1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2 of the License. 10 * 11 * File: evm_secfs.c 12 * - Used to signal when key is on keyring 13 * - Get the key and enable EVM 14 */ 15 16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 17 18 #include <linux/audit.h> 19 #include <linux/uaccess.h> 20 #include <linux/module.h> 21 #include <linux/mutex.h> 22 #include "evm.h" 23 24 static struct dentry *evm_dir; 25 static struct dentry *evm_init_tpm; 26 static struct dentry *evm_symlink; 27 28 #ifdef CONFIG_EVM_ADD_XATTRS 29 static struct dentry *evm_xattrs; 30 static DEFINE_MUTEX(xattr_list_mutex); 31 static int evm_xattrs_locked; 32 #endif 33 34 /** 35 * evm_read_key - read() for <securityfs>/evm 36 * 37 * @filp: file pointer, not actually used 38 * @buf: where to put the result 39 * @count: maximum to send along 40 * @ppos: where to start 41 * 42 * Returns number of bytes read or error code, as appropriate 43 */ 44 static ssize_t evm_read_key(struct file *filp, char __user *buf, 45 size_t count, loff_t *ppos) 46 { 47 char temp[80]; 48 ssize_t rc; 49 50 if (*ppos != 0) 51 return 0; 52 53 sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE)); 54 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 55 56 return rc; 57 } 58 59 /** 60 * evm_write_key - write() for <securityfs>/evm 61 * @file: file pointer, not actually used 62 * @buf: where to get the data from 63 * @count: bytes sent 64 * @ppos: where to start 65 * 66 * Used to signal that key is on the kernel key ring. 67 * - get the integrity hmac key from the kernel key ring 68 * - create list of hmac protected extended attributes 69 * Returns number of bytes written or error code, as appropriate 70 */ 71 static ssize_t evm_write_key(struct file *file, const char __user *buf, 72 size_t count, loff_t *ppos) 73 { 74 int i, ret; 75 76 if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE)) 77 return -EPERM; 78 79 ret = kstrtoint_from_user(buf, count, 0, &i); 80 81 if (ret) 82 return ret; 83 84 /* Reject invalid values */ 85 if (!i || (i & ~EVM_INIT_MASK) != 0) 86 return -EINVAL; 87 88 /* Don't allow a request to freshly enable metadata writes if 89 * keys are loaded. 90 */ 91 if ((i & EVM_ALLOW_METADATA_WRITES) && 92 ((evm_initialized & EVM_KEY_MASK) != 0) && 93 !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) 94 return -EPERM; 95 96 if (i & EVM_INIT_HMAC) { 97 ret = evm_init_key(); 98 if (ret != 0) 99 return ret; 100 /* Forbid further writes after the symmetric key is loaded */ 101 i |= EVM_SETUP_COMPLETE; 102 } 103 104 evm_initialized |= i; 105 106 /* Don't allow protected metadata modification if a symmetric key 107 * is loaded 108 */ 109 if (evm_initialized & EVM_INIT_HMAC) 110 evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES); 111 112 return count; 113 } 114 115 static const struct file_operations evm_key_ops = { 116 .read = evm_read_key, 117 .write = evm_write_key, 118 }; 119 120 #ifdef CONFIG_EVM_ADD_XATTRS 121 /** 122 * evm_read_xattrs - read() for <securityfs>/evm_xattrs 123 * 124 * @filp: file pointer, not actually used 125 * @buf: where to put the result 126 * @count: maximum to send along 127 * @ppos: where to start 128 * 129 * Returns number of bytes read or error code, as appropriate 130 */ 131 static ssize_t evm_read_xattrs(struct file *filp, char __user *buf, 132 size_t count, loff_t *ppos) 133 { 134 char *temp; 135 int offset = 0; 136 ssize_t rc, size = 0; 137 struct xattr_list *xattr; 138 139 if (*ppos != 0) 140 return 0; 141 142 rc = mutex_lock_interruptible(&xattr_list_mutex); 143 if (rc) 144 return -ERESTARTSYS; 145 146 list_for_each_entry(xattr, &evm_config_xattrnames, list) 147 size += strlen(xattr->name) + 1; 148 149 temp = kmalloc(size + 1, GFP_KERNEL); 150 if (!temp) { 151 mutex_unlock(&xattr_list_mutex); 152 return -ENOMEM; 153 } 154 155 list_for_each_entry(xattr, &evm_config_xattrnames, list) { 156 sprintf(temp + offset, "%s\n", xattr->name); 157 offset += strlen(xattr->name) + 1; 158 } 159 160 mutex_unlock(&xattr_list_mutex); 161 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 162 163 kfree(temp); 164 165 return rc; 166 } 167 168 /** 169 * evm_write_xattrs - write() for <securityfs>/evm_xattrs 170 * @file: file pointer, not actually used 171 * @buf: where to get the data from 172 * @count: bytes sent 173 * @ppos: where to start 174 * 175 * Returns number of bytes written or error code, as appropriate 176 */ 177 static ssize_t evm_write_xattrs(struct file *file, const char __user *buf, 178 size_t count, loff_t *ppos) 179 { 180 int len, err; 181 struct xattr_list *xattr, *tmp; 182 struct audit_buffer *ab; 183 struct iattr newattrs; 184 struct inode *inode; 185 186 if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked) 187 return -EPERM; 188 189 if (*ppos != 0) 190 return -EINVAL; 191 192 if (count > XATTR_NAME_MAX) 193 return -E2BIG; 194 195 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_EVM_XATTR); 196 if (!ab) 197 return -ENOMEM; 198 199 xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL); 200 if (!xattr) { 201 err = -ENOMEM; 202 goto out; 203 } 204 205 xattr->name = memdup_user_nul(buf, count); 206 if (IS_ERR(xattr->name)) { 207 err = PTR_ERR(xattr->name); 208 xattr->name = NULL; 209 goto out; 210 } 211 212 /* Remove any trailing newline */ 213 len = strlen(xattr->name); 214 if (len && xattr->name[len-1] == '\n') 215 xattr->name[len-1] = '\0'; 216 217 if (strcmp(xattr->name, ".") == 0) { 218 evm_xattrs_locked = 1; 219 newattrs.ia_mode = S_IFREG | 0440; 220 newattrs.ia_valid = ATTR_MODE; 221 inode = evm_xattrs->d_inode; 222 inode_lock(inode); 223 err = simple_setattr(evm_xattrs, &newattrs); 224 inode_unlock(inode); 225 audit_log_format(ab, "locked"); 226 if (!err) 227 err = count; 228 goto out; 229 } 230 231 audit_log_format(ab, "xattr="); 232 audit_log_untrustedstring(ab, xattr->name); 233 234 if (strncmp(xattr->name, XATTR_SECURITY_PREFIX, 235 XATTR_SECURITY_PREFIX_LEN) != 0) { 236 err = -EINVAL; 237 goto out; 238 } 239 240 /* Guard against races in evm_read_xattrs */ 241 mutex_lock(&xattr_list_mutex); 242 list_for_each_entry(tmp, &evm_config_xattrnames, list) { 243 if (strcmp(xattr->name, tmp->name) == 0) { 244 err = -EEXIST; 245 mutex_unlock(&xattr_list_mutex); 246 goto out; 247 } 248 } 249 list_add_tail_rcu(&xattr->list, &evm_config_xattrnames); 250 mutex_unlock(&xattr_list_mutex); 251 252 audit_log_format(ab, " res=0"); 253 audit_log_end(ab); 254 return count; 255 out: 256 audit_log_format(ab, " res=%d", err); 257 audit_log_end(ab); 258 if (xattr) { 259 kfree(xattr->name); 260 kfree(xattr); 261 } 262 return err; 263 } 264 265 static const struct file_operations evm_xattr_ops = { 266 .read = evm_read_xattrs, 267 .write = evm_write_xattrs, 268 }; 269 270 static int evm_init_xattrs(void) 271 { 272 evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL, 273 &evm_xattr_ops); 274 if (!evm_xattrs || IS_ERR(evm_xattrs)) 275 return -EFAULT; 276 277 return 0; 278 } 279 #else 280 static int evm_init_xattrs(void) 281 { 282 return 0; 283 } 284 #endif 285 286 int __init evm_init_secfs(void) 287 { 288 int error = 0; 289 290 evm_dir = securityfs_create_dir("evm", integrity_dir); 291 if (!evm_dir || IS_ERR(evm_dir)) 292 return -EFAULT; 293 294 evm_init_tpm = securityfs_create_file("evm", 0660, 295 evm_dir, NULL, &evm_key_ops); 296 if (!evm_init_tpm || IS_ERR(evm_init_tpm)) { 297 error = -EFAULT; 298 goto out; 299 } 300 301 evm_symlink = securityfs_create_symlink("evm", NULL, 302 "integrity/evm/evm", NULL); 303 if (!evm_symlink || IS_ERR(evm_symlink)) { 304 error = -EFAULT; 305 goto out; 306 } 307 308 if (evm_init_xattrs() != 0) { 309 error = -EFAULT; 310 goto out; 311 } 312 313 return 0; 314 out: 315 securityfs_remove(evm_symlink); 316 securityfs_remove(evm_init_tpm); 317 securityfs_remove(evm_dir); 318 return error; 319 } 320