1 // SPDX-License-Identifier: GPL-2.0-only
10  * Kylene Hall <kylene@us.ibm.com>
53 	if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {  in hash_setup()
92 	if ((func == MMAP_CHECK) && mapping_writably_mapped(file->f_mapping)) {  in mmap_violation_check()
93 		rc = -ETXTBSY;  in mmap_violation_check()
96 		if (!*pathbuf)	/* ima_rdwr_violation possibly pre-fetched */  in mmap_violation_check()
97 			*pathname = ima_d_path(&file->f_path, pathbuf,  in mmap_violation_check()
109  *	- Opening a file for write when already open for read,
111  *	- Opening a file for read when already open for write,
123 	fmode_t mode = file->f_mode;  in ima_rdwr_violation_check()
127 		if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {  in ima_rdwr_violation_check()
132 						&iint->atomic_flags))  in ima_rdwr_violation_check()
137 			set_bit(IMA_MUST_MEASURE, &iint->atomic_flags);  in ima_rdwr_violation_check()
145 	*pathname = ima_d_path(&file->f_path, pathbuf, filename);  in ima_rdwr_violation_check()
158 	fmode_t mode = file->f_mode;  in ima_check_last_writer()
164 	mutex_lock(&iint->mutex);  in ima_check_last_writer()
165 	if (atomic_read(&inode->i_writecount) == 1) {  in ima_check_last_writer()
167 					    &iint->atomic_flags);  in ima_check_last_writer()
169 		    !inode_eq_iversion(inode, iint->version) ||  in ima_check_last_writer()
170 		    (iint->flags & IMA_NEW_FILE)) {  in ima_check_last_writer()
171 			iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);  in ima_check_last_writer()
172 			iint->measured_pcrs = 0;  in ima_check_last_writer()
177 	mutex_unlock(&iint->mutex);  in ima_check_last_writer()
181  * ima_file_free - called on __fput()
191 	if (!ima_policy_flag || !S_ISREG(inode->i_mode))  in ima_file_free()
220 	if (!ima_policy_flag || !S_ISREG(inode->i_mode))  in process_measurement()
246 			rc = -ENOMEM;  in process_measurement()
260 	mutex_lock(&iint->mutex);  in process_measurement()
262 	if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))  in process_measurement()
264 		iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |  in process_measurement()
269 	 * Re-evaulate the file if either the xattr has changed or the  in process_measurement()
273 	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) ||  in process_measurement()
274 	    ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&  in process_measurement()
275 	     !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) &&  in process_measurement()
277 		iint->flags &= ~IMA_DONE_MASK;  in process_measurement()
278 		iint->measured_pcrs = 0;  in process_measurement()
285 	iint->flags |= action;  in process_measurement()
287 	action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1);  in process_measurement()
290 	if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr)))  in process_measurement()
295 	    !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) {  in process_measurement()
298 		    (xattr_value->type == EVM_IMA_XATTR_DIGSIG))  in process_measurement()
299 			set_bit(IMA_DIGSIG, &iint->atomic_flags);  in process_measurement()
300 		iint->flags |= IMA_HASHED;  in process_measurement()
302 		set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in process_measurement()
317 	    strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) {  in process_measurement()
326 		if (iint->flags & IMA_MODSIG_ALLOWED) {  in process_measurement()
330 			    iint->flags & IMA_MEASURED)  in process_measurement()
338 	if (rc != 0 && rc != -EBADF && rc != -EINVAL)  in process_measurement()
341 	if (!pathbuf)	/* ima_rdwr_violation possibly pre-fetched */  in process_measurement()
342 		pathname = ima_d_path(&file->f_path, &pathbuf, filename);  in process_measurement()
350 		if (rc != -EPERM) {  in process_measurement()
364 	if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))  in process_measurement()
370 		rc = -EACCES;  in process_measurement()
374 				    "denied-hash-algorithm", rc, 0);  in process_measurement()
377 	if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) &&  in process_measurement()
378 	     !(iint->flags & IMA_NEW_FILE))  in process_measurement()
379 		rc = -EACCES;  in process_measurement()
380 	mutex_unlock(&iint->mutex);  in process_measurement()
388 			return -EACCES;  in process_measurement()
389 		if (file->f_mode & FMODE_WRITE)  in process_measurement()
390 			set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in process_measurement()
396  * ima_file_mmap - based on policy, collect/store measurement.
404  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
420  * ima_file_mprotect - based on policy, limit mprotect change
429  * On mprotect change success, return 0.  On failure, return -EACESS.
434 	struct file *file = vma->vm_file;  in ima_file_mprotect()
445 	if (!(ima_policy_flag & IMA_APPRAISE) || !vma->vm_file ||  in ima_file_mprotect()
446 	    !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))  in ima_file_mprotect()
450 	inode = file_inode(vma->vm_file);  in ima_file_mprotect()
451 	action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,  in ima_file_mprotect()
460 		result = -EPERM;  in ima_file_mprotect()
462 	file = vma->vm_file;  in ima_file_mprotect()
463 	pathname = ima_d_path(&file->f_path, &pathbuf, filename);  in ima_file_mprotect()
465 			    "collect_data", "failed-mprotect", result, 0);  in ima_file_mprotect()
473  * ima_bprm_check - based on policy, collect/store measurement.
483  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
491 	ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,  in ima_bprm_check()
496 	security_cred_getsecid(bprm->cred, &secid);  in ima_bprm_check()
497 	return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,  in ima_bprm_check()
502  * ima_file_check - based on policy, collect/store measurement.
509  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
528 		return -EOPNOTSUPP;  in __ima_inode_hash()
532 		return -EOPNOTSUPP;  in __ima_inode_hash()
534 	mutex_lock(&iint->mutex);  in __ima_inode_hash()
540 	if (!iint->ima_hash) {  in __ima_inode_hash()
541 		mutex_unlock(&iint->mutex);  in __ima_inode_hash()
542 		return -EOPNOTSUPP;  in __ima_inode_hash()
548 		copied_size = min_t(size_t, iint->ima_hash->length, buf_size);  in __ima_inode_hash()
549 		memcpy(buf, iint->ima_hash->digest, copied_size);  in __ima_inode_hash()
551 	hash_algo = iint->ima_hash->algo;  in __ima_inode_hash()
552 	mutex_unlock(&iint->mutex);  in __ima_inode_hash()
558  * ima_file_hash - return the stored measurement if a file has been hashed and
572  * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
573  * If the parameters are incorrect, return -EINVAL.
578 		return -EINVAL;  in ima_file_hash()
585  * ima_inode_hash - return the stored measurement if the inode has been hashed
599  * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
600  * If the parameters are incorrect, return -EINVAL.
605 		return -EINVAL;  in ima_inode_hash()
612  * ima_post_create_tmpfile - mark newly created tmpfile as new
626 	if (!ima_policy_flag || !S_ISREG(inode->i_mode))  in ima_post_create_tmpfile()
640 	set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in ima_post_create_tmpfile()
641 	iint->ima_file_status = INTEGRITY_PASS;  in ima_post_create_tmpfile()
645  * ima_post_path_mknod - mark as a new inode
656 	struct inode *inode = dentry->d_inode;  in ima_post_path_mknod()
659 	if (!ima_policy_flag || !S_ISREG(inode->i_mode))  in ima_post_path_mknod()
672 	/* needed for re-opening empty files */  in ima_post_path_mknod()
673 	iint->flags |= IMA_NEW_FILE;  in ima_post_path_mknod()
677  * ima_read_file - pre-measure/appraise hook decision based on policy
686  * For permission return 0, otherwise return -EACCES.
695 	 * Do devices using pre-allocated memory run the risk of the  in ima_read_file()
726  * ima_post_read_file - in memory collect/appraise/audit measurement
736  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
750 			return -EACCES;  in ima_post_read_file()
761  * ima_load_data - appraise decision based on policy
770  * For permission return 0, otherwise return -EACCES.
779 	switch (id) {  in ima_load_data()
784 			return -EACCES;  in ima_load_data()
789 			return -EACCES;	/* INTEGRITY_UNKNOWN */  in ima_load_data()
795 			return -EACCES;	/* INTEGRITY_UNKNOWN */  in ima_load_data()
804 			return -EACCES;	/* INTEGRITY_UNKNOWN */  in ima_load_data()
814  * ima_post_load_data - appraise decision based on policy
818  * @description: @id-specific description of contents
824  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
834 			return -EACCES; /* INTEGRITY_UNKNOWN */  in ima_post_load_data()
843  * process_buffer_measurement - Measure the buffer or the buffer data hash
888 		return -EINVAL;  in process_buffer_measurement()
891 		return -ENOENT;  in process_buffer_measurement()
895 		ret = -EINVAL;  in process_buffer_measurement()
913 			return -ENOENT;  in process_buffer_measurement()
920 	iint.ima_hash->algo = ima_hash_algo;  in process_buffer_measurement()
921 	iint.ima_hash->length = hash_digest_size[ima_hash_algo];  in process_buffer_measurement()
944 		memcpy(digest, iint.ima_hash->digest, digest_hash_len);  in process_buffer_measurement()
971  * ima_kexec_cmdline - measure kexec cmdline boot args
990 				   buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0,  in ima_kexec_cmdline()
996  * ima_measure_critical_data - measure kernel integrity critical data
1020 		return -ENOPARAM;  in ima_measure_critical_data()