@@ -144,6 +144,7 @@ struct ima_kexec_hdr {
#define IMA_DIGSIG_REQUIRED 0x01000000
#define IMA_PERMIT_DIRECTIO 0x02000000
#define IMA_NEW_FILE 0x04000000
+#define IMA_VIOLATION 0x08000000
#define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000
#define IMA_MODSIG_ALLOWED 0x20000000
#define IMA_CHECK_BLACKLIST 0x40000000
@@ -126,19 +126,32 @@ static void ima_rdwr_violation_check(struct file *file,
bool send_tomtou = false, send_writers = false;
if (mode & FMODE_WRITE) {
+ if (!iint)
+ iint = ima_iint_find(inode);
+
if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
- if (!iint)
- iint = ima_iint_find(inode);
/* IMA_MEASURE is set from reader side */
if (iint && test_bit(IMA_MUST_MEASURE,
&iint->atomic_flags))
send_tomtou = true;
}
+
+ if (iint)
+ iint->flags &= ~IMA_VIOLATION;
} else {
if (must_measure)
set_bit(IMA_MUST_MEASURE, &iint->atomic_flags);
- if (inode_is_open_for_write(inode) && must_measure)
- send_writers = true;
+
+ if (inode_is_open_for_write(inode) && must_measure) {
+ if (!iint)
+ iint = ima_iint_find(inode);
+
+ /* Limit number of open_writers violations */
+ if (iint && !(iint->flags & IMA_VIOLATION)) {
+ send_writers = true;
+ iint->flags |= IMA_VIOLATION;
+ }
+ }
}
if (!send_tomtou && !send_writers)
@@ -268,11 +281,18 @@ static int process_measurement(struct file *file, const struct cred *cred,
mutex_lock(&iint->mutex);
+ /*
+ * Reset the appraisal flags and the policy rule specific flags, if
+ * ima_inode_post_setattr was called.
+ *
+ * Although "open-writers" violations are limited to FILE_CHECK rules,
+ * the flag is not policy rule specific and should not be reset. The
+ * flag prevents superfluous "open-writers" violations.
+ */
if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
- /* reset appraisal flags if ima_inode_post_setattr was called */
iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
- IMA_NONACTION_FLAGS);
+ (IMA_NONACTION_FLAGS & ~IMA_VIOLATION));
/*
* Re-evaulate the file if either the xattr has changed or the
Limit the number of open-writers integrity violation audit messages and records in the IMA measurement list emitted when re-opening a file for read. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 32 +++++++++++++++++++++++++------ 2 files changed, 27 insertions(+), 6 deletions(-)