1 /* 2 * Copyright (C) 2008 IBM Corporation 3 * Author: Mimi Zohar <zohar@us.ibm.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, version 2 of the License. 8 * 9 * ima_policy.c 10 * - initialize default measure policy rules 11 * 12 */ 13 #include <linux/init.h> 14 #include <linux/list.h> 15 #include <linux/fs.h> 16 #include <linux/security.h> 17 #include <linux/magic.h> 18 #include <linux/parser.h> 19 #include <linux/slab.h> 20 #include <linux/rculist.h> 21 #include <linux/genhd.h> 22 #include <linux/seq_file.h> 23 #include <linux/ima.h> 24 25 #include "ima.h" 26 27 /* flags definitions */ 28 #define IMA_FUNC 0x0001 29 #define IMA_MASK 0x0002 30 #define IMA_FSMAGIC 0x0004 31 #define IMA_UID 0x0008 32 #define IMA_FOWNER 0x0010 33 #define IMA_FSUUID 0x0020 34 #define IMA_INMASK 0x0040 35 #define IMA_EUID 0x0080 36 #define IMA_PCR 0x0100 37 #define IMA_FSNAME 0x0200 38 39 #define UNKNOWN 0 40 #define MEASURE 0x0001 /* same as IMA_MEASURE */ 41 #define DONT_MEASURE 0x0002 42 #define APPRAISE 0x0004 /* same as IMA_APPRAISE */ 43 #define DONT_APPRAISE 0x0008 44 #define AUDIT 0x0040 45 #define HASH 0x0100 46 #define DONT_HASH 0x0200 47 48 #define INVALID_PCR(a) (((a) < 0) || \ 49 (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8)) 50 51 int ima_policy_flag; 52 static int temp_ima_appraise; 53 static int build_ima_appraise __ro_after_init; 54 55 #define MAX_LSM_RULES 6 56 enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE, 57 LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE 58 }; 59 60 enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB }; 61 62 enum policy_rule_list { IMA_DEFAULT_POLICY = 1, IMA_CUSTOM_POLICY }; 63 64 struct ima_rule_entry { 65 struct list_head list; 66 int action; 67 unsigned int flags; 68 enum ima_hooks func; 69 int mask; 70 unsigned long fsmagic; 71 uuid_t fsuuid; 72 kuid_t uid; 73 kuid_t fowner; 74 bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */ 75 bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ 76 int pcr; 77 struct { 78 void *rule; /* LSM file metadata specific */ 79 void *args_p; /* audit value */ 80 int type; /* audit type */ 81 } lsm[MAX_LSM_RULES]; 82 char *fsname; 83 }; 84 85 /* 86 * Without LSM specific knowledge, the default policy can only be 87 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner 88 */ 89 90 /* 91 * The minimum rule set to allow for full TCB coverage. Measures all files 92 * opened or mmap for exec and everything read by root. Dangerous because 93 * normal users can easily run the machine out of memory simply building 94 * and running executables. 95 */ 96 static struct ima_rule_entry dont_measure_rules[] __ro_after_init = { 97 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 98 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, 99 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC}, 100 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, 101 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 102 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, 103 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, 104 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 105 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC}, 106 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC, 107 .flags = IMA_FSMAGIC}, 108 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC, 109 .flags = IMA_FSMAGIC}, 110 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, 111 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC} 112 }; 113 114 static struct ima_rule_entry original_measurement_rules[] __ro_after_init = { 115 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 116 .flags = IMA_FUNC | IMA_MASK}, 117 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 118 .flags = IMA_FUNC | IMA_MASK}, 119 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, 120 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 121 .flags = IMA_FUNC | IMA_MASK | IMA_UID}, 122 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 123 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 124 }; 125 126 static struct ima_rule_entry default_measurement_rules[] __ro_after_init = { 127 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 128 .flags = IMA_FUNC | IMA_MASK}, 129 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 130 .flags = IMA_FUNC | IMA_MASK}, 131 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, 132 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 133 .flags = IMA_FUNC | IMA_INMASK | IMA_EUID}, 134 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, 135 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 136 .flags = IMA_FUNC | IMA_INMASK | IMA_UID}, 137 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 138 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 139 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC}, 140 }; 141 142 static struct ima_rule_entry default_appraise_rules[] __ro_after_init = { 143 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 144 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, 145 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC}, 146 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, 147 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC}, 148 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 149 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, 150 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, 151 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 152 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC}, 153 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, 154 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}, 155 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 156 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 157 #ifdef CONFIG_IMA_WRITE_POLICY 158 {.action = APPRAISE, .func = POLICY_CHECK, 159 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 160 #endif 161 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT 162 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq, 163 .flags = IMA_FOWNER}, 164 #else 165 /* force signature */ 166 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq, 167 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED}, 168 #endif 169 }; 170 171 static struct ima_rule_entry build_appraise_rules[] __ro_after_init = { 172 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_MODULE_SIGS 173 {.action = APPRAISE, .func = MODULE_CHECK, 174 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 175 #endif 176 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_FIRMWARE_SIGS 177 {.action = APPRAISE, .func = FIRMWARE_CHECK, 178 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 179 #endif 180 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS 181 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK, 182 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 183 #endif 184 #ifdef CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS 185 {.action = APPRAISE, .func = POLICY_CHECK, 186 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 187 #endif 188 }; 189 190 static struct ima_rule_entry secure_boot_rules[] __ro_after_init = { 191 {.action = APPRAISE, .func = MODULE_CHECK, 192 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 193 {.action = APPRAISE, .func = FIRMWARE_CHECK, 194 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 195 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK, 196 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 197 {.action = APPRAISE, .func = POLICY_CHECK, 198 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 199 }; 200 201 /* An array of architecture specific rules */ 202 struct ima_rule_entry *arch_policy_entry __ro_after_init; 203 204 static LIST_HEAD(ima_default_rules); 205 static LIST_HEAD(ima_policy_rules); 206 static LIST_HEAD(ima_temp_rules); 207 static struct list_head *ima_rules; 208 209 static int ima_policy __initdata; 210 211 static int __init default_measure_policy_setup(char *str) 212 { 213 if (ima_policy) 214 return 1; 215 216 ima_policy = ORIGINAL_TCB; 217 return 1; 218 } 219 __setup("ima_tcb", default_measure_policy_setup); 220 221 static bool ima_use_appraise_tcb __initdata; 222 static bool ima_use_secure_boot __initdata; 223 static bool ima_fail_unverifiable_sigs __ro_after_init; 224 static int __init policy_setup(char *str) 225 { 226 char *p; 227 228 while ((p = strsep(&str, " |\n")) != NULL) { 229 if (*p == ' ') 230 continue; 231 if ((strcmp(p, "tcb") == 0) && !ima_policy) 232 ima_policy = DEFAULT_TCB; 233 else if (strcmp(p, "appraise_tcb") == 0) 234 ima_use_appraise_tcb = true; 235 else if (strcmp(p, "secure_boot") == 0) 236 ima_use_secure_boot = true; 237 else if (strcmp(p, "fail_securely") == 0) 238 ima_fail_unverifiable_sigs = true; 239 } 240 241 return 1; 242 } 243 __setup("ima_policy=", policy_setup); 244 245 static int __init default_appraise_policy_setup(char *str) 246 { 247 ima_use_appraise_tcb = true; 248 return 1; 249 } 250 __setup("ima_appraise_tcb", default_appraise_policy_setup); 251 252 /* 253 * The LSM policy can be reloaded, leaving the IMA LSM based rules referring 254 * to the old, stale LSM policy. Update the IMA LSM based rules to reflect 255 * the reloaded LSM policy. We assume the rules still exist; and BUG_ON() if 256 * they don't. 257 */ 258 static void ima_lsm_update_rules(void) 259 { 260 struct ima_rule_entry *entry; 261 int result; 262 int i; 263 264 list_for_each_entry(entry, &ima_policy_rules, list) { 265 for (i = 0; i < MAX_LSM_RULES; i++) { 266 if (!entry->lsm[i].rule) 267 continue; 268 result = security_filter_rule_init(entry->lsm[i].type, 269 Audit_equal, 270 entry->lsm[i].args_p, 271 &entry->lsm[i].rule); 272 BUG_ON(!entry->lsm[i].rule); 273 } 274 } 275 } 276 277 /** 278 * ima_match_rules - determine whether an inode matches the measure rule. 279 * @rule: a pointer to a rule 280 * @inode: a pointer to an inode 281 * @cred: a pointer to a credentials structure for user validation 282 * @secid: the secid of the task to be validated 283 * @func: LIM hook identifier 284 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 285 * 286 * Returns true on rule match, false on failure. 287 */ 288 static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, 289 const struct cred *cred, u32 secid, 290 enum ima_hooks func, int mask) 291 { 292 int i; 293 294 if ((rule->flags & IMA_FUNC) && 295 (rule->func != func && func != POST_SETATTR)) 296 return false; 297 if ((rule->flags & IMA_MASK) && 298 (rule->mask != mask && func != POST_SETATTR)) 299 return false; 300 if ((rule->flags & IMA_INMASK) && 301 (!(rule->mask & mask) && func != POST_SETATTR)) 302 return false; 303 if ((rule->flags & IMA_FSMAGIC) 304 && rule->fsmagic != inode->i_sb->s_magic) 305 return false; 306 if ((rule->flags & IMA_FSNAME) 307 && strcmp(rule->fsname, inode->i_sb->s_type->name)) 308 return false; 309 if ((rule->flags & IMA_FSUUID) && 310 !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid)) 311 return false; 312 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) 313 return false; 314 if (rule->flags & IMA_EUID) { 315 if (has_capability_noaudit(current, CAP_SETUID)) { 316 if (!rule->uid_op(cred->euid, rule->uid) 317 && !rule->uid_op(cred->suid, rule->uid) 318 && !rule->uid_op(cred->uid, rule->uid)) 319 return false; 320 } else if (!rule->uid_op(cred->euid, rule->uid)) 321 return false; 322 } 323 324 if ((rule->flags & IMA_FOWNER) && 325 !rule->fowner_op(inode->i_uid, rule->fowner)) 326 return false; 327 for (i = 0; i < MAX_LSM_RULES; i++) { 328 int rc = 0; 329 u32 osid; 330 int retried = 0; 331 332 if (!rule->lsm[i].rule) 333 continue; 334 retry: 335 switch (i) { 336 case LSM_OBJ_USER: 337 case LSM_OBJ_ROLE: 338 case LSM_OBJ_TYPE: 339 security_inode_getsecid(inode, &osid); 340 rc = security_filter_rule_match(osid, 341 rule->lsm[i].type, 342 Audit_equal, 343 rule->lsm[i].rule); 344 break; 345 case LSM_SUBJ_USER: 346 case LSM_SUBJ_ROLE: 347 case LSM_SUBJ_TYPE: 348 rc = security_filter_rule_match(secid, 349 rule->lsm[i].type, 350 Audit_equal, 351 rule->lsm[i].rule); 352 default: 353 break; 354 } 355 if ((rc < 0) && (!retried)) { 356 retried = 1; 357 ima_lsm_update_rules(); 358 goto retry; 359 } 360 if (!rc) 361 return false; 362 } 363 return true; 364 } 365 366 /* 367 * In addition to knowing that we need to appraise the file in general, 368 * we need to differentiate between calling hooks, for hook specific rules. 369 */ 370 static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) 371 { 372 if (!(rule->flags & IMA_FUNC)) 373 return IMA_FILE_APPRAISE; 374 375 switch (func) { 376 case MMAP_CHECK: 377 return IMA_MMAP_APPRAISE; 378 case BPRM_CHECK: 379 return IMA_BPRM_APPRAISE; 380 case CREDS_CHECK: 381 return IMA_CREDS_APPRAISE; 382 case FILE_CHECK: 383 case POST_SETATTR: 384 return IMA_FILE_APPRAISE; 385 case MODULE_CHECK ... MAX_CHECK - 1: 386 default: 387 return IMA_READ_APPRAISE; 388 } 389 } 390 391 /** 392 * ima_match_policy - decision based on LSM and other conditions 393 * @inode: pointer to an inode for which the policy decision is being made 394 * @cred: pointer to a credentials structure for which the policy decision is 395 * being made 396 * @secid: LSM secid of the task to be validated 397 * @func: IMA hook identifier 398 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 399 * @pcr: set the pcr to extend 400 * 401 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) 402 * conditions. 403 * 404 * Since the IMA policy may be updated multiple times we need to lock the 405 * list when walking it. Reads are many orders of magnitude more numerous 406 * than writes so ima_match_policy() is classical RCU candidate. 407 */ 408 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, 409 enum ima_hooks func, int mask, int flags, int *pcr) 410 { 411 struct ima_rule_entry *entry; 412 int action = 0, actmask = flags | (flags << 1); 413 414 rcu_read_lock(); 415 list_for_each_entry_rcu(entry, ima_rules, list) { 416 417 if (!(entry->action & actmask)) 418 continue; 419 420 if (!ima_match_rules(entry, inode, cred, secid, func, mask)) 421 continue; 422 423 action |= entry->flags & IMA_ACTION_FLAGS; 424 425 action |= entry->action & IMA_DO_MASK; 426 if (entry->action & IMA_APPRAISE) { 427 action |= get_subaction(entry, func); 428 action &= ~IMA_HASH; 429 if (ima_fail_unverifiable_sigs) 430 action |= IMA_FAIL_UNVERIFIABLE_SIGS; 431 } 432 433 if (entry->action & IMA_DO_MASK) 434 actmask &= ~(entry->action | entry->action << 1); 435 else 436 actmask &= ~(entry->action | entry->action >> 1); 437 438 if ((pcr) && (entry->flags & IMA_PCR)) 439 *pcr = entry->pcr; 440 441 if (!actmask) 442 break; 443 } 444 rcu_read_unlock(); 445 446 return action; 447 } 448 449 /* 450 * Initialize the ima_policy_flag variable based on the currently 451 * loaded policy. Based on this flag, the decision to short circuit 452 * out of a function or not call the function in the first place 453 * can be made earlier. 454 */ 455 void ima_update_policy_flag(void) 456 { 457 struct ima_rule_entry *entry; 458 459 list_for_each_entry(entry, ima_rules, list) { 460 if (entry->action & IMA_DO_MASK) 461 ima_policy_flag |= entry->action; 462 } 463 464 ima_appraise |= (build_ima_appraise | temp_ima_appraise); 465 if (!ima_appraise) 466 ima_policy_flag &= ~IMA_APPRAISE; 467 } 468 469 static int ima_appraise_flag(enum ima_hooks func) 470 { 471 if (func == MODULE_CHECK) 472 return IMA_APPRAISE_MODULES; 473 else if (func == FIRMWARE_CHECK) 474 return IMA_APPRAISE_FIRMWARE; 475 else if (func == POLICY_CHECK) 476 return IMA_APPRAISE_POLICY; 477 else if (func == KEXEC_KERNEL_CHECK) 478 return IMA_APPRAISE_KEXEC; 479 return 0; 480 } 481 482 static void add_rules(struct ima_rule_entry *entries, int count, 483 enum policy_rule_list policy_rule) 484 { 485 int i = 0; 486 487 for (i = 0; i < count; i++) { 488 struct ima_rule_entry *entry; 489 490 if (policy_rule & IMA_DEFAULT_POLICY) 491 list_add_tail(&entries[i].list, &ima_default_rules); 492 493 if (policy_rule & IMA_CUSTOM_POLICY) { 494 entry = kmemdup(&entries[i], sizeof(*entry), 495 GFP_KERNEL); 496 if (!entry) 497 continue; 498 499 list_add_tail(&entry->list, &ima_policy_rules); 500 } 501 if (entries[i].action == APPRAISE) { 502 temp_ima_appraise |= ima_appraise_flag(entries[i].func); 503 if (entries[i].func == POLICY_CHECK) 504 temp_ima_appraise |= IMA_APPRAISE_POLICY; 505 } 506 } 507 } 508 509 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry); 510 511 static int __init ima_init_arch_policy(void) 512 { 513 const char * const *arch_rules; 514 const char * const *rules; 515 int arch_entries = 0; 516 int i = 0; 517 518 arch_rules = arch_get_ima_policy(); 519 if (!arch_rules) 520 return arch_entries; 521 522 /* Get number of rules */ 523 for (rules = arch_rules; *rules != NULL; rules++) 524 arch_entries++; 525 526 arch_policy_entry = kcalloc(arch_entries + 1, 527 sizeof(*arch_policy_entry), GFP_KERNEL); 528 if (!arch_policy_entry) 529 return 0; 530 531 /* Convert each policy string rules to struct ima_rule_entry format */ 532 for (rules = arch_rules, i = 0; *rules != NULL; rules++) { 533 char rule[255]; 534 int result; 535 536 result = strlcpy(rule, *rules, sizeof(rule)); 537 538 INIT_LIST_HEAD(&arch_policy_entry[i].list); 539 result = ima_parse_rule(rule, &arch_policy_entry[i]); 540 if (result) { 541 pr_warn("Skipping unknown architecture policy rule: %s\n", 542 rule); 543 memset(&arch_policy_entry[i], 0, 544 sizeof(*arch_policy_entry)); 545 continue; 546 } 547 i++; 548 } 549 return i; 550 } 551 552 /** 553 * ima_init_policy - initialize the default measure rules. 554 * 555 * ima_rules points to either the ima_default_rules or the 556 * the new ima_policy_rules. 557 */ 558 void __init ima_init_policy(void) 559 { 560 int build_appraise_entries, arch_entries; 561 562 /* if !ima_policy, we load NO default rules */ 563 if (ima_policy) 564 add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules), 565 IMA_DEFAULT_POLICY); 566 567 switch (ima_policy) { 568 case ORIGINAL_TCB: 569 add_rules(original_measurement_rules, 570 ARRAY_SIZE(original_measurement_rules), 571 IMA_DEFAULT_POLICY); 572 break; 573 case DEFAULT_TCB: 574 add_rules(default_measurement_rules, 575 ARRAY_SIZE(default_measurement_rules), 576 IMA_DEFAULT_POLICY); 577 default: 578 break; 579 } 580 581 /* 582 * Based on runtime secure boot flags, insert arch specific measurement 583 * and appraise rules requiring file signatures for both the initial 584 * and custom policies, prior to other appraise rules. 585 * (Highest priority) 586 */ 587 arch_entries = ima_init_arch_policy(); 588 if (!arch_entries) 589 pr_info("No architecture policies found\n"); 590 else 591 add_rules(arch_policy_entry, arch_entries, 592 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY); 593 594 /* 595 * Insert the builtin "secure_boot" policy rules requiring file 596 * signatures, prior to other appraise rules. 597 */ 598 if (ima_use_secure_boot) 599 add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules), 600 IMA_DEFAULT_POLICY); 601 602 /* 603 * Insert the build time appraise rules requiring file signatures 604 * for both the initial and custom policies, prior to other appraise 605 * rules. As the secure boot rules includes all of the build time 606 * rules, include either one or the other set of rules, but not both. 607 */ 608 build_appraise_entries = ARRAY_SIZE(build_appraise_rules); 609 if (build_appraise_entries) { 610 if (ima_use_secure_boot) 611 add_rules(build_appraise_rules, build_appraise_entries, 612 IMA_CUSTOM_POLICY); 613 else 614 add_rules(build_appraise_rules, build_appraise_entries, 615 IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY); 616 } 617 618 if (ima_use_appraise_tcb) 619 add_rules(default_appraise_rules, 620 ARRAY_SIZE(default_appraise_rules), 621 IMA_DEFAULT_POLICY); 622 623 ima_rules = &ima_default_rules; 624 ima_update_policy_flag(); 625 } 626 627 /* Make sure we have a valid policy, at least containing some rules. */ 628 int ima_check_policy(void) 629 { 630 if (list_empty(&ima_temp_rules)) 631 return -EINVAL; 632 return 0; 633 } 634 635 /** 636 * ima_update_policy - update default_rules with new measure rules 637 * 638 * Called on file .release to update the default rules with a complete new 639 * policy. What we do here is to splice ima_policy_rules and ima_temp_rules so 640 * they make a queue. The policy may be updated multiple times and this is the 641 * RCU updater. 642 * 643 * Policy rules are never deleted so ima_policy_flag gets zeroed only once when 644 * we switch from the default policy to user defined. 645 */ 646 void ima_update_policy(void) 647 { 648 struct list_head *policy = &ima_policy_rules; 649 650 list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu); 651 652 if (ima_rules != policy) { 653 ima_policy_flag = 0; 654 ima_rules = policy; 655 656 /* 657 * IMA architecture specific policy rules are specified 658 * as strings and converted to an array of ima_entry_rules 659 * on boot. After loading a custom policy, free the 660 * architecture specific rules stored as an array. 661 */ 662 kfree(arch_policy_entry); 663 } 664 ima_update_policy_flag(); 665 } 666 667 /* Keep the enumeration in sync with the policy_tokens! */ 668 enum { 669 Opt_measure, Opt_dont_measure, 670 Opt_appraise, Opt_dont_appraise, 671 Opt_audit, Opt_hash, Opt_dont_hash, 672 Opt_obj_user, Opt_obj_role, Opt_obj_type, 673 Opt_subj_user, Opt_subj_role, Opt_subj_type, 674 Opt_func, Opt_mask, Opt_fsmagic, Opt_fsname, 675 Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq, 676 Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt, 677 Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, 678 Opt_appraise_type, Opt_permit_directio, 679 Opt_pcr, Opt_err 680 }; 681 682 static const match_table_t policy_tokens = { 683 {Opt_measure, "measure"}, 684 {Opt_dont_measure, "dont_measure"}, 685 {Opt_appraise, "appraise"}, 686 {Opt_dont_appraise, "dont_appraise"}, 687 {Opt_audit, "audit"}, 688 {Opt_hash, "hash"}, 689 {Opt_dont_hash, "dont_hash"}, 690 {Opt_obj_user, "obj_user=%s"}, 691 {Opt_obj_role, "obj_role=%s"}, 692 {Opt_obj_type, "obj_type=%s"}, 693 {Opt_subj_user, "subj_user=%s"}, 694 {Opt_subj_role, "subj_role=%s"}, 695 {Opt_subj_type, "subj_type=%s"}, 696 {Opt_func, "func=%s"}, 697 {Opt_mask, "mask=%s"}, 698 {Opt_fsmagic, "fsmagic=%s"}, 699 {Opt_fsname, "fsname=%s"}, 700 {Opt_fsuuid, "fsuuid=%s"}, 701 {Opt_uid_eq, "uid=%s"}, 702 {Opt_euid_eq, "euid=%s"}, 703 {Opt_fowner_eq, "fowner=%s"}, 704 {Opt_uid_gt, "uid>%s"}, 705 {Opt_euid_gt, "euid>%s"}, 706 {Opt_fowner_gt, "fowner>%s"}, 707 {Opt_uid_lt, "uid<%s"}, 708 {Opt_euid_lt, "euid<%s"}, 709 {Opt_fowner_lt, "fowner<%s"}, 710 {Opt_appraise_type, "appraise_type=%s"}, 711 {Opt_permit_directio, "permit_directio"}, 712 {Opt_pcr, "pcr=%s"}, 713 {Opt_err, NULL} 714 }; 715 716 static int ima_lsm_rule_init(struct ima_rule_entry *entry, 717 substring_t *args, int lsm_rule, int audit_type) 718 { 719 int result; 720 721 if (entry->lsm[lsm_rule].rule) 722 return -EINVAL; 723 724 entry->lsm[lsm_rule].args_p = match_strdup(args); 725 if (!entry->lsm[lsm_rule].args_p) 726 return -ENOMEM; 727 728 entry->lsm[lsm_rule].type = audit_type; 729 result = security_filter_rule_init(entry->lsm[lsm_rule].type, 730 Audit_equal, 731 entry->lsm[lsm_rule].args_p, 732 &entry->lsm[lsm_rule].rule); 733 if (!entry->lsm[lsm_rule].rule) { 734 kfree(entry->lsm[lsm_rule].args_p); 735 return -EINVAL; 736 } 737 738 return result; 739 } 740 741 static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value, 742 bool (*rule_operator)(kuid_t, kuid_t)) 743 { 744 if (!ab) 745 return; 746 747 if (rule_operator == &uid_gt) 748 audit_log_format(ab, "%s>", key); 749 else if (rule_operator == &uid_lt) 750 audit_log_format(ab, "%s<", key); 751 else 752 audit_log_format(ab, "%s=", key); 753 audit_log_format(ab, "%s ", value); 754 } 755 static void ima_log_string(struct audit_buffer *ab, char *key, char *value) 756 { 757 ima_log_string_op(ab, key, value, NULL); 758 } 759 760 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 761 { 762 struct audit_buffer *ab; 763 char *from; 764 char *p; 765 bool uid_token; 766 int result = 0; 767 768 ab = integrity_audit_log_start(audit_context(), GFP_KERNEL, 769 AUDIT_INTEGRITY_POLICY_RULE); 770 771 entry->uid = INVALID_UID; 772 entry->fowner = INVALID_UID; 773 entry->uid_op = &uid_eq; 774 entry->fowner_op = &uid_eq; 775 entry->action = UNKNOWN; 776 while ((p = strsep(&rule, " \t")) != NULL) { 777 substring_t args[MAX_OPT_ARGS]; 778 int token; 779 unsigned long lnum; 780 781 if (result < 0) 782 break; 783 if ((*p == '\0') || (*p == ' ') || (*p == '\t')) 784 continue; 785 token = match_token(p, policy_tokens, args); 786 switch (token) { 787 case Opt_measure: 788 ima_log_string(ab, "action", "measure"); 789 790 if (entry->action != UNKNOWN) 791 result = -EINVAL; 792 793 entry->action = MEASURE; 794 break; 795 case Opt_dont_measure: 796 ima_log_string(ab, "action", "dont_measure"); 797 798 if (entry->action != UNKNOWN) 799 result = -EINVAL; 800 801 entry->action = DONT_MEASURE; 802 break; 803 case Opt_appraise: 804 ima_log_string(ab, "action", "appraise"); 805 806 if (entry->action != UNKNOWN) 807 result = -EINVAL; 808 809 entry->action = APPRAISE; 810 break; 811 case Opt_dont_appraise: 812 ima_log_string(ab, "action", "dont_appraise"); 813 814 if (entry->action != UNKNOWN) 815 result = -EINVAL; 816 817 entry->action = DONT_APPRAISE; 818 break; 819 case Opt_audit: 820 ima_log_string(ab, "action", "audit"); 821 822 if (entry->action != UNKNOWN) 823 result = -EINVAL; 824 825 entry->action = AUDIT; 826 break; 827 case Opt_hash: 828 ima_log_string(ab, "action", "hash"); 829 830 if (entry->action != UNKNOWN) 831 result = -EINVAL; 832 833 entry->action = HASH; 834 break; 835 case Opt_dont_hash: 836 ima_log_string(ab, "action", "dont_hash"); 837 838 if (entry->action != UNKNOWN) 839 result = -EINVAL; 840 841 entry->action = DONT_HASH; 842 break; 843 case Opt_func: 844 ima_log_string(ab, "func", args[0].from); 845 846 if (entry->func) 847 result = -EINVAL; 848 849 if (strcmp(args[0].from, "FILE_CHECK") == 0) 850 entry->func = FILE_CHECK; 851 /* PATH_CHECK is for backwards compat */ 852 else if (strcmp(args[0].from, "PATH_CHECK") == 0) 853 entry->func = FILE_CHECK; 854 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) 855 entry->func = MODULE_CHECK; 856 else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0) 857 entry->func = FIRMWARE_CHECK; 858 else if ((strcmp(args[0].from, "FILE_MMAP") == 0) 859 || (strcmp(args[0].from, "MMAP_CHECK") == 0)) 860 entry->func = MMAP_CHECK; 861 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 862 entry->func = BPRM_CHECK; 863 else if (strcmp(args[0].from, "CREDS_CHECK") == 0) 864 entry->func = CREDS_CHECK; 865 else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") == 866 0) 867 entry->func = KEXEC_KERNEL_CHECK; 868 else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK") 869 == 0) 870 entry->func = KEXEC_INITRAMFS_CHECK; 871 else if (strcmp(args[0].from, "POLICY_CHECK") == 0) 872 entry->func = POLICY_CHECK; 873 else 874 result = -EINVAL; 875 if (!result) 876 entry->flags |= IMA_FUNC; 877 break; 878 case Opt_mask: 879 ima_log_string(ab, "mask", args[0].from); 880 881 if (entry->mask) 882 result = -EINVAL; 883 884 from = args[0].from; 885 if (*from == '^') 886 from++; 887 888 if ((strcmp(from, "MAY_EXEC")) == 0) 889 entry->mask = MAY_EXEC; 890 else if (strcmp(from, "MAY_WRITE") == 0) 891 entry->mask = MAY_WRITE; 892 else if (strcmp(from, "MAY_READ") == 0) 893 entry->mask = MAY_READ; 894 else if (strcmp(from, "MAY_APPEND") == 0) 895 entry->mask = MAY_APPEND; 896 else 897 result = -EINVAL; 898 if (!result) 899 entry->flags |= (*args[0].from == '^') 900 ? IMA_INMASK : IMA_MASK; 901 break; 902 case Opt_fsmagic: 903 ima_log_string(ab, "fsmagic", args[0].from); 904 905 if (entry->fsmagic) { 906 result = -EINVAL; 907 break; 908 } 909 910 result = kstrtoul(args[0].from, 16, &entry->fsmagic); 911 if (!result) 912 entry->flags |= IMA_FSMAGIC; 913 break; 914 case Opt_fsname: 915 ima_log_string(ab, "fsname", args[0].from); 916 917 entry->fsname = kstrdup(args[0].from, GFP_KERNEL); 918 if (!entry->fsname) { 919 result = -ENOMEM; 920 break; 921 } 922 result = 0; 923 entry->flags |= IMA_FSNAME; 924 break; 925 case Opt_fsuuid: 926 ima_log_string(ab, "fsuuid", args[0].from); 927 928 if (!uuid_is_null(&entry->fsuuid)) { 929 result = -EINVAL; 930 break; 931 } 932 933 result = uuid_parse(args[0].from, &entry->fsuuid); 934 if (!result) 935 entry->flags |= IMA_FSUUID; 936 break; 937 case Opt_uid_gt: 938 case Opt_euid_gt: 939 entry->uid_op = &uid_gt; 940 /* fall through */ 941 case Opt_uid_lt: 942 case Opt_euid_lt: 943 if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) 944 entry->uid_op = &uid_lt; 945 /* fall through */ 946 case Opt_uid_eq: 947 case Opt_euid_eq: 948 uid_token = (token == Opt_uid_eq) || 949 (token == Opt_uid_gt) || 950 (token == Opt_uid_lt); 951 952 ima_log_string_op(ab, uid_token ? "uid" : "euid", 953 args[0].from, entry->uid_op); 954 955 if (uid_valid(entry->uid)) { 956 result = -EINVAL; 957 break; 958 } 959 960 result = kstrtoul(args[0].from, 10, &lnum); 961 if (!result) { 962 entry->uid = make_kuid(current_user_ns(), 963 (uid_t) lnum); 964 if (!uid_valid(entry->uid) || 965 (uid_t)lnum != lnum) 966 result = -EINVAL; 967 else 968 entry->flags |= uid_token 969 ? IMA_UID : IMA_EUID; 970 } 971 break; 972 case Opt_fowner_gt: 973 entry->fowner_op = &uid_gt; 974 /* fall through */ 975 case Opt_fowner_lt: 976 if (token == Opt_fowner_lt) 977 entry->fowner_op = &uid_lt; 978 /* fall through */ 979 case Opt_fowner_eq: 980 ima_log_string_op(ab, "fowner", args[0].from, 981 entry->fowner_op); 982 983 if (uid_valid(entry->fowner)) { 984 result = -EINVAL; 985 break; 986 } 987 988 result = kstrtoul(args[0].from, 10, &lnum); 989 if (!result) { 990 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); 991 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) 992 result = -EINVAL; 993 else 994 entry->flags |= IMA_FOWNER; 995 } 996 break; 997 case Opt_obj_user: 998 ima_log_string(ab, "obj_user", args[0].from); 999 result = ima_lsm_rule_init(entry, args, 1000 LSM_OBJ_USER, 1001 AUDIT_OBJ_USER); 1002 break; 1003 case Opt_obj_role: 1004 ima_log_string(ab, "obj_role", args[0].from); 1005 result = ima_lsm_rule_init(entry, args, 1006 LSM_OBJ_ROLE, 1007 AUDIT_OBJ_ROLE); 1008 break; 1009 case Opt_obj_type: 1010 ima_log_string(ab, "obj_type", args[0].from); 1011 result = ima_lsm_rule_init(entry, args, 1012 LSM_OBJ_TYPE, 1013 AUDIT_OBJ_TYPE); 1014 break; 1015 case Opt_subj_user: 1016 ima_log_string(ab, "subj_user", args[0].from); 1017 result = ima_lsm_rule_init(entry, args, 1018 LSM_SUBJ_USER, 1019 AUDIT_SUBJ_USER); 1020 break; 1021 case Opt_subj_role: 1022 ima_log_string(ab, "subj_role", args[0].from); 1023 result = ima_lsm_rule_init(entry, args, 1024 LSM_SUBJ_ROLE, 1025 AUDIT_SUBJ_ROLE); 1026 break; 1027 case Opt_subj_type: 1028 ima_log_string(ab, "subj_type", args[0].from); 1029 result = ima_lsm_rule_init(entry, args, 1030 LSM_SUBJ_TYPE, 1031 AUDIT_SUBJ_TYPE); 1032 break; 1033 case Opt_appraise_type: 1034 if (entry->action != APPRAISE) { 1035 result = -EINVAL; 1036 break; 1037 } 1038 1039 ima_log_string(ab, "appraise_type", args[0].from); 1040 if ((strcmp(args[0].from, "imasig")) == 0) 1041 entry->flags |= IMA_DIGSIG_REQUIRED; 1042 else 1043 result = -EINVAL; 1044 break; 1045 case Opt_permit_directio: 1046 entry->flags |= IMA_PERMIT_DIRECTIO; 1047 break; 1048 case Opt_pcr: 1049 if (entry->action != MEASURE) { 1050 result = -EINVAL; 1051 break; 1052 } 1053 ima_log_string(ab, "pcr", args[0].from); 1054 1055 result = kstrtoint(args[0].from, 10, &entry->pcr); 1056 if (result || INVALID_PCR(entry->pcr)) 1057 result = -EINVAL; 1058 else 1059 entry->flags |= IMA_PCR; 1060 1061 break; 1062 case Opt_err: 1063 ima_log_string(ab, "UNKNOWN", p); 1064 result = -EINVAL; 1065 break; 1066 } 1067 } 1068 if (!result && (entry->action == UNKNOWN)) 1069 result = -EINVAL; 1070 else if (entry->action == APPRAISE) 1071 temp_ima_appraise |= ima_appraise_flag(entry->func); 1072 1073 audit_log_format(ab, "res=%d", !result); 1074 audit_log_end(ab); 1075 return result; 1076 } 1077 1078 /** 1079 * ima_parse_add_rule - add a rule to ima_policy_rules 1080 * @rule - ima measurement policy rule 1081 * 1082 * Avoid locking by allowing just one writer at a time in ima_write_policy() 1083 * Returns the length of the rule parsed, an error code on failure 1084 */ 1085 ssize_t ima_parse_add_rule(char *rule) 1086 { 1087 static const char op[] = "update_policy"; 1088 char *p; 1089 struct ima_rule_entry *entry; 1090 ssize_t result, len; 1091 int audit_info = 0; 1092 1093 p = strsep(&rule, "\n"); 1094 len = strlen(p) + 1; 1095 p += strspn(p, " \t"); 1096 1097 if (*p == '#' || *p == '\0') 1098 return len; 1099 1100 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1101 if (!entry) { 1102 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 1103 NULL, op, "-ENOMEM", -ENOMEM, audit_info); 1104 return -ENOMEM; 1105 } 1106 1107 INIT_LIST_HEAD(&entry->list); 1108 1109 result = ima_parse_rule(p, entry); 1110 if (result) { 1111 kfree(entry); 1112 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 1113 NULL, op, "invalid-policy", result, 1114 audit_info); 1115 return result; 1116 } 1117 1118 list_add_tail(&entry->list, &ima_temp_rules); 1119 1120 return len; 1121 } 1122 1123 /** 1124 * ima_delete_rules() called to cleanup invalid in-flight policy. 1125 * We don't need locking as we operate on the temp list, which is 1126 * different from the active one. There is also only one user of 1127 * ima_delete_rules() at a time. 1128 */ 1129 void ima_delete_rules(void) 1130 { 1131 struct ima_rule_entry *entry, *tmp; 1132 int i; 1133 1134 temp_ima_appraise = 0; 1135 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) { 1136 for (i = 0; i < MAX_LSM_RULES; i++) 1137 kfree(entry->lsm[i].args_p); 1138 1139 list_del(&entry->list); 1140 kfree(entry); 1141 } 1142 } 1143 1144 #ifdef CONFIG_IMA_READ_POLICY 1145 enum { 1146 mask_exec = 0, mask_write, mask_read, mask_append 1147 }; 1148 1149 static const char *const mask_tokens[] = { 1150 "^MAY_EXEC", 1151 "^MAY_WRITE", 1152 "^MAY_READ", 1153 "^MAY_APPEND" 1154 }; 1155 1156 #define __ima_hook_stringify(str) (#str), 1157 1158 static const char *const func_tokens[] = { 1159 __ima_hooks(__ima_hook_stringify) 1160 }; 1161 1162 void *ima_policy_start(struct seq_file *m, loff_t *pos) 1163 { 1164 loff_t l = *pos; 1165 struct ima_rule_entry *entry; 1166 1167 rcu_read_lock(); 1168 list_for_each_entry_rcu(entry, ima_rules, list) { 1169 if (!l--) { 1170 rcu_read_unlock(); 1171 return entry; 1172 } 1173 } 1174 rcu_read_unlock(); 1175 return NULL; 1176 } 1177 1178 void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos) 1179 { 1180 struct ima_rule_entry *entry = v; 1181 1182 rcu_read_lock(); 1183 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list); 1184 rcu_read_unlock(); 1185 (*pos)++; 1186 1187 return (&entry->list == ima_rules) ? NULL : entry; 1188 } 1189 1190 void ima_policy_stop(struct seq_file *m, void *v) 1191 { 1192 } 1193 1194 #define pt(token) policy_tokens[token].pattern 1195 #define mt(token) mask_tokens[token] 1196 1197 /* 1198 * policy_func_show - display the ima_hooks policy rule 1199 */ 1200 static void policy_func_show(struct seq_file *m, enum ima_hooks func) 1201 { 1202 if (func > 0 && func < MAX_CHECK) 1203 seq_printf(m, "func=%s ", func_tokens[func]); 1204 else 1205 seq_printf(m, "func=%d ", func); 1206 } 1207 1208 int ima_policy_show(struct seq_file *m, void *v) 1209 { 1210 struct ima_rule_entry *entry = v; 1211 int i; 1212 char tbuf[64] = {0,}; 1213 int offset = 0; 1214 1215 rcu_read_lock(); 1216 1217 if (entry->action & MEASURE) 1218 seq_puts(m, pt(Opt_measure)); 1219 if (entry->action & DONT_MEASURE) 1220 seq_puts(m, pt(Opt_dont_measure)); 1221 if (entry->action & APPRAISE) 1222 seq_puts(m, pt(Opt_appraise)); 1223 if (entry->action & DONT_APPRAISE) 1224 seq_puts(m, pt(Opt_dont_appraise)); 1225 if (entry->action & AUDIT) 1226 seq_puts(m, pt(Opt_audit)); 1227 if (entry->action & HASH) 1228 seq_puts(m, pt(Opt_hash)); 1229 if (entry->action & DONT_HASH) 1230 seq_puts(m, pt(Opt_dont_hash)); 1231 1232 seq_puts(m, " "); 1233 1234 if (entry->flags & IMA_FUNC) 1235 policy_func_show(m, entry->func); 1236 1237 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { 1238 if (entry->flags & IMA_MASK) 1239 offset = 1; 1240 if (entry->mask & MAY_EXEC) 1241 seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset); 1242 if (entry->mask & MAY_WRITE) 1243 seq_printf(m, pt(Opt_mask), mt(mask_write) + offset); 1244 if (entry->mask & MAY_READ) 1245 seq_printf(m, pt(Opt_mask), mt(mask_read) + offset); 1246 if (entry->mask & MAY_APPEND) 1247 seq_printf(m, pt(Opt_mask), mt(mask_append) + offset); 1248 seq_puts(m, " "); 1249 } 1250 1251 if (entry->flags & IMA_FSMAGIC) { 1252 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic); 1253 seq_printf(m, pt(Opt_fsmagic), tbuf); 1254 seq_puts(m, " "); 1255 } 1256 1257 if (entry->flags & IMA_FSNAME) { 1258 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname); 1259 seq_printf(m, pt(Opt_fsname), tbuf); 1260 seq_puts(m, " "); 1261 } 1262 1263 if (entry->flags & IMA_PCR) { 1264 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); 1265 seq_printf(m, pt(Opt_pcr), tbuf); 1266 seq_puts(m, " "); 1267 } 1268 1269 if (entry->flags & IMA_FSUUID) { 1270 seq_printf(m, "fsuuid=%pU", &entry->fsuuid); 1271 seq_puts(m, " "); 1272 } 1273 1274 if (entry->flags & IMA_UID) { 1275 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); 1276 if (entry->uid_op == &uid_gt) 1277 seq_printf(m, pt(Opt_uid_gt), tbuf); 1278 else if (entry->uid_op == &uid_lt) 1279 seq_printf(m, pt(Opt_uid_lt), tbuf); 1280 else 1281 seq_printf(m, pt(Opt_uid_eq), tbuf); 1282 seq_puts(m, " "); 1283 } 1284 1285 if (entry->flags & IMA_EUID) { 1286 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); 1287 if (entry->uid_op == &uid_gt) 1288 seq_printf(m, pt(Opt_euid_gt), tbuf); 1289 else if (entry->uid_op == &uid_lt) 1290 seq_printf(m, pt(Opt_euid_lt), tbuf); 1291 else 1292 seq_printf(m, pt(Opt_euid_eq), tbuf); 1293 seq_puts(m, " "); 1294 } 1295 1296 if (entry->flags & IMA_FOWNER) { 1297 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); 1298 if (entry->fowner_op == &uid_gt) 1299 seq_printf(m, pt(Opt_fowner_gt), tbuf); 1300 else if (entry->fowner_op == &uid_lt) 1301 seq_printf(m, pt(Opt_fowner_lt), tbuf); 1302 else 1303 seq_printf(m, pt(Opt_fowner_eq), tbuf); 1304 seq_puts(m, " "); 1305 } 1306 1307 for (i = 0; i < MAX_LSM_RULES; i++) { 1308 if (entry->lsm[i].rule) { 1309 switch (i) { 1310 case LSM_OBJ_USER: 1311 seq_printf(m, pt(Opt_obj_user), 1312 (char *)entry->lsm[i].args_p); 1313 break; 1314 case LSM_OBJ_ROLE: 1315 seq_printf(m, pt(Opt_obj_role), 1316 (char *)entry->lsm[i].args_p); 1317 break; 1318 case LSM_OBJ_TYPE: 1319 seq_printf(m, pt(Opt_obj_type), 1320 (char *)entry->lsm[i].args_p); 1321 break; 1322 case LSM_SUBJ_USER: 1323 seq_printf(m, pt(Opt_subj_user), 1324 (char *)entry->lsm[i].args_p); 1325 break; 1326 case LSM_SUBJ_ROLE: 1327 seq_printf(m, pt(Opt_subj_role), 1328 (char *)entry->lsm[i].args_p); 1329 break; 1330 case LSM_SUBJ_TYPE: 1331 seq_printf(m, pt(Opt_subj_type), 1332 (char *)entry->lsm[i].args_p); 1333 break; 1334 } 1335 } 1336 } 1337 if (entry->flags & IMA_DIGSIG_REQUIRED) 1338 seq_puts(m, "appraise_type=imasig "); 1339 if (entry->flags & IMA_PERMIT_DIRECTIO) 1340 seq_puts(m, "permit_directio "); 1341 rcu_read_unlock(); 1342 seq_puts(m, "\n"); 1343 return 0; 1344 } 1345 #endif /* CONFIG_IMA_READ_POLICY */ 1346