1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy loading interface function definitions. 5 * 6 * Copyright 2013 Canonical Ltd. 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation, version 2 of the 11 * License. 12 * 13 * Fns to provide a checksum of policy that has been loaded this can be 14 * compared to userspace policy compiles to check loaded policy is what 15 * it should be. 16 */ 17 18 #include <crypto/hash.h> 19 20 #include "include/apparmor.h" 21 #include "include/crypto.h" 22 23 static unsigned int apparmor_hash_size; 24 25 static struct crypto_shash *apparmor_tfm; 26 27 unsigned int aa_hash_size(void) 28 { 29 return apparmor_hash_size; 30 } 31 32 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, 33 size_t len) 34 { 35 struct { 36 struct shash_desc shash; 37 char ctx[crypto_shash_descsize(apparmor_tfm)]; 38 } desc; 39 int error = -ENOMEM; 40 u32 le32_version = cpu_to_le32(version); 41 42 if (!apparmor_tfm) 43 return 0; 44 45 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); 46 if (!profile->hash) 47 goto fail; 48 49 desc.shash.tfm = apparmor_tfm; 50 desc.shash.flags = 0; 51 52 error = crypto_shash_init(&desc.shash); 53 if (error) 54 goto fail; 55 error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4); 56 if (error) 57 goto fail; 58 error = crypto_shash_update(&desc.shash, (u8 *) start, len); 59 if (error) 60 goto fail; 61 error = crypto_shash_final(&desc.shash, profile->hash); 62 if (error) 63 goto fail; 64 65 return 0; 66 67 fail: 68 kfree(profile->hash); 69 profile->hash = NULL; 70 71 return error; 72 } 73 74 static int __init init_profile_hash(void) 75 { 76 struct crypto_shash *tfm; 77 78 if (!apparmor_initialized) 79 return 0; 80 81 tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC); 82 if (IS_ERR(tfm)) { 83 int error = PTR_ERR(tfm); 84 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error); 85 return error; 86 } 87 apparmor_tfm = tfm; 88 apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm); 89 90 aa_info_message("AppArmor sha1 policy hashing enabled"); 91 92 return 0; 93 } 94 95 late_initcall(init_profile_hash); 96