From patchwork Mon May 6 16:57:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 10931609 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9D2C6912 for ; Mon, 6 May 2019 16:57:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88F7228875 for ; Mon, 6 May 2019 16:57:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 775C028872; Mon, 6 May 2019 16:57:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 136E028872 for ; Mon, 6 May 2019 16:57:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727020AbfEFQ5y (ORCPT ); Mon, 6 May 2019 12:57:54 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55118 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726608AbfEFQ5x (ORCPT ); Mon, 6 May 2019 12:57:53 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x46GqTlZ123403 for ; Mon, 6 May 2019 12:57:52 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0b-001b2d01.pphosted.com with ESMTP id 2saq79n0y8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 May 2019 12:57:52 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 6 May 2019 17:57:50 +0100 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 6 May 2019 17:57:48 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x46GvlVs43843706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 May 2019 16:57:47 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 05750A4059; Mon, 6 May 2019 16:57:47 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 14EB6A4051; Mon, 6 May 2019 16:57:46 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.95.145]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 6 May 2019 16:57:45 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Igor Zhbanov , Jordan Glover , Al Viro , Mimi Zohar Subject: [PATCH 1/3] ima: verify mprotect change is consistent with mmap policy Date: Mon, 6 May 2019 12:57:02 -0400 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> References: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19050616-0028-0000-0000-0000036AE60D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19050616-0029-0000-0000-0000242A5C11 Message-Id: <1557161824-6623-2-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-06_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=786 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905060144 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP IMA can be configured to measure and appraise a file's integrity being mmap'ed execute. Files can be mmap'ed read/write and later changed to execute to circumvent IMA's mmap measurement and appraisal policy rules. To prevent this from happening, this patch similarly calls ima_file_mmap() for mprotect changes. Suggested-by: Stephen Smalley Signed-off-by: Mimi Zohar --- security/security.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 23cbb1a295a3..98ce27933e72 100644 --- a/security/security.c +++ b/security/security.c @@ -1411,7 +1411,12 @@ int security_mmap_addr(unsigned long addr) int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, unsigned long prot) { - return call_int_hook(file_mprotect, 0, vma, reqprot, prot); + int ret; + + ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot); + if (ret) + return ret; + return ima_file_mmap(vma->vm_file, prot); } int security_file_lock(struct file *file, unsigned int cmd) From patchwork Mon May 6 16:57:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 10931613 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9FD891515 for ; Mon, 6 May 2019 16:58:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F56128872 for ; Mon, 6 May 2019 16:58:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 82F6828876; Mon, 6 May 2019 16:58:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2718B28872 for ; Mon, 6 May 2019 16:58:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726608AbfEFQ6J (ORCPT ); Mon, 6 May 2019 12:58:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39576 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726985AbfEFQ5y (ORCPT ); Mon, 6 May 2019 12:57:54 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x46GqQWp176503 for ; Mon, 6 May 2019 12:57:53 -0400 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2saqrh35s8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 May 2019 12:57:53 -0400 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 6 May 2019 17:57:51 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 6 May 2019 17:57:49 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x46Gvmhl62586934 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 May 2019 16:57:48 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19BC9A4040; Mon, 6 May 2019 16:57:48 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 34EC3A404D; Mon, 6 May 2019 16:57:47 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.95.145]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 6 May 2019 16:57:47 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Igor Zhbanov , Jordan Glover , Al Viro , Mimi Zohar Subject: [PATCH 2/3] ima: prevent a file already mmap'ed write to be mmap'ed execute Date: Mon, 6 May 2019 12:57:03 -0400 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> References: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19050616-0008-0000-0000-000002E3DF89 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19050616-0009-0000-0000-0000225058CB Message-Id: <1557161824-6623-3-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-06_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905060144 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The kernel calls deny_write_access() to prevent a file already opened for write from being executed and also prevents files being executed from being opened for write. For some reason this does not extend to files being mmap'ed execute. From an IMA perspective, measuring/appraising the integrity of a file being mmap'ed execute, without first making sure the file cannot be modified, makes no sense. This patch prevents files, in policy, already mmap'ed write, from being mmap'ed execute. Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_main.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 357edd140c09..ae77d13cb43c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -72,6 +72,27 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +/* Prevent mmap'ing a file execute that is already mmap'ed write */ +static int mmap_violation_check(enum ima_hooks func, struct file *file, + char **pathbuf, const char **pathname, + char *filename) +{ + struct inode *inode; + int rc = 0; + + if ((func == MMAP_CHECK) && mapping_writably_mapped(file->f_mapping)) { + rc = -ETXTBSY; + inode = file_inode(file); + + if (!*pathbuf) /* ima_rdwr_violation possibly pre-fetched */ + *pathname = ima_d_path(&file->f_path, pathbuf, + filename); + integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, *pathname, + "mmap_file", "mmapped_writers", rc, 0); + } + return rc; +} + /* * ima_rdwr_violation_check * @@ -270,8 +291,12 @@ static int process_measurement(struct file *file, const struct cred *cred, /* Nothing to do, just return existing appraised status */ if (!action) { - if (must_appraise) - rc = ima_get_cache_status(iint, func); + if (must_appraise) { + rc = mmap_violation_check(func, file, &pathbuf, + &pathname, filename); + if (!rc) + rc = ima_get_cache_status(iint, func); + } goto out_locked; } @@ -298,6 +323,9 @@ static int process_measurement(struct file *file, const struct cred *cred, rc = ima_appraise_measurement(func, iint, file, pathname, xattr_value, xattr_len); inode_unlock(inode); + + rc = mmap_violation_check(func, file, &pathbuf, &pathname, + filename); } if (action & IMA_AUDIT) ima_audit_measurement(iint, pathname); From patchwork Mon May 6 16:57:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 10931611 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C1CF41515 for ; Mon, 6 May 2019 16:58:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFCFA28872 for ; Mon, 6 May 2019 16:58:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A2B4228876; Mon, 6 May 2019 16:58:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B510C28875 for ; Mon, 6 May 2019 16:58:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727125AbfEFQ54 (ORCPT ); Mon, 6 May 2019 12:57:56 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39950 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727036AbfEFQ54 (ORCPT ); Mon, 6 May 2019 12:57:56 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x46Gs5PK113574 for ; Mon, 6 May 2019 12:57:55 -0400 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 2saqwntrhv-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 May 2019 12:57:54 -0400 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 6 May 2019 17:57:52 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 6 May 2019 17:57:50 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x46Gvnvl52756698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 May 2019 16:57:49 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1C92DA404D; Mon, 6 May 2019 16:57:49 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 47DDBA4051; Mon, 6 May 2019 16:57:48 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.95.145]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 6 May 2019 16:57:48 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Igor Zhbanov , Jordan Glover , Al Viro , Mimi Zohar Subject: [PATCH 3/3] ima: prevent a file already mmap'ed read|execute to be mmap'ed write Date: Mon, 6 May 2019 12:57:04 -0400 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> References: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19050616-0012-0000-0000-00000318E37A X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19050616-0013-0000-0000-000021515D84 Message-Id: <1557161824-6623-4-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-06_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905060144 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The kernel calls deny_write_access() to prevent a file already opened for write from being executed and also prevents files being executed from being opened for write. For some reason this does not extend to files being mmap'ed execute. This patch prevents allowing a file in policy, already mmap'ed read|execute or read, from being mmap'ed shared write. It should differentiate between read|execute and read. Signed-off-by: Mimi Zohar --- include/linux/ima.h | 6 ++++-- security/integrity/ima/ima_main.c | 21 ++++++++++++++++++++- security/security.c | 4 ++-- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index dc12fbcf484c..04444895b4f2 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -20,7 +20,8 @@ extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct inode *inode); extern void ima_file_free(struct file *file); -extern int ima_file_mmap(struct file *file, unsigned long prot); +extern int ima_file_mmap(struct file *file, unsigned long prot, + unsigned long flags); extern int ima_load_data(enum kernel_load_data_id id); extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, @@ -66,7 +67,8 @@ static inline void ima_file_free(struct file *file) return; } -static inline int ima_file_mmap(struct file *file, unsigned long prot) +static inline int ima_file_mmap(struct file *file, unsigned long prot, + unsigned long flags) { return 0; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index ae77d13cb43c..d13e4efa8599 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -354,6 +354,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * ima_file_mmap - based on policy, collect/store measurement. * @file: pointer to the file to be measured (May be NULL) * @prot: contains the protection that will be applied by the kernel. + * @flags: * * Measure files being mmapped executable based on the ima_must_measure() * policy decision. @@ -361,8 +362,9 @@ static int process_measurement(struct file *file, const struct cred *cred, * On success return 0. On integrity appraisal error, assuming the file * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ -int ima_file_mmap(struct file *file, unsigned long prot) +int ima_file_mmap(struct file *file, unsigned long prot, unsigned long flags) { + struct inode *inode; u32 secid; if (file && (prot & PROT_EXEC)) { @@ -371,6 +373,23 @@ int ima_file_mmap(struct file *file, unsigned long prot) 0, MAY_EXEC, MMAP_CHECK); } + /* + * Prevent a file, in policy, mapped read|execute, from being mapped + * write shared. (Should differentiate between read and read|execute.) + */ + if (file && (prot & PROT_WRITE) && ((flags & MAP_TYPE) == MAP_SHARED) && + mapping_mapped(file->f_mapping) && + !mapping_writably_mapped(file->f_mapping)) { + inode = file_inode(file); + + if (!ima_must_appraise(inode, MAY_ACCESS, MMAP_CHECK)) + return 0; + + integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, + file_dentry(file)->d_iname, + "mmap_file", "mmapped_readers", -EACCES, 0); + return -EACCES; + } return 0; } diff --git a/security/security.c b/security/security.c index 98ce27933e72..e64d9c5b2e1a 100644 --- a/security/security.c +++ b/security/security.c @@ -1400,7 +1400,7 @@ int security_mmap_file(struct file *file, unsigned long prot, mmap_prot(file, prot), flags); if (ret) return ret; - return ima_file_mmap(file, prot); + return ima_file_mmap(file, prot, flags); } int security_mmap_addr(unsigned long addr) @@ -1416,7 +1416,7 @@ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot); if (ret) return ret; - return ima_file_mmap(vma->vm_file, prot); + return ima_file_mmap(vma->vm_file, prot, 0); } int security_file_lock(struct file *file, unsigned int cmd)