Lines Matching +full:critical +full:- +full:action
1 // SPDX-License-Identifier: GPL-2.0-only
54 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { in hash_setup()
94 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check()
95 rc = -ETXTBSY; in mmap_violation_check()
98 if (!*pathbuf) /* ima_rdwr_violation possibly pre-fetched */ in mmap_violation_check()
99 *pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check()
111 * - Opening a file for write when already open for read,
113 * - Opening a file for read when already open for write,
125 fmode_t mode = file->f_mode; in ima_rdwr_violation_check()
129 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { in ima_rdwr_violation_check()
134 &iint->atomic_flags)) in ima_rdwr_violation_check()
139 set_bit(IMA_MUST_MEASURE, &iint->atomic_flags); in ima_rdwr_violation_check()
147 *pathname = ima_d_path(&file->f_path, pathbuf, filename); in ima_rdwr_violation_check()
160 fmode_t mode = file->f_mode; in ima_check_last_writer()
166 mutex_lock(&iint->mutex); in ima_check_last_writer()
167 if (atomic_read(&inode->i_writecount) == 1) { in ima_check_last_writer()
171 &iint->atomic_flags); in ima_check_last_writer()
172 if ((iint->flags & IMA_NEW_FILE) || in ima_check_last_writer()
173 vfs_getattr_nosec(&file->f_path, &stat, in ima_check_last_writer()
177 stat.change_cookie != iint->real_inode.version) { in ima_check_last_writer()
178 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); in ima_check_last_writer()
179 iint->measured_pcrs = 0; in ima_check_last_writer()
184 mutex_unlock(&iint->mutex); in ima_check_last_writer()
188 * ima_file_free - called on __fput()
198 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_file_free()
219 int rc = 0, action, must_appraise = 0; in process_measurement() local
228 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in process_measurement()
231 /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action in process_measurement()
235 action = ima_get_action(file_mnt_idmap(file), inode, cred, secid, in process_measurement()
241 if (!action && !violation_check) in process_measurement()
244 must_appraise = action & IMA_APPRAISE; in process_measurement()
247 if (action & IMA_FILE_APPRAISE) in process_measurement()
252 if (action) { in process_measurement()
255 rc = -ENOMEM; in process_measurement()
259 ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, in process_measurement()
266 if (!action) in process_measurement()
269 mutex_lock(&iint->mutex); in process_measurement()
271 if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags)) in process_measurement()
273 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | in process_measurement()
278 * Re-evaulate the file if either the xattr has changed or the in process_measurement()
282 if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) || in process_measurement()
283 ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) && in process_measurement()
284 !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) && in process_measurement()
285 !(action & IMA_FAIL_UNVERIFIABLE_SIGS))) { in process_measurement()
286 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
287 iint->measured_pcrs = 0; in process_measurement()
291 * On stacked filesystems, detect and re-evaluate file data and in process_measurement()
296 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { in process_measurement()
298 integrity_inode_attrs_changed(&iint->real_inode, in process_measurement()
300 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
301 iint->measured_pcrs = 0; in process_measurement()
310 iint->flags &= ~(IMA_APPRAISED | in process_measurement()
318 iint->flags |= action; in process_measurement()
319 action &= IMA_DO_MASK; in process_measurement()
320 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); in process_measurement()
322 /* If target pcr is already measured, unset IMA_MEASURE action */ in process_measurement()
323 if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr))) in process_measurement()
324 action ^= IMA_MEASURE; in process_measurement()
327 if ((action & IMA_HASH) && in process_measurement()
328 !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) { in process_measurement()
332 (xattr_value->type == EVM_IMA_XATTR_DIGSIG)) in process_measurement()
333 set_bit(IMA_DIGSIG, &iint->atomic_flags); in process_measurement()
334 iint->flags |= IMA_HASHED; in process_measurement()
335 action ^= IMA_HASH; in process_measurement()
336 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in process_measurement()
340 if (!action) { in process_measurement()
350 if ((action & IMA_APPRAISE_SUBMASK) || in process_measurement()
351 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) { in process_measurement()
361 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement()
365 iint->flags & IMA_MEASURED) in process_measurement()
366 action |= IMA_MEASURE; in process_measurement()
373 if (rc != 0 && rc != -EBADF && rc != -EINVAL) in process_measurement()
376 if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */ in process_measurement()
377 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in process_measurement()
379 if (action & IMA_MEASURE) in process_measurement()
383 if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) { in process_measurement()
385 if (rc != -EPERM) { in process_measurement()
396 if (action & IMA_AUDIT) in process_measurement()
399 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) in process_measurement()
405 rc = -EACCES; in process_measurement()
409 "denied-hash-algorithm", rc, 0); in process_measurement()
412 if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) && in process_measurement()
413 !(iint->flags & IMA_NEW_FILE)) in process_measurement()
414 rc = -EACCES; in process_measurement()
415 mutex_unlock(&iint->mutex); in process_measurement()
423 return -EACCES; in process_measurement()
424 if (file->f_mode & FMODE_WRITE) in process_measurement()
425 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in process_measurement()
431 * ima_file_mmap - based on policy, collect/store measurement.
441 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
469 * ima_file_mprotect - based on policy, limit mprotect change
480 * On mprotect change success, return 0. On failure, return -EACESS.
492 int action; in ima_file_mprotect() local
497 if (!(ima_policy_flag & IMA_APPRAISE) || !vma->vm_file || in ima_file_mprotect()
498 !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) in ima_file_mprotect()
502 inode = file_inode(vma->vm_file); in ima_file_mprotect()
503 action = ima_get_action(file_mnt_idmap(vma->vm_file), inode, in ima_file_mprotect()
506 action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode, in ima_file_mprotect()
512 if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) in ima_file_mprotect()
515 if (action & IMA_APPRAISE_SUBMASK) in ima_file_mprotect()
516 result = -EPERM; in ima_file_mprotect()
518 file = vma->vm_file; in ima_file_mprotect()
519 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in ima_file_mprotect()
521 "collect_data", "failed-mprotect", result, 0); in ima_file_mprotect()
529 * ima_bprm_check - based on policy, collect/store measurement.
539 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
547 ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, in ima_bprm_check()
552 security_cred_getsecid(bprm->cred, &secid); in ima_bprm_check()
553 return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, in ima_bprm_check()
558 * ima_file_check - based on policy, collect/store measurement.
565 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
586 mutex_lock(&iint->mutex); in __ima_inode_hash()
589 if ((!iint || !(iint->flags & IMA_COLLECTED)) && file) { in __ima_inode_hash()
591 mutex_unlock(&iint->mutex); in __ima_inode_hash()
600 if (rc != -ENOMEM) in __ima_inode_hash()
603 return -EOPNOTSUPP; in __ima_inode_hash()
607 mutex_lock(&iint->mutex); in __ima_inode_hash()
611 return -EOPNOTSUPP; in __ima_inode_hash()
617 if (!iint->ima_hash || !(iint->flags & IMA_COLLECTED)) { in __ima_inode_hash()
618 mutex_unlock(&iint->mutex); in __ima_inode_hash()
619 return -EOPNOTSUPP; in __ima_inode_hash()
625 copied_size = min_t(size_t, iint->ima_hash->length, buf_size); in __ima_inode_hash()
626 memcpy(buf, iint->ima_hash->digest, copied_size); in __ima_inode_hash()
628 hash_algo = iint->ima_hash->algo; in __ima_inode_hash()
629 mutex_unlock(&iint->mutex); in __ima_inode_hash()
632 kfree(iint->ima_hash); in __ima_inode_hash()
638 * ima_file_hash - return a measurement of the file
651 * If the measurement cannot be performed, return -EOPNOTSUPP.
652 * If the parameters are incorrect, return -EINVAL.
657 return -EINVAL; in ima_file_hash()
664 * ima_inode_hash - return the stored measurement if the inode has been hashed
678 * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
679 * If the parameters are incorrect, return -EINVAL.
684 return -EINVAL; in ima_inode_hash()
691 * ima_post_create_tmpfile - mark newly created tmpfile as new
706 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_post_create_tmpfile()
720 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); in ima_post_create_tmpfile()
721 iint->ima_file_status = INTEGRITY_PASS; in ima_post_create_tmpfile()
725 * ima_post_path_mknod - mark as a new inode
735 struct inode *inode = dentry->d_inode; in ima_post_path_mknod()
738 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) in ima_post_path_mknod()
751 /* needed for re-opening empty files */ in ima_post_path_mknod()
752 iint->flags |= IMA_NEW_FILE; in ima_post_path_mknod()
756 * ima_read_file - pre-measure/appraise hook decision based on policy
765 * For permission return 0, otherwise return -EACCES.
774 * Do devices using pre-allocated memory run the risk of the in ima_read_file()
805 * ima_post_read_file - in memory collect/appraise/audit measurement
815 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
829 return -EACCES; in ima_post_read_file()
840 * ima_load_data - appraise decision based on policy
849 * For permission return 0, otherwise return -EACCES.
863 return -EACCES; in ima_load_data()
868 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
874 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
883 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_load_data()
893 * ima_post_load_data - appraise decision based on policy
897 * @description: @load_id-specific description of contents
903 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
913 return -EACCES; /* INTEGRITY_UNKNOWN */ in ima_post_load_data()
929 * process_buffer_measurement - Measure the buffer or the buffer data hash
969 int action = 0; in process_buffer_measurement() local
973 return -EINVAL; in process_buffer_measurement()
976 return -ENOENT; in process_buffer_measurement()
980 ret = -EINVAL; in process_buffer_measurement()
994 action = ima_get_action(idmap, inode, current_cred(), in process_buffer_measurement()
997 if (!(action & IMA_MEASURE) && !digest) in process_buffer_measurement()
998 return -ENOENT; in process_buffer_measurement()
1005 iint.ima_hash->algo = ima_hash_algo; in process_buffer_measurement()
1006 iint.ima_hash->length = hash_digest_size[ima_hash_algo]; in process_buffer_measurement()
1015 memcpy(digest_hash, hash_hdr->digest, digest_hash_len); in process_buffer_measurement()
1029 memcpy(digest, iint.ima_hash->digest, digest_hash_len); in process_buffer_measurement()
1031 if (!ima_policy_flag || (func && !(action & IMA_MEASURE))) in process_buffer_measurement()
1056 * ima_kexec_cmdline - measure kexec cmdline boot args
1075 buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0, in ima_kexec_cmdline()
1081 * ima_measure_critical_data - measure kernel integrity critical data
1082 * @event_label: unique event label for grouping and limiting critical data
1090 * Measure data critical to the integrity of the kernel into the IMA log
1091 * and extend the pcr. Examples of critical data could be various data
1105 return -ENOPARAM; in ima_measure_critical_data()
1117 * ima_kernel_module_request - Prevent crypto-pkcs1pad(rsa,*) requests
1121 * binary requires executing modprobe itself. Since the modprobe iint->mutex
1123 * occurs as soon as modprobe is executed within the critical region, since
1131 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
1135 * Return: Zero if it is safe to load the kernel module, -EINVAL otherwise.
1139 if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0) in ima_kernel_module_request()
1140 return -EINVAL; in ima_kernel_module_request()