsm_rule_init(entry, args[0].from, 609 result = ima_lsm_rule_init(entry, args,
515 LSM_SUBJ_TYPE, 610 LSM_SUBJ_TYPE,
516 AUDIT_SUBJ_TYPE); 611 AUDIT_SUBJ_TYPE);
517 break; 612 break;
613 case Opt_appraise_type:
614 if (entry->action != APPRAISE) {
615 result = -EINVAL;
616 break;
617 }
618
619 ima_log_string(ab, "appraise_type", args[0].from);
620 if ((strcmp(args[0].from, "imasig")) == 0)
621 entry->flags |= IMA_DIGSIG_REQUIRED;
622 else
623 result = -EINVAL;
624 break;
518 case Opt_err: 625 case Opt_err:
519 ima_log_string(ab, "UNKNOWN", p); 626 ima_log_string(ab, "UNKNOWN", p);
520 result = -EINVAL; 627 result = -EINVAL;
@@ -523,7 +630,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
523 } 630 }
524 if (!result && (entry->action == UNKNOWN)) 631 if (!result && (entry->action == UNKNOWN))
525 result = -EINVAL; 632 result = -EINVAL;
526 633 else if (entry->func == MODULE_CHECK)
634 ima_appraise |= IMA_APPRAISE_MODULES;
527 audit_log_format(ab, "res=%d", !result); 635 audit_log_format(ab, "res=%d", !result);
528 audit_log_end(ab); 636 audit_log_end(ab);
529 return result; 637 return result;
@@ -589,9 +697,13 @@ ssize_t ima_parse_add_rule(char *rule)
589void ima_delete_rules(void) 697void ima_delete_rules(void)
590{ 698{
591 struct ima_rule_entry *entry, *tmp; 699 struct ima_rule_entry *entry, *tmp;
700 int i;
592 701
593 mutex_lock(&ima_rules_mutex); 702 mutex_lock(&ima_rules_mutex);
594 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { 703 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) {
704 for (i = 0; i < MAX_LSM_RULES; i++)
705 kfree(entry->lsm[i].args_p);
706
595 list_del(&entry->list); 707 list_del(&entry->list);
596 kfree(entry); 708 kfree(entry);
597 } 709 }
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 55a6271bce7a..ff63fe00c195 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -45,12 +45,11 @@ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value)
45{ 45{
46 struct ima_queue_entry *qe, *ret = NULL; 46 struct ima_queue_entry *qe, *ret = NULL;
47 unsigned int key; 47 unsigned int key;
48 struct hlist_node *pos;
49 int rc; 48 int rc;
50 49
51 key = ima_hash_key(digest_value); 50 key = ima_hash_key(digest_value);
52 rcu_read_lock(); 51 rcu_read_lock();
53 hlist_for_each_entry_rcu(qe, pos, &ima_htable.queue[key], hnext) { 52 hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) {
54 rc = memcmp(qe->entry->digest, digest_value, IMA_DIGEST_SIZE); 53 rc = memcmp(qe->entry->digest, digest_value, IMA_DIGEST_SIZE);
55 if (rc == 0) { 54 if (rc == 0) {
56 ret = qe; 55 ret = qe;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index e9db763a875e..84c37c4db914 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -14,23 +14,41 @@
14#include <linux/types.h> 14#include <linux/types.h>
15#include <linux/integrity.h> 15#include <linux/integrity.h>
16#include <crypto/sha.h> 16#include <crypto/sha.h>
17#include <linux/key.h>
17 18
18/* iint action cache flags */ 19/* iint action cache flags */
19#define IMA_MEASURE 0x0001 20#define IMA_MEASURE 0x00000001
20#define IMA_MEASURED 0x0002 21#define IMA_MEASURED 0x00000002
21#define IMA_APPRAISE 0x0004 22#define IMA_APPRAISE 0x00000004
22#define IMA_APPRAISED 0x0008 23#define IMA_APPRAISED 0x00000008
23/*#define IMA_COLLECT 0x0010 do not use this flag */ 24/*#define IMA_COLLECT 0x00000010 do not use this flag */
24#define IMA_COLLECTED 0x0020 25#define IMA_COLLECTED 0x00000020
25#define IMA_AUDIT 0x0040 26#define IMA_AUDIT 0x00000040
26#define IMA_AUDITED 0x0080 27#define IMA_AUDITED 0x00000080
27 28
28/* iint cache flags */ 29/* iint cache flags */
29#define IMA_DIGSIG 0x0100 30#define IMA_ACTION_FLAGS 0xff000000
31#define IMA_DIGSIG 0x01000000
32#define IMA_DIGSIG_REQUIRED 0x02000000
30 33
31#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT) 34#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
32#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \ 35 IMA_APPRAISE_SUBMASK)
33 | IMA_COLLECTED) 36#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \
37 IMA_COLLECTED | IMA_APPRAISED_SUBMASK)
38
39/* iint subaction appraise cache flags */
40#define IMA_FILE_APPRAISE 0x00000100
41#define IMA_FILE_APPRAISED 0x00000200
42#define IMA_MMAP_APPRAISE 0x00000400
43#define IMA_MMAP_APPRAISED 0x00000800
44#define IMA_BPRM_APPRAISE 0x00001000
45#define IMA_BPRM_APPRAISED 0x00002000
46#define IMA_MODULE_APPRAISE 0x00004000
47#define IMA_MODULE_APPRAISED 0x00008000
48#define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \
49 IMA_BPRM_APPRAISE | IMA_MODULE_APPRAISE)
50#define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \
51 IMA_BPRM_APPRAISED | IMA_MODULE_APPRAISED)
34 52
35enum evm_ima_xattr_type { 53enum evm_ima_xattr_type {
36 IMA_XATTR_DIGEST = 0x01, 54 IMA_XATTR_DIGEST = 0x01,
@@ -48,10 +66,13 @@ struct integrity_iint_cache {
48 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 66 struct rb_node rb_node; /* rooted in integrity_iint_tree */
49 struct inode *inode; /* back pointer to inode in question */ 67 struct inode *inode; /* back pointer to inode in question */
50 u64 version; /* track inode changes */ 68 u64 version; /* track inode changes */
51 unsigned short flags; 69 unsigned long flags;
52 struct evm_ima_xattr_data ima_xattr; 70 struct evm_ima_xattr_data ima_xattr;
53 enum integrity_status ima_status; 71 enum integrity_status ima_file_status:4;
54 enum integrity_status evm_status; 72 enum integrity_status ima_mmap_status:4;
73 enum integrity_status ima_bprm_status:4;
74 enum integrity_status ima_module_status:4;
75 enum integrity_status evm_status:4;
55}; 76};
56 77
57/* rbtree tree calls to lookup, insert, delete 78/* rbtree tree calls to lookup, insert, delete
@@ -81,5 +102,16 @@ static inline int integrity_digsig_verify(const unsigned int id,
81 102
82#endif /* CONFIG_INTEGRITY_SIGNATURE */ 103#endif /* CONFIG_INTEGRITY_SIGNATURE */
83 104
105#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
106int asymmetric_verify(struct key *keyring, const char *sig,
107 int siglen, const char *data, int datalen);
108#else
109static inline int asymmetric_verify(struct key *keyring, const char *sig,
110 int siglen, const char *data, int datalen)
111{
112 return -EOPNOTSUPP;
113}
114#endif
115
84/* set during initialization */ 116/* set during initialization */
85extern int iint_initialized; 117extern int iint_initialized;
diff --git a/security/keys/compat.c b/security/keys/compat.c
index 1c261763f479..d65fa7fa29ba 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -40,12 +40,12 @@ static long compat_keyctl_instantiate_key_iov(
40 ARRAY_SIZE(iovstack), 40 ARRAY_SIZE(iovstack),
41 iovstack, &iov); 41 iovstack, &iov);
42 if (ret < 0) 42 if (ret < 0)
43 return ret; 43 goto err;
44 if (ret == 0) 44 if (ret == 0)
45 goto no_payload_free; 45 goto no_payload_free;
46 46
47 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 47 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
48 48err:
49 if (iov != iovstack) 49 if (iov != iovstack)
50 kfree(iov); 50 kfree(iov);
51 return ret; 51 return ret;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 20e4bf57aec8..42defae1e161 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -57,7 +57,7 @@ int install_user_keyrings(void)
57 57
58 kenter("%p{%u}", user, uid); 58 kenter("%p{%u}", user, uid);
59 59
60 if (user->uid_keyring) { 60 if (user->uid_keyring && user->session_keyring) {
61 kleave(" = 0 [exist]"); 61 kleave(" = 0 [exist]");
62 return 0; 62 return 0;
63 } 63 }
@@ -367,6 +367,8 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
367 367
368 switch (PTR_ERR(key_ref)) { 368 switch (PTR_ERR(key_ref)) {
369 case -EAGAIN: /* no key */ 369 case -EAGAIN: /* no key */
370 if (ret)
371 break;
370 case -ENOKEY: /* negative key */ 372 case -ENOKEY: /* negative key */
371 ret = key_ref; 373 ret = key_ref;
372 break; 374 break;
@@ -837,7 +839,7 @@ void key_change_session_keyring(struct callback_head *twork)
837 new-> sgid = old-> sgid; 839 new-> sgid = old-> sgid;
838 new->fsgid = old->fsgid; 840 new->fsgid = old->fsgid;
839 new->user = get_uid(old->user); 841 new->user = get_uid(old->user);
840 new->user_ns = get_user_ns(new->user_ns); 842 new->user_ns = get_user_ns(old->user_ns);
841 new->group_info = get_group_info(old->group_info); 843 new->group_info = get_group_info(old->group_info);
842 844
843 new->securebits = old->securebits; 845 new->securebits = old->securebits;
diff --git a/security/security.c b/security/security.c
index daa97f4ac9d1..7b88c6aeaed4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1254,24 +1254,42 @@ void security_secmark_refcount_dec(void)
1254} 1254}
1255EXPORT_SYMBOL(security_secmark_refcount_dec); 1255EXPORT_SYMBOL(security_secmark_refcount_dec);
1256 1256
1257int security_tun_dev_alloc_security(void **security)
1258{
1259 return security_ops->tun_dev_alloc_security(security);
1260}
1261EXPORT_SYMBOL(security_tun_dev_alloc_security);
1262
1263void security_tun_dev_free_security(void *security)
1264{
1265 security_ops->tun_dev_free_security(security);
1266}
1267EXPORT_SYMBOL(security_tun_dev_free_security);
1268
1257int security_tun_dev_create(void) 1269int security_tun_dev_create(void)
1258{ 1270{
1259 return security_ops->tun_dev_create(); 1271 return security_ops->tun_dev_create();
1260} 1272}
1261EXPORT_SYMBOL(security_tun_dev_create); 1273EXPORT_SYMBOL(security_tun_dev_create);
1262 1274
1263void security_tun_dev_post_create(struct sock *sk) 1275int security_tun_dev_attach_queue(void *security)
1264{ 1276{
1265 return security_ops->tun_dev_post_create(sk); 1277 return security_ops->tun_dev_attach_queue(security);
1266} 1278}
1267EXPORT_SYMBOL(security_tun_dev_post_create); 1279EXPORT_SYMBOL(security_tun_dev_attach_queue);
1268 1280
1269int security_tun_dev_attach(struct sock *sk) 1281int security_tun_dev_attach(struct sock *sk, void *security)
1270{ 1282{
1271 return security_ops->tun_dev_attach(sk); 1283 return security_ops->tun_dev_attach(sk, security);
1272} 1284}
1273EXPORT_SYMBOL(security_tun_dev_attach); 1285EXPORT_SYMBOL(security_tun_dev_attach);
1274 1286
1287int security_tun_dev_open(void *security)
1288{
1289 return security_ops->tun_dev_open(security);
1290}
1291EXPORT_SYMBOL(security_tun_dev_open);
1292
1275#endif /* CONFIG_SECURITY_NETWORK */ 1293#endif /* CONFIG_SECURITY_NETWORK */
1276 1294
1277#ifdef CONFIG_SECURITY_NETWORK_XFRM 1295#ifdef CONFIG_SECURITY_NETWORK_XFRM
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 4d3fab47e643..dad36a6ab45f 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -188,11 +188,9 @@ int avc_get_hash_stats(char *page)
188 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 188 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
189 head = &avc_cache.slots[i]; 189 head = &avc_cache.slots[i];
190 if (!hlist_empty(head)) { 190 if (!hlist_empty(head)) {
191 struct hlist_node *next;
192
193 slots_used++; 191 slots_used++;
194 chain_len = 0; 192 chain_len = 0;
195 hlist_for_each_entry_rcu(node, next, head, list) 193 hlist_for_each_entry_rcu(node, head, list)
196 chain_len++; 194 chain_len++;
197 if (chain_len > max_chain_len) 195 if (chain_len > max_chain_len)
198 max_chain_len = chain_len; 196 max_chain_len = chain_len;
@@ -241,7 +239,6 @@ static inline int avc_reclaim_node(void)
241 int hvalue, try, ecx; 239 int hvalue, try, ecx;
242 unsigned long flags; 240 unsigned long flags;
243 struct hlist_head *head; 241 struct hlist_head *head;
244 struct hlist_node *next;
245 spinlock_t *lock; 242 spinlock_t *lock;
246 243
247 for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { 244 for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
@@ -253,7 +250,7 @@ static inline int avc_reclaim_node(void)
253 continue; 250 continue;
254 251
255 rcu_read_lock(); 252 rcu_read_lock();
256 hlist_for_each_entry(node, next, head, list) { 253 hlist_for_each_entry(node, head, list) {
257 avc_node_delete(node); 254 avc_node_delete(node);
258 avc_cache_stats_incr(reclaims); 255 avc_cache_stats_incr(reclaims);
259 ecx++; 256 ecx++;
@@ -301,11 +298,10 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
301 struct avc_node *node, *ret = NULL; 298 struct avc_node *node, *ret = NULL;
302 int hvalue; 299 int hvalue;
303 struct hlist_head *head; 300 struct hlist_head *head;
304 struct hlist_node *next;
305 301
306 hvalue = avc_hash(ssid, tsid, tclass); 302 hvalue = avc_hash(ssid, tsid, tclass);
307 head = &avc_cache.slots[hvalue]; 303 head = &avc_cache.slots[hvalue];
308 hlist_for_each_entry_rcu(node, next, head, list) { 304 hlist_for_each_entry_rcu(node, head, list) {
309 if (ssid == node->ae.ssid && 305 if (ssid == node->ae.ssid &&
310 tclass == node->ae.tclass && 306 tclass == node->ae.tclass &&
311 tsid == node->ae.tsid) { 307 tsid == node->ae.tsid) {
@@ -394,7 +390,6 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_dec
394 node = avc_alloc_node(); 390 node = avc_alloc_node();
395 if (node) { 391 if (node) {
396 struct hlist_head *head; 392 struct hlist_head *head;
397 struct hlist_node *next;
398 spinlock_t *lock; 393 spinlock_t *lock;
399 394
400 hvalue = avc_hash(ssid, tsid, tclass); 395 hvalue = avc_hash(ssid, tsid, tclass);
@@ -404,7 +399,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_dec
404 lock = &avc_cache.slots_lock[hvalue]; 399 lock = &avc_cache.slots_lock[hvalue];
405 400
406 spin_lock_irqsave(lock, flag); 401 spin_lock_irqsave(lock, flag);
407 hlist_for_each_entry(pos, next, head, list) { 402 hlist_for_each_entry(pos, head, list) {
408 if (pos->ae.ssid == ssid && 403 if (pos->ae.ssid == ssid &&
409 pos->ae.tsid == tsid && 404 pos->ae.tsid == tsid &&
410 pos->ae.tclass == tclass) { 405 pos->ae.tclass == tclass) {
@@ -541,7 +536,6 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass,
541 unsigned long flag; 536 unsigned long flag;
542 struct avc_node *pos, *node, *orig = NULL; 537 struct avc_node *pos, *node, *orig = NULL;
543 struct hlist_head *head; 538 struct hlist_head *head;
544 struct hlist_node *next;
545 spinlock_t *lock; 539 spinlock_t *lock;
546 540
547 node = avc_alloc_node(); 541 node = avc_alloc_node();
@@ -558,7 +552,7 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass,
558 552
559 spin_lock_irqsave(lock, flag); 553 spin_lock_irqsave(lock, flag);
560 554
561 hlist_for_each_entry(pos, next, head, list) { 555 hlist_for_each_entry(pos, head, list) {
562 if (ssid == pos->ae.ssid && 556 if (ssid == pos->ae.ssid &&
563 tsid == pos->ae.tsid && 557 tsid == pos->ae.tsid &&
564 tclass == pos->ae.tclass && 558 tclass == pos->ae.tclass &&
@@ -614,7 +608,6 @@ out:
614static void avc_flush(void) 608static void avc_flush(void)
615{ 609{
616 struct hlist_head *head; 610 struct hlist_head *head;
617 struct hlist_node *next;
618 struct avc_node *node; 611 struct avc_node *node;
619 spinlock_t *lock; 612 spinlock_t *lock;
620 unsigned long flag; 613 unsigned long flag;
@@ -630,7 +623,7 @@ static void avc_flush(void)
630 * prevent RCU grace periods from ending. 623 * prevent RCU grace periods from ending.
631 */ 624 */
632 rcu_read_lock(); 625 rcu_read_lock();
633 hlist_for_each_entry(node, next, head, list) 626 hlist_for_each_entry(node, head, list)
634 avc_node_delete(node); 627 avc_node_delete(node);
635 rcu_read_unlock(); 628 rcu_read_unlock();
636 spin_unlock_irqrestore(lock, flag); 629 spin_unlock_irqrestore(lock, flag);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 61a53367d029..2fa28c88900c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1528,7 +1528,7 @@ static int file_has_perm(const struct cred *cred,
1528 u32 av) 1528 u32 av)
1529{ 1529{
1530 struct file_security_struct *fsec = file->f_security; 1530 struct file_security_struct *fsec = file->f_security;
1531 struct inode *inode = file->f_path.dentry->d_inode; 1531 struct inode *inode = file_inode(file);
1532 struct common_audit_data ad; 1532 struct common_audit_data ad;
1533 u32 sid = cred_sid(cred); 1533 u32 sid = cred_sid(cred);
1534 int rc; 1534 int rc;
@@ -1957,7 +1957,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1957 struct task_security_struct *new_tsec; 1957 struct task_security_struct *new_tsec;
1958 struct inode_security_struct *isec; 1958 struct inode_security_struct *isec;
1959 struct common_audit_data ad; 1959 struct common_audit_data ad;
1960 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1960 struct inode *inode = file_inode(bprm->file);
1961 int rc; 1961 int rc;
1962 1962
1963 rc = cap_bprm_set_creds(bprm); 1963 rc = cap_bprm_set_creds(bprm);
@@ -2929,7 +2929,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2929static int selinux_revalidate_file_permission(struct file *file, int mask) 2929static int selinux_revalidate_file_permission(struct file *file, int mask)
2930{ 2930{
2931 const struct cred *cred = current_cred(); 2931 const struct cred *cred = current_cred();
2932 struct inode *inode = file->f_path.dentry->d_inode; 2932 struct inode *inode = file_inode(file);
2933 2933
2934 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2934 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
@@ -2941,7 +2941,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2941 2941
2942static int selinux_file_permission(struct file *file, int mask) 2942static int selinux_file_permission(struct file *file, int mask)
2943{ 2943{
2944 struct inode *inode = file->f_path.dentry->d_inode; 2944 struct inode *inode = file_inode(file);
2945 struct file_security_struct *fsec = file->f_security; 2945 struct file_security_struct *fsec = file->f_security;
2946 struct inode_security_struct *isec = inode->i_security; 2946 struct inode_security_struct *isec = inode->i_security;
2947 u32 sid = current_sid(); 2947 u32 sid = current_sid();
@@ -3135,11 +3135,6 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3135 3135
3136 switch (cmd) { 3136 switch (cmd) {
3137 case F_SETFL: 3137 case F_SETFL:
3138 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3139 err = -EINVAL;
3140 break;
3141 }
3142
3143 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 3138 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3144 err = file_has_perm(cred, file, FILE__WRITE); 3139 err = file_has_perm(cred, file, FILE__WRITE);
3145 break; 3140 break;
@@ -3162,10 +3157,6 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3162 case F_SETLK64: 3157 case F_SETLK64:
3163 case F_SETLKW64: 3158 case F_SETLKW64:
3164#endif 3159#endif
3165 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3166 err = -EINVAL;
3167 break;
3168 }
3169 err = file_has_perm(cred, file, FILE__LOCK); 3160 err = file_has_perm(cred, file, FILE__LOCK);
3170 break; 3161 break;
3171 } 3162 }
@@ -3218,7 +3209,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
3218 struct inode_security_struct *isec; 3209 struct inode_security_struct *isec;
3219 3210
3220 fsec = file->f_security; 3211 fsec = file->f_security;
3221 isec = file->f_path.dentry->d_inode->i_security; 3212 isec = file_inode(file)->i_security;
3222 /* 3213 /*
3223 * Save inode label and policy sequence number 3214 * Save inode label and policy sequence number
3224 * at open-time so that selinux_file_permission 3215 * at open-time so that selinux_file_permission
@@ -4399,6 +4390,24 @@ static void selinux_req_classify_flow(const struct request_sock *req,
4399 fl->flowi_secid = req->secid; 4390 fl->flowi_secid = req->secid;
4400} 4391}
4401 4392
4393static int selinux_tun_dev_alloc_security(void **security)
4394{
4395 struct tun_security_struct *tunsec;
4396
4397 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4398 if (!tunsec)
4399 return -ENOMEM;
4400 tunsec->sid = current_sid();
4401
4402 *security = tunsec;
4403 return 0;
4404}
4405
4406static void selinux_tun_dev_free_security(void *security)
4407{
4408 kfree(security);
4409}
4410
4402static int selinux_tun_dev_create(void) 4411static int selinux_tun_dev_create(void)
4403{ 4412{
4404 u32 sid = current_sid(); 4413 u32 sid = current_sid();
@@ -4414,8 +4423,17 @@ static int selinux_tun_dev_create(void)
4414 NULL); 4423 NULL);
4415} 4424}
4416 4425
4417static void selinux_tun_dev_post_create(struct sock *sk) 4426static int selinux_tun_dev_attach_queue(void *security)
4427{
4428 struct tun_security_struct *tunsec = security;
4429
4430 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4431 TUN_SOCKET__ATTACH_QUEUE, NULL);
4432}
4433
4434static int selinux_tun_dev_attach(struct sock *sk, void *security)
4418{ 4435{
4436 struct tun_security_struct *tunsec = security;
4419 struct sk_security_struct *sksec = sk->sk_security; 4437 struct sk_security_struct *sksec = sk->sk_security;
4420 4438
4421 /* we don't currently perform any NetLabel based labeling here and it 4439 /* we don't currently perform any NetLabel based labeling here and it
@@ -4425,20 +4443,19 @@ static void selinux_tun_dev_post_create(struct sock *sk)
4425 * cause confusion to the TUN user that had no idea network labeling 4443 * cause confusion to the TUN user that had no idea network labeling
4426 * protocols were being used */ 4444 * protocols were being used */
4427 4445
4428 /* see the comments in selinux_tun_dev_create() about why we don't use 4446 sksec->sid = tunsec->sid;
4429 * the sockcreate SID here */
4430
4431 sksec->sid = current_sid();
4432 sksec->sclass = SECCLASS_TUN_SOCKET; 4447 sksec->sclass = SECCLASS_TUN_SOCKET;
4448
4449 return 0;
4433} 4450}
4434 4451
4435static int selinux_tun_dev_attach(struct sock *sk) 4452static int selinux_tun_dev_open(void *security)
4436{ 4453{
4437 struct sk_security_struct *sksec = sk->sk_security; 4454 struct tun_security_struct *tunsec = security;
4438 u32 sid = current_sid(); 4455 u32 sid = current_sid();
4439 int err; 4456 int err;
4440 4457
4441 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET, 4458 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4442 TUN_SOCKET__RELABELFROM, NULL); 4459 TUN_SOCKET__RELABELFROM, NULL);
4443 if (err) 4460 if (err)
4444 return err; 4461 return err;
@@ -4446,8 +4463,7 @@ static int selinux_tun_dev_attach(struct sock *sk)
4446 TUN_SOCKET__RELABELTO, NULL); 4463 TUN_SOCKET__RELABELTO, NULL);
4447 if (err) 4464 if (err)
4448 return err; 4465 return err;
4449 4466 tunsec->sid = sid;
4450 sksec->sid = sid;
4451 4467
4452 return 0; 4468 return 0;
4453} 4469}
@@ -5642,9 +5658,12 @@ static struct security_operations selinux_ops = {
5642 .secmark_refcount_inc = selinux_secmark_refcount_inc, 5658 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5643 .secmark_refcount_dec = selinux_secmark_refcount_dec, 5659 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5644 .req_classify_flow = selinux_req_classify_flow, 5660 .req_classify_flow = selinux_req_classify_flow,
5661 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5662 .tun_dev_free_security = selinux_tun_dev_free_security,
5645 .tun_dev_create = selinux_tun_dev_create, 5663 .tun_dev_create = selinux_tun_dev_create,
5646 .tun_dev_post_create = selinux_tun_dev_post_create, 5664 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5647 .tun_dev_attach = selinux_tun_dev_attach, 5665 .tun_dev_attach = selinux_tun_dev_attach,
5666 .tun_dev_open = selinux_tun_dev_open,
5648 5667
5649#ifdef CONFIG_SECURITY_NETWORK_XFRM 5668#ifdef CONFIG_SECURITY_NETWORK_XFRM
5650 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, 5669 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index df2de54a958d..14d04e63b1f0 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -150,6 +150,6 @@ struct security_class_mapping secclass_map[] = {
150 NULL } }, 150 NULL } },
151 { "kernel_service", { "use_as_override", "create_files_as", NULL } }, 151 { "kernel_service", { "use_as_override", "create_files_as", NULL } },
152 { "tun_socket", 152 { "tun_socket",
153 { COMMON_SOCK_PERMS, NULL } }, 153 { COMMON_SOCK_PERMS, "attach_queue", NULL } },
154 { NULL } 154 { NULL }
155 }; 155 };
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 26c7eee1c309..aa47bcabb5f6 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -110,6 +110,10 @@ struct sk_security_struct {
110 u16 sclass; /* sock security class */ 110 u16 sclass; /* sock security class */
111}; 111};
112 112
113struct tun_security_struct {
114 u32 sid; /* SID for the tun device sockets */
115};
116
113struct key_security_struct { 117struct key_security_struct {
114 u32 sid; /* SID of key */ 118 u32 sid; /* SID of key */
115}; 119};
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 3a6e8731646c..ff427733c290 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -202,7 +202,7 @@ static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
202{ 202{
203 char tmpbuf[TMPBUFLEN]; 203 char tmpbuf[TMPBUFLEN];
204 ssize_t length; 204 ssize_t length;
205 ino_t ino = filp->f_path.dentry->d_inode->i_ino; 205 ino_t ino = file_inode(filp)->i_ino;
206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
207 security_get_reject_unknown() : !security_get_allow_unknown(); 207 security_get_reject_unknown() : !security_get_allow_unknown();
208 208
@@ -671,7 +671,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = {
671 671
672static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 672static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
673{ 673{
674 ino_t ino = file->f_path.dentry->d_inode->i_ino; 674 ino_t ino = file_inode(file)->i_ino;
675 char *data; 675 char *data;
676 ssize_t rv; 676 ssize_t rv;
677 677
@@ -1042,8 +1042,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1042 ssize_t length; 1042 ssize_t length;
1043 ssize_t ret; 1043 ssize_t ret;
1044 int cur_enforcing; 1044 int cur_enforcing;
1045 struct inode *inode = filep->f_path.dentry->d_inode; 1045 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1046 unsigned index = inode->i_ino & SEL_INO_MASK;
1047 const char *name = filep->f_path.dentry->d_name.name; 1046 const char *name = filep->f_path.dentry->d_name.name;
1048 1047
1049 mutex_lock(&sel_mutex); 1048 mutex_lock(&sel_mutex);
@@ -1077,8 +1076,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1077 char *page = NULL; 1076 char *page = NULL;
1078 ssize_t length; 1077 ssize_t length;
1079 int new_value; 1078 int new_value;
1080 struct inode *inode = filep->f_path.dentry->d_inode; 1079 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1081 unsigned index = inode->i_ino & SEL_INO_MASK;
1082 const char *name = filep->f_path.dentry->d_name.name; 1080 const char *name = filep->f_path.dentry->d_name.name;
1083 1081
1084 mutex_lock(&sel_mutex); 1082 mutex_lock(&sel_mutex);
@@ -1486,13 +1484,11 @@ static int sel_make_avc_files(struct dentry *dir)
1486static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1484static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1487 size_t count, loff_t *ppos) 1485 size_t count, loff_t *ppos)
1488{ 1486{
1489 struct inode *inode;
1490 char *con; 1487 char *con;
1491 u32 sid, len; 1488 u32 sid, len;
1492 ssize_t ret; 1489 ssize_t ret;
1493 1490
1494 inode = file->f_path.dentry->d_inode; 1491 sid = file_inode(file)->i_ino&SEL_INO_MASK;
1495 sid = inode->i_ino&SEL_INO_MASK;
1496 ret = security_sid_to_context(sid, &con, &len); 1492 ret = security_sid_to_context(sid, &con, &len);
1497 if (ret) 1493 if (ret)
1498 return ret; 1494 return ret;
@@ -1553,7 +1549,7 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
1553static ssize_t sel_read_class(struct file *file, char __user *buf, 1549static ssize_t sel_read_class(struct file *file, char __user *buf,
1554 size_t count, loff_t *ppos) 1550 size_t count, loff_t *ppos)
1555{ 1551{
1556 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1552 unsigned long ino = file_inode(file)->i_ino;
1557 char res[TMPBUFLEN]; 1553 char res[TMPBUFLEN];
1558 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1554 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1559 return simple_read_from_buffer(buf, count, ppos, res, len); 1555 return simple_read_from_buffer(buf, count, ppos, res, len);
@@ -1567,7 +1563,7 @@ static const struct file_operations sel_class_ops = {
1567static ssize_t sel_read_perm(struct file *file, char __user *buf, 1563static ssize_t sel_read_perm(struct file *file, char __user *buf,
1568 size_t count, loff_t *ppos) 1564 size_t count, loff_t *ppos)
1569{ 1565{
1570 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1566 unsigned long ino = file_inode(file)->i_ino;
1571 char res[TMPBUFLEN]; 1567 char res[TMPBUFLEN];
1572 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1568 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1573 return simple_read_from_buffer(buf, count, ppos, res, len); 1569 return simple_read_from_buffer(buf, count, ppos, res, len);
@@ -1584,7 +1580,7 @@ static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1584 int value; 1580 int value;
1585 char tmpbuf[TMPBUFLEN]; 1581 char tmpbuf[TMPBUFLEN];
1586 ssize_t length; 1582 ssize_t length;
1587 unsigned long i_ino = file->f_path.dentry->d_inode->i_ino; 1583 unsigned long i_ino = file_inode(file)->i_ino;
1588 1584
1589 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1585 value = security_policycap_supported(i_ino & SEL_INO_MASK);
1590 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1586 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 38be92ce901e..fa64740abb59 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -456,7 +456,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
456 */ 456 */
457static int smack_bprm_set_creds(struct linux_binprm *bprm) 457static int smack_bprm_set_creds(struct linux_binprm *bprm)
458{ 458{
459 struct inode *inode = bprm->file->f_path.dentry->d_inode; 459 struct inode *inode = file_inode(bprm->file);
460 struct task_smack *bsp = bprm->cred->security; 460 struct task_smack *bsp = bprm->cred->security;
461 struct inode_smack *isp; 461 struct inode_smack *isp;
462 int rc; 462 int rc;
@@ -1187,21 +1187,15 @@ static int smack_mmap_file(struct file *file,
1187 char *msmack; 1187 char *msmack;
1188 char *osmack; 1188 char *osmack;
1189 struct inode_smack *isp; 1189 struct inode_smack *isp;
1190 struct dentry *dp;
1191 int may; 1190 int may;
1192 int mmay; 1191 int mmay;
1193 int tmay; 1192 int tmay;
1194 int rc; 1193 int rc;
1195 1194
1196 if (file == NULL || file->f_dentry == NULL) 1195 if (file == NULL)
1197 return 0;
1198
1199 dp = file->f_dentry;
1200
1201 if (dp->d_inode == NULL)
1202 return 0; 1196 return 0;
1203 1197
1204 isp = dp->d_inode->i_security; 1198 isp = file_inode(file)->i_security;
1205 if (isp->smk_mmap == NULL) 1199 if (isp->smk_mmap == NULL)
1206 return 0; 1200 return 0;
1207 msmack = isp->smk_mmap; 1201 msmack = isp->smk_mmap;
@@ -1359,7 +1353,7 @@ static int smack_file_receive(struct file *file)
1359 */ 1353 */
1360static int smack_file_open(struct file *file, const struct cred *cred) 1354static int smack_file_open(struct file *file, const struct cred *cred)
1361{ 1355{
1362 struct inode_smack *isp = file->f_path.dentry->d_inode->i_security; 1356 struct inode_smack *isp = file_inode(file)->i_security;
1363 1357
1364 file->f_security = isp->smk_inode; 1358 file->f_security = isp->smk_inode;
1365 1359
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 8592f2fc6ebb..fcf32783b66b 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -135,7 +135,7 @@ static const struct file_operations tomoyo_self_operations = {
135 */ 135 */
136static int tomoyo_open(struct inode *inode, struct file *file) 136static int tomoyo_open(struct inode *inode, struct file *file)
137{ 137{
138 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 138 const int key = ((u8 *) file_inode(file)->i_private)
139 - ((u8 *) NULL); 139 - ((u8 *) NULL);
140 return tomoyo_open_control(key, file); 140 return tomoyo_open_control(key, file);
141} 141}
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-10 01:40:52 -0400