1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2 of the License. 10 * 11 * File: evm_secfs.c 12 * - Used to signal when key is on keyring 13 * - Get the key and enable EVM 14 */ 15 16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 17 18 #include <linux/audit.h> 19 #include <linux/uaccess.h> 20 #include <linux/module.h> 21 #include <linux/mutex.h> 22 #include "evm.h" 23 24 static struct dentry *evm_dir; 25 static struct dentry *evm_init_tpm; 26 static struct dentry *evm_symlink; 27 28 #ifdef CONFIG_EVM_ADD_XATTRS 29 static struct dentry *evm_xattrs; 30 static DEFINE_MUTEX(xattr_list_mutex); 31 static int evm_xattrs_locked; 32 #endif 33 34 /** 35 * evm_read_key - read() for <securityfs>/evm 36 * 37 * @filp: file pointer, not actually used 38 * @buf: where to put the result 39 * @count: maximum to send along 40 * @ppos: where to start 41 * 42 * Returns number of bytes read or error code, as appropriate 43 */ 44 static ssize_t evm_read_key(struct file *filp, char __user *buf, 45 size_t count, loff_t *ppos) 46 { 47 char temp[80]; 48 ssize_t rc; 49 50 if (*ppos != 0) 51 return 0; 52 53 sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE)); 54 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 55 56 return rc; 57 } 58 59 /** 60 * evm_write_key - write() for <securityfs>/evm 61 * @file: file pointer, not actually used 62 * @buf: where to get the data from 63 * @count: bytes sent 64 * @ppos: where to start 65 * 66 * Used to signal that key is on the kernel key ring. 67 * - get the integrity hmac key from the kernel key ring 68 * - create list of hmac protected extended attributes 69 * Returns number of bytes written or error code, as appropriate 70 */ 71 static ssize_t evm_write_key(struct file *file, const char __user *buf, 72 size_t count, loff_t *ppos) 73 { 74 int i, ret; 75 76 if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE)) 77 return -EPERM; 78 79 ret = kstrtoint_from_user(buf, count, 0, &i); 80 81 if (ret) 82 return ret; 83 84 /* Reject invalid values */ 85 if (!i || (i & ~EVM_INIT_MASK) != 0) 86 return -EINVAL; 87 88 /* Don't allow a request to freshly enable metadata writes if 89 * keys are loaded. 90 */ 91 if ((i & EVM_ALLOW_METADATA_WRITES) && 92 ((evm_initialized & EVM_KEY_MASK) != 0) && 93 !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) 94 return -EPERM; 95 96 if (i & EVM_INIT_HMAC) { 97 ret = evm_init_key(); 98 if (ret != 0) 99 return ret; 100 /* Forbid further writes after the symmetric key is loaded */ 101 i |= EVM_SETUP_COMPLETE; 102 } 103 104 evm_initialized |= i; 105 106 /* Don't allow protected metadata modification if a symmetric key 107 * is loaded 108 */ 109 if (evm_initialized & EVM_INIT_HMAC) 110 evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES); 111 112 return count; 113 } 114 115 static const struct file_operations evm_key_ops = { 116 .read = evm_read_key, 117 .write = evm_write_key, 118 }; 119 120 #ifdef CONFIG_EVM_ADD_XATTRS 121 /** 122 * evm_read_xattrs - read() for <securityfs>/evm_xattrs 123 * 124 * @filp: file pointer, not actually used 125 * @buf: where to put the result 126 * @count: maximum to send along 127 * @ppos: where to start 128 * 129 * Returns number of bytes read or error code, as appropriate 130 */ 131 static ssize_t evm_read_xattrs(struct file *filp, char __user *buf, 132 size_t count, loff_t *ppos) 133 { 134 char *temp; 135 int offset = 0; 136 ssize_t rc, size = 0; 137 struct xattr_list *xattr; 138 139 if (*ppos != 0) 140 return 0; 141 142 rc = mutex_lock_interruptible(&xattr_list_mutex); 143 if (rc) 144 return -ERESTARTSYS; 145 146 list_for_each_entry(xattr, &evm_config_xattrnames, list) 147 size += strlen(xattr->name) + 1; 148 149 temp = kmalloc(size + 1, GFP_KERNEL); 150 if (!temp) 151 return -ENOMEM; 152 153 list_for_each_entry(xattr, &evm_config_xattrnames, list) { 154 sprintf(temp + offset, "%s\n", xattr->name); 155 offset += strlen(xattr->name) + 1; 156 } 157 158 mutex_unlock(&xattr_list_mutex); 159 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 160 161 return rc; 162 } 163 164 /** 165 * evm_write_xattrs - write() for <securityfs>/evm_xattrs 166 * @file: file pointer, not actually used 167 * @buf: where to get the data from 168 * @count: bytes sent 169 * @ppos: where to start 170 * 171 * Returns number of bytes written or error code, as appropriate 172 */ 173 static ssize_t evm_write_xattrs(struct file *file, const char __user *buf, 174 size_t count, loff_t *ppos) 175 { 176 int len, err; 177 struct xattr_list *xattr, *tmp; 178 struct audit_buffer *ab; 179 struct iattr newattrs; 180 struct inode *inode; 181 182 if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked) 183 return -EPERM; 184 185 if (*ppos != 0) 186 return -EINVAL; 187 188 if (count > XATTR_NAME_MAX) 189 return -E2BIG; 190 191 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_EVM_XATTR); 192 if (IS_ERR(ab)) 193 return PTR_ERR(ab); 194 195 xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL); 196 if (!xattr) { 197 err = -ENOMEM; 198 goto out; 199 } 200 201 xattr->name = memdup_user_nul(buf, count); 202 if (IS_ERR(xattr->name)) { 203 err = PTR_ERR(xattr->name); 204 xattr->name = NULL; 205 goto out; 206 } 207 208 /* Remove any trailing newline */ 209 len = strlen(xattr->name); 210 if (xattr->name[len-1] == '\n') 211 xattr->name[len-1] = '\0'; 212 213 if (strcmp(xattr->name, ".") == 0) { 214 evm_xattrs_locked = 1; 215 newattrs.ia_mode = S_IFREG | 0440; 216 newattrs.ia_valid = ATTR_MODE; 217 inode = evm_xattrs->d_inode; 218 inode_lock(inode); 219 err = simple_setattr(evm_xattrs, &newattrs); 220 inode_unlock(inode); 221 audit_log_format(ab, "locked"); 222 if (!err) 223 err = count; 224 goto out; 225 } 226 227 audit_log_format(ab, "xattr="); 228 audit_log_untrustedstring(ab, xattr->name); 229 230 if (strncmp(xattr->name, XATTR_SECURITY_PREFIX, 231 XATTR_SECURITY_PREFIX_LEN) != 0) { 232 err = -EINVAL; 233 goto out; 234 } 235 236 /* Guard against races in evm_read_xattrs */ 237 mutex_lock(&xattr_list_mutex); 238 list_for_each_entry(tmp, &evm_config_xattrnames, list) { 239 if (strcmp(xattr->name, tmp->name) == 0) { 240 err = -EEXIST; 241 mutex_unlock(&xattr_list_mutex); 242 goto out; 243 } 244 } 245 list_add_tail_rcu(&xattr->list, &evm_config_xattrnames); 246 mutex_unlock(&xattr_list_mutex); 247 248 audit_log_format(ab, " res=0"); 249 audit_log_end(ab); 250 return count; 251 out: 252 audit_log_format(ab, " res=%d", err); 253 audit_log_end(ab); 254 kfree(xattr->name); 255 kfree(xattr); 256 return err; 257 } 258 259 static const struct file_operations evm_xattr_ops = { 260 .read = evm_read_xattrs, 261 .write = evm_write_xattrs, 262 }; 263 264 static int evm_init_xattrs(void) 265 { 266 evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL, 267 &evm_xattr_ops); 268 if (!evm_xattrs || IS_ERR(evm_xattrs)) 269 return -EFAULT; 270 271 return 0; 272 } 273 #else 274 static int evm_init_xattrs(void) 275 { 276 return 0; 277 } 278 #endif 279 280 int __init evm_init_secfs(void) 281 { 282 int error = 0; 283 284 evm_dir = securityfs_create_dir("evm", integrity_dir); 285 if (!evm_dir || IS_ERR(evm_dir)) 286 return -EFAULT; 287 288 evm_init_tpm = securityfs_create_file("evm", 0660, 289 evm_dir, NULL, &evm_key_ops); 290 if (!evm_init_tpm || IS_ERR(evm_init_tpm)) { 291 error = -EFAULT; 292 goto out; 293 } 294 295 evm_symlink = securityfs_create_symlink("evm", NULL, 296 "integrity/evm/evm", NULL); 297 if (!evm_symlink || IS_ERR(evm_symlink)) { 298 error = -EFAULT; 299 goto out; 300 } 301 302 if (evm_init_xattrs() != 0) { 303 error = -EFAULT; 304 goto out; 305 } 306 307 return 0; 308 out: 309 securityfs_remove(evm_symlink); 310 securityfs_remove(evm_init_tpm); 311 securityfs_remove(evm_dir); 312 return error; 313 } 314