From patchwork Thu Oct 31 01:19:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220501 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9F85D912 for ; Thu, 31 Oct 2019 01:19:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7121C20862 for ; Thu, 31 Oct 2019 01:19:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="g7lu73QS" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726554AbfJaBTR (ORCPT ); Wed, 30 Oct 2019 21:19:17 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34404 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726316AbfJaBTR (ORCPT ); Wed, 30 Oct 2019 21:19:17 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id B0CB22010AC0; Wed, 30 Oct 2019 18:19:16 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B0CB22010AC0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484756; bh=RqMz75eioSPQPfWpUYryf90rJHg/WjOPYhEZZl7VA8U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g7lu73QSWsjqmDPwqqNimRTunhhlVKf5Rp4COY+BU9Ybmcem+q4On7oOhJZ7ePvTz iuQj3HMspram5CCthGBj0zoS6W/pyMLv1tYbt7r0dFI2YtKgbTED+s9z4qXWO1jS8w 914I0vofydvtlGiInXeChrf25Xm5c33kiRy6O1Qw= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update Date: Wed, 30 Oct 2019 18:19:02 -0700 Message-Id: <20191031011910.2574-2-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Asymmetric keys used for verifying file signatures or certificates are currently not included in the IMA measurement list. This patch defines a new IMA hook namely ima_post_key_create_or_update() to measure asymmetric keys. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_main.c | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 997a57137351..22d0628faf56 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -21,6 +21,8 @@ #include #include #include +#include +#include #include "../integrity.h" diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 492b8f241d39..18e1bc105be7 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -635,6 +635,9 @@ void process_buffer_measurement(const void *buf, int size, int action = 0; u32 secid; + if (!ima_policy_flag) + return; + if (func) { security_task_getsecid(current, &secid); action = ima_get_action(NULL, current_cred(), secid, 0, func, @@ -695,6 +698,29 @@ void ima_kexec_cmdline(const void *buf, int size) } } +/** + * ima_post_key_create_or_update - measure asymmetric keys + * @keyring: keyring to which the key is linked to + * @key: created or updated key + * @flags: key flags + * @create: flag indicating whether the key was created or updated + * + * Keys can only be measured, not appraised. + */ +void ima_post_key_create_or_update(struct key *keyring, struct key *key, + unsigned long flags, bool create) +{ + const struct public_key *pk; + + if (key->type != &key_type_asymmetric) + return; + + pk = key->payload.data[asym_crypto]; + process_buffer_measurement(pk->key, pk->keylen, + keyring->description, + NONE, 0); +} + static int __init init_ima(void) { int error; From patchwork Thu Oct 31 01:19:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220533 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F3E041709 for ; Thu, 31 Oct 2019 01:19:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D270D2087F for ; Thu, 31 Oct 2019 01:19:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="BcqWxn18" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726538AbfJaBTz (ORCPT ); Wed, 30 Oct 2019 21:19:55 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34418 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726411AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id DC23F20B4902; Wed, 30 Oct 2019 18:19:16 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com DC23F20B4902 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=ZRFpbgsDbjA1XcnoStH4tyuW3IfSbLxQM+i2Js18XJU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BcqWxn18jquwKg2h8QjAPd1AX6sd7RAixafXpPaRmtZ1XjIbazhBQMLOY+JBIIoEZ 6r1VttW6DW957PbX2g4NA9d5QasQl87tO6YM9SVYLFSvaM+N+JTaQe9L5BKlOZIgVQ K3ioxg55/QHcv1C+u01SbvJvoQCY3MApNsHVwlVw= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 2/9] KEYS: Defined functions to queue and dequeue keys for measurement Date: Wed, 30 Oct 2019 18:19:03 -0700 Message-Id: <20191031011910.2574-3-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Key measurements cannot be done if the IMA hook to measure keys is called before IMA is initialized. Key measurement needs to be deferred if IMA is not yet initialized. Queued keys need to be processed when IMA initialization is completed. This patch defines functions to queue and de-queue keys for measurement. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 12 ++++ security/integrity/ima/ima_queue.c | 92 ++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 22d0628faf56..b9600070e415 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -198,6 +198,16 @@ enum ima_hooks { __ima_hooks(__ima_hook_enumify) }; +/* + * To track keys that need to be measured. + */ +struct ima_measure_key_entry { + struct list_head list; + void *public_key; + u32 public_key_len; + char *keyring_name; +}; + /* LIM API function definitions */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, @@ -224,6 +234,8 @@ int ima_store_template(struct ima_template_entry *entry, int violation, const unsigned char *filename, int pcr); void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); +int ima_queue_key_for_measurement(struct key *keyring, struct key *key); +void ima_measure_queued_keys(void); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 1ce8b1701566..f2503f10abf4 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -46,6 +46,12 @@ struct ima_h_table ima_htable = { */ static DEFINE_MUTEX(ima_extend_list_mutex); +/* + * To synchronize access to the list of keys that need to be measured + */ +static DEFINE_MUTEX(ima_measure_keys_mutex); +static LIST_HEAD(ima_measure_keys); + /* lookup up the digest value in the hash table, and return the entry */ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value, int pcr) @@ -232,3 +238,89 @@ int __init ima_init_digests(void) return 0; } + +static void ima_free_measure_key_entry(struct ima_measure_key_entry *entry) +{ + if (entry != NULL) { + if (entry->public_key != NULL) + kzfree(entry->public_key); + if (entry->keyring_name != NULL) + kzfree(entry->keyring_name); + kzfree(entry); + } +} + +static struct ima_measure_key_entry *ima_alloc_measure_key_entry( + struct key *keyring, + struct key *key) +{ + int rc = 0; + const struct public_key *pk; + size_t keyring_name_len; + struct ima_measure_key_entry *entry = NULL; + + pk = key->payload.data[asym_crypto]; + keyring_name_len = strlen(keyring->description) + 1; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); + if (entry != NULL) { + entry->public_key = kzalloc(pk->keylen, GFP_KERNEL); + entry->keyring_name = + kzalloc(keyring_name_len, GFP_KERNEL); + } + + if ((entry == NULL) || (entry->public_key == NULL) || + (entry->keyring_name == NULL)) { + rc = -ENOMEM; + goto out; + } + + strcpy(entry->keyring_name, keyring->description); + memcpy(entry->public_key, pk->key, pk->keylen); + entry->public_key_len = pk->keylen; + rc = 0; + +out: + if (rc) { + ima_free_measure_key_entry(entry); + entry = NULL; + } + + return entry; +} + +int ima_queue_key_for_measurement(struct key *keyring, struct key *key) +{ + int rc = 0; + struct ima_measure_key_entry *entry = NULL; + + mutex_lock(&ima_measure_keys_mutex); + + entry = ima_alloc_measure_key_entry(keyring, key); + if (entry != NULL) { + INIT_LIST_HEAD(&entry->list); + list_add_tail(&entry->list, &ima_measure_keys); + } else + rc = -ENOMEM; + + mutex_unlock(&ima_measure_keys_mutex); + + return rc; +} + +void ima_measure_queued_keys(void) +{ + struct ima_measure_key_entry *entry, *tmp; + + mutex_lock(&ima_measure_keys_mutex); + + list_for_each_entry_safe(entry, tmp, &ima_measure_keys, list) { + process_buffer_measurement(entry->public_key, + entry->public_key_len, + entry->keyring_name, + NONE, 0); + list_del(&entry->list); + ima_free_measure_key_entry(entry); + } + + mutex_unlock(&ima_measure_keys_mutex); +} From patchwork Thu Oct 31 01:19:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220523 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 067EE1709 for ; Thu, 31 Oct 2019 01:19:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D7EDD2087F for ; Thu, 31 Oct 2019 01:19:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="AyzQn2hR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726950AbfJaBTo (ORCPT ); Wed, 30 Oct 2019 21:19:44 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34428 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726538AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 12B5A20B4903; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 12B5A20B4903 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=Yt7zvROV2WRfOD8Z9HJCq2ITyurhwXk4qzuAU0jlehg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AyzQn2hRMfh6Qz2mX5up1n0lUe0dYU8hgo5DyJD9VNUfMPfWLr/2SjkMY6F7RiQkn 7hCIlp4rCiBrVyAsUoOKXEIkuWKzzisX/zgPe7/MMPmoNm4hzovtmIhihJeEzoVLqO MmI/YId1p1jFBJPhzk2MrKHg0ocHJM7eJphz/CTA= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 3/9] KEYS: Added KEYRING_CHECK policy for key measurement Date: Wed, 30 Oct 2019 18:19:04 -0700 Message-Id: <20191031011910.2574-4-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org An IMA policy to manage measurement of keys is not supported. A new IMA policy is needed to manage the measurement of keys. A policy option is also needed to allow measurement of keys linked to a given set of keyrings only. This patch defines KEYRING_CHECK and keyrings in IMA policy for this purpose. KEYRING_CHECK can be added in the IMA policy to measure keys. keyrings can be, optionally, set to only measure keys added or updated to a given set of keyrings. If keyrings is not specified for KEYRING_CHECK, keys added or updated in all keyrings are measured. Signed-off-by: Lakshmi Ramasubramanian --- Documentation/ABI/testing/ima_policy | 15 +++++++++++++++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 2 +- security/integrity/ima/ima_policy.c | 2 +- security/integrity/ima/ima_queue.c | 2 +- 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index fc376a323908..757faf1a1a27 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -25,10 +25,12 @@ Description: lsm: [[subj_user=] [subj_role=] [subj_type=] [obj_user=] [obj_role=] [obj_type=]] option: [[appraise_type=]] [template=] [permit_directio] + [keyrings=] base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] [KEXEC_CMDLINE] + [KEYRING_CHECK] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value @@ -38,6 +40,9 @@ Description: fowner:= decimal value lsm: are LSM specific option: appraise_type:= [imasig] + keyrings: = list of keyrings to measure + (eg, .builtin_trusted_keys|.ima). Only valid + when action is "measure" and func is KEYRING_CHECK. template:= name of a defined IMA template type (eg, ima-ng). Only valid when action is "measure". pcr:= decimal value @@ -105,3 +110,13 @@ Description: measure func=KEXEC_KERNEL_CHECK pcr=4 measure func=KEXEC_INITRAMFS_CHECK pcr=5 + + Example of measure rules using KEYRING_CHECK + To measure keys added to + .builtin_trusted_keys or .ima keyring: + + measure func=KEYRING_CHECK keyrings=.builtin_trusted_keys|.ima + + To measure keys added to all keyrings: + + measure func=KEYRING_CHECK diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index b9600070e415..12e9ec6847b5 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -191,6 +191,7 @@ static inline unsigned long ima_hash_key(u8 *digest) hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ hook(KEXEC_CMDLINE) \ + hook(KEYRING_CHECK) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 18e1bc105be7..72ae0878ec5d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -718,7 +718,7 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, pk = key->payload.data[asym_crypto]; process_buffer_measurement(pk->key, pk->keylen, keyring->description, - NONE, 0); + KEYRING_CHECK, 0); } static int __init init_ima(void) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 6df7f641ff66..0cc49f2d5233 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -370,7 +370,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, { int i; - if (func == KEXEC_CMDLINE) { + if ((func == KEXEC_CMDLINE) || (func == KEYRING_CHECK)) { if ((rule->flags & IMA_FUNC) && (rule->func == func)) return true; return false; diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index f2503f10abf4..5625381c5a97 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -317,7 +317,7 @@ void ima_measure_queued_keys(void) process_buffer_measurement(entry->public_key, entry->public_key_len, entry->keyring_name, - NONE, 0); + KEYRING_CHECK, 0); list_del(&entry->list); ima_free_measure_key_entry(entry); } From patchwork Thu Oct 31 01:19:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220537 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A820C912 for ; Thu, 31 Oct 2019 01:20:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 79D312087E for ; Thu, 31 Oct 2019 01:20:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="W4xoXvW7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726268AbfJaBT7 (ORCPT ); Wed, 30 Oct 2019 21:19:59 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34438 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726540AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 38EF620B4904; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 38EF620B4904 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=XlQLoUx/R/OlQ6F/D8Ody7ZjhmjwsfFRD9rGHtKdnZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W4xoXvW7Jef9sPGEsiw9ByZaydA07Uth+2dkpPRx8ES94qbzco6NK2hmqRE1FhjjT xeDXD9oDFJhRYL6aBME+Rl80JAQmSZJnd8M1OBNyx+MX8Ks4WxHY0D0D+ClF1rrU3p oDddkpdz0/TWT5H73xMW9++DaW9/5qNBxrgPU/0Q= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 4/9] KEYS: Updated IMA policy functions for handling key measurement Date: Wed, 30 Oct 2019 18:19:05 -0700 Message-Id: <20191031011910.2574-5-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Information regarding what keyrings need to be measured is missing. A new field in the IMA policy, namely, keyrings is added to convey what keyrings need to be measured. This patch updates the IMA function to retrieve keyrings from the policy. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 6 ++-- security/integrity/ima/ima_api.c | 3 +- security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_policy.c | 40 +++++++++++++++++++++++++-- 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 12e9ec6847b5..3539a159a7ac 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -240,8 +240,10 @@ void ima_measure_queued_keys(void); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, - struct ima_template_desc **template_desc); + enum ima_hooks func, int mask, + int flags, int *pcr, + struct ima_template_desc **template_desc, + char **keyrings); void ima_init_policy(void); void ima_update_policy(void); void ima_update_policy_flag(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index f614e22bf39f..f488d1cead79 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -175,6 +175,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK * | KEXEC_CMDLINE + * | KEYRING_CHECK * mask: contains the permission mask * fsmagic: hex value * @@ -190,7 +191,7 @@ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, flags &= ima_policy_flag; return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, - template_desc); + template_desc, NULL); } /* diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 89b83194d1dc..5bed19be0f6a 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -54,7 +54,7 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) security_task_getsecid(current, &secid); return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL); + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 0cc49f2d5233..b972a32ccb1b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -31,6 +31,7 @@ #define IMA_EUID 0x0080 #define IMA_PCR 0x0100 #define IMA_FSNAME 0x0200 +#define IMA_KEYRINGS 0x0400 #define UNKNOWN 0 #define MEASURE 0x0001 /* same as IMA_MEASURE */ @@ -76,6 +77,7 @@ struct ima_rule_entry { int type; /* audit type */ } lsm[MAX_LSM_RULES]; char *fsname; + char *keyrings; /* Keyrings to measure */ struct ima_template_desc *template; }; @@ -476,6 +478,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend * @template_desc: the template that should be used for this rule + * @keyrings: keyrings for this rule, if specified * * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) * conditions. @@ -486,7 +489,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) */ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, enum ima_hooks func, int mask, int flags, int *pcr, - struct ima_template_desc **template_desc) + struct ima_template_desc **template_desc, + char **keyrings) { struct ima_rule_entry *entry; int action = 0, actmask = flags | (flags << 1); @@ -518,6 +522,9 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if ((pcr) && (entry->flags & IMA_PCR)) *pcr = entry->pcr; + if ((keyrings) && (entry->flags & IMA_KEYRINGS)) + *keyrings = entry->keyrings; + if (template_desc && entry->template) *template_desc = entry->template; else if (template_desc) @@ -761,7 +768,7 @@ enum { Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt, Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, Opt_appraise_type, Opt_permit_directio, - Opt_pcr, Opt_template, Opt_err + Opt_pcr, Opt_template, Opt_keyrings, Opt_err }; static const match_table_t policy_tokens = { @@ -796,6 +803,7 @@ static const match_table_t policy_tokens = { {Opt_permit_directio, "permit_directio"}, {Opt_pcr, "pcr=%s"}, {Opt_template, "template=%s"}, + {Opt_keyrings, "keyrings=%s"}, {Opt_err, NULL} }; @@ -959,6 +967,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) entry->func = POLICY_CHECK; else if (strcmp(args[0].from, "KEXEC_CMDLINE") == 0) entry->func = KEXEC_CMDLINE; + else if (strcmp(args[0].from, "KEYRING_CHECK") == 0) + entry->func = KEYRING_CHECK; else result = -EINVAL; if (!result) @@ -1011,6 +1021,23 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) result = 0; entry->flags |= IMA_FSNAME; break; + case Opt_keyrings: + ima_log_string(ab, "keyrings", args[0].from); + + if ((entry->keyrings) || + (entry->action != MEASURE) || + (entry->func != KEYRING_CHECK)) { + result = -EINVAL; + break; + } + entry->keyrings = kstrdup(args[0].from, GFP_KERNEL); + if (!entry->keyrings) { + result = -ENOMEM; + break; + } + result = 0; + entry->flags |= IMA_KEYRINGS; + break; case Opt_fsuuid: ima_log_string(ab, "fsuuid", args[0].from); @@ -1371,6 +1398,15 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, " "); } + if (entry->flags & IMA_KEYRINGS) { + if (entry->keyrings != NULL) + snprintf(tbuf, sizeof(tbuf), "%s", entry->keyrings); + else + snprintf(tbuf, sizeof(tbuf), "%s", "All keyrings"); + seq_printf(m, pt(Opt_keyrings), tbuf); + seq_puts(m, " "); + } + if (entry->flags & IMA_PCR) { snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); seq_printf(m, pt(Opt_pcr), tbuf); From patchwork Thu Oct 31 01:19:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220509 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6627817D5 for ; Thu, 31 Oct 2019 01:19:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 457B420874 for ; Thu, 31 Oct 2019 01:19:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="jATu4MK3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726709AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34448 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726575AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 5FBE820B4905; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5FBE820B4905 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=jKdr0i575psSffuW6tVfQvBwkPEFTHm7RfRhZzLOb6E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jATu4MK3A3ylU/E0k6trxZ3oQMU+wLM3JPimqzDIgTWagtcvPK1v3mF/e3EO3D8+m O06pnP+RjDLzc9m3jSCh/5QlAViOCiwZ1XBgn8hu+/v8rMOyTaiq0dOrittY/NC2FF jegrwioZDYptNcu+16Raeig/XrOltXXA5ZV3I0tk= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 5/9] KEYS: Updated ima_get_action() to return keyrings if specified in the policy Date: Wed, 30 Oct 2019 18:19:06 -0700 Message-Id: <20191031011910.2574-6-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Information regarding what keyrings need to be measured is missing. ima_get_action() needs to retrieve the keyrings, if specified for KEYRING_CHECK. This patch adds a new out parameter to ima_get_action() to return keyrings read from the policy. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 3 ++- security/integrity/ima/ima_api.c | 6 ++++-- security/integrity/ima/ima_main.c | 8 ++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3539a159a7ac..ded78af94e69 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -212,7 +212,8 @@ struct ima_measure_key_entry { /* LIM API function definitions */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc); + struct ima_template_desc **template_desc, + char **keyrings); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, struct file *file, void *buf, loff_t size, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index f488d1cead79..77ac076672e1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -169,6 +169,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @func: caller identifier * @pcr: pointer filled in if matched measure policy sets pcr= * @template_desc: pointer filled in if matched measure policy sets template= + * @keyrings: pointer filled in if matched measure policy sets keyrings= * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= @@ -184,14 +185,15 @@ void ima_add_violation(struct file *file, const unsigned char *filename, */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc) + struct ima_template_desc **template_desc, + char **keyrings) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, - template_desc, NULL); + template_desc, keyrings); } /* diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 72ae0878ec5d..cbc7de87106f 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -214,7 +214,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * Included is the appraise submask. */ action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc); + &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -627,6 +627,7 @@ void process_buffer_measurement(const void *buf, int size, .buf = buf, .buf_len = size}; struct ima_template_desc *template = NULL; + char *keyrings = NULL; struct { struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; @@ -641,11 +642,14 @@ void process_buffer_measurement(const void *buf, int size, if (func) { security_task_getsecid(current, &secid); action = ima_get_action(NULL, current_cred(), secid, 0, func, - &pcr, &template); + &pcr, &template, &keyrings); if (!(action & IMA_MEASURE)) return; } + if (keyrings != NULL) + keyrings = NULL; + if (!pcr) pcr = CONFIG_IMA_MEASURE_PCR_IDX; From patchwork Thu Oct 31 01:19:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220505 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BBF0F912 for ; Thu, 31 Oct 2019 01:19:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9B37B2087F for ; Thu, 31 Oct 2019 01:19:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="ml5mkmNn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726314AbfJaBT3 (ORCPT ); Wed, 30 Oct 2019 21:19:29 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34450 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726584AbfJaBTT (ORCPT ); Wed, 30 Oct 2019 21:19:19 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 86D6820B4906; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 86D6820B4906 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=VSY0Vw8UdX9CVrIZ/u88NW9hTh80xgwP33AQrmg1Ing=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ml5mkmNn5GOlufTSuXQMdln2F9es/3GxfYr9Tz1rGMVzMEucBUaY98Goa1TNOPTWt gMeDzzSmx6ZW3MTAFb5Qenw9xFr0qGBqrkEK0cQ/2TOCA3bL9QPFcu4az0Oghf2Po+ OT+DJ7PUpVzxdlUhKq9liUEWzYGaE/FIh2ANA2kk= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 6/9] KEYS: Measure key if the IMA policy allows measurement for the given keyring Date: Wed, 30 Oct 2019 18:19:07 -0700 Message-Id: <20191031011910.2574-7-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org process_buffer_measurement() does not know which keyring the given key is being linked to. It needs the keyring name to determine whether or not the given key needs to be measured. This patch adds a new parameter "keyring" to process_buffer_measurement() to convey which keyring the given key is linked to. If KEYRING_CHECK alone is set in the policy, all keys are measured. If a list of keyrings is also specified in the policy then only keys linked to those keyrings will be measured. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_main.c | 24 +++++++++++++++++++----- security/integrity/ima/ima_queue.c | 3 ++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index ded78af94e69..f8bf5c24e0d0 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -225,7 +225,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct ima_template_desc *template_desc); void process_buffer_measurement(const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr); + int pcr, const char *keyring); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cbc7de87106f..bd835ec89ead 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -612,12 +612,22 @@ int ima_load_data(enum kernel_load_data_id id) * @eventname: event name to be used for the buffer entry. * @func: IMA hook * @pcr: pcr to extend the measurement + * @keyring: keyring for the measurement + * + * The following scenarios are possible with respect to + * the parameter "keyring": + * 1, keyring is NULL. In this case buffer is measured. + * 2, keyring is not NULL, but ima_get_action returned + * a NULL keyrings. In this case also the buffer is measured. + * 3, keyring is not NULL and ima_get_action returned + * a non-NULL keyrings. In this case measure the buffer + * only if the given keyring is present in the keyrings. * * Based on policy, the buffer is measured into the ima log. */ void process_buffer_measurement(const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr) + int pcr, const char *keyring) { int ret = 0; struct ima_template_entry *entry = NULL; @@ -647,8 +657,10 @@ void process_buffer_measurement(const void *buf, int size, return; } - if (keyrings != NULL) - keyrings = NULL; + if ((keyring != NULL) && (keyrings != NULL) + && (strstr(keyrings, keyring) == NULL)) { + return; + } if (!pcr) pcr = CONFIG_IMA_MEASURE_PCR_IDX; @@ -698,7 +710,8 @@ void ima_kexec_cmdline(const void *buf, int size) { if (buf && size != 0) { process_buffer_measurement(buf, size, "kexec-cmdline", - KEXEC_CMDLINE, 0); + KEXEC_CMDLINE, 0, + NULL); } } @@ -722,7 +735,8 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, pk = key->payload.data[asym_crypto]; process_buffer_measurement(pk->key, pk->keylen, keyring->description, - KEYRING_CHECK, 0); + KEYRING_CHECK, 0, + keyring->description); } static int __init init_ima(void) diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 5625381c5a97..805dcacb48e6 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -317,7 +317,8 @@ void ima_measure_queued_keys(void) process_buffer_measurement(entry->public_key, entry->public_key_len, entry->keyring_name, - KEYRING_CHECK, 0); + KEYRING_CHECK, 0, + entry->keyring_name); list_del(&entry->list); ima_free_measure_key_entry(entry); } From patchwork Thu Oct 31 01:19:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220519 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F3FE3912 for ; Thu, 31 Oct 2019 01:19:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C85CC208C0 for ; Thu, 31 Oct 2019 01:19:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="MUXZUoJj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726345AbfJaBTf (ORCPT ); Wed, 30 Oct 2019 21:19:35 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34474 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726656AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id AD5CB20B4907; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com AD5CB20B4907 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=jKCw7ecMxlLW55Hvso0B/oH0r+YVuf8aJi5MmMxfj2o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MUXZUoJjd42BGBah7hX3+OiQqMXaK/ioKWbjLZ/T0RhMvbNAF1+pu0kiECQZLqQrK Nfc9DmX+tUqIBddrPT4Hx5TwXWaEEBdZvGjK0wIPw11s9Wcgiq6n/SBk4lBjLpO4LT 9T0vn+kFkE4cOK/h5OcXQrebaxOEiTvlrYl/Ig9o= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 7/9] KEYS: Queue key for measurement if IMA is not yet initialized. Measure queued keys when IMA initialization is completed Date: Wed, 30 Oct 2019 18:19:08 -0700 Message-Id: <20191031011910.2574-8-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Keys need to be queued when the IMA hook to measure keys is called before IMA is initialized. Keys queued for measurement need to be processed when IMA initialization is completed. This patch adds the call to queue and de-queue keys for measurement. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_init.c | 7 ++++++- security/integrity/ima/ima_main.c | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 5d55ade5f3b9..91eaa5f2d008 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -131,5 +131,10 @@ int __init ima_init(void) ima_init_policy(); - return ima_fs_init(); + rc = ima_fs_init(); + if (rc != 0) + return rc; + + ima_measure_queued_keys(); + return 0; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index bd835ec89ead..2ad05563542c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -732,6 +732,11 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, if (key->type != &key_type_asymmetric) return; + if (!ima_policy_flag) { + ima_queue_key_for_measurement(keyring, key); + return; + } + pk = key->payload.data[asym_crypto]; process_buffer_measurement(pk->key, pk->keylen, keyring->description, From patchwork Thu Oct 31 01:19:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220515 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2B5F9912 for ; Thu, 31 Oct 2019 01:19:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 090DB2087F for ; Thu, 31 Oct 2019 01:19:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="g9+j14v2" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726859AbfJaBTf (ORCPT ); Wed, 30 Oct 2019 21:19:35 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34476 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726650AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id D4E3C20B4908; Wed, 30 Oct 2019 18:19:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D4E3C20B4908 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484757; bh=NrzLIoduZG0xLmcBn5wdB+MoVcXmuYzqcWG35CXtXSc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g9+j14v2JuNo8dzZv8oJyLtyVuqk6oWW8UcVF2rw2+MK6RhmZPCYapWNYoMKZ9LTZ dsXxGEuZkHObRyb1/7+Is+9mOpdvdwiZ/jqSPL+OASEjy9nhsmO9Ld81nIcVhKOtw3 qyXtzy31+zw6ehHa+SqSDWLBQdFfnbCesEu9NcGY= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 8/9] KEYS: Added a boolean flag for IMA initialization status. Date: Wed, 30 Oct 2019 18:19:09 -0700 Message-Id: <20191031011910.2574-9-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA hook does not know whether a key can be measured right away or the key needs to be queued to be measured at a later time. This patch defines a flag to indicate the IMA initialization status. IMA hook will use this flag to determine if a key can be measured right away or the key needs to be queued to be measured at a later time. ima_policy_flag cannot be relied upon for knowing IMA initialization status because ima_policy_flag will be set to 0 when either IMA is not initialized or the IMA policy itself is empty. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_init.c | 3 +++ security/integrity/ima/ima_main.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f8bf5c24e0d0..5abc5a0b4591 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -54,6 +54,7 @@ extern int ima_policy_flag; extern int ima_hash_algo; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern bool ima_initialized; /* IMA event related data */ struct ima_event_data { diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 91eaa5f2d008..8734ed5322c7 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -23,6 +23,7 @@ /* name for boot aggregate entry */ static const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; +bool ima_initialized; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. @@ -135,6 +136,8 @@ int __init ima_init(void) if (rc != 0) return rc; + ima_initialized = true; + ima_measure_queued_keys(); return 0; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2ad05563542c..e4c5e7150611 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -732,7 +732,7 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, if (key->type != &key_type_asymmetric) return; - if (!ima_policy_flag) { + if (!ima_initialized) { ima_queue_key_for_measurement(keyring, key); return; } From patchwork Thu Oct 31 01:19:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11220521 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CEEE4912 for ; Thu, 31 Oct 2019 01:19:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AD7A7208E3 for ; Thu, 31 Oct 2019 01:19:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="cOBkoTcy" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726945AbfJaBTo (ORCPT ); Wed, 30 Oct 2019 21:19:44 -0400 Received: from linux.microsoft.com ([13.77.154.182]:34490 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726675AbfJaBTS (ORCPT ); Wed, 30 Oct 2019 21:19:18 -0400 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 07E9520B4909; Wed, 30 Oct 2019 18:19:18 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 07E9520B4909 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1572484758; bh=OmpAzjnJ/nj/UbF+W79M2ah1WZCUvBkzqdH43tv+ZxQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cOBkoTcyx9A1UVXfYeuGsU1IDnsUhOMbwjGSQ650wPYPEMm0Unq2X5uZY0/KvhLcK cnNZhWYNaZIAUzXLHcvmxJF5YBs2E3o8phnGAvXJBYdYzvrtABb2AM/IWwWF8dU6MJ WKzzEi4dSMaMmHCUfF7IDS+crZg2idoKBaL/KELI= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Cc: prsriva@linux.microsoft.com Subject: [PATCH v3 9/9] KEYS: Call the IMA hook to measure key when a new key is created or an existing key is updated Date: Wed, 30 Oct 2019 18:19:10 -0700 Message-Id: <20191031011910.2574-10-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191031011910.2574-1-nramas@linux.microsoft.com> References: <20191031011910.2574-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org key_create_or_update function needs to call the IMA hook to measure the key when a new key is created or an existing key is updated. This patch adds the call to the IMA hook from key_create_or_update function. Signed-off-by: Lakshmi Ramasubramanian --- include/linux/ima.h | 7 +++++++ security/keys/key.c | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/include/linux/ima.h b/include/linux/ima.h index a20ad398d260..f085f1c6ef34 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -24,6 +24,9 @@ extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); extern void ima_kexec_cmdline(const void *buf, int size); +extern void ima_post_key_create_or_update(struct key *keyring, + struct key *key, + unsigned long flags, bool create); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); @@ -91,6 +94,10 @@ static inline void ima_post_path_mknod(struct dentry *dentry) } static inline void ima_kexec_cmdline(const void *buf, int size) {} +static inline void ima_post_key_create_or_update(struct key *keyring, + struct key *key, + unsigned long flags, + bool create) {} #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/keys/key.c b/security/keys/key.c index 764f4c57913e..7c39054d8da6 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include "internal.h" @@ -936,6 +937,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_link_end; } + /* let the ima module know about the created key. */ + ima_post_key_create_or_update(keyring, key, flags, true); + key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); error_link_end: @@ -965,6 +969,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, } key_ref = __key_update(key_ref, &prep); + if (!IS_ERR(key_ref)) { + /* let the ima module know about the updated key. */ + ima_post_key_create_or_update(keyring, key, flags, false); + } + goto error_free_prep; } EXPORT_SYMBOL(key_create_or_update);